Course Code: CIS 4403 Course Name: Cloud Computing

Assessment Name: Team Project Percentage of total course grade: 25%

Submission Due Date: Oral Defense: During Week 14
CLOs: 1,2,3,4
Deadline to submit: 23/04/2023

Student Name/ID: Student Signature:

1. 1.
2. 2.
3. 3.
4. 4.

Instructor Name: Dr. Basel Magableh

Total Number of Pages:
Project Deliverables
Instructions to students:
24, Including cover page
Project Report in MS Word, and Print screenshots (step by step) of the
Implementation in MS word Document.
 This is a team project assignment of three to four students.
 The project consists of three parts:
Part 1: Project Report in MS Word document (5%)
Part 2: Implementation of a service on Amazon Cloud (EMR)/Other (45%)
Part 3: Individual Team Project Presentation - Oral Defense (50%)

Academic Honesty Statement

In accordance with HCT policy LP201- Academic Honesty
• Students are required to refrain from all forms of academic dishonesty as defined and explained in HCT
procedures and directions from HCT personnel.
• A student found guilty of having committed acts of academic dishonesty may be subject to one or more
of the disciplinary measures as outlined in Article 33 of the Student and Academic Regulations.
‫إفادة األمانة األكاديمية‬
‫ األمانة األكاديمية‬LP201 - ‫وفًقا لسياسة كليات التقنية العليا‬
‫ كما هو مبّين وموضح في السياسات واإلجراءات الخاصة بكليات‬،‫• ُيطلب من الطلبة االمتناع عن كافة أشكال سوء األمانة األكاديمية‬
.‫ والتوجيهات الصادرة من موظفي الكليات‬،‫التقنية العليا‬
‫• في حالة ارتكاب الطالب أي شكل من أشكال سوء األمانة األكاديمية سوف يتعرض الى واحد أو أكثر من التدابير التأديبية على النحو‬
.‫ من األنظمة األكاديمية‬33 ‫المبين في المادة‬

1
Project Objectives
Upon completion of this project, you will be able to:

1. Experience the communication challenges faced when attempting to apply technology as the
solution to business problems.
2. Translate customer requirements into a proposed technical solution.
3. Present the proposed solution to the customer.

Project Instructions
Some thoughts on this project:

1. This project can be done in groups of 3-4 students.

2. The high level and detailed customer requirements should be reviewed.
3. A solution should be designed to address each of the requirements identified.
4. Worksheets have been included to guide the documentation process.
5. Upon completion of solution design, a presentation of the results should be prepared and given
to the class.
6. The class can be involved to evaluate the solution in terms of requirement fulfillment and
solution accuracy.

NOTE: This project does not require you to utilize an AWS account. However, if you would
like to build any components of your solution, to be used as part of your presentation, you
could do so in the Sandbox environment.

CIS-4403 Page 2 DBM

Introduction and Overview
Amazon Web Services (AWS) offers a broad set of on-demand global compute, storage,
database, analytics, application and deployment services, allowing you to scale up and down to
meet your organization’s needs.

The purpose of this project is to give the students an opportunity to apply what they learned in
the Cloud Computing Course. Each group of students is required to use AWS in their project’s
proof of concept implementation.

A Medical Company is a startup software as a service (SaaS) company. It has built an online
medical social networking and diagnosis assistance application for users in APAC, the US, and
Europe.

The application connects patients and doctors to:

• Allow online appointments, remote consultation, remote diagnosis, electronic

prescription transfer, and payment services.

• Allow customers to upload documents and images. Text is extracted from

documents, and images are converted into multiple formats.

The application has not yet been launched publicly.

A Medical Company has hired you to architect an infrastructure in AWS to meet their
application needs. In preparation for your meeting with them, they provided information about
their current environment.

CIS-4403 Page 3 DBM

A Medical Company: Current Environment
For your preparations, the customer provided this information on their current environment. A Medical
Company:

• Deployed it’s current development and test infrastructure with a server hosting company.

• Uses Microsoft Windows servers to host their web and application tiers with Microsoft SQL
Server Standard Edition backend databases.

• The application launch date is coming soon, and they expect many users to start using the
application.

• Believes it would be best to use cloud technologies to support its rapid growth.

• Thinks the new cloud platform could host the development, test, and production environments.

For your preparations, the customer provided this diagram of their current architecture.

CIS-4403 Page 4 DBM

The current architecture has three tiers: a web tier, a database tier, and an application tier. They are
configured as follows:

• Web Tier

• Two physical servers (Two CPUs / 4-GB memory)

• Microsoft Windows 2016 Base with Internet Information Services (IIS)

• High Availability Proxy load balancer used to balance traffic between the web servers

• Application Tier

• Two physical servers (Four CPUs / 16-GB memory)

• Microsoft Windows 2016 Base with Internet Information Services (IIS)

• High Availability Proxy load balancer used to balance traffic between app servers

• Database Tier

• One physical server (Eight CPUs / 32-GB memory / 5-TB storage)

• SQL Server Standard Edition with Microsoft Windows 2016 Base

• DBAs access and manage the database, but no RDMBS or advanced configuration is
required.

Customer Requirements and Solution Design

Worksheets

You have returned to the office with your teammates to discuss the A Medical Company’s requirements.
Now, it is time to turn all of the requirements into a solution design.

For ease of use, the customer requirements have been integrated with the solution design worksheets
that can be used to document your solution.

The requirements include:

1. Configuring access permissions to conform with AWS best practices.

2. Building networks that conform to AWS best practices while providing all the necessary
network services to the application in their different environments.

CIS-4403 Page 5 DBM

 3. Building an architecture that matches the current architecture at the server hosting
company and that can handle doubling the number of servers.

4. Securing all medical information, as medical information usually contains highly

sensitive personally identifiable information (PII).

5. Utilizing load balancers for web tier and application tier that must support HTTP, HTTPS,
TCP protocols plans to move their application into AWS.

6. Architecture should be resilient (built for business continuity).

7. Configuring auditing to track all user actions.

CIS-4403 Page 6 DBM

Solution – Identify AWS Services

Identify the POTENTIAL services needed and the purpose for each service that will be used to
move A Medical Company’s current environment to AWS. Use the following list to identify the
services.

 Aws empowers health organizations to improve patient outcomes and accelerate the
digitization and utilization of their data with the broadest
 Deepest portfolio of cloud services and purpose-built partner solutions.
 Amazon is made to enable suppliers, ISVs, and application providers to swiftly and
securely host your apps, whether they are SaaS-based or not.
 To access AWS's application hosting platform, use the AWS Management Console or
well-documented web services APIs.

Detailed Requirements – User Authentication

Follow AWS best practices for assigning permissions.

Three user groups with AWS access:

1. System Administrator Group: 2 users

2. Database Administrator Group: 2 users

3. Monitoring Group: (monitors 4 users

• infrastructure resources (EC2, S3, RDS for the app)

Administrators require programmatic access and AWS Management Console access.

When signing into the console, each administrator is required to provide a user name, a
password, and a random generated code provided by the Virtual MFA.

All other users should only have AWS Management Console access, using a combination of
user name and password.

Password Policy:

CIS-4403 Page 7 DBM

 • A password with at least 8 characters, 1 uppercase and 1 lowercase letter,
1 number, and 1 special character

• Forced password change every 90 days

• No re-use of previous three passwords

The A Medical Company application must read and write to S3 buckets.

Solution – User Authentication

Use this chart to document users, groups, and roles that need to be created.

CIS-4403 Page 8 DBM

Use this chart to document the groups and their associated permissions.

Group/Role # Group/Role Name Permissions

Group A combined
Group B combined
Group C combined
Role X seperated

Use this chart to identify solutions for each requirement.

Requirement Solution

Should be at least 8 characters and have Character passward

1 uppercase, 1 lowercase, 1 special
character, and a number.

Change passwords every 90 days and Yes

ensure that the previous three passwords
can’t be re-used.

All administrators require programmatic AWS Account

access

Administrator sign-in to the AWS IAM

Management Console requires the use of
Virtual MFA.

CIS-4403 Page 9 DBM

Detailed Requirements – Architecture
Design a AWS solution with:

1. Networks that conform to AWS best practices while providing all the necessary
network services to the application in their different environments.

2. An architecture that matches the current architecture at the server hosting

company and that can handle doubling the number of servers.

3. Security for all medical information, as medical information usually contains

highly sensitive personally identifiable information (PII).

4. Load balancers for web tier and application tier that must support HTTP,
HTTPS, TCP protocols plans to move their application into AWS.

The new architecture must conform to AWS best practices including:

 Achieve high availability for all tiers to reduce downtime.

 Control access to the application and limit public entry points. Note: There should
be no external access to the application or database tiers.

CIS-4403 Page 10 DBM

  Minimize IP address usage to reduce the attach surface.

 Maintain separate networks for A Medical Company’s development/testing

environment and the production environment.

 The web tier load balancer can receive requests from the Internet on port 443.

 Web tier servers can receive request from the web tier load balancer only on port
443.

 The Application Load Balancer can receive requests from the application tier load
balancer only on port 443.

 Database servers can receive requests from application servers only on port 1433.

 Use this chart to document the VPC solution.

VPC Region Purpose Subnets AZs CIDR Range

1 End-point gateway 1 a 1234

2 Start-point interference 2 a 1325

Use this chart to document the Dev subnet solution.

Subnet Type Subnet

Subnet Name VPC AZ
(Public/private) Address

1 #1 Public 1 13244

2 #1 Public 2 64474

3 #1 private 3 32636

4 #1 private 4 25326

CIS-4403 Page 11 DBM

Use this chart to document the Test subnet solution.

Subnet Type Subnet

Subnet Name VPC AZ
(Public/private) Address

AW #2 Public 1 13124

FH #2 Public 2 25536

IK #2 private 3 68699

GT #2 private 4 25523

UH #2 Public 3 23535

ER #2 Public 6 79757

TR #2 private 7 35366

EB #2 private 8 35326

CIS-4403 Page 12 DBM

Solution – Web and Application Tier

The current architecture has three tiers: a web tier, a database tier, and an application tier. They
are configured as follows:

• Web Tier

• Two physical servers (Two CPUs / 4-GB memory)

• Microsoft Windows 2016 Base with Internet Information Services (IIS)

• High Availability Proxy load balancer used to balance traffic between the web
servers

• Application Tier

• Two physical servers (Four CPUs / 16-GB memory)

• Microsoft Windows 2016 Base with Internet Information Services (IIS)

• High Availability Proxy load balancer used to balance traffic between app servers

Instance Names:
• All web tier instance names should be tagged as Key = Name and value = web-tier.

CIS-4403 Page 13 DBM

 • All application tier instance names should be tagged as Key = Name and value = app-
tier.

All instances in the application tier must support EBS optimization.

Load balancers for web tier and application tier must support:

• HTTP

• HTTPS

• TCP protocols

Use this chart to describe the type, size, and justification for the instances you will use for each
tier.

Tier Tag* OS Type Size Justification # of instances User Data?

web-elb-
Web web-elb 1 2 1 2 2432
sg

App app-elb 1 2 app-elb-sg 1 2 3253

DB app-elb 1 2 app-elb-sg 1 2 535253

Web tier load balancer receive requests from Internet on port 80.

Application tier load balancer can only receive requests from web tier servers, on port 8080.

Web tier servers can only receive requests from web tier load balancer, on port 80.

Application tier servers can only receive requests from application tier load balancer, on port 80

Database servers can only receive requests from Application tier servers, on port 1433

CIS-4403 Page 14 DBM

ELB health status

Microsoft Windows cannot open port 80 or other ports by default, and there is no IIS installed by
default in Microsoft Windows 2016 Base. If you configure using port 80 (TCP or HTTP) to
detect the ELB health status, you need to install IIS by using user data when launching an
instance, downloading from the website, or using a Powershell script.

Research how to solve this problem.

Use this chart to describe the load balancer and instance security group details.

Load
Name External/ SG Sourc
Balance Subnets Rule
* Internal Name* e
r

For Web web- web-

1 2 1 2
Tier elb elb-sg

For App app- app-

1 2 1 2
Tier elb elb-sg

Instance Tier SG Name* Rule Source

Web Tier web-tier-sg 1 2

App Tier app-tier-sg 1 2

Database Tier db-tier-sg 1 2

The new architecture should be designed for business continuity and resiliency.

• The web and application tiers should be resilient and designed for
business continuity.

• If a server becomes unavailable it will be replaced by a new

server.

CIS-4403 Page 15 DBM

 • A server is considered to be unavailable if the operating system
or application fails to respond.

• The database tier should support Multi-AZ deployment.

• The architecture should handle doubling the number of servers to support

its rapid growth.

• Use this chart to describe the automatic scaling launch configuration.

Siz
Tier OS Type Configuration Name* Role Security Group
e

Web Q W R WebTier 2 13214

App Q W R AppTier 2 1464

CIS-4403 Page 16 DBM

Use this chart to describe the automatic scaling groups.

Launch
Tie Group Grou VP
Configuration Subnets ELB Tags
r Name* p Size C
*

We WebTie
WebTier 1 2 235 244 1132
b r

App AppTier AppTier 2 2 3532 421 2133

Detailed Requirements – Auditing

Follow AWS best practices for implementing auditing of all user actions.

Three user groups with AWS access:

1. Continuously monitor, and retain account activity related to actions across

your AWS infrastructure.

2. Log the event history of AWS account activity, including actions taken
through the AWS Management Console, AWS SDKs, command line
tools, and other AWS services.

3. Ensure that is an audit trail for all executed API calls.

4. Ensure that logs are stored in a secure location.

Administrators must be able to track every AWS service related action in the account.

How can the these requirements be satisfied using AWS?

CIS-4403 Page 17 DBM

Solution Presentation
1. The presentation should be done individually.

2. The presentation simulates the experience of presenting to the actual customer

• Showcase your solution! Justify choices for your architectural decisions.

• Instructor and/or peer feedback will help you enhancing your strengths and
improve your weaknesses for future design meetings with customers.

3. You will be allotted 20 minutes to present you solution and an additional 5 minutes for
the instructor and/or class to ask questions regarding the design, the chosen services, and
or how the solution was determined.

4. NOTE: The presentations should follow the outline of the actual project. See the project
guide for additional information.

Include information about your solution for the following:

• Configuring access permissions to conform to AWS best practices.

• Network design features that conform to AWS best practices

• Architecture alignment with and deviations from the current server hosting company.

• Architecture's ability to accommodate future growth

• Securing all sensitive information.

• Utilizing load balancers for web tier and application tier that support HTTP, HTTPS,
TCP protocols.

• Architecture resiliency features.

• Configuring auditing to track all user actions.

CIS-4403 Page 18 DBM

Project Report
 The report must cover the following areas:
 Cover Page
 Introduction.
 Project Solution.
 Project Architecture
 Conclusion.
 References

1. Cover Page:
Create a cover page for your report that demonstrates: course code and title; assignment title;
project name; team members names; faculty mentor’s name. Your report must include page
numbers on all pages
2. Project introduction:
Write about 100+ words introduction that provides a technical background about your project,
and highlights the main design decisions.
3. Planning Phase:
Use this section to detail all solutions of the above sections, identify the project member who did
each task, and present the role of each member of the team. Provide in-depth reflection of
teamwork and individual contribution.
4. Project Architecture
Use this section to provide a diagram using a draw.io for the project architecture with all
components. You refer to this video for more instructions about using draw.io with AWS
architecture (https://youtu.be/OSHirDvZcn4).

This part of the report must reflect the design and proof of concept implementation in-depth, and
must focus on AWS architecture components such as EC2, ELB, VPCs, IAM, RDS, etc. You
must provide screenshots of the implemented tasks.

5. Conclusion and Future development plan.

Write at least 100 words in which you summarize your project and present a future development
action plan based on the experience you have in the capstone project.

6. References used to complete the project.

List your references including refereed journal articles, standards, web sites and verbal
communications with experts. Use the APA referencing format for both inline citations and
bibliography.

CIS-4403 Page 19 DBM

 Individual Presentation/Interview

The final presentation should include the following:-

 Keep graphics simple and ensure that copyrights are not infringed

 Leverage simple graphics and diagrams, when possible.

 Keep screen text concise and clear

 Ensure headers align to the screen text

 Contrasting colors provide an area of focus

 Maintain consistency with font styles, sizes, and colors

 Avoid repetitive slides and content

 Ensure capitalization, punctuation, and grammar are applied

 Apply text into the notes section that provide guidance for the presentation

 Avoid distracting backgrounds

 View your presentation in the final presentation mode to ensure everything appears on
screen as intended

Part 1 & 2 – Report Marking Scheme

# Score Area Description Mark

Cover Page Proper cover page with project title and

1 0-1
(Max 1 Mark) team members is added to the project.

2 Introduction 0 -2
 The project’s objectives are clearly
(Max 2 Marks) stated.
 Design decisions are well established by
relating the current project problems.
 An accurate and complete explanation of

CIS-4403 Page 20 DBM

 key concepts is explained.
 Enough detail is presented to allow the
reader to understand the content and
make judgments about it.

Teamwork All team members and their roles are

3 identified clearly. 0-2
(Max 2 Mark)

4 Planning Phase (70 Marks)

Not included 0

The content provided very basic, unclear, or

2-4
inaccurate information about the project.

The context provided the necessary

information about the project requirements
Project 6-8
and constraints. Obvious exclusions,
4.1 requirement constraints and assumptions are mentioned.
(Max 10 Marks)
Requirements are carefully weighed in and
incorporated into the discussion of the
problem, and the justification of the
proposed solution. A comprehensive list 8-10

of exclusions, constraints and assumptions

are defined and explained.

Not included 0
list of all used
Included but at most two components are
4.2 AWS components 2-3
missing.
(Max 5 Marks)
All relevant services are included in the plan. 4-5

Not included 0
Project VPC Proper VPCs design but wrong number of
4.3 4-6
(Max 10 Marks) subnets

Proper VPCs with correct number of subnets 8-10

4.4 User Not included 0

CIS-4403 Page 21 DBM

 The users and groups are listed but with
Authentication 4-6
wrong policy and role.
(Max 10 Marks)
The users and groups are listed but with
8-10
correct policy and role.

Not included 0

Web and Correct EC2 OS but with wrong EC2 type

4-6
4.5 Application Tier and size
(Max 10 Marks)
Correct EC2 and appropriate EC2 type and
8-10
size

Not included 0
Security group Correct use of security groups but wrong
details. 4-6
4.6 ports and source of traffic.
(Max 10 Marks) Correct use of security groups and correct
8-10
ports and source of traffic are configured.

Not included 0
Business Proper configuration of Auto Scaling groups
Continuity 4-6
4.7 but with wrong size, role and security group
(Max 10 Marks) Proper configuration of Auto Scaling groups
8-10
correct size, role and security group

Not included 0

Auditing Two services are listed for auditing 2-3

4.8
(Max 5 Marks) Correct list of auditing services including
EC2, CloudWatch, CloudTrail, API requests 4-5
and cost explorer

5 Project Architecture (25 Marks)

5.1 Project Design The project design is not complete, only two
services are presented without having 0 -5
(Max 20 Marks)
relevant link to the proposed plan.

Partially designed. Not more than two AWS 5-10

CIS-4403 Page 22 DBM

 services are missing.

Design meets minimum requirements of the

proposed services but one important service 10-15
are missing.

Design is complete as per the requirements.

15-20
Student utilize wide varieties of AWS tools.

Not included 0

The conclusion gave an inadequate

Conclusion and summary by missing either the challenges or 2
Future the future development plan.
development plan.
The conclusion summarized the project
6 (Max 3 Marks) outcomes challenges and difficulties. The
3
future development plan and scalability is
presented.

Not included 0

Little attempt is made to acknowledge the

References work of others. Most references that are 1
7
(Max 2 Mark) included are inaccurate or unclear.

Prior work is acknowledged and cited

2
properly using APA style.

Total Mark 100

CIS-4403 Page 23 DBM

CIS-4403 Page 24 DBM