UNIT 3: CLOUD ARCHITECTURE,

SERVICES AND STORAGE

Layered Cloud Architecture Design – NIST Cloud

Computing Reference Architecture – Public,
Private and Hybrid Clouds - laaS – PaaS – SaaS –
Architectural Design Challenges – Cloud
Storage – Storage-as-a-Service – Advantages of
Cloud Storage – Cloud Storage Providers – S3.

1
Layered Cloud Architectural Development

2
Market-Oriented Cloud Architecture

3
 NIST Cloud Computing Reference
Architecture
• The National Institute of Standards and Technology
(NIST) has been designated by Federal Chief
Information Officer (CIO) Vivek Kundra with
technical leadership for US government (USG)
agency efforts related to the adoption and
development of cloud computing standards.
• The goal is to accelerate the federal government’s
adoption of secure and effective cloud computing
to reduce costs and improve services.

4
 NIST Cloud Computing Reference
Architecture
• The NIST cloud computing reference
architecture focuses on the requirements of
“what” cloud services provide, not a “how to”
design solution and implementation.
• The reference architecture is intended to
facilitate the understanding of the operational
quality in cloud computing.

6
The Conceptual Reference Model

7
Actors in Cloud Computing

8
Interactions between the Actors in Cloud
Computing

9
Usage Scenario for Cloud Brokers

10
 Usage Scenario for Cloud Carriers
• Cloud provider participates in and arranges for two
unique service level agreements (SLAs), one with a
cloud carrier (e.g. SLA2) and one with a cloud
consumer (e.g. SLA1).
• Provider specify its requirements on capability,
flexibility and functionality in SLA2 in order to
provide essential requirements in SLA1

11
Usage Scenario for Cloud Auditors
• Cloud auditor conducts independent
assessments of the operation and security of
the cloud service implementation.
• The audit may involve interactions with both
the Cloud Consumer and the Cloud Provider

12
 Cloud Consumer
• The cloud consumer is the principal stakeholder for the
cloud computing service.
• A cloud consumer represents a person or organization
that maintains a business relationship with, and uses the
service from a cloud provider.
• A cloud consumer browses the service catalog from a
cloud provider, requests the appropriate service, sets up
service contracts with the cloud provider, and uses the
service.
• The cloud consumer may be billed for the service
provisioned, and needs to arrange payments accordingly.
13
Services Available to a Cloud Consumer

14
 SaaS
SaaS model allows to use software applications as a
service to end users.
Software that is deployed on a hosted service and is
accessible via Internet.
There are several SaaS applications, some of them are
listed below:
•Billing and Invoicing System
•Customer Relationship Management (CRM) applications
•Help Desk Applications
•Human Resource (HR) Solutions

15
 PaaS
PaaS provides the runtime environment for applications,
development & deployment tools, etc.
PaaS provides all of the facilities required to support the
complete life cycle of building and delivering web
applications and services entirely from the Internet.
•Google's App Engine, Force.com are examples of PaaS
offering vendors.
•Developer may log on to these websites and use the
built-in API to create web-based applications.

16
 IaaS
IaaS is the delivery of technology infrastructure as an on
demand scalable service.
IaaS provides access to fundamental resources such as
physical machines, virtual machines, virtual storage, etc.
Apart from these resources, the IaaS also offers:
•Virtual machine disk storage
•Virtual local area network (VLANs)
•Load balancers
•IP addresses
•Software bundles

17
 Cloud Auditor
• A cloud auditor is a party that can perform an
independent examination of cloud service controls
with the intent to express an opinion thereon.
• Audits are performed to verify conformance to
standards through review of objective evidence.
• A cloud auditor can evaluate the services provided
by a cloud provider in terms of security controls,
privacy impact, performance, etc.

18
 Cloud Auditor
• Security controls are the management, operational, and
technical safeguards or countermeasures employed
within an organizational information system to protect
the confidentiality, integrity, and availability of the
system and its information.
• A privacy impact audit can help Federal agencies comply
with applicable privacy laws and regulations governing
an individual’s privacy, and to ensure confidentiality,
integrity, and availability of an individual’s personal
information at every stage of development and operation

19
 Cloud Broker
Cloud broker can provide services in three categories
• Service Intermediation: A cloud broker enhances a
given service by improving some specific capability and
providing value-added services to cloud consumers.
• Service Aggregation: A cloud broker combines and
integrates multiple services into one or more new
services.
• Service Arbitrage: Service arbitrage means a broker has
the flexibility to choose services from multiple
agencies.

20
 Cloud Carrier
• A cloud carrier acts as an intermediary that
provides connectivity and transport of cloud
services between cloud consumers and cloud
providers.
• Cloud carriers provide access to consumers
through network, telecommunication and
other access devices.

21
Cloud Provider - Major Activities

22
Scope of Control between Provider and
Consumer

23
 Service Orchestration
• service layer
– SaaS, PaaS, IaaS
• resource abstraction and
control layer
– hypervisors, virtual machines,
virtual data storage
– resource allocation, access
control, and usage monitoring
• physical resource layer
– CPU, Memory, Storage, Network

24
Cloud Service Management

25
Cloud Computing Reference Architecture:
Architectural Components – Service deployment
• Public cloud solutions are readily available from
Google, Amazon, Microsoft, and others.
• Public cloud services provide infrastructure and
services to the public, and you, or your
organization, secure a piece of that
infrastructure and network.
• Resources are shared by hundreds or thousands
of people. Gmail and U of I Box are examples of
public cloud services.
26
Public cloud

27
 Private cloud
• Private cloud solutions are dedicated to one organization or business,
and often have much more specific security controls than does a
public cloud.
• Many medical offices, banking institutions and other organizations
who are required to meet federal and state guidelines for data
controls use a private cloud.
• Using private cloud storage allows them to control highly sensitive
data by meeting regulations and industry-based criteria, whether that
be medical records, trade secrets, or other classified information.
• Private cloud solutions utilize infrastructure that is either owned and
controlled by the organization, or they are able to contractually
require those specific criteria be met by a vendor who manages the
infrastructure.
28
On-site Private Cloud Out-sourced Private Cloud

29
On-site Community Cloud

30
Outsourced Community Cloud

31
Hybrid Cloud

32
 Cloud Deployment Models
• Deployment models define the type of access
to the cloud, i.e., how the cloud is located?
• Cloud can have any of the four types of access:
– Public
– Private
– Hybrid
– Community

33
Centralized versus Distributed Computing

34
35
Data-Center Networking Structure

37
 Service Models
1. Infrastructure as a Service (IaaS)
2. Platform as a Service (PaaS)
3. Software as a Service (SaaS)

38
39
40
 IaaS
• Offering virtualized resources on demand
– computation, storage, communication
• Bottom layer of cloud systems
• Example
– Amazon EC2
• Offering VM
• Software stack

Amazon's Elastic
Compute Cloud
(EC2) – 84% usage
41
 IaaS Services
• Backup and Recovery: Services for backup and recovery of file
systems and raw data stores on servers and desktop systems.
• Compute: Server resources for running cloud-based systems that
can be dynamically provisioned and configured as needed.
• Content Delivery Networks (CDNs): CDNs store content and files
to improve the performance and cost of delivering content for
web-based systems.
• Services Management: Services that manage cloud
infrastructure platforms. These tools often provide features that
cloud providers do not provide or specialize in managing certain
application technologies.
• Storage: Massively scalable storage capacity that can be used for
applications, backups, archival, and file storage.

42
Benefits :
• Full Control of the computing resources through
Administrative Access to VMs.
• Flexible and Efficient renting of Computer Hardware.
• Portability, Interoperability with Legacy Applications.
Issues :
• Compatibility with legacy security vulnerabilities
• Virtual machine sprawl
• Data erase practices
• Robustness of vm-level isolation

43
 PaaS
• Make a cloud easily programmable
– offers an environment
• Developers create and deploy application
• Do not necessarily need to know how
many processors or how much memory
that applications will be using
• Offered building blocks Google App Engine is a
Platform as a Service and
• Google AppEngine cloud computing platform for
• Python, java developing and hosting web
applications in Google-
• Building block managed data centers.
• Mail service, instance messaging service,
image manipulation service

44
45
 PaaS Services
• Business Intelligence: Platforms for the creation of
applications such as dashboards, reporting systems, and
data analysis.
• Database: Services offering scalable relational database
solutions or scalable non-SQL datastores.
• Development and Testing: Platforms for the development
and testing cycles of application development, which
expand and contract as needed.
• Integration: Development platforms for building integration
applications in the cloud and within the enterprise.
• Application Deployment: Platforms suited for general
purpose application development. These services provide
databases, web application runtime environments, etc.
46
Benefits :
•Lower administrative overhead
•Lower total cost of ownership
•Scalable solutions
•More current system software
Issues :
•Lack of portability between PaaS clouds
•Event based processor scheduling
•Security engineering of PaaS applications

47
 SaaS
• Applications reside on the top of the
cloud stack
• Accessed by end users through Web
portal
• From local to on-line software with American cloud-based
same functionally software company –
Backbone is CRM
• Example
• Salseforce.com
– CRM

48
 SaaS Services
• Email and Office Productivity: Applications for email, word
processing, spreadsheets, presentations, etc.
• Billing: Application services to manage customer billing based
on usage and subscriptions to products and services.
• Customer Relationship Management (CRM): CRM applications
that range from call center applications to sales force
automation.
• Collaboration: Tools that allow users to collaborate in
workgroups, within enterprises, and across enterprises.
• Document Management: Applications for managing documents,
enforcing document production workflows, and providing
workspaces for groups or enterprises to find and access
documents.
49
• Content Management: Services for managing the production of
and access to content for web-based applications.
• Financials: Applications for managing financial processes ranging
from expense processing and invoicing to tax management.
• Human Resources: Software for managing human resources
functions within companies.
• Sales: Applications that are specifically designed for sales functions
such as pricing, commission tracking, etc.
• Social Networks: Social software that establishes and maintains a
connection among users that are tied in one or more specific types
of interdependency.
• Enterprise Resource Planning (ERP): Integrated computer-based
system used to manage internal and external resources, including
tangible assets, financial resources, materials, and human
resources.

50
Benefits :
•Modest software tools
•Efficient use of software licenses
•Centralized management & data
•Platform responsibilities managed by providers
•Multitenant solutions
Issues :
•Browser based risks
•Network dependence
•Lack of portability between SaaS clouds
51
ARCHITECTURAL DESIGN CHALLENGES
Security-Aware Cloud

52
Layered Cloud Architectural Development

53
 Architectural Design Challenges
1. Service Availability and Data Lock-in Problem
• The management of a cloud service by a single
company is often the source of single points of
failure.
• To achieve HA, one can consider using
multiple cloud providers.
• Distributed denial of service (DDoS) attacks
– quick scale-ups

54
• Software stacks have improved interoperability
among different cloud platforms, but the APIs
itself are still proprietary.
• Thus, customers cannot easily extract their data
and programs from one site to run on another.
• The obvious solution is to standardize the APIs
so that a SaaS developer can deploy services
and data across multiple cloud providers.

55
2. Data Privacy and Security
• Many obstacles can be overcome immediately with well-
understood technologies such as encrypted storage, virtual
LANs, and network middleboxes (e.g., firewalls, packet filters)
• Many nations have laws requiring SaaS providers to keep
customer data and copyrighted material within national
boundaries.
• Traditional network attacks include buffer overflows, DoS
attacks, spyware, malware, rootkits, Trojan horses, and
worms.
• Active and passive attacks. (man-in-the-middle attack, VM
migration)

56
3. Unpredictable Performance and Bottlenecks
• Multiple VMs can share CPUs and main
memory in cloud computing, but I/O sharing is
problematic.
• If we assume applications to be “pulled apart”
across the boundaries of clouds, this may
complicate data placement and transport.
• Therefore, data transfer bottlenecks must be
removed, bottleneck links must be widened,
and weak servers should be removed.

57
4. Distributed Storage and Widespread Software Bugs
• The opportunity is to create a storage system
that will not only meet this growth, but also
combine it with the cloud advantage of scaling
arbitrarily up and down on demand.
• This demands the design of efficient distributed
SANs.
• Data centers must meet programmers’
expectations in terms of scalability, data
durability, and HA.

58
• Large-scale distributed bugs cannot be
reproduced, so the debugging must occur at a
scale in the production data centers.
• The level of virtualization may make it possible
to capture valuable information in ways that
are impossible without using VMs.

59
5. Cloud Scalability, Interoperability, and
Standardization
• The pay-as-you-go model applies to storage
and network bandwidth; both are counted in
terms of the number of bytes used.
• GAE automatically scales in response to load
increases and decreases; users are charged by
the cycles used.
• AWS charges by the hour for the number of
VM instances used, even if the machine is idle.
60
• Open Virtualization Format (OVF) describes an
open, secure, portable, efficient, and
extensible format for the packaging and
distribution of VMs.
• It also defines a format for distributing
software to be deployed in VMs.
• This VM format does not rely on the use of a
specific host platform, virtualization platform,
or guest operating system.

61
6. Software Licensing and Reputation Sharing
• Open source software
• Commercial software
• One can consider using both pay-for-use and
bulk-use licensing schemes to widen the
business coverage.
• One customer’s bad behaviour can affect the
reputation of the entire cloud.
• trusted e-mail services for free.

62
 CLOUD STORAGE
(Storage as a Service)
• Data (or files) are said to be stored in the cloud when
they are saved on a remote server, which is easily
accessible from anywhere with internet access.
• This allows access to the data from any device
connected to the internet, including computers,
tablets and smartphones.
• This is in contrast to local data storage, where data is
stored on the hard drive of a local desktop or a
laptop.

63
64
65
 Providers
• Google Docs
• Web email providers like Gmail, Hotmail, and Yahoo!
• Flickr and Picasa host millions of digital photographs.
• YouTube hosts millions of user-uploaded video files.
• Hostmonster and GoDaddy store files and data for
many client web sites.
• Facebook and MySpace are social networking sites
and allow members to post pictures and other
content

66
 Google Drive
• This is a ‘pure’ cloud computing service, with
all the apps and storage found online. You can
use it via desktop top computers, tablets like
the iPad or on smartphones. All of Google's
services could be considered cloud computing
really: Gmail, Google Calendar, Google Reader,
Google Voice, and so on.
• Microsoft’s OneDrive is very similar to Google
Drive and offers much the same services.
67
 Dropbox
• Commonly used commonly to store their
documents and images.
• You might set your phone to automatically
send all pictures you take with it into your
Dropbox account, so that even if you lose your
phone, the pictures will still be available to you
up in space; you might use it to access your
documents at home, and then save changes to
it.
68
 Apple iCloud
• Apple's cloud service is primarily used by Apple users
for online storage and synchronization of their mail,
contacts, calendar, and more.
• All the data you need is available to you on
whichever device you seek to access it from, your
iOS, Mac OS, or Windows device, and if you make a
change to a document, say, on one of your devices, it
will automatically update it so that when you next
access it the amended version will be available to
you on whatever device you use.
69
 Amazon Cloud Drive
• Storage at the big retailer is mainly for music –
and they would certainly prefer it is music that
you have bought from them!

70
 Common Features
• All offer a basic amount of free storage:
– Dropbox: 5 GB
– OneDrive (linked to Microsoft live account): 7
GB
– Google Drive (linked to Gmail account): 15 GB
• After that, the user has to pay a yearly or
monthly subscription fee. E.g. Google Drive:
100 GB - $4.99/month; 200 GB - $9.99/month
71
• All platforms can easily be accessed via a web
browser.
• All also offer apps for ease of access from a
smartphone or tablet.
• All three feature a directory structure similar
to that of a computer drive; this facilitates
navigation and organisation.

72
• Online editing: OneDrive and Google Drive
offer the possibility of editing documents
inside a web browser. No additional software
is needed.
• Folders or specific files can be shared with
others; this facilitates collaboration.

73
 Limitations
• Limited storage. Many colleagues are reluctant
to pay for a service they need for work, and
the amount of free storage with all of these
providers is limited.
• Data protection issues?

74
 Amazon S3
• Amazon Simple Storage Service (Amazon S3) is an object
storage service offering industry-leading scalability, data
availability, security, and performance.
• Customers of all sizes and industries can store and
protect any amount of data for virtually any use case,
such as data lakes, cloud-native applications, and mobile
apps.
• With cost-effective storage classes and easy-to-use
management features, you can optimize costs, organize
data, and configure fine-tuned access controls to meet
specific business, organizational, and compliance
requirements.
75
AWS (S3)

76
 AWS S3 Benefits
• Durability:  S3 provides 99.999999999 percent
durability.
• Low cost: S3 lets you store data in a range of “storage
classes.” These classes are based on the frequency and
immediacy you require in accessing files. 
• Scalability: S3 charges you only for what resources you
actually use, and there are no hidden fees or overage
charges. You can scale your storage resources to easily
meet your organization’s ever-changing demands.
• Availability: S3 offers 99.99 percent availability of
objects

77
• Security: S3 offers an impressive range of access
management tools and encryption features that
provide top-notch security.
• Flexibility: S3 is ideal for a wide range of uses like
data storage, data backup, software delivery, data
archiving, disaster recovery, website hosting,
mobile applications, IoT devices, and much more.
• Simple data transfer: You don’t have to be an IT
genius to execute data transfers on S3. The service
revolves around simplicity and ease of use.

78
Thank You

79