MENDEL UNIVERSITY IN BRNO

Faculty of Business and Economics

Cloud
Computing
Written by: echov, Hanka
Grepl, Michal
Jindra, Martin
Oborov, Marica

1 Introduction
This text provides you with a basic information about the Cloud
Computing, a new and fastly growing term. It is structured to seven
chapters for better orientation and easy understanding. The first chapter
talks about the very basis such as definition, its attributes or history.

1.1 Definition
Cloud Computing is a buzzword of 2010 and many experts disagree on its
exact definition. But the most used one and concurred one includes the
notion of webbased services which are available on demand from and
optimized and highly scalable service provider. Since such a disagreement
on the definition, one will be provided to better understand of the notion.
The cloud is IT as a service, delivered by IT resources that are independent
of location. It is a style of computing in which dynamically scalable and
often virtualized resources are provided as a service over the Internet
where endusers have no knowledge of, expertise in, or control over the
technology infrastructure (the cloud) that supports them. [1]

1.2 Attributes
Before some of the attributes will be defined, the term cloud should be
explained. A cloud has been long used in IT, in network diagrams
respectively, to represent a sort of black box where the interfaces are well

known but the internal routing and processing is not visible to the network
users. Key attributes in cloud computing:

ServiceBased: Consumer concerns are abstracted from provider

concerns through service interfaces that are welldefined. The
interfaces hide the implementation details and enable a completely
automated response by the service provider. The service could be
considered "ready to use" or "off the shelf" because it is designed to
serve the specific needs of a set of consumers, and the technologies
are tailored to that need rather than the service being tailored to
how the technology works. The articulation of the service feature is
based on service levels and IT outcomes such as availability,
response time, performance versus price, and clear and predefined
operational processes, rather than technology and its capabilities. In
other words, what the service needs to do is more important than
how the technologies are used to implement the solution.

Scalable and Elastic: The service can scale capacity up or down as

the consumer demands at the speed of full automation (from
seconds for some services to hours for others). Elasticity is a trait of
shared pools of resources. Scalability is a feature of the underlying
infrastructure and software platforms. Elasticity is associated with
not only scale but also an economic model that enables scaling in
both directions in an automated fashion. This means that services
scale on demand to add or remove resources as needed.

Shared: Services share a pool of resources to build economies of

scale and IT resources are used with maximum efficiency. The
underlying infrastructure, software or platforms are shared among
the consumers of the service (usually unknown to the consumers).
This enables unused resources to serve multiple needs for multiple
consumers, all working at the same time.

Metered by Use: Services are tracked with usage metrics to enable

multiple payment models. The service provider has a usage
accounting model for measuring the use of the services, which could
then be used to create different pricing plans and models. These
may include payasyou go plans, subscriptions, fixed plans and
even free plans. The implied payment plans will be based on usage,
not on the cost of the equipment. These plans are based on the
amount of the service used by the consumers, which may be in
terms of hours, data transfers or other usebased attributes
delivered.

Uses Internet Technologies: The service is delivered using

Internet identifiers, formats and protocols, such as URLs, HTTP, IP
and representational state transfer Weboriented architecture. Many
examples of Web technology exist as the foundation for Internet
based services. Google's Gmail, Amazon.com's book buying, eBay's
auctions sharing all exhibit the use of Internet and Web technologies
and protocols. More details about examples are in the chapter four
Intergration [2]

1.3 History
History of Cloud Computing surprisingly began almost 50 years ago. The
father of this idea is considered to be John McCarthy, a professor at MIT
University in US, who first in 1961 presented the idea of sharing the same
computer technology as being the same as for example sharing electricity.
Electrical power needs many households/firms that possess a variety of
electrical appliances but do not possess power plant. One power plant
serves many customers and using the electricity example, power
plant=service
provider,
distribution
network=internet
and
the
households/firms=computers. [3]
Since that time, Cloud computing has evolved through a number of phases
which include grid and utility computing, application service provision
(ASP), and Software as a Service (SaaS). One of the first milestones was
the arrival of Salesforce.com in 1999, which pioneered the concept of
delivering enterprise applications via a simple website. The next
development was Amazon Web Services in 2002, which provided a suite of
cloudbased services including storage, computation and even human
intelligence. Another big milestone came in 2009 as Google and others
started to offer browserbased enterprise applications, though services
such as Google Apps. [4]

2 Architecture
A basis infromation about the architecture is provided in this chapter,
together with the explanations of relevant terms such as virtualization,
Frond/Back end or Middleware.

Virtualization is best described as essentially designating one

computer to do the job of multiple computers by sharing the
resources of that single computer across multiple environments.
Virtual servers and virtual desktops allow you to host multiple
operating systems and multiple applications locally and in remote
locations, freeing your business from physical and geographical
limitations. [5]

The Cloud Computing architecture can be divided into two sections, the
front end and the back end, connected together through a network,
usually Internet. The Front End includes the client's computer and the
application required to access the cloud computing system. Not all cloud
computing systems have the same user interface. Services like Webbased
email programs leverage existing Web browsers like Internet Explorer or
Firefox. Other systems have unique applications that provide network
access to clients.

The Back End of the system is represented by various computers, servers

and data storage systems that create the "cloud" of computing services.
Practically, Cloud Computing system could include any program, from data
processing to video games and each application will have its own server.
A central server administers the system, monitoring traffic and client
demands to ensure everything runs smoothly. It follows a set of rules
called protocols and uses a special kind of software called Middleware.
Middleware allows networked computers to communicate with each other.
[6]
Public Cloud (external cloud) is a model where services are available
from a provider over the Internet, such as applications and storage. There
are free Public Cloud Services available, as well as payperusage or other
monetized models. Private Cloud (Internal Cloud/Corporate Cloud) is
computing architecture providing hosted services to a limited number of
people behind a companys protective firewall and it sometimes attracts
criticism as firms still have to buy, build, and manage some resources and
thus do not benefit from lower upfront capital costs and less handson
management, the core concept of Cloud Computing. [7]

Private/Public cloud
Source: http://www.technologyevaluation.com/login.aspx?returnURL=http://www.technologyevaluation.com
%2fresearch%2farticles%2fi-want-my-private-cloud-21964%2f

3 Cloud computing categories

There are three main categories in CC, Infrastructure as a Service (IaaS),
Software as a Service (SaaS) and Platform as a Service (PaaS). All of them
are described below in more details.

Infrastructure as a Service is a provision model in which an

organization outsources the equipment used to support operations,
including storage, hardware, servers and networking components.
The service provider owns the equipment and is responsible for
housing, running and maintaining it. [8]

Software as a Service is a software distribution model in which

applications are hosted by a vendor or service provider and made
available to customers over a network, typically the Internet. It is
becoming an increasingly prevalent delivery model as underlying

technologies that support Web services and

architecture become increasingly available. [9]

serviceoriented

Platform as a Service is an outgrowth of Software as a Service

(SaaS). It is a way to rent hardware, operating systems, storage and
network capacity over the Internet. The service delivery model
allows the customer to rent virtualized servers and associated
services for running existing applications or developing and testing
new ones. [10]

4 Intergration
Once the definition, categories and componencts needed for the users
solution have been identified the next challenge is to determine how to
put them all together. This chapter provides information about the Cloud
Computing degisn and integrability as well as gives some examples.

4.1 End to end design - definition

It is a major feature of the Internet. The intelligence and functions in an
Internetbased application reside at both ends of the network (client side
and server side), not within the Internet backbone. The Internet acts as a
transport between these two.

Technical design in its simplest form, the endtoend design will

include the enduser device, user connectivity, Internet, cloud
connectivity, and the cloud itself.

At a minimum, most organizations will have users who connect to the

cloud service remotely (from home or while travelling) and through the
internal network. In addition to connectivity at the network level, the
interfaces at the application layer need to be compatible and it will be
necessary to ensure this connectivity is reliable and secure.

Devices cloud services should be device agnostic. They should

work with traditional desktop, mobile devices and thin client.
Unfortunately, this is much easier said than done. Regression testing
on five or ten client platforms can be challenging. A good start is to

bundle the sets of supported devices into separate services. With

Microsoft Exchange 2007 you have the option of supporting Windows
platforms through HTTP (Outlook web access) and using RPC over
HTTP. You can also support Windows Mobile (as well as Symbian,
iPhone and Blackberry devices using ActiveSync). The platform is
just beginning. You would also want to take an inventory of existing
systems to determine the actual operating platforms, which might
range from Mac OS and Linux to Google Chrome, Android, Symbian,
RIM Blackberry and iPhones.

Connectivity in order to assess the connectivity demands you

need to identify all required connections. At high level the
connections will include categories such as:
o

Enterprise to cloud

Remote to cloud

Remote to enterprise

Cloud to cloud

Cloud to enterprise

Once you put these together into a high level connectivity diagram you
can then proceed to the next step of identifying and selecting connectivity
options. Unless the systems are connected they cannot operate, at least
for any extended periods of time. It the case of cloud computing, data and
processing are both highly distributed making reliable, efficient and secure
connectivity and are the most critical.

Management generally, for each component in the design we

need to investigate how we will manage it. This includes all the end
user devices, the connectivity, and legacy infrastructure and all the
applications involved. The challenge of splitting management
components will be that you may have policies that need to be kept
synchronized. Imagine for example, that you have a minimum
password length of 8 characters which is increased to 10. If you have
only two management servers and this is not a frequent type of
occurrence then you can easily apply challenge manually. However,
if you are dealing with hundreds of management servers and you
receive minor policy changes on a weekly basis you can imagine
how cumbersome and errorprone the task will become.

Security the impact of Cloud Computing on security is profound.

There are some benefits and unfortunately some hurdles to
overcome. One challenge in trying to evaluate security is that it
tends to relate to all aspects of IT and, since Cloud Computing`s
impact is similarly pervasive. Security domains:

Access control provides mechanism to protect critical

resources from unauthorized access and modification while
facilitating access to authorized users

Cryptography presents various

readable data, and transforming it
purpose of secure transmission,
transform it back into readable
destination. [11]

Operations security includes procedures for backups and

change control management.

methods for taking legible,

into unreadable data for the
and then using a key to
data when it reaches its

The Cloud Computing Manifesto is a manifesto containing a "public

declaration of principles and intentions" for cloud computing providers and
vendors, annotated as "a call to action for the worldwide cloud
community" and "dedicated belief that the cloud should be open". It
follows the earlier development of the Cloud Computing Bill of Rights,
which addresses similar issues from the users' point of view. [12]

4.2 Examples
Most common public known examples of a Cloud are Google Apps. This
service provide number of online applications like Wordprocessor,
Application for creating and editing presentations, documents storage and
sharing, email functions with connection on MS Outlook or MS exchange
services, account and contacts sharing, Instant Messenger functions, etc.,
all provided by Google. Other Clouds examples include CloudX Technology
Group, Yahoo, Ebay, Facebook, Citric XennApp, AJAX, etc.

Device using CC

Chromebook is a mobile device running Google Chrome OS. The

two first devices for sale are by Samsung and Acer Inc. and are
slated for release on June 15, 2011 [14] Chromebook (CR48) is

Google prototype model. These machines bootup very quickly and

offer basic tools for internet communication. Such as 3G/4G and Wifi
connectivity, Web cam and microphone, mobile processor and
enought RAM for webbrowsing and works online only. Basic Hardrive
is optional.

Chromebook by Acer
Source: http://gearburn.com/2011/05/chromebook-awesome-if-it-wasn%E2%80%99t-from-google/

5 Pros and Cons

Neither Cloud Computing is an exception and experience both prons and
cons. Some of them are stated and described in more details in this
chapter.

5.1 Pros

Lower costs the principle of sharing resources (HW, SW,

infrastructure...) gives to customer also the benefit of sharing its
costs. Customer do not has to buy expensive hardware, such as
powerful workstations, large server solution and software
applications. Customer needs only internet connection and basic PC
with not high requirements. Simple laptop, netbook or mobile phone
is enought. Customer also pays only for what the real usege. These
could be services, hardware resources or infrastructure or its
combination.

Less IT employees - there is also no neccesary by customer to

employ IT department in such wide range. There is only need to
provide secure connection and PC with webrowser. For all other, the
technical support such as back-ups, recovery, virus protection,
updates, software and hardware stability and functionality, helpdesk
and support is maintained by the provider of a service.

No special knowledge - client (customer) also does not need to

have a high knowledge about hardware and complex software
applications at all. Client just uses a service throught webrowser.
Harware resources can be shared between all clients and managed
by usage or their requirements.

Easy to upgrade - massive increase of performance (such as speed

or storage size) is provided immidiately after simple order and
applied by a few clicks. Data centre can provide higher
performance than common desktop PC or, on the other hand, can be
very efficient and deliver just what customer needs at the moment
(low performance) and thus again it saves resources and money.
This approach saves also time, costs for new hardware, transport, is
power (energy) efficient and as a result saves the environment,
which is very discussed issue these days.

Instant access anywhere - one of the most important benefit is

availability of a service anywhere. What is needed for accessing the
service is computer connected to the internet. There is no
dependence on platform (PC, MAC, mobile phone, car etc.).

Security - is a very discussed issue in the Cloud Computing service

providing and could be put in both pros and cons as you see in a
while. Service is protected by usage an authorization. Users identify
themselves by using an ID (Username) and Password (or also more
sophisticated method such as chip, fingerprint, face detection etc.
can be used). Communication between client and provider servers is
secured. Data centre is protected by firewalls and kept in secured
buildings. There generally there is a very low risk of danger caused
by attack of third parties. BUT on the other hand, a problem could be
that client (customer) keeps all the data out of his computer just at
the providers servers. It means the client entrusts the data to the
provider (provider company) and has in fact no physical control over
them.

Requirements - technology, which customer needs are very simple.

Importatnt is only terminal as a laptop, desktop, mobile phone,

netbook etc. with webbrowser, internet connection and usually also

created account on a service at providers place.

5.2 Cons

Legal differences as already aforementioned, we can describe

one particular example. US companies are obliged to follow the
PATRIOT Act (2001) which states that companies can be watched
and have to provide information and data about clients, if they are
asked for in the correspondence of antiterrorist policy.

Dependence on provider if company starts using the Cloud

Computing service and replaces its previous information system or
changes IT structure, it becomes dependant on its service provider.
Risks connected with such a dependency may include sudden
change of prices or conditions of a contract. Provider could be hit by
bankruptcy and end its business activities. Functions and
applications might be changed without will of a customer and if a
provider suffers from technical problems, all the customers are out
of service which means without their data.

Reputation Cloud Computing is very new type of service. Not

many companies has an experience with such a kind of services and
application outsourcing. Many users are still worried about data
security tranmitted over the internet.

Migration costs in some cases there can be higher startup costs.

Company may have to invest into users training, any amendments
which allows the communication of service provider and current
company software and in some cases, switching to Cloud Computing
could lead to a change of business processes.

Less functions solutions, which are targeted to the wide range of

companies that cant provide specific functions and therefore are not
flexible.

Dependence on internet connection all the Cloud Computing

applications can be used online only thus any connection failure
could be fatal.

6 Operation

After reading through this chapter you will understand the terms such as
administration, support or monitoring.

6.1 Service management

Service strategy relates very closely to the Strategic Impact.

Service providers only have limited resources and usually have more
requests for services and functionality than can provide within their
budget. In order to maximize their impact they must therefore
prioritize these services. So IT organization must determine the
value of potential internal and external services.

Service design covers all elements relevant to the service delivery

including
service
catalogue
management,
service
level
management, capacity management, availability management, IT
service continuity management, information security management
and supplier management. A key aspect of this design is the
definition of service levels in terms of key performance indicators
(KPIs). The key challenge is not to derive a number of KPIs, but to
select a few that are critical to the overall strategy.

Example of KPIs

Source: http://mkhairul.sembangprogramming.com/2008/04/24/key-performance-indicators-kpi-for-softwaredevelopment/

Service transition represents the intersection between project and

service management. In a cloud-based solution this is not only
covers the initial implementation of cloud services but also any
updates to them, launches of new services or retirement and
migration of existing services.

Service operation is the core of the ITIL model. Its focus is on the
day-to-day operations that are required in order to deliver service to
its users at the agreed levels of availability, reliability and
performance. It includes concepts such as event management,
incident management, problem management, access management,
request fulfillment and service desk.

6.2 Administration
Since Cloud Computing is primarily web-based, the logical interface for
administering is a portal. It can offer facilities such as billing, analytic,
account
management,
service
management,
package
install,
configuration, instance flexing and tracing problems and incidents.
The area between service request and more extensive change
management is not always obvious and depends to a large extent on the
organization involved. However, in all companies there are likely to be
services that are too critical for automated change requests.
One major recurring change is the need to perform upgrades to increase
functionality, solve problems and sometimes improve performance. New
version can disrupt services because they may drop functions, implement
them differently or contain undiscovered bugs. It is therefore important to
understand whether they will have any impact on business processes
before rolling them out live. One approach is to stage all services locally
and test them with on-premise equipment before overwriting the
production services.
Long-term capacity management is less critical for on-demand services.
Elasticity of resources means that enterprises can scale up and down as
demand dictates without need for extensive planning. Its also a good idea
to verify that your services provider will actually be in a position to deliver
all the resource requirements that you anticipate. Several aspects of
capacity planning have to be evaluated in parallel.

Managing identities and access control for enterprise applications remains

one of the greatest challenges facing IT today. While an enterprise may be
able to leverage several Cloud Computing services without a good identity
and access management strategy, in the long run extending an
organizations identity services into the cloud is a necessary precursor
towards strategic use of on-demand computing services. Supporting
todays aggressive adoption of an admittedly immature cloud ecosystem
requires an honest assessment of an organizations readiness to conduct
cloud-based Identity and Access Management (IAM), as well as
understanding the capabilities of that organizations Cloud Computing
providers.

Identity and Access Management Model

Source: http://radio-weblogs.com/0100367/stories/2002/05/11/enterpriseIdentityAndAccessManagement.html

We will discuss the following major IAM functions that are essential for
successful and effective management of identities in the cloud:

Identity provisioning/deprovisioning

Authentication

Federation

Authorization & user profile management [15]

6.3 Monitoring
Part of the incentive of moving to a public cloud is to reduce the amount of
internal operational activity. Much of the internal infrastructure is local
such as the printers, scanners and local equipment. End user desktops and
mobile device s are also closer to on-site operations personnel. One area
that is of particular concern to business continuity is backup. Backups are
required for a variety of reasons including:

End user access to data that has been removed

End user access to historical data

Audits, troubleshooting, IP retention

Legal requirements for eDiscovery

Problem management refers to tracking and resolving unknown causes of

incidents. It is closely related to Incident management but focuses on
solving root causes for a set of incidents rather than applying what may be
a temporary fix to an incident.

6.4 Support
There is some diversity in the user roles that may require assistance in a
cloud solution. There are two types: end user and IT support. End-user
support should progress in tiers that successively address more difficult
and less common problems. It begins with simple documentation and online help to orient the user and clarify any obvious points of confusion. A
self-service portal can then help to trigger automatic process to fulfill
common requests.
In addition to end users there is also a requirement for IT and business
users to receive assistance from the service providers. There must be
mechanism in place for obtaining and sharing documentation and training
on all cloud services and technologies. Vendor architecture diagrams and
specifications for all technical interfaces can help IT staff.

6.5 Control

Most of the legal provisions that relate to cloud computing fall into one of
three categories:

Data privacy

Electronic discovery

Notification

There are also threats connected such as data leakage, data loss, noncompliance, loss of service and impairment of service

7 Conclusion
From the text and infromation aforementioned, you should have a basis
information about what is Cloud Computing and its history, features or
architecture. To summarize it, Cloud Computing is very new and modern
technology based on sharing resources (especially software, hardware and
infrastructure). It helps companies but also individuals in saving costs for
IT resources. All data are stored outofcompany at a providers place which
brings both advantages and disadbvnatges especially problematic issue
about security and data privacy. Most common Cloud service you as a user
may come across with are Google Apps.

Sources
[1] RHOTON, J, Cloud Computing Explained. 2.edition, Kent: Recursive Limited,
2011. 508 p. ISBN
9780956355607
[2] GARTNER NEWSROOM. Gartner Highlights Five Attributes of Cloud Computing.
[online]. 2009. [cit.
20110508]. Accessible at: <http://www.gartner.com/it/page.jsp?id=1035013>
[3] BUSINESSVIZE. Co je to Cloud computing a pro se o nm mluv . [online].
2010. [cit. 20110509].
Accessible at: <http://www.businessvize.cz/software/cojetocloudcomputinga
procseonemmluvi>
[4] COMPUTERWEEKLY.COM. A history of cloud computing. [online]. 2009. [cit.
20110508].
Accessible at: http://www.computerweekly.com/Articles/2009/06/10/235429/A
historyofcloudcomputing.
htm>
[5] MODCOMP. Virtualization & Cloud Computing. [online]. 2011. [cit. 201105
09]. Accessible at:
<http://www.modcomp.com/itsolutionsvirtualizationcloudcomputing>
[6]HOW STUFF WORKS. How Cloud Computing Works. [online]. 2011. [cit. 2011
0510]. Accessible at:

<http://computer.howstuffworks.com/cloudcomputing1.htm>
[7] SLIDE SHARE. Cloud computing. [online]. 2011. [cit. 20110509]. Accessible
at:
<http://en.wikipedia.org/wiki/Cloud_computing#cite_note54>
[8] SEARCH CLOUD COMPUTING.COM. Infrastructure as a Service (IaaS). [online].
2009. [cit. 201105
10]. Accessible at:
<http://searchcloudcomputing.techtarget.com/definition/Infrastructureasa
ServiceIaaS>
[9] SEARCH CLOUD COMPUTING.COM. Software as a Service (SaaS). [online].
2006. [cit. 20110510].
Accessible at: <http://searchcloudcomputing.techtarget.com/definition/Software
asaService>
[10] SEARCH CLOUD COMPUTING.COM. Platform as a Service (PaaS). [online].
2008. [cit. 201105
10]. Accessible at:
<http://searchcloudcomputing.techtarget.com/definition/PlatformasaService
PaaS>
[11] WISEGEEK. What is Cryptography. [online]. 2011. [cit. 20110508].
Accessible at:
<http://www.wisegeek.com/whatiscryptography.htm>
[12] WIKIPEDIA. Cloud Computing Manifesto. [online]. 2010. [cit. 20110509].
Accesiible at:
<http://en.wikipedia.org/wikiCloud_Computing_Manifesto>
[13] WIKIPEDIA. Cloud Computing. [online]. 2010. [cit. 20110509]. Accesiible at:
<http://en.wikipedia.org/wiki/Cloud_computing>
[14] WIKIPEDIA. Chromebook. [online]. 2010. [cit. 20110509]. Accesiible at:
<http://en.wikipedia.org/wiki/Chromebook>
[15] Cloud Security Alliance. Security Guyance for Critical Area sof Focus in
CLoud Computing V2.1
[online]. 2009. [cit. 20110509]. Accessible at:
<http://www.cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf>

Picture in Main heading source: http://cpurepairdude.com/cloud-computingoverview