Cloud Notes
Cloud Notes
Cloud Notes
Types of virtualization
1. Hardware
a. Full Virtualization
: Allows the running of the unmodified OS
: Binary Translations
: The hypervisor completely simulates the underlying hardware.
: Example VMware’s ESXi server
b. Para-virtualization
: it provides hypercalls/kernal system calls
:Hypercalls are similar to kernel system calls. They allow the guest
OS to communicate with the hypervisor.Less portable.
:example the open-source Xen project uses the paravirtualization
technique.
c. Hardware Assisted Virtualization / native /bare metal
:hardware provides cpu instructions to aid virtualization
: runs directly on underlying host os
:hypervisor can run unmodified OS, less complex more portable.
:Intel’s Intel-VT and AMD’s AMD-V processors
2. Application Virtualization
3. Data Virtualization
Logical data layer, big data
4. Desktop virtualization
Virtual desktop workloads run on desktop virtualization servers which
typically execute on virtual machines (VMs) either at on-premises data
centers or in the public cloud. Ex. AnyDesk
5. Network virtualization
Ex VLAN
6. Server V.
7. Storage V.
Ex dynamically expanding virtual hard disk
Collision Domain
: The part of a network where packet collisions can occur.
Broadcast Domain
: Broadcast is forwarded. A broadcast domain contains all devices that can
reach each other at the data link layer (OSI layer 2) by using broadcast. All
ports on a hub or a switch are by default in the same broadcast domain.
VLAN
VLAN allows different computers and devices to be connected virtually to
each other as if they were in a LAN sharing a single broadcast domain. In
a way, a VLAN acts mini separate networks within a LAN.
NAS: Single storage device that connects to a local area network (LAN)
Distributed Systems/Middlewares
A collection of computers that do not share common memory or a common
physical clock, that communicate by message passing over a communication
network.
The processors are “loosely coupled”. They are not part of dedicated systems,
but cooperate with one another by offering services or solving a problem jointly.
Each computer has a memory processing unit and the computers are connected
by a communication network.
It is assumed that the middleware layer does not contain the traditional
application layer functions of the network protocol stack such as HTTP, MAIL,
FTP and TELNET
a. Client -Server
b. Peer to Peer Model
Problem:
Overloading may occur in the network if all the nodes try to send data at once.
Parallel Computing
TYPES OF PARALLELISM
Grid Computing
: build standard web based protocols that allow distributed resources to be
“discovered, accessed, allocated, monitored, accounted for, and billed for and in
general managed as a single virtual system.
a. IAAS
: Delivery of computer hardware as a service.
: Server, storage, data centre space, OS, tech
: Infrastructure can be automatically scaled up or down based on the
requirements of the application.
: challenge faced: managing physical and virtual resources- servers,
network, storage , here comes CLOUD INFRASTRUCTURE
MANAGEMENT
: App, data, runtime, middleware, OS are user managed.
b. PAAS
: More than infrastructure.
: Delivers solution stack(set of software that provides everything a dev may
need and runtime)
: Evolution of web hosting
: App and data are user managed.
: Stand alone
: associated heavily with vendor lock in
c. SAAS
: First implementation of cloud services
: At the top of stack
: App delivered as a service to service consumer.
: provides api and is customizable
: Service consumer just have to configure some params and manage
users.
: everything is provider managed.
: network dependency is issue
Features of cloud
(i) self-service
(ii) per-usage metered and billed
(iii) elastic
(iv) customizable.
Potential issues
a. Security
b. Vendor management: cloud vendors may not offer the same level of
custom SLAs(Service Level Agreement) as IT managers
c. Technical Integration: Many firms want to have a hybrid model, to keep
some infrastructure which is imp under their control. Integrating internal
and external infrastructures can be a technical concern.
d. Business View
IT and business stakeholders have to work together and state business objective
for cloud migration, define project scope and set guidelines.
Cloud Middleware
: acts as a liaison between app and network.
Middleware architecture
: most middleware follows Service Oriented Architecture design (SOA) or is
designed as a PAAS solution.
: SOA - tries to achieve loosely coupled software applications that interact among
themselves to run as a whole. Uses existing applications and system
investments.
: Middleware Examples
● Local Host
● Website
● Application Software
● Web Server
Components of middleware
a. Middleware management console:
This console provides an overview of events and activities, transactions,
configuration management, and contract rules.
Challenges
a. Scheduling
1. User level
: deals with problems raised by service providing both service
provider and consumer.
2. System level
: Resource management in datacentre
: SLA is contract between service provider and customer having terms of
agreement(including QoS)
b. Admission Control
: provide strong performance
: necessities that may be required to be added to runtime
c. Resource Provisioning
: Resource Provisioning Strategy, to meet needs of cloud applications.
Cloud Interoperability
: Two or more system exchanging info and using it.
c. Infrastructure portability
: It means virtual server or machine images should have the freedom of
portability.
UNIT-3
Cloud Architecture
Cloud Bursting
: Deployment Model
: Runs app in data centre/ private cloud and shifts to public cloud when
demands increases
3 approaches to implement it
a. Distributed Load Balancing
: load balancing + load monitoring
: when threshold is crossed a simultaneous cloud platform activates
b. Manual Bursting
: works acc to notification sent from load balancer
c. Automated Bursting
Capacity Planning
: Goal is to maintain workload without improving efficiency
AUDIT MONITOR
: periodic examination an organisation does to assess its cloud vendor’s
performance.
: CSA (Cloud security alliance) provides audit documents
Load Balancer
MCQ’s
● IT Architecture Development steps in the Planning Phase.
● Which one of the following is related to the services provided by Cloud?
Sourcing- correct
Ownership
Reliability
PaaS
● In Cloud Computing Planning, there are usually three phases that are
Strategy Phase, Planning Phase, and Deployment Phase.
● Cloud computing architecture is a combination of service-oriented
architecture and event-driven architecture.
● The architecture of the Cloud can broadly be divided into two main parts
that are Back-end and Front-end.
● Both the front and back end are connected to the others through a
network.
● 3 services to users by cloud computing
● Force.com and Windows Azure are examples of the Platform as a service
● Service-Oriented Architecture allows using the application as a service for
other applications.
● In Cloud Computing, managed IT services and grid computing are based
on the concept of Utility Computing.
● Which one of the following refers to the Distributed Computing, in which
several sets of computers distributed on multiple geographical locations
and are connected with each other to achieve a common goal?
Virtualization
SOA
Grid Computing correct
Utility Computing
● The Hypervisor runs directly on the underlying host system, and
sometimes it is also known as "Native Hypervisor" or "Bare metal
hypervisor."
● VMM == hypervisor
● 2 types of hypervisors- type 1 and type2
● Examples of type 1 hypervisor= VMware ESXi, Citrix XenServer, Microsoft
Hyper-V hypervisor
● Type 2= vmware player, parallels desktop
● In order to emulate the underlying hardware, there are three main modules
needed to coordinate, which are as follows:
Interpreter
Allocator
Dispatcher: calls allocater
● VMware vNetwork is a kind of service that manages and creates virtual
network interfaces.
● In emulation, it can be independent of the underlying system hardware
● host operating system for Windows Server: microsoft hyper v
● In Type1, the full virtualization can be possible
● PAAS: associated heavily with vendor lock in
● 4 types of PAAS
● Aws management console: CCS
● Google maps: PAAS
● The term "SIMPLE" is a type of open standard protocol.
● EC2: IAAS
● PAAS: most refined and restrictive service model
● When you add a software stack, such as an operating system and
applications to the service, the model shifts to SAAS model.
UNIT-4
Part 1
Cloud Computing technologies and applications
1. CDN (Content Delivery Network), POP(point of presence)
● geographically dispersed network of servers and data centres
● improve web performance by reducing the time needed to send
content and rich media to users
● Decreases network latency
● CDN servers- edge servers; all CDN servers are located on the
"edge network" — closer to end-users than a host server from which
an application or a website originates.
● A content delivery network (CDN) can deliver two types of content:
static content and dynamic content.
● How CDN works:
a. Caching- Making a copy of data for faster access
b. Dynamic acceleration
- Caching doesn't work well with dynamic web content
because the content can change with every user
request.
- It refers to reduction in server response time for
dynamic web content requests because of an
intermediary CDN server between the web
applications and the client.
c. Edge logic computations- CDN performs logical computations
like verifying user, optimise content etc
● Applications of CDN
a. Real time screening
b. High-speed content delivery
c. Multi-user scaling
● Ex- Amazon CloudFront (CDN service)
● Scrubbing server- It filters out malicious traffic from a network or
Internet connection. These centres specialise in monitoring and
filtering traffic for malicious activity, such as Distributed Denial of
Service (DDoS) attacks, botnet activity, malware propagation and
other cyber threats.
3. Meta CDN
GPUaaS(GPU as a service)
● Gpu are type of AI chips used in training AI models
Part 2
Cloud economics- Cloud economics is the study of cloud computing costs and
benefits and the economic principles that underpin/support them.
Part 1
Security in cloud
1. Identity management
2. Access Control
3. Authorization and authentication
Questions- use of 3rd party apps, understanding needs, where is my data and
assurance , does the cloud provider have security keys, patch management
policies
Security mechanism
1. Determine security policy-
a. usage policy for networks and server, user training about passwords,
privacy policy for data
b. Schedule for updates, audits
c. Network design should reflect this policy- protection of database,
location of DMZ(demilatrized Zones), rules of firewalls, deployment
of IDSs(intrusion detection system)
2. Implement Security Policy- installing firewalls and IDSes
3. Study- learn network, identifying server with critical data, vulnerabilities on
services , passive and active study, active is detected by IDS
4. Vulnerability scanning
5. Penetration Testing- exploit attack is done to test
6. Post attack investigation
Governance Strategies
a. Centralization: All of the security controls related to the application stack
should be administered from one place,
b. Standardization: Implementing industry standards for accessing system
like oAuth and OpenId, LDAP(lightweight directory access protocol) like
ApacheDS
c. Automation: Need comes from book Phoenix Project
Classes of threats:
a. Disclosure (telling publically)
b. Snooping (look around secretly)
c. Deception(Fraud) (abc in real but shows 12)
d. Modification, spoofing, repudiation of origin, denial of receipt
e. Disruption (break chain)
f. Modification
g. Modification, spoofing, delay, denial of service
Part 2
Cloud DB- DB that runs on cloud like amazon EC2, rackspace, gogrid
Two ways to deploy a DB-
a. run it inside secured VM
b. subscribe for DB service provider
Operation model for cloud DB:
1. Virtual machine image
2. DB as a service(RDBMS, NoSql)- Amazon RDS(most used),
Amazon DynamoDB, Amazon SimpleDB , Amazon redshift
- Architectural and common characteristics
a. Provides easy access web interface, CLI to manage DB
operations. For ex: AWS
b. More flexibility and transparency to users
c. Automatically handle high availability and scalability
issues
Types of Cloud DB
Unit 6
The Docker client and daemon communicate using a REST API, over UNIX
sockets or a network interface.
a. The Docker daemon
The Docker daemon (dockerd) listens for Docker API requests and
manages Docker objects such as images, containers, networks, and
volumes.
b. The Docker client
The Docker client (docker) is the primary way that many Docker
users interact with Docker. When you use commands such as
docker run, the client sends these commands to dockerd, which
carries them out. The docker command uses the Docker API. The
Docker client can communicate with more than one daemon.
c. Docker registries
A Docker registry stores Docker images. Docker Hub is a public
registry that anyone can use, and Docker is configured to look for
images on Docker Hub by default. When the docker pull or docker
run commands, the required images are pulled from your configured
registry.
d. Docker objects
When you use Docker, you are creating and using images,
containers, networks, volumes, plugins, and other objects. This
section is a brief overview of some of those objects.
e. Images & containers
An image is a read-only template with instructions for creating a
Docker container. Often, an image is based on another image, with
some additional customization.
f. Services
Services allow you to scale containers across multiple Docker
daemons, which all work together as a swarm with multiple
managers and workers. Each member of a swarm is a Docker
daemon, and the daemons all communicate using the Docker API.
g. Docker Engine
● Docker Engine is a client-server application with these major
components:
● A server which is a type of long-running process called a daemon
process (the dockerd command).
● The Docker Engine
● Docker Engine allows you to develop, assemble, ship, and run
applications using the following components:
a. Docker Daemon: A persistent background process that
manages Docker images, containers, networks, and storage
volumes. The Docker daemon constantly listens for Docker
API requests and processes them.
b. Docker Engine REST API: An API used by applications to
interact with the Docker daemon; it can be accessed by an
HTTP client.
c. Docker CLI: A command line interface client for interacting
with the Docker daemon. It greatly simplifies how you manage
container instances and is one of the key reasons why
developers love using Docker.
h. A REST API which specifies interfaces that the process can use to talk to
the daemon and instruct it what to do.
i. A command line interface (CLI) client (the docker command).
Kubernetes
- Kubernetes (K8s) is an open-source system for automating deployment,
scaling, and management of containerized applications
Pods- A Kubernetes pod is a group of containers, and is the smallest unit that
Kubernetes administers.
Pods have a single IP address that is applied to every container within the pod.
Containers in a pod share the same resources such as memory and storage.