Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Cloud Notes

Download as pdf or txt
Download as pdf or txt
You are on page 1of 34

UNIT-1

The x86 architecture is a widely used instruction set architecture, and


virtualization allows for the creation of virtual machines (VMs) that can run
different OS environments independently of each other.
Four different protection levels or privilege levels, known as rings, were
introduced, which grant the code segments running on them different rights. In
protected mode, the operating system kernel runs in a more privileged mode,
called Ring 0 , and applications in a less privileged mode, in usually either ring 1
or ring 3.

hypervisor/host os: ring 0


GuestOS: ring 3

Types of virtualization

1. Hardware

a. Full Virtualization
: Allows the running of the unmodified OS
: Binary Translations
: The hypervisor completely simulates the underlying hardware.
: Example VMware’s ESXi server
b. Para-virtualization
: it provides hypercalls/kernal system calls
:Hypercalls are similar to kernel system calls. They allow the guest
OS to communicate with the hypervisor.Less portable.
:example the open-source Xen project uses the paravirtualization
technique.
c. Hardware Assisted Virtualization / native /bare metal
:hardware provides cpu instructions to aid virtualization
: runs directly on underlying host os
:hypervisor can run unmodified OS, less complex more portable.
:Intel’s Intel-VT and AMD’s AMD-V processors
2. Application Virtualization
3. Data Virtualization
Logical data layer, big data

4. Desktop virtualization
Virtual desktop workloads run on desktop virtualization servers which
typically execute on virtual machines (VMs) either at on-premises data
centers or in the public cloud. Ex. AnyDesk

5. Network virtualization
Ex VLAN

6. Server V.
7. Storage V.
Ex dynamically expanding virtual hard disk

Collision Domain
: The part of a network where packet collisions can occur.

Broadcast Domain
: Broadcast is forwarded. A broadcast domain contains all devices that can
reach each other at the data link layer (OSI layer 2) by using broadcast. All
ports on a hub or a switch are by default in the same broadcast domain.

As the number of devices in the Broadcast Domain increases, number of


Broadcasts also increases and the quality of the network will come down.

VLAN
VLAN allows different computers and devices to be connected virtually to
each other as if they were in a LAN sharing a single broadcast domain. In
a way, a VLAN acts mini separate networks within a LAN.

a. PORT based VLAN


: ports of switch are assigned to VLAN’s without any criteria.
:The challenge of this type of network is to know which ports are
appropriate to each VLAN
b. Protocal based VLAN
Filter acc to tags
Layer 3

c. MAC based VLAN

SAN: Storage area Network


: Provides speed of direct attached storage with the sharing, flexibility and
reliability of Network Attached Storage.
:SAN is best for block-level data sharing of mission- critical files or
applications at data centers or large-scale enterprise organizations.(big
companies)
:local network composed of multiple devices

NAS: Single storage device that connects to a local area network (LAN)

VSAN: Virtual Storage Area Network


: Virtualized pool for multiple VM’s
: Data is passed between severs over network with protocols. Like
iSCSI(Internet Small Computer System Interface SAN) or fibre channel.

Distributed Systems/Middlewares
A collection of computers that do not share common memory or a common
physical clock, that communicate by message passing over a communication
network.

The processors are “loosely coupled”. They are not part of dedicated systems,
but cooperate with one another by offering services or solving a problem jointly.

Each computer has a memory processing unit and the computers are connected
by a communication network.

It is assumed that the middleware layer does not contain the traditional
application layer functions of the network protocol stack such as HTTP, MAIL,
FTP and TELNET

a. Client -Server
b. Peer to Peer Model

Memory in a Parallel system can either be shared or distributed.

Problem:
Overloading may occur in the network if all the nodes try to send data at once.

The Models of Distributed System are:


● Virtualization: Sharing single physical instance of an application or
resource among multiple organization or tenants

● Service-oriented Architecture (SOA):It helps to use the application as a


service for other applications

● Grid Computing:group of computers from multiple locations are connected


with each other to achieve a common objective. These computer resources
are heterogeneous and graphically distributed.

● Utility Computing:It is based on a pay-per-use model.


It offers computational resources on-demand as a metered service.

Parallel Computing

It is the use of multiple processing elements simultaneously for solving any


problem.

TYPES OF PARALLELISM

a. Bit Level Parallelism


b. Instruction Level P.
c. Task P.
d. Data Level P.
Parallel Architecture Types
a. Multi processors
b. Multi computers

Models based on Shared Memory Multi Computers:


a. Uniform Memory Access (UMA)
: Share physical memory uniformly, equal access time, each processor
may have a private cache memory.

b. Non-Uniform Memory Access (NUMA)


:access time varies based on location of word
:local memories, global word space is collection of local memories which
can be accessed by all the processors.
UNIT-2

Roots of cloud computing relies on advancements of

a. Hardware: virtualization, multi-core chips


b. Internet Technologies:
: Web services, service-oriented architectures
: Programmable web is a public repo of service API’s and Mashups.

c. System management: Utility and grid computing


d. Distributed Computing: autonomic computing, data centre automation

Cloud Computing denotes a model

: It denotes a model on which a computing infrastructure is viewed as a “cloud,”


from which businesses and individuals access applications from anywhere
: Offers computing, storage and software as a service

Service Oriented Architecture


: address requirements of loosely coupled, standards-based, and
protocol-independent distributed computing users.
: software resources are packaged as services
: these services are well defined modules
: provides standard business functionality
: independent of state or context of other services
: published interface

Grid Computing
: build standard web based protocols that allow distributed resources to be
“discovered, accessed, allocated, monitored, accounted for, and billed for and in
general managed as a single virtual system.

Cloud is a parallel and distributed computing system.


Types of cloud

These abstraction levels can also be viewed as a layered architecture where


services of a higher layer can be composed from services of the underlying layer.

a. IAAS
: Delivery of computer hardware as a service.
: Server, storage, data centre space, OS, tech
: Infrastructure can be automatically scaled up or down based on the
requirements of the application.
: challenge faced: managing physical and virtual resources- servers,
network, storage , here comes CLOUD INFRASTRUCTURE
MANAGEMENT
: App, data, runtime, middleware, OS are user managed.

b. PAAS
: More than infrastructure.
: Delivers solution stack(set of software that provides everything a dev may
need and runtime)
: Evolution of web hosting
: App and data are user managed.
: Stand alone
: associated heavily with vendor lock in

c. SAAS
: First implementation of cloud services
: At the top of stack
: App delivered as a service to service consumer.
: provides api and is customizable
: Service consumer just have to configure some params and manage
users.
: everything is provider managed.
: network dependency is issue

Features of cloud
(i) self-service
(ii) per-usage metered and billed
(iii) elastic
(iv) customizable.

Features of Infrastructure model


a. Virtualization support : many consumers, diff requirements to be served at
single hardware infrastructure.
b. Self service, on demand resource provision(attractivr feature)
c. Multiple Backend Hypervisors
d. Storage Virtualization: abstracting logical storage from physical storage
e. Dynamic Resource Allocation
f. High Availability and Data Recovery
g. Broad network access
h. Rapid elasticity: scale out and in resources acc to requirement of user
i. Resource Pooling
j. Measured Service: tracking resource utilization
Migrating into cloud

Potential issues
a. Security
b. Vendor management: cloud vendors may not offer the same level of
custom SLAs(Service Level Agreement) as IT managers
c. Technical Integration: Many firms want to have a hybrid model, to keep
some infrastructure which is imp under their control. Integrating internal
and external infrastructures can be a technical concern.
d. Business View

IT and business stakeholders have to work together and state business objective
for cloud migration, define project scope and set guidelines.

7 step migration model

1. CLOUD MIGRATION ASSESSMENT


: Understand issues involved in migration at application level/ code/
design/ architecture/ usage levels.
: Cost of migration as well as ROI in production version.
2. ISOLATE DEPENDENCIES
: isolating system and environment dependencies of enterprise app
components within a data centre.
3. MAP MESSAGING AND ENVIRONMENT
: decides what should remain at local captive data centre and what goes
onto the cloud.
4. RE ARCHITECT AND IMPLEMENT LOST FUNCTIONALITIES
: some part of app may need re design or reimplement.
5. LEVERAGE CLOUD FUNCTIONS AND FEATURES
: intrinsic features of cloud computing service to augment enterprise level
app.
6. VALIDATE AND TEST
7. ITERATE AND OPTIMISE

Cloud Middleware
: acts as a liaison between app and network.

Middleware architecture
: most middleware follows Service Oriented Architecture design (SOA) or is
designed as a PAAS solution.

: SOA - tries to achieve loosely coupled software applications that interact among
themselves to run as a whole. Uses existing applications and system
investments.

: Each type of middleware needs a specific component.

: Loosely Coupled System:


● Inside a Single Business Unit
● Local Area Network
● Geographically decoupled business Units
● Cloud Middleware

: Middleware Examples
● Local Host
● Website
● Application Software
● Web Server

Components of middleware
a. Middleware management console:
This console provides an overview of events and activities, transactions,
configuration management, and contract rules.

b. Platform interface : needs to work across multiple platforms, in direct


contact with backend servers

c. Common messaging framework Middleware:


Requires messaging services to communicate with services, applications,
and platforms. Most of these frameworks rely on existing standards such
as simple object access protocol (SOAP), representational state transfer
(REST), or Javascript object notation (JSON).

Need of cloud middleware


a. Configure and control connections and integrations
: middleware can customise the response from the backend app/service.
b. Secure connections and data transfer
: establishes connection b/w frontend and backend using Transport layer
security(TSL).
c. Manage traffic dynamically across distributed systems

QoS: ability of network to attain max bandwidth


QoS(quality of service) issues in cloud
: also handling latency, error rate, uptime etc
: assign priorities
: Scheduling, admission control and dynamic resource provisioning are
techniques to achieve this goal.

Challenges
a. Scheduling
1. User level
: deals with problems raised by service providing both service
provider and consumer.
2. System level
: Resource management in datacentre
: SLA is contract between service provider and customer having terms of
agreement(including QoS)

b. Admission Control
: provide strong performance
: necessities that may be required to be added to runtime

c. Resource Provisioning
: Resource Provisioning Strategy, to meet needs of cloud applications.

Cloud Interoperability
: Two or more system exchanging info and using it.

Categories while migration


Interoperability falls within these categories
a. Data and app portability
: By running app consumer is migrating from one cloud to another
b. Platform portability
: app development environment/ IDE should be capable of running on any
environment

c. Infrastructure portability
: It means virtual server or machine images should have the freedom of
portability.

Stemming involves identifying and mitigating potential security risks by


preventing unauthorised access and ensuring the confidentiality, integrity, and
availability of data stored on AWS.

UNIT-3

Vendors: sells SAAS/Storage

Composability: deals with inter relation of components

Communication protocol: SOAP(Simple Object Access Protocol ), WSDL(Web


Services Description Language )

Cloud Architecture

1. Workload Distribution Architecture


: can be horizontally scaled
: well grounded through use of load balancer that provides runtime logic
,distributes load evenly
: Commonly used with distributed virtual server, cloud storage services and
cloud services
: Cloud Usage monitor
: Audit Monitor: to fulfil legal requirements
: hypervisor
: logical network perimeter: network boundaries
: resource clusters
: resource replication

Vertical Scaling: Increase size of instance


Horizontal Scaling: Add more instances

Cloud Bursting
: Deployment Model
: Runs app in data centre/ private cloud and shifts to public cloud when
demands increases
3 approaches to implement it
a. Distributed Load Balancing
: load balancing + load monitoring
: when threshold is crossed a simultaneous cloud platform activates

b. Manual Bursting
: works acc to notification sent from load balancer

c. Automated Bursting

Cloud Bursting is good for apps which


● Read data from storage
● Big data ,AI ML models
● Marketing campaign
● Software dev

Capacity Planning
: Goal is to maintain workload without improving efficiency

2. Cloud Bursting architecture


: based on automated scaling listener resource replication mechanism.

3. Elastic Disk Provisioning Architecture


: dynamic storage provision
: tracks actual data usage for billing purposes
: hard disk is chosen as dynamic or thin-provisioned disks.
: hypervisor calls dynamic disk allocation component to create thin disks for
virtual server.
: cloud usage monitor, resource replication can be added in it.

4. Resource Pooling Architecture


: based one use of one or more resource pools.
: Physical/ virtual server pools
: network pools, cpu pools, pools of physical RAMs

5. Dynamic Failure Detection and Recovery Architecture


: establishes a resilient watchdog system to monitor and respond to a wide range
of pre-defined failure scenarios

AUDIT MONITOR
: periodic examination an organisation does to assess its cloud vendor’s
performance.
: CSA (Cloud security alliance) provides audit documents

Service Level Agreements


: Customer based, service based or multi level

Automated Scaling Listener


: monitors and tracks communications between cloud consumers and cloud
services for dynamic scaling purposes.
: Workloads can be determined by the volume of cloud consumer-generated
requests or via back-end processing demands triggered by certain types of
requests.

Load Balancer

: based on horizontal scaling to based on workload


: Asymmetric Distribution
: Workload Prioritization
: Content-Aware Distribution

TYPE 1 vs TYPE 2 hypervisors


1. Type 1 Hypervisor (Bare Metal Hypervisor):
- Direct Interaction with Hardware: A Type 1 hypervisor interacts directly with
the underlying machine hardware. It is installed directly on the host machine's
physical hardware, bypassing the need for an operating system in between.
- Resource Allocation: It negotiates directly with server hardware to allocate
dedicated resources to virtual machines (VMs). These resources can be flexibly
shared based on various VM requests.
- Use Cases: Type 1 hypervisors are commonly used in data centers,
enterprise computing workloads, and web servers. They offer high performance
and are well-suited for fixed-use applications.
- Also Known As: Bare metal hypervisor.
- Example: VMware vSphere/ESXi, Microsoft Hyper-V, Xen.

2. Type 2 Hypervisor (Hosted Hypervisor):


- Installed on Host OS: A Type 2 hypervisor is installed on top of an existing
host operating system. It runs as an application within the host OS.
- Multiple VMs on One Host: It allows running more than one virtual machine on
a single host machine, and each VM can have its separate operating system.
- Resource Management: Type 2 hypervisors manage virtualization through the
host OS, which provides services like memory management, I/O, and device
drivers.
- Use Cases: Type 2 hypervisors are commonly used for testing purposes,
development environments, and providing additional functionality to servers.
- Also Known As: Hosted or embedded hypervisor.
- Example: Oracle VirtualBox, VMware Workstation, Parallels Desktop (for
Mac).

MCQ’s
● IT Architecture Development steps in the Planning Phase.
● Which one of the following is related to the services provided by Cloud?

Sourcing- correct
Ownership
Reliability
PaaS
● In Cloud Computing Planning, there are usually three phases that are
Strategy Phase, Planning Phase, and Deployment Phase.
● Cloud computing architecture is a combination of service-oriented
architecture and event-driven architecture.
● The architecture of the Cloud can broadly be divided into two main parts
that are Back-end and Front-end.
● Both the front and back end are connected to the others through a
network.
● 3 services to users by cloud computing
● Force.com and Windows Azure are examples of the Platform as a service
● Service-Oriented Architecture allows using the application as a service for
other applications.
● In Cloud Computing, managed IT services and grid computing are based
on the concept of Utility Computing.
● Which one of the following refers to the Distributed Computing, in which
several sets of computers distributed on multiple geographical locations
and are connected with each other to achieve a common goal?

Virtualization
SOA
Grid Computing correct
Utility Computing
● The Hypervisor runs directly on the underlying host system, and
sometimes it is also known as "Native Hypervisor" or "Bare metal
hypervisor."
● VMM == hypervisor
● 2 types of hypervisors- type 1 and type2
● Examples of type 1 hypervisor= VMware ESXi, Citrix XenServer, Microsoft
Hyper-V hypervisor
● Type 2= vmware player, parallels desktop
● In order to emulate the underlying hardware, there are three main modules
needed to coordinate, which are as follows:
Interpreter
Allocator
Dispatcher: calls allocater
● VMware vNetwork is a kind of service that manages and creates virtual
network interfaces.
● In emulation, it can be independent of the underlying system hardware
● host operating system for Windows Server: microsoft hyper v
● In Type1, the full virtualization can be possible
● PAAS: associated heavily with vendor lock in
● 4 types of PAAS
● Aws management console: CCS
● Google maps: PAAS
● The term "SIMPLE" is a type of open standard protocol.
● EC2: IAAS
● PAAS: most refined and restrictive service model
● When you add a software stack, such as an operating system and
applications to the service, the model shifts to SAAS model.

UNIT-4

Part 1
Cloud Computing technologies and applications
1. CDN (Content Delivery Network), POP(point of presence)
● geographically dispersed network of servers and data centres
● improve web performance by reducing the time needed to send
content and rich media to users
● Decreases network latency
● CDN servers- edge servers; all CDN servers are located on the
"edge network" — closer to end-users than a host server from which
an application or a website originates.
● A content delivery network (CDN) can deliver two types of content:
static content and dynamic content.
● How CDN works:
a. Caching- Making a copy of data for faster access
b. Dynamic acceleration
- Caching doesn't work well with dynamic web content
because the content can change with every user
request.
- It refers to reduction in server response time for
dynamic web content requests because of an
intermediary CDN server between the web
applications and the client.
c. Edge logic computations- CDN performs logical computations
like verifying user, optimise content etc
● Applications of CDN
a. Real time screening
b. High-speed content delivery
c. Multi-user scaling
● Ex- Amazon CloudFront (CDN service)
● Scrubbing server- It filters out malicious traffic from a network or
Internet connection. These centres specialise in monitoring and
filtering traffic for malicious activity, such as Distributed Denial of
Service (DDoS) attacks, botnet activity, malware propagation and
other cyber threats.

2. Multi CDN - combination of multiple CDNs from different providers into a


single network.

3. Meta CDN

4. Mobile Cloud Computing


● using cloud technology to deliver mobile apps
● Apps today provide authentication, location-aware functions, and
providing targeted content and communication for end users
● Ex- tracking bank acc app for acc balance, e shopping etc
● Types of Cloud resources in MCC
1. Distant Immobile Cloud Computing
2. Hybrid Cloud Computing
3. Distant Mobile Clouds
4. Proximate Immobile Computing Entities
5. Proximate Mobile Computing Entities
● Ex of MCC - Gmail, outlook, twitter

5. Inter Cloud issues


● Intercloud or ‘cloud of clouds’ is a common term used for cloud
computing.
● An intercloud architecture moves data between the infrastructure of
multiple cloud service providers (CSPs).
● Intercloud is a cloud deployment model that links multiple public
cloud services together
● Issues-
- Lack of interoperability
- inflexible pricing models
- not adequate SLAs

Cloud Computing and ML


● Training a machine learning model is difficult for most organizations, given
the time and cost. A cloud ML platform provides the computing, storage,
and services required to train machine learning models.
● Key points
a. Scalability
b. Cost-Efficiency
c. Data Storage: machine learning models often require massive
amounts of storage to store datasets, models, and other related files
d. Data Processing: GPU and TPU instances, significantly accelerating
training and inference tasks.
e. Collaboration and Accessibility:allows for seamless sharing of code,
data, and models.
f. Pre-built Services: Amazon SageMaker, Google Cloud AI Platform,
and Azure Machine Learning
g. AutoML: Cloud-based AutoML (Automated Machine Learning)
services enable users to automate the process of building and
optimizing machine learning models. These platforms automatically
handle various steps, such as data preprocessing, feature
engineering, algorithm selection, and hyperparameter tuning, making
it easier for non-experts to deploy machine learning solutions.
h. Real-Time Inference: Cloud computing enables the deployment of
machine learning models as APIs (Application Programming
Interfaces), making it suitable for fraud detection, recommendation
systems, and natural language processing applications
● The main connection between machine learning and cloud computing is
resource demand. Machine learning requires a lot of processing power,
data storage, and many servers simultaneously to work on an algorithm.
● Limitation - difficult to migrate to other platforms in the future.

AIaaS (AI as a service)


● leverage pre-built AI models, algorithms, and tools offered by the cloud
provider.
● Pre build AI models, AutoML services, real time inference, integration with
other cloud services
● Examples-
1. Amazon AI services (Amazon SageMaker, Rekognition, Polly, Lex,
etc.) on Amazon Web Services (AWS).
2. Google Cloud AI Platform (Cloud Vision API, Cloud Natural
Language API, etc.) on Google Cloud.
3. Azure Cognitive Services (Computer Vision, Speech-to-Text, Text
Analytics, etc.) on Microsoft Azure.

GPUaaS(GPU as a service)
● Gpu are type of AI chips used in training AI models

Part 2
Cloud economics- Cloud economics is the study of cloud computing costs and
benefits and the economic principles that underpin/support them.

Developing economic strategy


● Reducing operating costs and optimising IT environments
● Public cloud- pay per use model , avoids infrastructure cost
● These models need to be assessed on
- financial implications of on-premise infrastructure investments
- associated total cost-of-ownership commitments
Cost management framework
1. Visibility on inventory
- Organisations who are paying should be able to see resources used
and track every detail so that there should no be left resources in the
cloud going unused due to lack of awareness
2. Cost analytics
- what you have spent
- project what you will be spending
- Analyse costs and represent in graphs, tables etc, trends in data
3. Role Based Access
- an Enterprise-wide mechanism that clearly defines permissions and
accessibility within the platform
4. Controlled Stacked templates
5. Automated alerts and notifications
6. Policy based governance
7. Budgets- Define and allocate budgets for Departments, cost centres,
projects and ensure approval mechanisms to avoid cloud cost overrun by
sending out alerts when thresholds are breached

Exploring the costs


1. Upfront costs
- Initial investment
- Cost in obtaining IT resources, deploy and administer them
- Cost for purchase and deployment of on-premise IT resources is
high, ex hardware, software, and the labour required for deployment
- Cost for leasing of cloud-based IT resources tends to be low,ex
labor costs required to assess and set up a cloud environment
2. Ongoing costs
- To run and maintain IT resources
- On premises IT resources: licensing fees, electricity, insurance, and
labor.
- Cloud based IT resources: virtual hardware leasing fees, bandwidth
usage fees, licensing fees, and labor.

Law’s of cloud economics


1. Utility services cost less even though they cost more
- customers save money by replacing fixed infrastructure with Clouds
when workloads are spiky
- customers save money by replacing fixed infrastructure with Clouds
when workloads are spiky
2. On-demand trumps forecasting
- Don't buy infrastructure before you start
- Forecasting is often wrong, the ability to up and down scale to meet
unpredictable demand spikes allows for revenue and cost
optimalities.
3. The peak of the sum is never greater than the sum of the peaks.
- Enterprises deploy capacity to handle their peak demands. Under
this strategy, the total capacity deployed is the sum of these
individual peaks.
- However, since clouds can reallocate resources across many
enterprises with different peak periods, a cloud needs to deploy less
capacity.
4. Aggregate demand is smoother than individual
5. Average unit costs are reduced by distributing fixed cost over more units of
output.
6. Superiority in numbers is the most important factor in the result of a
combat
- Eg:
a) if cloud-A shows 1000 available servers with 1gbps speed
b) if cloud-B shows only 10 servers with 10kbps of speed
than we will go for(a) only
7. Space-time is a continuum
8. Dispersion is the inverse square of latency.
- If a company has all Datacenters at one region then that region has
good connectivity and very low latency, but other region will get no
service or very high latency.
High Wide than less latency
Lesser wide than HIgh latency
9. Don’t put all your eggs in one basket.
- Don’t put all datacenters in one region
10. An object at rest tends to stay at rest
- Datacenters can not be moved from the existing location

Cloud Cost estimator


- Helps to determine the cost if we purchase
Unit 5

Part 1
Security in cloud
1. Identity management
2. Access Control
3. Authorization and authentication

Questions- use of 3rd party apps, understanding needs, where is my data and
assurance , does the cloud provider have security keys, patch management
policies

Types of risks in cloud computing


1. Misuse
- anonymous access to cloud services to launch diverse attacks.
- Examples of such attacks include: password and key breaking,
DDOS, malicious data hosting, commencing dynamic strike points,
botnet command/control and CAPTCHA-solving farms.
- Targets are IaaS, PaaS.
2. Insecure interfaces and APIs
3. Corrupt insiders
- Vicious insiders can gain unauthorised access into organisations
and their assets
- Some risks are impairment, economic influence and decrease of
productivity. Targets are IaaS, PaaS, SaaS.
4. Issues-related technology sharing
- Targets are IaaS
- IaaS is not conceived to accommodate a multi tenant architecture
5. Data Leakage
6. Hijacking- phishing, deception using pilfered credentials , attack on CIA,
ex- false data, transaction data
7. Unknown risk profile

Security mechanism
1. Determine security policy-
a. usage policy for networks and server, user training about passwords,
privacy policy for data
b. Schedule for updates, audits
c. Network design should reflect this policy- protection of database,
location of DMZ(demilatrized Zones), rules of firewalls, deployment
of IDSs(intrusion detection system)
2. Implement Security Policy- installing firewalls and IDSes
3. Study- learn network, identifying server with critical data, vulnerabilities on
services , passive and active study, active is detected by IDS
4. Vulnerability scanning
5. Penetration Testing- exploit attack is done to test
6. Post attack investigation

Vulnerabilities- flaws in system that weakens overall security


Key securities Challenges:
a. Investigation
b. Data segregation
c. Long term availability
d. Compromised servers
e. Regulatory Compliance
f. Recovery

Governance Strategies
a. Centralization: All of the security controls related to the application stack
should be administered from one place,
b. Standardization: Implementing industry standards for accessing system
like oAuth and OpenId, LDAP(lightweight directory access protocol) like
ApacheDS
c. Automation: Need comes from book Phoenix Project

Classes of threats:
a. Disclosure (telling publically)
b. Snooping (look around secretly)
c. Deception(Fraud) (abc in real but shows 12)
d. Modification, spoofing, repudiation of origin, denial of receipt
e. Disruption (break chain)
f. Modification
g. Modification, spoofing, delay, denial of service

Security issues in Cloud computing:


a. Unique
- Co-tenancy: shared responsibilities
- Lack of control on outsourced data and application
b. General
- Inadequate policies and practices
- Insufficient security controls

Developing a secure, accountable,reliable cloud environment, imo areas include


• Policy enforcement
• Encryption
• Key management
• Web security
• API management
• Patch management
• Logging
• Monitoring
• Auditing

Part 2
Cloud DB- DB that runs on cloud like amazon EC2, rackspace, gogrid
Two ways to deploy a DB-
a. run it inside secured VM
b. subscribe for DB service provider
Operation model for cloud DB:
1. Virtual machine image
2. DB as a service(RDBMS, NoSql)- Amazon RDS(most used),
Amazon DynamoDB, Amazon SimpleDB , Amazon redshift
- Architectural and common characteristics
a. Provides easy access web interface, CLI to manage DB
operations. For ex: AWS
b. More flexibility and transparency to users
c. Automatically handle high availability and scalability
issues
Types of Cloud DB

1. Cloud Relation Databases


Many providers provides RDS(relational database service) now a days
a. Amazon RDS- supports oracle, SQL server, MySql, postgreSql,
offers two types of RDS instances
● On demand
● Reserved DB (one time payment)
b. Google Cloud SQL- mysql DB service, used internally by google,
servers all over world
c. Heroku Postgres: relational sql DB, advance feature of DataClips
which enables user to send result of sql query via URL
d. HP cloud for sql-automate app deployment, supports CLI,provides
data interoperability
e. Microsoft Azure sql DB
f. Oracle DB cloud service- single schema based service, oracle db vm
g. Rackspace- based on open standards, high DB performance using
container based virtualization,SAN storage
2. NoSQL DB
a. Key-value store-AWS dynamo DB(build on SSD i.e single solid
device architecture)
b. Document based store-MongoDb(written in Cpp), CouchDB(json)
c. Column based store- Apache Hbase(used in
hadoop),Casandra(DataStax, real time data)
d. Graph based store- Neo4j(graph DB)

Cloud File System


1. Distributed File System
- Provide system for all geographically distributed users as a common
file system for data sharing and storage
- Ex- Andrew file system, network file system(commonly used), coda,
microsoft DFS, Apple filing protocol, Google File system, HDFS
- NFS stores all data in one machine, single point of failure, GFS
HDFS solves it
2. GFS
- Single master(single process, runs on one machine for security,
contains metadata only) and multiple chunk(64mb) server
associated with many clients
- Metadata is stored in master memory, faster operations, 3 type of
info- namespace of file and chunk, location of chunk, mapping
from file to chunk
3. HDFS
- Handle big data
- Two modules
a. HDFS(store huge data)
b. Map reduce programing mode(process large set of data)
- Architecture
a. Name node(runs on master machine)
b. Secondary name node or backup node(runs on separate
machine)
c. Data node(runs on slave machine)
- Master slave architecture
- Client connects to metadata, receives info about data node then next
time directly connect to data node
- Features- durability, placement policy, replication
management(maintains priority queue),load balancing, data
integrity(use of checksum, when client writes to HDFS,checksum is
calculated for block and saved, in future it is checked and error is
thrown and name node is notified)
(complete mcq from unit 5 part 1 book)

Unit 6
The Docker client and daemon communicate using a REST API, over UNIX
sockets or a network interface.
a. The Docker daemon
The Docker daemon (dockerd) listens for Docker API requests and
manages Docker objects such as images, containers, networks, and
volumes.
b. The Docker client
The Docker client (docker) is the primary way that many Docker
users interact with Docker. When you use commands such as
docker run, the client sends these commands to dockerd, which
carries them out. The docker command uses the Docker API. The
Docker client can communicate with more than one daemon.
c. Docker registries
A Docker registry stores Docker images. Docker Hub is a public
registry that anyone can use, and Docker is configured to look for
images on Docker Hub by default. When the docker pull or docker
run commands, the required images are pulled from your configured
registry.
d. Docker objects
When you use Docker, you are creating and using images,
containers, networks, volumes, plugins, and other objects. This
section is a brief overview of some of those objects.
e. Images & containers
An image is a read-only template with instructions for creating a
Docker container. Often, an image is based on another image, with
some additional customization.
f. Services
Services allow you to scale containers across multiple Docker
daemons, which all work together as a swarm with multiple
managers and workers. Each member of a swarm is a Docker
daemon, and the daemons all communicate using the Docker API.
g. Docker Engine
● Docker Engine is a client-server application with these major
components:
● A server which is a type of long-running process called a daemon
process (the dockerd command).
● The Docker Engine
● Docker Engine allows you to develop, assemble, ship, and run
applications using the following components:
a. Docker Daemon: A persistent background process that
manages Docker images, containers, networks, and storage
volumes. The Docker daemon constantly listens for Docker
API requests and processes them.
b. Docker Engine REST API: An API used by applications to
interact with the Docker daemon; it can be accessed by an
HTTP client.
c. Docker CLI: A command line interface client for interacting
with the Docker daemon. It greatly simplifies how you manage
container instances and is one of the key reasons why
developers love using Docker.

h. A REST API which specifies interfaces that the process can use to talk to
the daemon and instruct it what to do.
i. A command line interface (CLI) client (the docker command).

Kubernetes
- Kubernetes (K8s) is an open-source system for automating deployment,
scaling, and management of containerized applications

Pods- A Kubernetes pod is a group of containers, and is the smallest unit that
Kubernetes administers.
Pods have a single IP address that is applied to every container within the pod.
Containers in a pod share the same resources such as memory and storage.

Components of kubernetes, edge computing,fog computing, IOT,IIOT


(refer to lab notes)

You might also like