CET4034B: Cloud Infrastructure and Security

SCHOOL OF COMPUTER ENGINEERING AND TECHNOLOGY

T. Y. B. TEC H . C S E( C Y BER SEC UR ITY A N D F O R EN S I CS )
CET4034B: Cloud Infrastructure and Security
Teaching Scheme Credits: 02 + 01 = 03
Theory: 2 Hrs. / Week Practical: 2 Hrs./Week

Course Objectives
1) Knowledge
i. To study basic cloud computing concepts and its operational environment.
2) Skills
i. To acquire skills of using various Virtualization Techniques and Platforms
ii. To understand challenges in cloud computing

3) Attitude
i. To select and use cloud computing platform

Course Outcomes
After completion of this course students will be able to
i. Setup a cloud environment
ii. Deploy web services efficiently on a cloud platform
iii. Manage cloud services efficiently and effectively
iv. Design, deploy and address the cloud security aspects

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 2

Module 1
Introduction to Cloud Computing

Disclaimer:
a. Information included in these slides came from multiple sources. We have tried our best to cite the
sources. Please refer to the references to learn about the sources, when applicable.
b. The slides should be used only for preparing notes, academic purposes (e.g. in teaching a class), and
should not be used for commercial purposes.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 3

Points to be covered
 Introduction to Cloud Computing
 Roots of Cloud Computing: From Mainframe to Cloud
 Benefits of Cloud Computing SOA
 Web Services
 Role of Networks in Cloud Computing
 Cloud types and service models
 Primary Cloud Service Models
 Cloud Services Brokerage
 Primary Cloud Deployment Models
 Cloud Computing Reference Model
 The Greenfield and Brownfield Deployment Options

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 4

What is Cluster Computing?

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 5

“Utility” Computing?

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 6

Introduction to Cloud Computing
 It is the delivery of computing services such as servers, storage,
databases, networking, software, analytics, intelligence, and
more, over the Cloud (Internet).
 Cloud Computing provides an alternative to the on-premises
datacenter.
 With an on-premises datacentre, we have to manage
everything, such as purchasing and installing hardware,
virtualization, installing the operating system, and any other
required applications, setting up the network, configuring the
firewall, and setting up storage for data. After doing all the set-
up, we become responsible for maintaining it through its entire
lifecycle.
 But if we choose Cloud Computing, a cloud vendor is
responsible for the hardware purchase and maintenance.
 They also provide a wide variety of software and platform as a
service. We can take any required services on rent. The cloud
computing services will be charged based on usage.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 7

Introduction to Cloud Computing
The cloud environment provides an easily accessible
online portal that makes handy for the user to manage the
compute, storage, network, and application resources.
Some cloud service providers are in the following figure.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 8

What is cloud computing?
 Cloud computing refers to the delivery of computing services over the internet, including
storage, processing power, and software applications.
 It allows users to access resources and services on-demand, without the need for physical
infrastructure or local servers.
 Cloud computing is a technology whose main objective is to
provide many types of computing services such as servers,
databases, storage, analytics, networking capabilities,
software etc.
 In cloud computing, cloud refers to the global network of
servers that are accessed over the internet.
 Some examples of cloud computing are Dropbox, Google
Drive, Microsoft 365, Gmail, etc.
 There are three main types of cloud which are: Private
cloud, Public cloud, Hybrid cloud
29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 9
Cloud Computing and Abstraction
 Cloud computing refers to applications and services that run on a distributed network using virtualized
resources and accessed by common Internet protocols and networking standards.

 It is distinguished by the notion that resources are virtual and limitless

 The details of the physical systems on which software runs are abstracted from the user.

Abstraction:
 Cloud computing abstracts the details of system implementation from users and
developers.
 Applications run on physical systems that aren't specified,
 Data is stored in locations that are unknown,
 Administration of systems is outsourced to others, and access by users is ubiquitous.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 10

Cloud Computing in a nutshell
 Analogy to electricity use

 Technologies such as cluster, grid, and now cloud computing, have all aimed at
allowing access to large amounts of computing power in a fully virtualized manner,
by aggregating resources and offering a single system view

 Utility computing describes a business model for on-demand delivery of computing

power; consumers pay providers based on usage.

 It denotes a model on which a computing infrastructure is viewed as a “cloud,” from

which businesses and individuals access applications from anywhere in the world
on demand

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 11

Cloud Computing in a nutshell
BUYYA
“Cloud is a parallel and distributed computing system consisting of a collection of inter-
connected and virtualized computers that are dynamically provisioned and presented
as one or more unified computing resources based on service-level agreements (SLA)
established through negotiation between the service provider and consumers.”

NIST
A pay-per-use model for enabling available, convenient, on-demand network access to
a shared pool of configurable computing resources (e.g. networks, servers, storage,
applications, services) that can be rapidly provisioned and released with minimal
management effort or service provider interaction.”
29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 12
Cloud Computing in a nutshell
 While there are countless other definitions, there seems to be common characteristics
between the most notable ones listed as before, which a cloud should have:

(i) pay-per-use (no ongoing commitment, utility prices);

(ii) elastic capacity and the illusion of infinite resources;

(iii) self-service interface

(iv) resources that are abstracted or virtualized.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 13

Roots of Cloud computing | Evolution of Cloud Computing

 Cloud computing has evolved a lot in the last

few years.
 Many businesses have grown by adopting this
technology.
 Technologies which played a huge role in the
evolution of cloud computing are:
i. Mainframe to cloud
ii. SOA, Web Services, Web 2.0 and Mashups
iii. Grid Computing
iv. Utility Computing
v. Hardware Virtualization
vi. Virtual Appliance and OVF
vii. Autonomic Computing

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 14

Distributed Systems
 Multiple components are connected over a network and appear as a coherent system.

 These components are also called nodes.

 In cloud computing a single job is distributed among several computers or systems where
each computer does its specific task so that the task can be completed quickly.

Mainframe Computing
 Mainframe computing is used by large organizations because it can deal with huge
amounts of data.
 Mainframe computers are used for Mainframe computing.
 They can perform various tasks like processing bulk data and exchanging hardware etc. But
Main computing is very expensive.
29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 15
Cluster Computing
 In cluster computing, many computers work together and act as a single
entity where each computer linked to the network is called a node.
 In cluster computing, all the computers are linked together with the help of
specialized network connections.
 Cluster computing can be resized by removing or adding nodes.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 16

From Mainframe to cloud
 Currently experiencing a switch in the IT world, from in-house generated
computing power into utility-supplied computing resources delivered over the
Internet as Web servicesS

 Computing delivered as a utility can be defined as “on demand delivery of

infrastructure, applications, and business processes in a security-rich, shared,
scalability based computer environment over the Internet for a fee”

 Advantage to both consumer and providers

 Earlier provided timeshared mainframes , declined due to advent of fast and

inexpensive microprocessors

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 17

SOA, Web Services, Web 2.0 and Mashups
 Web services can glue together applications running on different messaging product
platforms, enabling information from one application to be made available to others, and
enabling internal applications to be made available over the Internet.

 The purpose of a SOA is to address requirements of loosely coupled, Standards-based, and

protocol-independent distributed computing

 Services such user authentication, e-mail, payroll management, and calendars are
examples of building blocks that can be reused and combined in a business solution in case
a single, ready-made system does not provide all those features.

 Web 2.0 is an interface with which cloud computing services interact with clients.

 Popular examples of Web 2.0 are Facebook, Google maps, TikTok etc.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 18

Grid Computing
 Grid computing was first introduced in the 1990s.
 In grid computing, nodes are placed in different geographical locations but connected by the
same network.
 Grid computing is the collection of computer resources from multiple locations to reach a
common goal.
 The grid can be thought of as a distributed system with non-interactive workloads that
involve a large number of files.
 Grid computing is used to solve complex issues that can be solved on a single computer.
 A key aspect of the grid vision realization has been building standard Web services-based
protocols that allow distributed resources to be “discovered, accessed, allocated, monitored,
accounted for, and billed for..
 Issues: QoS, Availability of resource with diverse software configuration
 Solution: Virtualization
29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 19
Utility Computing
 In utility computing, service providers provide on demand service to the user according to their needs.
 In utility computing, instead of charging pre-determined fees, service providers charge users only for
those services that the user has actually used.
 Customers can scale up and down according to their requirements.
 For example, a user pays his electricity bill for the amount of power actually consumed. Similarly,
utility computing employs the pay-per-use business model.
 Utility computing is a service provisioning model in which a service provider makes computing
resources and infrastructure management available to the customer as needed, and charges them for
specific usage rather than a flat rate.
 In utility computing environments, users assign a “utility” value to their jobs, where utility is a fixed or
time-varying valuation that captures various QoS constraints (deadline, importance, satisfaction).
 The service providers then attempt to maximize their own utility, where said utility may directly
correlate with their profit.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 20

Virtualization in cloud computing
 It was introduced about 40 years ago.

 Virtualization is the creation of a virtual layer over the hardware.

 By virtualization, multiple instances can be run simultaneously on the hardware.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 21

Hardware Virtualization
 Hardware virtualization allows running multiple operating systems and software stacks on a
single physical platform

 3 basic capabilities related to management of workload: isolation, Consolidation and Migration

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 22

Hardware Virtualization
 A number of VMM platforms exist that are the basis of many utility or cloud computing
environments.

VMWare ESXi :
 Pioneer in virtualization, bare metal hypervisor
 Provides advanced virtualization techniques of processor, memory, and I/O.

 Especially, through memory ballooning and page sharing, it can overcommit memory

Xen:
 Open-source project
 It has pioneered the para-virtualization concept, on which the guest operating system, by means
of a specialized kernel, can interact with the hypervisor, thus significantly improving performance

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 23

Hardware Virtualization
KVM:
 Kernel-based Virtual Machine (KVM) is a Linux virtualization subsystem

 Is has been part of the mainline Linux kernel since version 2.6.20, thus being natively
supported by several distributions.

 In addition, activities such as memory management and scheduling are carried out by
existing kernel

 KVM leverages hardware-assisted virtualization, which improves performance and allows

it to support unmodified guest operating systems

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 24

Virtual Appliance and OVF(Open Virtual Format)
 An application combined with the environment needed to run it (operating
system, libraries, compilers, databases, application containers, and so forth)
is referred to as a “virtual appliance.”

 In a multitude of hypervisors, where each one supports a different VM

image format and the formats are incompatible with one another, a great
deal of interoperability issues arises.

 For instance, Amazon has its Amazon machine image (AMI) format, made
popular on the Amazon EC2 public cloud.

 Other formats are used by Citrix XenServer, several Linux distributions that
ship with KVM, Microsoft Hyper-V, and VMware ESX
29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 25
Autonomic Computing

 The increasing complexity of computing systems has motivated research

on autonomic computing, which seeks to improve systems by decreasing
human involvement in their operation

 Autonomic, or self-managing, systems rely on monitoring probes and

gauges (sensors), on an adaptation engine (autonomic manager) for
computing optimizations based on monitoring data, and on effectors to
carry out changes on the system.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 26

Key characteristics of cloud computing
 Self-service provisioning: End users can spin up compute resources for almost any type of
workload on demand. An end user can provision computing capabilities, such as server time and
network storage, eliminating the traditional need for IT administrators to provision and manage
compute resources.

 Elasticity: Companies can freely scale up as computing needs increase and scale down as
demands decrease. This eliminates the need for massive investments in local infrastructure,
which might not remain active.

 Pay per use: Compute resources are measured at a granular level, letting users pay only for the
resources and workloads they use.

 Workload resilience: CSPs often deploy redundant resources to ensure resilient storage and to
keep users' important workloads running -- often across multiple global regions.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 27

Key characteristics of cloud computing
 Migration flexibility: Organizations can move certain workloads to or from the cloud or to different
cloud platforms automatically.
 Broad network access: A user can access cloud data or upload data to the cloud from anywhere with an
internet connection using any device.
 Multi-tenancy and resource pooling: Multi-tenancy lets several customers share the same physical
infrastructures or the same applications, yet still retain privacy and security over their own data. With
resource pooling, cloud providers service numerous customers from the same physical resources. The
resource pools of the cloud providers should be large and flexible enough so they can service the
requirements of multiple customers.
 Security: Security is integral in cloud computing and most providers prioritize the application and
maintenance of security measures to ensure confidentiality, integrity and availability of data being
hosted on their platforms. Along with strong security features, providers also offer various compliance
certifications to ensure that their services adhere to industry standards and regulations.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 28

Key characteristics of cloud computing
• On-Demand Self-Service: Users can provision resources and services as needed, without
requiring human interaction with service providers.

• Broad Network Access: Services are accessible over the internet via standard protocols and
devices.

• Resource Pooling: Computing resources are pooled together to serve multiple users,
allowing for efficient utilization and scalability.

• Rapid Elasticity: Resources can be scaled up or down quickly to meet changing demands.

• Measured Service: Cloud service usage is measured, monitored, and billed based on actual
consumption.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 29

Benefits of Cloud
 Cost Savings: Pay for what you use, with no upfront infrastructure costs.
 Scalability: Easily scale resources up or down based on demand.
 Flexibility: Access resources and applications from anywhere with an internet connection.
 Reliability: Cloud providers typically offer high uptime and data redundancy.
 Collaboration: Enable seamless collaboration and data sharing among teams.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 30

Benefits of Cloud Computing
 Cost: Cloud computing eliminates the capital expenditures and resources needed to run and manage
your own infrastructure. The cost of hardware, software, utilities, and on-site management of servers
adds up fast.

 Speed: Most cloud computing services are provided self-service and on demand. Even vast amounts of
computing resources can be provisioned in minutes, typically with just a few clicks, giving businesses
plenty of flexibility and taking the pressure off capacity planning.

 Global Scale: Cloud computing services include the ability to scale elastically. In cloud speak, that means
delivering the right amount of IT resources. For example, choosing more or less computing power,
storage, bandwidth right when it’s needed, and from the right geographic location.

 Productivity: On-site data centers typically require heavy “racking and stacking” hardware setup,
software patching, and other time-consuming IT management duties. Cloud computing removes the
need for many of these tasks so IT teams can work towards more important business goals.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 31

Benefits of Cloud Computing
 Performance: Cloud computing services run on a worldwide network of secure data centers that use
the latest generation of computing hardware. This global network provides your application’s users
with the reduced network latency they have come to expect. As your user base shifts geographically,
your cloud infrastructure can too.
 Security: Cloud providers typically offer a broad set of policies, technologies, and controls that
strengthen your overall security posture. These tools protect your data, apps, users, and infrastructure
from potential threats.
 Reliability: Cloud service providers can store data at multiple, redundant sites, giving you reliable access
to your resources in the cloud.
 Mobility: Cloud computing supports your mobile workforce by making resources available to your
users anywhere, anytime, on any internet-connected device.
 Modernization: Cloud services can play a central role in helping your organization move away from
cumbersome legacy technologies and adopt more innovative solutions that automate processes,
streamline workflows and simplify IT operations.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 32

Common Cloud Computing Use Cases
 Data Storage and Backup: Store and back up large amounts of data securely.
 Software Development and Testing: Rapidly create and deploy applications in a scalable environment.
 Web and Mobile Applications: Host web and mobile applications in the cloud for global accessibility.
 Big Data Analytics: Process and analyze vast amounts of data using cloud resources.
 Disaster Recovery: Maintain data backups and recovery plans in the cloud for business continuity.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 33

Role of Networks in Cloud Computing
Networking plays an important role in various aspects of cloud computing:
1. Connecting Data Centers
 Cloud computing providers use networks to interconnect their data centers, which are the
physical locations where cloud services are hosted.
 These networks facilitate the transfer of data and enable resource sharing between data
centers, ensuring high availability, fault tolerance, and scalability of cloud services.

2. Delivering Cloud Services

 Networks are crucial for delivering cloud services to users.
 Cloud providers utilize various network technologies, including the internet, private networks,
and dedicated connections, to ensure the efficient transfer of data between their
infrastructure and end-users.
 These networks enable users to access cloud services from anywhere, at any time, with
minimal latency.
29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 34
Role of Networks in Cloud Computing
3. Securing Cloud Computing Environments
 Networking plays a significant role in securing cloud computing environments.
 Cloud providers implement network-level security measures such as firewalls, virtual private
networks (VPNs), and intrusion detection systems (IDS) to protect against unauthorized
access, data breaches, and other security threats.
 Networks also facilitate traffic monitoring and encryption to ensure the confidentiality and
integrity of data within the cloud infrastructure.
Summary
 Networking is an integral component of cloud computing, enabling connectivity, resource
sharing, and security within the cloud environment.
 Cloud computing providers rely on robust networking infrastructure to connect their data
centers, deliver cloud services, and safeguard sensitive data.
 The role of networking in cloud computing is essential for ensuring seamless operations,
scalability, and the overall success of cloud-based applications and services.
29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 35
Frequently Asked Questions (FAQs) on Role of Networks in Cloud Computing
1. How does networking contribute to the scalability of cloud computing?

2. Can networking enhance the security of cloud computing environments?

3. How does networking impact the availability of cloud services?

4. Are there any challenges in networking for cloud computing?

5. Can networking help businesses save costs in cloud computing?

6. How can businesses ensure the reliability of networking in cloud computing?

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 36

Cloud Networking
 Cloud networking is an IT infrastructure where an organization’s network and resources are
hosted in a public or private cloud platform and are available on demand using only an internet
connection.
 Hosting networking resources on the cloud may involve using devices on-premises or through a
cloud service provider and can include the following networking services:
 Network Management And Access Software
 Connectivity
 Virtual Routers
 Firewalls And Security Services
 Load Balancers
 Bandwidth
 Content Delivery Networks (CDNs)
 Virtual Private Networks (VPNs)

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 37

Cloud Deployment Models

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 38

Cloud Deployment Models
1. Public Cloud
• Services are provided over a public
network and available to anyone who
wants to use them.

• It is a cost-effective option for businesses

and individuals looking for scalability and
flexibility.

• Public cloud providers, such as AWS,

Azure, and GCP, offer a wide range of
services accessible to the general public.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 39

Cloud Deployment Models
2. Private Cloud
• Infrastructure is dedicated to a single
organization and may be located on-
premises or off-premises.

• Private cloud environments are designed to

meet specific security, compliance, or
performance requirements.

• They offer enhanced control,

customization, and privacy but require
significant upfront investment.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 40

Cloud Deployment Models
3. Hybrid Cloud
• Combines public and private cloud
environments, allowing for flexibility and
data sharing between the two.

• Organizations can leverage the benefits of

both public and private clouds, ensuring
optimal resource allocation.

• Hybrid cloud deployments enable workload

portability and seamless integration
between different environments.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 41

Cloud Deployment Models
4. Community Cloud
• Community cloud is a deployment model where
infrastructure and services are shared among a
specific community or group of organizations.

• It caters to the needs of a particular community,

such as government agencies, educational
institutions, or research organizations.

• Community cloud provides a cost-effective

solution while addressing specific requirements
and compliance standards of the community.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 42

Cloud Networking vs. Cloud Computing
When the preceding word “cloud” is removed from both networking and computing, the two terms immediately
take on different meanings.
 Cloud networking is when network resources and capabilities are hosted in the public, private, or
hybrid cloud.
 These resources include virtual routers, switches, load balancers, firewalls, bandwidth, network
management, and more.
 They are available on demand and can be managed in-house or by a third party. Just as the
command line interface (CLI) on Cisco router interfaces differs from Juniper’s, the same applies when
configuring network gear in the cloud between virtual private clouds (VPCs).
 Cloud networking equates to the cloud infrastructure used to power connectivity between
resources, and it is built on cloud computing.

 Cloud computing is a broader term for overall centralized computing resources that are shared by
numerous customers.
 Collectively, it encompasses all services provided by the cloud that are required to keep applications
up and running, including compute, storage, and networking.
 It’s more of an umbrella term that encompasses cloud networking.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 43

Cloud Networking Types
 Cloud networking: An umbrella term for IT infrastructure that connects all variations of on-
premises, edge, and cloud base services.

 Multicloud networking: A type of cloud networking with advanced capabilities integrated with
public cloud providers, resulting in smoother accessibility across multiple clouds and on-premises
environments.

 Hybrid cloud networking: A subset of cloud and multi-cloud networking that refers specifically to
the connectivity between two different types of cloud environments, such as on-premises
private, hosted private, and public clouds.

 Cloud networking and cloud-based networking: A cloud networking solution with their control
plane hosted and delivered in public clouds instead of an on-premises device

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 44

Service Models
1. Infrastructure as a Service (IaaS)
• IaaS provides virtualized computing resources
over the internet.

• Users have control over the operating

systems, storage, and networking
components.

• They can provision and manage virtual

machines (VMs), storage, and networks
according to their requirements.

• Examples of IaaS providers include AWS EC2,

Azure Virtual Machines, and Google Compute
Engine.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 45

Infrastructure as a Service (IaaS)
 Infrastructure as a Service (IaaS) offers storage and computer resources that
developers and IT organizations use to deliver custom/business solutions.

 IaaS delivers computer hardware (servers, networking technology, storage, and data
center space) as a service.

 It may also include the delivery of OS and virtualization technology to manage the
resources.

 Here, the more important point is that IaaS customers rent computing resources
instead of buying and installing them in their data centers.

 The service is typically paid for on a usage basis.

 The service may include dynamic scaling so that if the customers need more
resources than expected, they can get them immediately.
29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 46
The control of the IaaS layer is as
 The consumer has full/partial control over the infrastructure of the cloud, servers,
and databases.

 The consumer has control over the Virtual Machines' implementation and
maintenance.

 The consumer has a choice of already installed VM machines with pre-installed

Operating systems.

 The cloud provider has full control over the data centers and the other hardware
involved in them.

 It has the ability to scale resources based on the usage of users.

 It can also copy data worldwide so that data can be accessed from anywhere in the
world as soon as possible.
29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 47
Service Models
2. Platform as a Service (PaaS)
• PaaS offers a platform for developing, testing,
and deploying applications.
• Users can focus on application development
without worrying about infrastructure
management.
• PaaS providers manage the underlying
infrastructure, including servers, storage, and
networking.
• Developers can leverage pre-configured
environments, development frameworks, and
deployment tools.
• Examples of PaaS providers include Heroku,
Google App Engine, and AWS Elastic Beanstalk.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 48

Platform as a Service (PaaS)
 Platform as a Service is a strategy that offers a high level of abstraction to make a
cloud readily programmable in addition to infrastructure-oriented clouds that offer
basic compute and storage capabilities (PaaS).

 Developers can construct and deploy apps on a cloud platform without necessarily
needing to know how many processors or how much memory their applications
would use.

 A PaaS offering that provides a scalable environment for creating and hosting web
applications is Google App Engine, for instance.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 49

Features of Platform as a Service (PaaS)
 The cloud provider has entire rights or control over the provision of cloud services to
consumers.

 The cloud consumer has selective control based on the resources they need or have
opted for on the application server, database, or middleware.

 Consumers get environments in which they can develop their applications or

databases. These environments are usually very visual and very easy to use.

 Provides options for scalability and security of the user’s resources.

 Services to create workflows and websites.

 Services to connect users’ cloud platforms to other external platforms.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 50

Service Models
3. Software as a Service (SaaS)
• SaaS delivers software applications over the
internet on a subscription basis.

• Users can access and use applications directly

through a web browser or APIs.

• The provider hosts and manages the underlying

infrastructure, application, and data.

• Users can typically customize certain aspects of

the application to fit their needs.

• Examples of SaaS include Salesforce, Microsoft

Office 365, and Google Workspace.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 51

Software as a Service (SaaS)
 Software as a Service (SaaS) is a form of application delivery that relieves users of the
burden of software maintenance while making development and testing easier for
service providers.
 The cloud delivery model's top layer is where applications are located. End customers
get access to the services this tier offers via web portals.
 Because online software services provide the same functionality as locally installed
computer programs, consumers (users) are rapidly switching from them.
 Today, ILMS and other application software can be accessed via the web as a service.
 In terms of data access, collaboration, editing, storage, and document sharing, SaaS
is unquestionably a crucial service.
 Email service in a web browser is the most well-known and widely used example of
SaaS, but SaaS applications are becoming more cooperative and advanced.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 52

Features of Software as a Service (SaaS)
 The cloud consumer has full control over all the cloud services.

 The provider has full control over software applications-based services.

 The cloud provider has partial control over the implementation of cloud services.

 The consumer has limited control over the implementation of these cloud services.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 53

Service Models
4. Functions as a Service (FaaS)
• Serverless functions hosted in the cloud (e.g., AWS, Azure Functions, Google Functions,
Oracle Cloud Functions).

• What’s neat about these services is that they cost nothing when not running.

5. Hardware as a Service (HaaS)

• The user leases equipment under a service level agreement (SLA).

• At the end of the leasing period, the lessee may have the option to purchase it for a fee or
send it back.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 54

Cloud Services Brokerage
 Cloud Broker is an entity that manages the use, performance and delivery of cloud services, and
negotiates relationships between cloud providers and cloud consumers.
 Cloud services brokerage (CSB) is an IT role and business model in which a company or other entity adds
value to one or more (public or private) cloud services on behalf of one or more consumers of that
service via three primary roles including aggregation, integration and customization brokerage.
 A CSB enabler provides technology to implement CSB, and a CSB provider offers combined technology,
people and methodologies to implement and manage CSB-related projects.
 Cloud service brokerage provides the intermediary between cloud providers and cloud consumer that
assist companies in choosing the services and offerings that best suits their needs.
 They may also assist in the deployment and integration of apps across multiple clouds or provide a choice
and possible cost saving function which include multiple competing services from a catalog.
 Value added services like migration, VM portability, and API management and normalization from cloud
brokerage platforms like ComputeNext also allow end users freedom to move between platforms and
keep options available at a variety of cloud vendors.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 55

Primary areas a cloud service broker can address
There are three primary areas a cloud service broker can address in accelerating the adoption of
the cloud:

 Aggregation – enabling the consumption of cloud by end users via a cloud application
marketplace approved by the company

 Integration – ensuring cloud applications exchange data with each other and with on-premise
applications to orchestrate business processes

 Customization – augmenting cloud services with changes to data schema or enhanced

security and compliance

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 56

Challenge for IT
 The challenge for IT is that the cloud is relatively immature compared to
on-premise enterprise software.

 By adding customized capabilities on top of cloud services, the

enterprise can realize the benefits of cloud, while also meeting its other
business objectives including data security and compliance.

 In particular, organizations are looking to augment the cloud and

achieve the following:

1. Reduce risk with more robust security and compliance capabilities

2. Add value and visibility with analytics

3. Centralize functionality for audit trails and policy enforcement

4. Streamline the selection process of cloud services

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 57
Advantages of Cloud Service Broker
1. Broader Technical Expertise
2. Lower Total Cost of Ownership – Financial Returns
3. Operational efficiencies
4. Better options in dealing with risk, compliance and governance

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 58

Cloud Computing Reference Model
The reference model for cloud computing is an abstract model that characterizes and standardizes a cloud
computing environment by partitioning it into abstraction layers and cross-layer functions.

 The Cloud Computing Reference Model

provides a conceptual framework for
understanding and categorizing the
various components and functions of
cloud computing.
 It helps define the relationships and
interactions between different cloud
computing elements.
 The most widely recognized and used
reference model is the NIST (National
Institute of Standards and Technology)
Cloud Computing Reference
Architecture.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 59

Types of Cloud Computing Reference Model
 There is various type of cloud computing reference model used based on different
requirements of the consumers.
 The most important type of cloud computing reference model is the cloud reference model
in cloud computing.
 The National Institute of Standards and Technology (NIST) is an organization designed by the
US government (USG) agency for the adoption and development of cloud computing
standards.
 The principle of NIST Cloud computing reference architecture are:
1. Create a vendor-neutral architecture that adheres to the NIST standard.
2. Create a solution that does not inhibit innovation by establishing a required
technological solution.
3. The NIST Cloud computing reference architecture provides characteristics like elasticity,
self-service, the collaboration of resources, etc.
29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 60
Components of the NIST Cloud Computing Reference Model
 The NIST Cloud Computing Reference Model provides a standardized framework to
understand the key components and relationships within cloud computing.
 It serves as a common language for discussing and designing cloud-based solutions, enabling
interoperability and facilitating the adoption of cloud computing technologies.

The service models involved in this architecture are

Cloud Service Models:
 Infrastructure as a Service (IaaS): Provides virtualized computing resources, such as virtual
machines, storage, and networks, on-demand to users.
 Platform as a Service (PaaS): Offers a platform with development tools, libraries, and
services for users to build and deploy applications.
 Software as a Service (SaaS): Delivers software applications over the internet, typically
accessed through web browsers, without the need for installation or maintenance.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 61

Components of the NIST Cloud Computing Reference Model
NIST Cloud computing also has 4 deployment models, which are as follows:
1. Public
This is the model where cloud infrastructure and resources are given to the public via a
public network. These models are generally owned by companies that sell cloud services.
2. Private
This is the model where cloud infrastructure and resources are only accessible by the cloud
consumer. These models are generally owned by cloud consumers themselves or a third party.
3. Community
This is the model where a group of cloud consumers might share their cloud
infrastructure and resources as they may have the same goal and policies to be achieved.
These models are owned by organizations or third-party.
4. Hybrid
This model consists of a mixture of different deployment models like public, private, or
community. This helps in the exchange of data or applications between various models.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 62

Examples of Cloud Computing Reference Model Apart From NIST
1. IBM Architecture
2. Oracle Architecture
3. HP Architecture
4. Cisco Reference Architecture

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 63

Major Actors of Cloud Computing Reference Model
 There are five major actors in NIST cloud computing reference architecture.
 Each actor is an entity that participates in the process and/or completes
duties in cloud computing.
 This entity could be a person or an organization.
 They are:
1. Cloud Consumer
2. Cloud Provider
3. Cloud Carrier
4. Cloud Auditor
5. Cloud Broker
Cloud Reference Architecture Diagram
29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 64
Major Actors of Cloud Computing Reference Model
1. Cloud Consumer
 The end user that the cloud computing service is designed to support is the
cloud consumer.
 An individual or corporation with a working relationship with a cloud provider
and utilizing its services is referred to as a cloud consumer.
 A cloud customer peruses a cloud provider's service catalog, makes the
proper service request, enters into a service agreement with the cloud
provider, and then utilizes the service.
 The cloud customer may be charged for the service provided, in which case
payment arrangements must be made.
 They need to have a cloud Service Level Agreement (SLA).
29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 65
Major Actors of Cloud Computing Reference Model
2. Cloud Provider
 Any individual, group, or other entity in charge of making a service accessible
to cloud users is a cloud provider.
 A cloud provider creates the requested software, platforms, and
infrastructure services, manages the technical infrastructure needed to
supply the services, provisions the services at agreed-upon service levels, and
safeguards the services' security and privacy.
 Through service interfaces and virtual network interfaces that aid in resource
abstraction, the cloud provider implements the cloud software to make
computing resources accessible to cloud consumers that use the
infrastructure as a service.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 66

Major Actors of Cloud Computing Reference Model
3. Cloud Carrier
 A cloud carrier serves as an intermediary between cloud providers and
customers, facilitating connectivity and transport of cloud services.
 Customers can access the cloud through the network, telecommunication,
and other access equipment provided by cloud carriers.
 Customers of cloud services, for instance, can get them through network
access devices, including laptops, mobile phones, PCs, and mobile Internet
devices (MIDs), among others.
 Network and telecommunication carriers typically handle the distribution of
cloud services, while a transport agent is a company that arranges for the
physical delivery of storage devices like high-capacity hard drives.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 67

Major Actors of Cloud Computing Reference Model
 Remember that a cloud provider will establish service level agreements
(SLAs) with a cloud carrier to provide services at a level consistent with the
SLAs offered to cloud consumers.
 The cloud provider may also demand that the cloud carrier provide dedicated
and encrypted connections between cloud consumers and cloud providers.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 68

Major Actors of Cloud Computing Reference Model
4. Cloud Auditor
 An unbiased evaluation of cloud services, information system operations, performance, and
the security of a cloud computing implementation can be done by a cloud auditor.
 A cloud auditor can assess a cloud provider's services in terms of performance, service level
agreement compliance, privacy implications, and security controls.
 The management, operational, and technical precautions or countermeasures used inside an
organizational information system to ensure the privacy, availability, and integrity of the
system and its data are known as security controls.
 To do a security audit, a cloud auditor can evaluate the information system's security
controls to see how well they are being implemented, functioning as intended, and achieving
the required results in relation to the system's security needs.
 Verifying compliance with law and security policy should be part of the security audit.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 69

Major Actors of Cloud Computing Reference Model
5. Cloud Broker
 An organization called a "Cloud Broker" controls how cloud services are used, performed,
and delivered and negotiates contracts between cloud providers and cloud users.
 The integration of cloud services could become too difficult for cloud consumers to handle as
cloud computing develops.
 Instead of contacting a cloud provider directly in certain circumstances, a cloud consumer
may request cloud services through a cloud broker.
 A single point of access for controlling numerous cloud services is offered by cloud brokers.
 The capacity to offer a single consistent interface to numerous different providers, whether
the interface is for commercial or technical objectives, separates a cloud broker from a cloud
service provider. Cloud Brokers provide services in three categories:

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 70

Cloud Brokers Services
Cloud Brokers provide services in three categories:
 Intermediation
By enhancing a certain feature and offering cloud consumers value-added services, a cloud
broker improves a given service. The enhancement may take the shape of identity
management, performance reporting, improved security, etc.
 Aggregation
Several services are combined and integrated into one or more new services by a cloud
broker. The broker offers data and service integration, guarantees secure data transfer
between the cloud consumer and various cloud providers, and provides these services.
 Arbitrage
Like service aggregation, service arbitrage differs from it in that the services being integrated
or aggregated are not fixed. Service arbitrage refers to the freedom a Broker has to select
services from various service Providers.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 71

Security Reference Model in Cloud Computing
 The formal model for the NIST Cloud Computing Security Reference Architecture is NIST SP 500-292: A
connected collection of security components generated from the CSA TCI-RA, the NIST Cloud Computing
Reference Architecture, and a way for utilizing the formal model and the security components to orchestrate
a safe cloud ecosystem.
 The Cloud Security reference model is agnostic about the cloud deployment model, and its methodology may
easily be applied to data about Private, Community, or Hybrid clouds.
 It is a formal model, a collection of Security Components, and a methodology for applying a cloud-adapted
Risk Management Framework.
 Since a public cloud deployment model best supports illustrative examples of all the NCC-SRA Security
Components and security considerations.
 The Cloud Security reference model introduces a risk-based methodology to establish each cloud actor's
accountability for putting particular controls throughout the cloud ecosystem's life cycle.
 The Security Components are specifically examined for each instance of the cloud Ecosystem to determine
the degree to which each cloud actor participated in the implementation of those components.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 72

Cloud Architecture
• Cloud architecture refers to the design and structure of cloud computing environments,
including the arrangement of components and the relationships between them.

• It involves various elements that work together to deliver cloud services and ensure reliability,
scalability, and security.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 73

Cloud Architecture
NIST Architecture of Cloud

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 74

Cont…
• Cloud Consumer: An individual or organization that engages in a business partnership with Cloud
Providers and utilizes their services.

• Cloud Provider: A person, organization, or entity that is accountable for offering services to individuals or
entities who are interested in them.

• Cloud Auditor: A party capable of conducting an impartial evaluation of cloud services, as well as
assessing the performance, security, and operations of the cloud implementation.

• Cloud Broker: An entity responsible for managing the utilization, performance, and delivery of cloud
services. Additionally, they act as mediators between Cloud Providers and Cloud Consumers, negotiating
relationships between the two parties.

• Cloud Carrier: An intermediary that facilitates the connectivity and transportation of cloud services from
Cloud Providers to Cloud Consumers.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 75

Cloud Architecture Best Practices
• Up-front Planning: Prioritize up-front planning to understand capacity needs and avoid unexpected
production glitches. Continuously test performance during the architecture design phase.

• Security First: Implement robust security measures to protect against unauthorized access. Safeguard all
layers of the cloud infrastructure through data encryption, patch management, and strict security policies.
Consider adopting zero-trust security models for enhanced protection in hybrid and multi-cloud environments.

• Disaster Recovery Readiness: Automate recovery processes to minimize costly downtime and ensure swift
recovery from service disruptions. Implement monitoring mechanisms to track capacity and utilize redundant
networks for a highly available architecture.

• Maximize Performance: Optimize computing resources by continuously monitoring business demands and
technological requirements. Efficiently manage and allocate resources to maintain optimal performance levels.

• Cost Optimization: Leverage automated processes, managed service providers, and utilization tracking to
reduce unnecessary cloud computing expenses. Regularly review and optimize resource allocation to ensure
cost-effectiveness.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 76

The greenfield and brownfield deployment options
 Especially in large complex companies, it is not feasible to replace entire systems and they
must consider different migration methods.

 This opens up the debate of whether to choose greenfield or brownfield. Both strategies
have their benefits and drawbacks.

 With the greenfield strategy, everything is made from ground-up – data, operating systems,
applications – and then moved to the new infrastructure.

 In the brownfield strategy, many of the functions of the previous application are retained,
especially those that are difficult to recreate.

 Many of the proprietary systems and critical data and information are also retained in the on-
premise infrastructure.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 77

The greenfield and brownfield deployment options
Then, how do organizations make the decision?
 Through the greenfield implementation, you can start from the beginning; through the
Brownfield implementation, you can take advantage of the old systems with a process known
as selective migration, whereby you can limit business disruption.
 So, what strategy should you adopt? Here is a quick comparison:
 Pros of Greenfield
1. Easy to design the right architecture from the beginning
2. Build the right team structure with competencies
3. Easy to fit into common standards and then build on that
4. Customizable to exactly fit the requirements because it is built from scratch
5. Scalable as it has cloud advantage. As applications are made from scratch, enterprises
can incorporate the facility for scaling up and down while they develop apps
29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 78
The greenfield and brownfield deployment options
 And the cons of Greenfield …
1. Costly, while costs may be less after your migration, the actual process of migration may
be expensive. It may be harder to estimate system usage, so take care of your cost
estimation

2. Steep learning curve, since everything is new. Teams, if used to the legacy system, might
take some time to get used to the cloud options

3. Affects the entire organization – Migration to the cloud is serious business. It affects
your operating model, and the staff in your company will have different kinds of
responsibilities. Cloud maintenance and security will be managed by the cloud service
provider, but you will need to come up with new strategies for storing and handling
computing resources.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 79

The greenfield and brownfield deployment options
 Pros of Brownfield
1. Familiar, as it is built on existing legacy components. So, you will be familiar with a considerable part of
the working of the infrastructure.
2. Cost effective, as migrating everything at the same time to the cloud can be a huge expense. Also,
system usage is easier to estimate, so cost estimation for cloud infrastructure would be easier to make.
3. Simple, as nearly every application can get built into a docker container and can get deployed to the
cloud with this.
4. Allows you to move your sub systems step by step
And the cons of Brownfield
1. Retains the limitations from original infrastructure
2. Rigid, the biggest advantage with cloud is that you can scale at will. The biggest limitation with on-
premise systems is that you must purchase when you need more computing capacity, but when you
don’t need that much, the resources stay under-utilized. Sometimes your software is not made to be
scalable!
29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 80
Comparison Overview of Greenfield Development vs. Brownfield Development

Greenfield Brownfield

Start from scratch Build on existing codes

Choose your technology Technology already chosen

Use the best idea, technology and

Build on previous developer’s code
architecture

Learn from mistakes Work around the limitations

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 81

Comparison Overview of Greenfield Development vs. Brownfield Development

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 82

Greenfield vs Brownfield migration approaches in Cloud Journey
 During Cloud migration, we would encounter 6-R in approaches for application treatment viz
Re-host (lift and shift), Replatform (OS or platform change), Refactor (Minor reskill or
configuration change), Re-architect (revamp the application architecture and tech stack),
Retain (to keep the application as is) and Retire/Replace (to handle End of Life applications
and to replace application to a new target).

 In any of these case, first we would think about the execution approach if we need to choose
between Greenfield development and brownfield development.

 Ideally, Greenfield development is grounds-up development to start afresh like the re-architect
or sometimes re-factor category which is strategic and long-term solution and scalable/flexible
architecture but costly in terms of effort and time.

 Also, this requires complete infrastructure setup and careful design for interfaces, network
communication, integration services and security architecture.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 83

Greenfield vs Brownfield migration approaches in Cloud Journey

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 84

Greenfield vs Brownfield migration approaches in Cloud Journey
 On the other side, brownfield development is comparatively short-term solution for quick
adoption and use tactical approach to use most of the existing code and design and try to re-
factor for the target cloud platform.

 It is affordable due to low cost/effort due to reuse of the architecture and components.

 With brownfield development, using existing talent and resources will help a lot to reduce
functional design and carry out simple architectural decision and reduce functional validation by
carrying out simple regression tests instead of complete testing.

 Also, compared to Greenfield development, brownfield development is rigid in design as there

is no or less scope for design changes as we try to reuse most of them.

 Brownfield development can be used for low-risk category of applications whereas Greenfield
is a choice for high-risk category of applications.
29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 85
Key Questions You Should Ask That Help You To Decide Which Migration
Scenarios Would Be Best For You? Greenfield Vs Brownfield Development

Key Questions Greenfield Brownfield

Do you want to keep solution enhancements or your

No Yes
transaction data history?

Does your system fulfill all conversion prerequisites? No Yes

Do you need a phased business roll-out? Yes No

Do you need a renewal of your complete application
Yes No
solution?
Innovation
How do you perceive your current system? Key asset
blocker

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 86

How To Choose The Best Cloud Migration Approach For Your Organization?
 Deciding which migration strategy implementation is right for you depends on multiple factors.

 Once you have defined the business and built a business case, you can select the best
approach, develop a strategy, create your roadmap, and make it happen.

 Just be cautious with brownfield projects as the processes could be more challenging and
arduous and you will need to have a top-class development team who are ready to take on
challenges and perform meticulous design and testing tasks.

 Greenfield projects however help catch the best spot on the IT bandwagon. But note it down as
today’s Greenfield is tomorrow’s Brownfield.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 87

Summary
• Cloud computing enables the delivery of computing services over the internet, eliminating the need for local
infrastructure.

• Key characteristics of cloud computing include on-demand self-service, broad network access, resource
pooling, rapid elasticity, and measured service.

• Deployment models include public, private, and hybrid clouds, offering flexibility and data sharing options.

• Service models such as IaaS, PaaS, and SaaS provide virtualized computing resources, platform for
application development, and software delivery respectively.

• Cloud computing offers benefits like cost savings, scalability, flexibility, reliability, and enhanced collaboration.

• Cloud computing presents a transformative approach to computing, offering cost-effective solutions,

scalability, and flexibility for organizations across various industries. By leveraging the benefits of cloud
computing and aligning with the appropriate deployment and service models, organizations can drive
innovation, improve efficiency, and adapt to evolving business needs.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 88

Points to Remember
1. Understand your specific needs and requirements when selecting a cloud deployment and service
model.

2. Prioritize security measures such as data encryption and access controls to protect against unauthorized
access.

3. Plan for disaster recovery and high availability to ensure business continuity.

4. Continuously monitor and optimize resource utilization for optimal performance and cost savings.

5. Regularly assess and adapt your cloud architecture to evolving business needs and emerging
technologies.

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 89

Learning Resources
Text books
1. Rajkumar Buyya, Christian Vecchiola, S. Thamarai Selvi, “Mastering Cloud Computing”, Tata McGraw Hill, ISBN-13:
978-1-25-02995-0
2. Tim Mather, Subra K, Shahid L, Cloud Security and Privacy, OReilly, ISBN-13 978-81-8404-815-5
3. Rajkumar Buyya, James Broberg, Andrzej Goscinski, “Cloud computing Principles and Paradigms”, Wiley Publication.
4. Barrie Sosinsky, “Cloud Computing", Wiley India, ISBN: 978-0-470-90356-8
5. Kailash Jayaswal, “Cloud computing", Black Book, Dreamtech Press
6. Thomas Erl, Zaigham Mahmood and Ricardo Puttini, “Cloud Computing: Concepts, Technology and Architecture”,
Pearson, 1st Edition.

Reference Books
1. Introduction to the Theory of Computation, Michael Sipser.
2. Introduction to Languages and the Theory of Computation, John Martin.
3. Computers and Intractability: A Guide to the Theory of NP Completeness, M. R. Garey and D. S. Johnson
Supplementary Reading:
1. Dr. Kumar Saurabh, “Cloud Computing”, Wiley Publication

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 90

Learning Resources
Web Resources:
i. https://www.ibm.com/cloud-computing/files/cloud-for-dummies.pdf
Web links
i. https://docs.aws.amazon.com/
ii. https://docs.microsoft.com/en-us/azure/
MOOCs:
i. https://www.coursera.org/learn/gcp-fundamentals
ii. https://nptel.ac.in/courses/106105167/

29-Jan-24 CET4034B: CLOUD INFRASTRUCTURE AND SECURITY 91

29-Jan-24 92