Engineering in One Video (EIOV) Watch video on EIOV

Cloud Computing
Unit 4
 Engineering in One Video (EIOV) Watch video on EIOV

Topics to be covered...
Inter cloud resource management
Topologies used in inter cloud architecture
Types of resource provisioning
Resource provisioning methods
Cloud security challenges
Security governance
Virtual machine security
IAM
Security standards
Happy Ending!
Engineering in One Video (EIOV) Watch video on EIOV

Inter cloud resource

management
 Engineering in One Video (EIOV) Watch video on EIOV

Inter Cloud
Connected cloud networks, including public, private and hybrid clouds.
Goal- Improve interoperability of cloud networks.
Used to connect different cloud computing platforms.
Limitation- limited physical resources.
Inter-cloud resource management in cloud computing refers to the process of optimizing
and coordinating the allocation, utilization, and management of computing resources across
multiple cloud service providers and cloud environments.
Types: Federation and Multi cloud.
Benefits of ICRM
Flexibility and Vendor Neutrality
Redundancy and Disaster Recovery
Geographic Reach
Engineering in One Video (EIOV) Watch video on EIOV

Topologies used in
inter cloud architecture
 Engineering in One Video (EIOV) Watch video on EIOV

Topologies used in inter cloud architecture

Peer to peer inter cloud federation
Communicate with each other
Negotiate directly without mediators
RESERVOIR

Centralized inter cloud federation

Use a central entity to perform resource sharing
Central entity acts as a storehouse

Multi cloud service

Clients access multiple clouds through a service

Multi cloud libraries

Clients develop their own brokers by using a unified cloud API as a library.
Example of MCL- Java library J-clouds, Apache Lib-Clouds.
 Engineering in One Video (EIOV) Watch video on EIOV

Providers vs Vendors vs Users

Engineering in One Video (EIOV) Watch video on EIOV

Types of resource
provisioning
 Engineering in One Video (EIOV) Watch video on EIOV

Resource provisioning
Resource provisioning, in the context of cloud computing and IT infrastructure
management, refers to the allocation, management, and deployment of computing
resources to meet the demands of applications, workloads, and services.

Effective resource provisioning ensures that the right amount of resources is allocated at
the right time to maintain optimal system performance and resource utilization.

It takes SLA into consideration for providing services to the cloud users.

Computing resources: virtual machines, storage, and networking

 Engineering in One Video (EIOV) Watch video on EIOV

Types of resource provisioning

Manual Resource Provisioning

Static Provisioning

Dynamic Provisioning

Hybrid Provisioning

Auto-Scaling Provisioning
Engineering in One Video (EIOV) Watch video on EIOV

Resource provisioning
methods
 Engineering in One Video (EIOV) Watch video on EIOV

Resource provisioning methods

Demand -driven resource provisioning:
Adds or removes computing instances based on the current utilization level of the
allocated resources.
When a Resource has surpassed a threshold for certain amount of time, The scheme
increases that resource based on demand.
When a resource is below a threshold for a certain amount of time, that resource could
be decreased accordingly.
Amazon implements such an auto-scale features in its EC2 to platform.

Event-driven resource provisioning:

Ads or removes machine instances based on a specific time event.
The scheme works better for predicted events.
This is scheme anticipated speed traffic before it happens.
The method results in a minimal laws of QoS if the event is predicted correctly.
Otherwise, wasted resources are even greater due to events that do not follow a fixed
pattern.
 Engineering in One Video (EIOV) Watch video on EIOV

Resource provisioning methods

Popularity-driven resource provisioning:
In this method, the Internet searches for popularity of certain applications and creates
the instances by popularity demand.
The scheme anticipates increased traffic with popularity.
The scheme has a minimal loss of QoS if the predicted popularity is correct, resources
may be wasted if traffic does not occur as expected.
Engineering in One Video (EIOV) Watch video on EIOV

Cloud security
challenges
 Engineering in One Video (EIOV) Watch video on EIOV

Classification security challenges

Deployment models:
Public cloud
Private cloud
Hybrid cloud

Service models:
IaaS
PaaS
SaaS
 Engineering in One Video (EIOV) Watch video on EIOV

SC related to deployment models

Public Cloud Security Challenges:
Data Privacy and Compliance
Shared Resources
Loss of Control

Private Cloud Security Challenges:

Cost and Complexity
Data Center Security
Security Policy Management

Hybrid Cloud Security Challenges:

Data and Application Integration
Data Movement and Transfer
Management Complexity
 Engineering in One Video (EIOV) Watch video on EIOV

SC related to service models

Infrastructure as a Service (IaaS):
Virtual Machine Security
Network Security
Data Encryption

Platform as a Service (PaaS):

Data Access and Control
Vendor Lock-In
Application Security

Software as a Service (SaaS):

Data Privacy and Compliance
Data Migration
Service Integration
Service Availability
 Engineering in One Video (EIOV) Watch video on EIOV

Cloud security controls

Detective control

Preventive control

Deterrent control

Corrective control
Engineering in One Video (EIOV) Watch video on EIOV

Security governance
 Engineering in One Video (EIOV) Watch video on EIOV

Security governance
Cloud security governance involves defining and implementing policies, procedures, and
controls to ensure the secure and compliant use of cloud services and resources within an
organization.

Challenges:
Lack of Visibility
Data Security and Privacy
Identity and Access Management
Shared Responsibility Model
 Engineering in One Video (EIOV) Watch video on EIOV

Security governance objective

Define Security Policies

Risk Assessment

Data Encryption

Security Auditing and Monitoring

Security Awareness and Training

Regular Security Assessments

Vendor Agreements and Contracts

Engineering in One Video (EIOV) Watch video on EIOV

Virtual machine
security
 Engineering in One Video (EIOV) Watch video on EIOV

Virtual machine security

Virtual machine (VM) security in cloud computing is a critical aspect of ensuring the
confidentiality, integrity, and availability of workloads and data running on cloud-based
VMs.
VMs are foundational building blocks in cloud infrastructure and are used for running
applications, services, and processing workloads.

VM Isolation and Segmentation:

Secure Hypervisor
VM Hardening
Patch Management
Network Security
Encryption
Identity and Access Management (IAM)
Multifactor Authentication (MFA)
Logging and Monitoring
 Engineering in One Video (EIOV) Watch video on EIOV

Types of Virtual machine

System Virtual Machine:
Gives us complete system platform and execution of the complete virtual OS.
Just like virtual box, system virtual machine is providing an environment for an OS to be
installed completely.
We can see in below image that our hardware of Real Machine is being distributed
between two simulated operating systems by Virtual machine monitor.
And then some programs, processes are going on in that distributed hardware of
simulated machines separately.
 Engineering in One Video (EIOV) Watch video on EIOV

Types of Virtual machine

Process Virtual Machine:
While process virtual machines, unlike system virtual machine, does not provide us with
the facility to install the virtual operating system completely.
Rather it creates virtual environment of that OS while using some app or program and
this environment will be destroyed as soon as we exit from that app.
Like in below image, there are some apps running on main OS as well some virtual
machines are created to run other apps.
Example – Wine software in Linux helps
to run Windows applications.
Engineering in One Video (EIOV) Watch video on EIOV

IAM
 Engineering in One Video (EIOV) Watch video on EIOV

Identity and Access Management (IAM)

AWS Identity and Access Management (IAM) is a web service that helps you securely
control access to AWS resources.
With IAM, you can centrally manage permissions that control which AWS resources users
can access.
You use IAM to control who is authenticated (signed in) and authorized (has permissions) to
use resources.

IAM features:
Shared access to your AWS account
Granular permissions
Secure access to AWS resources for applications that run on Amazon EC2
Multi-factor authentication (MFA)
Identity federation
 Engineering in One Video (EIOV) Watch video on EIOV

Advantages
Security
Efficiency
Compliance
User Convenience

Disadvantages
Complexity
Cost
User Resistance
Integration Challenges
 Engineering in One Video (EIOV) Watch video on EIOV

IAM Architecture
Engineering in One Video (EIOV) Watch video on EIOV

Security standards
 Engineering in One Video (EIOV) Watch video on EIOV

IAM Architecture
1. NIST (National Institute of Standards and Technology):
NIST is a federal organization in the US that creates metrics and standards to boost
competition in the scientific and technology industries.
The National Institute of Regulations and Technology (NIST) developed the Cybersecurity
Framework to comply with US regulations such as the Federal Information Security
Management Act.
NIST places a strong emphasis on classifying assets according to their commercial value
and adequately protecting them.

2. ISO-27017:
A development of ISO-27001 that includes provisions unique to cloud-based information
security.
Along with ISO-27001 compliance, ISO-27017 compliance should be taken into account.
This standard has not yet been introduced to the marketplace.
It attempts to offer further direction in the cloud computing information security field.
 Engineering in One Video (EIOV) Watch video on EIOV

IAM Architecture
3. ISO-27018:
The protection of personally identifiable information (PII) in public clouds that serve as PII
processors is covered by this standard.
Despite the fact that this standard is especially aimed at public-cloud service providers like
AWS or Azure.
If you are a SaaS provider handling PII, you should think about complying with this
standard.

4. CIS controls:
Organizations can secure their systems with the help of Internet Security Center (CIS)
Controls, which are open-source policies based on consensus.
Each check is rigorously reviewed by a number of professionals before a conclusion is
reached.
To easily access a list of evaluations for cloud security, consult the CIS Benchmarks
customized for particular cloud service providers.
 Engineering in One Video (EIOV) Watch video on EIOV

IAM Architecture
5. FISMA:
In accordance with the Federal Information Security Management Act (FISMA), all federal
agencies and their contractors are required to safeguard information systems and assets.
NIST, using NIST SP 800-53, was given authority under FISMA to define the framework
security standards (see definition below).

6. PCI DSS:
For all merchants who use credit or debit cards, the PCI DSS (Payment Card Industry Data
Security Standard) provides a set of security criteria.
For businesses that handle cardholder data, there is PCI DSS.
The PCI DSS specifies fundamental technological and operational criteria for safeguarding
cardholder data.
Cardholders are intended to be protected from identity theft and credit card fraud by the
PCI DSS standard.
 Engineering in One Video (EIOV) Watch video on EIOV

Happy Ending!