ML1726 – Cloud Computing Techniques

ML1726 CLOUD COMPUTING TECHNIQUES

UNIT II - CLOUD ARCHITECTURE AND VIRTUALIZATION
Cloud Computing Architecture: The cloud reference model – Architecture, Infrastructure and
hardware as a service, Platform as a service, Software as a service, Characteristics of virtualized
environments – Increased security, Managed execution, Portability, Taxonomy, Virtualization and
cloud computing, Pros and cons of virtualization, Technology examples – Xen, VMware, Microsoft
Hyper-V.

Layered Cloud Architecture Design:

 The architecture of a cloud is developed at three layers: infrastructure, platform and
Application.
 These three development layers are implemented with virtualization and standardization of
hardware and software resources provisioned in the cloud.
 The services to public, private and hybrid clouds are conveyed to users through
networking support over the Internet and intranets involved.
 It is clear that the infrastructure layer is deployed first to support IaaS services.
 This infrastructure layer serves as the foundation for building the platform layer of the
cloud for supporting PaaS services.
 In turn, the platform layer is a foundation for implementing the application layer for SaaS
applications.
 Different types of cloud services demand application of these resources separately.

Internet

Provisioning of resources

Software Layer (SaaS)

Platform Layer (PaaS)

Infrastructure Layer (IaaS)

● The infrastructure layer is built with virtualized compute, storage and network resources.
● The abstraction of these hardware resources is meant to provide the flexibility
demanded by users.
● Internally, virtualization realizes automated provisioning of resources and optimizes the
infrastructure management process.
ML1726 – Cloud Computing Techniques

● The platform layer is for general purpose and repeated usage of the collection of
software resources.
● This layer provides users with an environment to develop their applications, to test
operation flows and to monitor execution results and performance.
● The platform should be able to assure users that they have scalability, dependability, and
security protection.

● In a way, the virtualized cloud platform serves as a “system middleware” between the
infrastructure and application layers of the cloud.
● The application layer is formed with a collection of all needed software modules for SaaS
applications.
● Service applications in this layer include daily office management work such as information
retrieval, document processing and calendar and authentication services.
● The application layer is also heavily used by enterprises in business marketing and sales,
consumer relationship management (CRM), financial transactions and supply chain
management.
● From the provider’s perspective, the services at various layers demand different amounts of
functionality support and resource management by providers.
● In general, SaaS demands the most work from the provider, PaaS is in the middle, and IaaS
demands the least.
● For example, Amazon EC2 provides not only virtualized CPU resources to users but also
management of these provisioned resources.
● Services at the application layer demand more work from providers.
● The best example of this is the Salesforce.com CRM service in which the provider supplies
not only the hardware at the bottom layer and the software at the top layer but also the platform
and software tools for user application development and monitoring.
● In Market Oriented Cloud Architecture, as consumers rely on cloud providers to meet more
of their computing needs, they will require a specific level of QoS to be maintained by their
providers, in order to meet their objectives and sustain their operations.
● Market-oriented resource management is necessary to regulate the supply and demand of
cloud resources to achieve market equilibrium between supply and demand.
● This cloud is basically built with the following entities:
● Users or brokers acting on user’s behalf submit service requests from anywhere in the world
to the data center and cloud to be processed.
● The request examiner ensures that there is no overloading of resources whereby many service
requests cannot be fulfilled successfully due to limited resources.
● The Pricing mechanism decides how service requests are charged. For instance, requests can
be charged based on submission time (peak/off-peak), pricing rates (fixed/changing), or
ML1726 – Cloud Computing Techniques

availability of resources (supply/demand).

● The VM Monitor mechanism keeps track of the availability of VMs and their resource
entitlements.
● The Accounting mechanism maintains the actual usage of resources by requests so that the
final cost can be computed and charged to users.
● In addition, the maintained historical usage information can be utilized by the Service Request
Examiner and Admission Control mechanism to improve resource allocation decisions.
● The Dispatcher mechanism starts the execution of accepted service requests on allocated
VMs.
● The Service Request Monitor mechanism keeps track of the execution progress of service
requests.

NIST Cloud Computing Reference Architecture:

● NIST stands for National Institute of Standards and Technology
● The goal is to achieve effective and secure cloud computing to reduce cost and improve
services
NIST composed for six major workgroups specific to cloud computing.
○ Cloud computing target business use cases work group
○ Cloud computing Reference architecture and Taxonomy work group
○ Cloud computing standards roadmap work group
○ Cloud computing SAJACC (Standards Acceleration to Jumpstart Adoption of Cloud
Computing) work group
○ Cloud Computing security work group
Objectives of NIST Cloud Computing reference architecture
○ Illustrate and understand the various level of services
○ To provide technical reference
○ Categorize and compare services of cloud computing
○ Analysis of security, interoperatability and portability.

The conceptual reference architecture involves five actors. Each actor as entity participates in
cloud computing

Cloud Consumer Cloud Broker

Cloud Provider
Service orchestration Cloud Service
management Service
Cloud Auditor Service Layer Implementation
SaaS
Provisioning
Security Audit PaaS and
Security

Privacy

Configuring
Service
IaaS
Privacy impact Aggregation
Portability and
Resource abstraction
Audit Interoperat-
& Control Layer
Service Arbitrage
Performance Audit Physical resource Business support
Layer

Cloud Carrier

Conceptual reference model

ML1726 – Cloud Computing Techniques

● Cloud consumer: A person or an organization that maintains a business relationship with and uses a
services from cloud providers
● Cloud provider: A person, organization or entity responsible for making a service available to
interested parties
● Cloud auditor: A party that conduct independent assessment of cloud services, information
system operation, performance and security of cloud implementation
● Cloud broker: An entity that manages the performance and delivery of cloud services and
negotiates relationship between cloud provider and consumer.
● Cloud carrier: An intermediary that provides connectivity and transport of cloud services from
cloud providers to consumers.

Consumer Auditor

Broker Provider

Interaction between actors

● Above Figure illustrates the common interaction exist in between cloud consumer and provider
whereas the broker used to provide service to consumer and auditor collects the audit
information.
● The interaction between the actors may lead to different use case scenario.

Provider 1

Consumer Broker

Provider 2

Service from Cloud Broker

● Above Figure shows one kind of scenario in which the Cloud consumer may request service from
a cloud broker instead of contacting service provider directly. In this case, a cloud broker can
create a new service by combining multiple services.
ML1726 – Cloud Computing Techniques

Multiple SLA between actors

 Above figure illustrates the usage of different kind of Service Level Agreement (SLA)
between consumer, provider and carrier.

Auditor

Consumer Provider

Independent assessments by cloud auditor

 Above figure shows the scenario where the Cloud auditor conducts independent assessment of
operation and security of the cloud service implementation.
 Cloud consumer is a principal stake holder for the cloud computing service and requires service
level agreements to specify the performance requirements fulfilled by a cloud provider.

The cloud reference model:

The cloud computing reference model is an abstract model that divides a cloud computing environment
into abstraction layers and cross-layer functions to characterize and standardize its functions.
This reference model divides cloud computing activities and functions into three cross-layer
functions and five logical layers.
Each of these layers describes different things that might be present in a cloud computing environment,
such as computing systems, networking, storage equipment, virtualization software, security
measures, control and management software, and so forth. It also explains the connections between
these organizations. The five layers are the Physical layer, virtual layer, control layer, service
orchestration layer, and service layer.
Cloud Computing reference model is divided into 3 major service models:
1. Software as a Service (SaaS)
2. Platform as a Service (PaaS)
ML1726 – Cloud Computing Techniques

3. Infrastructure as a Service (IaaS)

IaaS, PaaS, and SaaS are the three most prevalent cloud delivery models, and together they
have been widely adopted and formalized. A cloud delivery service model is a specific,
preconfigured combination of IT resources made available by a cloud service provider. But
the functionality and degree of administrative control each of these three delivery types offer
cloud users varies. These abstraction layers can also be considered a tiered architecture, where
services from one layer can be combined with services from another, for example, SaaS can
supply infrastructure to create services from a higher layer. The development of cloud computing
introduces the concept of everything as a Service (XaaS). This is one of the most important elements
of cloud computing. Cloud services from different providers can be combined to provide a
completely integrated solution covering all the computing stack of a system. IaaS providers can
offer the bare metal in terms of virtual machines where PaaS solutions are deployed.
ML1726 – Cloud Computing Techniques

Infrastructure as a Service (IaaS)

IaaS is also known as Hardware as a Service (HaaS). It is a computing infrastructure managed over
the internet. The main advantage of using IaaS is that it helps users to avoid the cost and complexity
of purchasing and managing the physical servers.
Infrastructure as a Service (IaaS) offers storage and computer resources that developers and IT
organizations use to deliver custom/business solutions. IaaS delivers computer hardware (servers,
networking technology, storage, and data center space) as a service. It may also include the delivery
of OS and virtualization technology to manage the resources. Here, the more important point
is that IaaS customers rent computing resources instead of buying and installing them in their
data centers. The service is typically paid for on a usage basis. The service may include dynamic
scaling so that if the customers need more resources than expected, they can get them immediately.
The control of the IaaS layer is as follows:
 The consumer has full/partial control over the infrastructure of the cloud, servers, and databases.
 The consumer has control over the Virtual Machines' implementation and maintenance.
ML1726 – Cloud Computing Techniques

 The consumer has a choice of already installed VM machines with pre-installed Operating
systems.
 The cloud provider has full control over the data centers and the other hardware involved in
them.
 It has the ability to scale resources based on the usage of users.
 It can also copy data worldwide so that data can be accessed from anywhere in the world as soon
as possible.
Characteristics of IaaS:
There are the following characteristics of IaaS:
 Resources are available as a service
 Services are highly scalable
 Dynamic and flexible
 GUI and API-based access
 Automated administrative tasks
Example: DigitalOcean, Linode, Amazon Web Services (AWS), Microsoft Azure, Google
Compute Engine (GCE), Rackspace, and Cisco Metacloud

Platform as a Service (PaaS):

PaaS cloud computing platform is created for the programmer to develop, test, run, and manage the
applications. Platform as a Service is a strategy that offers a high level of abstraction to make a
cloud readily programmable in addition to infrastructure-oriented clouds that offer basic compute
and storage capabilities (PaaS). Developers can construct and deploy apps on a cloud platform
without necessarily needing to know how many processors or how much memory their
applications would use. A PaaS offering that provides a scalable environment for creating and
hosting web applications is Google App Engine, for instance.
Features of PaaS layer are as follows:
 The cloud provider has entire rights or control over the provision of cloud services to consumers.
 The cloud consumer has selective control based on the resources they need or have opted for on
the application server, database, or middleware.
 Consumers get environments in which they can develop their applications or databases. These
environments are usually very visual and very easy to use.
 Provides options for scalability and security of the user’s resources.
 Services to create workflows and websites
 Services to connect users’ cloud platforms to other external platforms.
Characteristics of PaaS:
There are the following characteristics of PaaS:
 Accessible to various users via the same development application.
ML1726 – Cloud Computing Techniques

 Integrates with web services and databases.

 Builds on virtualization technology, so resources can easily be scaled up or down as per the
organization's need
 Support multiple languages and frameworks.
 Provides an ability to "Auto-scale"
Example: AWS Elastic Beanstalk, Windows Azure, Heroku, Force.com, Google App Engine,
Apache Stratos, Magento Commerce Cloud, and OpenShift.

Software as a Service (SaaS)

SaaS is also known as "on-demand software". It is a software in which the applications are hosted
by a cloud service provider. Users can access these applications with the help of internet connection
and web browser.
The SaaS model is appealing for applications serving a wide range of users and that can be adapted
to specific needs with little further customization. This requirement characterizes SaaS as a one-to-
many software delivery model, whereby an application is shared across multiple users. This is the
case of CRM and ERP applications that constitute common needs for almost all enterprises, from
small to medium-sized and large business. Every enterprise will have the same requirements for the
basic features concerning CRM and ERP and different needs can be satisfied with further
customization.
SaaS applications are naturally multitenant. Multitenancy, which is a feature of SaaS compared to
traditional packaged software, allows providers to centralize and sustain the effort of managing
large hardware infrastructures, maintaining as well as upgrading applications transparently to the
users and optimizing resources by sharing the costs among the large user base.
Characteristics of SaaS:
There are the following characteristics of SaaS :
 Managed from a central locationoHosted on a remote server
 Accessible over the internet
 Users are not responsible for hardware and software updates.
 Updates are applied automatically.
 The services are purchased on the pay-as-per-use basis.
Example: BigCommerce, Google Apps, Salesforce, Dropbox, ZenDesk, Cisco WebEx,
ZenDesk, Slack, and GoToMeeting.
ML1726 – Cloud Computing Techniques

Difference between IaaS, PaaS, and SaaS:

Architectural Design Challenges

Challenge 1: Service Availability and Data Lock-in Problem

● The management of a cloud service by a single company is often the source of single points
of failure.
● To achieve HA, one can consider using multiple cloud providers.
● Even if a company has multiple data centers located in different geographic regions, it may
have common software infrastructure and accounting systems.
● Therefore, using multiple cloud providers may provide more protection from failures.
● Another availability obstacle is distributed denial of service (DDoS) attacks.
● Criminals threaten to cut off the incomes of SaaS providers by making their services
unavailable.
● Some utility computing services offer SaaS providers the opportunity to defend against DDoS
attacks by using quick scale ups.
● Software stacks have improved interoperability among different cloud platforms, but the APIs
itself are still proprietary. Thus, customers cannot easily extract their data and programs from
one site to run on another.
● The obvious solution is to standardize the APIs so that a SaaS developer can deploy services
and data across multiple cloud providers.
● This will rescue the loss of all data due to the failure of a single company.
● In addition to mitigating data lock-in concerns, standardization of APIs enables a new usage
model in which the same software infrastructure can be used in both public and private clouds.
● Such an option could enable surge computing, in which the public cloud is used to capture
the extra tasks that cannot be easily run in the data center of a private cloud.

Challenge 2: Data Privacy and Security Concerns

● Current cloud offerings are essentially public (rather than private) networks, exposing the
ML1726 – Cloud Computing Techniques

system to more attacks.

● Many obstacles can be overcome immediately with well understood technologies suchas
encrypted storage, virtual LANs, and network middle boxes (e.g., firewalls, packet filters).
● For example, the end user could encrypt data before placing it in a cloud. Many nations have
laws requiring SaaS providers to keep customer data and copyrighted material within national
boundaries.
● Traditional network attacks include buffer overflows, DoS attacks, spyware, malware,
rootkits, Trojan horses, and worms.
● In a cloud environment, newer attacks may result from hypervisor malware, guest hopping
and hijacking or VM rootkits.
● Another type of attack is the man-in-the-middle attack for VM migrations.
● In general, passive attacks steal sensitive data or passwords.
● On the other hand, Active attacks may manipulate kernel data structures which will cause
major damage to cloud servers.

Challenge 3: Unpredictable Performance and Bottlenecks

● Multiple VMs can share CPUs and main memory in cloud computing, but I/O sharing is
problematic.
● For example, to run 75 EC2 instances with the STREAM benchmark requires a mean
bandwidth of 1,355 MB/second.
● However, for each of the 75 EC2 instances to write 1 GB files to the local disk requires a
mean disk write bandwidth of only 55 MB/second.
● This demonstrates the problem of I/O interference between VMs.
● One solution is to improve I/O architectures and operating systems to efficiently
virtualize interrupts and I/O channels.
● Internet applications continue to become more data intensive.
● If we assume applications to be pulled apart across the boundaries of clouds, this may
complicate data placement and transport.
● Cloud users and providers have to think about the implications of placement and trafficat
every level of the system, if they want to minimize costs.
● This kind of reasoning can be seen in Amazon’s development of its new CloudFront
service.
● Therefore, data transfer bottlenecks must be removed, bottleneck links must be widenedand
weak servers should be removed.

Challenge 4: Distributed Storage and Widespread Software Bugs

● The database is always growing in cloud applications.

● The opportunity is to create a storage system that will not only meet this growth but also
combine it with the cloud advantage of scaling arbitrarily up and down on demand.
● This demands the design of efficient distributed SANs.
● Data centers must meet programmer’s expectations in terms of scalability, data
durability and HA.
● Data consistence checking in SAN connected data centers is a major challenge in cloud
computing.
● Large scale distributed bugs cannot be reproduced, so the debugging must occur at ascale
in the production data centers.
● No data center will provide such a convenience. One solution may be a reliance onusing
VMs in cloud computing.
ML1726 – Cloud Computing Techniques

● The level of virtualization may make it possible to capture valuable information in waysthat
are impossible without using VMs.
● Debugging over simulators is another approach to attacking the problem, if the simulatoris
well designed.

Challenge 5: Cloud Scalability, Interoperability, and Standardization

● The pay as you go model applies to storage and network bandwidth; both are counted in
terms of the number of bytes used.
● Computation is different depending on virtualization level.
● GAE automatically scales in response to load increases or decreases and the users are
charged by the cycles used.
● AWS charges by the hour for the number of VM instances used, even if the machine is
idle.
● The opportunity here is to scale quickly up and down in response to load variation, in
order to save money, but without violating SLAs.
● Open Virtualization Format (OVF) describes an open, secure, portable, efficient and
extensible format for the packaging and distribution of VMs.
● It also defines a format for distributing software to be deployed in VMs.
● This VM format does not rely on the use of a specific host platform, virtualization
platform or guest operating system.
● The approach is to address virtual platform is agnostic packaging with certification and
integrity of packaged software.
● The package supports virtual appliances to span more than one VM.
● OVF also defines a transport mechanism for VM templates and the format can apply to
different virtualization platforms with different levels of virtualization.
● In terms of cloud standardization, the ability for virtual appliances to run on any virtual
platform.
● The user is also need to enable VMs to run on heterogeneous hardware platform
hypervisors.
● This requires hypervisor-agnostic VMs.
● And also the user need to realize cross platform live migration between x86 Intel and
AMD technologies and support legacy hardware for load balancing.
Challenge 6: Software Licensing and Reputation Sharing

● Many cloud computing providers originally relied on open source software because the
licensing model for commercial software is not ideal for utility computing.
● The primary opportunity is either for open source to remain popular or simply for commercial
software companies to change their licensing structure to better fit cloud computing.
● One can consider using both pay for use and bulk use licensing schemes to widen the business
coverage.

Virtualization in Cloud Computing and Types

Virtualization is used to create a virtual version of an underlying service With the help of Virtualization,
multiple operating systems and applications can run on the same machine and its same hardware at the
same time, increasing the utilization and flexibility of hardware. It was initially developed during the
mainframe era.
Virtualization is a computer architecture technology by which multiple virtual machines (VMs) are
multiplexed in the same hardware machine.
ML1726 – Cloud Computing Techniques

Virtualization is a method of running multiple independent virtual operating systems on a single

physical computer.
Virtualization is essentially a technology that allows creation of different computing environments.
These environments are called virtual because they simulate the interface that is expected by a guest
It is one of the main cost-effective, hardware-reducing, and energy-saving techniques used by cloud
providers. Virtualization allows sharing of a single physical instance of a resource or an application among
multiple customers and organizations at one time. It does this by assigning a logical name to physical
storage and providing a pointer to that physical resource on demand. The term virtualization is often
synonymous with hardware virtualization, which plays a fundamental role in efficiently delivering
Infrastructure-as-a-Service (IaaS) solutions for cloud computing. Moreover, virtualization technologies
provide a virtual environment for not only executing applications but also for storage, memory, and
networking.

By using virtualization, you can interact with any hardware resource with greater flexibility. Physical
servers consume electricity, take up storage space, and need maintenance. You are often limited by
physical proximity and network design if you want to access them. Virtualization removes all these
limitations by abstracting physical hardware functionality into software. You can manage, maintain, and
use your hardware infrastructure like an application on the web.
Virtualization technologies have gained renewed interested recently due to the confluence of several
phenomena:
 Increased performance and computing capacity.
 Underutilized hardware and software resources.
 Lack of space.
 Greening initiatives.
 Rise of administrative costs
ML1726 – Cloud Computing Techniques

Components of virtualized environments

 Host Machine: The machine on which the virtual machine is going to be built is known as Host
Machine.
 Guest Machine: The virtual machine is referred to as a Guest Machine.

Benefits of Virtualization:
 More flexible and efficient allocation of resources.
 Enhance development productivity.
 It lowers the cost of IT infrastructure.
 Remote access and rapid scalability.
 High availability and disaster recovery.
 Pay peruse of the IT infrastructure on demand.
 Enables running multiple operating systems.

Drawback of Virtualization:
 High Initial Investment: Clouds have a very high initial investment, but it is also true that it will
help in reducing the cost of companies.
ML1726 – Cloud Computing Techniques

 Learning New Infrastructure: As the companies shifted from Servers to Cloud, it requires highly
skilled staff who have skills to work with the cloud easily, and for this, you have to hire new staff or
provide training to current staff.
 Risk of Data: Hosting data on third-party resources can lead to putting the data at risk, it has the
chance of getting attacked by any hacker or cracker very easily.

Characteristics of Virtualization:
 Increased Security: The ability to control the execution of a guest program in a completely
transparent manner opens new possibilities for delivering a secure, controlled execution
environment. All the operations of the guest programs are generally performed against the virtual
machine, which then translates and applies them to the host programs.
 Managed Execution: In particular, sharing, aggregation, emulation, and isolation are the most
relevant features.
 Sharing: Virtualization allows the creation of a separate computing environment within the
same host.
 Aggregation: It is possible to share physical resources among several guests, but virtualization
also allows aggregation, which is the opposite process.

Types of Virtualization:
1. Application Virtualization
2. Network Virtualization
3. Desktop Virtualization
4. Storage Virtualization
5. Server Virtualization
6. Data virtualization

1. Application Virtualization: Application virtualization helps a user to have remote access to an

application from a server. The server stores all personal information and other characteristics of the
application but can still run on a local workstation through the internet. An example of this would be a
user who needs to run two different versions of the same software. Technologies that use application
virtualization are hosted applications and packaged applications.
2. Network Virtualization: The ability to run multiple virtual networks with each having a separate
control and data plan. It co-exists together on top of one physical network. It can be managed by individual
parties that are potentially confidential to each other. Network virtualization provides a facility to create
and provision virtual networks, logical switches, routers, firewalls, load balancers, Virtual Private
Networks (VPN), and workload security within days or even weeks.
ML1726 – Cloud Computing Techniques

3. Desktop Virtualization: Desktop virtualization allows the users’ OS to be remotely stored on a server in
the data center. It allows the user to access their desktop virtually, from any location by a different machine.
Users who want specific operating systems other than Windows Server will need to have a virtual desktop.
The main benefits of desktop virtualization are user mobility, portability, and easy management of software
installation, updates, and patches.
4. Storage Virtualization: Storage virtualization is an array of servers that are managed by a virtual storage
system. The servers aren’t aware of exactly where their data is stored and instead function more like worker
bees in a hive. It makes managing storage from multiple sources be managed and utilized as a single
repository. storage virtualization software maintains smooth operations, consistent performance, and a
continuous suite of advanced functions despite changes, breaks down, and differences in the underlying
equipment.
5. Server Virtualization: This is a kind of virtualization in which the masking of server resources takes
place. Here, the central server (physical server) is divided into multiple different virtual servers by changing
the identity number, and processors. So, each system can operate its operating systems in an isolated manner.
Where each sub-server knows the identity of the central server. It causes an increase in performance and
reduces the operating cost by the deployment of main server resources into a sub-server resource. It’s
beneficial in virtual migration, reducing energy consumption, reducing infrastructural costs, etc.
ML1726 – Cloud Computing Techniques

6. Data Virtualization: This is the kind of virtualization in which the data is collected from various sources
and managed at a single place without knowing more about the technical information like how data is
collected, stored & formatted then arranged that data logically so that its virtual view can be accessed by its
interested people and stakeholders, and users through the various cloud services remotely. Many big giant
companies are providing their services like Oracle, IBM, At scale, Cdata, etc.

Uses of Virtualization
 Data-integration
 Business-integration
 Service-oriented architecture data-services
 Searching organizational data

Virtualization example
Consider a company that needs servers for three functions:
Store business email securely
Run a customer-facing application
Run internal business applications
Each of these functions has different configuration requirements:
 The email application requires more storage capacity and a Windows operating system.
 The customer-facing application requires a Linux operating system and high processing power to
handle large volumes of website traffic.
 The internal business application requires iOS and more internal memory (RAM).
To meet these requirements, the company sets up three different dedicated physical servers for each
application. The company must make a high initial investment and perform ongoing maintenance and
upgrades for one machine at a time. The company also cannot optimize its computing capacity. It pays 100%
of the servers’ maintenance costs but uses only a fraction of their storage and processing capacities.
Efficient hardware use
ML1726 – Cloud Computing Techniques

With virtualization, the company creates three digital servers, or virtual machines, on a single physical
server. It specifies the operating system requirements for the virtual machines and can use them like the
physical servers. However, the company now has less hardware and fewer related expenses.
Infrastructure as a service
The company can go one step further and use a cloud instance or virtual machine from a cloud computing
provider such as AWS. AWS manages all the underlying hardware, and the company can request server
resources with varying configurations. All the applications run on these virtual servers without the users
noticing any difference. Server management also becomes easier for the company’s IT team.

Virtualization of CPU, Memory and I/O Devices

● To support virtualization, processors such as the x86 employ a special running mode and
instructions known as hardware assisted virtualization.
● For the x86 architecture, Intel and AMD have proprietary technologies for hardware assisted
virtualization.

Figure provides an overview of Intel’s full virtualization techniques. For processor virtualization,
Intel offers the VT-x or VT-i technique. VT-x adds a privileged mode (VMX Root Mode) and some
instructions to processors. This enhancement traps all sensitive instructions in the VMM
automatically. For memory virtualization, Intel offers the EPT(Extended Page Table), which translates
the virtual address to the machine’s physical addresses to improve performance. For I/O virtualization,
Intel implements VT-d and VT-c to support this.

Hardware support for virtualization

● Modern operating systems and processors permit multiple processes to run

simultaneously. If there is no protection mechanism in a processor, all instructions from
different processes will access the hardware directly and cause a system crash.
● All processors have at least two modes, user mode and supervisor mode, to ensure
controlled access of critical hardware.
● Instructions running in supervisor mode are called privileged instructions. Other
instructions are unprivileged instructions.
● In a virtualized environment, it is more difficult to make OSes and applications run
ML1726 – Cloud Computing Techniques

correctly because there are more layers in the machine stack.

● At the time of this writing, many hardware virtualization products were available.

● The VMware Workstation is a VM software suite for x86 and x86-64 computers.
● This software suite allows users to set up multiple x86 and x86-64 virtual computers and
to use one or more of these VMs simultaneously with the host operating system.
● The VMware Workstation assumes the host-based virtualization.

● Xen is a hypervisor for use in IA-32, x86-64, Itanium and PowerPC 970 hosts.
● One or more guest OS can run on top of the hypervisor.
● KVM is a Linux kernel virtualization infrastructure.
● KVM can support hardware assisted virtualization and paravirtualization by using the Intel
VT-x or AMD-v and VirtIO framework, respectively.
● The VirtIO framework includes a paravirtual Ethernet card, a disk I/O controller and a
balloon device for adjusting guest memory usage and a VGA graphics interface using
VMware drivers.

CPU virtualization

● A VM is a duplicate of an existing computer system in which a majority of the VM

instructions are executed on the host processor in native mode.
● The unprivileged instructions of VMs run directly on the host machine for higherefficiency.
● The critical instructions are divided into three categories: privileged instructions, control
sensitive instructions, and behavior sensitive instructions.
● Privileged instructions execute in a privileged mode and will be trapped if executed outside
this mode.
● Control sensitive instructions attempt to change the configuration of resources used.

● Behavior sensitive instructions have different behaviors depending on the configuration of

resources, including the load and store operations over the virtual memory.
● CPU architecture is virtualizable if it supports the ability to run the VM’s privileged and
unprivileged instructions in the CPU’s user mode while the VMM runs in supervisor
mode.
● The privileged instructions including control and behavior sensitive instructions of a VM
are executed; they are trapped in the VMM.
● RISC CPU architectures can be naturally virtualized because all control and behavior
sensitive instructions are privileged instructions.
● The x86 CPU architectures are not primarily designed to support virtualization.
ML1726 – Cloud Computing Techniques

Hardware-assisted CPU virtualization

● This technique attempts to simplify virtualization because full or paravirtualization is

complicated.
● Intel and AMD add an additional mode called privilege mode level (some people call it
Ring-1) to x86 processors.

● Therefore, operating systems can still run at Ring 0 and hypervisor can run at Ring 1.

● All the privileged and sensitive instructions are trapped in the hypervisor automatically.

● This technique removes the difficulty of implementing binary translation of full

virtualization.
● It also lets the operating system run in VMs without modification.

Memory virtualization

● Virtual memory virtualization is similar to the virtual memory support provided by modern
operating systems.

● In a traditional execution environment, the operating system maintains mappings of

virtual memory to machine memory using page tables, which is a one stage mapping from
virtual memory to machine memory.
● All modern x86 CPUs include a memory management unit (MMU) and a translation
lookaside buffer (TLB) to optimize virtual memory performance.
● However, in a virtual execution environment, virtual memory virtualization involves sharing
the physical system memory in RAM and dynamically allocating it to the physical memory
of the VMs.
● That means a two stage mapping process should be maintained by the guest OS andthe
VMM, respectively: virtual memory to physical memory and physical memory to machine
memory.
● MMU virtualization should be supported, which is transparent to the guest OS.

● The guest OS continues to control the mapping of virtual addresses to the physical
memory addresses of VMs.
● But the guest OS cannot directly access the actual machine memory.

● The VMM is responsible for mapping the guest physical memory to the actual machine
memory.
● Since each page table of the guest OSes has a separate page table in the VMM
corresponding to it, the VMM page table is called the shadow page table.
● Nested page tables add another layer of indirection to virtual memory.
● The MMU already handles virtual-to-physical translations as defined by the OS. Thenthe
ML1726 – Cloud Computing Techniques

physical memory addresses are translated to machine addresses using another set of
page tables defined by the hypervisor.
● VMware uses shadow page tables to perform virtual-memory-to-machine-memory address
translation.
● Processors use TLB hardware to map the virtual memory directly to the machine memory
to avoid the two levels of translation on every access.
● When the guest OS changes the virtual memory to a physical memory mapping, the VMM
updates the shadow page tables to enable a direct lookup.
● The AMD Barcelona processor has featured hardware assisted memory virtualization
since 2007.
● It provides hardware assistance to the two stage address translation in a virtual execution
environment by using a technology called nested paging.

I/O virtualization

● I/O virtualization involves managing the routing of I/O requests between virtual devices
and the shared physical hardware.
● There are three ways to implement I/O virtualization: full device emulation,
paravirtualization, and direct I/O.
● Full device emulation is the first approach for I/O virtualization. Generally, this approach
emulates well known and real world devices.
● All the functions of a device or bus infrastructure, such as device enumeration,
identification, interrupts, and DMA are replicated in software.
● This software is located in the VMM and acts as a virtual device.
● The I/O access requests of the guest OS are trapped in the VMM which interacts with
the I/O devices.
● A single hardware device can be shared by multiple VMs that run concurrently.
However, software emulation runs much slower than the hardware it emulates.
Guest OS
Guest Device Driver

Virtualization Layer
Virtual Hardware
Device Emulation
I/O Stack
Device Driver

Physical Hardware

Device emulation for I/O Virtualization

ML1726 – Cloud Computing Techniques

● The para-virtualization method of I/O virtualization is typically used in Xen. It is also known
as the split driver model consisting of a frontend driver and a backend driver.
● The frontend driver is running in Domain U and the backend driver is running in Domain 0.
They interact with each other via a block of shared memory.

● The frontend driver manages the I/O requests of the guest OSes and the backend driver
is responsible for managing the real I/O devices and multiplexing the I/O data of different
VMs.
● Para I/O-virtualization achieves better device performance than full device emulation, it
comes with a higher CPU overhead.

● Direct I/O virtualization lets the VM access devices directly. It can achieve close-to- native
performance without high CPU costs.
● However, current direct I/O virtualization implementations focus on networking for
mainframes. There are a lot of challenges for commodity hardware devices.
● For example, when a physical device is reclaimed (required by workload migration) for
later reassignment, it may have been set to an arbitrary state (e.g., DMA to some arbitrary
memory locations) that can function incorrectly or even crash the whole system.
● Since software based I/O virtualization requires a very high overhead of device emulation,
hardware-assisted I/O virtualization is critical.
● Intel VT-d supports the remapping of I/O DMA transfers and device generated interrupts.
The architecture of VT-d provides the flexibility to support multiple usage models that may
run unmodified, special-purpose, or “virtualization-aware” guest OSes.
● Another way to help I/O virtualization is via self virtualized I/O (SV-IO).
● The key idea of SV-IO is to harness the rich resources of a multicore processor. All tasks
associated with virtualizing an I/O device are encapsulated in SV-IO.
● It provides virtual devices and an associated access API to VMs and a management API
to the VMM.
● SV-IO defines one virtual interface (VIF) for every kind of virtualized I/O device, such as
virtual network interfaces, virtual block devices (disk), virtual camera devices.

Virtualization Support and Disaster Recovery

● One very distinguishing feature of cloud computing infrastructure is the use of system
virtualization and the modification to provisioning tools.
● Virtualization of servers on a shared cluster can consolidate web services.
● In cloud computing, virtualization also means the resources and fundamental infrastructure
are virtualized.
ML1726 – Cloud Computing Techniques

● The user will not care about the computing resources that are used for providing the
services.
● Cloud users do not need to know and have no way to discover physical resources thatare
involved while processing a service request.
● In addition, application developers do not care about some infrastructure issues such as
scalability and fault tolerance. Application developers focus on service logic.

● In many cloud computing systems, virtualization software is used to virtualize thehardware.

● System virtualization software is a special kind of software which simulates theexecution of hardware
and runs even unmodified operating systems.
● Cloud computing systems use virtualization software as the running environment for legacy software
such as old operating systems and unusual applications.

Hardware Virtualization:

● Virtualization software is also used as the platform for developing new cloud applications
that enable developers to use any operating systems and programming environments they
like.
ML1726 – Cloud Computing Techniques

● The development environment and deployment environment can now be the same, which
eliminates some runtime problems.
● VMs provide flexible runtime services to free users from worrying about the system
environment.
● Using VMs in a cloud computing platform ensures extreme flexibility for users. As the
computing resources are shared by many users, a method is required to maximize the user’s
privileges and still keep them separated safely.
● Traditional sharing of cluster resources depends on the user and group mechanism on a
system.
○ Such sharing is not flexible.
○ Users cannot customize the system for their special purposes.
○ Operating systems cannot be changed.
○ The separation is not complete.
● An environment that meets one user’s requirements often cannot satisfy another user.
Virtualization allows us to have full privileges while keeping them separate.
● Users have full access to their own VMs, which are completely separate from other
user’s VMs.
● Multiple VMs can be mounted on the same physical server. Different VMs may run
withdifferent OSes.
● The virtualized resources form a resource pool.
● The virtualization is carried out by special servers dedicated to generating the virtualized
resource pool.
● The virtualized infrastructure (black box in the middle) is built with many
virtualizing integration managers.
● These managers handle loads, resources, security, data, and provisioning functions.
● Each platform carries out a virtual solution to a user job. All cloud services are managed
in the boxes at the top.

Install
Configure Configure Automatic
Install OS backup
hardware agent revocery

Restore VM start data

configuration recovery

Conventional disaster recover scheme versus live migration of VMs

Virtualization Support in Public Clouds

● AWS provides extreme flexibility (VMs) for users to execute their own applications.
● GAE provides limited application level virtualization for users to build applications
onlybased on the services that are created by Google.
● Microsoft provides programming level virtualization (.NET virtualization) for users to
buildtheir applications.
● The VMware tools apply to workstations, servers, and virtual infrastructure.
● The Microsoft tools are used on PCs and some special servers.
ML1726 – Cloud Computing Techniques

● The XenEnterprise tool applies only to Xen-based servers.

Virtualization for IaaS

● VM technology has increased in ubiquity.

● This has enabled users to create customized environments atop physical infrastructure
for cloud computing.
● Use of VMs in clouds has the following distinct benefits:
○ System administrators consolidate workloads of underutilized servers in fewer
servers
○ VMs have the ability to run legacy code without interfering with other APIs
○ VMs can be used to improve security through creation of sandboxes for running
applications with questionable reliability
○ Virtualized cloud platforms can apply performance isolation, letting
providersoffer some guarantees and better QoS to customer applications.

VM Cloning for Disaster Recovery

● VM technology requires an advanced disaster recovery scheme.

○ One scheme is to recover one physical machine by another physical machine.

○ The second scheme is to recover one VM by another VM.

● As shown in the top timeline of Figure 2.13, traditional disaster recovery from one
physical machine to another is rather slow, complex, and expensive.
● Total recovery time is attributed to the hardware configuration, installing and configuring
the OS, installing the backup agents and the long time to restart the physical machine.
● To recover a VM platform, the installation and configuration times for the OS and backup
agents are eliminated.
● Virtualization aids in fast disaster recovery by VM encapsulation.
● The cloning of VMs offers an effective solution.
● The idea is to make a clone VM on a remote server for every running VM on a local
server.
● Among the entire clone VMs, only one needs to be active.
● The remote VM should be in a suspended mode.
● A cloud control center should be able to activate this clone VM in case of failure of the
original VM, taking a snapshot of the VM to enable live migration in a minimal amount of
time.
● The migrated VM can run on a shared Internet connection. Only updated data and modified
states are sent to the suspended VM to update its state.
● The Recovery Property Objective (RPO) and Recovery Time Objective (RTO) are
affected by the number of snapshots taken.
● Security of the VMs should be enforced during live migration of VMs.

Virtualization Structures, Tools and Mechanisms

● In general, there are three typical classes of VM architecture.
● The virtualization layer is responsible for converting portions of the real hardware into
ML1726 – Cloud Computing Techniques

virtual hardware.
● Therefore, different operating systems such as Linux and Windows can run on the same
physical machine, simultaneously.
● Depending on the position of the virtualization layer, there are several classes of VM
architectures, namely the hypervisor architecture, paravirtualization and host based
virtualization.
● The hypervisor is also known as the VMM (Virtual Machine Monitor). They both perform
the same virtualization operations.

Hypervisor and Xen architecture

● The hypervisor supports hardware level virtualization on bare metal devices like CPU,
memory, disk and network interfaces.
● The hypervisor software sits directly between the physical hardware and its OS. This
virtualization layer is referred to as either the VMM or the hypervisor.
● The hypervisor provides hypercalls for the guest OSes and applications.

● Depending on the functionality, a hypervisor can assume micro kernel architecture like the
Microsoft Hyper-V.
● It can assume monolithic hypervisor architecture like the VMware ESX for server
virtualization.
● A micro kernel hypervisor includes only the basic and unchanging functions (such as
physical memory management and processor scheduling).

● The device drivers and other changeable components are outside the hypervisor.

● A monolithic hypervisor implements all the aforementioned functions, including those of

the device drivers. Therefore, the size of the hypervisor code of a micro-kernel hypervisor
is smaller than that of a monolithic hypervisor.
● Essentially, a hypervisor must be able to convert physical devices into virtual resources
dedicated for the deployed VM to use.

Xen architecture

● Xen is an open source hypervisor program developed by Cambridge University.

● Xen is a microkernel hypervisor, which separates the policy from the mechanism.

● The Xen hypervisor implements all the mechanisms, leaving the policy to be handled by
Domain 0. Figure 2.9 shows architecture of Xen hypervisor.
ML1726 – Cloud Computing Techniques

● Xen does not include any device drivers natively. It just provides a mechanism by which a
guest OS can have direct access to the physical devices.

● As a result, the size of the Xen hypervisor is kept rather small.

● Xen provides a virtual environment located between the hardware and the OS.

APPLICATION
APPLICATION
APPLICATION
APPLICATION

APPLICATION

APPLICATION

DOMAIN 0 GUEST DOMAIN

XEN

HARDWARE DEVICES

Xen domain 0 for control and I/O & guest domain for user applications.
● The core components of a Xen system are the hypervisor, kernel, and applications.

● The organization of the three components is important.

● Like other virtualization systems, many guest OSes can run on top of the hypervisor.

● However, not all guest OSes are created equal, and one in particular controls the others.

● The guest OS, which has control ability, is called Domain 0, and the others are called
Domain U.
● Domain 0 is a privileged guest OS of Xen. It is first loaded when Xen boots without any
file system drivers being available.
● Domain 0 is designed to access hardware directly and manage devices. Therefore, oneof
the responsibilities of Domain 0 is to allocate and map hardware resources for the guest
domains (the Domain U domains).
ML1726 – Cloud Computing Techniques
● For example, Xen is based on Linux and its security level is C2. Its
management VM is named Domain 0 which has the privilege to manage
other VMs implemented on thesame host.

● If Domain 0 is compromised, the hacker can control the entire system. So, in
the VM system, security policies are needed to improve the security of Domain
0.

● Domain 0, behaving as a VMM, allows users to create, copy, save, read,

modify, share, migrate and roll back VMs as easily as manipulating a file,
which flexibly provides tremendous benefits for users.

Cloud Computing Platforms and Technologies

Amazon Web Services (AWS)
● AWS provides different wide-ranging clouds IaaS services, which ranges
from virtual compute, storage, and networking to complete computing
stacks.
● AWS is well known for its storage and compute on demand services, named
as Elastic Compute Cloud (EC2) and Simple Storage Service (S3).
● EC2 offers customizable virtual hardware to the end user which can be
utilized as the base infrastructure for deploying computing systems on the
cloud.
● S3 is well ordered into buckets which contain objects that are stored in
binary form and can be grown with attributes. End users can store objects
of any size, from basic file to full disk images and have them retrieval from
anywhere.
● In addition, EC2 and S3, a wide range of services can be leveraged to build
virtual computing systems including: networking support, caching system,
DNS, database support, and others.

Google AppEngine
● Google AppEngine is a scalable runtime environment frequently
ML1726 – Cloud Computing Techniques
dedicated to executing web applications.
● These utilize the benefits of the large computing infrastructure of
Google to dynamically scale as per the demand.
● AppEngine offers both a secure execution environment and a collection
of which simplifies the development of scalable and high-performance
Web applications.
● These services include: in-memory caching, scalable data store, job
queues, messaging, and corn tasks.
● Currently, the supported programming languages are Python, Java, and Go.
● Microsoft Azure is a Cloud operating system and a platform in which
users can develop the applications in the cloud.
● Azure provides a set of services that support storage, networking, caching,
content delivery, and others.
Hadoop
● Hadoop is an implementation of MapReduce, an application programming
model which is developed by Google.
● This model provides two fundamental operations for data processing: map and
reduce.
Force.com and Salesforce.com –
● Force.com is a Cloud computing platform at which users can develop social
enterprise applications.
● The platform is the basis of SalesForce.com – a Software-as-a-Service
solution for customer relationship management.
● Force.com allows creating applications by composing ready-to-use blocks: a
complete set of components supporting all the activities of an enterprise are
available.
● From the design of the data layout to the definition of business rules and user
interface is provided by Force.com as a support.
● This platform is completely hostel in the Cloud, and provides complete
access to its functionalities, and those implemented in the hosted
applications through Web services technologies.