Directions: Answer each question individual and respond with full knowledge and understanding. Use 100% original work and turn in on before or date requested..
1. How did you apply the knowledge, skills, and attitudes from previous courses to the application of your capstone project? What did you learn from those experiences that prepared you for the capstone?
2. After implementing your capstone, you will have an opportunity to conduct a post-assessment and evaluate the success of the project. Before getting the results, what do you expect to learn from the post-assessment? Do you feel your capstone project was successful? What could you have done differently or improved upon?
3. Now that you have finished your capstone project, reflect on its function, purpose, and success with your classmates. What do you wish you had known before starting? If you wanted to continue the project, what would be your next steps?
4. During this topic, you will compile a leadership portfolio that encapsulates key assignments that helped shape you as a leader. How will this portfolio reflect your vision as a leader? How does it demonstrate your growth throughout the program?
School of Computer & Information Sciences
ITS-532 Cloud Computing
Chapter 5 – Identity as a Service (IDaaS)
Content from:
Primary Textbook: Jamsa, K. A. (2013). Cloud computing: SaaS, PaaS, IaaS, virtualization, business models, mobile, security and more. Burlington, MA: Jones & Bartlett Learning.
Secondary Textbook: Erl, T., Mahmood, Z., & Puttini, R. (2014). Cloud computing: concepts, technology, & architecture. Upper Saddle River, NJ: Prentice Hall.
1
Learning Objectives
Describe challenges related to ID management.
Describe and discuss single sign-on (SSO) capabilities.
List the advantages of IDaaS solutions.
Discuss IDaaS solutions offered by various companies.
IDaaS Defined
Identity (or identification) as a service (IDaaS)—Cloud-based approaches to managing user identities, including usernames, passwords, and access. Also sometimes referred to as “identity management as a service.
Identity and Access Management (IAM)
Identity and Access Management includes the components and policies necessary to control user identify and access privileges.
Authentication
Username/Password, digital signatures, digital certificates, biometrics
Authorization
Granular controls for mapping identities and rights
User Management
Creation and administration of new user identities, groups, passwords, and policies
Credential Management
Establishes identities and access control rules for user accounts
4
(Erl, 2014)
Single Sign-On (SSO)
Single sign-on (SSO)—PA process that allows a user to log into a central authority and then access other sites and services for which he or she has credentials.
Advantages of SSO
Fewer username and password combinations for users to remember and manage
Less password fatigue caused by the stress of managing multiple passwords
Less user time con.
Directions Answer each question individual and respond with full .docx
1. Directions: Answer each question individual and respond with
full knowledge and understanding. Use 100% original work and
turn in on before or date requested..
1. How did you apply the knowledge, skills, and attitudes from
previous courses to the application of your capstone project?
What did you learn from those experiences that prepared you for
the capstone?
2. After implementing your capstone, you will have an
opportunity to conduct a post-assessment and evaluate the
success of the project. Before getting the results, what do you
expect to learn from the post-assessment? Do you feel your
capstone project was successful? What could you have done
differently or improved upon?
3. Now that you have finished your capstone project, reflect on
its function, purpose, and success with your classmates. What
do you wish you had known before starting? If you wanted to
continue the project, what would be your next steps?
4. During this topic, you will compile a leadership portfolio that
encapsulates key assignments that helped shape you as a leader.
How will this portfolio reflect your vision as a leader? How
does it demonstrate your growth throughout the program?
School of Computer & Information Sciences
ITS-532 Cloud Computing
2. Chapter 5 – Identity as a Service (IDaaS)
Content from:
Primary Textbook: Jamsa, K. A. (2013). Cloud computing:
SaaS, PaaS, IaaS, virtualization, business models, mobile,
security and more. Burlington, MA: Jones & Bartlett Learning.
Secondary Textbook: Erl, T., Mahmood, Z., & Puttini, R.
(2014). Cloud computing: concepts, technology, & architecture.
Upper Saddle River, NJ: Prentice Hall.
1
Learning Objectives
Describe challenges related to ID management.
Describe and discuss single sign-on (SSO) capabilities.
List the advantages of IDaaS solutions.
Discuss IDaaS solutions offered by various companies.
IDaaS Defined
Identity (or identification) as a service (IDaaS)—Cloud-based
approaches to managing user identities, including usernames,
passwords, and access. Also sometimes referred to as “identity
management as a service.
Identity and Access Management (IAM)
Identity and Access Management includes the components and
policies necessary to control user identify and access
privileges.
3. Authentication
Username/Password, digital signatures, digital certificates,
biometrics
Authorization
Granular controls for mapping identities and rights
User Management
Creation and administration of new user identities, groups,
passwords, and policies
Credential Management
Establishes identities and access control rules for user accounts
4
(Erl, 2014)
Single Sign-On (SSO)
Single sign-on (SSO)—PA process that allows a user to log into
a central authority and then access other sites and services for
which he or she has credentials.
Advantages of SSO
Fewer username and password combinations for users to
remember and manage
Less password fatigue caused by the stress of managing
multiple passwords
Less user time consumed by having to log in to individual
systems
Fewer calls to help desks for forgotten passwords
A centralized location for IT staff to manage password
4. compliance and reporting
Disadvantages of SSO
The primary disadvantage of SSO systems is the potential for a
single source of failure. If the authentication server fails, users
will not be able to log in to other servers.
Thus, having a cloud-based authentication server with system
redundancy reduces the risk of system unavailability.
How Single Sign On Works
The single sign on mechanism enables one cloud service
consumer to be authenticated by a security broker. Once
established, the security context is persistent when the
consumer accesses other cloud based IT resources.
8
(Erl, 2014)
Figure 10.9 - A cloud consumer provides the security broker
with login credentials (1). The security broker response with an
authentication token (message with small lock symbol) upon
successful authentication, which contains cloud service
consumer identify information (2) that is used to automatically
authenticate the cloud service consumer across Cloud Services
A, B, and C (3).
5. Federated ID Management
FIDM describes the technologies and protocols that combine to
enable a user to bring security credentials across different
security domains (different servers running potentially different
operating systems).
Security Assertion Markup Language (SAML)
Behind the scenes, many FIDM systems use the Security
Assertion Markup Language (SAML) to package a user’s
security credentials.
Account Provisioning
The process of creating a user account on a system is called
account provisioning.
Because different employees may need different capabilities on
each system, the provisioning process can be complex.
When an employee leaves the company, a deprovisioning
process must occur to remove the user’s accounts.
Unfortunately, the IT staff is not always immediately informed
that an employee no longer works for the company, or the IT
staff misses a server account and the user may still have access
to one or more systems.
4 A’s of Cloud Identity
6. Authentication: The process of validating a user for on-site and
cloud-based solutions.
Authorization: The process of determining and specifying what
a user is allowed to do on each server.
Account management: The process of synchronizing user
accounts by provisioning and deprovisioning access.
Audit logging: The process of tracking which applications users
access and when.
Real World: Ping Identity IDaaS
Ping Identity provides cloud-based ID management software
that supports FIDM and user account provisioning.
Real World: PassworkBank IDaaS
PasswordBank provides an IDaaS solution that supports on-site
and cloud-based system access. Its FIDM service supports
enterprise-wide SSO (E-SSO) and SSO for web-based
applications (WebSSO).
The PasswordBank solutions perform the FIDM without the use
of SAML.
PasswordBank solutions support a myriad of devices, including
the iPhone.
7. OpenID
OpenID allows users to use an existing account to log in to
multiple websites. Today, more than 1 billion OpenID accounts
exist and are accepted by thousands of websites.
Companies that support OpenID include Google, Yahoo!, Flickr,
Myspace, WordPress.com, and more
Advantages of Using OpenID
Increased site conversion rates (rates at which customers choose
to join websites) because users do not need to register
Access to greater user profile content
Fewer problems with lost passwords
Ease of content integration into social networking sites
Mobile ID Management
Threats to mobile devices include the following:
Identity theft if a device is lost or stolen
Eavesdropping on data communications
Surveillance of confidential screen content
Phishing of content from rogue sites
Man-in-the-middle attacks through intercepted signals
Inadequate device resources to provide a strong security
implementation
Social attacks on unaware users that yield identity information
8. Cloud Based Security Groups
Cloud resource segmentation is a process of creating separate
physical and virtual IT environments for different users and
groups to increase security.
18
(Erl, 2014)
Figure 10.11 - Cloud-Based Security Group A encompasses
Virtual Servers A and D and is assigned to Cloud Consumer A.
Cloud-Based Security Group B is comprised of Virtual Servers
B, C, and E and is assigned to Cloud Consumer B. If Cloud
Service Consumer A’s credentials are compromised, the attacker
would only be able to access and damage the virtual servers in
Cloud-Based Security Group A, thereby protecting Virtual
Servers B, C, and E.
Hardened Virtual Server Images
When creating a virtual server from a template, the hardening
process removes unnecessary software from the system to limit
vulnerabilities that could be exploited by hackers.
19
(Erl, 2014)
Figure 10.13 - A cloud provider applies its security policies to
harden its standard virtual server images.
Key Terms
9. References
Primary:
Jamsa, K. A. (2013). Cloud computing: SaaS, PaaS, IaaS,
virtualization, business models, mobile, security and more.
Burlington, MA: Jones & Bartlett Learning.
Secondary:
Erl, T., Mahmood, Z., & Puttini, R. (2014). Cloud computing:
concepts, technology, & architecture. Upper Saddle River, NJ:
Prentice Hall.
21
School of Computer & Information Sciences
ITS-532 Cloud Computing
Chapter 4 – Infrastructure as a Service (IaaS)
Content from:
Primary Textbook: Jamsa, K. A. (2013). Cloud computing:
SaaS, PaaS, IaaS, virtualization, business models, mobile,
10. security and more. Burlington, MA: Jones & Bartlett Learning.
Secondary Textbook: Erl, T., Mahmood, Z., & Puttini, R.
(2014). Cloud computing: concepts, technology, & architecture.
Upper Saddle River, NJ: Prentice Hall.
1
Define and describe IaaS and identify IaaS solution providers.
Define and describe colocation.
Define and describe system and storage redundancy.
Define and describe cloud-based network-attached storage
(NAS) devices and identify solution providers.
Define and describe load balancing and identify cloud-based
solution providers.
Describe the pros and cons of IaaS solutions.
Learning Objectives
An IaaS provider makes all of the computing hardware
resources available, and the customers, in turn, are responsible
for installing and managing the systems, which they can
normally do, for the most part, over the Internet.
IaaS Defined
What Data Centers Must Provide
Access to high-speed and redundant Internet service
Sufficient air conditioning to eliminate the heat generated by
servers and disk storage devices
Conditioned power with the potential for uninterrupted power
11. supply in the short term and long term through the use of on-
site diesel powered generators
Fire suppression systems
Administrative staffing to support hardware, networks, and
operating systems
Bottom Line: Data Centers are Expensive
Co-located Data Centers
To reduce the risk of a single point of failure, companies often
create a duplicate data center at a remote location.
Should one of the data centers fail, the other can immediately
take over operations.
Unfortunately, the second data center will increase the
company’s costs—essentially doubling them—because there are
duplicate servers, storage devices, network equipment, Internet
access, and staffing.
Co-located Data Center
12. What Co-located Systems Accomplish
Makes the company less susceptible to fire, acts of God, and
terrorism
Improves performance through a distributed workload
Makes the company less susceptible to downtime due to power
loss from a blackout or brownout
IaaS solutions allow smaller companies to eliminate the need
for their own on-site data center
IaaS
Solution
s May Support Many Different Companies
Load Balancing
Across the web, sites experience a wide range of network traffic
requirements.
Sites such as Google, Yahoo!, Amazon, and Microsoft
experience millions of user hits per day. To handle such web
requests, the sites use a technique known as load balancing, to
13. share the requests across multiple servers.
Load Balancing Continued
Load balancing uses a server to route traffic to multiple servers
which, in turn, share the workload.
Load Balancing and Replicated Databases
Load balanced systems, for data redundancy, often replicate
databases on multiple servers.
Each database, in turn, will send data updates to the other to
maintain data synchronization between the servers.
14. Cloud-Based Data Replication
Using cloud-based NAS devices and cloud-based databases,
companies can replicate key data within the cloud.
Real World: Rackspace IaaS
Rackspace has emerged as one of the largest players in the IaaS
market. Rackspace offers a set of solutions that include cloud
hosting, managed hosting (including 24/7 data-center like
management), and hybrid solutions that combine the cloud and
managed services.
Within minutes, from the Rackspace website an administrator
can select a solution that deploys from 1 to 50 servers. Larger
configurations are available.
Rackspace Continued
15. Today Rackspace offers cloudbased solutions to hundreds of
thousands of clients. Rackspace houses its data centers at very
large facilities located around the world.
With respect to the cloud, Rackspace offers pay as you go
scalability, with on-demand storage and load balancing. Beyond
cloud hosting, Rackspace provides solutions for cloud-based e-
mail, Exchange hosting, file sharing, backups, and
collaboration.
Network Attached Storage (NAS)
Cloud-based NAS devices present cloud-based storage as
mountable devices, which may be replicated in the cloud to
meet a company’s data redundancy needs.
Real World: Nirvanix IaaS
The Nirvanix IaaS provides cloud-based NAS, which is
16. accessible through the CloudNAS file system.
Advantages of IaaS
Elimination of an expensive and staff-intensive data center
Ease of hardware scalability
Reduced hardware cost
On-demand, pay as you go scalability
Reduction of IT staff
Suitability for ad hoc test environments
Allows complete system administration and management
IaaS Server Types
Physical server: Actual hardware is allocated for the customer’s
dedicated use.
Dedicated virtual server: The customer is allocated a virtual
server, which runs on a physical server that may or may not
17. have other virtual servers.
Shared virtual server: The customer can access a virtual server
on a device that may be shared with other customers.
IaaS Server Types Continued
Within an IaaS environment, customers can allocate various
server types.
Data Center Technology
Virtualization
Standardization and Modularity
Automation
Remote Operation and Management
High Availability
Security-Aware Design, Operation, and Management
Facilities
18. Computing Hardware
Storage Hardware
(Erl, 2014)
Storage Technologies
Hard Disk Arrays
I/O Caching
Hot-Swappable Hard Disks
Storage Virtualization
Fast Data Replication Mechanisms
Network Storage Devices
Storage Area Networks (SAN) – dedicated network
Network Attached Storage (NAS) – device connected to network
(Erl, 2014)
Network Hardware
Carrier and External Network Interconnection – LAN/WAN
Load Balancing and Acceleration
19. LAN Fabric – High performance and redundant connectivity
SAN Fabric – Used to connect servers to storage devices
NAS Gateways – connection points for NAS storage devices
(Erl, 2014)
Key Terms
References
Primary:
Jamsa, K. A. (2013). Cloud computing: SaaS, PaaS, IaaS,
virtualization, business models, mobile, security and more.
Burlington, MA: Jones & Bartlett Learning.
Secondary:
Erl, T., Mahmood, Z., & Puttini, R. (2014). Cloud computing:
concepts, technology, & architecture. Upper Saddle River, NJ:
Prentice Hall.
25
20. School of Computer & Information Sciences
ITS-532 Cloud Computing
Chapter 3 – Platform as a Service (PaaS)
Content from:
Primary Textbook: Jamsa, K. A. (2013). Cloud computing:
SaaS, PaaS, IaaS, virtualization, business models, mobile,
security and more. Burlington, MA: Jones & Bartlett Learning.
Secondary Textbook: Erl, T., Mahmood, Z., & Puttini, R.
(2014). Cloud computing: concepts, technology, & architecture.
21. Upper Saddle River, NJ: Prentice Hall.
1
Learning Objectives
Define and describe the PaaS model.
Describe the advantages and disadvantages of PaaS solutions.
List and describe several real-world PaaS solutions.
List and describe cloud-based database solutions and describe
their advantages.
Discuss the development history that led to PaaS.
2
Platform as a Service (PaaS) Defined
Provide a collection of hardware and software resources that
developers can use to build and deploy applications within the
cloud.
Depending on their needs, developers may use a Windows-based
PaaS solution or a Linux-based PaaS.
3
22. PaaS Advantages
Developers eliminate the need to buy and maintain hardware,
and the need to install and manage operating system and
database software.
Because the computing resources no longer reside in the data
center, but rather in the cloud, the resources can scale on
demand and the company can pay for only resources it
consumes.
Further, because PaaS eliminates the developers’ need to worry
about servers, they can more quickly deploy their web-based
solutions.
4
PaaS Disadvantages
Some developers and administrators want finer control over the
underlying systems (versions, patch releases/applications, …)
5
23. Real World: Google App Engine
Google App Engine, sometimes called GAE, is a PaaS solution
that lets developers create and host web-based applications that
reside and run on services managed by Google.
Like many Google services and offerings, Google App Engine is
a free service.
Google App Engine provides platform support for a variety of
programming languages, the three most common of which are
Java, Python, and Go.
6
Google App Engine Continued
Google App Engine features include the following:
Support for dynamic web pages
Data storage and query support
Load balancing for application scalability
Application program interface (API) support for application-
based e-mail through Google services
A local development environment that simulates Google App
Engine on the developer’s computer
24. Support for event scheduling and triggering
An application sandbox that limits access to the underlying
operating system
An administrative console for managing applications
7
Real World: Taleo Human-Resources SaaS
8
To achieve wide-scale use, an SaaS solution must have large
market potential.
Every business must recruit, hire, train, and compensate
employees.
The Taleo cloud-based talent management system provides
applications and services to meet company human resources
demands.
Google App Engine
9
25. Evolution to the Cloud
Mainframe Computers
Personal Computers
Local-Area Networks
Internet Service Providers (ISPs)
PaaS
10
Mainframe Computing
Large capital investment for data-center-based computers
Large, expensive disk and tape storage systems that often
provided only limited storage capacity
User interface to the system provided through dumb terminals
Limited computer–network interconnectivity
System security maintained through physical security (few users
had direct access to the computer hardware)
27. ISP Advantages
Reduced cost: The ISP provided the high-speed, high-bandwidth
Internet connection, which it shared across several companies.
Less server administration: The ISP managed the servers to
which developers uploaded their solutions.
Less hardware to purchase and maintain: The ISP purchased and
managed the hardware and managed the infrastructure software,
such as the operating system.
15
ISP Advantages Continued
Greater system uptime: Through the use of redundant hardware
resources, the ISP provided high system uptime.
Potential scalability: The ISP had the ability to move a high-
demand application to a faster bandwidth connection.
16
28. Blade Computers
Reduced server footprint
Reduced power consumption and heat generation
17
Real World: Force.com PaaS
To extend its cloud capabilities to application developers,
Salesforce.com has released the Force.com PaaS.
Originally developed to provide a home for business
applications, Force.com now runs applications across most
sectors.
18
29. Benefits of PaaS
By shifting computing resources from an on-site data center to
the cloud, PaaS solutions offer:
Lower total cost of ownership: Companies no longer need to
purchase and maintain expensive hardware for servers, power,
and data storage.
Lower administration overhead: Companies shift the burden of
system software administration from in-house administration to
employees of the cloud provider.
19
Benefits of PaaS Continued
More current system software: The cloud administrator is
responsible for maintaining software versions and patch
installations.
Increased business and IT alignment: Company IT personnel can
focus on solutions as opposed to server-related issues.
Scalable solutions: Cloud-based solutions can scale up or down
automatically based on application resource demands.
Companies pay only for the resources they consume.
20
30. Disadvantages of PaaS
Potential disadvantages of PaaS solutions include:
Concerns about data security: Some companies are hesitant to
move their data storage off-site.
Challenges to integrating cloud solutions with legacy software:
A company may need to support on-site solutions as well as
cloud-based solutions. Communication between the two
application types may be difficult to impossible.
Risk of breach by the PaaS provider: If the company providing
the PaaS service fails to meet agreed-upon service levels,
performance, security, and availability may be at risk, and
moving the application may be difficult.
21
Real World: Windows Azure as a PaaS
Microsoft .NET has driven the development of many dynamic
web solutions and web services.
Windows Azure is a PaaS running within Microsoft data
31. centers.
Users pay only for the scalable processor resources that they
consume.
SQL Azure provides a cloud-based database solution for
applications running within Windows Azure.
22
Windows Azure Continued
Windows Azure goes beyond .NET and includes support for
Java, PHP, and Ruby. Developers can build and deploy their
solutions to Azure using an IDE such as Visual Studio or
Eclipse.
Developers can interface to SQL Azure using much of the same
code they would use to access a local database.
23
Windows Azure Continued
24
32. Key Terms
25
References
Jamsa, K. A. (2013). Cloud computing: SaaS, PaaS, IaaS,
virtualization, business models, mobile, security and more.
Burlington, MA: Jones & Bartlett Learning.
26