The document describes the cloud computing architecture, detailing the cloud reference model which consists of five layers (physical, virtual, control, service orchestration, service) and three cross-layer functions (business continuity, security, service management). It also outlines the three primary service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), describing their functionalities and advantages. Additionally, it mentions cloud deployment models, particularly focusing on private clouds and their management options.

1. 11/10/2024 1
Unit 2: Cloud Computing
Architecture

2. 11/10/2024 2
2.1 Cloud reference model
• The cloud computing reference model is an abstract
model that characterizes and standardizes the functions
of a cloud computing environment by partitioning it into
abstraction layers and cross-layer functions.
• This reference model groups the cloud computing
functions and activities into five logical layers and three
cross-layer functions.

3. 11/10/2024 3

4. 11/10/2024 4
• The five layers are physical layer, virtual layer,
control layer, service orchestration layer, and
service layer.
• Each of these layers specifies various types of
entities that may exist in a cloud computing
environment, such as compute systems, network
devices, storage devices, virtualization software,
security mechanisms, control software,
orchestration software, management software,
and so on.
• It also describes the relationships among these
entities.

5. 11/10/2024 5
• The three cross-layer functions are business
continuity, security, and service management.
• Business continuity and security functions
specify various activities, tasks, and processes
that are required to offer reliable and secure
cloud services to the consumers.
• Service management function specifies various
activities, tasks, and processes that enable the
administrations of the cloud infrastructure and
services to meet the provider’s business
requirements and consumer’s expectations.

6. 11/10/2024 6
Cloud computing layers
Physical Layer
• Foundation layer of the cloud infrastructure.
• Specifies entities that operate at this layer : Compute systems, network devices
and storage devices. Operating environment, protocol, tools and processes.
• Functions of physical layer : Executes requests generated by the virtualization
and control layer.
Virtual Layer
• Deployed on the physical layer.
• Specifies entities that operate at this layer : Virtualization software, resource
pools, virtual resources.
• Functions of virtual layer : Abstracts physical resources and makes them
appear as virtual resources (enables multitenant environment). Executes the
requests generated by control layer.

7. 11/10/2024 7
Control Layer
•Deployed either on virtual layer or on physical layer
•Specifies entities that operate at this layer : control software
•Functions of control layer :
 Enables resource configuration, resource pool configuration and
resource provisioning.
 Executes requests generated by service layer.
 Exposes resources to and supports the service layer.
 Collaborates with the virtualization software and enables
resource pooling and creating virtual resources, dynamic
allocation and optimizing utilization of resources.

8. 11/10/2024 8
Service Orchestration Layer
•Specifies the entities that operate at this layer : Orchestration
software.
•Functions of orchestration layer : Provides workflows for executing
automated tasks. Interacts with various entities to invoke provisioning tasks.
Service Layer
•Consumers interact and consume cloud resources via those layer.
•Specifies the entities that operate at this layer : Service catalog
and self-service portal.
•Functions of service layer : Store information about cloud services in
service catalog and presents them to the consumers. Enables consumers to
access and manage cloud services via a self-service portal.

9. 11/10/2024 9
Cross-layer function
Business continuity
•Specifies adoption of proactive and reactive measures to
mitigate the impact of downtime.
•Enables ensuring the availability of services in line with SLA.
•Supports all the layers to provide uninterrupted services.
Security
•Specifies the adoption of : Administrative mechanisms (security
and personnel policies, standard procedures to direct safe
execution of operations) and technical mechanisms (firewall,
intrusion detection and prevention systems, antivirus).
•Deploys security mechanisms to meet GRC requirements.
•Supports all the layers to provide secure services.

10. 11/10/2024 10
Service Management
Specifies adoption of activities related to service portfolio management
and service operation management.
Service portfolio management :
• Define the service roadmap, service features, and service levels
• Assess and prioritize where investments across the service portfolio are
most needed
• Establish budgeting and pricing
• Deal with consumers in supporting activities such as taking orders,
processing bills, and collecting payments
Service operation management :
•Enables infrastructure configuration and resource provisioning
•Enable problem resolution
•Enables capacity and availability management
•Enables compliance conformance
•Enables monitoring cloud services and their constituent elements

11. 11/10/2024 11
Cloud computing conceptual reference model identifies the
major actors, their activities and functions in cloud
computing.
Figure – The Conceptual Reference Model

12. 11/10/2024 12
• As shown in Figure , the NIST cloud computing reference architecture
defines five major actors: cloud consumer, cloud provider, cloud
carrier, cloud auditor and cloud broker. Each actor is an entity (a
person or an organization) that participates in a transaction or process
and/or performs tasks in cloud computing.
• Table below briefly lists the actors defined in the NIST cloud
computing reference architecture.

13. 11/10/2024 13
SNO Actor Definition
1 Cloud
Consumer
A person or organization that maintains a business
relationship with, and uses service from, Cloud
Providers.
2 Cloud
Provider
A person, organization, or entity responsible for
making a service available to interested parties.
3 Cloud Auditor A party that can conduct independent assessment of
cloud services, information system operations,
performance and security of the cloud
implementation.
4 Cloud Broker An entity that manages the use, performance and
delivery of cloud services, and negotiates
relationships between Cloud Providers and Cloud
Consumers.
5 Cloud Carrier An intermediary that provides connectivity and
transport of cloud services from Cloud Providers to

14. 11/10/2024 14
2.1.1 Infrastructure as service
• In computing, infrastructure refers to
the computers and servers that run
code and store data, and the wires
and appliances that make
connections between those
machines.
• For example, servers, hard drives, and
routers are all part of infrastructure.
• Before cloud computing was an
option, most businesses hosted their
own infrastructure and ran all their
applications on-premises.

15. 11/10/2024 15
• Infrastructure-as-a-Service, or IaaS for short, is when a cloud
computing vendor hosts the infrastructure on behalf of their
customers.
• The vendor hosts the infrastructure in "the cloud" – in other words, in
various data centers.
• Their customers access this cloud infrastructure over the Internet.
• They can use it to build and host web applications, store data, run
business logic, or do anything else that could be done on traditional
on-premises infrastructure, but often with more flexibility.

16. 11/10/2024 16
ADVANTAGES:
• Scalability: It's much easier to expand a business with IaaS as the
foundation. Instead of purchasing, installing, and maintaining a
new server every time the business needs to scale up, they can
just add a new server on demand through the IaaS provider. This
on-demand scalability is a major benefit of cloud computing
across all cloud service models.
• Fewer resources dedicated to server maintenance: With IaaS, a
company has essentially outsourced server purchasing,
maintenance, and updating to the IaaS provider. This is typically
cheaper and requires less time and labor from internal teams
than they would need to host their own infrastructure.
• Faster time to market: Companies using IaaS can deploy and
update applications much faster, since cloud providers can offer
however much infrastructure they need as they need it.

17. 11/10/2024 17
2.1.2 Platform as service
• In the Platform-as-a-Service (PaaS) model, developers essentially rent
everything they need to build an application, relying on a cloud
provider for development tools, infrastructure, and operating
systems.
• This is one of the three service models of cloud computing.
• PaaS vastly simplifies web application development; from the
developer's perspective, all backend management takes place behind
the scenes.
• Although PaaS has some similarities with server less computing, there
are many critical differences between them.

18. 11/10/2024 18
• PaaS can be accessed over any internet connection, making it
possible to build an entire application in a web browser.
• Because the development environment is not hosted locally,
developers can work on the application from anywhere in the
world.
• This enables teams that are spread out across geographic
locations to collaborate.
• It also means developers have less control over the development
environment, though this comes with far less overhead.
The main offerings included by PaaS vendors are:
•Development tools
•Middleware
•Operating systems
•Database management
•Infrastructure
Different vendors may include other services as well, but these are the core PaaS
services.

19. 11/10/2024 19
Development tools
PaaS vendors offer a variety of tools that are necessary for software development, including a source
code editor, a debugger, a compiler, and other essential tools. These tools may be offered together as
a framework. The specific tools offered will depend on the vendor, but PaaS offerings should include
everything a developer needs to build their application.
Middleware
Platforms offered as a service usually include middleware, so that developers don't have to build it
themselves. Middleware is software that sits in between user-facing applications and the machine's
operating system; for example, middleware is what allows software to access input from the
keyboard and mouse. Middleware is necessary for running an application, but end users don't
interact with it.
Operating systems
A PaaS vendor will provide and maintain the operating system that developers work on and the
application runs on.
Databases
PaaS providers administer and maintain databases. They will usually provide developers with a
database management system as well.
Infrastructure
PaaS is the next layer up from IaaS in the cloud computing service model, and everything included in
IaaS is also included in PaaS. A PaaS provider either manages servers, storage, and physical data
centers, or purchases them from an IaaS provider.

20. 11/10/2024 20
Why do developers use PaaS?
Faster time to market
PaaS is used to build applications more quickly than would be possible if developers had to worry about
building, configuring, and provisioning their own platforms and backend infrastructure. With PaaS, all they
need to do is write the code and test the application, and the vendor handles the rest.
One environment from start to finish
PaaS permits developers to build, test, debug, deploy, host, and update their applications all in the same
environment. This enables developers to be sure a web application will function properly as hosted before
they release, and it simplifies the application development lifecycle.
Price
PaaS is more cost-effective than leveraging IaaS in many cases. Overhead is reduced because PaaS
customers don't need to manage and provision virtual machines. In addition, some providers have a pay-
as-you-go pricing structure, in which the vendor only charges for the computing resources used by the
application, usually saving customers money. However, each vendor has a slightly different pricing
structure, and some platform providers charge a flat fee per month.
Ease of licensing
PaaS providers handle all licensing for operating systems, development tools, and everything else included
in their platform.

21. 11/10/2024 21
What are the potential drawbacks of using PaaS?
Vendor lock-in
It may become hard to switch PaaS providers, since the application is built using the vendor's tools and
specifically for their platform. Each vendor may have different architecture requirements. Different
vendors may not support the same languages, libraries, APIs, architecture, or operating system used
to build and run the application. To switch vendors, developers may need to either rebuild or heavily
alter their application.
Vendor dependency
The effort and resources involved in changing PaaS vendors may make companies more dependent on
their current vendor. A small change in the vendor's internal processes or infrastructure could have a
huge impact on the performance of an application designed to run efficiently on the old configuration.
Additionally, if the vendor changes their pricing model, an application may suddenly become more
expensive to operate.
Security and compliance challenges
In a PaaS architecture, the external vendor will store most or all of an application's data, along with
hosting its code. In some cases the vendor may actually store the databases via a further third party,
an IaaS provider. Though most PaaS vendors are large companies with strong security in place, this
makes it difficult to fully assess and test the security measures protecting the application and its data.
In addition, for companies that have to comply with strict data security regulations, verifying the
compliance of additional external vendors will add more hurdles to going to market.

22. 11/10/2024 22
2.1.3 Software as a service
• Software-as-a-Service, or SaaS for short, is a
cloud-based method of providing software to
users.
• SaaS users subscribe to an application rather
than purchasing it once and installing it.
• Users can log into and use a SaaS application
from any compatible device over the Internet.
• The actual application runs in cloud servers
that may be far removed from a user's
location.

23. 11/10/2024 23
• A SaaS application may be accessed through a browser or through an
app. Online email applications that users access through a browser,
such as Gmail and Office 365, are common examples of SaaS
applications.
• The difference between SaaS and a software installation on a user's
computer is somewhat like the difference between streaming a TV
show online and buying all the seasons of the TV show on DVD.

24. 11/10/2024 24
The SaaS model has a number of pros and cons, although for modern businesses
and users the pros of SaaS often outweigh the cons. Here are some of the
advantages and disadvantages of using SaaS applications:
•Advantage: Access from anywhere, on any device. Typically, users can log into
SaaS applications from any device and any location. This offers a great deal of
flexibility – businesses can allow employees to operate all over the world, and users
can access their files no matter they are. In addition, most users use multiple devices
and replace them often; users don't need to reinstall SaaS applications or purchase
new licenses each time they switch to a new device.
•Advantage: No need for updates or installations. The SaaS provider updates and
patches the application on an ongoing basis.
•Advantage: Scalability. The SaaS provider handles scaling up the application, such
as adding more database space or more compute power as usage increases.
•Advantage: Cost savings. SaaS cuts down on internal IT costs and overhead. The
SaaS provider maintains the servers and infrastructure that support the application,
and the only cost to a business is the subscription cost of the application.

25. 11/10/2024 25
•Disadvantage:
•The need for stronger access control. The increased accessibility of SaaS
applications also means that verifying user identity and controlling access
levels becomes very important. With SaaS, organizational assets are no longer kept
within an internal network, separate from the outside world. Instead, user access is
based on user identity: if someone has the right login credentials, they are granted
access. Strong identity verification thus becomes crucial.
Vendor lock-in. A business may become overly reliant on the SaaS application
provider. It's time-consuming and expensive to move to a new application if an
organization's entire database is stored within the old application.
•Disadvantage (for enterprises): Security and compliance. With SaaS applications,
the responsibility for protecting those applications and their data moves from internal
IT teams to the external SaaS providers. For small to medium-sized businesses, this is
less of a disadvantage, as large cloud providers typically have more resources for
putting strong security in place. But this can be a challenge if a large business faces
tight security or regulatory standards. In some cases businesses will be unable to
assess their applications' security themselves, for instance by performing penetration
testing. Essentially, they have to take the external SaaS provider's word that the
application is secure.

26. 11/10/2024 26

27. 11/10/2024 27
IaaS vs. PaaS vs. SaaS
IaaS is infrastructure hosted in the cloud. IaaS includes
virtual servers and cloud storage, cloud security, and
access to data center resources (managed by the IaaS
provider).
Platform-as-a-Service (PaaS) is the next layer up from
IaaS in the cloud computing service model. It provides
developers with a platform for building applications.
Most PaaS offerings include development tools,
middleware, operating systems, databases and database
management, and infrastructure. A PaaS provider either
manages the infrastructure themselves or purchases it
as a service from an IaaS provider.
Software-as-a-Service (SaaS) is full applications hosted
and managed in the cloud. SaaS users subscribe to an
application and access it over the Internet rather than
purchasing it once and installing it locally.

28. 11/10/2024 28
2.2 Cloud deployment models
2.2.1 Private Cloud
• A private cloud is a cloud service that is exclusively offered to one
organization.
• By using a private cloud, an organization can experience the benefits
of cloud computing without sharing resources with other
organizations.
• A private cloud can either
be inside an organization or
remotely managed by a
third party and accessed
over the Internet (but unlike
a public cloud, it is not
shared with anyone).

29. 11/10/2024 29
• What is a hosted private cloud?
• Suppose a large company in Chicago, Illinois wants to run a private cloud.
They can either set up an internal private cloud in their Chicago office
building, or they can let a third-party cloud provider host their private cloud.
• That third party may be in a different area of Chicago, another city in Illinois,
or even another state.
• A hosted private cloud is off-premises instead of on-premises, meaning the
cloud servers are not physically located on the grounds of the organization
using them.
• Instead, a third party manages and hosts the cloud remotely.

30. 11/10/2024 30
What is an internal private cloud?
• An internal private cloud is hosted on an organization's own premises, and
is managed by them internally.
• Unlike with a hosted private cloud, the organization manages and operates
the internal private cloud themselves. Typically, this means they will
purchase the servers, keep them up and running, and administer the
software that runs on the servers.
How is an internal private cloud different from a traditional on-premises data
center?
• An internal private cloud is hosted on a company's premises, is managed by that
company, and is only accessed by that company. In some ways, then, an internal
private cloud is similar to a traditional data center.
• However, an internal private cloud is architected with cloud technology; private
cloud servers will run virtual machines to maximize the use of the hardware.
• As a result, private clouds are usually more efficient, more powerful, and more
scalable.
• If a private cloud can be compared to owning one's own laundromat, then a
traditional data center is like having a single in-home washer and dryer.

31. 11/10/2024 31
In addition to virtualization, internal private clouds have these
qualities that traditional data centers don't have:
•Scalability: Internal private clouds easily scale up, meaning
they provide more services without any extra configuration by
an IT team.
•Self service: Users can access the private cloud without IT
assistance.
•Broad access: All teams across an organization can access
the cloud resources they need.
•Measurable: can measure how much storage and
bandwidth is used, along with how many user accounts are
active, and allocate cloud resources accordingly.

32. 11/10/2024 32
2.2.2Public clouds
• A public cloud is a cloud service offered to
multiple customers by a cloud provider. The
term "public cloud" is used to differentiate
between the original cloud model of
services accessed over the Internet and the
private cloud model. Public clouds
include SaaS, PaaS, and IaaS services.
• Like all cloud services, a public cloud service
runs on remote servers that a provider
manages. Customers of that provider access
those services over the Internet.

33. 11/10/2024 33
• What is multitenancy?
• Because multiple organizations share a public cloud, multiple
organizations will sometimes be using the same physical server at the
same time. This is called multitenancy.
• Multitenancy is when multiple customers of a cloud provider are
accessing the same server. Data from two different companies could
be stored on the same server, or processes from two different
applications could be running on the same server.

34. 11/10/2024 34
Advantages:
•Cost savings: Moving to a public cloud is a way for companies to cut
down IT operations costs. Essentially, they are outsourcing these costs to
a third party who can handle them more efficiently. Public clouds also
typically cost less than private clouds, because the cloud provider is able
to maximize their use of hardware and their profits by selling their
services to multiple customers at once.
•Less server management: If an organization uses a public cloud,
internal teams don't have to spend time managing servers – as they do
for legacy on-premises data centers or for internal private clouds.
•Security: Many small and medium sized businesses may not have the
resources to implement strong security measures. By using a public
cloud service, they can outsource some aspects of cyber security to a
larger provider with more resources.

35. 11/10/2024 35
Disadvantages:
•Security and compliance concerns: Multitenancy might be a concern
for businesses that need to meet strict regulatory compliance standards.
Multitenancy also comes with a very small risk of data leakage, which
may be more risk than some businesses in specialized fields are willing
to tolerate. (In fact, the risk is miniscule; most cloud providers follow
extremely high security standards.) Finally, it can be difficult to deploy
the same security policies both for an organization's internal resources
and for a public cloud that is somewhat outside of an organization's
control (especially during a cloud migration).
•Vendor lock-in: This is always a concern with cloud technology. An
organization that uses the cloud will save money and become more
flexible, but it can also end up reliant upon the cloud vendor's services –
the virtual machines, storage, applications, and technologies they
provide – in order to maintain their business operations.

36. 11/10/2024 36
2.2.3 Hybrid clouds
• A hybrid cloud mixes two or more types
of cloud environments.
• Hybrid cloud deployments combine public
and private clouds , and they may also include
on-premises legacy infrastructure.
• For a cloud to truly be hybrid, these different
cloud environments must be tightly
interconnected with each other, essentially
functioning as one combined infrastructure.
• Almost all hybrid clouds include at least one
public cloud.

37. 11/10/2024 37
• Hybrid clouds have a number of uses.
• An organization may use their private cloud for some services and
their public cloud for others, or they may use the public cloud as
backup for their private cloud.
• They can also use the public cloud to handle periods of high demand,
while keeping most operations within their private cloud.

38. 11/10/2024 38
What are the types of environments found in hybrid clouds?
The combination of any two of the environments listed below can be
considered "hybrid cloud":
•Public cloud: A public cloud is a cloud service run by an external
vendor that may include servers in one or multiple data centers.
Public clouds are shared by multiple organizations. Using virtual
machines, individual servers may be shared by different companies,
a situation that is called "multitenancy" because multiple companies
are renting server space within the same physical server.
•On-premises private cloud: A private cloud is a data center wholly
dedicated to one company. The servers in a private cloud aren't
shared by anyone else's software, files, or data. On-premises private
clouds are maintained and secured by the organizations themselves,
not an external vendor.

39. 11/10/2024 39
•Hosted private cloud: This is just like an on-premises private cloud
in that the servers are dedicated wholly to one organization.
However, the cloud servers in a hosted private cloud are not located
in an organization's offices – rather, a third-party provider hosts and
maintains the cloud servers in one or more remote data centers, and
the organization accesses the cloud over the Internet instead of an
internal network. But unlike a public cloud, there is no multitenancy;
the cloud servers are not shared with other organizations.
•On-premises (legacy): On-premises or legacy deployments don't
use cloud technology at all. Instead, organizations using this model
follow the classic practice of purchasing software licenses, installing
and maintaining hardware on their premises, and installing software
locally on employee computers. In other words, instead of working
in Google Docs (for example), employees would use Microsoft Word,
or some other program installed and running on their computers.

40. 11/10/2024 40
difference between hybrid cloud and multicloud

41. 11/10/2024 41
A multicloud deployment combines multiple public clouds, while a hybrid
cloud combines a public cloud with another type of environment. Hybrid
clouds combine apples and oranges – a multicloud deployment is more like
combining many types of apples.
A multicloud can also be a hybrid cloud if it mixes multiple types of cloud
environments, in addition to using multiple public clouds – just as a rectangle
can be a square, but not all rectangles are squares. Conversely, a hybrid cloud
deployment can also be multicloud if it uses several public clouds.
For a hybrid cloud to work well, the connection between the separate clouds is key. Public
clouds, private clouds, and on-premises infrastructure can connect to each other in a variety of
ways, including:
•APIs (Application Programming Interfaces)
•VPNs (Virtual Private Networks)
•WANs (Wide Area Networks)
Without a working connection between clouds, an organization is not running a hybrid cloud –
they are merely running two or more separate cloud environments in parallel, and they won't
reap the benefits of hybrid cloud deployments.

42. 11/10/2024 42
What are the advantages of using a hybrid cloud architecture?
•Flexibility: Hybrid clouds make it easier to switch to a different style
of cloud deployment. For instance, if a business decides to move to
an exclusively public cloud deployment, it will be simpler if some
business processes or storage already take place in a public cloud.
•Wider variety of technology: Via a public cloud, a business can
include technology that isn't practical to run in a private cloud, such
as big data processing.
•Backups to avoid downtime: If one cloud crashes or breaks, a
company can rely on the other cloud, avoiding service interruptions.
This type of redundancy is also an advantage of multicloud
deployments.

43. 11/10/2024 43
•Meet spikes in demand: A company can run most of its processes in a
private cloud, and then use a public cloud for extra computing power to
handle a sudden spike in workload – such as when far more users than
normal access an eCommerce site during Black Friday. This strategy is
known as cloud bursting, because a workload "bursts" from one cloud to
a larger cloud.
•Potential cost savings: Maintaining an internal data center, such as a
private cloud, can be expensive and resource-intensive. By moving some
operations to a public cloud, an organization doesn't have to maintain as
much infrastructure on-premises, cutting down on costs.
•Keep sensitive data on-premises: Some organizations handle sensitive
data, such as credit card numbers, healthcare information, or financial
data. Keeping such data on-premises gives a company much more control
over the security measures that guard sensitive data. In a hybrid cloud
deployment, an organization can keep sensitive data in a secure private
cloud, and then use public clouds for running the rest of their

44. 11/10/2024 44
What are the drawbacks of using a hybrid cloud architecture?
•Greater attack surface: Whenever network infrastructure becomes more
complex, there is a greater chance that an attacker will find a vulnerability
to exploit. A single cloud – say, a private cloud – can have strong security
protections in place. But if multiple clouds from different vendors are used,
not all clouds will have the same quality of security.
•More complex integrations: The connection and orchestration between
different kinds of clouds is crucial. Thus, there are more steps to setting up
a hybrid cloud compared to deploying a single public cloud or a single
private cloud, since the connecting technology – such as a VPN – has to be
set up and maintained too.
•Complicated to secure: While an on-premises private cloud runs behind
the company firewall, a hosted private cloud or public cloud does not. A
company may need to use multiple security products, some for their on-
premises cloud and some for their public cloud, to keep their data safe. In
addition, it can be tricky to validate a user's identity across multiple clouds
(access control).

45. 11/10/2024 45
• A community cloud in computing is a collaborative effort in which
infrastructure is shared between several organizations from a specific
community with common concerns (security, compliance, jurisdiction,
etc.), whether managed internally or by a third-party and hosted internally
or externally.
• This is controlled and used by a group of organizations that have shared
interest. The costs are spread over fewer users than a public cloud (but
more than a private cloud), so only some of the cost savings potential of
cloud computing are realized.
• The community cloud is provisioned for use by a group of consumers
from different organisations who shares same concerns (e.g., application,
security, policy, and efficiency demands).
2.2.4 Community cloud

46. 11/10/2024 46

47. 11/10/2024 47
The following list shows some of the main scenarios of the Community
Cloud model that is beneficial to the participating organizations.
•Multiple governmental departments that perform transactions with one
another can have their processing systems on shared infrastructure. This
setup makes it cost-effective to the tenants, and can also reduce their
data traffic.
•Federal agencies in the United States. Government entities in the U.S.
that share similar requirements related to security levels, audit, and
privacy can use Community Cloud. As it is community-based, users are
confident enough to invest in the platform for their projects.
•Multiple companies may need a particular system or application hosted
on cloud services. The cloud provider can allow various users to connect
to the same environment and segment their sessions logically. Such a
setup removes the need to have separate servers for each client who has
the same intentions.

48. 11/10/2024 48
Openness and Impartiality
Community Clouds are open systems, and they remove the dependency organizations have on cloud
service providers. Organizations can achieve many benefits while avoiding the disadvantages of both
public and private clouds.
Flexibility and Scalability
•Ensures compatibility among each of its users, allowing them to modify properties according to their
individual use cases. They also enable companies to interact with their remote employees and support
the use of different devices, be it a smartphone or a tablet. This makes this type of cloud solution more
flexible to users’ demands.
•Consists of a community of users and, as such, is scalable in different aspects such as hardware
resources, services, and manpower. It takes into account demand growth, and you only have to increase
the user-base.
High Availability and Reliability
Your cloud service must be able to ensure the availability of data and applications at all times.
Community Clouds secure your data in the same way as any other cloud service, by replicating data and
applications in multiple secure locations to protect them from unforeseen circumstances.
Cloud possesses redundant infrastructure to make sure data is available whenever and wherever you
need it. High availability and reliability are critical concerns for any type of cloud solution.
Security and Compliance
Two significant concerns discussed when organizations rely on cloud computing are data security and
compliance with relevant regulatory authorities. Compromising each other’s data security is not
profitable to anyone in a Community Cloud.

49. 11/10/2024 49
•Every participant in the community has authorized access to
the data. Therefore, organizations must make sure they do
not share restricted data.
•Rules and regulations related to compliance within a
Community Cloud can be confusing. The systems of one
organization may have to adhere to the rules and regulations
of other organizations involved in the community as well.
•Agreements among the member organizations in a
Community Cloud are vital. For example, just because all the
organizations have shared access to audit logs does not mean
that every organization has to go through them. Having an
agreement on who performs such tasks will not only save
time and workforce needs but also help to avoid ambiguity.

50. 11/10/2024 50
2.3 Cloud design and implementation using
SOA
• “A service-oriented architecture is essentially a collection of services. These services
communicate with each other. The communication can involve either simple data
passing or it could involve two or more services coordinating some activity. Some
means of connecting services to each other is needed.”
• “Service-oriented architecture (SOA) provides methods for systems development and
integration where systems group functionality around business processes and
package these as interoperable services.
• An SOA infrastructure allows different applications to exchange data with one another
as they participate in business processes.
• SOA separates functions into distinct units, or services, which developers make
accessible over a network in order that users can combine and reuse them in the
production of business applications

51. 11/10/2024 51
What is Service Oriented Architecture
(SOA)?
• Is not a computing architecture but a style of
programming
• An SOA application is a composition of services
• A “service” is the building block/ unit of an SOA
• Services encapsulate a business process
• Service Providers Register themselves
• Service use involves: Find, Bind,
Execute
• Most well-known instance is Web
Services
Service
Registry
Service
Provider
Service
Consumer
Find Register
Bind,
Execute

52. 11/10/2024 52
SOA Actors
• Service Provider
• From a business perspective, this is the owner of the service. From an
architectural perspective, this is the platform that provides access to the service.
• Service Registry
• This is an information space of service descriptions where service providers
publish their services and service requesters find services and obtain binding
information for services.
• Allows service consumers to locate service providers that meet required criteria
• Service Consumer
• From a business perspective, this is the business that requires certain function
to be fulfilled. From an architectural perspective, this is the client application that
is looking for and eventually invoking a service.

53. 11/10/2024 53
SOA Principles
• Formal contract
• Loose coupling
• Abstraction
• Reusability
• Autonomy
• Statelessness
• Discoverability
• Composability
Thomas Erl, SOA Principles of Service Design, Prentice Hall 2007 ISBN:0132344823

54. 11/10/2024 54
SOA Principles – Formal contract
• According to SOA Formal contract principle every service needs to have
an official, standardized, formal contract.
• A great deal of emphasis is placed on specific aspects of contract design,
including:
• the manner in which services express functionality (functional description
contract)
• how data types and data models are defined (information model)
• how policies are asserted and attached. (non-functional description contract)
• how interaction with the service is to be performed (behavioral contract)

55. 11/10/2024 55
SOA Principles – Loose coupling
• SOA is a loosely coupled arrangement of services and service
consumers.
• At design time, loose coupling means that services are
designed with no affinity to any particular service consumer.
• Inside the service, no information is assumed as to the
purpose, technical nature or business nature of the service
consumer.
• Thus, a service is fully decoupled from a service consumer.

56. 11/10/2024 56
SOA Principles – Abstraction
• This principle emphasizes the need to hide as much of the
underlying details of a service as possible.
• By using abstraction previously described loosely coupled
relationship is directly enabled and preserved
• There are 4 levels of abstraction in SOA as:
– technology abstraction
– functional abstraction
– programming logic abstraction
– quality of service abstraction

57. 11/10/2024 57
SOA Principles – Reusability
• The reusability principle suggest to contain and
express agnostic logic as services that can be
positioned as reusable enterprise resources
• Reusability will:
• Allow for service logic to be repeatedly leveraged over time so as
to achieve a high Return on investment( ROI)
• Increase business agility on an organizational level
• Enable the creation of service inventories that can be easily
integrated and used in various use-cases

58. 11/10/2024 58
SOA Principles – Autonomy
• SOA Autonomy principle implies that services have control over the
solution logic they implement.
• SOA Autonomy/ Service Autonomy can be observed as various levels:
• Runtime autonomy – represents the amount of control a service has over its
execution environment at runtime
• Design-time autonomy – represents the amount of governance control a service
owner has over the service design

59. 11/10/2024 59
SOA Principles – Statelessness
• This means a service must do its best to hold onto state information
pertaining to an interaction for as small a duration as possible, e.g., do
not retain awareness of a message once it is processed.
• Statelessness in a service means that if the service is enlisted in a flow,
than it doesn’t retain any state referring to the enclosing flow. Form a
message perspective, it means that once a service has received and
processed a message, it doesn’t retain memory of the passage of that
message.
• This helps with concurrent access scaling

60. 11/10/2024 60
Statelessness in SOA and REST
• SOA and REST(Represented state transfer)
share the Statelessness principle
• REST provides explicit state transitions
• REST Servers are stateless and messages can
be interpreted without examining history.
• Persistent data can be given explicit URIs on the
server.
• Messages can refer to persistent data through
links to Uniform Resource Identifier(URI)s.

61. 11/10/2024 61
Statelessness in SOA and REST
• In SOA
• Stateless communication although communication can be stateful as well
• Received or sent messages can trigger state change
• Operations requiring sequence of messages
• Capable to support transactions
• set of operations with pass or fail results
• Tighter coupling between components
• In REST
• Stateless communication
• Document transfer only
• A party is not aware of its partner current state
• Party receiving information can decide how to process it
• HTTP caching possible
• Looser coupling between components

62. 11/10/2024 62
SOA Principles – Discoverability
• SOA Discoverability is meant to help one avoid the accidental creation of services
that are either redundant or implement logic that is redundant. The discoverability
principle can be referred to the design of an individual service so that it becomes
as discoverable as possible – no matter whether the discoverability extension or
product actually exists in the surrounding implementation environment.
• Discovery is a central task in SOA. SOA Discoverability is centered on Service
Discoverability. Service Discoverability is meant to refer to the technology
architecture’s ability to provide a mechanism of discovery, for example a service
directory, service registry or a service search engine.
• Services be designed as resources that are highly discoverable in some fashion.
Each service should be equipped with the metadata that is required to properly
communicate its capabilities and meaning.

63. 11/10/2024 63
SOA Principles – Composability
• Allow us to chain services together to provide new
services
• Composition has the advantage that one can put
together composite applications at a speed greater
than writing one from scratch
• Building new services and application becomes
quicker and cheaper

64. 11/10/2024 64
SOA Properties – Self- Properties
• Most service architectures aim for self- properties to reduce
management load by design:
• Self-Configuration
• Self-Organization
• Self-Healing
• Self-Optimization
• Self-Protection

65. 11/10/2024 65
Self-Configuration
• Service architectures comprise of a huge amount of different components
(services and hardware). Configuration is a challenging task in such
environments.
• The idea of self-configurationis the adoption of the self-organization and
fully distributed cooperation capabilities known from groups with
cooperative social behavior which collaborate to solve a problem. Every
member of the group can decide which part of the problem it can solve and
which “QoS” it can provide.

66. 11/10/2024 66
Self-Organization
• A system is self-organizing if it automatically, dynamically and
autonomously adapts itself to achieve global goals more
efficiently under changing conditions.

67. 11/10/2024 67
Self-Healing
• The task of self-healing is to assure that a system meets some
defined conditions as far as possible, i.e. to guarantee that all
services running in the framework stay available, even in the
case of partial outages in the system.

68. 11/10/2024 68
Self-Optimization
• The self-configuration is responsible to find a good distribution
of the services in terms of the given resources of the service
description. The target of the self-optimization is to distribute
the services of the application in a way that the considered
resources are utilized evenly.
• A typical approach is to find an adequate configuration at the
beginning and to optimize the application during runtime.

69. 11/10/2024 69
Self-Protection
• Self-protection techniques cope with intentionally or
unintentionally malicious peers or services in a framework. The
behave as the “immune system” of a service framework as they
are permissive to good-natured services and messages but can
detect appearing malicious events.

70. 11/10/2024 70
SOA Benefits
Business Benefits
• Focus on Business Domain solutions
• Leverage Existing Infrastructure
• Agility
Technical Benefits
• Loose Coupling
• Autonomous Service
• Location Transparency
• Late Binding

71. 11/10/2024 71
2.4 Security, Trust and Privacy
• Some security issues in Cloud Computing are:
• Misconfiguration
Misconfigurations of cloud security settings are a leading cause of cloud
data breaches. Many organizations’ cloud security posture
management strategies are inadequate for protecting their cloud-based
infrastructure.
• Unauthorized Access
Unlike an organization’s on-premises infrastructure, their cloud-based
deployments are outside the network perimeter and directly accessible
from the public Internet. While this is an asset for the accessibility of this
infrastructure to employees and customers, it also makes it easier for an
attacker to gain unauthorized access to an organization’s cloud-based
resources.

72. 11/10/2024 72
Insecure Interfaces/APIs
CSPs often provide a number of application programming interfaces
(APIs) and interfaces for their customers. In general, these interfaces
are well-documented in an attempt to make them easily-usable for a
CSP’s customers.
Hijacking of Accounts
Many people have extremely weak password security, including
password reuse and the use of weak passwords. This problem
exacerbates the impact of phishing attacks and data breaches since
it enables a single stolen password to be used on multiple different
accounts.
Account hijacking is one of the more serious cloud security issues
as organizations are increasingly reliant on cloud-based
infrastructure and applications for core business functions.

73. 11/10/2024 73
Lack of Visibility
An organization’s cloud-based resources are located outside of the
corporate network and run on infrastructure that the company does
not own. As a result, many traditional tools for achieving network
visibility are not effective for cloud environments, and some
organizations lack cloud-focused security tools. This can limit an
organization’s ability to monitor their cloud-based resources and
protect them against attack.
Malicious Insiders
Insider threats are a major security issue for any organization. A
malicious insider already has authorized access to an organization’s
network and some of the sensitive resources that it contains.
Attempts to gain this level of access are what reveals most attackers
to their target, making it hard for an unprepared organization to
detect a malicious insider.

74. 11/10/2024 74
Cyberattacks
Cybercrime is a business, and cybercriminals
select their targets based upon the expected
profitability of their attacks. Cloud-based
infrastructure is directly accessible from the public
Internet, is often improperly secured, and contains
a great deal of sensitive and valuable data.

75. 11/10/2024 75
Trust in Clouds
• Trust is the strength of confidence and faith in
something. The spirit seeks the results that are
expected to be produced by something.
• It is the belief in the expertise and talent of others to
care for the person and develop satiable effects.
• The trust of individuals lessens if a system
concerning the skill provides insufficient data.
Consumers don’t need only the claims and
assurances. They require the efficient results
produced by the services for their benefits.

76. 11/10/2024 76
• A. Control For trust, power is quite a significant
issue. If consumers don't have proper control over
their assets, their confidence in the system will
decrease. A usual example of control can be observed
when individuals get the case from the ATM. They are
assured that they will get the exact amount that they
need. In other terms, they are controlling the money.
• The same opposite can be said when they are
depositing. After all, they don't know just what will
happen to their cash once they have collected it.
Similarly, if consumers have more control over the
information delivered to the cloud, their trust in the
cloud will increase.

77. 11/10/2024 77
B. Ownership The variation of trust can also be observed relying
on the purchase of assets that concern the data.
• For example, if an employer is trusting a service with the
credit more, his trust will lessen when he has to believe it
with the credit card of his employee as well.
• After all, it is his objective to preserve the confidence of an
employee.
• Similarly, firms or enterprises when consigning the
information to the cloud, it represents not only the
enterprise's interest but also the clients'. It will create a
relationship with twofold and faces.
• First of all, the enterprise to trust the cloud service provider
for itself. Second, it must assure that the clients have almost
the same reasons for believing the same service.

78. 11/10/2024 78
C. Prevention For the establishment of trust, contractual relationships
are mostly used.
• If the service is not offered according to the expectations, the firm will
be compensated in a healthy environment of business.
• Similarly, the providers of cloud use the SLAs or service-level
agreements to increase the trust of consumers.
• However, this might not be able to help in the case of cloud
computing.
• When it comes to trusting cloud computing, it is more like restricting a
violation of trust rather than guaranteeing compensation in case of a
breach.
• For many firms and enterprises, losing the data cannot be repaired.
The extent of money cannot compensate for the precious information.
• The money can never improve Even the reputation. Therefore, the
model of cloud computing should concentrate on preventing the failure
rather than compensating.

79. 11/10/2024 79
D. Security Guard plays the primary role in resisting a failure and
nurturing trust in the methodologies of cloud computing.
• Notably, the protection of practical nature and environment must
be provided by the providers of cloud service.
• After all, it allows them to perform actions and functions for various
clients and provide individual services for several clients as well.
• When it comes to virtualization, the main issues concerning the
security are access control, data leakage, and persistent client-data
security, and identity management, hindrance of attacks that
concern the cross-VM side-channel, and VM protection or virtual
machine protection.
• Whether the security risks are enormous or small, their presence
threatens the trust of consumers.
• Therefore, it is essential to prepare and eliminate such risks rather
than losing the confidence of consumers.

80. 11/10/2024 80
Privacy:
• Privacy, refers to the right to self-determination, that is, the right of
individuals to ‘know what is known about them’, be aware of stored
information about them, control how that information is
communicated and prevent its abuse.
• In other words, it refers to more than just confidentiality of
information. Protection of personal information (or data protection)
derives from the right to privacy via the associated right to self-
determination. Every individual has the right to control his or her
own data, whether private, public or professional.
• Privacy issues are increasingly important in the online world. It is
generally accepted that due consideration of privacy issues promotes
user confidence and economic development.
• However, the secure release, management and control of personal
information into the cloud represents a huge challenge for all
stakeholders, involving pressures both legal and commercial.

81. 11/10/2024 81
In a cloud service, there are many questions needing to
be addressed in order to determine the risks to
information privacy and security:
• Who are the stakeholders involved in the operation?
• What are their roles and responsibilities?
• Where is the data kept?
• How is the data replicated?
• What are the relevant legal rules for data processing?
• How will the service provider meet the expected level
of security and privacy?

82. 11/10/2024 82

83. 11/10/2024 83
Data Integrity
• Data integrity is one of the most critical elements in any
information system. Generally, data integrity means protecting
data from unauthorized deletion, modification, or fabrication.
• Managing entity's admittance and rights to specific enterprise
resources ensures that valuable data and services are not
abused, misappropriated, or stolen.
Data Confidentiality
• Data confidentiality is important for users to store their private
or confidential data in the cloud.
• Authentication and access control strategies are used to ensure
data confidentiality.
• The data confidentiality, authentication, and access control
issues in cloud computing could be addressed by increasing the
cloud reliability and trustworthiness

84. 11/10/2024 84
Data Privacy
• Privacy is the ability of an individual or group to seclude themselves or
information about themselves and thereby reveal them selectively.
• Privacy has the following elements.
(i) When: a subject may be more concerned about the current or future
information being revealed than information from the past.
(ii) How: a user may be comfortable if his/her friends can manually request
his/her information, but the user may not like alerts to be sent automatically
and frequently.
(iii) Extent: a user may rather have his/her information reported as an
ambiguous region rather than a precise point.
Data Availability
• Data availability means the following: when accidents such as
hard disk damage, IDC fire, and network failures occur, the
extent that user’s data can be used or recovered and how the
users verify their data by techniques rather than depending on
the credit guarantee by the cloud service provider alone.