SK
Uploaded bysrirekha kurra
262 views

Sri-PRJ702- Project Report

This project bridges the Amazon Web Services (AWS) cloud platform with the Microsoft Azure cloud platform using a virtual private network (VPN) to provide backup and failover capabilities. The objectives are to create a VPN tunnel between a virtual private cloud hosted in AWS and a virtual network in Azure, deploy virtual machines in both clouds, and establish database and file replication between the clouds. This will allow workloads and data to failover automatically from one cloud to the other in the event of an outage, providing high availability and business continuity.

Embed presentation

Download to read offline
Kurra Srirekha 1 NELSON MARLBOROUGH INSTITUTE OF TECHNOLOGY BRIDGING AWS WITH AZURE FOR BACKUP AND FAILOVER PROVISION: USING VPN CONNECTION Kurra Srirekha Student ID: 13472618 Course ID: PRJ702 9/29/2016 Graduate Diploma Project in Information Technology
Kurra Srirekha 2 Abstract There are many mission-critical businesses deployed via cloud computing. The recent Amazon Web Services (AWS) cloud outage due to a Sydney storm impacted their business brand. Similarly, Azure outages have impacted customers globally. All these recent examples point to one challenge, and that is interruption in cloud computing. Hence there needs to be a better solution than depending on one cloud. The solution that is discussed in this project is cloud-to- cloud failover and backup. Two clouds, AWS and Azure, are chosen for the implementation of this project. This project has achieved the objective of business continuity with 100% data availability by integrating AWS, Azure, MariaDB cluster, Openswan, IPsec, VPN tunnel, Secure Shell (SSH) and session control protocol (SCP) technologies. Sections 1 and 2 of this project cover the potential challenges in cloud outages, provide details on some of the most recent outages and actual challenges faced by businesses due to those cloud outages, a literature review, and the theoretical study of the concept. Sections 3 and 4 cover the analysis, design, solution architecture and implementation of the project. Section 5 covers the test scenarios, test cases, results and evaluation. Though there are lessons to be learned from this project implementation, it provides a direction for future work by enhancing cloud-to-cloud failover to achieve high scalability and performance. This project bridges AWS with the Azure cloud environment using a virtual private network (VPN) to provide backup and failover. Key words: Cloud-to-Cloud Failover, Cloud Outage, Cloud Backup, Cloud Load Balancing, AWS, Azure, MariaDB cluster, Openswan, IPsec, VPN tunnel, SSH and SCP.
Kurra Srirekha 3 Acknowledgement It is always a delight to remind the praiseworthy people in the Graduate program for their great guidance I received to uphold my practical as well as theoretical skill in Graduate Diploma. Firstly, it has indeed been a great privilege for me to have Mr. David Airehrour, as my mentor for this project. His awe-inspiring personality, superb guidance and constant support are the motive power behind this project work. I take this opportunity to express my most extreme appreciation to him. I am additionally obliged to him for his auspicious and significant advice. I would also like to acknowledge and my heartfelt gratitude to Mr. Ali Javan (IT Lecturer) and Mrs. Charanya Mohanakrishnan (IT Lecturer) who consistently upheld me in each possible way, from starting encouragement to support till this date. Finally, I am thankful to all technical and non-teaching staff of the Department of Information Technology (Networks) and NMIT for their constant assistance and co-operation.
Kurra Srirekha 4 Table of Contents List of Figures...........................................................................................................................6 List of Tables ............................................................................................................................7 Acronyms..................................................................................................................................8 Chapter 1: Introduction of the Project ..................................................................................9 1.1. Introduction.................................................................................................................9 1.2. Project Objective.......................................................................................................11 1.3. Significance of Project ..............................................................................................12 1.4. Scope and Limitations of Project ..............................................................................13 1.5. Summary ...................................................................................................................14 Chapter 2: Background of Research....................................................................................15 2.1. Introduction...............................................................................................................15 2.2. Backup and Failover..................................................................................................15 2.3. Cloud Computing......................................................................................................17 2.3.1. Backup and Failover Approaches in Cloud...........................................................19 2.3.2. Cloud Outages .......................................................................................................21 2.4. Multi-Cloud Environment.........................................................................................23 2.4.1. Cloud-to-Cloud Failover........................................................................................23 2.4.2. Benefits of Connecting Two Clouds .....................................................................24 2.5. VPN...........................................................................................................................25 2.5.1. Cloud-to-Cloud Connectivity using VPN..............................................................25 2.6. Ubuntu.......................................................................................................................26 2.7. Summary ...................................................................................................................26 Chapter 3: Resources and Technical Analysis....................................................................27 3.1. Introduction...............................................................................................................27 3.2. Analysis of Resources ...............................................................................................27 3.3. Analysis of Technical Challenges.............................................................................28 3.4. Summary ...................................................................................................................29 Chapter 4: Design and System Implementation .................................................................30 4.1. Introduction...............................................................................................................30 4.2. Problem and Context.................................................................................................30 4.3. Solution Structure......................................................................................................30 4.4. Implementation Process ............................................................................................32
Kurra Srirekha 5 4.4.1. Site-to-Site VPN Tunnel Setup..............................................................................32 4.4.2. MariaDB Galera Cluster Setup (Replication and Failover)...................................33 4.4.3. SSH Keys and SCP Command (File System Backup) ..........................................34 4.5. Challenges .................................................................................................................35 4.6. Summary ...................................................................................................................35 Chapter 5: Testing and Evaluation ......................................................................................37 5.1. Introduction...............................................................................................................37 5.2. VPN Tunnel Testing..................................................................................................37 5.3. Database Cluster Replication ....................................................................................38 5.4. AWS-AZURE: Inter-Cloud Transfer (file transfers between two clouds) ...............41 5.5. Results Evaluation.....................................................................................................42 5.5.1. AWS-AZURE Failover ........................................................................................42 5.5.2. AWS-AZURE Backup .........................................................................................42 5.6. Summary ...................................................................................................................42 Chapter 6: Recommendations and Future Scope ...............................................................43 6.1. Introduction...............................................................................................................43 6.2. Recommendations.....................................................................................................43 6.3. Future Work ..............................................................................................................44 6.4. Summary ...................................................................................................................44 Chapter 7: Conclusion...........................................................................................................46 7.1. Introduction...............................................................................................................46 7.2. Conclusion.................................................................................................................46 8. Reference List..................................................................................................................47 9. Appendices.....................................................................................................................51 9.1. Implementation Screenshots .....................................................................................51 9.2. Coding Part of Implementation.................................................................................61
Kurra Srirekha 6 List of Figures 1.1 Sydney Strom at Collaroy in Northen Sydney Impacted AWS Cloud (Source: SBS.com) 9 2.1 Multiple clustered applications before failover (Source: Microsoft TechNet)..................16 2.2 Multiple clustered applications after failover (Source: Microsoft TechNet).....................16 2.3 Network Loan Balancing (Source: Microsoft TechNet)....................................................17 2.4 Cloud Computing (Source: Wikipedia) .............................................................................18 2.5 Amazon Aurora Database Backup for Replication and Clustering (source: AWS) ..........19 2.6 Use of Multi Cloud Configuration using AWS and Azure (Source: Google Images).......24 2.7 Failover in Multi-Cloud Environment(Soure: Google Images).........................................24 4.1 Solution Structure For Backup and Failover .....................................................................31 4.2 Architectural Design of AWS and Azure Cloud to Cloud Connectivity...........................31 4.3 Virtual Network Gateway between AWS and Azure ........................................................32 5.1 Communicating Both VMs of AWS and Azure ................................................................38 5.2 Database Replication Between AWS and Azure...............................................................39 5.3 File Transferring Between AWS and Azure......................................................................41 6.1 Cloud to Cloud Load Balancer – Future Scope .................................................................44
Kurra Srirekha 7 List of Tables 1.1 Earlier Cloud Service Outages...........................................................................................10 3.1 Sample Linux Commands..................................................................................................28 3.2 MySQL Configuration.......................................................................................................29 4.1 Openswan Configuration File............................................................................................33 4.2 Maria DB Installation Command.......................................................................................33 4.3 Configuration for wsrep Option in my.config ...................................................................34 4.4 Configuration for VSRep Option in my.config .................................................................34 5.1 Test Case Scenarios ...........................................................................................................37 5.2 VPN Tunnel Testing Result...............................................................................................38 5.3 Database Cluster Testing Result ........................................................................................39 5.4 Cloud to Cloud Backup Testing Result .............................................................................41
Kurra Srirekha 8 Acronyms AWS Amazon Web Services VPN Virtual Private Network VNet Virtual Network SSH Secure Shell SCP Secure Copy Protocol VM Virtual Machine VPC Virtual Private Cloud ERP Enterprise Resource Planning ELB Elastic Load Balancing NAT Network Address Translator OS Operating System PaaS Platform as a Service SaaS Software as a Service
Kurra Srirekha 9 Chapter 1: Introduction of the Project 1.1.Introduction Most of the cloud-based businesses including banks in Sydney and surrounding areas were interrupted on June 4, 2016, due to a storm in Sydney. Many services were affected due to the power failing for Amazon Simple Storage Service (S3) and Elastic Cloud Compute (EC2) (Juha Saarinen, 2016). This was the inspiration for this project. This project provides the study, design and implementation of cloud-to-cloud failover to provide 100% availability of the services that are deployed or dependent on cloud computing. 1.1 Sydney Storm at Collaroy in Northern Sydney Impacted AWS Cloud (Source: SBS.com) In many cases, organisations with large-size deployments choose to operate their framework on numerous platforms or environments based on requirements such as providing backup, failover, redundancy or expanding their business. By using cloud computing and virtual cloud services provided by different vendors are perfectly matched to backup and failover scenarios. However, depending on one cloud service provider is not reliable for meeting customer requirements in multiple geographic regions. Because, even the world’ largest cloud computing platforms are vulnerable to periodic failure or power outage (Head, 2016).. That means
Kurra Srirekha 10 enterprise cloud users must still consider business continuity planning, providing backup for their data and failover. Therefore, what is needed is a network of multiple clouds (Veena, 2013). 1.1 Previous Cloud Service Outages Having various data centres at various geographical areas provided by large cloud service vendors is one way to overcome this type of issue. However, that would not have been an option for customers who do not have data centres in multiple locations in their cloud network region. For instance, AWS does not have data centres in multiple locations in Australia, only in the Sydney area (Head, 2016). Along these lines, by utilising the services of different cloud suppliers, redundancy of service provides more benefits than simply business impact. Users can host their own cloud servers on data centres from different providers. This helps users to manage the risks related to the business progression of the cloud service supplier. This is conceivable as every service vendor works independently. Hence, the multi-cloud environment is a major focus in helping
Kurra Srirekha 11 clients to utilise backup and failover services over various cloud suppliers and platforms (Rawat, 2013). This paper gives a structural example that illustrates the coordination of failover and data backup between the AWS and AZURE cloud environments with the help of the VPN tunnel. In this project, the VPN tunnel performs a critical part in the improvement of the networking system. In this way, the computer is directly connected to the private networking system with the help of the VPN (Huanhuan et al., 2015). The further chapters of this report are structured in a meaningful manner. Chapter 2 states and explains the background of the study. Chapter 3 defines the analysis of this report based on the domain and technical level study. Chapter 4 describes the design and implementation of this project. A detailed description of the results and evaluation of results is given in Chapter 5. Chapter 6 describes the future scope and recommendations. Finally, the conclusions drawn from the implementation are discussed in Chapter 7. 1.2.Project Objective The primary objective of this project is to provide backup and failover by connecting Microsoft Azure and Amazon Web Services using a VPN tunnel. This project creates a site-to-site IPsec tunnel so that it can be connected to a Virtual Private Cloud that is hosted in AWS to an Azure network for failover and providing backup. The detailed objectives are given below. 1. Creating a Virtual Private Cloud (VPC) in AWS and a Virtual Network (VNET) in AZURE. 2. Deploying Virtual Machines (VMs) in both AWS and AZURE virtual environments, each using Ubuntu. 3. Creating a Virtual Gateway on the AZURE end and installing Openswan on the AWS end in order to connect both cloud networks by using VPN. 4. Establishing an IPsec tunnel between two cloud platforms and ensuring that the two VMs are communicating with each other. 5. Providing backup and data migration by bridging two cloud environments using the VPN tunnel.
Kurra Srirekha 12 While implementing this project, the questions below are documented for study and literature review purposes. 1. How are the AWS and the AZURE important for the backup and failover with the help of the VPN tunnels? 2. What level of security will be achieved by this connection? 3. How effective can this connectivity be in terms of network workload or failover? 4. What will be the cost of implementation of a site-to-site IPsec tunnel? 5. How supportive are AWS and Azure in the VPN tunnel? 1.3.Significance of Project This study is important for companies who have their business-critical functionalities deployed on the cloud. There is evidence from incidents when major cloud companies like Amazon, Microsoft had service failures. Many companies research cloud availability before implementing their business on the cloud. This project helps companies to understand how cloud-to-cloud failover works to support the continuity of their business. There are scenarios where companies like HP had to bear a loss of $US160 million due to the failure of a traditional ERP implementation in 2004. Similarly, Hershey and Nike ERP implementations have failed in the past. According to Gartner (Gartner, 2016) research, 55% to 75% of traditional ERP implementations are at risk. This is the reason most of the businesses are moving their business to the cloud for safe and secure business functionalities. This project provides insight into cloud outages and failover mechanisms to provide 100% availability for business functionality. In addition, this project discusses the benefits of the multi-cloud environment. Different approaches to connect two different clouds are studied in this project. This project provides further understanding of new technology, such as the use of VPN to connect two clouds. This research covers the implementation of cloud-to-cloud failover using VPN. This project is significant to readers who want to enable seamless relocation of existing services between two different dedicated cloud infrastructures. The significance from a business point of view is listed below.
Kurra Srirekha 13 1. Increased Profits: Avoid losses caused by unpredicted system failures. 2. Peace of Mind: Making maximum use of computers to achieve 100% business availability, providing a trusted business solution. 3. Sustain Brand Name: Avoid brand impact due to unexpected failures. 1.4.Scope and Limitations of Project Project Scope The scope of this study is based on cloud-to-cloud failover. For implementation and analysis purposes, Amazon Cloud and Microsoft Azure are considered in scope for this project. This project creates a combination of the clouds that is capable of providing connectivity to high- level operations including backup, failover and data migration. For this setup, on the AWS end, an Ubuntu server is selected as it is the underlying platform. The scope of data collection is from other organisations with this connection setup, and various books and journals are utilised to obtain in-depth knowledge of site-to-site connectivity. This research requires technical knowledge of the technologies listed below. 1. Network Connectivity: A working knowledge of network connectivity is required because the setup requires high-level security. 2. Networking: A working grasp of routing setups and protocols is vital to execute the proposed networking connectivity. 3. AWS and Azure Cloud Services: Marston et al. (2011, p.176) mentioned that AWS and Azure offer similar capabilities in terms of storage and networking. It is essential to gather in-depth knowledge of these two platforms in performing the network connectivity. The functionality associated with each of these platforms needs to be analysed, and based on that, the implementation process will be carried out. 4. Ubuntu: Hands-on knowledge of Ubuntu is required as there is a need to work with Ubuntu on both AWS and AZURE. In addition to the above, the resources below are requirements for the project. 1. Amazon Web Services active account
Kurra Srirekha 14 2. Azure cloud services active account 3. Minimum $100 credit in both Amazon and Azure 4. Laptop in working condition. 5. Ubuntu at both the Amazon and Azure ends is required in order to have site-to- site secure IPsec tunnel connectivity (blogs.technet.microsoft.com, 2016). Project Limitations Time constraint is the primary limitation of this study. In addition, other project limitations are listed below. 1. This research does not compare cloud technologies and providers. 2. The cost analysis of cloud failover is out of scope. 3. This research is based on secondary information, and the information is sourced from the AWS and Azure company websites. 4. This research does not cover the testing of all failover scenarios. 1.5.Summary In this section, the background, need, significance, scope and limitations are studied. This section provides a basic understanding about AWS and Azure clouds as an introduction for beginners. The primary motive of this project is to study and implement cloud-to-cloud failover for 100% systems availability. Ongoing research in this area helps to indicate the scope for future study. This study is important to examine business dependency on the software cloud. The next section provides an in-depth background of the study, concepts for different terms, and techniques. It also covers other researchers’ viewpoints on cloud failover.
Kurra Srirekha 15 Chapter 2: Background of Research 2.1.Introduction This chapter describes the background of the research related to this project. This chapter includes a discussion of cloud backup and failover, which covers how failovers and backups help in data recovery and business continuity. The information provided in this section is based on various scholarly studies and reviews in cloud backup and failover techniques. 2.2.Backup and Failover For any organisation, business continuity is very important. For example, the Sydney storm in June 2016 impacted millions of people due to unavailability of online services. The business continuity issue has impacted many brands. Organisations want to have fully functioning applications and services even in the event of a disaster. Thus, organisations need failover mechanisms in order to ensure that services can run with only minor interruptions in the case of a disaster. Generally, any enterprise maintains up-to-date copies of data in different geographical locations so that data can be accessible without interruptions even if one location fails or is disabled, which is known as the backup mechanism (Rouse, 2016). Failover is the ability of a system to protect against a minor disturbance in a short period of time using a significant automated process. It is different from load balancing. In a failover scenario, one server enables operations on another server when the usual one has failed, whereas in load balancing, all the servers are operational but work in a load-sharing mode. The failover concept is designed for maximum availability whereas load balancing is built for scalability. Backup is the capacity to proceed with data in a case of outages, usually with multiple copies of data in different locations, and normally including manual activities. It addresses data recovery and continuity through two independent platforms or environments, each containing its own information and executables (Huanhuan et al., 2015). Both failover and load balancing concepts are achieved through clustering. The diagrams shown below depict the architecture of server failover.
Kurra Srirekha 16 2.1 Multiple clustered applications before failover (Source: Microsoft TechNet) 2.2 Multiple clustered applications after failover (Source: Microsoft TechNet)
Kurra Srirekha 17 2.3 Network Loan Balancing (Source: Microsoft TechNet) 2.3.Cloud Computing Cloud computing is based on an online data processing and availability. The applications are implemented on shared infrastructure through web. Before the usage of cloud computing, internet provided online document sources, for multiple users like Google Mail or Google Docs which are termed as Software as a Service(SaaS) (Chang, 2011). With so many organisations requiring SaaS for their own functionalities, Amazon developed AWS, which runs on the cloud and thus empowers the organisations’ functionalities to run on the cloud (Amazon Web Services, 2010). The benefits of AWS enable organisations to consume these services, build their own functionalities, and build a private cloud. Ubuntu
Kurra Srirekha 18 Server Edition running Ubuntu Enterprise Cloud is an example of running a private cloud (Eucalyptus Systems, 2010). There has been much research into cloud computing, especially in the area of the execution of virtualised resources in public and private clouds. Many scholar researches are carried out in cloud computing and components (Buyya et al, 2011). The diagram below shows a typical cloud computing scenario where multiple devices are connected to the cloud to operate multiple services built on one platform. 2.4 Cloud Computing (Source: Wikipedia) Cloud computing has become a cost-effective solution for businesses due to shared and globally distributed resources. Clients are provided global access to cloud platforms. IT companies like IBM, Google, AWS, Microsoft and many others have built data centres across regions to support cloud services. By 2020, cloud computing revenue is estimated to reach $US241 billion (Reid et al., 2011). Ease of infrastructure and application setup in the cloud has influenced companies to use cloud shared services (Arean, 2013). According to an IBM white paper, 61% of UK organisations are dependent on cloud solutions (White paper, 2013). However, there are a few security challenges, such as recovery mechanisms, trust, and risk
Kurra Srirekha 19 management, which ought to be considered to give better client fulfillment and business continuity. 2.3.1. Backup and Failover Approaches in Cloud Disaster recovery (DR) is a process used in most organisations as part of their Business Continuity Plan (BCP). There are many components of BCP, and data backup and recovery is one of them. Most databases and servers provide inbuilt backup and restore methods which are easy to set up. Failover is different from backup in that to handle a failover scenario, database application and service backup is mandatory to provide continuous connectivity from the point of failure. Hence in failover architecture, backup and database replication is an important concept. Amazon provides database connectivity for six familiar databases (Oracle, Amazon Aurora, MySQL, PostgreSQL, Microsoft SQL Server and MariaDB). Amazon Aurora is its own database management system (DBS), and according to Amazon (AWS, 2016) it provides five times the performance of MySQL. The diagram illustrated below shows the Amazon database backup and replication scenario. 2.5 Amazon Aurora Database Backup for Replication and Clustering (Source: AWS) The cloud platform provides different approaches for backup, recovery, and failover based on the infrastructure of organisations. Backup Approaches
Kurra Srirekha 20 IT infrastructures are categorised into cloud-native, on-premises and hybrid environments. i. Cloud-Native environment: This scenario deals with an infrastructure that relies completely on the cloud. If an organisation is running all its services from the cloud, that organisation can have many built-in features in order to back up, protect data and support recovery requirements. ii. On-premises environment: This scenario deals with an infrastructure that exists on the premises, using no components in the cloud. However, this environment allows some software vendors to directly connect their applications with cloud storage solutions for providing backup and recovery support. iii. Hybrid environment: This scenario deals with the two infrastructures discussed above, cloud-native and on-premises environments. These two structures are combined into a hybrid environment. Here, the network has both on-premises and cloud infrastructure components. Thus, applications that are running in the cloud will be connected to applications that are running on-premises. However, latency is the main constraint while uploading data to the cloud, and consistent performance is required in order to protect data. (AWS, 2016). Failover Approaches: When the primary components in the network such as a server, processor, network or database become unavailable due to either failover or downtime, then secondary components in that network or other network components will take the responsibility to provide fault tolerance. The cloud platform provides services like a load balancer to maintain the workloads between systems or networks in the event of failure. (Rouse, 2005). i. Multi-Server: In this scenario, if one organisation has only one data centre in the cloud platform, there can be multiple servers to store their applications, and by using a load balancer, then if one server fails, they can run their applications by using another instance in the cloud so that their business will continue without any interruptions. When the load balancer is used, the workload can be distributed between the instances according to spikes in usage. (Robertson, 2016). Limitations: Here, if one server fails, by using the load balancing service, the cloud user can have business continuity. However, there is still an issue if that cloud load balancer service fails or that entire data centre fails due to power outages or disasters.
Kurra Srirekha 21 ii. Multi-Datacentre: To overcome the limitations of a single data centre organisation, the multiple data centre concept is proposed. An organisation with large deployments can run the business in multiple data centres in the cloud. Thus, if one data centre fails due to disaster or power outage in that data centre location, a user can use another data centre to run their business by using a load balancing service. (Robertson, 2016). Limitations: Here, the load balancer is needed to distribute the workload between data centres. Thus, if that load balancing service fails, or if the entire cloud infrastructure fails due to disaster or electricity issues, the business continuity will be lost. Therefore, if an organisation's applications run in the cloud, such as SaaS or PaaS, their crucial business data relies upon the cloud provider, which leads to risk in the event of data loss or failure of that cloud platform. The organisation itself has to take responsibility for protecting its important data, regardless where data actually exists. Generally, PaaS and SaaS providers such as Amazon Web Services, Microsoft Azure, and Google Apps will perform the task of backing up the user's data. However, such backups are for their own benefit, not for users. For example, a user needs to recover deleted data, but he might find that cloud provider is unable or unwilling to help due to disasters or power outages. Then that user may not be able to recover his lost data. Hence, one cannot depend on a single cloud provider; organisations should consider their business continuity by having suitable backup and failover mechanisms in the event of unexpected failure of a current cloud platform. 2.3.2. Cloud Outages No matter how widespread large cloud platforms become in the world, or what level of performance, improved availability or uptime is offered by cloud providers, the cloud is vulnerable to periodic failures or power outages. (Head, 2016). This report describes the best- known AWS and AZURE cloud outages in recent years, as this project mainly deals with Amazon and Azure cloud environments. Amazon Outages 1. 2016 (June 5): Sydney spent that Sunday struggling through severe storms. The outage also affected AWS services including EC2, Database Migration Service,
Kurra Srirekha 22 ElastiCache, RDS (Relational Database Service), CloudFormation, Route 53 Private DNS, CloudHSM, Redshift, Elastic Beanstalk and Storage Gateway.(Juha Saarinen, 2016). 2. 2015 (September 20): The Northern Virginia (US-EAST-1) region has suffered a giant outage affecting AWS services, including CloudWatch, Cognito and DynamoDB, which all broke down that day. (Fiveash, 2015). 3. 2012 (December 25): The Elastic Load Balancing (ELB) was down in the US-East area. It affected the applications that utilise the ELB, and these applications were disconnected for over 23 hours. For example, organisations like Netflix were affected due to this outage (Fernand, 2014). Azure Outages 1. 2016 (March 23): East Asian region users faced a problem for App ServiceWeb Apps and Virtual Machines due to an interruption to the physical network infrastructure within the region. That problem later meant higher-than-usual latency for those trying to reach cloudy VMs. (Sharwood, 2016). 2. 2015 (December 3): The European region suffered from an outage which caused users to be unable to access both Microsoft Azure infrastructure-as-a-service (IaaS), and business productivity tools that are based on the Office 365 cloud for several hours in that region. (Donnelly, 2015). 3. 2012 (February 29): Windows Azure experienced a vast outage. In response, the service management system had been switched off for about seven hours worldwide. At the time of that incident, a senior software engineer from Microsoft reported that the major cause of the incident was certification issues. (Parnell, 2012). These cloud outages prove that, even though if cloud users use the best cloud platforms, this does not prevent periodic failures or electric power outages due to natural disasters. Therefore, cloud users should think about their business continuity before cloud outages happen.
Kurra Srirekha 23 To eliminate dependency on one cloud, the multi-cloud environment is available. Connecting one cloud network by using another cloud platform is the most likely solution in order to eradicate interruptions to businesses. 2.4.Multi-Cloud Environment This procedure utilises various cloud platforms to diminish the threat of data loss or downtime due to unexpected errors in cloud computing. Data that is limited to one cloud service may be at risk in case of situations such as service failure, disaster, and power outages. Therefore, that specific cloud data will be inaccessible (Woods et. al., 2010). Hence, this platform will be the best solution for users who want business continuity by backing up data from cloud to cloud and using a failover provision to handle the failure of even one cloud computing environment. Limitations: The limitations of multi-cloud implementation are listed below (Ravello, 2014). 1. Complexity: as different cloud services and different infrastructures are connected, there is no standard terminology to build a multi-cloud platform. 2. Management Overhead: due to the complexity of the network architecture, expertise is needed to determine what to move to the cloud, when, where, and why. 2.4.1. Cloud-to-Cloud Failover A cloud network architecture combining two other different cloud networks is created to provide backup and failover. The outcome in this study is achieved by providing end-to-end security to two different networks in order to allow the users to manage the workload in both cloud networks, providing full VM connectivity with the help of a secure IPsec tunnel. This setup is a working system that supports high availability operations, backup and failover. Thus, this project is suitable for organisations that want to operate their framework on various platforms depending upon their requirements, such as providing backup, failover and redundancy to expand their business. This project demonstrates the failover from the Amazon cloud to the Azure cloud. The diagram below illustrates the use of two cloud environments. The services provided by AWS
Kurra Srirekha 24 and Azure provide the functionality to set up the multi-cloud environment for the failover scenario. 2.6 Use of Multi-cloud Configuration using AWS and Azure (Source: Google Images) 2.7 Failover in Multi-Cloud Environment (Source: Google Images) There are further benefits of multi-cloud failover which overcome the limitations and promote business continuity. 2.4.2. Benefits of Connecting Two Clouds The benefit of this multi-cloud failover is that it provides multi-region application continuity and a high performance database in the cloud. In addition, the multi-cloud takes advantage of all the benefits provided by the single cloud environment as shown below. (Ravello, 2014). 1. Reduce dependency
Kurra Srirekha 25 2. High availability 3. Failover 4. Competitive prices 5. Business extensions The benefits of multi-cloud failover are achieved through VPN. 2.5.VPN The main focus of this project is connecting AWS virtual private cloud to Azure virtual network by using a virtual private network, and hence understanding the VPN is significant to this project. VPN builds a private network on a public network. It authenticates PC to send and receive data across shared networks. VPNs normally permit remote access connections which are authenticated and make utilization of encryption procedures in order to secure private data. The protected VPN protocol that is used in this project design for the purpose of end to end security is Internet Protocol Security (IPsec), which was first created for IPv6. IPsec utilises encryption, encapsulating an IP packet inside an IPsec packet to meet the security objectives of integrity, authentication, and privacy. IPsec is perfect for network-to-network (site-to-site) tunnelling. In this project, VPN is used to connect two distinct virtual cloud networks. In general, security is considered to be the key issue across the virtual networks, where users face endpoint issues while using the cloud. As this project deals with AWS and Azure, the complete security standards that are offered by the AWS and Azure for security provision at all network levels ensure user safety and privacy. 2.5.1. Cloud-to-Cloud Connectivity using VPN Cloud service providers like Amazon and Azure support multi-cloud configurations through a VPN gateway. A VPN gateway is a collection of resources that are used to send network traffic between virtual networks and on-premises locations. Gateways are used for site-to-site (S2S), point-to-site, and multi-point connections. This project implements the site-to-site connection between the AWS and Azure virtual networks.
Kurra Srirekha 26 Site-to-Site connection: This is a connection over an IPsec/IKE VPN tunnel. This kind of connection needs a VPN device situated on-premises that has a public IP address associated with it and is not situated behind a Network Address Translation (NAT). S2S associations can be utilised for cross-premises and hybrid configurations (McGuire, 2016). 2.6.Ubuntu Ubuntu is a Linux-based operating system. The Ubuntu server is used for the project implementation because it is free of cost. Information about Ubuntu is out of scope for this project. The Ubuntu Server Guide (team, 2016) should be referred to for the installation in this project. Ubuntu documentation provides step-by-step information on installation and configuration of the various server applications on Ubuntu system to fit the requirements. 2.7.Summary In this chapter, the backup and failover processes are studied. This chapter provides a basic overview of cloud backup and failover techniques and well-known cloud outages in recent years. This chapter concludes that the multi-cloud environment is the solution to avoiding unexpected cloud outages and describes how both AWS and Azure support the multi-cloud configurations. Continuing research in this area helps to indicate the scope for future study. This project is significant when considering business dependency on the software cloud. The next chapter provides in-depth analysis of the project, related to the domain and technical levels in the multi-cloud environment.
Kurra Srirekha 27 Chapter 3: Resources and Technical Analysis 3.1.Introduction Analysis is important to the implementation of the project to overcome the challenges and reduce the risk of project failure. After the review of the literature and concepts related to multi- cloud failover, this section presents the analysis by integrating different components to form a solution. This analysis establishes the connection between project objectives and technical feasibility. The objective of this project is to set up a project in the AWS and Azure cloud environments, replicate databases to and from each server, back up the file system and test the failover scenario. The tools used to achieve these objectives are Ubuntu, Openswan, IPsec, VPN tunnel and SSH. 3.2.Analysis of Resources As this project is based on two different cloud platforms, there is a need to analyse the most suitable cloud platforms for the project objectives. Both cloud platforms should support the VPN tunnel, as it plays a main role in the project. Choosing the appropriate cloud vendors based on the project targets will reduce the complexity. In this project AWS and Azure cloud platforms had been chosen. As these two platforms having technically more similarities, this combination will reduce the complexity for implementing multi cloud environment. In the process of VPN tunnel implementation between AWS and Azure, a software VPN has been used at AWS end to make EC2 instance acts like VPN device. As this project deals with Ubuntu server, Openswan source package is used. It is a VPN software since 2005 for Linux-based operating systems and it supports most of IPsec extensions. It is already included in the distribution of Ubuntu, Gentoo, Red Hat and many others. In the backup and failover pattern implementation, multi-master synchronous replication has been used inside each database cluster for high availability and for the failover provision. In this project, synchronous replication is implemented using MariaDB Galera, which is a multi-master cluster for MySQL/XtraDB/InnoDB databases. MariaDB is an upgraded, drop-in substitute for MySQL, and it utilises the Galera library for database replication.
Kurra Srirekha 28 It is only accessible for operating systems that are based on Linux, which supports the InnoDB or XtraDB storage engines with the essential features of automatic joining of nodes, synchronous replication, read and write when connected with any cluster node, and direct client connections. Hence, the advantages with MariaDB lead to numerous DBMS clustering solutions that incorporate clusters with no slave lag, no data transaction loss, and minute client latencies (vexxhost, 2015). 3.3.Analysis of Technical Challenges Ubuntu is a Linux-based OS, and hence it requires thorough understanding so that other components like Openswan can be installed smoothly. To avoid the challenges of configuring Openswan on Ubuntu, an understanding of Linux code to edit and save the configuration is required. An analysis of the Openswan configuration file is required as modifying it incorrectly results in rework. The commands listed below are useful for the implementation of this project. 3.1 Sample Linux Commands Edit/insert: - I Exit: - :x (or) :q Save and Exit: - :wq Paste: Fn + Ins The analysis of the firewall setting between the two clouds is important. It is required to authenticate one cloud’s virtual machine with the other cloud. Hence it is important to update the route table and security groups of the Openswan server in AWS correctly. These security groups and route tables are used to allow traffic from remote networks. It is required to include two UDP custom inbound rules. These rules include 4500 and 500, both using the Azure gateway IP address with /32 as the CIDR and routing table by including the network address of Azure virtual system. In order to successfully install MariaDB in both cloud VMs, it is required to check the compatibility of the Ubuntu server with the MariaDB version before implementation of the project.
Kurra Srirekha 29 The analysis of the MySQL configuration files is important for setting up the MariaDB cluster for database replication. Once the MySQL configuration files change is complete, a service restart is required using the following command. service mysql restart However, this command may result in failure if the databases on both nodes are not authenticated. Hence, the MySQL configuration file is to be analysed and updated as shown below to make it work. 3.2 MySQL Configuration To transfer files from one cloud to another cloud, the SSH key of both VMs must be exchanged. Then, bidirectional file transfer will be successful. During the technical analysis of this project, the focus is kept on configuration changes, and with continuous learning, all the challenges can be resolved. 3.4.Summary This section provides the technical analysis of the different tools prior to the actual implementation. The technical analysis is required to choose a different tool in case of a version compatibility issue. In this project, each component is analysed, and for configuration changes, a few online documents are referenced. The next section provides the design of this project and the code, along with screenshots from the project implementation.
Kurra Srirekha 30 Chapter 4: Design and System Implementation 4.1.Introduction The previous sections covered techniques and tools related to cloud-to-cloud failover. This section provides the design and implementation of cloud-to-cloud failover so that the services are not impacted. This implementation is done in two stages. In the first stage, the failover of AWS MySQL database to Azure MySQL database using MariaDB is performed. In the second stage, the automated backup of the file system from AWS to Azure cloud is performed using IPsec. 4.2.Problem and Context The significance of this implementation is the need for the business continuity plan to meet 100% availability of service even on the cloud platform. On September 15, 2016, a global DNS outage impacted Azure services for all regions. There are many such examples of cloud unavailability in 2016, as discussed in the literature for this project, impacting businesses across the globe. Hence this project covers an implementation of 100% cloud computing availability using the cloud-to-cloud failover concept. While implementing this project, there were some challenges due to the integration of different components to form a structured solution. For the failover to happen from AWS to Azure, it is important that both clouds connect and communicate with each other. This bridge is set up using Openswan, which is installed on the AWS Ubuntu and Azure Ubuntu virtual machines. The continuous learning and debugging techniques have helped in successful configuration and implementation of Openswan and in building a VPN tunnel between the two clouds. The architecture of this project is described in later sections. 4.3.Solution Structure Defining a solution is a systematic process in which different components are linked to build a solution. The solution structure is a process of capturing all the technical details in an architectural format. This project has followed a recurring procedure in which the architecture rework is done based on pseudocode testing (H. J. La and S. D. Kim, 2009). The diagram below is an illustration of the steps followed in the solution architecture of this project.
Kurra Srirekha 31 4.1 Solution structure for backup and failover This procedure has helped in identifying functional and non-functional areas. One result of the solution structuring is a process flow design of the cloud-to-cloud failover network architecture components as illustrated below. 4.2 Architectural design of AWS and Azure cloud-to-cloud connectivity Amazon Virtual Private Cloud (VPC) is the primary virtual machine in the cloud network of this project. The Ubuntu server is installed on this VM. The backup server is Azure Virtual Net on which Ubuntu is also installed. To connect both virtual machines over the cloud, Openswan is installed on the primary cloud (AWS) and configured with VPN so that both
Kurra Srirekha 32 communicate with each other using a VPN tunnel. MariaDB is used for MySQL database replication, and IPsec is used for file backup from AWS to Azure. The process flow and installation of this solution is explained next in the implementation process section. 4.4.Implementation Process The implementation of the project begins with creation of a VPC in the AWS US-West region with a network address of 10.0.0.0/16 and one public subnet with an address range of 10.0.0.0/24. An Ubuntu server is deployed in the subnet and assigned an IP of 10.0.0.61. This server is associated with an Elastic IP (EIP) address to access the Ubuntu server by using the SSH command line interface. The EIP is required to connect with the Azure network. A virtual network (VNet), similar to VPC in AWS, is created in the Azure US-East region with a network address of 172.16.0.0/16 and an added subnet with network address 172.16.1.0/24. The Ubuntu server is deployed in the virtual network and assigned the IP address of 172.16.1.5. The configuration of site-to-site connectivity is set by using EIP and the address space of AWS. A virtual network gateway is created as shown in the screenshot below, which generates a virtual gateway IP address and manages the shared key. 4.3 Virtual Network Gateway between AWS and Azure 4.4.1. Site-to-Site VPN Tunnel Setup Openswan is deployed in the AWS Ubuntu server so that it acts as a VPN device to work for the VPN tunnel. Openswan depends on IPsec protocol. This protocol is used for encoding IP traffic before packets are exchanged between source and destination. Router is used for encryption, decryption, encapsulation and de-capsulation. Security groups and route tables are
Kurra Srirekha 33 modified on AWS end to allow traffic from Azure. The Openswan /etc/ipsec.conf file’s connection section is given below. 4.1 Openswan Configuration File Where, # Left = AWS side Ubuntu server IP address # Left subnet = AWS network address # Right = Azure virtual network gateway # Right subnet = Azure virtual network address The implementation process is divided into two stages: one for failover cluster setup and the other for file system backup. 4.4.2. MariaDB Galera Cluster Setup (Replication and Failover) MariaDB Galera Cluster is deployed on both VMs to synchronise the MySQL database through replication. Below is the command used to install the MariaDB cluster. 4.2 MariaDB Installation Command
Kurra Srirekha 34 After the deployment of the MariaDB cluster, a configuration file called “my.config” is changed on each virtual machine with wsrep configuration options so that the MariaDB cluster understands the endpoints for communication. In addition to this change, the configuration file is changed for the VSRep option to provide the IP address and related details of the other VM. Hence in the AWS VM, the IP address of Azure is provided and vice versa, so that MariaDB acts as a mediator for replication between the two clouds. To configure VSRep under the [mysqld] directory on each node, the “my.config” file is changed with their particular hostnames, IP address and root passwords. 4.3 Configuration for wsrep Option in my.config 4.4 Configuration for VSRep Option in my.config The configuration is completed successfully, and hence the bi-directional replication of MySQL DB is initiated using the MariaDB cluster. 4.4.3. SSH Keys and SCP Command (File System Backup)
Kurra Srirekha 35 SSH is a kind of protocol that permits secure connections between virtual machines. The SCP command is useful for transferring files across SSH connections from one cloud to another. An SSH public key is used to transfer the data between AWS and Azure. The SSH key of the AWS Ubuntu server is copied into the “authentications_key” file in Azure and vice versa so that required files can be transferred from one Ubuntu VM to another Ubuntu VM by using an SCP command. 4.5.Challenges Connecting two different clouds is not an easy process. While implementing the VPN tunnel that is based on IPsec mode between AWS and Azure, there will be a problem when the peers of the tunnel are at the back of the NAT. The NAT changes the data of an IP packet so that this IP packet will be rejected by the other peer as the signature of the packet is wrong. The solution is commonly known as NAT-T (NAT Traversal); it works using an IPsec packet encapsulating technique in UDP packets. As these packets can pass via NAT routers, there will be no loss of packets or packet drops. When using Openswan to create a VPN tunnel, there will be two parameters called Left and Right, which are simply peers on the two ends of its tunnel. Various parameters for these two ends will be configured in “/etc/ipsec.conf”, which is used to define a tunnel between two nodes. The “ipsec.conf” file will have “nat_traversal=no” by default, and as there is a need to support NAT Traversal, that command should be changed as “nat_traversal=yes”. There is an “auto” parameter in the conn section of the ipsec.conf file. This parameter is used to set the automatic operation which should be done during IPsec startup. By default, this parameter is defined as “auto=ignore”, which indicates that no operation is set as automatic startup. Therefore, this value should be changed to “auto=start”, which indicates the automatic connection. (Rosen, 2016). Openswan supports NAT-T in order to pass IP packets through NAT routers, which makes UDP packets by encapsulating IPsec packets without being dropped. Hence, to allow UDP packets, the inbound rules in the security group of the Openswan server that is located in the AWS virtual private cloud should be modified with two custom UDP rules that allow port ranges 4500 and 500 to allow traffic from the Azure virtual network gateway. 4.6.Summary
Kurra Srirekha 36 This section provides the detailed configuration of the Ubuntu server on both nodes (AWS and Azure) and other components’ configuration for failover and backup purposes. The sanity check is done to test the connectivity between two nodes. The next section captures the test results and evaluation of the objectives of this project.
Kurra Srirekha 37 Chapter 5: Testing and Evaluation 5.1.Introduction The implementation of cloud-to-cloud failover and backup is achieved using the control panel provided by AWS with components like Openswan, MariaDB cluster, VPN and SSH integration. A virtual network gateway is created in the Azure virtual machine and Openswan in the AWS virtual machine. The coding is done in AWS in order to create the tunnel between AWS and Azure. For MariaDB, the coding is done on both VMs for configuration. This section covers the test cases, results and evaluation of how the implementation achieves the objectives. The testing is carried out in two phases: one for cloud failover and one for file system backup validation. The test case scenarios are shown in the table below. 5.1 Test Case Scenarios Sr # Test Description Execution Step Test Result Remarks 1. VPN Tunnel Testing 2. Database Cluster Replication 3. File transfers between two clouds Test Results Codes: OK – Test condition is passed NG – Not good (i.e., test condition failed) NT – Not tested The screenshots captured while testing are provided in the appendix. 5.2.VPN Tunnel Testing The testing of the VPN tunnel is important because it shows the success or failure of connectivity between the two clouds. In order to verify whether the VPN is up on the virtual machines, the command show crypto ipsec sa is used. If the connection is successful, then the
Kurra Srirekha 38 output of this command shows both the inbound and outbound SPI. This result shows the encaps/decaps counters incrementing if the traffic passes through the tunnel. 5.1 Communicating Both VMs of AWS and Azure 5.2 VPN Tunnel Testing Result Sr # Test Description Execution Step Test Result Remarks 1. VPN Tunnel Testing a. Go to AWS b. Open command prompt c. Use command below show crypto ipsec sa OK 2. VPN Session Check a. Go to AWS b. Open Command prompt c. Use command below show vpn-sessiondb OK Result is Session status: UP-ACTIVE 5.3.Database Cluster Replication The cluster status monitoring is required to check if the cluster is operational. This test case covers the monitoring, status updates and failover scenario.
Kurra Srirekha 39 5.2 Database Replication Between AWS and Azure 5.3 Database Cluster Testing Result Sr # Test Description Execution Step Test Result Remarks CHECKING CLUSTER INTEGRITY 1. Check the Cluster Configuration a. Open MariaDB Windows and run command below SHOW GLOBAL STATUS LIKE 'wsrep_%'; OK It shows the wsrep protocol version as 5, last committed as 202 and thread count as 2 2. Check Cluster Integrity SHOW GLOBAL STATUS LIKE 'wsrep_cluster_state_uuid'; OK It shows the cluster state UUID which helps to determine that this node is part of the cluster. 3. Check the number of nodes in the cluster SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size'; OK The value is 2 4. Check cluster status SHOW GLOBAL STATUS LIKE 'wsrep_cluster_status'; OK The value is primary. CHECKING THE NODE STATUS
Kurra Srirekha 40 5. Check if node is accepting queries SHOW GLOBAL STATUS LIKE 'wsrep_ready'; OK The value is ON 6. Check if node has network connectivity with other node SHOW GLOBAL STATUS LIKE 'wsrep_connected'; OK The value is ON 7. Check node state SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment'; OK The value is Joined CHECKING THE REPLICATION HEALTH 8. Check the average size of write set queue SHOW STATUS LIKE 'wsrep_local_recv_queue_avg'; OK The value is 3.34. If the value is greater than 0.0, it means there is delay in replication. Ideally the value should be as close as possible to 0.0. 9. Check the pause status due to flow control SHOW STATUS LIKE 'wsrep_flow_control_paused'; OK The value is 0.18. If the value is greater than 0.0, it means the node is paused due to flow control. Ideally the value should be as close as possible to 0.0. DETECTING SLOW NETWORK ISSUES 10. Check average length of the query SHOW STATUS LIKE 'wsrep_local_send_queue_avg'; OK The value is 0.14. Values greater than 0.0 indicate a network bottleneck. Ideally the value should be as close as possible to 0.0. FAILOVER TO AZURE
Kurra Srirekha 41 11. Check if database is failed over AWS database should be down and Azure database should be up and acting as primary OK Azure database is showing as primary 5.4.AWS-AZURE: Inter-Cloud Transfer (file transfers between two clouds) SSH and SCP are used for the file transfer between two VMs for backup and restore purposes in the case of cloud failure. SSH is the general protocol, and SCP is the Linux SSH client command. Hence this covers the test cases and results of file transfer scenarios as shown in the table below. 5.3 File Transferring Between AWS and Azure 5.4 Cloud-to-Cloud Backup Testing Result Sr # Test Description Execution Step Test Result Remarks 1. Check all SSH connected sessions [root@router~]# netstat -tnpa | grep 'ESTABLISHED. *sshd' OK It shows two IP addresses as established with SSH 2. Check if SSH service is running sudo service ssh start OK
Kurra Srirekha 42 3. Check if SCP is transferring file through SSH [virtual machine ~]$ scp examplefile yourusername@yourserver:/home/yourusername/ OK The file is copied to the virtual machine correctly. 5.5.Results Evaluation During this testing procedure, there are some important evaluations needed of the test results. This testing is carried out to make sure the defined objectives are tested as part of this project implementation. The evaluation is performed on two major test conditions as described next. 5.5.1. AWS-AZURE Failover The failover is performed using the MariaDB cluster. The database on AWS is failed manually, and it is evaluated that it immediately fails over to Azure. Because both databases are in sync with the help of replication services, there was no outage, and hence they provided 100% availability of the data. This testing is important for the mission-critical businesses that are dependent on cloud computing. 5.5.2. AWS-AZURE Backup For the AWS-to-Azure backup, the SSH protocol is used. The files are backed up using an SCP Linux command. The AWS virtual machine is made unavailable, and the files are still accessible from the Azure virtual machine. This evaluation verifies that, from the point of failure, the cloud-to-cloud file system backup and recovery still function without any data loss or unavailability during a disaster. 5.6.Summary The testing is a critical part of this project as it tests the project through multiple scenarios as defined in the test cases and provides the results. The failover from AWS to Azure is achieved using the MariaDB cluster, and file system synchronisation is performed using SCP through the SSH protocol.
Kurra Srirekha 43 Chapter 6: Recommendations and Future Scope 6.1.Introduction The implementation of this project overcomes the cloud failure challenges when using cloud technologies. Though there are lessons to be learned from this project implementation, it provides a direction for future work by enhancing cloud-to-cloud failover to achieve high scalability and performance. 6.2.Recommendations The VPN device must support some requirements in order to work correctly; for example, it must have a public-facing IPv4 address and support IKEv1. The VPN device must also support NAT-T, AES 128-bit encryption, SHA-1, etc. to establish the IPsec security associations in the VPN tunnel. In this project, the software VPN Openswan, which supports all the above requirements. has been used at the AWS end of the VPN tunnel. However, this can be done by using different methods. Windows server 2012 R2 can be used as tunnel’s end-point on the AWS side and also as an Azure VPN device. A Windows PowerShell script will be used in this method to install RRAS (Routing and Remote Access Server) on the AWS server, and it needs to be configured in order to create the site-to-site IPsec tunnel between AWS and Azure. Openswan can be used on both sides, or Strongswan can be used at the AWS end, to create the VPN tunnel. However, Strongswan is a more developed document than Openswan. (Michael, 2015). Another software VPN called TMG 2010 supports these prerequisites, yet achieving full network functionality has turned out to be harder than anticipated. (MikeWo, 2013). Other recommendations from this project are listed below. 1. In the cloud failover project, thorough understanding and hands-on experience of the technologies help to save time in implementation. 2. Prior to cloud-to-cloud failover implementation, a compatibility study of the different cloud technologies and tools is important.
Kurra Srirekha 44 3. In the cloud-to-cloud failover testing, maximum scenarios are required to be covered. 6.3.Future Work The scope of this project is limited to cloud clustering and file system backup. Therefore, the future scope in cloud availability will be the implementation of cloud-to-cloud load balancing for higher performance and scalability. This can be implemented using HA Proxy, which is an open-source package that is used to create load balancing between two different virtual networks. By using this source, a virtual IP address that acts like a load balancer can be created between AWS and Azure to balance the workload between primary and secondary sites. The solution structure can be as illustrated in the diagram below. 6.1 Cloud-to-Cloud Load Balancer – Future Scope In this project the file backup is implemented manually, which can be automated in future. The cost and security analysis of the multi-cloud environment can be considered for future study and implementation. 6.4.Summary A multi-cloud environment between AWS and Azure had been implemented by using an Openswan software VPN. This chapter discussed other approaches to achieve cloud-to-cloud connectivity. In this chapter, a few recommendations are made regarding the VPN device. This
Kurra Srirekha 45 chapter also defined the creation of the automatic backup and load balancer between AWS and Azure to balance the workload for providing high availability, as included in the future scope of this project.
Kurra Srirekha 46 Chapter 7: Conclusion 7.1.Introduction The integration of AWS and Azure provides cloud-to-cloud failover in order to overcome the challenges arising from unexpected cloud outages. This chapter will discuss the overall conclusion of this project. 7.2.Conclusion This project will be a meaningful solution for large-sized organisations that are considering their business continuity even in the case of unexpected outages or failures. The test results of this project proved that 100% business availability on the cloud is achievable. Recent examples of cloud outages, like the 2016 Sydney storm resulting in an AWS outage or the Azure outages due to other natural calamities, have forced the business community to rethink the alternative options for their service availability. This project has implemented and tested the potential for 100% cloud availability by using cloud-to-cloud failover techniques.
Kurra Srirekha 47 8. Reference List Books, Journals & Documents 1. Arean, O. (2013). Disaster recovery in the cloud. Network security, 9, 5-7. doi:10.1016/S1353-4858(13)70101-6 2. Buyya, R., Broberg, J., & Goscinski, A. M. (2011). Cloud computing: Principles and paradigms. Brooklyn, NY: Wiley. 3. Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud computing and developing information technology platforms: Vision, buildup, and actuality for conveying computing as the fifth utility. Anticipated generation computer systems, 25(6), 599-616. 4. Cassidy, L. (2016, August 03). PROJECT MANAGEMENT: TIME ESTIMATES AND PLANNING. Retrieved from projectsmart. 5. CIF (2016). UK cloud adaption and trends for 2016. Retrieved from https://www.cloudindustryforum.org/content/uk-cloud-adoption-trends-2016 6. Daniel, N., Rich, W., Chris, G., Graziano, O., Sunil, S., Lamia, Y., & Dmitrii, Z. (2009). The eucalyptus open-source cloud-computing system. IEEE international symposium on cluster computing and the grid, 12(9), 124-131. doi:10.1109/CCGRID.2009.93 7. Deepa. (2012, August 7). 14 cloud outages in 7 months, who is next? CIOL Bureau 2, 2-3. Retrieved from http://www.ciol.com/14-cloud-outages-months/ 8. Donnelly, C. (2015, December 03). European Office 365 and Microsoft Azure users hit by service outage. Retrieved from Computerweekly. 9. Ferguson, T. (2009). Salesforce.com outage hits thousands of businesses. Retrieved from http://news.cnet.com/8301-1001_3-10136540-92.html 10. Fernand, F. (2014, April 23). Managing elasticity across Multi-cloud providers. Retrieved from Slideshare: http://www.slideshare.net/fifiant/multicloud 11. Fiveash, K. (2015). AWS outage knocks Amazon, Netflix, Tinder and IMDb in MEGA data collapse. London: the register. 12. Foley, M. J. (2016). Global DNS outage hits Microsoft Azure customers. Australia: ZDNet.
Kurra Srirekha 48 13. Head, B. (2016). Ignore cloud faults at your peril. CWANZ (p. 15). Australia: TechTarget. 14. Hofmann, P., & Woods, D. (2010). Cloud computing: The limits of public clouds for business applications. IEEE internet computing, 6, 91-93. 15. Huanhuan X., Frank F., & Claus P. (2015). An architecture pattern for multi-cloud high availability and disaster recovery. Workshop on Federated Cloud Networking FedCloudNet, pp. 5-6 16. Jackson, T. (2008). We feel your pain and we are sorry. Retrieved from http://gmailblog.blogspot.com/2008/08/we-feel-your-pain-and-were-sorry.html 17. John, M. (2010). Amazon elastic compute cloud (EC2). Retrieved from http://aws.amazon.com/ec2/. 18. Juha Saarinen, A. C. (2016). AWS Sydney outage downs big-name web companies. Australia: itnews. 19. Kevin J. (2009). Secure Cloud Computing: An Architecture Ontology Approach. Retrieved from http://sunset.usc.edu/gsaw/gsaw2009/s12b/jackson.pdf, DataLine, 2009. 20. Lin, Y. K., & Chang, P. C. (2011). Maintenance reliability estimation for a cloud computing network with nodes failure. Expert systems with applications, 38, 14185– 14189. 21. Marston, S., Li, Z., Bandyopadhyay, S., Zhang, J., & Ghalsasi, A. (2011). Cloud computing - The business perspective. Decision Support Systems, 51, 176-189. doi: 10.1016/j.dss.2010.12.006 22. McGuire, C. (2016, 09 21). About VPN Gateway. Retrieved from Microsoft Azure: https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-about- vpngateways/ 23. Parnell, B.-A. (2012). Microsoft's Azure cloud down and out for 8 hours. London: the register. Retrieved from the register. 24. Perez, J. C. (2008). Extended Gmail outage hits apps admins. Retrieved from http://www.computerworld.com/s/article/9117322/Extended_Gmail_outage_hits_App s_admins
Kurra Srirekha 49 25. Pierre R. (2016). Step-by-step: connect your AWS and Azure environments with a VPN tunnel. Retrieved from https://blogs.technet.microsoft.com/canitpro/2016/01/11/step- by-step-connect-your-aws-and-azure-environments-with-a-vpn-tunnel/ / 26. Rawat, V. (2013). Reducing failure probability of cloud storage services using multi- cloud. Kota, Rajasthan: University College of Engineering, RTU. Retrieved from https://arxiv.org/ftp/arxiv/papers/1310/1310.4919.pdf 27. Reid, S., Kicker, H., Matzke, P., Bartels, A., & Lisserman, M. (2011). Sizing the cloud. technical report. Retrieved from http://www.forrester.com-/E- /Sizing+The+Cloud/fulltext/RES58161objectid=RES58161 28. Robertson, B. (2009). Top five cloud computing adoption inhibitors. Enterprise innovation, 5, 12-14. 29. Rouse, M. (2007). Line of business. Retrieved from http://searchcio.techtarget.com/definition/ LOB 30. Rouse, M. (2016). Line of business. Retrieved from http://searchcio.techtarget.com/definition/ LOB, (accessed on 20 Nov 2012). 31. Saarinen, J., Coyne, A. C. (2016). AWS Sydney outage downs big-name web companies. Australia: itnews. 32. Sharwood, S. (2016). Azure's wobbly day as three services glitch around the world. London: The Register. 33. Team. (2016). Ubuntu Server Guide. Retrieved from helpubuntu: https://help.ubuntu.com/lts/serverguide/serverguide.pdf 34. Veena R. (2013). Reducing failure probability of cloud storage services using multi- cloud. Kota, Rajasthan: University College of Engineering, RTU. Retrieved from https://arxiv.org/ftp/arxiv/papers/1310/1310.4919.pdf 35. Xiong, H. F. (2015). An architecture pattern for multi-cloud high availability and disaster recovery. Workshop on Federated Cloud Networking FedCloudNet, 15. Websites http://www.rightscale.com/blog/enterprise-cloud-strategies/private-and-hybrid- clouds-9-use-cases-and-implementation-advice https://www.opsgility.com/blog/2013/09/03/connecting-clouds-site-to-site-aws-azure/ http://developers-club.com/posts/196798/ www.Gartner.com
Kurra Srirekha 50 http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Aurora.html https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-about- vpngateways/
Kurra Srirekha 51 9. Appendices This section provides the screenshots used during the implementation of the project. 9.1. Implementation Screenshots The following are the implementation screenshots of the procedure to connect the AWS and Azure cloud platforms using VPN connection in order to provide backup and failover. 1) Created a VPC with single public subnet in AWS environment 9.1: Creating VPC with single public subnet 9.2: Details of VPC while creating
Kurra Srirekha 52 2) Deployed Ubuntu server in VPC 9.3: Selecting Ubuntu AMI in EC2 dashboard 9.4: Configuration details of Ubuntu instance while deploying
Kurra Srirekha 53 3) Created Elastic IP and associated that EIP with Ubuntu server that was created in previous step 9.5: Allocating EIP in EC2 dash board 9.6: Associate EIP with Ubuntu server
Kurra Srirekha 54 4) Created Azure virtual network 9.7: Created virtual network in Azure 5) Created site-to-site connectivity 9.8: Given AWS VPC address space and Elastic IP of AWS while creating Site-to-Site connection
Kurra Srirekha 55 9.9: Created site-to-site connectivity 6) Defined the Azure virtual network subnet and added Gateway subnet 9.10: Adding subnet and gateway for virtual network in Azure
Kurra Srirekha 56 7) Created the Azure Virtual Network Gateway 9.11: Azure virtual network Gateway IP address produced 9.12: Manage shared key generated 8) Connect to the Ubuntu VM on AWS side to configure Openswan
Kurra Srirekha 57 9.13: Accessing Ubuntu by using SSH PuTTY on AWS side 9) Installed Openswan on Ubuntu server in AWS Used the following command to install openswan on Ubuntu. sudoapt-get install openswan 9.14: Installing Openswan in the AWS Ubuntu server 10) Configured the openswan by editing the code
Kurra Srirekha 58 The code for the Openswan configurations is presented in next section (9.2). Once the Openswan configurations are done, edited the “sysctl.conf “file: Enabled the IP forwarding to the Open Swan VM by uncommenting the command below: net.ipv4.ip_forward=1 Next, disabled the “source / destination checking” option on the Open Swan server: 9.15: Disabling source/destination check 11) Modified Security Groups to Allow Traffic from Windows Azure 9.16: Modified security groups for openswan server in AWS
Kurra Srirekha 59 12) Azure Virtual Network Connected to Amazon AWS Virtual Private Cloud Before restarting the Openswan server, the connection representation is as shown below: 9.17: Connection between two clouds before configuring openswan Then, restarted the openswan server by using command below: sudo service ipsec restart Now, the graphical representation of connection between two clouds will be as show: 9.18: connection between two clouds after configuring Openswan
Kurra Srirekha 60 Then, used ping command to check whether both VMs on the two clouds are communicating with each other or not 9.19: Pinging both VMs in different clouds 13) Deployed Maria DB cluster to perform Database replication Installed Maria DB cluster on two nodes by using the command below: Maria DB configurations on two nodes is provided in Coding section (9.2). 14) Replication of Database between two cloud VMs, which can consider as Failover
Kurra Srirekha 61 9.20: database replication between two VMs 15) File transferring between two cloud VMs; can consider as File System backup 9.21: Files transferring between two VMs 9.2. Coding Part of Implementation Openswan Configurations on AWS side: Edited the ipsec.conf file:
Kurra Srirekha 62 9.22: Edited ipsec. conf file Edited the amnazure. conf file: 9.23: Edited amnazure. conf file Edited the ipsec. secrets file: Specified the Azure gateway and manage shared key in command below:
Kurra Srirekha 63 9.24: Edited ipsec.secrets file Maria DB Cluster Configurations: Maria DB galera cluster has been deployed in each VM to provide synchronous MySQL database replication. Below command is used to install Maria DB cluster in each VM: Then, to configure the Maria DB cluster, the files below have been changed.
Kurra Srirekha 64 MySQL Settings: First of all, opened the my.cnf file and commented the following lines, which are uncommented by default on Ubuntu servers.
Kurra Srirekha 65 MariaDB Settings: Now added the following lines for wsrep configuration options in my.cnf file under [mysqld]directive as shown below in AWS server and Azure server. VSRep Providers Configurations: Here, configured the VSRep configurations under the [mysqld]directory on each node by adding the following lines in /etc/mysql/my.cnf file with their specific IP address, hostnames and root password.
Kurra Srirekha 66 In this project, bi-directional replication has been implemented between AWS and Azure VMs; this replication provides the failover and failback between the AWS and Azure sites.

More Related Content

PDF
Adaptive fault tolerance_in_real_time_cloud_computing
bywww.pixelsolutionbd.com
 
PDF
Integrated-Security-Solution-for-the-virtual-data-center-and-cloud
byJohn Atchison
 
PDF
IRJET- An Efficient Data Replication in Salesforce Cloud Environment
byIRJET Journal
 
DOCX
Winds of change from vender lock in to the meta cloud
byMunisekhar Gunapati
 
PDF
Master thesis
byYuosof Radi
 
PDF
Security & Compliance in the Cloud - Hadoop Magazine Column Version 1.2 by Ja...
byJarrett Neil Ridlinghafer
 
PDF
92 494
bySubramanian Senthamarai Kannan
 
PDF
Survey on Data Security with Time Constraint in Clouds
byIRJET Journal
 
Adaptive fault tolerance_in_real_time_cloud_computing
bywww.pixelsolutionbd.com
 
Integrated-Security-Solution-for-the-virtual-data-center-and-cloud
byJohn Atchison
 
IRJET- An Efficient Data Replication in Salesforce Cloud Environment
byIRJET Journal
 
Winds of change from vender lock in to the meta cloud
byMunisekhar Gunapati
 
Master thesis
byYuosof Radi
 
Security & Compliance in the Cloud - Hadoop Magazine Column Version 1.2 by Ja...
byJarrett Neil Ridlinghafer
 
92 494
bySubramanian Senthamarai Kannan
 
Survey on Data Security with Time Constraint in Clouds
byIRJET Journal
 

Viewers also liked

PDF
Buenas Prácticas de Manufactura _ Decreto 3075 de 1997
byConfecámaras
 
PPTX
proceres de la independencia
bymaria fernanda ortiz cuero
 
PPTX
Diapositivas
byCarlos Manuel Ruiz Zamora
 
DOCX
KHOOSHBU CHAUHAN resume wo cover letter
bykhooshbu chauhan
 
PPT
La generación del 900
byFernando Mori
 
PPTX
El debate político entre monarquía y republica
byCarlos Manuel Ruiz Zamora
 
DOCX
Evidencia 1 (De Conocimiento) RAP1_EV01 -Actividad Interactiva: “Conceptos SG...
byPaola Lovee
 
DOCX
Barriers to leadership
byManasvini VimalKumar
 
PDF
Lewis & Hickey - Education
byTim Hall
 
PPTX
Getting to the top of Google - Feb 2012
byJon Payne
 
PDF
2016 MAX Award Winner for Interior Design
byLinfield Designs
 
PPTX
Paul Cezanne Paintings
byMichelle S.
 
PPTX
WJN 19 Dec 2015 collectors auction results
byWjn House
 
Buenas Prácticas de Manufactura _ Decreto 3075 de 1997
byConfecámaras
 
proceres de la independencia
bymaria fernanda ortiz cuero
 
Diapositivas
byCarlos Manuel Ruiz Zamora
 
KHOOSHBU CHAUHAN resume wo cover letter
bykhooshbu chauhan
 
La generación del 900
byFernando Mori
 
El debate político entre monarquía y republica
byCarlos Manuel Ruiz Zamora
 
Evidencia 1 (De Conocimiento) RAP1_EV01 -Actividad Interactiva: “Conceptos SG...
byPaola Lovee
 
Barriers to leadership
byManasvini VimalKumar
 
Lewis & Hickey - Education
byTim Hall
 
Getting to the top of Google - Feb 2012
byJon Payne
 
2016 MAX Award Winner for Interior Design
byLinfield Designs
 
Paul Cezanne Paintings
byMichelle S.
 
WJN 19 Dec 2015 collectors auction results
byWjn House
 

Similar to Sri-PRJ702- Project Report

PDF
Mikel berdufi university_of_camerino_thesis
byMikel Berdufi
 
PDF
A Study on Replication and Failover Cluster to Maximize System Uptime
byYogeshIJTSRD
 
PPTX
NIST CCRA.pptx for cloud computing and virtualization
bygmgkigaocwmxvbipfw
 
PDF
Additionally, it has enhanced the resources such as RAM, CPU, network bandwid...
byosamaadve
 
PDF
Private cloud storage implementation using OpenStack Swift
byTELKOMNIKA JOURNAL
 
PDF
FInal Project - USMx CC605x Cloud Computing for Enterprises - Hugo Aquino
byHugo Aquino
 
PDF
FYP Dissertation
byMohammad Hafiz
 
DOCX
CAPSTONE PROJECT LITERATURE REVIEW ASSIGNMENT 1CAPSTONE PROJEC
byTawnaDelatorrejs
 
PDF
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
byIRJET Journal
 
PDF
Implementing security groups in open stack
byRishabh Agarwal
 
PDF
IRJET - Multitenancy using Cloud Computing Features
byIRJET Journal
 
PDF
Design of a small scale and failure-resistent iaa s cloud using openstack
byYing wei (Joe) Chou
 
PDF
Security for Effective Data Storage in Multi Clouds
byEditor IJCATR
 
PDF
.Net compiler using cloud computing
byeSAT Publishing House
 
PDF
Cloud computing final format(1)
byahmed elmeghiny
 
PDF
A Comparative Review on Fault Tolerance methods and models in Cloud Computing
byIRJET Journal
 
PDF
Enhancing Data Integrity in Multi Cloud Storage
byIJERA Editor
 
PDF
A brief review: security issues in cloud computing and their solutions
byTELKOMNIKA JOURNAL
 
RTF
Secure third party cloud computing services a proposal by shibwabo anyembe
byShibwabo Christopher Anyembe
 
PDF
Cloud computing 2012_8_10_20112
byschahzada
 
Mikel berdufi university_of_camerino_thesis
byMikel Berdufi
 
A Study on Replication and Failover Cluster to Maximize System Uptime
byYogeshIJTSRD
 
NIST CCRA.pptx for cloud computing and virtualization
bygmgkigaocwmxvbipfw
 
Additionally, it has enhanced the resources such as RAM, CPU, network bandwid...
byosamaadve
 
Private cloud storage implementation using OpenStack Swift
byTELKOMNIKA JOURNAL
 
FInal Project - USMx CC605x Cloud Computing for Enterprises - Hugo Aquino
byHugo Aquino
 
FYP Dissertation
byMohammad Hafiz
 
CAPSTONE PROJECT LITERATURE REVIEW ASSIGNMENT 1CAPSTONE PROJEC
byTawnaDelatorrejs
 
IRJET- An Effective Protection on Content based Retrieval in Cloud Storehouse
byIRJET Journal
 
Implementing security groups in open stack
byRishabh Agarwal
 
IRJET - Multitenancy using Cloud Computing Features
byIRJET Journal
 
Design of a small scale and failure-resistent iaa s cloud using openstack
byYing wei (Joe) Chou
 
Security for Effective Data Storage in Multi Clouds
byEditor IJCATR
 
.Net compiler using cloud computing
byeSAT Publishing House
 
Cloud computing final format(1)
byahmed elmeghiny
 
A Comparative Review on Fault Tolerance methods and models in Cloud Computing
byIRJET Journal
 
Enhancing Data Integrity in Multi Cloud Storage
byIJERA Editor
 
A brief review: security issues in cloud computing and their solutions
byTELKOMNIKA JOURNAL
 
Secure third party cloud computing services a proposal by shibwabo anyembe
byShibwabo Christopher Anyembe
 
Cloud computing 2012_8_10_20112
byschahzada
 

Sri-PRJ702- Project Report

  • 2.
    Kurra Srirekha 1 NELSON MARLBOROUGHINSTITUTE OF TECHNOLOGY BRIDGING AWS WITH AZURE FOR BACKUP AND FAILOVER PROVISION: USING VPN CONNECTION Kurra Srirekha Student ID: 13472618 Course ID: PRJ702 9/29/2016 Graduate Diploma Project in Information Technology
  • 3.
    Kurra Srirekha 2 Abstract There aremany mission-critical businesses deployed via cloud computing. The recent Amazon Web Services (AWS) cloud outage due to a Sydney storm impacted their business brand. Similarly, Azure outages have impacted customers globally. All these recent examples point to one challenge, and that is interruption in cloud computing. Hence there needs to be a better solution than depending on one cloud. The solution that is discussed in this project is cloud-to- cloud failover and backup. Two clouds, AWS and Azure, are chosen for the implementation of this project. This project has achieved the objective of business continuity with 100% data availability by integrating AWS, Azure, MariaDB cluster, Openswan, IPsec, VPN tunnel, Secure Shell (SSH) and session control protocol (SCP) technologies. Sections 1 and 2 of this project cover the potential challenges in cloud outages, provide details on some of the most recent outages and actual challenges faced by businesses due to those cloud outages, a literature review, and the theoretical study of the concept. Sections 3 and 4 cover the analysis, design, solution architecture and implementation of the project. Section 5 covers the test scenarios, test cases, results and evaluation. Though there are lessons to be learned from this project implementation, it provides a direction for future work by enhancing cloud-to-cloud failover to achieve high scalability and performance. This project bridges AWS with the Azure cloud environment using a virtual private network (VPN) to provide backup and failover. Key words: Cloud-to-Cloud Failover, Cloud Outage, Cloud Backup, Cloud Load Balancing, AWS, Azure, MariaDB cluster, Openswan, IPsec, VPN tunnel, SSH and SCP.
  • 4.
    Kurra Srirekha 3 Acknowledgement It isalways a delight to remind the praiseworthy people in the Graduate program for their great guidance I received to uphold my practical as well as theoretical skill in Graduate Diploma. Firstly, it has indeed been a great privilege for me to have Mr. David Airehrour, as my mentor for this project. His awe-inspiring personality, superb guidance and constant support are the motive power behind this project work. I take this opportunity to express my most extreme appreciation to him. I am additionally obliged to him for his auspicious and significant advice. I would also like to acknowledge and my heartfelt gratitude to Mr. Ali Javan (IT Lecturer) and Mrs. Charanya Mohanakrishnan (IT Lecturer) who consistently upheld me in each possible way, from starting encouragement to support till this date. Finally, I am thankful to all technical and non-teaching staff of the Department of Information Technology (Networks) and NMIT for their constant assistance and co-operation.
  • 5.
    Kurra Srirekha 4 Table ofContents List of Figures...........................................................................................................................6 List of Tables ............................................................................................................................7 Acronyms..................................................................................................................................8 Chapter 1: Introduction of the Project ..................................................................................9 1.1. Introduction.................................................................................................................9 1.2. Project Objective.......................................................................................................11 1.3. Significance of Project ..............................................................................................12 1.4. Scope and Limitations of Project ..............................................................................13 1.5. Summary ...................................................................................................................14 Chapter 2: Background of Research....................................................................................15 2.1. Introduction...............................................................................................................15 2.2. Backup and Failover..................................................................................................15 2.3. Cloud Computing......................................................................................................17 2.3.1. Backup and Failover Approaches in Cloud...........................................................19 2.3.2. Cloud Outages .......................................................................................................21 2.4. Multi-Cloud Environment.........................................................................................23 2.4.1. Cloud-to-Cloud Failover........................................................................................23 2.4.2. Benefits of Connecting Two Clouds .....................................................................24 2.5. VPN...........................................................................................................................25 2.5.1. Cloud-to-Cloud Connectivity using VPN..............................................................25 2.6. Ubuntu.......................................................................................................................26 2.7. Summary ...................................................................................................................26 Chapter 3: Resources and Technical Analysis....................................................................27 3.1. Introduction...............................................................................................................27 3.2. Analysis of Resources ...............................................................................................27 3.3. Analysis of Technical Challenges.............................................................................28 3.4. Summary ...................................................................................................................29 Chapter 4: Design and System Implementation .................................................................30 4.1. Introduction...............................................................................................................30 4.2. Problem and Context.................................................................................................30 4.3. Solution Structure......................................................................................................30 4.4. Implementation Process ............................................................................................32
  • 6.
    Kurra Srirekha 5 4.4.1. Site-to-SiteVPN Tunnel Setup..............................................................................32 4.4.2. MariaDB Galera Cluster Setup (Replication and Failover)...................................33 4.4.3. SSH Keys and SCP Command (File System Backup) ..........................................34 4.5. Challenges .................................................................................................................35 4.6. Summary ...................................................................................................................35 Chapter 5: Testing and Evaluation ......................................................................................37 5.1. Introduction...............................................................................................................37 5.2. VPN Tunnel Testing..................................................................................................37 5.3. Database Cluster Replication ....................................................................................38 5.4. AWS-AZURE: Inter-Cloud Transfer (file transfers between two clouds) ...............41 5.5. Results Evaluation.....................................................................................................42 5.5.1. AWS-AZURE Failover ........................................................................................42 5.5.2. AWS-AZURE Backup .........................................................................................42 5.6. Summary ...................................................................................................................42 Chapter 6: Recommendations and Future Scope ...............................................................43 6.1. Introduction...............................................................................................................43 6.2. Recommendations.....................................................................................................43 6.3. Future Work ..............................................................................................................44 6.4. Summary ...................................................................................................................44 Chapter 7: Conclusion...........................................................................................................46 7.1. Introduction...............................................................................................................46 7.2. Conclusion.................................................................................................................46 8. Reference List..................................................................................................................47 9. Appendices.....................................................................................................................51 9.1. Implementation Screenshots .....................................................................................51 9.2. Coding Part of Implementation.................................................................................61
  • 7.
    Kurra Srirekha 6 List ofFigures 1.1 Sydney Strom at Collaroy in Northen Sydney Impacted AWS Cloud (Source: SBS.com) 9 2.1 Multiple clustered applications before failover (Source: Microsoft TechNet)..................16 2.2 Multiple clustered applications after failover (Source: Microsoft TechNet).....................16 2.3 Network Loan Balancing (Source: Microsoft TechNet)....................................................17 2.4 Cloud Computing (Source: Wikipedia) .............................................................................18 2.5 Amazon Aurora Database Backup for Replication and Clustering (source: AWS) ..........19 2.6 Use of Multi Cloud Configuration using AWS and Azure (Source: Google Images).......24 2.7 Failover in Multi-Cloud Environment(Soure: Google Images).........................................24 4.1 Solution Structure For Backup and Failover .....................................................................31 4.2 Architectural Design of AWS and Azure Cloud to Cloud Connectivity...........................31 4.3 Virtual Network Gateway between AWS and Azure ........................................................32 5.1 Communicating Both VMs of AWS and Azure ................................................................38 5.2 Database Replication Between AWS and Azure...............................................................39 5.3 File Transferring Between AWS and Azure......................................................................41 6.1 Cloud to Cloud Load Balancer – Future Scope .................................................................44
  • 8.
    Kurra Srirekha 7 List ofTables 1.1 Earlier Cloud Service Outages...........................................................................................10 3.1 Sample Linux Commands..................................................................................................28 3.2 MySQL Configuration.......................................................................................................29 4.1 Openswan Configuration File............................................................................................33 4.2 Maria DB Installation Command.......................................................................................33 4.3 Configuration for wsrep Option in my.config ...................................................................34 4.4 Configuration for VSRep Option in my.config .................................................................34 5.1 Test Case Scenarios ...........................................................................................................37 5.2 VPN Tunnel Testing Result...............................................................................................38 5.3 Database Cluster Testing Result ........................................................................................39 5.4 Cloud to Cloud Backup Testing Result .............................................................................41
  • 9.
    Kurra Srirekha 8 Acronyms AWS AmazonWeb Services VPN Virtual Private Network VNet Virtual Network SSH Secure Shell SCP Secure Copy Protocol VM Virtual Machine VPC Virtual Private Cloud ERP Enterprise Resource Planning ELB Elastic Load Balancing NAT Network Address Translator OS Operating System PaaS Platform as a Service SaaS Software as a Service
  • 10.
    Kurra Srirekha 9 Chapter 1:Introduction of the Project 1.1.Introduction Most of the cloud-based businesses including banks in Sydney and surrounding areas were interrupted on June 4, 2016, due to a storm in Sydney. Many services were affected due to the power failing for Amazon Simple Storage Service (S3) and Elastic Cloud Compute (EC2) (Juha Saarinen, 2016). This was the inspiration for this project. This project provides the study, design and implementation of cloud-to-cloud failover to provide 100% availability of the services that are deployed or dependent on cloud computing. 1.1 Sydney Storm at Collaroy in Northern Sydney Impacted AWS Cloud (Source: SBS.com) In many cases, organisations with large-size deployments choose to operate their framework on numerous platforms or environments based on requirements such as providing backup, failover, redundancy or expanding their business. By using cloud computing and virtual cloud services provided by different vendors are perfectly matched to backup and failover scenarios. However, depending on one cloud service provider is not reliable for meeting customer requirements in multiple geographic regions. Because, even the world’ largest cloud computing platforms are vulnerable to periodic failure or power outage (Head, 2016).. That means
  • 11.
    Kurra Srirekha 10 enterprise cloudusers must still consider business continuity planning, providing backup for their data and failover. Therefore, what is needed is a network of multiple clouds (Veena, 2013). 1.1 Previous Cloud Service Outages Having various data centres at various geographical areas provided by large cloud service vendors is one way to overcome this type of issue. However, that would not have been an option for customers who do not have data centres in multiple locations in their cloud network region. For instance, AWS does not have data centres in multiple locations in Australia, only in the Sydney area (Head, 2016). Along these lines, by utilising the services of different cloud suppliers, redundancy of service provides more benefits than simply business impact. Users can host their own cloud servers on data centres from different providers. This helps users to manage the risks related to the business progression of the cloud service supplier. This is conceivable as every service vendor works independently. Hence, the multi-cloud environment is a major focus in helping
  • 12.
    Kurra Srirekha 11 clients toutilise backup and failover services over various cloud suppliers and platforms (Rawat, 2013). This paper gives a structural example that illustrates the coordination of failover and data backup between the AWS and AZURE cloud environments with the help of the VPN tunnel. In this project, the VPN tunnel performs a critical part in the improvement of the networking system. In this way, the computer is directly connected to the private networking system with the help of the VPN (Huanhuan et al., 2015). The further chapters of this report are structured in a meaningful manner. Chapter 2 states and explains the background of the study. Chapter 3 defines the analysis of this report based on the domain and technical level study. Chapter 4 describes the design and implementation of this project. A detailed description of the results and evaluation of results is given in Chapter 5. Chapter 6 describes the future scope and recommendations. Finally, the conclusions drawn from the implementation are discussed in Chapter 7. 1.2.Project Objective The primary objective of this project is to provide backup and failover by connecting Microsoft Azure and Amazon Web Services using a VPN tunnel. This project creates a site-to-site IPsec tunnel so that it can be connected to a Virtual Private Cloud that is hosted in AWS to an Azure network for failover and providing backup. The detailed objectives are given below. 1. Creating a Virtual Private Cloud (VPC) in AWS and a Virtual Network (VNET) in AZURE. 2. Deploying Virtual Machines (VMs) in both AWS and AZURE virtual environments, each using Ubuntu. 3. Creating a Virtual Gateway on the AZURE end and installing Openswan on the AWS end in order to connect both cloud networks by using VPN. 4. Establishing an IPsec tunnel between two cloud platforms and ensuring that the two VMs are communicating with each other. 5. Providing backup and data migration by bridging two cloud environments using the VPN tunnel.
  • 13.
    Kurra Srirekha 12 While implementingthis project, the questions below are documented for study and literature review purposes. 1. How are the AWS and the AZURE important for the backup and failover with the help of the VPN tunnels? 2. What level of security will be achieved by this connection? 3. How effective can this connectivity be in terms of network workload or failover? 4. What will be the cost of implementation of a site-to-site IPsec tunnel? 5. How supportive are AWS and Azure in the VPN tunnel? 1.3.Significance of Project This study is important for companies who have their business-critical functionalities deployed on the cloud. There is evidence from incidents when major cloud companies like Amazon, Microsoft had service failures. Many companies research cloud availability before implementing their business on the cloud. This project helps companies to understand how cloud-to-cloud failover works to support the continuity of their business. There are scenarios where companies like HP had to bear a loss of $US160 million due to the failure of a traditional ERP implementation in 2004. Similarly, Hershey and Nike ERP implementations have failed in the past. According to Gartner (Gartner, 2016) research, 55% to 75% of traditional ERP implementations are at risk. This is the reason most of the businesses are moving their business to the cloud for safe and secure business functionalities. This project provides insight into cloud outages and failover mechanisms to provide 100% availability for business functionality. In addition, this project discusses the benefits of the multi-cloud environment. Different approaches to connect two different clouds are studied in this project. This project provides further understanding of new technology, such as the use of VPN to connect two clouds. This research covers the implementation of cloud-to-cloud failover using VPN. This project is significant to readers who want to enable seamless relocation of existing services between two different dedicated cloud infrastructures. The significance from a business point of view is listed below.
  • 14.
    Kurra Srirekha 13 1. IncreasedProfits: Avoid losses caused by unpredicted system failures. 2. Peace of Mind: Making maximum use of computers to achieve 100% business availability, providing a trusted business solution. 3. Sustain Brand Name: Avoid brand impact due to unexpected failures. 1.4.Scope and Limitations of Project Project Scope The scope of this study is based on cloud-to-cloud failover. For implementation and analysis purposes, Amazon Cloud and Microsoft Azure are considered in scope for this project. This project creates a combination of the clouds that is capable of providing connectivity to high- level operations including backup, failover and data migration. For this setup, on the AWS end, an Ubuntu server is selected as it is the underlying platform. The scope of data collection is from other organisations with this connection setup, and various books and journals are utilised to obtain in-depth knowledge of site-to-site connectivity. This research requires technical knowledge of the technologies listed below. 1. Network Connectivity: A working knowledge of network connectivity is required because the setup requires high-level security. 2. Networking: A working grasp of routing setups and protocols is vital to execute the proposed networking connectivity. 3. AWS and Azure Cloud Services: Marston et al. (2011, p.176) mentioned that AWS and Azure offer similar capabilities in terms of storage and networking. It is essential to gather in-depth knowledge of these two platforms in performing the network connectivity. The functionality associated with each of these platforms needs to be analysed, and based on that, the implementation process will be carried out. 4. Ubuntu: Hands-on knowledge of Ubuntu is required as there is a need to work with Ubuntu on both AWS and AZURE. In addition to the above, the resources below are requirements for the project. 1. Amazon Web Services active account
  • 15.
    Kurra Srirekha 14 2. Azurecloud services active account 3. Minimum $100 credit in both Amazon and Azure 4. Laptop in working condition. 5. Ubuntu at both the Amazon and Azure ends is required in order to have site-to- site secure IPsec tunnel connectivity (blogs.technet.microsoft.com, 2016). Project Limitations Time constraint is the primary limitation of this study. In addition, other project limitations are listed below. 1. This research does not compare cloud technologies and providers. 2. The cost analysis of cloud failover is out of scope. 3. This research is based on secondary information, and the information is sourced from the AWS and Azure company websites. 4. This research does not cover the testing of all failover scenarios. 1.5.Summary In this section, the background, need, significance, scope and limitations are studied. This section provides a basic understanding about AWS and Azure clouds as an introduction for beginners. The primary motive of this project is to study and implement cloud-to-cloud failover for 100% systems availability. Ongoing research in this area helps to indicate the scope for future study. This study is important to examine business dependency on the software cloud. The next section provides an in-depth background of the study, concepts for different terms, and techniques. It also covers other researchers’ viewpoints on cloud failover.
  • 16.
    Kurra Srirekha 15 Chapter 2:Background of Research 2.1.Introduction This chapter describes the background of the research related to this project. This chapter includes a discussion of cloud backup and failover, which covers how failovers and backups help in data recovery and business continuity. The information provided in this section is based on various scholarly studies and reviews in cloud backup and failover techniques. 2.2.Backup and Failover For any organisation, business continuity is very important. For example, the Sydney storm in June 2016 impacted millions of people due to unavailability of online services. The business continuity issue has impacted many brands. Organisations want to have fully functioning applications and services even in the event of a disaster. Thus, organisations need failover mechanisms in order to ensure that services can run with only minor interruptions in the case of a disaster. Generally, any enterprise maintains up-to-date copies of data in different geographical locations so that data can be accessible without interruptions even if one location fails or is disabled, which is known as the backup mechanism (Rouse, 2016). Failover is the ability of a system to protect against a minor disturbance in a short period of time using a significant automated process. It is different from load balancing. In a failover scenario, one server enables operations on another server when the usual one has failed, whereas in load balancing, all the servers are operational but work in a load-sharing mode. The failover concept is designed for maximum availability whereas load balancing is built for scalability. Backup is the capacity to proceed with data in a case of outages, usually with multiple copies of data in different locations, and normally including manual activities. It addresses data recovery and continuity through two independent platforms or environments, each containing its own information and executables (Huanhuan et al., 2015). Both failover and load balancing concepts are achieved through clustering. The diagrams shown below depict the architecture of server failover.
  • 17.
    Kurra Srirekha 16 2.1 Multipleclustered applications before failover (Source: Microsoft TechNet) 2.2 Multiple clustered applications after failover (Source: Microsoft TechNet)
  • 18.
    Kurra Srirekha 17 2.3 NetworkLoan Balancing (Source: Microsoft TechNet) 2.3.Cloud Computing Cloud computing is based on an online data processing and availability. The applications are implemented on shared infrastructure through web. Before the usage of cloud computing, internet provided online document sources, for multiple users like Google Mail or Google Docs which are termed as Software as a Service(SaaS) (Chang, 2011). With so many organisations requiring SaaS for their own functionalities, Amazon developed AWS, which runs on the cloud and thus empowers the organisations’ functionalities to run on the cloud (Amazon Web Services, 2010). The benefits of AWS enable organisations to consume these services, build their own functionalities, and build a private cloud. Ubuntu
  • 19.
    Kurra Srirekha 18 Server Editionrunning Ubuntu Enterprise Cloud is an example of running a private cloud (Eucalyptus Systems, 2010). There has been much research into cloud computing, especially in the area of the execution of virtualised resources in public and private clouds. Many scholar researches are carried out in cloud computing and components (Buyya et al, 2011). The diagram below shows a typical cloud computing scenario where multiple devices are connected to the cloud to operate multiple services built on one platform. 2.4 Cloud Computing (Source: Wikipedia) Cloud computing has become a cost-effective solution for businesses due to shared and globally distributed resources. Clients are provided global access to cloud platforms. IT companies like IBM, Google, AWS, Microsoft and many others have built data centres across regions to support cloud services. By 2020, cloud computing revenue is estimated to reach $US241 billion (Reid et al., 2011). Ease of infrastructure and application setup in the cloud has influenced companies to use cloud shared services (Arean, 2013). According to an IBM white paper, 61% of UK organisations are dependent on cloud solutions (White paper, 2013). However, there are a few security challenges, such as recovery mechanisms, trust, and risk
  • 20.
    Kurra Srirekha 19 management, whichought to be considered to give better client fulfillment and business continuity. 2.3.1. Backup and Failover Approaches in Cloud Disaster recovery (DR) is a process used in most organisations as part of their Business Continuity Plan (BCP). There are many components of BCP, and data backup and recovery is one of them. Most databases and servers provide inbuilt backup and restore methods which are easy to set up. Failover is different from backup in that to handle a failover scenario, database application and service backup is mandatory to provide continuous connectivity from the point of failure. Hence in failover architecture, backup and database replication is an important concept. Amazon provides database connectivity for six familiar databases (Oracle, Amazon Aurora, MySQL, PostgreSQL, Microsoft SQL Server and MariaDB). Amazon Aurora is its own database management system (DBS), and according to Amazon (AWS, 2016) it provides five times the performance of MySQL. The diagram illustrated below shows the Amazon database backup and replication scenario. 2.5 Amazon Aurora Database Backup for Replication and Clustering (Source: AWS) The cloud platform provides different approaches for backup, recovery, and failover based on the infrastructure of organisations. Backup Approaches
  • 21.
    Kurra Srirekha 20 IT infrastructuresare categorised into cloud-native, on-premises and hybrid environments. i. Cloud-Native environment: This scenario deals with an infrastructure that relies completely on the cloud. If an organisation is running all its services from the cloud, that organisation can have many built-in features in order to back up, protect data and support recovery requirements. ii. On-premises environment: This scenario deals with an infrastructure that exists on the premises, using no components in the cloud. However, this environment allows some software vendors to directly connect their applications with cloud storage solutions for providing backup and recovery support. iii. Hybrid environment: This scenario deals with the two infrastructures discussed above, cloud-native and on-premises environments. These two structures are combined into a hybrid environment. Here, the network has both on-premises and cloud infrastructure components. Thus, applications that are running in the cloud will be connected to applications that are running on-premises. However, latency is the main constraint while uploading data to the cloud, and consistent performance is required in order to protect data. (AWS, 2016). Failover Approaches: When the primary components in the network such as a server, processor, network or database become unavailable due to either failover or downtime, then secondary components in that network or other network components will take the responsibility to provide fault tolerance. The cloud platform provides services like a load balancer to maintain the workloads between systems or networks in the event of failure. (Rouse, 2005). i. Multi-Server: In this scenario, if one organisation has only one data centre in the cloud platform, there can be multiple servers to store their applications, and by using a load balancer, then if one server fails, they can run their applications by using another instance in the cloud so that their business will continue without any interruptions. When the load balancer is used, the workload can be distributed between the instances according to spikes in usage. (Robertson, 2016). Limitations: Here, if one server fails, by using the load balancing service, the cloud user can have business continuity. However, there is still an issue if that cloud load balancer service fails or that entire data centre fails due to power outages or disasters.
  • 22.
    Kurra Srirekha 21 ii. Multi-Datacentre:To overcome the limitations of a single data centre organisation, the multiple data centre concept is proposed. An organisation with large deployments can run the business in multiple data centres in the cloud. Thus, if one data centre fails due to disaster or power outage in that data centre location, a user can use another data centre to run their business by using a load balancing service. (Robertson, 2016). Limitations: Here, the load balancer is needed to distribute the workload between data centres. Thus, if that load balancing service fails, or if the entire cloud infrastructure fails due to disaster or electricity issues, the business continuity will be lost. Therefore, if an organisation's applications run in the cloud, such as SaaS or PaaS, their crucial business data relies upon the cloud provider, which leads to risk in the event of data loss or failure of that cloud platform. The organisation itself has to take responsibility for protecting its important data, regardless where data actually exists. Generally, PaaS and SaaS providers such as Amazon Web Services, Microsoft Azure, and Google Apps will perform the task of backing up the user's data. However, such backups are for their own benefit, not for users. For example, a user needs to recover deleted data, but he might find that cloud provider is unable or unwilling to help due to disasters or power outages. Then that user may not be able to recover his lost data. Hence, one cannot depend on a single cloud provider; organisations should consider their business continuity by having suitable backup and failover mechanisms in the event of unexpected failure of a current cloud platform. 2.3.2. Cloud Outages No matter how widespread large cloud platforms become in the world, or what level of performance, improved availability or uptime is offered by cloud providers, the cloud is vulnerable to periodic failures or power outages. (Head, 2016). This report describes the best- known AWS and AZURE cloud outages in recent years, as this project mainly deals with Amazon and Azure cloud environments. Amazon Outages 1. 2016 (June 5): Sydney spent that Sunday struggling through severe storms. The outage also affected AWS services including EC2, Database Migration Service,
  • 23.
    Kurra Srirekha 22 ElastiCache, RDS(Relational Database Service), CloudFormation, Route 53 Private DNS, CloudHSM, Redshift, Elastic Beanstalk and Storage Gateway.(Juha Saarinen, 2016). 2. 2015 (September 20): The Northern Virginia (US-EAST-1) region has suffered a giant outage affecting AWS services, including CloudWatch, Cognito and DynamoDB, which all broke down that day. (Fiveash, 2015). 3. 2012 (December 25): The Elastic Load Balancing (ELB) was down in the US-East area. It affected the applications that utilise the ELB, and these applications were disconnected for over 23 hours. For example, organisations like Netflix were affected due to this outage (Fernand, 2014). Azure Outages 1. 2016 (March 23): East Asian region users faced a problem for App ServiceWeb Apps and Virtual Machines due to an interruption to the physical network infrastructure within the region. That problem later meant higher-than-usual latency for those trying to reach cloudy VMs. (Sharwood, 2016). 2. 2015 (December 3): The European region suffered from an outage which caused users to be unable to access both Microsoft Azure infrastructure-as-a-service (IaaS), and business productivity tools that are based on the Office 365 cloud for several hours in that region. (Donnelly, 2015). 3. 2012 (February 29): Windows Azure experienced a vast outage. In response, the service management system had been switched off for about seven hours worldwide. At the time of that incident, a senior software engineer from Microsoft reported that the major cause of the incident was certification issues. (Parnell, 2012). These cloud outages prove that, even though if cloud users use the best cloud platforms, this does not prevent periodic failures or electric power outages due to natural disasters. Therefore, cloud users should think about their business continuity before cloud outages happen.
  • 24.
    Kurra Srirekha 23 To eliminatedependency on one cloud, the multi-cloud environment is available. Connecting one cloud network by using another cloud platform is the most likely solution in order to eradicate interruptions to businesses. 2.4.Multi-Cloud Environment This procedure utilises various cloud platforms to diminish the threat of data loss or downtime due to unexpected errors in cloud computing. Data that is limited to one cloud service may be at risk in case of situations such as service failure, disaster, and power outages. Therefore, that specific cloud data will be inaccessible (Woods et. al., 2010). Hence, this platform will be the best solution for users who want business continuity by backing up data from cloud to cloud and using a failover provision to handle the failure of even one cloud computing environment. Limitations: The limitations of multi-cloud implementation are listed below (Ravello, 2014). 1. Complexity: as different cloud services and different infrastructures are connected, there is no standard terminology to build a multi-cloud platform. 2. Management Overhead: due to the complexity of the network architecture, expertise is needed to determine what to move to the cloud, when, where, and why. 2.4.1. Cloud-to-Cloud Failover A cloud network architecture combining two other different cloud networks is created to provide backup and failover. The outcome in this study is achieved by providing end-to-end security to two different networks in order to allow the users to manage the workload in both cloud networks, providing full VM connectivity with the help of a secure IPsec tunnel. This setup is a working system that supports high availability operations, backup and failover. Thus, this project is suitable for organisations that want to operate their framework on various platforms depending upon their requirements, such as providing backup, failover and redundancy to expand their business. This project demonstrates the failover from the Amazon cloud to the Azure cloud. The diagram below illustrates the use of two cloud environments. The services provided by AWS
  • 25.
    Kurra Srirekha 24 and Azureprovide the functionality to set up the multi-cloud environment for the failover scenario. 2.6 Use of Multi-cloud Configuration using AWS and Azure (Source: Google Images) 2.7 Failover in Multi-Cloud Environment (Source: Google Images) There are further benefits of multi-cloud failover which overcome the limitations and promote business continuity. 2.4.2. Benefits of Connecting Two Clouds The benefit of this multi-cloud failover is that it provides multi-region application continuity and a high performance database in the cloud. In addition, the multi-cloud takes advantage of all the benefits provided by the single cloud environment as shown below. (Ravello, 2014). 1. Reduce dependency
  • 26.
    Kurra Srirekha 25 2. Highavailability 3. Failover 4. Competitive prices 5. Business extensions The benefits of multi-cloud failover are achieved through VPN. 2.5.VPN The main focus of this project is connecting AWS virtual private cloud to Azure virtual network by using a virtual private network, and hence understanding the VPN is significant to this project. VPN builds a private network on a public network. It authenticates PC to send and receive data across shared networks. VPNs normally permit remote access connections which are authenticated and make utilization of encryption procedures in order to secure private data. The protected VPN protocol that is used in this project design for the purpose of end to end security is Internet Protocol Security (IPsec), which was first created for IPv6. IPsec utilises encryption, encapsulating an IP packet inside an IPsec packet to meet the security objectives of integrity, authentication, and privacy. IPsec is perfect for network-to-network (site-to-site) tunnelling. In this project, VPN is used to connect two distinct virtual cloud networks. In general, security is considered to be the key issue across the virtual networks, where users face endpoint issues while using the cloud. As this project deals with AWS and Azure, the complete security standards that are offered by the AWS and Azure for security provision at all network levels ensure user safety and privacy. 2.5.1. Cloud-to-Cloud Connectivity using VPN Cloud service providers like Amazon and Azure support multi-cloud configurations through a VPN gateway. A VPN gateway is a collection of resources that are used to send network traffic between virtual networks and on-premises locations. Gateways are used for site-to-site (S2S), point-to-site, and multi-point connections. This project implements the site-to-site connection between the AWS and Azure virtual networks.
  • 27.
    Kurra Srirekha 26 Site-to-Site connection:This is a connection over an IPsec/IKE VPN tunnel. This kind of connection needs a VPN device situated on-premises that has a public IP address associated with it and is not situated behind a Network Address Translation (NAT). S2S associations can be utilised for cross-premises and hybrid configurations (McGuire, 2016). 2.6.Ubuntu Ubuntu is a Linux-based operating system. The Ubuntu server is used for the project implementation because it is free of cost. Information about Ubuntu is out of scope for this project. The Ubuntu Server Guide (team, 2016) should be referred to for the installation in this project. Ubuntu documentation provides step-by-step information on installation and configuration of the various server applications on Ubuntu system to fit the requirements. 2.7.Summary In this chapter, the backup and failover processes are studied. This chapter provides a basic overview of cloud backup and failover techniques and well-known cloud outages in recent years. This chapter concludes that the multi-cloud environment is the solution to avoiding unexpected cloud outages and describes how both AWS and Azure support the multi-cloud configurations. Continuing research in this area helps to indicate the scope for future study. This project is significant when considering business dependency on the software cloud. The next chapter provides in-depth analysis of the project, related to the domain and technical levels in the multi-cloud environment.
  • 28.
    Kurra Srirekha 27 Chapter 3:Resources and Technical Analysis 3.1.Introduction Analysis is important to the implementation of the project to overcome the challenges and reduce the risk of project failure. After the review of the literature and concepts related to multi- cloud failover, this section presents the analysis by integrating different components to form a solution. This analysis establishes the connection between project objectives and technical feasibility. The objective of this project is to set up a project in the AWS and Azure cloud environments, replicate databases to and from each server, back up the file system and test the failover scenario. The tools used to achieve these objectives are Ubuntu, Openswan, IPsec, VPN tunnel and SSH. 3.2.Analysis of Resources As this project is based on two different cloud platforms, there is a need to analyse the most suitable cloud platforms for the project objectives. Both cloud platforms should support the VPN tunnel, as it plays a main role in the project. Choosing the appropriate cloud vendors based on the project targets will reduce the complexity. In this project AWS and Azure cloud platforms had been chosen. As these two platforms having technically more similarities, this combination will reduce the complexity for implementing multi cloud environment. In the process of VPN tunnel implementation between AWS and Azure, a software VPN has been used at AWS end to make EC2 instance acts like VPN device. As this project deals with Ubuntu server, Openswan source package is used. It is a VPN software since 2005 for Linux-based operating systems and it supports most of IPsec extensions. It is already included in the distribution of Ubuntu, Gentoo, Red Hat and many others. In the backup and failover pattern implementation, multi-master synchronous replication has been used inside each database cluster for high availability and for the failover provision. In this project, synchronous replication is implemented using MariaDB Galera, which is a multi-master cluster for MySQL/XtraDB/InnoDB databases. MariaDB is an upgraded, drop-in substitute for MySQL, and it utilises the Galera library for database replication.
  • 29.
    Kurra Srirekha 28 It isonly accessible for operating systems that are based on Linux, which supports the InnoDB or XtraDB storage engines with the essential features of automatic joining of nodes, synchronous replication, read and write when connected with any cluster node, and direct client connections. Hence, the advantages with MariaDB lead to numerous DBMS clustering solutions that incorporate clusters with no slave lag, no data transaction loss, and minute client latencies (vexxhost, 2015). 3.3.Analysis of Technical Challenges Ubuntu is a Linux-based OS, and hence it requires thorough understanding so that other components like Openswan can be installed smoothly. To avoid the challenges of configuring Openswan on Ubuntu, an understanding of Linux code to edit and save the configuration is required. An analysis of the Openswan configuration file is required as modifying it incorrectly results in rework. The commands listed below are useful for the implementation of this project. 3.1 Sample Linux Commands Edit/insert: - I Exit: - :x (or) :q Save and Exit: - :wq Paste: Fn + Ins The analysis of the firewall setting between the two clouds is important. It is required to authenticate one cloud’s virtual machine with the other cloud. Hence it is important to update the route table and security groups of the Openswan server in AWS correctly. These security groups and route tables are used to allow traffic from remote networks. It is required to include two UDP custom inbound rules. These rules include 4500 and 500, both using the Azure gateway IP address with /32 as the CIDR and routing table by including the network address of Azure virtual system. In order to successfully install MariaDB in both cloud VMs, it is required to check the compatibility of the Ubuntu server with the MariaDB version before implementation of the project.
  • 30.
    Kurra Srirekha 29 The analysisof the MySQL configuration files is important for setting up the MariaDB cluster for database replication. Once the MySQL configuration files change is complete, a service restart is required using the following command. service mysql restart However, this command may result in failure if the databases on both nodes are not authenticated. Hence, the MySQL configuration file is to be analysed and updated as shown below to make it work. 3.2 MySQL Configuration To transfer files from one cloud to another cloud, the SSH key of both VMs must be exchanged. Then, bidirectional file transfer will be successful. During the technical analysis of this project, the focus is kept on configuration changes, and with continuous learning, all the challenges can be resolved. 3.4.Summary This section provides the technical analysis of the different tools prior to the actual implementation. The technical analysis is required to choose a different tool in case of a version compatibility issue. In this project, each component is analysed, and for configuration changes, a few online documents are referenced. The next section provides the design of this project and the code, along with screenshots from the project implementation.
  • 31.
    Kurra Srirekha 30 Chapter 4:Design and System Implementation 4.1.Introduction The previous sections covered techniques and tools related to cloud-to-cloud failover. This section provides the design and implementation of cloud-to-cloud failover so that the services are not impacted. This implementation is done in two stages. In the first stage, the failover of AWS MySQL database to Azure MySQL database using MariaDB is performed. In the second stage, the automated backup of the file system from AWS to Azure cloud is performed using IPsec. 4.2.Problem and Context The significance of this implementation is the need for the business continuity plan to meet 100% availability of service even on the cloud platform. On September 15, 2016, a global DNS outage impacted Azure services for all regions. There are many such examples of cloud unavailability in 2016, as discussed in the literature for this project, impacting businesses across the globe. Hence this project covers an implementation of 100% cloud computing availability using the cloud-to-cloud failover concept. While implementing this project, there were some challenges due to the integration of different components to form a structured solution. For the failover to happen from AWS to Azure, it is important that both clouds connect and communicate with each other. This bridge is set up using Openswan, which is installed on the AWS Ubuntu and Azure Ubuntu virtual machines. The continuous learning and debugging techniques have helped in successful configuration and implementation of Openswan and in building a VPN tunnel between the two clouds. The architecture of this project is described in later sections. 4.3.Solution Structure Defining a solution is a systematic process in which different components are linked to build a solution. The solution structure is a process of capturing all the technical details in an architectural format. This project has followed a recurring procedure in which the architecture rework is done based on pseudocode testing (H. J. La and S. D. Kim, 2009). The diagram below is an illustration of the steps followed in the solution architecture of this project.
  • 32.
    Kurra Srirekha 31 4.1 Solutionstructure for backup and failover This procedure has helped in identifying functional and non-functional areas. One result of the solution structuring is a process flow design of the cloud-to-cloud failover network architecture components as illustrated below. 4.2 Architectural design of AWS and Azure cloud-to-cloud connectivity Amazon Virtual Private Cloud (VPC) is the primary virtual machine in the cloud network of this project. The Ubuntu server is installed on this VM. The backup server is Azure Virtual Net on which Ubuntu is also installed. To connect both virtual machines over the cloud, Openswan is installed on the primary cloud (AWS) and configured with VPN so that both
  • 33.
    Kurra Srirekha 32 communicate witheach other using a VPN tunnel. MariaDB is used for MySQL database replication, and IPsec is used for file backup from AWS to Azure. The process flow and installation of this solution is explained next in the implementation process section. 4.4.Implementation Process The implementation of the project begins with creation of a VPC in the AWS US-West region with a network address of 10.0.0.0/16 and one public subnet with an address range of 10.0.0.0/24. An Ubuntu server is deployed in the subnet and assigned an IP of 10.0.0.61. This server is associated with an Elastic IP (EIP) address to access the Ubuntu server by using the SSH command line interface. The EIP is required to connect with the Azure network. A virtual network (VNet), similar to VPC in AWS, is created in the Azure US-East region with a network address of 172.16.0.0/16 and an added subnet with network address 172.16.1.0/24. The Ubuntu server is deployed in the virtual network and assigned the IP address of 172.16.1.5. The configuration of site-to-site connectivity is set by using EIP and the address space of AWS. A virtual network gateway is created as shown in the screenshot below, which generates a virtual gateway IP address and manages the shared key. 4.3 Virtual Network Gateway between AWS and Azure 4.4.1. Site-to-Site VPN Tunnel Setup Openswan is deployed in the AWS Ubuntu server so that it acts as a VPN device to work for the VPN tunnel. Openswan depends on IPsec protocol. This protocol is used for encoding IP traffic before packets are exchanged between source and destination. Router is used for encryption, decryption, encapsulation and de-capsulation. Security groups and route tables are
  • 34.
    Kurra Srirekha 33 modified onAWS end to allow traffic from Azure. The Openswan /etc/ipsec.conf file’s connection section is given below. 4.1 Openswan Configuration File Where, # Left = AWS side Ubuntu server IP address # Left subnet = AWS network address # Right = Azure virtual network gateway # Right subnet = Azure virtual network address The implementation process is divided into two stages: one for failover cluster setup and the other for file system backup. 4.4.2. MariaDB Galera Cluster Setup (Replication and Failover) MariaDB Galera Cluster is deployed on both VMs to synchronise the MySQL database through replication. Below is the command used to install the MariaDB cluster. 4.2 MariaDB Installation Command
  • 35.
    Kurra Srirekha 34 After thedeployment of the MariaDB cluster, a configuration file called “my.config” is changed on each virtual machine with wsrep configuration options so that the MariaDB cluster understands the endpoints for communication. In addition to this change, the configuration file is changed for the VSRep option to provide the IP address and related details of the other VM. Hence in the AWS VM, the IP address of Azure is provided and vice versa, so that MariaDB acts as a mediator for replication between the two clouds. To configure VSRep under the [mysqld] directory on each node, the “my.config” file is changed with their particular hostnames, IP address and root passwords. 4.3 Configuration for wsrep Option in my.config 4.4 Configuration for VSRep Option in my.config The configuration is completed successfully, and hence the bi-directional replication of MySQL DB is initiated using the MariaDB cluster. 4.4.3. SSH Keys and SCP Command (File System Backup)
  • 36.
    Kurra Srirekha 35 SSH isa kind of protocol that permits secure connections between virtual machines. The SCP command is useful for transferring files across SSH connections from one cloud to another. An SSH public key is used to transfer the data between AWS and Azure. The SSH key of the AWS Ubuntu server is copied into the “authentications_key” file in Azure and vice versa so that required files can be transferred from one Ubuntu VM to another Ubuntu VM by using an SCP command. 4.5.Challenges Connecting two different clouds is not an easy process. While implementing the VPN tunnel that is based on IPsec mode between AWS and Azure, there will be a problem when the peers of the tunnel are at the back of the NAT. The NAT changes the data of an IP packet so that this IP packet will be rejected by the other peer as the signature of the packet is wrong. The solution is commonly known as NAT-T (NAT Traversal); it works using an IPsec packet encapsulating technique in UDP packets. As these packets can pass via NAT routers, there will be no loss of packets or packet drops. When using Openswan to create a VPN tunnel, there will be two parameters called Left and Right, which are simply peers on the two ends of its tunnel. Various parameters for these two ends will be configured in “/etc/ipsec.conf”, which is used to define a tunnel between two nodes. The “ipsec.conf” file will have “nat_traversal=no” by default, and as there is a need to support NAT Traversal, that command should be changed as “nat_traversal=yes”. There is an “auto” parameter in the conn section of the ipsec.conf file. This parameter is used to set the automatic operation which should be done during IPsec startup. By default, this parameter is defined as “auto=ignore”, which indicates that no operation is set as automatic startup. Therefore, this value should be changed to “auto=start”, which indicates the automatic connection. (Rosen, 2016). Openswan supports NAT-T in order to pass IP packets through NAT routers, which makes UDP packets by encapsulating IPsec packets without being dropped. Hence, to allow UDP packets, the inbound rules in the security group of the Openswan server that is located in the AWS virtual private cloud should be modified with two custom UDP rules that allow port ranges 4500 and 500 to allow traffic from the Azure virtual network gateway. 4.6.Summary
  • 37.
    Kurra Srirekha 36 This sectionprovides the detailed configuration of the Ubuntu server on both nodes (AWS and Azure) and other components’ configuration for failover and backup purposes. The sanity check is done to test the connectivity between two nodes. The next section captures the test results and evaluation of the objectives of this project.
  • 38.
    Kurra Srirekha 37 Chapter 5:Testing and Evaluation 5.1.Introduction The implementation of cloud-to-cloud failover and backup is achieved using the control panel provided by AWS with components like Openswan, MariaDB cluster, VPN and SSH integration. A virtual network gateway is created in the Azure virtual machine and Openswan in the AWS virtual machine. The coding is done in AWS in order to create the tunnel between AWS and Azure. For MariaDB, the coding is done on both VMs for configuration. This section covers the test cases, results and evaluation of how the implementation achieves the objectives. The testing is carried out in two phases: one for cloud failover and one for file system backup validation. The test case scenarios are shown in the table below. 5.1 Test Case Scenarios Sr # Test Description Execution Step Test Result Remarks 1. VPN Tunnel Testing 2. Database Cluster Replication 3. File transfers between two clouds Test Results Codes: OK – Test condition is passed NG – Not good (i.e., test condition failed) NT – Not tested The screenshots captured while testing are provided in the appendix. 5.2.VPN Tunnel Testing The testing of the VPN tunnel is important because it shows the success or failure of connectivity between the two clouds. In order to verify whether the VPN is up on the virtual machines, the command show crypto ipsec sa is used. If the connection is successful, then the
  • 39.
    Kurra Srirekha 38 output ofthis command shows both the inbound and outbound SPI. This result shows the encaps/decaps counters incrementing if the traffic passes through the tunnel. 5.1 Communicating Both VMs of AWS and Azure 5.2 VPN Tunnel Testing Result Sr # Test Description Execution Step Test Result Remarks 1. VPN Tunnel Testing a. Go to AWS b. Open command prompt c. Use command below show crypto ipsec sa OK 2. VPN Session Check a. Go to AWS b. Open Command prompt c. Use command below show vpn-sessiondb OK Result is Session status: UP-ACTIVE 5.3.Database Cluster Replication The cluster status monitoring is required to check if the cluster is operational. This test case covers the monitoring, status updates and failover scenario.
  • 40.
    Kurra Srirekha 39 5.2 DatabaseReplication Between AWS and Azure 5.3 Database Cluster Testing Result Sr # Test Description Execution Step Test Result Remarks CHECKING CLUSTER INTEGRITY 1. Check the Cluster Configuration a. Open MariaDB Windows and run command below SHOW GLOBAL STATUS LIKE 'wsrep_%'; OK It shows the wsrep protocol version as 5, last committed as 202 and thread count as 2 2. Check Cluster Integrity SHOW GLOBAL STATUS LIKE 'wsrep_cluster_state_uuid'; OK It shows the cluster state UUID which helps to determine that this node is part of the cluster. 3. Check the number of nodes in the cluster SHOW GLOBAL STATUS LIKE 'wsrep_cluster_size'; OK The value is 2 4. Check cluster status SHOW GLOBAL STATUS LIKE 'wsrep_cluster_status'; OK The value is primary. CHECKING THE NODE STATUS
  • 41.
    Kurra Srirekha 40 5. Checkif node is accepting queries SHOW GLOBAL STATUS LIKE 'wsrep_ready'; OK The value is ON 6. Check if node has network connectivity with other node SHOW GLOBAL STATUS LIKE 'wsrep_connected'; OK The value is ON 7. Check node state SHOW GLOBAL STATUS LIKE 'wsrep_local_state_comment'; OK The value is Joined CHECKING THE REPLICATION HEALTH 8. Check the average size of write set queue SHOW STATUS LIKE 'wsrep_local_recv_queue_avg'; OK The value is 3.34. If the value is greater than 0.0, it means there is delay in replication. Ideally the value should be as close as possible to 0.0. 9. Check the pause status due to flow control SHOW STATUS LIKE 'wsrep_flow_control_paused'; OK The value is 0.18. If the value is greater than 0.0, it means the node is paused due to flow control. Ideally the value should be as close as possible to 0.0. DETECTING SLOW NETWORK ISSUES 10. Check average length of the query SHOW STATUS LIKE 'wsrep_local_send_queue_avg'; OK The value is 0.14. Values greater than 0.0 indicate a network bottleneck. Ideally the value should be as close as possible to 0.0. FAILOVER TO AZURE
  • 42.
    Kurra Srirekha 41 11. Checkif database is failed over AWS database should be down and Azure database should be up and acting as primary OK Azure database is showing as primary 5.4.AWS-AZURE: Inter-Cloud Transfer (file transfers between two clouds) SSH and SCP are used for the file transfer between two VMs for backup and restore purposes in the case of cloud failure. SSH is the general protocol, and SCP is the Linux SSH client command. Hence this covers the test cases and results of file transfer scenarios as shown in the table below. 5.3 File Transferring Between AWS and Azure 5.4 Cloud-to-Cloud Backup Testing Result Sr # Test Description Execution Step Test Result Remarks 1. Check all SSH connected sessions [root@router~]# netstat -tnpa | grep 'ESTABLISHED. *sshd' OK It shows two IP addresses as established with SSH 2. Check if SSH service is running sudo service ssh start OK
  • 43.
    Kurra Srirekha 42 3. Checkif SCP is transferring file through SSH [virtual machine ~]$ scp examplefile yourusername@yourserver:/home/yourusername/ OK The file is copied to the virtual machine correctly. 5.5.Results Evaluation During this testing procedure, there are some important evaluations needed of the test results. This testing is carried out to make sure the defined objectives are tested as part of this project implementation. The evaluation is performed on two major test conditions as described next. 5.5.1. AWS-AZURE Failover The failover is performed using the MariaDB cluster. The database on AWS is failed manually, and it is evaluated that it immediately fails over to Azure. Because both databases are in sync with the help of replication services, there was no outage, and hence they provided 100% availability of the data. This testing is important for the mission-critical businesses that are dependent on cloud computing. 5.5.2. AWS-AZURE Backup For the AWS-to-Azure backup, the SSH protocol is used. The files are backed up using an SCP Linux command. The AWS virtual machine is made unavailable, and the files are still accessible from the Azure virtual machine. This evaluation verifies that, from the point of failure, the cloud-to-cloud file system backup and recovery still function without any data loss or unavailability during a disaster. 5.6.Summary The testing is a critical part of this project as it tests the project through multiple scenarios as defined in the test cases and provides the results. The failover from AWS to Azure is achieved using the MariaDB cluster, and file system synchronisation is performed using SCP through the SSH protocol.
  • 44.
    Kurra Srirekha 43 Chapter 6:Recommendations and Future Scope 6.1.Introduction The implementation of this project overcomes the cloud failure challenges when using cloud technologies. Though there are lessons to be learned from this project implementation, it provides a direction for future work by enhancing cloud-to-cloud failover to achieve high scalability and performance. 6.2.Recommendations The VPN device must support some requirements in order to work correctly; for example, it must have a public-facing IPv4 address and support IKEv1. The VPN device must also support NAT-T, AES 128-bit encryption, SHA-1, etc. to establish the IPsec security associations in the VPN tunnel. In this project, the software VPN Openswan, which supports all the above requirements. has been used at the AWS end of the VPN tunnel. However, this can be done by using different methods. Windows server 2012 R2 can be used as tunnel’s end-point on the AWS side and also as an Azure VPN device. A Windows PowerShell script will be used in this method to install RRAS (Routing and Remote Access Server) on the AWS server, and it needs to be configured in order to create the site-to-site IPsec tunnel between AWS and Azure. Openswan can be used on both sides, or Strongswan can be used at the AWS end, to create the VPN tunnel. However, Strongswan is a more developed document than Openswan. (Michael, 2015). Another software VPN called TMG 2010 supports these prerequisites, yet achieving full network functionality has turned out to be harder than anticipated. (MikeWo, 2013). Other recommendations from this project are listed below. 1. In the cloud failover project, thorough understanding and hands-on experience of the technologies help to save time in implementation. 2. Prior to cloud-to-cloud failover implementation, a compatibility study of the different cloud technologies and tools is important.
  • 45.
    Kurra Srirekha 44 3. Inthe cloud-to-cloud failover testing, maximum scenarios are required to be covered. 6.3.Future Work The scope of this project is limited to cloud clustering and file system backup. Therefore, the future scope in cloud availability will be the implementation of cloud-to-cloud load balancing for higher performance and scalability. This can be implemented using HA Proxy, which is an open-source package that is used to create load balancing between two different virtual networks. By using this source, a virtual IP address that acts like a load balancer can be created between AWS and Azure to balance the workload between primary and secondary sites. The solution structure can be as illustrated in the diagram below. 6.1 Cloud-to-Cloud Load Balancer – Future Scope In this project the file backup is implemented manually, which can be automated in future. The cost and security analysis of the multi-cloud environment can be considered for future study and implementation. 6.4.Summary A multi-cloud environment between AWS and Azure had been implemented by using an Openswan software VPN. This chapter discussed other approaches to achieve cloud-to-cloud connectivity. In this chapter, a few recommendations are made regarding the VPN device. This
  • 46.
    Kurra Srirekha 45 chapter alsodefined the creation of the automatic backup and load balancer between AWS and Azure to balance the workload for providing high availability, as included in the future scope of this project.
  • 47.
    Kurra Srirekha 46 Chapter 7:Conclusion 7.1.Introduction The integration of AWS and Azure provides cloud-to-cloud failover in order to overcome the challenges arising from unexpected cloud outages. This chapter will discuss the overall conclusion of this project. 7.2.Conclusion This project will be a meaningful solution for large-sized organisations that are considering their business continuity even in the case of unexpected outages or failures. The test results of this project proved that 100% business availability on the cloud is achievable. Recent examples of cloud outages, like the 2016 Sydney storm resulting in an AWS outage or the Azure outages due to other natural calamities, have forced the business community to rethink the alternative options for their service availability. This project has implemented and tested the potential for 100% cloud availability by using cloud-to-cloud failover techniques.
  • 48.
    Kurra Srirekha 47 8. ReferenceList Books, Journals & Documents 1. Arean, O. (2013). Disaster recovery in the cloud. Network security, 9, 5-7. doi:10.1016/S1353-4858(13)70101-6 2. Buyya, R., Broberg, J., & Goscinski, A. M. (2011). Cloud computing: Principles and paradigms. Brooklyn, NY: Wiley. 3. Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J., & Brandic, I. (2009). Cloud computing and developing information technology platforms: Vision, buildup, and actuality for conveying computing as the fifth utility. Anticipated generation computer systems, 25(6), 599-616. 4. Cassidy, L. (2016, August 03). PROJECT MANAGEMENT: TIME ESTIMATES AND PLANNING. Retrieved from projectsmart. 5. CIF (2016). UK cloud adaption and trends for 2016. Retrieved from https://www.cloudindustryforum.org/content/uk-cloud-adoption-trends-2016 6. Daniel, N., Rich, W., Chris, G., Graziano, O., Sunil, S., Lamia, Y., & Dmitrii, Z. (2009). The eucalyptus open-source cloud-computing system. IEEE international symposium on cluster computing and the grid, 12(9), 124-131. doi:10.1109/CCGRID.2009.93 7. Deepa. (2012, August 7). 14 cloud outages in 7 months, who is next? CIOL Bureau 2, 2-3. Retrieved from http://www.ciol.com/14-cloud-outages-months/ 8. Donnelly, C. (2015, December 03). European Office 365 and Microsoft Azure users hit by service outage. Retrieved from Computerweekly. 9. Ferguson, T. (2009). Salesforce.com outage hits thousands of businesses. Retrieved from http://news.cnet.com/8301-1001_3-10136540-92.html 10. Fernand, F. (2014, April 23). Managing elasticity across Multi-cloud providers. Retrieved from Slideshare: http://www.slideshare.net/fifiant/multicloud 11. Fiveash, K. (2015). AWS outage knocks Amazon, Netflix, Tinder and IMDb in MEGA data collapse. London: the register. 12. Foley, M. J. (2016). Global DNS outage hits Microsoft Azure customers. Australia: ZDNet.
  • 49.
    Kurra Srirekha 48 13. Head,B. (2016). Ignore cloud faults at your peril. CWANZ (p. 15). Australia: TechTarget. 14. Hofmann, P., & Woods, D. (2010). Cloud computing: The limits of public clouds for business applications. IEEE internet computing, 6, 91-93. 15. Huanhuan X., Frank F., & Claus P. (2015). An architecture pattern for multi-cloud high availability and disaster recovery. Workshop on Federated Cloud Networking FedCloudNet, pp. 5-6 16. Jackson, T. (2008). We feel your pain and we are sorry. Retrieved from http://gmailblog.blogspot.com/2008/08/we-feel-your-pain-and-were-sorry.html 17. John, M. (2010). Amazon elastic compute cloud (EC2). Retrieved from http://aws.amazon.com/ec2/. 18. Juha Saarinen, A. C. (2016). AWS Sydney outage downs big-name web companies. Australia: itnews. 19. Kevin J. (2009). Secure Cloud Computing: An Architecture Ontology Approach. Retrieved from http://sunset.usc.edu/gsaw/gsaw2009/s12b/jackson.pdf, DataLine, 2009. 20. Lin, Y. K., & Chang, P. C. (2011). Maintenance reliability estimation for a cloud computing network with nodes failure. Expert systems with applications, 38, 14185– 14189. 21. Marston, S., Li, Z., Bandyopadhyay, S., Zhang, J., & Ghalsasi, A. (2011). Cloud computing - The business perspective. Decision Support Systems, 51, 176-189. doi: 10.1016/j.dss.2010.12.006 22. McGuire, C. (2016, 09 21). About VPN Gateway. Retrieved from Microsoft Azure: https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-about- vpngateways/ 23. Parnell, B.-A. (2012). Microsoft's Azure cloud down and out for 8 hours. London: the register. Retrieved from the register. 24. Perez, J. C. (2008). Extended Gmail outage hits apps admins. Retrieved from http://www.computerworld.com/s/article/9117322/Extended_Gmail_outage_hits_App s_admins
  • 50.
    Kurra Srirekha 49 25. PierreR. (2016). Step-by-step: connect your AWS and Azure environments with a VPN tunnel. Retrieved from https://blogs.technet.microsoft.com/canitpro/2016/01/11/step- by-step-connect-your-aws-and-azure-environments-with-a-vpn-tunnel/ / 26. Rawat, V. (2013). Reducing failure probability of cloud storage services using multi- cloud. Kota, Rajasthan: University College of Engineering, RTU. Retrieved from https://arxiv.org/ftp/arxiv/papers/1310/1310.4919.pdf 27. Reid, S., Kicker, H., Matzke, P., Bartels, A., & Lisserman, M. (2011). Sizing the cloud. technical report. Retrieved from http://www.forrester.com-/E- /Sizing+The+Cloud/fulltext/RES58161objectid=RES58161 28. Robertson, B. (2009). Top five cloud computing adoption inhibitors. Enterprise innovation, 5, 12-14. 29. Rouse, M. (2007). Line of business. Retrieved from http://searchcio.techtarget.com/definition/ LOB 30. Rouse, M. (2016). Line of business. Retrieved from http://searchcio.techtarget.com/definition/ LOB, (accessed on 20 Nov 2012). 31. Saarinen, J., Coyne, A. C. (2016). AWS Sydney outage downs big-name web companies. Australia: itnews. 32. Sharwood, S. (2016). Azure's wobbly day as three services glitch around the world. London: The Register. 33. Team. (2016). Ubuntu Server Guide. Retrieved from helpubuntu: https://help.ubuntu.com/lts/serverguide/serverguide.pdf 34. Veena R. (2013). Reducing failure probability of cloud storage services using multi- cloud. Kota, Rajasthan: University College of Engineering, RTU. Retrieved from https://arxiv.org/ftp/arxiv/papers/1310/1310.4919.pdf 35. Xiong, H. F. (2015). An architecture pattern for multi-cloud high availability and disaster recovery. Workshop on Federated Cloud Networking FedCloudNet, 15. Websites http://www.rightscale.com/blog/enterprise-cloud-strategies/private-and-hybrid- clouds-9-use-cases-and-implementation-advice https://www.opsgility.com/blog/2013/09/03/connecting-clouds-site-to-site-aws-azure/ http://developers-club.com/posts/196798/ www.Gartner.com
  • 51.
  • 52.
    Kurra Srirekha 51 9. Appendices Thissection provides the screenshots used during the implementation of the project. 9.1. Implementation Screenshots The following are the implementation screenshots of the procedure to connect the AWS and Azure cloud platforms using VPN connection in order to provide backup and failover. 1) Created a VPC with single public subnet in AWS environment 9.1: Creating VPC with single public subnet 9.2: Details of VPC while creating
  • 53.
    Kurra Srirekha 52 2) DeployedUbuntu server in VPC 9.3: Selecting Ubuntu AMI in EC2 dashboard 9.4: Configuration details of Ubuntu instance while deploying
  • 54.
    Kurra Srirekha 53 3) CreatedElastic IP and associated that EIP with Ubuntu server that was created in previous step 9.5: Allocating EIP in EC2 dash board 9.6: Associate EIP with Ubuntu server
  • 55.
    Kurra Srirekha 54 4) CreatedAzure virtual network 9.7: Created virtual network in Azure 5) Created site-to-site connectivity 9.8: Given AWS VPC address space and Elastic IP of AWS while creating Site-to-Site connection
  • 56.
    Kurra Srirekha 55 9.9: Createdsite-to-site connectivity 6) Defined the Azure virtual network subnet and added Gateway subnet 9.10: Adding subnet and gateway for virtual network in Azure
  • 57.
    Kurra Srirekha 56 7) Createdthe Azure Virtual Network Gateway 9.11: Azure virtual network Gateway IP address produced 9.12: Manage shared key generated 8) Connect to the Ubuntu VM on AWS side to configure Openswan
  • 58.
    Kurra Srirekha 57 9.13: AccessingUbuntu by using SSH PuTTY on AWS side 9) Installed Openswan on Ubuntu server in AWS Used the following command to install openswan on Ubuntu. sudoapt-get install openswan 9.14: Installing Openswan in the AWS Ubuntu server 10) Configured the openswan by editing the code
  • 59.
    Kurra Srirekha 58 The codefor the Openswan configurations is presented in next section (9.2). Once the Openswan configurations are done, edited the “sysctl.conf “file: Enabled the IP forwarding to the Open Swan VM by uncommenting the command below: net.ipv4.ip_forward=1 Next, disabled the “source / destination checking” option on the Open Swan server: 9.15: Disabling source/destination check 11) Modified Security Groups to Allow Traffic from Windows Azure 9.16: Modified security groups for openswan server in AWS
  • 60.
    Kurra Srirekha 59 12) AzureVirtual Network Connected to Amazon AWS Virtual Private Cloud Before restarting the Openswan server, the connection representation is as shown below: 9.17: Connection between two clouds before configuring openswan Then, restarted the openswan server by using command below: sudo service ipsec restart Now, the graphical representation of connection between two clouds will be as show: 9.18: connection between two clouds after configuring Openswan
  • 61.
    Kurra Srirekha 60 Then, usedping command to check whether both VMs on the two clouds are communicating with each other or not 9.19: Pinging both VMs in different clouds 13) Deployed Maria DB cluster to perform Database replication Installed Maria DB cluster on two nodes by using the command below: Maria DB configurations on two nodes is provided in Coding section (9.2). 14) Replication of Database between two cloud VMs, which can consider as Failover
  • 62.
    Kurra Srirekha 61 9.20: databasereplication between two VMs 15) File transferring between two cloud VMs; can consider as File System backup 9.21: Files transferring between two VMs 9.2. Coding Part of Implementation Openswan Configurations on AWS side: Edited the ipsec.conf file:
  • 63.
    Kurra Srirekha 62 9.22: Editedipsec. conf file Edited the amnazure. conf file: 9.23: Edited amnazure. conf file Edited the ipsec. secrets file: Specified the Azure gateway and manage shared key in command below:
  • 64.
    Kurra Srirekha 63 9.24: Editedipsec.secrets file Maria DB Cluster Configurations: Maria DB galera cluster has been deployed in each VM to provide synchronous MySQL database replication. Below command is used to install Maria DB cluster in each VM: Then, to configure the Maria DB cluster, the files below have been changed.
  • 65.
    Kurra Srirekha 64 MySQL Settings: Firstof all, opened the my.cnf file and commented the following lines, which are uncommented by default on Ubuntu servers.
  • 66.
    Kurra Srirekha 65 MariaDB Settings: Nowadded the following lines for wsrep configuration options in my.cnf file under [mysqld]directive as shown below in AWS server and Azure server. VSRep Providers Configurations: Here, configured the VSRep configurations under the [mysqld]directory on each node by adding the following lines in /etc/mysql/my.cnf file with their specific IP address, hostnames and root password.
  • 67.
    Kurra Srirekha 66 In thisproject, bi-directional replication has been implemented between AWS and Azure VMs; this replication provides the failover and failback between the AWS and Azure sites.