Cloud - important PDF

Preview

Summary

important...

Description

Case Study Regional Gardens Ltd is a company that runs a number of related gardening enterprises. It has a large display garden that it opens for public inspection a number of times a year. The company also owns the Regional Gardens Nursery which sells plants and garden supplies to the public. The company also owns Regional Garden Planners, which is a small company that provides garden advice, design and consultancy services. Regional Gardens Ltd has a small data centre at its main site in Bathurst where the company’s servers and data storage is located. The company runs some 40 Windows 2008 R2 physical servers in their data centre in file, print and application server roles. Each of these servers has 16GB of RAM with dualcore Xeon E5 CPU and 500GB HDD. There are 4 Red Hat Enterprise Linux 5 servers which run the company websites. The company also has a small iSCSI SAN with 100TB of storage which is the main data storage location for the company. The company’s users, who include management, administrative staff, nursery and Regional Garden Planners staff, use a range of different types of relatively modern personal computers running Windows 7 to connect to the company data centre. The directors of Regional Gardens Ltd have received a report from a group of consultants that recommends that the company should consider using Office 365 as an SaaS service for office productivity applications and email. They have also recommended that the company’s bespoke garden design software could be run as a PaaS service for internal users, but could also be supplied as a platform for other garden designers to access as a service. They have also indicated that the company may want to consider moving some of its aging computing infrastructure to an IaaS service to avoid the capital cost of replacement. 19. Describe the steps that you would take to develop a business case for migrating the infrastructure and services to the cloud. (10 marks) Answer: 1 -i) Cloud Examination phase The organization should decide which type of services it would require from the Cloud Provider and examine the cloud platforms to find if they are available, also checking compatibility with resources and expandability. The various service types ie IaaS, PaaS, SaaS should be examined and allocated for various use cases. ii)Choose delivery model It is important to determine the cloud delivery model, public, private or hybrid. This differentiates everything, and has to be decided at the very beginning. iii) Move Data centre to Cloud Infrastructure In this case, all the existing harware, ie 40 Windows servers and the 4 RedHat Linux servers are issued in the Cloud Environment and the data is migrated from them to the cloud Environment. 20. The Board has indicated that it might want to run their own Private cloud. Explain the steps that would be need to achieve this. (10 marks) 2 -i) To run its own private cloud, it should decide if its infrastructure should be on premise or off premise i.e., to check if the organization needs a remote access service or not. ii) Security must be provided here by giving access only to the planners and required members of the organization, and not to other members. Thus, we maintain confidentiality and also the access management is preserved. iii) The data can be retrieved by the authorized person from anywhere and anytime because while using the private cloud data center, one can access the data irrespective of the platform or server they are using.

iv) Depending on the type of service, user can modify the data and store it again on the cloud. For example, if the type of service is SaaS, the Regional planner can create his/her own software which provides the consultancy service and can deploy it onto the cloud which can be accessed by the users remotely. 21. What are the critical points, other than cost, that an enterprise would need to consider in choosing to migrate from local hosted infrastructure to an IaaS service provider. (10 marks) 3 -i) Disaster Recovery: While using the local data centers, there might be no backup facilities available and hence the data will be lost when there are any disasters. But in cloud, we have backups done periodically so that the data can be restored in case of any disasters. This helps to store customer and plants data to be restored. ii) Virtualized hardware: We can have virtual machines that can be run in a single device on top of the existing Operating system instead of maintaining various devices with multiple operating systems like Windows2008, Windows8 and Red hat linux which are used here. iii) Multi-tenancy: In IaaS, multiple users can access shared resources effectively unlike the local server. Thus, same consulting service can be used by multiple customers simultaneously, iv) Dynamic Scaling: Based upon the load on the server, the service provider can scale up or scale down the resources in IaaS. v) Security: The customer data and the plant data needs to be secured and the integrity has to be maintained so that only authorized members like regional planners, directors, consultants and staff can modify and access the data. In IaaS, we have more security compared to that of Local servers. 22. Describe the benefits and drawbacks, excluding costs, of moving to an IaaS model in a public cloud. (10 marks) 4 -Benefits: i) Accessibility: The data and services are provided to everyone and they can be accessed anywhere, anytime and by anyone. ii) Disaster Recovery: While using the local data centers, there might be no backup facilities available and hence the data will be lost when there are any disasters. But in cloud, we have backups done periodically so that the data can be restored in case of any disasters. This helps to store customer and plants data to be restored. iii) Virtualized hardware: We can have virtual machines that can be run in a single device on top of the existing Operating system instead of maintaining various devices with multiple operating systems like Windows2008, Windows8 and Red hat linux which are used here. iv) Multi-tenancy: In IaaS, multiple users can access shared resources effectively unlike the local server. Thus, same consulting service can be used by multiple customers simultaneously, v) Dynamic Scaling:

Based upon the load on the server, the service provider can scale up or scale down the resources in IaaS. Drawbacks: i)Security: The major drawback of using the public cloud is security. Since the data is visible to everyone, the confidentiality is not maintained in case of plants and customer data and there might be risks that other regional garden competitors might use the sensitive data for their profits. 23. Discuss the requirements for remote administration, resource management, SLA management and billing management for an IaaS deployment to a Public cloud. (10 marks) 5 -Requirements: Service Level Agreements (SLA):i) Availability: The time until when the consultancy service is available to the customers. ii) Performance: The performance of the service is measured in terms of the response time and throughput where the number of tasks completed per unit time is throughput and the time taken for the service to respond is the response time. iii) Disaster Recovery: Mean time to recover from a disaster. iv) Problem resolution: It is the process to identify the problem if any and support the available options to resolve the problem. v) Security and Privacy of data: There are many mechanisms that can be used for maintaining the security of data in storage and transmission. Billing: The following are to be considered for Billing: i) Virtual Machines: The amount of CPU, storage, memory, disk I/O, network I/O ii) Network: Network I/O,load balancer, VPN, firewall, DNS. iii) storage: Storage gateway, cloud storage, storage volumes iv) Data services: data encryption, data export or import, content delivery, data back-up v) Security services,: Identity and access management, compliance, isolation vi)Support: Level of support,fault tolerance,SLA vii)Application services: Queuing service, payment service, notification service, workflow service Remote Administration: Security, Identity and access management mechanisms. Remote management: The amount of memory, storage to be managed, the data access management mechanisms, data encryption and security mechanisms. Case Study You are the Senior Systems Administrator for a community based charity. Your charity is involved in locating and providing accommodation, mental health services, training and

support services to disadvantaged people in the community. Your charity currently runs a small data centre that has some 50 x86 64 bit servers running mainly Windows Server 2008 R2 for desktop services, database and file services. It also has about 10 Red Hat Enterprise Linux 5 servers for public facing Web pages, services and support. Your charity is considering joining a community cloud provided by a public cloud vendor in order to provide a number of applications to all 500 support staff and administrative users. The community cloud would also be used to store the charity’s 200TB of data. This data contains a considerable amount of confidential information about the people to whom the charity provides services. A small number of the charity’s applications are mission critical and the data that those applications use is both confidential and time sensitive. The cloud vendor has made a presentation to management that indicates that operational costs will drop dramatically if the cloud model is adopted. You are asked to assess whether this model is in the best interests of the business. 19. Describe the steps that you would take to do a Risk Management assessment of this proposal. (10 marks) • Conduct a business impact analysis • Conduct an Information Security assessment based on the BIA • Determine the controls to be applied • Select the ecosystem to deploy into • Assess the provider options and how to apply controls 20. Ramgovind, Eloff and Smith proposed in their 2010 paper that an information security analysis should include the requirements of Identification and authorisation, authorisation, confidentiality, Integrity, non-repudiation and availability. Discuss whether these requirements are adequate for a proper security assessment for a proposed move to an IaaS model for the charity. (10 marks) • The answer should discuss the requirements list, but could also include governance and transparency. These are generally regarded as adequate, but you will need to evaluate their assessment for logical argument 21. A potential migration to the Cloud raises many issues around Governance. Discuss the governance issues that you see arising from a migration of on-premise servers to an IaaS model. (10 marks) • Possible governance issues include, but are not limited to: value for money, improved operational readiness, improved access for customers and staff, support for mission, policies and procedures updated, security and privacy concerns addressed, proactive monitoring of usage and resources utilised, changes in services, and infrastructure requirements, changes in skills and competencies, changes in process and procedures, monitoring of risk and return from cloud services. • There should be an reasonable discussion which includes some or most of these governance issues, but other issues could be raised here as well. 22. The charity’s board has proposed a move to migrate its servers to an IaaS model. Discuss the methods that you would propose to the board to assess the SLA of the Cloud Provider. (10 marks) • compare the different Cloud Delivery Model considerations • analyse the requirements for: • cost metrics and pricing models • service quality metrics & SLAs • business cost metrics • Cloud usage cost metrics • cost management • compile these organisational and operational requirements into a Cloud SLA Management plan 23. The board has decided, as an initial step, to move the office automation and database servers to the AWS cloud in order to begin the migration process, and test their strategy. Describe the steps that you would include in the plan to migrate these services. (10 marks)

• The major steps are: 1. Assess applications and workloads, including: business considerations, application lifecycle, application architecture, data, technology, security, integration 2. Develop the business case: cost analysis, service levels, business impact, 3. Develop the technical approach: skills, security, integration, monitoring, scalability, availability, backup, data recovery 4. Create a flexible integration model: process integration, data integration, presentation integration 5. Address security and privacy issues 6. Manage the migration • Some issues they should address are: 1. Security 2. Loss of control 3. Integration 4. Availability and reliability 5. Provider lock-in 11. There are three (3) main layers in the NIST Cloud model. These are the Physical Resource Layer, The Resource Abstraction Layer and the Service layer. Describe each of these layers (5 marks). The student should at least list the following: • Physical resource layer contains hardware and the facility housing the infrastructure. • Resource Abstraction layer contains the hypervisor running on the underlying hosts • Service layer contains the service models – IaaS, PaaS, SaaS. • 12. What are the five (5) essential characteristics of a Cloud as defined by Mell and Grance in their definition of the Cloud? Briefly explain each of these characteristics (5 marks). • On-demand self-service • Broad network access • Resource pooling • Rapid elasticity • Measured service

13. There are three (3) service models in a Cloud. Describe each of these service models and show how they differ from each other (5 marks). • Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. • Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. • Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. 14. There are two (2) main boundaries that are significant in Cloud computing. The first is a Trust Boundary and the other is a Shared Responsibility Boundary. Describe both of these two types of boundary and show how they differ from each other (5 marks). • Trust Boundaries: A logical perimeter that spans past the organisational boundaries, and represents the extent to which its IT Resources are trusted • A Shared Responsibility Boundary occurs when you purchase/lease a Cloud Service. The cloud consumer shares responsibility with the cloud provider for the administration and maintenance of parts of the Cloud infrastructure . The location of the shared responsibility boundary will depend on the service that the cloud consumer uses 15. The Dynamic Scalability Architecture is one of the basic architectures that are used in a Cloud deployment. Describe how this architecture works and give an example of it in use (5 marks). • Dynamic scaling is a model that uses a set of pre-defined conditions to trigger the dynamic allocation of IT resources. This enables variable IT resource utilisation that is dictated by run-time usage o Additional resources are added where demand exceeds an upper trigger point o Resources are efficiently reclaimed when demand drops below a lower trigger point • An example would be the horizontal scaling of additional web servers to meet runtime demand, or something similar. 16. Resource management will be of critical importance when using IaaS cloud services. Describe how you would implement the management of the resources that have been moved to the cloud in an IaaS deployment (5 marks). • The areas of management that students should discuss in some combination are o Security management including the use of security groups o Remote administration of services o Monitoring of resources – compute, storage, network, etc o Monitoring of user access and use o Billing monitoring and management • 17. Cloud bursting architecture has been described as the “…saviour of the on-premise data centre”. Describe how you would use this architecture in an on-premise data centre (5 marks). • This a dynamic scaling model that “bursts out” on-premise IT resources to a cloud when a trigger point is reached o The cloud-based IT resources are normally pre-deployed (redundantly) and inactive until required o When demand drops below the lower trigger point, the cloud-based resources are released and the architecture is said to “burst in” to the data centre o An automated scaling listener determines then requests and controls the bursts

18. Describe how Elastic Disk Provisioning Architecture works and why you would you use it (5 marks). • The Elastic Disk Provisioning Architecture provides dynamic storage provisioning so the consumer pays for the exact amount of storage used o This architecture uses a thin-provisioning technology for the dynamic allocation of storage space via the Hypervisor o This is monitored at run-time by a usage monitor to provide accurate data for reports, and billing • Ana example of use would be for storage space where you request a certain amount of storage but are charged only for the storage actually used, or similar example. 11. One of the three service models in a Cloud is Software as a Service (SaaS). Describe the main characteristics of an SaaS service (5 marks) 

Configuration and customisation

 Accelerated feature delivery  Open integration protocols  Collaborative functionality 12. Explain the main differences between a Public cloud and a Private cloud. (5 marks) The cloud infrastructure is operated solely for an organization. It may be managed by the cloud organization or a third party and may exist on premise or off premise. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. 13. Describe how the Platform as a Service (PaaS) service model works. (5 marks) a platform allowing customers to develop, run and manage Web applications without the complexity of building and maintaining the infrastructure 14. Explain the concept of horizontal scaling for a cloud based service. (5 marks) Effectively, horizontal scaling adds more compute nodes to a cluster. It normally occurs in reaction to increases in run-time demand 15. There are a number of trust boundaries in a cloud environment. Describe ONE trust boundary and explain why it is important. (5 marks) A Trust boundary is a logical perimeter that spans past the organisational boundaries, and represents the extent to which its IT Resources are trusted. When a Cloud Consumer wants to access a Cloud Service, it must extend its trust beyond the physical boundary to now include parts of the Cloud environment A Shared Responsibility Boundary occurs when you purchase/lease a Cloud Service. The cloud consumer shares responsibility with the cloud provider for the administration and maintenance of parts of the Cloud infrastructure. The location of the shared responsibility boundary will depend on the service that the cloud consumer uses. The consumer needs to know here their responsibilities in the cloud start

16. List and briefly describe the major points that you would consider in assessing an SLA for a cloud service. (5 marks) 

Understand the roles of all involved

 Evaluate the business policies that apply  Understand the implications of the service model you are purchasing  Identify performance objectives  Evaluate security and privacy requirements  Identify service management requirements  Prepare for failures  Understand the DR plan  Determine the management process  Determine the exit process 17. Describe the role of virtualisation in a cloud service. (5 marks) Virtualisation underpins most cloud services and provides the means for the resource pooling, mobility a...