EXIN Cloud Computing Foundation

Basic Training Material of the

EXIN Cloud Computing Foundation Certificate
Issue March 2012
EXIN

Welcome to the Basic Training Material

These slides contain basic presentation material to prepare students
for the EXIN Cloud Computing Foundation examination
The slides may be used in a Foundation training and as a basis for an
accredited training
A good training will always require extra examples, elaborating
subjects of special interest to the audience and a good time schedule,
including break-out sessions
The order in which the Foundation subjects are presented, follow the
order of the exam requirements, which is not necessarily the order in a
good training course

Agenda

Introduction
1. Principles of Cloud Computing
2. Implementing and Managing Cloud Computing
3. Using the Cloud
4. Security and Compliance
5. Evaluation of Cloud Computing

Introduction

Course objectives

Principles of Cloud computing

Implementing and managing cloud
Using the Cloud
Security and compliance
Evaluation of Cloud computing: the business case

Overview Cloud Computing

1. The Principles of Cloud Computing

Contents

1.1 The Concept of Cloud Computing

1.2 The Evolution Towards Cloud Computing
1.3 The History Of Cloud
1.4 Cloud Computing Architectures
1.5 Benefits and Limitations of Cloud Computing

1.1

THE CONCEPT OF CLOUD

COMPUTING

Overview of the Concept of Cloud Computing

10

Definitions
cloud computing, method of running application software and
storing related data in central computer systems and providing
customers or other users access to them through the Internet.

Encyclopaedia Britannica (eb.com, 2012)

Cloud computing is a model for enabling ubiquitous, convenient,

on-demand network access to a shared pool of configurable
computing resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly provisioned and
released with minimal management effort or service provider
interaction.

NIST Special Publication 800-145 (September 2011)

This definition of the American National Institute of Standards

and Technology will form the basis for this presentation.

Five Characteristics

On-demand self-service
Resource pooling (multi-tenancy)
Rapid elasticity (flexibility, scalability)
Measured service (pay-per-use)
Broad network access ( "any time, any place, any device)

IT becomes an utility

There was a time when every household, town, farm or village had its own
water well. Today, shared public utilities give us access to clean water by
simply turning on the tap; cloud computing works in a similar fashion. Just
like water from the tap in your kitchen, cloud computing services can be
turned on or off quickly as needed. Like at the water company, there is a
team of dedicated professionals making sure the service provided is safe,
secure and available on a 24/7 basis. When the tap isn't on, not only are
you saving water, but you aren't paying for resources you don't currently
need.
Vivek Kundra

Federal CIO, United States Government.

Cloud Computing: Some examples

For everyone:
facebook, twitter (social media)
wikis
online games
hotmail (webmail)
dropbox
For business:
CRM
backup services
ERP
Financial
Etc

Four Deployment models

Public, Private, Community and Hybrid Clouds

Private Cloud: just another name for a data center?

resides on a private network that runs on (part of) a data center
that is exclusively used by one organization.
owned, managed and run by either the organization itself, a third
party or a combination of the two
support the organizations business objectives in an economic
sound way
high security (compliance with legislation and regulations)

Public Cloud
delivery of off-site services over the internet
Sharing of resources; multi-tenancy means a lower level of
security and privacy
Aimed at a wide audience
Compelling services like email and social media
Enables social networking and collaboration

Community Cloud
A type of shared private cloud
delivers services to a specific group of organizations and/or
individuals that share a common goal
easy sharing of data, platforms and applications
Sharing of capital expenditure for otherwise (too) expensive
facilities
24/7 access and support
shared service and support contracts
economics of scale
Examples: regional or national educational or research institutes,
community centers, etc.

Hybrid Cloud
a mix of the above models; combining several private and public
Cloud solutions from several providers into one (virtual) IT
infrastructure
choosing specific services for either Private or Public Cloud
suitability is balancing:
security
privacy
compliance versus price

Cloud Service Models

Software as a Service (SaaS)
The key benefits are that the customer does not need to
worry about the development and management of
applications.
Platform as a Service (PaaS)
Not owning a computer platform, but being able to use it on
demand can save costs in ownership, management and
maintenance
Infrastructure as a Service (IaaS)
Rental of physical or virtual hardware like storage, servers or
internet connectivity.

SaaS
Key characteristics:
software hosted offsite
software on demand
software package
no modification of the software
plug-in software: external software used with internal
applications (hybrid cloud)
vendor with advanced technical knowledge
user entangled with vendor
Examples: CRM, ERP, Billing and invoicing, Web Hosting, Etc.

PaaS
Key characteristics:
Mostly used for remote application development
Remote application support
Platform may have special features
Low development costs
Variants
Environment for software development
Hosting environment for applications
Online storage

IaaS
The background of IaaS can be found in the merger between IT
and Telecom infrastructure and services in the past decade
Key characteristics:
Dynamic scaling
Desktop virtualization
Policy-based services
Examples of IaaS are hosting services supporting e-commerce,
web hosting services that include broadband connections and
storage.

Questions:
What are the deployment models in a cloud?

Rapid Elasticity is a essential characteristic of Cloud.

True/False

Gmail would be SaaS, PaaS or IaaS?

Multiple organizations pooling resources together to create a

cloud is what model?

1.2

THE EVOLUTION TOWARD

CLOUD COMPUTING

Overview of the Evolution of Cloud Computing

Historic timeline
Contributing factors to the existence of the Cloud
The development of the Internet
The move from Mainframe computing to the present day
myriad of personal devices with connection to the Internet.
The development of computer networks
Time-line
Mainframe computers and terminals
Decentralized mini computers with terminals
Micro computers (PC) connected to a LAN with terminal
emulation
Client-server architecture
Any device connected to the internet

Minicomputers

Easier to purchase
Smaller
Cheaper
First specialized, later
multi-tasking
Development of LAN

From Microcomputer to PC

Smaller, smaller, smaller

Single user > multi user
Limited memory and
storage > limitless
Elementary operating
system > multi OS

Local Area Networking

Network and Servers

Service forms
Dial-up with modem
Dedicated leased-line

Uses
Dedicated terminal
Access to time sharing
services
Special services on
intelligent devices:
Terminal server (remote
access)
Batch processing (job entry)

The role of the Internet

Initial vision: Intergalactic Computer Network (Licklider, 1963)
ARPANET (Advanced Research Projects Agency Network,
owned by the US Department of Defense, 1998)
One protocol: the TCP/IP protocol (1983)
One global and public network
Internet services: www, ftp, smtp, http,

Virtualization
Not NEW!
Exists since the 1970s in mainframe environments

Example: 1972 IBM VM/370

Virtualization
Concept of the cloud: virtualized operating environment & thin
clients; Web-based delivery
Virtualization is the solution for integration of:
Internet
Storage
Processing power
Key Features are:
Multiplies the use of high performance computers
Puts extra/excess capacity to use
Multi tenancy

Five types of virtualization

Access virtualization (access from any device)
Application virtualization (platform and operating system
independent)
Processing virtualization (one system becomes many)
Network virtualization (enables artificial views of the network)
Storage virtualization (enables sharing, concealing, etc.)

Types of Virtualization in Private Cloud

Full Virtualization

Paravirtualization

Full Virtualization
Complete simulation of underlying hardware.
Full virtualization requires that every salient feature of the
hardware be reflected into one of several virtual machines
including the full instruction set, input/output operations,
interrupts, memory access, and whatever other elements are
used by the software that runs on the bare machine, and that is
intended to run in a virtual machine.
Operating system unaware of its virtualized status. Thinks itself
as an physical machine.

Paravirtualization
Paravirtualization is a virtualization technique that presents a
software interface to virtual machines that is similar but not
identical to that of the underlying hardware.
The intent of the modified interface is to reduce the portion of
the guest's execution time spent performing operations which
are substantially more difficult to run in a virtual environment
compared to a non-virtualized environment. The
paravirtualization provides specially defined 'hooks' to allow the
guest(s) and host to request and acknowledge these tasks,
which would otherwise be executed in the virtual domain (where
execution performance is worse).

Difference between Full and Paravirtualization.

Full Virtualization : System unaware of its virtualized status. All
system calls executed in virtual machines thus delaying
execution of realtime processes.
Realtime processes require to be directly executed on hardware.
Hypervisor layer denies this, thus delaying execution.

Difference between Full and Paravirtualization.

Paravirtualization: Operating system aware of its virtualized
status.
Realtime processes allowed to directly execute on the hardware
thus causing no delay.
Eg. Of software requiring paravirtualization: Medical equipment
software, defense industry and space programmes, stock
related software etc.

Operating systems running on Full Virtualization

Microsoft Server 2008 R2 with Hyper-v (GUI)
Microsoft Hyper-V server 2008 R2 (Non-GUI)
Vmware Esx and Esxi
These operating systems now offer partial paravirtualization for
particular devices.

Operating system running on Paravirtualization

Citrix Xenserver
Citrix XenServer is a complete, managed server virtualization
platform built on the powerful Xen hypervisor. Xen technology is
widely acknowledged as the fastest and most secure
virtualization software in the industry. XenServer is designed for
efficient management of Windows and Linux virtual servers
and delivers cost-effective server consolidation and business
continuity.

Managed Services in the Cloud

Managed Services
Advantages:
Accessibility everywhere
Shift of focus from IT to core business
No need for highly trained IT staff
Key Issues:

Performance
Compliance
Contingency

Questions
What is Virtualization?

Types of Virtualization?

Some system calls bypass the hypervisor and gain direct access
to hardware, what type is virtualization is this?
Virtualizations is an integral part of Cloud.
True or False?

1.3 History of Cloud

History and The making of the Cloud

Cloud is nothing but the repackaging of various existing
concepts/technologies.
Some aspects of Cloud Computing are now new.
Virtualization has existed since the 1960s
SaaS has existed since the invention of the internet.

Technologies
Grid Computing
Multiple computers across various domains involved in
solving a single problem. Example SETI
Utility Computing
Packaging of computing resources, such as processing,
storage and services as a metered service
Cluster Computing
Load balancing
Virtualization
Decoupling hardware and software.

Cloud Evolution

Examples of Cloud Providers

Public Cloud Providers:
Amazon Web Services (AWS)
Elastic Cloud Compute (EC2)
Simple Storage Service (S3)
Google Apps
PaaS where multiple software for daily and work routines is
offered.
Google Docs
Google Drive
Calender etc.

Examples Contd.
Microsoft
Windows Azure
Microsoft SQL Services
Microsoft .NET Services
Live Services
Microsoft Sharepoint
Microsoft Office 365
SkyDrive Pro

Services by Microsoft Azure

Web Sites
Virtual Machines
Mobile Services
Cloud Services
Big Data
Media

Big Data
Microsoft has been doing Big Data long before it was megatrend in the market: At Bing we analyze over 100 petabytes of
data to deliver high quality search results. More broadly,
Microsoft provides a range of solutions to help customers
address big data challenges. Our family of data warehouse
solutions from Microsoft SQL Server 2008 R2, SQL Server
Fast Track Data Warehouse, Business Data Warehouse and
SQL Server 2008 R2 Parallel Data Warehouse offer a robust
and scalable platform for storing and analyzing data in a
traditional data warehouse. Parallel Data Warehouse (PDW)
offers customers: Enterprise-class performance that handles
massive volumes to over 600 TB. We also provide LINQ to HPC
(High Performance Computing) a distributed runtime and a
programming model for technical computing.

Big Data

In addition to their traditional capabilities mentioned above,

Microsoft is embracing Apache HadoopTM as part of an end to
end roadmap to deliver on our vision of providing business
insights to all users by activating new types of data of any size.

Examples contd.
Salesforce:
Salesforce.com is the enterprise cloud computing company that
is leading the shift to the Social Enterprise.
Their cloud platform and apps especially their CRM (Customer
Relationship Management) solutions are widely popular across
the world specially in America.

Products offerred by Salesforce:

Sales Cloud
Service Cloud
Desk.com
Chatter
Radian6
Force.com Platform
Heroku
Database.com
Pricing and Editions
AppExchange
Remedyforce

Sales Cloud
Sales Cloud further offers services like: (and many more)
Chatter Connect with people in your company to get the info
you need in real time so you can focus on selling.
Accounts and contacts Everything you need to know about your
customers and prospectsall in one place.
Data.com Reach the right people, zero in on targets, and plan
territories with highly accurate account and contact data.
Analytics and forecasting Easily view and share business
insights in real time to keep your numbers on track and your
forecast accurate

Service Cloud

With the Service Cloud you can meet customers wherever they
are -- including social networks such as Facebook and Twitter.
Your agents also benefit from employee social networks that
help them work together like never before. And because you get
all the features a social contact center needs, your customers
experience amazing service on any channel.

Grid Computing
Grid computing is a term referring to the federation of computer
resources from multiple administrative domains to reach a
common goal. The grid can be thought of as a distributed
system with non-interactive workloads that involve a large
number of files.
Key Concept: Resource sharing.
Multiple computers across multiple domains assigned to
complete one processor intensive task.

Utility Computing
Utility computing is the packaging of computing resources, such
as computation, storage and services, as a metered service. This
model has the advantage of a low or no initial cost to acquire
computer resources; instead, computational resources are
essentially rented.
Originally, time-sharing access to mainframe (1960s)
Rediscovered in late 1990s as alternative to building and running your
own datacenter build large datacenter and rent access to customers
Sun, IBM, HP, Intel, and many others built datacenters and rented
access to servers
1990s usage model:
Long legal negotiations with strong service guarantees
Long-term contracts (monthly/yearly)
Approx. $1/hour pricing per physical computer
Overall, this model was not commercially viable!

Utility Computing
Computing may someday be organized as a public utility - John
McCarthy, MIT Centennial in 1961
Huge computational and storage capabilities available from utilities
Metered billing (pay for what you use)
Simple to use interface to access the capability (e.g., plugging into an
outlet)

61

Virtualization

Virtualization technology is revolutionizing the computer

industry by lowering capital and operational costs, providing
higher service availability, and providing new data protection
mechanisms.

What is Virtualization
Virtualization is the creation of a virtual (rather than actual)
version of something, such as an operating system, a server, a
storage device or network resources
Virtualization is a technique for hiding the physical of
computing resources to simplify the way in which other systems,
applications, or end users interact with those resources.
Virtualization lets a single physical resource (such as a server,
an operating system, an application, or storage device) appear
as multiple logical resources
or
Making multiple physical resources (such as storage devices or
servers) appear as a single logical resource

What is Virtualization
Virtualization is a technology that transforms hardware into
software.
Virtualization allows you to run multiple operating systems as
virtual machines on a single computer
Copy of an O.S is installed into each virtual machine.

Virtualization is not
Simulation
Emulation

Todays IT Challenges
What this Equates to Today:

Continued Server
Power, space and cooling costs represent one of the largest IT
budget line items
One-application-per-server approach leads to complexity and
high costs of equipment and administration

Low Server Utilization Rates

Result in excessive acquisition and maintenance costs

Typical Dev/Test Infrastructure is an IT Headache

Server under desks, in closets

Aging, cast-off hardware
Dirty systems inability to maintain clean state
Users and IT bogged down in provisioning requests
Release management is resource intensive and error-prone

Virtualization is the Key

Apply Virtualization Concepts to Intel / AMD Servers:

Use virtualization software to partition an Intel / AMD server to

work with several operating system and application instances
Oracle

SQL

Application Servers

Email

File

Print

DNS

Domain

Virtual Hardware

Virtualization Basics

System without
Virtualization Software

System with
Virtualization Software

Cloud Enabling Technology: Virtualization

Traditional and Virtualized stack

App

App

App

App

App

App

OS

OS

OS

Operating System

Hypervisor

Hardware

Hardware

Traditional Stack

Virtualized Stack

Virtualization Basics
Before Virtualization:
Single OS image per machine
Software and hardware tightly coupled
Running multiple applications on same machine often creates
conflict
Underutilized resources
Inflexible and costly infrastructure

Virtualization Basics
After Virtualization:
Hardware-independence of operating system and applications
Virtual machines can be provisioned to any system
Can manage OS and application as a single unit by encapsulating
them into virtual machines

Server Virtualization Architectures

The Hypervisor
Virtualization as the Operating System
Virtualization with a host Operating System

The Hypervisor
AKA: Virtual Machine Monitor (VMM)
The foundation of virtualization
Interfaces with hardware
Replace the operating system
Intercept system calls
Operate with the operating system
Hardware isolation
Multi-environment protection

Questions
Resource pooling of multiple computers to process one task is
an example of _________ computing.

Metered service is a concept of ________ computing.

Creation of a virtual rather than real version of something is

known as __________?

What is the Hypervisor?

1.4

CLOUD COMPUTING
ARCHITECTURES

Overview of Cloud Computing Architectures

Cloud Computing Architectures

Multipurpose Architecture
Key Characteristics
Virtualization
Multi-tiered
Interoperable layers
Open standards

Server Virtualization Architectures

Virtualization as the Operating System
Virtualization with a host Operating System

Virtualization as the Operating System

Application
Programs

Application
Programs

Application
Programs

Guest Operating
System

Guest Operating
System

Guest Operating
System

Hypervisor
Virtual Operating Environment
Hardware

In this type of virtualization the hypervisor is the separating layer

between guest operating systems and the hardware.

Virtualization with a Host Operating System

Application
Programs

Application
Programs

Application
Programs

Guest Operating
System

Guest Operating
System

Guest Operating
System

Hypervisor
Virtualization Layer
Host Operating System
Hardware

In this type of virtualization a host operating system is used

as the first tier of access control.

Tiered Architecture

Multi -tenancy Architecture

Rationale:
a large number of users, basically multi tenants, makes the

cloud platform most efficient in terms of usability of the

application and Do More With Less Resources.' (Rajan

2011).
Key element (&issue) is Security
Security needs to be ensured at all levels of the infrastructure
Examples:
Salesforce.com: a SaaS-based CRM application for various
businesses using common framework and multi tenancy
model
Microsoft Dynamics CRM Online offering
Multi-Tenancy IaaS/PaaS offerings from Amazon or IBM or
Microsoft Azure

Service-Oriented Architectures
Service-Oriented Architecture (SOA)
an architectural style that supports service orientation.
Service orientation
a way of thinking in terms of services and service-based
development and the outcomes of services.
Service
Is a logical representation of a repeatable business activity
that has a specified outcome (e.g., check customer credit;
provide weather data, consolidate drilling reports)
is self-contained
may be composed of other services
a black box to consumers of the service

Source: Cloud working group, The Open Group.

Cloud and SOA

Question: (Paul Krill)
Can we build a datacenter infrastructure on SOA principles?
Answer: (Gerry Cuomo)
Yes, and that's the cloud, so it's a service-oriented
infrastructure, It's taking that architectural principle of SOA
and applying it to an infrastructure.

The cloud-SOA connection (Krill, 2009)

A service-oriented architecture is basically a collection of

services that communicate with each other.
Connecting these services in many cases involves Web services
using XML
No Cloud without SOA!

Service Oriented Architecture Criteria

In order to implement SOA, the architecture must meet the
following criteria:
Services that are able to communicate with each other
A well understood interface
A message-oriented communication process

Questions
A Hypervisor sitting directly on top of the hardware layer is
called ______?

Multiple persons connecting to a single instance of an

application is _________?

What is SOA?

1.5

BENEFITS AND LIMITATIONS

OF CLOUD COMPUTING

Overview of the Drivers & Limitations

Main benefits of Cloud computing

Reduced Cost (the pay-per-use, economics of scale)
Automated (updates, security patches, backups,)
On demand (Flexibility + Scalability = Elasticity)
More Mobility (accessible from any web enabled device)
Shared Resources (multi-tenancy)
Back to core business
More for less

Cloud Computing Limitations

Internet access (no internet = no Cloud)
Security (how do you know?)
Privacy (what legislation or regulations?)
Vendor lock-in (application migration may be impossible)

Plus or Minus
Service Level Agreement
Do the clauses support your business?
If so it is a plus!
(customer responsibility; it takes two to tango!)

2. Implementing and Managing Cloud Computing

Contents for Module 2

2.1 Building A Local Cloud Environment

2.2 The Principles of Managed Cloud Services

Overview of Implementing and Managing Cloud

Computing

2.1

BUILDING A LOCAL CLOUD

ENVIRONMENT

Overview of Local Cloud Environment

Why own a local Cloud environment

Private intranet becomes a private Cloud
Investment in existing infrastructure
Integration of legacy applications
Controlled by the own organization
Complete control
Internal Security

Main Components and their interconnection

Main hardware components

Baseline examples:
Local Area Network (LAN)
Switches, routers etc.
Blade server array (on which can run)
Database servers, application servers, web servers, etc.
User workstations
This client, PC, mobile devices
Storage
Storage Area Network (SAN)
Network Attached Storage (NAS)
Load balancer

Main software components

Baseline examples:
Virtualization software
Cloud based application software
CRM, ERP, Financial, etc.
Database software
Middleware
Operating systems
Proprietory or Open Source

Architectural considerations (general)

Standard building blocks
Protocols
Vendor independent
Location independent
Security and Service Continuity
Multiple sites
Backup mechanisms
Data storage replication
High security components like firewalls, a DMZ and internet
security software

Architectural considerations: Connection

requirements
Speed
Capacity
Availability (access at any time, from any place and from any
device)
Secure inter-/intranet based access
VPN

Virtual Private Network access

The key benefits of using a VPN are:
Remote secure connectivity
Cheaper than private or rented connections
More mobility for employees
Architectural considerations
IP-tunneling
TCP/IP protocol
Security
Encryption
Authentication (AAA)

Risks of connecting a local Cloud Network to the

Public Internet
Are companies really willing to risk having all their information,

data, privacy, and software handled in a virtual clouda place

where they're most susceptible to hack attacks and cyber
invasions?source:www.secpoint.com

Issues:
Provider responsibility:
Security of data
Privacy of data

The customers responsibility:

Check for compliance (legislation, regulations,
International standards)
With who do I share the Cloud?

Data Protection and Partitioning

Wall between data from different clients
Zoning
Hidden storage
Protection across operating systems and virtual servers

2.2

THE PRINCIPLES OF
MANAGING CLOUD SERVICES

IT Service Management Principles in a Cloud

Environment
Outsourcing to the Cloud means that the provider needs to
be in control of the complete supply chain.
Key areas of control:
IT-governance; the customer needs to remain in control
over his/her business processes
Business-IT alignment; the customer needs to make sure
that the Cloud IT processes support his/het business in the
short and long term

IT Governance
The following elements need to be in place:
Good Service Level Management
Different requirements for the different Cloud models
Reporting system
Clear SLAs with SMART performance criteria

Proper audit standards and internal audit mechanisms

Provider:
ISO/IEC 20000:2011 (Service Management)
ISO/IEC 27001, 2 (Information Security)
Customer:
Cobit4.1 or ISO/IEC 38500:2008 (corporate governance of
IT)

Managing Service Levels in a Cloud Environment

ISO/IEC 20000:2011 quality specifications
Component

Consisting of

Information
System

Support

Purpose

Quality
specifications

People
Processes
Technology
Partners

To manage
information

Changes,
system
restoration in
case of failure
Maintenance

To ensure
performance
according to the
agreed
requirements

Availability
Capacity
Performance
Security
Scalability
Adjustability
Portability

ISO/IEC 20000:2011 Processes

The provider needs to conform to the process requirements
Process group

Process

Service delivery processes

Service Level Management

Service Reporting
Service Continuity and Availability
Management
Budgeting and Accounting for Services
Capacity Management
Information Security Management

Relationship processes

Business Relationship Management

Supplier Management

Control processes

Configuration Management
Change Management

Resolution processes

Incident Management
Problem Management
Release and Deployment Management

Release process

And its staff need to be familiar with the processes and adhere
to the procedures and instructions!

Questions to ask from the Cloud provider

How are audits performed?
Where are the servers located, and which legislation applies to
the data?
What are the provisions when a service changes or ends
(service life cycle and end of life)?
What are the provisions if we want to migrate to another
provider (contract life cycle and end of life)?

Questions
What are the main components of a local cloud environment?

What are the elements that need to be in place in IT

Governnce?

What are the architectural considerations?

3. Using the Cloud

Contents for Module 3

3.1 Accessing the Cloud

3.2 How Cloud Computing can Support Business Processes

3.3 Service Providers Using the Cloud

3.1 Overview of Accessing the Cloud

Accessing Web applications through a Web

Browser
Basic ingredients:
- any web enabled device
- PC, laptop, tablet, smart phone, thin client

- Internet browser
- Internet connection
- Provider, IP-address

- Cloud based application

- SaaS solution

Mind youno Internet = no Cloud!

Cloud Web Access Architecture

Basic ingredients:
Standard protocols (for each ISO-OSI layer)
Web enabled device
PC
Laptop
Tablet
Smart phone
And (revival of the computer terminal) Thin Client
Internet access

The Internet
The Internet is a global system of interconnected computer
networks that use the standard Internet protocol suite (TCP/IP) to
serve billions of users worldwide (Wikipedia)
Uses the standard IP Suite.
Extended version of the LAN.

Understanding open standards for the Cloud: the

OSI model

Copyright & source: http://www.lrgnetworks.com

Examples of standard protocols

HTTP
VT
RTSE
API-sockets
TCP and IP
SSL
Ethernet,
IEEE 802.3,
10BASE-T

The use of a thin Client

A simple network enabled computer
No moving parts like a hard disk or DVD drive
Boots from the network
Benefits:
Lower costs; initial price and running costs
Simple; no moving parts
Better for the environment; they produce less heat and need
less cooling, sometimes not even a fan
Heightened security; booting from the network with controlled
access, no local data, etc.
Less chance of user errors

Categories of Web applications for everyone

Google Gmail
Yahoo Mail
Twitter
Zimbra
Salesforce
Dropbox
Skype
..

Categories of Web applications for business

Customer Relationship
Management (CRM)
Enterprise Resource
Planning (ERP)
HR solutions
IT Service Management
Finance and accounting
Web design and
management

Email (professional)
Webmail
Office suites
E-Business
Online Storage
Collaboration
Video conferencing

Overview of the Use of Mobile Devices in

Accessing the Cloud

Mobile Web Enabled Devices

Tablet
Smart phone
Platforms:
Apple iPhone
Google Android
Blackberry
Windows phone
+ interoperability between different cellphone networks
- no/low interoperability between platforms

Questions
Thin clients are thin because?

Gmail, Hotmail, Yahoo mail are examples of?

HTTP, SSL, TLS etc are examples of?

Typical Solutions for Mobile Devices

Text messaging
E-mail
Apps
Navigation
Streaming radio
TV
Internet browser
And . Anything you
can imagine (or not)

3.2

HOW CLOUD COMPUTING

CAN SUPPORT BUSINESS
PROCESSES

Impact of Cloud Computing on primary business

processes
Primary processes are Purchasing, Sales, Manufacturing,
Advertising and Marketing
Contribution of public or hybrid cloud computing for example:
Purchasing and Manufacturing
- Collaboration with suppliers: Exchange and sharing platforms
Sales, Advertising and Marketing
Interaction with potential customers and the market: social
media
Communication with customers: social media
Registration of customer contacts: CRM

Role of standard applications in collaboration

Social Media (also for business use!)
LinkedIN, Facebook, Twitter
Email/Webmail
Google Gmail, Yahoo Mail
Videoconferencing
Skype
File sharing
Dropbox
Sales and CRM
Salesforce

Application Example: Content Management Systems

Large numbers of people contribute and share stored data
Controlled access to data, based upon user roles
Easy storage and retrieval of data
Reduction of repetitive duplicate input
Easier report writing & communication between users: previous
versions are accessible
Access is location independent

3.3

SERVICE PROVIDERS USING

THE CLOUD

Impact on Relationship Vendor Customer

The relationship between provider and customer changes
Customer intimacy: running the customers business
Running the whole supply chain
Requirement to demonstrate performance and compliance
New and clear SLAs
Audit trail
Compliance to legislation, regulations and international
audit standards

Benefits and Risks of providing Cloud based

Services
Benefits: business opportunities
- New lease of life for old data centers (IaaS)
- Better use of resources because of multi-tenancy
- Economics of scale
- Quickly develop and run applications in the same environment (PaaS)
Risks: challenges
- Compliance
- Standards, legislation and regulations
- Performance
- Availability, capacity, flexibility, scalability
- Security
- Privacy

4. Security and Compliance

Content for Module 4

4.1 Security Risks and Mitigating Measures

4.2 Managing Identity and Privacy

Overview of Security and Compliance

Is the Cloud safe?

Researchers find "massive" security flaws in cloud architectures
Amazon Web Services vulnerabilities were found and fixed, others are likely
susceptible. By Tim Greene, Network World (October 26, 2011)

. This will not happen to us !....

Recent Breaches Spur New Thinking On Cloud Security
Cloud providers might be attractive targets for attackers, but liability can't be
outsourced, experts say. By Robert Lemos, www.darkreading.com (May 02, 2011)

. Or can it happen to us?....

4.1

SECURITY RISKS AND

MITIGATING MEASURES

Security risks in the Cloud

Data loss/leakage
Shared technology vulnerabilities
Insecure application interfaces
Malicious insiders
Abuse and nefarious use of Cloud computing
Unknown risk profile and account
Account, service and traffic hijacking
Copyright & Source: Cloud Security Alliance (CSA), paper: Cloud Security Alliance Top Threats to

Cloud Computing Version 1.0 (2010)

Measures mitigating Security Risks

Risk:
Data loss/leakage
Shared technology
vulnerabilities
Insecure application interfaces
Malicious insiders
Abuse and nefarious use of
Cloud computing
Unknown risk profile and
account
Account, service and traffic
hijacking

Mitigation:
Authentication, audit, etc.
Operations procedures, operational
security practices, etc.
Design for security, etc.
Staff vetting, etc.
Validation of credentials, active
monitoring of traffic, etc.
Good SLAs and audit
Strong authentication, active
monitoring, etc.

Copyright & Source: Cloud Security Alliance

(CSA), paper: Cloud Security Alliance Top
Threats to Cloud Computing Version 1.0 (2010)

Security is generally perceived as a huge issue for

the cloud:
During a keynote speech to the Brookings Institution policy
forum, Cloud Computing for Business and Society, [Microsoft General
Counsel Brad] Smith also highlighted data from a survey
commissioned by Microsoft measuring attitudes on cloud computing
among business leaders and the general population.
The survey found that while 58 percent of the general
population and 86 percent of senior business leaders are excited about
the potential of cloud computing, more than
90 percent of these same people are concerned about the security,
access and privacy of their own data in
the cloud.

Another Data Point for Clouds and Security

Source: http://www.csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt
144
at slide 17

In Some Ways, "Cloud Computing Security"

Is No Different Than "Regular Security"
For example, many applications interface with end users via the web.
All the normal OWASP web security vulnerabilities
-- things like SQL injection, cross site scripting, cross site request
forgeries, etc., -- all of those vulnerabilities are just
as relevant to applications running on the cloud as they are to
applications running on conventional hosting.
Similarly, consider physical security. A data center full of servers
supporting cloud computing is internally and externally
indistinguishable from a data center full of "regular" servers. In each
case, it will be important for the data center to be physically secure
against unauthorized access or potential natural disasters, but there
are no special new physical security requirements which suddenly
appear simply because one of those facilities is supporting cloud
computing

The CIA Security Objectives

Confidentiality
No unauthorized access
Privacy and data protection
Encryption
Physical security
Integrity
Information is accurate and authentic
Availability
When needed, where needed by authorized users
5 nines standard: 99.999%

Bitbucket, DDoS'd Off The Air

Maintenance Induced Cascading Failures

Storage related failure

See http://www.engadget.com/2009/10/10/t-mobile-we-probably-lost-all-your-sidekick-data/
However, see also: Microsoft Confirms Data Recovery for Sidekick Users
http://www.microsoft.com/Presspass/press/2009/oct09/10-15sidekick.mspx

Natural Disaster Causing Power Failure

Mitigating Cloud Computing Availability Issues

Risk analysts will tell you that when you confront a risk, you can try to
eliminate the risk, you can mitigate/minimize the impact of the risk, or
you can simply accept the risk.
If you truly require non-stop availability, you can try using multiple
cloud providers, or you could use public and private cloud nodes to
improve redundancy.
Some cloud computing services also offer service divided into multiple
"regions." By deploying infrastructure in multiple regions, isolation from
"single-region-only" events (such as the power outage mentioned
previously) can be obtained.
Availability issues may also be able to be at least partially mitigated at
the application level by things like local caching.
Sometimes, though, it may simply make financial sense for you to just
accept the risk of a rare and brief outage. (Remember, 99.99
availability==> 52+ minutes downtime/yr)

Mitigating Data Loss Risks

The risk of data loss (as in the T-Mobile Sidekick case) is an exception
to the availability discussion on the preceding slide. Users may be able
to tolerate an occasional service interrup-tion, but non-recoverable
data losses can kill a business.
Most cloud computing services use distributed and replicated global
file systems which are designed to insure that hardware failures (or
even loss of an entire data center) will not result in any permanent data
loss, but I believe there is still value in doing a traditional off site
backup of one's data, whether that data is in use by traditional servers
or cloud computing servers.
When looking for solutions, make sure you find ones that backs up
data FROM the cloud (many backup solutions are meant to backup
local data TO the cloud!)

Cloud Computing And Perimeter Security

There may be a misconception that cloud computing resources can't
be sheltered behind a firewall (see for example "HP's Hurd: Cloud
computing has its limits (especially when you face 1,000 attacks a
day)," Oct 20th, 2009, http://blogs.zdnet.com/BTL/?p=26247 )
Contrast that with "Amazon Web Services: Overview of Security
Processes". AWS has a mandatory inbound firewall configured in a
default deny mode, and customers must explicitly open ports inbound

Security within Amazon EC2 is provided on multiple levels: The

operating system (OS) of the host system, the virtual instance
operating system or guest OS, a stateful firewall and signed API
calls. Each of these items builds on the capabilities of the
others. The goal is to ensure that data contained within Amazon
EC2 cannot be intercepted by non-authorized systems or users
and that Amazon EC2 instances themselves are as secure as
possible without sacrificing the flexibility in configuration that
customers demand.

Cloud Computing & Host-Based Intrusion Detection

Choosing cloud computing does not necessarily mean forgoing your
ability to monitor systems for hostile activity.
One example of a tool that can help with this task is OSSEC (the Open
Source Host-Based Intrusion Detection System), an IDS which
supports virtualized environments:

Cloud Computing Also Relies

on the Security of Virtualization
Because cloud computing is built on top of virtualization, if there are
security issues with virtualization, then there will also security issues
with cloud computing.
For example, could someone escape from a guest virtual machine
instance to the host OS? While the community has traditionally been
somewhat skeptical of this possibility, that changed with Blackhat USA
2009, where Kostya Kortchinsky of Immunity Inc. presented
"Cloudburst: A VMware Guest to Host Escape Story", see
http://www.blackhat.com/presentations/bh-usa09/KORTCHINSKY/BHUSA09-Kortchinsky-Cloudburst-PAPER.pdf
Kostya opined: "VMware isn't an additional security layer, it's just
another layer to find bugs in" [put another way, running a virtualization
product increases the attack surface]

What was the Cloudburst Report

This report presents the results of an auditing work carried out
against VMware virtualization products in an attempt to find a
way to execute code on the host from the guest.
The following is mostly focusing on the virtualized video device
VMware SVGA II which happened to offer all the features
needed to reliably execute code even on hosts with address
space randomization and nonexecutable pages.

Cloudburst Report cntd

The VMware SVGA II device is a virtualized PCI Display
Adapter encountered in virtual machines run within any of the
VMware products: Vmware Workstation, VMware Server,
VMware ESX and so on.
This device has a PCI Vendor ID of 0x15ad and a PCI Product
ID of 0x0405. It replaced a while ago an older device VMware
SVGA that had a PCI Product ID of 0x0710.
This SVGA compatible controller is emulated on the host, and
carries the graphical operations requested by the guest.

Choice of Cloud Provider

Cloud computing is a form of outsourcing, and you need a high level of
trust in the entities you'll be partnering with.
It may seem daunting at first to realize that your application depends
(critically!) on the trustworthiness of your cloud providers, but this is not
really anything new -- today, even if you're not using the cloud, you
already rely on and trust:
-- network service providers,
-- hardware vendors,
-- software vendors,
-- service providers,
-- data sources, etc.
Your cloud provider will be just one more entity on that list.

Security layers in the Cloud

Security Issues across Layers in Cloud

Provider Tenant Responsibility Matrix

Hypervisor Virus
Along with the Cloudburst exploit users are also worried about
viruses affecting their systems.
If using a bare metal installation of either Hyper-V or Vmware is
still secure but if one is using a host OS based hypervisor then
security is compromised.
Not all regular viruses will infect the hypervisor layer but since
cloud is a attraction for hackers they will develop more viruses
sooner or later.

Hypervisor Viruses
Again is your VMs are inter networked and shared folders
enabled this can spread regular viruses over the network as
well.
Most virus companies are coming up with antivirus programs
that work well with virtualized environments to help stop this
threat.

Crisis Malware
Symantec researchers revealed that the Crisis malware is not
limited to attacking Mac machines, but has the ability to infect
devices running Windows and Windows Mobile, as well as
VMware virtual machines.
Unlike the majority of other malware that terminates itself when
it detects a VMware virtual machine image on the compromised
computer in order to avoid being analyzed, this one mounts the
image and then copies itself onto the image by using a VMware
Player tool.

What is Crisis Malware

Crisis, also known as Morcut, is a rootkit which infects both
Windows and Mac OS X machines using a fake Adobe Flash
Player installer. Discovered in July, the trojan OSX.Crisis targets
Windows and Mac OS users and is able to record Skype
conversations, capture traffic from instant messaging, and track
websites visited in Firefox or Safari.
However, it has now come to light that the malware can be
spread in four different environments -- including virtual
machines.

Crisis Malware Contd

It is spread through "social engineering attacks" -- in other
words, it tricks a user into running a Java applet Flash installer,
detects the operating system, and runs the suitable trojan
installer through a JAR file. Both released .exe files open a back
door, compromising the computer.
Originally, it was believed the malware could only spread on
these two operating systems. However, Symantec has found a
number of additional means of replication. One method is the
ability to copy itself and create an autorun.inf file to a removable
disk drive, another is to insinuate itself onto a VMware virtual
machine, and the final way is to drop modules onto a Windows
Mobile device.

Crisis Malware Contd.

This is the first time malware targeting virtual machines has
been exposed, but Symantec insists that this is not due to
security loopholes or vulnerabilities in the VMware software itself
being exploited, but rather the Crisis trojan takes advantage of
the form -- namely that the VM is nothing more than one or more
files on the disk of a machine. Even if the virtual machine is not
running, these files can still be mounted or manipulated by
malicious code.
"Many threats will terminate themselves when they find a virtual
machine monitoring application, such as VMware, to avoid being
analyzed, so this may be the next leap forward for malware
authors," Katsuki writes.

Blue Pill

Blue Pill is the codename for a rootkit based on x86

virtualization. Blue Pill originally required AMD-V (Pacifica)
virtualization support, but was later ported to support Intel VT-x
as well. It was designed by Joanna Rutkowska and originally
demonstrated at the Black Hat Briefings on August 3, 2006, with
a reference implementation for the Microsoft Windows Vista
kernel.

Blue Pill

The Blue Pill concept is to trap a running instance of the

operating system by starting a thin hypervisor and virtualizing
the rest of the machine under it. The previous operating system
would still maintain its existing references to all devices and
files, but nearly anything, including hardware interrupts, requests
for data and even the system time could be intercepted (and a
fake response sent) by the hypervisor. The original concept of
Blue Pill was published by another researcher at IEEE Oakland
on May 2006, under the name VMBR.

Blue Pill

Joanna Rutkowska claims that, since any detection program

could be fooled by the hypervisor, such a system could be
"100% undetectable". Since AMD virtualization is seamless by
design, a virtualized guest is not supposed to be able to query
whether it is a guest or not. Therefore, the only way Blue Pill
could be detected is if the virtualization implementation were not
functioning as specified.

Best practices to prevent malware infection

Isolating the management interfaces of, and connections to the

hypervisor to only the systems that need access, not running untrusted code on the hypervisor , such as software not provided
by the hypervisor vendor and keeping the hypervisor software
up to date. This excludes any security measures that should be
taken on the guest OSes on the virtual infrastructure to ensure
the guests cannot be used to attack the hypervisor.

Researchers develop malware detection for

hypervisor security
Researchers at North Carolina State University and IBM are
developing software to protect virtual environments by focusing
on threat detection in the hypervisor, a feat that up until now has
been nearly impossible.
Called HyperSentry, the software measures the integrity of
hypervisors in runtime. Peng Ning, professor of computer
science in the College of Engineering at NC State and co-author
of a paper describing the HyperSentry research, said the goal is
to better protect virtual environments by focusing on detecting
malware that can bypass traditional security technologies.

Hypervisor Security Contd

The hypervisor or virtual machine manager is the brains of a
virtual machine and manages the sharing of hardware between
multiple guest systems. Initially, the code-base of hypervisors
had been small and seen as relatively secure, but the code-base
has been increasing to support more systems and as a result
there have been increased vulnerabilities, Ning said. Threats
against the hypervisor have been theoretical. Some security
researchers have demonstrated ways attackers can defeat the
hypervisor, creating a backdoor to gain control of the guest
machines.

Hypervisor Security Contd

The software resides in the memory in the platform
management interface of a server and uses the system
management mode of the processor. An agent that remains
undetectable is used to examine the hypervisor. It inspects the
program memory and the registers inside the CPU for any
anomalies that could be malware. If anything out of the ordinary
is detected, the software sends an alert to an IT administrator.
"It looks at the code of the hypervisor to see if any part of the
software has been changed," Ning said. "It also looks to see if
the hypervisor has enforced isolation between different virtual
machines as it should have."

Hypervisor Security Contd

The HyperSentry software runs on existing hardware and
firmware and remains isolated from the hypervisor, Ning said.
This keeps a compromised hypervisor from detecting the
software's measuring process, he said.

Questions
Confidentiality, Integrity and __________?

Cloud Computing also relies on the security of Virtualization.

True or False.

What is Cloudburst?

What are Hypervisor Viruses?

4.2

MANAGING IDENTITY AND

PRIVACY

Overview of Managing identity and privacy

Authentication
Non-Cloud authentication
Simple authentication using user-id and password
Active directory authentication
Using your active directory account credentials
Uses Kerberos protocol (no transmission of readable data)

Authentication in the Cloud

Active directory authentication (Vmware plays the role of the
domain controller and/or security server)
LDAP (Lightweight Directory Access Protocol) or Kerberos

Triple-A Authentication
Authentication
Triple identification, what/who you
Know (password)
Have (token/smart card)
Are (fingerprint or retina scan)

Authorization
leveled
Accountability
periodic logs & audit data

Main aspects of Identity Management

Typical characteristics of an Identity Management system are:
Role management; IT implementation of a business role.
Role hierarchy; a representation of an organization chart.
Separation of duties.
Group management; permissions are not given to people but
to roles.
Self-service functions.
Password synchronization.
Digital Identity; presence and location determine available
services and capabilities.

Single Sign On (SSO) for web services

Problem: Security infrastructure in the Cloud is distributed
Solution: Single Sign On (SSO)
All distributed elements consolidated on a SSO-server
Credentials are offered by AD-account, token or smart card
Uses SOAP protocol

Privacy, compliance issues and safeguards in

Cloud computing
Issues:
Handling of Personal Identifiable Information (PII)
Compliance to international privacy legislation and
regulations
Safeguards
Effective Access Control and Audit
Secure Cloud Storage
Secure Network Infrastructure

Personal Identifiable Information (PII)

Forms of identification: SSN, passport, fingerprints

Occupational: job title, company name
Financial: bank numbers, credit records
Health care: insurance, genetic
Online activity: log-ins
Demographic: ethnicity
Contact: phone, e-mail

International Privacy/Compliance

USA: the Privacy Act 1974, federal laws HIPAA & GLBA and
Safe harbor
Japan: Personal Information Protection Law and Law for
Protection of Computer Processed Data Held by Administrative
Organs (1988)
Canada: PIPEDA (Personal Information Protection and
Electronic Data Act 2008) and Privacy Act (1983)
EU: Laws and privacy standards of the member countries, EU
Internet Privacy Law (DIRECTIVE 2002/58/EC, 2002) and EU
Data Protection Directive (1998)

Safeguards
Effective Access Control and Audit
Single Sign On (SSO)
Strong authentication: password & biometric
measure
Review on audit logs
Secure Cloud Storage
Encryption
Integrity by mechanisms as hashing
Secure Network Infrastructure
Encryption protocols against leakage
Integrity protocols (digital signatures) against modification
Consult a lawyer, specialized in international legislation
Know where (which country) your data is

Questions
Triple-A stands for?

What is PII?

What are the Safeguards for Identity Management?

5.0

THE BUSINESS CASE

Contents for Module 5

5.0 The Business Case

5.1 Legal Issues
5.2 Cloud Integration and Green IT
5.3 Evaluating Implementations
5.4 Case Studies

The business case for Cloud computing

Business drivers
Flexibility
Time to market (TTM)
Costs
TCO
Capex vs. Opex
TCAO
Service Level Agreements (SLA)
Performance, Security, Availability, Scalability,
Architecture
Integration (PaaS), migration
Green(er) computing

Compelling feature: quicker time-to-market

But
Can the cloud provide the resources faster than when hosted
locally in your company?
What do we give up?
What do we gain?
Is your organization willing to compromise?
Are the organization, employees, IT staff, other interested
parties willing to make the change without delay?

TCO and all that stuff

Statement: going the Cloud way lowers your TCO of IT
Is this true or are you just redistributing costs?
Capital costs are lowered significantly, but are replaced by
subscriptions, pay-per-use, expensive support contracts, etc.
(Capex becomes Opex)
We need to compare what we are paying now to the Cloud
scenario
Not only as a snap-shot, bu also as a long term video

Example: Total cost of application ownership

(TCAO)
Server costs
Storage costs
Network costs
Backup and archive costs
Disaster recovery costs
Data center infrastructure costs
Platform costs
Software maintenance costs (package software)
Software maintenance costs (in-house software)
Help desk support costs
Operational support personnel costs
Infrastructure software costs

Operational and staffing benefits

Operational benefits (examples):
Managed services
Self-service (unmanaged services)
instant server deployment
software licensing without impact on Capex
uptimes are guaranteed
Backups as a service (always off-site)
Staffing benefits (examples):
Less IT staff (less wages to be paid)
Lower recruitment, HR and training costs
Lower employee benefits

5.1

Legal Issues

Legal Issues in Cloud Computing

Liability

Law

Compliance

Copyright

Data Portability

Law for Cloud Computing Service

Cloud computing service providers are intermediary as per
The IT Act, 2000

S2(1)(w)
"Intermediary" with respect to any particular
electronic records, means any person who on behalf of
another person receives, stores or transmits that record or
provides any service with respect to that record and
includes telecom service providers, network service
providers, internet service providers, web hosting service
providers, search engines, online payment sites, onlineauction sites, online market places and cyber cafes;

Compliance as per The IT Rules 2011

The intermediary shall observe following due diligence while
discharging his duties, namely :
(1) The intermediary shall publish the rules and regulations, privacy
policy and user agreement for access or usage of the intermediarys
computer resource by any person.
(2) Such rules and regulations, terms and conditions or user
agreement shall inform the users of computer resource not to host,
display, upload, modify, publish, transmit, update or share any
information that .
If such hosting reported action to be taken in 36 hours
FACTS :Drop Box , Rapid Share, Gmail Storage contains infinite pornography,
pirated s/w , songs etc

Compliance of Cloud Computing

Auditing requirements
Many contracts impose auditing possibilities that
include physical inspection how can these auditing
requirements be complied with when geographically
decentralized cloud services are used?
Applicable Law & competent court
If outside own country, any litigation can become
prohibitively expensive
What happens in case of bankruptcy of the
cloud computing service provider?

Indemnity Issues in Cloud Computing

We and our licensors shall not be responsible for
any service interruptions, including, without
limitation, power outages, system failures or other
interruptions, including those that affect the receipt,
processing, acceptance, completion or settlement of
any payment services. (...)
Neither we nor any of our licensors shall be liable to
you for any direct, indirect, incidental, special,
consequential or exemplary damages, including,
but not limited to, damages for loss of profits,
goodwill, use, data or other losses (...)

Who will indemnify the Customer or the user ?

Agreement Clauses in Cloud Service

You are utilizing a shared disk model and we cannot RISK the
chance your third party may interfere with other clients using the
same platform.

What happens to risk mitigation ?

Legal Liability of Cloud Providers

Including India, many jurisdictions, cloud providers can be held liable
for the illegal data they may be hosting

Escape Routes
no liability for services that consist of the storage of electronic
information under the condition that the provider has No knowledge or
awareness of illegal nature.
..and removes or blocks illegal data when it does
gain knowledge or become aware of illegal nature
Liability protection does not prevent so-called
injunctions, which can be as costly and timeconsuming

Loss Of Location in Cloud Computing

With Indian Investigation agencies, Loss of location is likely
to cripple cybercrime investigations at a very early stage.
The Budapest Convention on Cybercrime already features
a legal principle which overrules location as a legal
connecting factor: Consent. Article 32 of the Budapest
Convention states:
Article 32 Trans-border access to stored computer data
with consent or where publicly available
India not a Signatory to Convention on Cybercrime

Letter rogatory an option

A formal request from a local court to a foreign court for judicial
assistance
Most common remedies sought by letters rogatory are service of
process and taking of evidence.
The Interpol can take necessary follow up steps for this the local
police issues letters rogatory under the provisions of Section
166 A Cr PC.
Mainly confined to the USA.

Data Portability on Cloud

Who is really managing my companys sensitive information?
What are their internal security practices? How well do they
handle incident response?
How reliable is the infrastructure that provides the service?
Are they prone to service outages?
How can my service provider recover my cloud stuff?
What is H/W & S/W Portability of my DATA ?

Copyright Issues for Data on Cloud

Cloud storage as offered by Box.net and other providers like
Dropbox do offer some of the features of file sharing that a
recent court ruling found illegal.
RIAA v/s LimeWire.
(Recording Industry Association of America)
RIAA?? which took NAPSTER DOWN)

5.2

Cloud Integration & Green IT

It is easy being green

Cloud computing uses 91 percent less energy than traditional
on-premise applications. Nucleus evaluated Salesforce.coms
customer base and found that cloud computing drives more than
just significant financial savings: the effective sharing of
resources also generates a substantial green benefit. In the
case of salesforce.com, its customers saved the energy
equivalent of 11 barrels of oil every hour.
This is a significant savings considering this talks only of energy
and not other resources.

Green Data Centers

To help customers transform from traditional DCs to cloud data
centres, Huawei conducted in-depth research in new information
technologies like cloud computing, cloud storage, and
virtualization. Drawing upon practical experience from dozens of
cloud data centres around the world, Huawei developed a DC
solution featuring a flexible, mixed, and modular design
philosophy. The solution is used to build green DCs that adapt
to cloud computing for customers, to strike an optimal balance
between the total cost of ownership (TCO) and the DC's
availability, security, flexibility, and scalability.

Green Data Centers

Flexible: Dynamically adapting to cloud computing and
virtualization
The flexible DC solution can implement intelligent facilities
management, environment adaptive cooling, and cold-energy
dynamic adjustment, easily realize dynamic collaboration
between the infrastructure and these IT systems, and quickly
respond to the dynamic adjustment of IT resources by cloud
computing and virtualization. Compared with a traditional DC,
the green cloud DC dramatically improves energy efficiency,
effectively cuts operating cost, and reduces carbon emissions.

Green Data Centers

Mixed: Striking an optimal balance between availability and TCO
Not only does the mixed DC deployment solution support the
mix of different power densities to address high-density
deployment and hotspot drift, it also supports mix of different
tiers. Determining availability requirements according to
business types, the solution avoids excessive investment,
thereby striking an optimal balance between availability and
TCO.

Green Data Centers

Modular: on-demand deployment, efficient expansion

Allowing for on-demand deployment and efficient expansion,

Huawei DC solution can flexibly meet fast-growing demands,
and effectively improve the utilization rate of equipment and
returns on investment (ROI) through phased investment.

Green Data Centers

Full-Life-Cycle Integration Implementation Is the Core Building
Fast and High-Quality Data Centre
Huawei's DC integration service provides comprehensive
integration solution covering physical infrastructure, network
platform, and business application. The solution provides E2E
professional services for data centres such as planning, design,
construction implementation, project management, and data
migration at different levels, as well as customized turnkey
engineering services.

Green Data Centers

As per experience data, with Huawei's data centre integration
service, customers can significantly reduce the data centre
construction period. On average, the construction period is
reduced by 20%-30% while the service provisioning efficiency of
data centres increased by 65% and related investment reduced
by 30%. In some areas, Huawei is able to design super energysaving data centre with a PUE rating of less than 1.3, which can
dramatically reduce OPEX, increase customer revenue, and
give customers extra competitive edges.

5.3

EVALUATING
IMPLEMENTATIONS

Overview of Evaluating Cloud Computing

Implementations

The evaluation of performance factors,

management requirements and satisfaction factors
Typical questions to be asked are:
How long does it take to resolve incidents and problems?
How good is the security of the Cloud data center?
How does system performance (i.e. connection and transaction
speeds) compare to your own data center and private network?
Advice: It makes sense to do a comparative study of several
providers before you sign a contract.

Evaluating Cloud Implementations

Power savings
Floor space savings
Network infrastructure
Maintenance
Software licensing
Time to value
Trial period

Service
Wiser investment
Security
Compliance
Faster delivery of what
you want
Less capital expense
Short-term needs

Performance, Requirements and Satisfaction

Try before you buy!
Demand a trial period
Do not commit until you are certain it works the way you want,
especially when considering a completely new software package
or completely new service!

Evaluation of service providers and services:

what you get for the money
You need a Governance framework!
Performance
monthly technical performance reports
exception reports
quarterly management reviews.
Compliance
Third party statements for:
SAS70, ISAE3402
ISO/IEC 20000, 27001, 9001, etc.

5.4

CASE STUDIES

Amazon Cloud Users:

New York Times and Nasdaq (4/08)
Both companies used Amazons cloud offering
New York Times
Didnt coordinate with Amazon, used a credit card!
Used EC2 and S3 to convert 15 million scanned news articles to PDF (4TB
data)
Took 100 Linux computers 24 hours (would have taken months on NYT
computers
It was cheap experimentation, and the learning curve isn't steep.
Derrick Gottfrid, Nasdaq
Nasdaq
Uses S3 to deliver historic stock and fund information
Millions of files showing price changes of entities over 10 minute
segments
The expenses of keeping all that data online [in Nasdaq servers] was too
high. Claude Courbois, Nasdaq VP
Created lightweight Adobe AIR application to let users view data

Example 2: IBM-Google Cloud

Google and IBM plan to roll out a worldwide network of servers for a
cloud computing infrastructure Infoworld
Initiatives for universities
Architecture
Open source
Linux hosts
Xen virtualization (virtual machine monitor)
Apache Hadoop (file system)
open-source software for reliable, scalable, distributed
computing
IBM Tivoli Provisioning Manager

Example 3: Alabama State University

Alabama State University and Cloud Sherpas Develop Self-Service Account
Provisioning for Google Apps with Additional Security and Student
Authentication Features
Challenges: the need to provision each student, faculty, and staff member with
a username and password combination.

Results:With Cloud Sherpas development of the custom application for user

self-provisioning, Alabama State was able to achieve its goals of reducing IT

resources committed to user-provisioning and saving students a trip to the help
desk to create their accounts. Alabama State and Cloud Sherpas are now
exploring ways to extend this application to help provision accounts in other
university systems, such as Blackboard, Peoplesoft, etc.

Engineering Firm Virtualizes Field Servers, Saves $3.2

Million, with Switch to Hyper-V
Engineering firm CH2M HILL was an early user of virtualization
software to lower server costs. However, when the global
economy began to slump in 2007, the company sought a more
cost-effective virtualization solution than VMware. It switched to
the Windows Server 2008 R2 Datacenter operating system with
Hyper-V virtualization technology, and also deployed Microsoft
System Center data center solutions to simplify server
management. With the switch to Hyper-V, CH2M HILL projects
software savings of up to U.S.$280,000 over the next three to
five years and hardware savings of up to $3 million by
virtualizing field servers, which was cost-prohibitive with
VMware. Additionally, the company foresees reducing server
management work by 30 percent, giving staff more time to focus
on strategic work. CH2M HILL will also be able to extend high
availability to field servers by using Hyper-V.

Appliance Manufacturer Saves 1.5 Million with

Global Virtualization Solution
Miele & Cie is a manufacturer of premium household appliances
that are distributed worldwide. To reduce server sprawl and data
center costs, Miele had deployed a large virtualization solution
based on VMware. However, to expand its virtualized
environment, the company evaluated and then deployed a
Microsoft solution based on Windows Server 2008 R2
Datacenter with Hyper-V technology and managed with
Microsoft System Center products. So far, Miele has migrated
200 virtual machines from VMware to Hyper-V, and plans to
migrate 350 more by mid 2011. To date, Miele estimates saving
1.5 million (approximately U.S.$1.8 million) with global
virtualization on hardware by decreasing physical server needs
by more than 50 percent and by improving administrators
productivity and reducing licensing costs.

NASA BeAMartian Website

Researchers at the NASA Jet Propulsion Laboratory
(NASA/JPL) wanted to solve two different challengesproviding
public access to vast amounts of Mars-related exploration
images, and engaging the public in activities related to NASAs
Mars Exploration Program in order to encourage learning in
science, technology, engineering, and mathematics. Using a
variety of technologies, NASA/JPL created its new BeAMartian
Web site. The site provides entertaining and engaging ways to
view and interact with information delivered by Mars-based
rovers and orbiters. The goal is to let the public participate in
exploration, making contributions to data processing and
analysis. It also provides a platform that lets developers
collaborate with NASA on solutions that can help scientists
analyze vast amounts of information that can be used to
understand the universe and support future space exploration.

NASA
Following extensive research, NASA/JPL launched a new Web
site called BeAMartian that is designed to attract citizenscientists to Mars exploration activities. The site was built using
a variety of technologies, including the cloud-based Windows
Azure platform, Silverlight, a cross-platform Web browser plug-in
that delivers rich content and interactivity, and Windows Azure
Marketplace DataMarket, a service that lets developers and
organizations create and consume applications and content on
the Azure platform. The site is can be viewed using the most
popular Web browsers, including Internet Explorer, Firefox, and
Safari.

NASA

The BeAMartian site gives citizens a chance to view hundreds of

thousands of large, high-resolution Mars images. Site visitors
can pan, zoom, and explore the planet through images from
Mars landers, roving explorers, and orbiters. The images are
stored in the Planetary Data System, a huge data repository
maintained by NASA/JPL.

NASA
Although the tools for retrieving the data from the Planetary Data
System are largely geared for scientists and other experts, the
BeAMartian site makes it much easier for the general public to
work with the Mars data. To do this, Microsoft and NASA
working with Mondo Robot, a Colorado-based design firm, and
the Arizona State University Mars Space Flight Facility
developed a way for citizens to participate in science using
casual game-like experiences. For example, Mapping Mars
lets citizen scientists perform map stitching activities in which
they align images from different orbiters, but with the same geocoordinates, to build a more accurate global map of the planet
than can be achieved by computers alone.

NASA
The BeAMartian site has successfully demonstrated how Web
technology can help an organization engage with a large,
dispersed group of users to view graphically rich content and
participate in activities that involve massive amounts of data.
The site has helped NASA/JPL raise awareness of its Marsrelated missions and research activities. It has also helped
NASA/JPL engage with a large international audience and, in
the process, promote its goal of generating excitement around
the technical skills needed for future space exploration,
particularly the STEM disciplines. Additionally, the site is helping
NASA/JPL fulfill its obligations to make its data more accessible
to the general public while assisting NASA/JPL scientists in their
work.

LexisNexis Case Study

ISV Builds Innovative Mobile App for Lawyers 25 Percent Faster with Cloud Solution

LexisNexis, a leading provider of content-enabled workflow

solutions for law firms, saw an opportunity to meet growing
demand for case and client information on mobile devices. In
looking to build a mobile version of its Time Matters solution, it
sought to combine fast, real-time access to on-premises practice
information with rigorous data protection. LexisNexis chose to
build and host its new mobile offering on Windows Azure. To
accelerate time-to-market, it engaged with Microsoft Services,
which provided end-to-end solution architecture planning and
development guidance. By taking advantage of innovative
capabilities in Windows Azure and assistance from Microsoft
Services, LexisNexis developed its next-generation Time
Matters Mobility service 25 percent faster than planned,
delivering added value to customers and improving subscription
retention rates as a result.

LexisNexis

As executives at LexisNexis looked at ways to extend the value

of Time Matters, they noted two related industry trends. First,
lawyers rely increasingly on their mobile devices to stay
productive while away from the office; they want the ability to
securely access their firms data and documents from anywhere.
Second, law firms are providing staff with greater freedom of
choice when it comes to which mobile devices they can use for
work.

LexisNexis Solution

LexisNexis weighed several options, including using Amazon

Elastic Compute Cloud services and hosting the application in
its own data center. The company ultimately decided to
useWindows Azure, the Microsoft cloud services development,
hosting, and management environment, to deliver its new Time
Matters app for mobile devices, which is called Time Matters
Mobility. Time Matters Mobility from LexisNexis supports
numerous mobile operating systems, including Android,
BlackBerry OS, iOS, and Windows Phone 7.

LexisNexis Solution
LexisNexis executives considered a number of factors in making
the decision to adopt Windows Azure over other alternatives.
We quickly realized that, with Windows Azure, we could gain
the on-demand scalability we needed in a much more costeffective way than if we attempted to build out our own multitier
infrastructure, says Paransky. Plus, the Microsoft solution
offers much more than just redundant hardware; it provides a
complete set of familiar tools to manage the entire development
lifecycle. And it gave us the chance to work directly with the
people who know the technology best to make sure we got our
application to market as fast as possible.

Mahindra Satyam
Mahindra Satyam, a leading global IT services provider, can
implement business intelligence (BI) solutions faster and more
affordably with its iDecisions framework. The company
implemented the iDecisionsbased BI solution by taking
advantage of Microsoft SQL Server 2012 built-in features, such
as enhanced analytics and reporting capabilities and support for
cloud-based implementations. As a result, the company can
significantly cut deployment time and costs and improve the
end-user experience.

Mahindra Satyam
As an early adopter of Microsoft SQL Server 2012 Enterprise
data management software, Mahindra Satyam believed that
Microsoft had the right platform for its BI solutions. Ramesh
Kumar Koona, Assistant Vice President at Mahindra Satyam,
says, We liked the integrated nature of the Microsoft tool
stackwhen you buy SQL Server 2012, you get everything you
need bundled in one license.

Mahindra Satyam
When Mahindra Satyam began exploring SQL Server products,
it was already looking forward to implementing its BI solutions in
the cloud with the Windows Azure platform and services and
products such as Windows Azure and Microsoft SQL Azure.
Some customers could go directly to the cloud to build new
infrastructure and take advantage of cloud-based scalability,
while others might choose a hybrid cloud solution. One of the
things we liked about SQL Server 2012 is that its a cloud-ready
version, says Koona. We could deploy our BI solutions onpremises and later migrate the same solution to the Windows
Azure platform.

Large American Retail Chain

When youre approaching the end-of-life cycle on hundreds of

servers and start calculating the cost of replacement for all of
that physical hardware, it comes out to a very large number,
says the technical architecture manager of a large American
retail chain. Thats one of the main challenges of maintaining a
physical IT infrastructure for a company as large as ours. We
started looking at alternatives to a 1:1 replacement, and that
naturally led us to VMware.

Large American Retail Chain

Using VMware Infrastructure 3 to create a virtual infrastructure

has done more than help the company to cost-effectively refresh
its IT environment. It has also simplified overall management
and provided a higher degree of availability. Using built-in
features like VMware High Availability, the company is able to
provide fault tolerance and redundancy for its mission-critical
applications. From a business continuity standpoint, you
couldnt ask for a better scenario than what VMware provides,
says the technical architecture manager. You just cant get that
type of instant failover with physical servers.

Large American Retail Chain

Additionally, VMware vCenter Server gives the company a
view of all the hosts and virtual machines in the datacenter from
a single console. Having one place to go to manage so many
servers is a dream come true, says the technical architecture
manager. Its made life a lot easier for me and my team, so we
can focus on other aspects of the business.

EDS Turns to VMware Server Virtualization to

Support Australian Customers
The increasing maturity of virtualization and the growing

support from independent software vendors is helping fuel

deployment of VMware virtualization across production
environments. This means more businesses are redeploying or
disposing of inefficient hardware and consolidating their data
center infrastructure onto multiple virtual server environments,
thus contributing to a reduction in power consumption.
David Simpfendorfer
Asia-Pacific ITO Product Marketing Manager, EDS

EDS Turns to VMware Server Virtualization to

Support Australian Customers
VMware virtualization technologies provide one of the major
avenues for EDS and its customers to reduce their
environmental footprint. Some large Australian businesses are
taking advantage of these technologies to consolidate multiple
virtual servers onto a reduced number of physical servers.
One key EDS client has elected to use a virtualized environment
based on VMware ESX Server. The environment incorporates:
VMware Virtual SMP to enable virtual machines to exploit
multiple processors
VMware VMotion to move virtual machines from one physical
server to another while the virtual environment is running
VMware P2V to migrate physical servers to virtual machines
VMware High Availability to ensure availability of applications
running on virtual machines.

EXIN Cloud Computing Foundation exam

Number of questions: 40
Type of questions: Multiple choice
Tool: web based or paper based
Pass rate: 65%
Pass mark: 26
Duration: 1 hour
Open book: no
Sample exam: www.exin.com