Beruflich Dokumente
Kultur Dokumente
____________
Cloud Broker:
• Service Intermediation
• Service Aggregation
• Service Arbitrage
Cloud Auditor:
• Security Audit
• Privacy Impact Audit
• Performance Audit
Iteraction between the components:
(OR)
2. a. Give a detailed note on service models of cloud. CO5 10
SaaS: Software as a Service, software is available on the cloud and
the respnsiblity of the same lies with the provider eg: gmail
PaaS: Platform as a Service, the entire platform to build an app is
available on the cloud and the respnsiblity of the same lies with the
provider eg: google app engine
IaaS: Infrastructure as a Service, the entire infra like storage,
comoute, network is available on cloud and the responsibility of the
same lies with the provider eg: AWS EC2
2. hardware level,
Hardware-level virtualization is performed right on
top of the bare hardware.
On the one hand, this approach generates a virtual
hardware environment for a VM.
On the other hand, the process manages the
underlying hardware through virtualization.
The idea is to virtualize a computer’s resources, such
as its processors, memory, and I/O devices. The
intention is to upgrade the hardware utilization rate
by multiple users concurrently.
5. application level
Virtualization at the application level virtualizes an
application as a VM. On a traditional OS, an application
often runs as a process.
Therefore, application-level virtualization is also known as
process-level virtualization.
The most popular approach is to deploy high level language
(HLL) VMs. In this scenario, the virtualization layer sits as
an application program on top of the operating system, and
the layer exports an abstraction of a VM that can run
programs written and compiled to a particular abstract
machine definition.
Type 1 hypervisor:
Type 1
(bare-
G VM1 VM2
ue
Hypervisor
H
o Hardware
(OR)
4. a. Write a note on CPU, Memory and I/O virtualization. CO3 10
CPU:
A VM is a duplicate of an existing computer system in
which a majority of the VM instructions are executed on the
host processor in native mode. Thus, unprivileged
instructions of VMs run directly on the host machine for
higher efficiency. Other critical instructions should be
handled carefully for correctness and stability.
The critical instructions are divided into three categories:
privileged instructions, control –sensitive instructions, and
behavior-sensitive instructions.
Privileged instructions execute in a privileged mode and will
be trapped if executed outside this mode.
Memory:
Virtual memory virtualization is similar to the virtual
memory support provided by modern operating systems. I n
a traditional execution environment, the operating system
maintains mappings of virtual memory to ma chine memory
using page tables, which is a one-stage mapping from virtual
memory to machine memory.
However, in a virtual execution environment, virtual
memory virtualization involves sharing the physical system
memory in RAM and dynamically allocating it to the
physical memory of the VMs.
I/O:
There are three ways to implement I /O virtualization: full
device emulation, para-virtualization, and direct I /O.
I /O virtualization. Generally, this approach emulates well-
known, real-world devices. All the functions of a device or
bus infrastructure, such as device enumeration,
identification, interrupts, and DMA, are replicated in
software. This software is located in the VMM and acts as a
virtual device.
(OR)
6. a. Give a detailed summary on resource provisioning and platform CO2 10
deployment.
Types of cloud provisioning
The cloud provisioning process can be conducted using one of three
delivery models. Each delivery model differs depending on the
kinds of resources or services an organization purchases, how and
when the cloud provider delivers those resources or services, and
how the customer pays for them.
The three models are advanced provisioning, dynamic provisioning
and user self-provisioning.
Platform Deployment:
The services can be deployed in cloud platform in 4 different ways
as follows:
Public clouds:
• The instances are hosted and made available publically.
• Owned by the organization selling cloud services.
• Cloud infrastructure is available to the large group of people.
• The hardware resources are virtualized up on the internet (off
premise) e.g, gmail, onedrive etc.
Advantages:
• Customers in public cloud are benefitted economically since cost
of infrastructure is spread across all users.
• Clients on public clouds are provided with continuous, on-demand
scalability.
• Public clouds are very efficient in shared resources.
Private clouds:
• Cloud infrastructure is solely operated for the organization
• Managed by the third party or organization either on or off
premise
• Confined for a particular group of people
• They are not shared with other organizations
• Private clouds are more expensive but secure
Variations:
• On-Premise Private Cloud
• Externally hosted private cloud
Usage:
• Data sovereignty and cloud efficiencies is required
• Greater server capacity is available
Hybrid clouds (which combine both public and private):
• It is a combination of two or more cloud models.
• Non – critical apps are deployed in public.
• Critical and sensitive apps are deployed in private.
• Leasing public cloud services when private cloud capacity is
insufficient (e.g., Cloud burst).
Usage:
• An organization concerned about security wants to use SaaS
application • Companies want to offer services for various markets.
By this, a public cloud can be used for client interaction and private
cloud can be used to keep the data secure
Advantages:
• The hybrid architecture offers the benefits of multiple deployment
models
• Hybrid clouds help in maintaining business efficiently
Community clouds:
• This is a multi-tenant service model governed, shared, managed
and secured among several organizations or a service provider. •
These are a hybrid form of private clouds
Usage:
• Resources need to be shared between several organizations from a
specific group with common computing goals. • Eg: Hospitals use
private HIPAA compliant cloud
(OR)
8. a. Describe the architecture of EUCALYTUS in detail. CO5 10
• Cloud Controller: Monitor the availability of resources on
various components of the cloud infrastructure, including
hypervisor nodes that are used to actually provision the
instances and the cluster controllers that manage the
hypervisor nodes
• Cluster Controller: To control the virtual network available
to the instances
• To collect information about the NCs registered with it and
report it to the CLC
• Node Controller: Queries to the OS about the node’s
physical resources and status of VM
• Collection of data related to the resource availability and
utilization on the node and reporting the data to CC
• Storage Controller: Creation of persistent EBS devices
• Interfacing with the storage systems (NFS, iSCSI)
• Walrus: Allows users to create, delete buckets also put, get
and delete objects
• Interface compatibility with Amazon S3
• Supports AMI image-management interface
Compulsory:
9. a. Decribe the process of Identity Management and Access Control in CO1 10
detail.
Users
The "identity" aspect of AWS Identity and Access
Management (IAM) helps you with the question "Who
is that user?", often referred to as authentication.
Instead of sharing your root user credentials with
others, you can create individual IAM users within your
account that correspond to users in your organization.
IAM users are not separate accounts; they are users
within your account. Each user can have its own
password for access to the AWS Management
Console.
Groups:
It contains no of users who are logically groupe for desired
activities.
Roles
Roles are assigned to AWS service to access another service.
Policies
Those are set of permissions to access a resource in a cloud
environnment
Shared access to your AWS account
Granular permissions