Beruflich Dokumente
Kultur Dokumente
ASSIGNMENT-2
16691A0555
Cloud federation is the practice of interconnecting the cloud computing environments of two or more service
providers for the purpose of load balancing traffic and accommodating spikes in demand.Cloud federation requires one
provider to wholesale or rent computing resources to another cloud provider. Those resources become a temporary or
permanent extension of the buyer's cloud computing environment, depending on the specific federation agreement between
providers.
Technically speaking, federation is the ability for two XMPP (Extensible Messaging and Presence Protocol)
servers in different domains to exchange XML stanzas. According to the XEP-0238: XMPP Extension Protocol Flows for
Inter-Domain Federation, there are at least four basic types of federation Permissive, Verified, Encrypted and Trusted
federation
Permissive federation
Permissive federation occurs when a server accepts a connection from a peer network server without verifying its
identity using DNS lookups or certificate checking. The lack of verification or authentication may lead to domain spoofing
(the unauthorized use of a third-party domain name in an email message in order to pretend to be someone else),which opens
Verified federation
This type of federation occurs when a server accepts a connection from a peer after the identity of the peer has
been verified. It uses information obtained via DNS and by means of domain-specific keys exchanged beforehand. The
connection is not encrypted, and the use of identity verification effectively prevents domain spoofing. To make this work,
federation requires proper DNS setup, and that is still subject to DNS poisoning attacks. Verified federation has been the
default service policy on the open XMPP since the release of the open-source jabberd 1.2 server.
Encrypted federation
In this mode, a server accepts a connection from a peer if and only if the peer supports Transport Layer
Security (TLS) as defined for XMPP in Request for Comments (RFC) 3920. The peer must present a digital certificate. The
certificate may be self-signed, but this prevents using mutual authentication. If this is the case, both parties proceed to weakly
verify identity using Server Dialback. XEP-0220 defines the Server Dialback protocol, which is used between XMPP servers
Trusted federation
Here, a server accepts a connection from a peer only under the stipulation that the peer supports TLS and the
peer can present a digital certificate issued by a root certification authority (CA) that is trusted by the authenticating server.
The list of trusted root CAs may be determined by one or more factors, such as the operating system, XMPP server software,
In trusted federation, the use of digital certificates results not only in a channel encryption but also in strong
authentication. The use of trusted domain certificates effectively prevents DNS poisoning attacks but makes federation
The Open Commons Consortium is a non-profit venture which provides cloud computing and data commons
resources to support "scientific, environmental, medical and health care research improve the performance of storage and
computing clouds spread across geographically disparate data centers and promote open frameworks that will let clouds
● OCC manages and operates resources including the Open Science Data Cloud, which is a multi-petabyte scientific
data sharing resource.
● The purpose of the Open Cloud Consortium is to support the development of standards for cloud computing.
● To develop a framework for interoperability among various clouds.
● The OCC supports the development of benchmarks for cloud computing and is a strong proponent of open source
software to be used for cloud computing.
● The OCC is organized into several different working groups. For example, the Working Group on Standards and
Interoperability for Clouds .
● The focus of this working group is on developing technology for wide area clouds, including creation of
methodologies and benchmarks to be used for evaluating wide area clouds.
● The group also sponsors workshops and other events related to cloud computing.
● That Provide On-Demand Computing Capacity focuses on developing standards for interoperating clouds that
provide on-demand computing capacity.
● The open source Hadoop system follows this architecture. These types of cloud architectures support the concept of
on demand computing capacity.
The Distributed Management Task Force enables more effective management of millions of IT systems (cloud,
virtualization, network, servers and storage) worldwide by bringing the IT industry together to collaborate on the
development, validation, promotion of systems management standards and create standards that enable interoperable IT
management. 160 member companies and organizations, and more than 4,000 active participants crossing 43 countries.
● Enable IT managers to deploy preinstalled, preconfigured solutions across heterogeneous computing networks.
● This helps is lowering support and training cost of IT managers.
● Helping reduce number of systems deployed and managed.
● Reduces hardware cost, mitigates power and cooling needs.
● DMTF using existing standards for server hardware management tool vendors can easily enable IT managers to
manage their virtual environments in the context of the underlying hardware.
Microsoft Azure (formerly Windows Azure is a cloud computing service created by Microsoft for building,
testing, deploying, and managing applications and services through a global network of Microsoft-managed data centers.
It provides software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) and
supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party
Microsoft lists over 600 Azure services, of which some are covered below:
Compute
Virtual machines, infrastructure as a service (IaaS) allowing users to launch general-purpose Microsoft Windows and
Linux virtual machines, as well as preconfigured machine images for popular software packages. App services, platform as a
service (PaaS) environment letting developers easily publish and manage websites.
Python, or select from several open source applications from a gallery to deploy. This comprises one aspect of the
platform as a service (PaaS) offerings for the Microsoft Azure Platform. It was renamed to Web Apps in April 2015.
WebJobs, applications that can be deployed to an App Service environment to implement background processing that
can be invoked on a schedule, on demand, or run continuously. The Blob, Table and Queue services can be used to
Storage services
Storage Services provides REST and SDK APIs for storing and accessing data on the cloud.Table Service lets
programs store structured text in partitioned collections of entities that are accessed by partition key and primary key. It's a
Blob Service allows programs to store unstructured text and binary data as blobs that can be accessed by a
HTTP(S) path. Blob service also provides security mechanisms to control access to data.Queue Service lets programs
communicate asynchronously by message using queues.File Service allows storing and access of data on the cloud using the
Data management
Azure Search provides text search and a subset of OData's structured filters using REST or SDK APIs.Cosmos
DB is a NoSQL database service that implements a subset of the SQL SELECT statement on JSON documents.Redis Cache
is a managed implementation of Redis.StorSimple manages storage tasks between on-premises devices and cloud storage.
SQL Database, formerly known as SQL Azure Database, works to create, scale and extend applications into the
cloud using Microsoft SQL Server technology. It also integrates with Active Directory and Microsoft System Center and
Hadoop.
Amazon CloudFront is a content delivery network (CDN) offered by Amazon Web Services. Content delivery
networks provide a globally-distributed network of proxy servers which cache content, such as web videos or other bulky
media, more locally to consumers, thus improving access speed for downloading the content.
Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as
.html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers
called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge
location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.
If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately. If the
content is not in that edge location, CloudFront retrieves it from an Amazon S3 bucket or an HTTP server (for example, a
web server) that you have identified as the source for the definitive version of your content.
This concept is best illustrated by an example. Suppose you're serving an image from a from a traditional web
server, not from CloudFront. For example, you might serve an image, sunsetphoto.png, using the URL
http://example.com/sunsetphoto.png. CloudFront speeds up the distribution of your content by routing each user request to the
Vendors are known for creating what the hosting world calls “sticky services”—services that an end user may
have difficulty transporting from one cloud vendor to another (e.g., Amazon’s “Simple Storage Service” [S3] is incompatible
There is a huge body of standards that apply for IT security and compliance, governing most business interactions
A DDoS attack is designed to overwhelm website servers so it can no longer respond to legitimate user requests. If a
DDoS attack is successful, it renders a website useless for hours, or even days. This can result in a loss of revenue, customer
Complementing cloud services with DDoS protection is no longer just good idea for the enterprise; it’s a necessity.
Websites and web-based applications are core components of 21st century business and require state-of-the-art security.
Known data breaches in the U.S. hit a record-high of 738 in 2014, according to the Identity Theft Research Center,
and hacking was (by far) the number one cause. That’s an incredible statistic and only emphasizes the growing challenge to
Traditionally, IT professionals have had great control over the network infrastructure and physical hardware
(firewalls, etc.) securing proprietary data. In the cloud (in private, public and hybrid scenarios), some of those controls are
relinquished to a trusted partner. Choosing the right vendor, with a strong record of security, is vital to overcoming this
challenge.
When business critical information is moved into the cloud, it’s understandable to be concerned with its
security. Losing data from the cloud, either though accidental deletion, malicious tampering (i.e. DDoS) or an act of nature
brings down a cloud service provider, could be disastrous for an enterprise business. Often a DDoS attack is only a diversion
One of the great benefits of the cloud is it can be accessed from anywhere and from any device. But, what if
the interfaces and APIs users interact with isn’t secure? Hackers can find these types of vulnerabilities and exploit them.
A behavioral web application firewall examines HTTP requests to a website to ensure it is legitimate
traffic. This always-on device helps protect web applications from security breaches.
Awareness and proper communication of security threats is a cornerstone of network security and the same
goes for cloud security. Alerting the appropriate website or application managers as soon as a threat is identified should be
part of a thorough security plan. Speedy mitigation of a threat relies on clear and prompt communication so steps can be taken