CLOUD COMPUTING

ASSIGNMENT-2

16691A0555

Naga Sai Prasad Reddy

1.Federation in the cloud:

Cloud federation is the practice of interconnecting the cloud computing environments of two or more service

providers for the purpose of load balancing traffic and accommodating spikes in demand.Cloud federation requires one

provider to wholesale or rent computing resources to another cloud provider. Those resources become a temporary or

permanent extension of the buyer's cloud computing environment, depending on the specific federation agreement between

providers. 

Four Levels of Federation:

Technically speaking, federation is the ability for two XMPP (Extensible Messaging and Presence Protocol)

servers in different domains to exchange XML stanzas. According to the XEP-0238: XMPP Extension Protocol Flows for

Inter-Domain Federation, there are at least four basic types of federation Permissive, Verified, Encrypted and Trusted

federation

Permissive federation

Permissive federation occurs when a server accepts a connection from a peer network server without verifying its

identity using DNS lookups or certificate checking. The lack of verification or authentication may lead to domain spoofing

(the unauthorized use of a third-party domain name in an email message in order to pretend to be someone else),which opens

the door to widespread spam and other abuses.

Verified federation

This type of federation occurs when a server accepts a connection from a peer after the identity of the peer has

been verified. It uses information obtained via DNS and by means of domain-specific keys exchanged beforehand. The
connection is not encrypted, and the use of identity verification effectively prevents domain spoofing. To make this work,

federation requires proper DNS setup, and that is still subject to DNS poisoning attacks. Verified federation has been the

default service policy on the open XMPP since the release of the open-source jabberd 1.2 server.

 Encrypted federation

In this mode, a server accepts a connection from a peer if and only if the peer supports Transport Layer

Security (TLS) as defined for XMPP in Request for Comments (RFC) 3920. The peer must present a digital certificate. The

certificate may be self-signed, but this prevents using mutual authentication. If this is the case, both parties proceed to weakly

verify identity using Server Dialback. XEP-0220 defines the Server Dialback protocol, which is used between XMPP servers

to provide identity verification.

Trusted federation

Here, a server accepts a connection from a peer only under the stipulation that the peer supports TLS and the

peer can present a digital certificate issued by a root certification authority (CA) that is trusted by the authenticating server.

The list of trusted root CAs may be determined by one or more factors, such as the operating system, XMPP server software,

or local service policy.

In trusted federation, the use of digital certificates results not only in a channel encryption but also in strong

authentication. The use of trusted domain certificates effectively prevents DNS poisoning attacks but makes federation

2.The Open Cloud Consortium

The Open Commons Consortium is a non-profit venture which provides cloud computing and data commons

resources to support "scientific, environmental, medical and health care research improve the performance of storage and

computing clouds spread across geographically disparate data centers and promote open frameworks that will let clouds

operated by different entities work seamlessly together.

● OCC manages and operates resources including the Open Science Data Cloud, which is a multi-petabyte scientific
data sharing resource.

● The purpose of the Open Cloud Consortium is to support the development of standards for cloud computing.
● To develop a framework for interoperability among various clouds.
 ● The OCC supports the development of benchmarks for cloud computing and is a strong proponent of open source
software to be used for cloud computing.

● The OCC is organized into several different working groups. For example, the Working Group on Standards and
Interoperability for Clouds .

● The focus of this working group is on developing technology for wide area clouds, including creation of
methodologies and benchmarks to be used for evaluating wide area clouds.

● The group also sponsors workshops and other events related to cloud computing.
● That Provide On-Demand Computing Capacity focuses on developing standards for interoperating clouds that
provide on-demand computing capacity.

● The open source Hadoop system follows this architecture. These types of cloud architectures support the concept of
on demand computing capacity.

● There is also a Working Group on Wide Area Clouds

●  The Working Group on Information Sharing, Security, and Clouds has a primary focus on standards and standards-
based architectures for sharing information between clouds.

3.The Distributed Management Task Force

The Distributed Management Task Force enables more effective management of millions of IT systems (cloud,

virtualization, network, servers and storage) worldwide by bringing the IT industry together to collaborate on the

development, validation, promotion of systems management standards and create standards that enable interoperable IT

management. 160 member companies and organizations, and more than 4,000 active participants crossing 43 countries.

● The DMTF board of directors is led by 16 innovative, industry-leading technology companies.

● Advanced Micro Devices, Dell, EMC, IBM, Intel, Microsoft, Oracle, Sun Mincrosystems
● The DMTF started the Virtualization Management Initiative (VMAN).
● The VMAN unleashes the by delivering broadly supported interoperability and portability standards to virtual
power of virtualization computing environments.

● Enable IT managers to deploy preinstalled, preconfigured solutions across heterogeneous computing networks.
● This helps is lowering support and training cost of IT managers.
● Helping reduce number of systems deployed and managed.
● Reduces hardware cost, mitigates power and cooling needs.
 ● DMTF using existing standards for server hardware management tool vendors can easily enable IT managers to
manage their virtual environments in the context of the underlying hardware.

4.Microsoft Azure Services platform

Microsoft Azure (formerly Windows Azure is a cloud computing service created by Microsoft for building,

testing, deploying, and managing applications and services through a global network of Microsoft-managed data centers.

It provides software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) and

supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party

software and systems.

Microsoft lists over 600 Azure services, of which some are covered below:

Compute

Virtual machines, infrastructure as a service (IaaS) allowing users to launch general-purpose Microsoft Windows and

Linux virtual machines, as well as preconfigured machine images for popular software packages. App services, platform as a

service (PaaS) environment letting developers easily publish and manage websites.

Python, or select from several open source applications from a gallery to deploy. This comprises one aspect of the

platform as a service (PaaS) offerings for the Microsoft Azure Platform. It was renamed to Web Apps in April 2015.

WebJobs, applications that can be deployed to an App Service environment to implement background processing that

can be invoked on a schedule, on demand, or run continuously. The Blob, Table and Queue services can be used to

communicate between WebApps and WebJobs and to provide state.

Storage services

Storage Services provides REST and SDK APIs for storing and accessing data on the cloud.Table Service lets

programs store structured text in partitioned collections of entities that are accessed by partition key and primary key. It's a

NoSQL non-relational database.

Blob Service allows programs to store unstructured text and binary data as blobs that can be accessed by a

HTTP(S) path. Blob service also provides security mechanisms to control access to data.Queue Service lets programs
communicate asynchronously by message using queues.File Service allows storing and access of data on the cloud using the

REST APIs or the SMB protocol.

Data management

Azure Search provides text search and a subset of OData's structured filters using REST or SDK APIs.Cosmos

DB is a NoSQL database service that implements a subset of the SQL SELECT statement on JSON documents.Redis Cache

is a managed implementation of Redis.StorSimple manages storage tasks between on-premises devices and cloud storage.

SQL Database, formerly known as SQL Azure Database, works to create, scale and extend applications into the

cloud using Microsoft SQL Server technology. It also integrates with Active Directory and Microsoft System Center and

Hadoop.

5.Amazon Cloud Front:

Amazon CloudFront is a content delivery network (CDN) offered by Amazon Web Services. Content delivery

networks provide a globally-distributed network of proxy servers which cache content, such as web videos or other bulky

media, more locally to consumers, thus improving access speed for downloading the content.

Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as

.html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers

called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge

location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.

If the content is already in the edge location with the lowest latency, CloudFront delivers it immediately. If the

content is not in that edge location, CloudFront retrieves it from an Amazon S3 bucket or an HTTP server (for example, a

web server) that you have identified as the source for the definitive version of your content.

This concept is best illustrated by an example. Suppose you're serving an image from a from a traditional web

server, not from CloudFront. For example, you might serve an image, sunsetphoto.png, using the URL

http://example.com/sunsetphoto.png. CloudFront speeds up the distribution of your content by routing each user request to the

edge location that can best serve your content.

6.Cloud Security Challenges

  Storage services provided by one cloud vendor may be incompatible with another vendor’s services should you

decide to move from one to the other.

Vendors are known for creating what the hosting world calls “sticky services”—services that an end user may

have difficulty transporting from one cloud vendor to another (e.g., Amazon’s “Simple Storage Service” [S3] is incompatible

with IBM’s Blue Cloud, or Google, or Dell).

One of the key challenges in cloud computing is data-level security.

There is a huge body of standards that apply for IT security and compliance, governing most business interactions

that will, over time, have to be translated to the cloud.

Challenge 1: DDoS attacks

A DDoS attack is designed to overwhelm website servers so it can no longer respond to legitimate user requests. If a

DDoS attack is successful, it renders a website useless for hours, or even days. This can result in a loss of revenue, customer

trust and brand authority.

Complementing cloud services with DDoS protection is no longer just good idea for the enterprise; it’s a necessity.

Websites and web-based applications are core components of 21st century business and require state-of-the-art security.

Challenge 2: Data breaches

Known data breaches in the U.S. hit a record-high of 738 in 2014, according to the Identity Theft Research Center,

and hacking was (by far) the number one cause. That’s an incredible statistic and only emphasizes the growing challenge to

secure sensitive data.

Traditionally, IT professionals have had great control over the network infrastructure and physical hardware

(firewalls, etc.) securing proprietary data. In the cloud (in private, public and hybrid scenarios), some of those controls are

relinquished to a trusted partner. Choosing the right vendor, with a strong record of security, is vital to overcoming this

challenge.

Challenge 3: Data loss

When business critical information is moved into the cloud, it’s understandable to be concerned with its

security. Losing data from the cloud, either though accidental deletion, malicious tampering (i.e. DDoS) or an act of nature
brings down a cloud service provider, could be disastrous for an enterprise business. Often a DDoS attack is only a diversion

for a greater threat, such as an attempt to steal or delete data.

Challenge 4: Insecure access points

One of the great benefits of the cloud is it can be accessed from anywhere and from any device. But, what if

the interfaces and APIs users interact with isn’t secure? Hackers can find these types of vulnerabilities and exploit them.

A behavioral web application firewall examines HTTP requests to a website to ensure it is legitimate

traffic. This always-on device helps protect web applications from security breaches.

Challenge 5: Notifications and alerts

Awareness and proper communication of security threats is a cornerstone of network security and the same

goes for cloud security. Alerting the appropriate website or application managers as soon as a threat is identified should be

part of a thorough security plan. Speedy mitigation of a threat relies on clear and prompt communication so steps can be taken

by the proper entities and impact of the threat minimized.