Question

When we look at cloud usage the categories can include some of but is not limited to following:

·          SaaS: Software as a Service

·          PaaS: Platform as a Service

·          IaaS: Infrastructure as a Service

·          MaaS: Monitoring as a Service

Research cloud computing. Complete a 2-3-page paper with an abstract and conclusion(plus cover sheet and reference page) that:

·          Describe at least 3 types of cloud computing service categories

·          What are the architecture considerations?

·          Give details of the function of the service with an example

·          What are the advantages and disadvantages of the service?

·          What are the security risk and protection considerations?

·          Do you see any impact on availability and performance?

Specific questions or items to address:

·          Describe at least 3 types of cloud computing service categories

·          What are the architecture considerations?

·          Give details of the function of the service with an example

·          What are the advantages and disadvantages of the service?

·          What are the security risk and protection considerations?

·          Do you see any impact on availability and performance?

Answer 1

Abstract :
The term “cloud computing” is a recent buzzword in the IT world. Behind this fancy poetic phrase there lies a true picture of the future of computing for both from a technical perspective and a social perspective.

According to the IEEE Computer Society Cloud Computing is:
"A paradigm in which information is permanently stored in servers on the Internet and cached temporarily on clients that include desktops, Entertainment centers, table computers, notebooks, wall computers, handhelds, etc."

Cloud computing is aimed at providing IT as a service to the cloud users on-demand basis with greater flexibility, availability, reliability, and scalability with the utility computing model.people can access the information that they need from any device with an Internet connection—including mobile and handheld phones—rather than being chained to the desktop. It also means lower costs, since there is no need to install software or hardware. Today, almost any business or major activity uses, or relies in some form, on IT and IT services. These services need to be enabling and appliance-like, and there must be an economy of- scale for the total-cost-of-ownership to be better than it would be without cyberinfrastructure.

Cloud Architecture:
Cloud architecture the systems architecture of the software systems involved in the delivery of cloud computing comprises hardware and software designed by a cloud architect who typically works for a cloud integrator. It typically involves multiple cloud components communicating with each other over application programming interfaces, usually web services. This closely resembles the Unix philosophy of having multiple programs doing one thing well and working together over universal interfaces. Complexity is controlled and the resulting systems are more manageable than their monolithic counterparts. Cloud architecture extends to the client, where web browsers and/or software applications access cloud applications. Cloud storage architecture is loosely coupled, where metadata operations are centralized enabling the data nodes to scale into the hundreds, each independently delivering data to applications or users.

Cloud –Types :
1) Public Cloud:
Public cloud or external cloud describes cloud computing in the traditional mainstream. Public clouds are run by third parties, and applications from different customers are likely to be mixed together on the cloud’s servers, storage systems, and networks. A public cloud provides services to multiple customers.
2) Private Cloud:
Private clouds are built for the exclusive use of one client, providing the utmost control over data, security, and quality of service. The company owns the infrastructure and has control over how applications are deployed on it. Private clouds can be built and managed by a company’s own IT organization or by a cloud provider.
3) Hybrid Cloud:
Hybrid clouds combine both public and private cloud models. This is most often seen with the use of storage clouds to support Web 2.0 applications.

Cloud computing products and services can be classified into 3 major categories:

They are

1. Platform as a Service (PaaS) :
Cloud vendors are companies that offer cloud computing services and products. One of the services that they provide is called PaaS. Under this, a computing platform such as the operating system is provided to a customer or end-user on a monthly rental basis. Some of the major cloud computing vendors are Amazon, Microsoft, Google etc. Popular examples of PaaS include AWS Elastic Beanstalk, Windows Azure, Heroku, Force.com, Google App Engine, and OpenShift.

Advantages:
there are many great advantages to a PaaS. Here are some of them.
a)One clear advantage to using PaaS is that you only pay for what you need via cloud computing, you are saving money that can be used for other business operations. You will not have to maintain, upgrade, or replace systems and software, and will get the best of the best when it comes to updating technology for your business to use. Freeing up this time and money allows your company to focus on development and operations, promoting visionary thinking and business growth from within.
b)With a PaaS, you can test and implement new applications you have developed quickly. Faster deployment means better business success. Your development teams can try various configurations of an app, test it in different environments and perfect it far faster than is possible in a traditional, on-site manner.
c)As with most cloud services, PaaS offers dynamic scaling. When you need a more robust infrastructure, your provider will make it happen, scaling back when the demand is low. You will only pay for what you use, so you can save money overall, while ensuring that your clients and customers do not have to deal with slow, lagging connections owing to a lack of network capabilities.

Disadvantages:
a)With a PaaS, data security needs to be considered and scrutinized, as information is stored off-site. With the right measures and data practices in place to keep confidential information out of the cloud, you can ensure that the system is private enough for your uses. This can sometimes be a hard sell, however, to executives and other staff outside of the IT department.
b)Not every part of your company’s existing infrastructure may be built for the cloud. If some elements cannot be cloud-enabled successfully, you might have to switch various apps and programs to integrate fully. Or you may need to leave some of these things out of the cloud and within your existing infrastructure.
c)Finally, a less than ideal PaaS provider could leave your company feeling frustrated. You need good levels of speed, reliability, and support to make PaaS worthwhile.

2. Infrastructure as a service (IaaS) : Cloud computing vendors offer infrastructure as a service. One may avail hardware services such as processors, memory, networks etc on the agreed basis for specific duration and price. Popular examples of IaaS include DigitalOcean, Linode, Rackspace, Amazon Web Services (AWS), Cisco Metacloud, Microsoft Azure, and Google Compute Engine (GCE).

Advantages:
a)Less responsibility is on you and your team because both data center infrastructure and environment are handled for you.
b)You get a team of experts to manage your infrastructure for you, increasing your manpower and ensuring the success of your solution.
c)You don’t have to pay the initial start-up costs of purchasing and building infrastructure.
d)You gain increased cost-efficiency and flexibility because you only pay for what you need when you need it.

Disadvantages:
a)If you already have a large team of experts on hand or have already invested in a lot of your own infrastructure, IaaS may not be as beneficial for you.
b)You don’t have fine-tuned control over the data center or any infrastructure within it, which means relinquishing some control.
c)Some very large businesses will save money down the line by investing in ownership of their infrastructure rather than renting it.

3. Software as a Service (SaaS) : Software packages such as CRM or CAD/CAM can be accessed under a cloud computing scheme. Here a customer upon registration is allowed to use software accessible through the net and use it for his or her business process. The related data and work may be stored on local machines or with the service providers. SaaS services may be available on a rental basis or on per-user basis. These are several popular examples of SaaS, including Google GSuite (Apps), Dropbox, Salesforce, Cisco WebEx, SAP Concur, and GoToMeeting.

Advantages:
a)Cost is reduced for customer due to savings on human capital, physical space, electricity, and support when SaaS is provided through a multi-tenant distribution model.
b)Maintenance is easier because applications do not need to be installed on each user’s computer and the vendor can deploy patches and updates throughout the environment at a faster rate.
c)Access is faster because there is no installation or implementation process so getting up and running can be quick. The software is essentially already installed and running.
d)Device and location independence has improved because users can access systems using a web browser regardless of their location or device.

Disadvantages:
a)Security will be time-intensive because each customer needs to take steps to ensure that the vendor has the appropriate controls and systems in place for the various types of data.
b)Contractual obligations differs for each customer and product based on the present obligations. For example, confidentiality may be an issue because third-party contracts may prevent customers from sharing certain data with a vendor.
c)Data localization will be complicated because depending on the type of data and country where the data is located standards can restrict transfer, govern the storage, or expand customer rights.
d)Control of data needs to be significant and should be addressed in the contract to ensure protocols are in place for breach notice, deletion of data, and data accuracy.

The Following can be understood by the below picture(Pizza Making):

security risks :

a)Data Leaks: Data in the cloud is exposed to the same threats as traditional infrastructures. Due to a large amount of data, platforms of cloud providers become an attractive target for attackers. Data leaks can lead to a chain of unfortunate events for IT companies and infrastructure as a service (IaaS) providers.
b)Compromising Accounts and Authentication Bypass: Data leaks often result from insufficient attention to authentication verification. More often than not, weak passwords in conjunction with poor management of encryption keys and certificates are to blame. In addition, IT organizations are faced with problems of managing rights and permissions when users are assigned with much greater powers than they actually need. The problem can also occur when a user takes another position or leaves the company: no one is in a rush to update permissions under the new user roles. As a result, the account has rights to more features than necessary.
c)Interface and API Hacking: Today, it is impossible to imagine cloud services and applications without friendly user interfaces (UIs) and application program interfaces (APIs). The security and availability of cloud services depend on reliable mechanisms of data access control and encryption. Weak interfaces become bottlenecks in matters of availability, confidentiality, integrity, and security of systems and data.
d)Cyberattacks: Targeted cyberattacks are common in our times. An experienced attacker, who has secured his presence in a target infrastructure, is not so easy to detect. Remote network attacks may have a significant impact on the availability of infrastructure in general. Despite the fact that denial-of-service (DoS) attacks have a long history, the development of cloud computing has made them more common. DoS attacks can cause business-critical services to slow down or even stop. DoS attacks consume a large amount of computing power that comes with a hefty bill. Despite the fact that the principles of DoS attacks are simple at first glance, you need to understand their characteristics at the application level: the focus on the vulnerability of web servers, databases and applications.
e)Permanent Data Loss: Data loss due to malicious acts or accidents at the provider’s end is no less critical than a leak. Daily backups and their storage on external protected alternative platforms are particularly important for cloud environments. In addition, if you are using encryption before moving data to the cloud, it is necessary to take care of secure storage for encryption keys. As soon as keys fall into the wrong hands, data itself becomes available to attackers, the loss of which can wreak havoc on any organization.

Protection Methodology:
In order to reduce risks associated with information security, it is necessary to determine and identify the levels of infrastructure that require attention and protection. For example, the computing level (hypervisors), the data storage level, the network level, the UI and API level, and so on.
Next, you need to define protection methods at each level, distinguish the perimeter and cloud infrastructure security zones, and select monitoring and audit tools.
Enterprises should develop an information security strategy that includes the following, at the very least:

a)Regular software update scheduling
b)Patching procedures
c)Monitoring and audit requirements
d)Regular testing and vulnerability analysis

Impact on availability and performance:
These services are widely available and we need basic internet a web browser to access and build a Cloud infrastructure. We do have security concerns but a huge heavy lifting has been done by the organizations that performance is no more an issue now.

IaaS vs PaaS vs SaaS: Which Cloud Service Is Suitable for You?
It’s time to pick which cloud-based service you need. In fact, the choice totally depends on your business goals, so, first of all, consider what your company needs. Here are some common business needs that can easily be met with the appropriate cloud service:

If your business needs out-of-the-box software (CRM, email, collaboration tools, etc.), choose Software as a Service.
If your company requires a platform for building software products, pick Platform as a Service.
If your business needs a virtual machine, opt for Infrastructure as a Service.