Question

Describe the following cloud computing principles:   

• Self-service portal

• Select a cloud service provider of your choice (AWS, Azure, etc.) and briefly describe 5 offerings out of their self-service portal.

• Do not copy and paste their marketing material

• Symmetric encryption  

• Hashing

• Hardened virtual server images

• Include an example of a resource in which you can obtain a hardened virtual server image and include the link

Answer 1

CLOUD Computing Principles:

A. Self Service Portal

Cloud Self-Service-Portal helps end users to provision their own cloud resources on-demand and helps IT and operations teams to simplify and reduce redundant tasks. Thus helps in maintaining focus on high valued projects.

Self service is ideal for the following routine processes which are repetitive as well

1. Start and Stop Servers.

2. Maintain running service costs.

3. Providing necessary functionality to end users and hiding irrelevant ones.

4. Manage Users, theirs permissions and access rights.

5. Building up deployment templates.

6. Deployment of applications.

7. Deployment of entire cloud environments.

B. Five Self Service offerings by AWS

1. A single Html webpage application can be hosted on Amazon S3 having Javascript file with functions and a stylesheet. We can utilize Amazon CloudFront for customized domains, for https support and AWS certificate manager support.

2. Provides 2 API gateway definitions to link AWS Lambda Functions. One definition fetches a list of workspace instances and other is used to reboot or stop the instance. API Gateway use Amazon cognito to authorize users.

3. Amazon Cognito User Pool is federated by SAML 2.0 with Active Directory (AD). There are 2 groups in AD, one contain regular Workspace end users and others has administrators. It is used for Authentication.

4. There are 2 Additional Lambda functions are provided from which one scans regions in AWS to look for workspace instances and collecting meta data, while other is used to remove junk information from the database.

5. All Workspace instance information is stored in Amazon DynamoDB database.

C. Symmetric Encryption

Symmetric Encryption is also called Secret Key Encryption in cloud computing. In this technique we have a key which is used for both encrypting and decrypting data. When some user or an application encrypts a data using symmetric key and another user or application that wants to read that encrypted data must decrypt the data using the same key which is used for encryption.

The analogy behind this technique is use of a locker box which contains some secret message and it is locked by sender with a key. Now the recipient can open the box by using same key or copy of the key that the sender has.

Eg: In Command prompt , an openssl command with –iv (Inject Vector) flag is used to add more randomness to the encrypted secrect message and using –d flag it can be easily decrypted.

D. Hashing

Hashing technique is another aspect to provide security in Cloud Computing techniques. This technique helps in maintaining data integrity in cloud computing. Most common method of data storage over cloud is Blob (Binary Large Object). And there is a danger of data loss so we need to maintain different copies of data. So if a copy of user data is altered or corrupted then the technique called hashing comes to rescue.

Hashing Algorithm is nothing but a mathematical function which when applied on data, an alphanumeric value for that data is produced. Examples of hash function include SHA-1, MD5, CRC etc that returns a unique value.

Drawback of using hash function is the possibility of collisions. Collision occurs when same value is produced when hash function is applied on different data.

However many Hash algorithms have greatly reduced collisions.

E. Hardened Virtual Server Images

In order to create a virtual server we need a template configuration called virtual server image or virtual image machine. Hardening of Image is a technique of stripping out unwanted softwares from a system to reduce potential vulnerabilities which can be damaged by hackers or attackers.

Examples of Hardening

1. Removal of repetitive programs

2. Closing unused server ports

3. Disable unused services and internal root accounts

4. Disable guest access

Hardening technique helps overcome the denial of service. improper authorization and thereby maintaining trust boundaries to end users.

Example:

Reference of image : patterns.arcitura.com