






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Lecture notes for cloud computing
Typology: Lecture notes
1 / 10
This page cannot be seen from the preview
Don't miss anything!







Users must be identified to use cloud services. There are several ways to provide authentications
services, depending on the situation.
Organizations can keep their internal computing resources separate from cloud-based services. Users provide one username and password for internal resources, and a different username and password for cloud-based resources. This is simple to set up and manage, but it does require the user to remember at least two different username and password combinations, and for which services they are needed. For example, an organization can have its users use their on-premises Active Directory (AD) account for on-premises resources and provide a separate Office 365 account for online Office resources.
Most users are more comfortable using just one set of username and password credentials. This is a common way to access internal resources – each resource is identified in AD and the user is given access to it. They only need the one set of AD credentials to gain access to any AD resource. Organizations can extend this to trusted non-AD resources by configuring Single Sign On (SSO), making identification and authentication transparent for the user.
SSO makes use of a federated authentication mechanism that helps verify the user’s identity. You might be familiar with using your Facebook or Google+ account to authenticate yourself to another, seemingly unrelated website - you can use these types of credentials to log in to lots of different web pages and services. This is a type of federation: you trust Facebook to identify and authenticate you, and if the web service provider also trusts Facebook to identify and authenticate you, they don’t require their own authentication system, but instead relies on the third-party (in this case Facebook).
Microsoft-based Enterprise level organizations use Active Directory Federation Services (ADFS), and smaller organizations might simply use a Microsoft account. In this way, organizations can enable SSO for their on-premises resources and their cloud-based resources.
SSO is easier for users and can be more secure because organizations can add multi-factor authentication, such as verification by text or phone call, or even fingerprint.
When you post information on social-networking sites, you should recognize that the data is being stored on one or more servers that can be located anywhere. Whether you’re posting personal information to Facebook or updating your business links on LinkedIn, this data is stored somewhere. Equally, if an organization uses cloud services, the storage and location of their data becomes more important due to data privacy, legal, or regulatory demands.
An organization considering storing data in the cloud must understand the legal and regulatory requirements for their data, as well as their customer’s expectations for privacy, and whether the services offered by a cloud service provider meet those requirements.
Questions to be considered by an organization considering storing data in the cloud include:
When data falls under regulatory or compliance restrictions, the choice of cloud deployment (whether private, public, or hybrid) relies on trusting that the provider is fully able to support the customer’s requirements.
It is possible for an organization to implement additional security controls that meet regulatory or legal requirements even when the underlying public Infrastructure as a Service (IaaS) or Platform as a Service (PaaS) does not fully meet those same requirements. But the range of additional controls that can be added by an organization are limited and cannot block all the gaps in some public cloud services. The effort involved in monitoring and maintaining additional security controls may be prohibitive.
Global organizations need to ensure that any services deployed to the cloud are used according to laws and regulations in place for the employees, foreign subsidiaries, and customers. Data protection laws are different across the world, and organizations must be aware of the laws that pertain to employees in all their locations.
The primary location of the data and any backup locations must be known to ensure these laws and regulations are followed. Often, the backup locations need to be determined. For example, Amazon.com Inc. has large datacenters in both the United States and Ireland, which could cause problems if they were used as backup centers for certain types of data.
The data protection laws of the European Union (EU) member states, as well as other regions, are extremely complex and have a number of definitive requirements. The transfer of personal data outside these regions needs to be handled in specific ways. For instance, the EU requires that the collector of the data, or data controller, must inform individuals when the data will be sent and processed in a region outside of the EU. The data controller and end processor must also have contracts approved by the Data Protection Authority in advance. The United States and EU have a reciprocal agreement, and the U.S. recipient only has to self-certify its data procedures by registering with the U.S. Department of Commerce.
Privacy management is a major consideration for global organizations, or those with a global customer base, when identifying appropriate cloud services and cloud service providers.
Compliance is primarily about tracking and monitoring access to data; that is, ensuring proper controls over who has access to assets, what level of access they have, and how those levels are maintained. Compliance with legal regulations is a requirement for most organizations and is proven through successful audits. Cloud computing often makes it difficult for organizations to ensure they are complying with industry and government regulations, especially if they, or their customers, span multiple global regions with differing regulations.
If the organization operates in the United States, Canada, or the European Union, they’re subject to numerous regulatory requirements. These laws might relate to where the data is stored or transferred, including how well this data is protected from a confidentiality aspect. Some laws apply to specific markets, such as the United States’ Health Insurance Portability and Accountability Act (HIPAA) for the health-care industry. However, organizations often store health-related information about individual employees, which means those organizations might
It is imperative to have strong access control mechanisms in addition to encryption; this can help negate insider attacks. It is also strongly advised that organizations use encryption for all forms of cloud computing – public, private, and hybrid. Given the increase in insider-led data breaches,
encryption and access controls should be equally extended to Private Clouds.
Organizations accept a level of risk when they move to the cloud. In transferring all or part of their IT infrastructure to a cloud service provider, an organization must trust the service provider to provide the services it requires now, and to develop new services in the future to stay current in the marketplace.
Most cloud services providers maintain a roadmap that shows their current state and what future service features they plan to develop. It is a way to advertise the planned innovations for their platform and to reassure the customer that they have made the right choice of provider. A good roadmap is a competitive advantage over other cloud providers, but it is also important to note that sharing this information can assist competitors to get insights into a cloud service provider’s planned development route. Timing in publishing the roadmap is key to making sure it does not give other competitors an advantage in innovating their platform, but it still demonstrates that the cloud service provider has the ability deliver what customers want.
A good cloud platform company will publish their roadmap online for their customers to see. Click on the following links to see some examples:
Organizations can use the roadmap to help them decide what features they will use in the future and to help them begin planning for these features now. Usually organizations do not have
constant innovation at their fingertips with their own on-premises resources and platforms, and
they have to go through the long and expensive process of planning and procuring hardware to innovate; however, using the cloud makes it really easy to adopt new features.
For a cloud service provider, a regular, scheduled maintenance cycle for all services provides the opportunity to ensure that all services are working efficiently and supplying the best possible experience for its customers. It offers the chance to back up, move and reconfigure services, and add any new features that are ready for release. Service health and maintenance plans should include the monitoring of services to ensure that any potential issues are found and managed before they become a problem.
The proper communication of this maintenance cycle and its value to the customers is of paramount importance. Unexpected outages or unexplained unavailability can be a major problem for customers, so a good cloud service provider will give them ample opportunity to plan by providing reminders of regularly scheduled maintenance, easily accessible dashboards that show current service health, and other communication mechanisms.
A cloud service customer has a responsibility to be aware of regular maintenance schedules and plan around them. They can use the opportunity to explore new features or perform their own maintenance tasks.
Organizations that use hybrid cloud environments are both cloud service provider and cloud service customer. They must preform regularly scheduled maintenance to ensure the best possible performance for the private cloud elements of their IT services, and also plan for those service outages as a client.
A service level agreement (SLA) defines the expectations of the cloud service provider and its customer, detailing acceptable service uptime, availability, and performance levels. The SLA forms part of the contract between the two parties.
A typical SLA contains the following components;
Type of service to be provided
It specifies the type of service to be provided and any additional details about the service. Some elements of this component (and examples of each) include:
Monitoring process and service level reporting
Organizations can run websites in Azure Web Apps or a SQL database in Azure SQL Databases.
Both of these scenarios are examples of PaaS because Microsoft Azure has taken the place of a traditional platform. Instead of the individual user or company maintaining platform software and updates, Microsoft takes care of it in the backgroun
Users can also set up and access the Microsoft Azure Operations Management suite, which enables organizations to select and run the management tools they need through Microsoft Azure so that no local infrastructure is required. These tools are an example of SaaS; in fact, they’re an example of a SaaS running on a PaaS. Microsoft Azure provides numerous services which fall into IaaS, PaaS or SaaS contexts, and these services are constantly being added to and evolving.
Microsoft Azure can also be used with other Microsoft solutions to extend an organization's current datacenter into a hybrid cloud that expands that organization’s capacity capabilities.
Azure services are hosted in Microsoft-managed data centers. The data centers are in multiple geographic areas around the globe. At the time of this writing, Azure is generally available in 42 regions around the world, with plans announced for 6 additional regions. But not all Azure services are available from every region.
The Microsoft Azure portal enables organizations to build, manage, and monitor everything from
simple web apps to complex cloud applications in one place. It brings together different cloud resources into a customizable console called a Hub, which can be managed and controlled. It contains resources such as web applications, databases, virtual machines, virtual networks, storage, and more. For software development teams, the portal provides a hub and storage solution so that the entire development lifecycle can be managed from the portal.
Role-based access is built-in to the portal so that organizations can control exactly who is able to access and manage different portal features. It also features templates so that organizations can perform common actions quickly with just a few adjustments. The Azure Portal is popular with users because it is easy to use and offers control and ready-made tools.
The infrastructure for an application is typically made up of many components – maybe a virtual
machine, storage account, and virtual network, or a web app, database, database server, and 3rd party services. These components are typically not viewed as separate entities; instead, they’re viewed as related and interdependent parts of a single entity.
Organizations want to deploy, manage, and monitor these entities, or resources, as a group. Azure Resource Manager enables an organization to work with the resources in their solution as a group. They can deploy, update, or delete all the resources for their solution in a single, coordinated operation. They use a template for deployment and that template can work for different environments such as testing, staging, and production. Resource Manager provides security, auditing, and tagging features to help organizations manage their resources after deployment.
Resource Manager provides organizations with several benefits, including the ability to:
Azure Web Apps is a service for hosting web applications, REST APIs, and mobile backends.
A web application is any application that uses a web browser as a client or node and can request information from a server. A web application can be as simple as a message board or small survey on a website, or as complex as a multi-feature word processing tool like Microsoft Word on Office 365. The terms “web application” and “website” are commonly used to refer to the same thing because so many websites feature one or more web applications, and so many web applications are a part of what people traditionally think of as websites.
An Application Programming Interface (API) allows one piece of software to talk to another. REST APIs work the same way as a website. You make a call from a client to a server, and you get data back over the HTTP protocol. However, REST APIs are different from websites because instead of showing you a webpage like the ones we are all used to seeing, the REST API provides information back in code form. You can use REST APIs to find map coordinates from Bing maps, or you can use REST APIs to find specific locations or objects in Instagram photos (such as “cats” or “New York”).
Mobile backend as a service (mobile BaaS) is a cloud service that provides mobile apps with access to the servers, storage, and other resources that they need to run properly. Mobile BaaS makes creating and launching apps much easier because it takes care of all the network setup so that developers can keep their focus on coding and uploading their app. Therefore, they don’t have to worry about backend infrastructure, since the mobile BaaS takes care of all that.
With the Azure Web Apps service, organizations can develop their web applications, REST APIs, and mobile back ends in their favorite language (such as .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python), and they can run and scale apps with ease on Windows or Linux Virtual Machines (VMs).
The Azure Web Apps also adds the power of Microsoft Azure to an organization’s application (for example, security, load balancing, autoscaling, and automated management). Additional features include DevOps capabilities, which help users manage active applications by enabling