




















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
HND Level 5 Unit 13 Cloud Computing Assignment 2 (Pass, Merit, Distinction)
Typology: Papers
1 / 28
This page cannot be seen from the preview
Don't miss anything!





















Oway is the market leader in Myanmar's tourism industry, providing both online and offline distribution services to meet the needs of both leisure and corporate vacationers. The Myanmar branch of the company employs from two hundred to five hundred people. It is structured with administrative, engineering, support, and sales & marketing departments. In order to keep track of their customers' data and everyday transactions, Oway requires a data acquisition system. Due to the high volume of requests, a dedicated application server is deployed to house all database backups, asset reporting, and monitoring applications. Due to the company's rapid expansion, the decision was made to begin providing cloud services, which necessitates a highly flexible and scalable infrastructure to meet rising cloud capacity requirements. Oway company has hired a project manager, and a technical report detailing how they can setup and implement the cloud system designed is produced.
Cloud services are the answer to the problems that the Oway has been having. When it comes to storage and redundancy, Oway turns to Amazon Web Services (AWS) as its cloud platform, namely two of its services: EC2 and EBS. With EC2 service, a new OS server for the company can be launched and data can be stored inside it. By using the volume feature in EBS service, the size of the overall server can be modified easily, thereby reducing the cost of physical storage equipment. With snapshot feature in EBS service, the backup of the server or volume can be taken easily for everyday in cloud without needing to store in an external source. Since all of the storage and backups can be achieved by just having an internet connection and a browser that can access AWS console, other factors that need time and cost are also reduced greatly such as staff training and equipment costs, location for physical servers and storage.
Following describes the steps taken for the implementation of the services.
As cloud architecture does not guarantee security compliance for user data or applications, programs designed for the cloud must be secure in their own right. Though cloud service providers bear some of the blame, ultimately it is up to the programmers who create the apps themselves. Outsourcing critical services to a third party, as is common in cloud computing, increases the difficulty of ensuring the security and privacy of stored information.
While the misconception that clouds are simply large collections of servers seems to have faded, this does not mean that they may be disregarded in the future. Many people have false impressions regarding the compatibility of public and private clouds and how simple it is to switch between them. One effective strategy for warding off this problem is to provide clients with concrete examples of what is feasible and why.
adequate capacity. This is why many corporations are holding off on making the move to the cloud until prices drop.
Private clouds, public clouds, and hybrid clouds are the three primary categories of cloud computing. Picking the right cloud configuration is the key to a successful cloud implementation. While large corporations may feel more at ease storing their data in a private cloud, many small businesses find that hosting their services in the public cloud saves them money. The hybrid cloud is favored by certain businesses because it combines the advantages of both the public cloud and the private cloud.
Having to rely on the cloud service provider is a huge drawback. Cloud computing is offered by a number of different organizations, and each one has its own rate that it charges businesses per month. Subscriptions are the standard method by which customers access cloud services. A provider with the right infrastructure and technological know-how is essential for consistently speedy and reliable service. Find a supplier that can deliver to the required specifications. When an outage occurs, lock-in clauses, etc., it is important to know exactly what is expected according to the SLA. A cloud service is any service that can be accessed by corporations online and often originates from a cloud computing provider's server. That is to say, cloud services are the expert assistance provided to businesses as they make decisions about which cloud- based resources to use, how to set them up, and how to maintain and update them.
AWS Infrastructure as a Service (IaaS) configuration requires some work, but it is not essential to transform developers and IT into cloud architects. The three most common strategies are using consultants, adding cloud professionals to the Team of developers, and providing in-house training. These methods aren't exclusive of one another: A single group might employ a consultant to ease the transition from on-premises to the cloud, a cloud architect to oversee the cloud's infrastructure, and a cross-trained IT and operations staff to handle administration. Seek consultants: DevOps groups making their first move to IaaS will find this a great alternative. Anyone may see a directory of AWS's consulting partners on the service's Consulting Partners page. When it comes to enterprise workloads and DevOps, AWS has NetApp as a consulting partner. Rely on cloud experts: This is a fantastic choice for complex cloud-based CI/CD pipelines that serve multiple projects, and it's especially useful when containers are involved. Train the current workforce: Anyone can get their AWS certification and training online or in person. Moving DevOps to AWS is supported by a plethora of third- party training providers.
In spite of the cloud's adaptability and configurability, DevOps must take into account the limitations of infrastructure as a service provided by the cloud. When it comes to worldwide availability and disaster recovery, for instance, the decision about the location of Amazon Web Services (AWS) Availability Zones is a crucial one. Another critical concern is how DevOps load balancing varies from traditional load balancing implemented on-premises. Protocol knowledge,
and production is invaluable. When the test is complete, the same automated tools are used to deprovision the clones. However, AWS and other cloud providers don't give copying capabilities out of the box. For rapid and effective bulk cloning, NetApp developed FlexClone®.
It is much easier for DevOps to optimize IaaS for massive CI/CD pipelines with the help of cloud storage apps. Many helpful resources are available to those who use AWS. To give just one example, AWS AppSync's adaptable API that merges data from many sources greatly facilitates app development. When it comes to data protection and backup, though, AWS isn't always reliable. For instance, users need to subscribe to supplementary AWS services in order to back up Amazon Elastic File System (EFS). Users should rather use NetApp Cloud Volumes ONTAP to safeguard their data. In addition, customers can deploy persistent storage for cloud workloads using the NetApp Cloud Volumes Service API and connecting it to other AWS automation services like AWS Lambda.
The "six Rs" are the choices available when deciding how to migrate workloads to the cloud: rehost, replatform, restructure or rearchitect, repurchase, retire, or retain. Rehosting and replatforming, in which IT shifts workloads to the cloud with no or little adjustments, are the most common approaches. To get the most out of AWS IaaS in a development setting, DevOps will likely have to make some adjustments. With the NFS/SMB and multiprotocol compatibility provided by NetApp Cloud Volumes Service, however, making these transitions is a lot less
of a hassle. (There is no need to force a circular application into a square cloud, as NetApp puts it.)
DevOps teams who have access to high-performance on-premises storage may be concerned about the performance of cloud storage. While cloud storage may not initially match the performance of on-premises solutions, it is possible to achieve parity or even improvement with the correct tools and optimization. DevOps, meantime, must have low-priced alternatives to minimize wasteful cloud investment. The Cloud Volumes Service makes it possible to have low-priced, high- performance storage. A single cloud volume can reliably deliver over 470K IOPS and 4.4 GB/s throughput for the service. Cloud storage space and expenses can be reduced by as much as 70% thanks to ONTAP's built-in storage efficiency.
Reduced expenditures and improved profits are a combined result of technological advancements and widespread cultural acceptance. The adoption of governance, changes in user behavior, and software tools to improve CI/CD pipelines all contribute to establishing a lean cost culture, which is a cornerstone of the DevOps mindset shift. Both the TCO and ROI benefit from technological advancements. Initial cloud investments for DevOps teams should be made in education, setup, and optimization. When everything is running smoothly, monitoring and automated tools efficiently and affordably manage computing and storage. With its cheap rates and storage efficiency, NetApp's Cloud Volumes Service helps maintain a low TCO and excellent ROI. To illustrate how NetApp can adapt to the ever-shifting requirements of DevOps, consider the company's dynamic service levels. The Standard service level is available in all AWS regions and
One of cloud computing's biggest challenges is helping businesses move their workflows and operations from one cloud provider to another. Cloud infrastructures fluctuate, which can cause compatibility and integration issues. Data security risks could be introduced unnecessarily if the migration is not handled properly. Solution
There is a loss of independence when using cloud services. Typically, the cloud's administration is the responsibility of the service provider and the client have no control over the underlying hardware or software and are therefore unable to perform tasks such as managing server upgrades, firmware updates, or shell access. Due to the cloud provider owning and managing the cloud infrastructure, businesses using cloud computing services have little management over their data, applications, and services. Consequently, knowing what actions are permitted and which are prohibited within a cloud architecture requires a thorough grasp of the end-user licensing agreement (EULA).
Solutions
Many companies hastily adopt cloud computing without first developing a thorough cloud architecture and strategy. Before making the move to the cloud, customers should be aware of the risks involved, the steps necessary to make the transition securely (it is not a lift-and-shift method), and the details of the shared responsibility model. This is a brand-new threat that falls squarely on the customer's shoulders. Inadequate planning leaves customers vulnerable to cyber attacks, which can result in monetary losses, reputational damage, and legal and compliance issues. Concerns over data security are paramount for any company that stores sensitive information on the cloud. While cloud companies do their best to protect user data, there are still risks involved with storing sensitive information on servers located in another country and managed by an unknown third party. When a company moves to a cloud computing model, the cloud provider and the user each bear some of the burden of ensuring the system is secure.
Reset passwords: Be more careful with the passwords used, where they are kept, and how often they are changed. It's recommended that clients use lengthier passwords that include a mix of uppercase and lowercase letters, numbers, and symbols. Think about investing in password software to ensure the security of all of the credentials. Staff training: Staff training is essential for avoiding the accidental disclosure of sensitive information and data. Boost the efforts to train the personnel so they can recognize and avoid phishing emails and phone calls, create secure passwords, and get rid of that old spreadsheet with everyone's login information. Set authorizations: Authorization should be established because not all employees will need access to the same level of private data. To prevent leaks of sensitive data, permissions should be granted on a "need to know" basis. Setting document sharing to "viewing" rather than "editing" is also recommended.
For fear of coming across as obtuse, cloud resources are difficult to understand. It's possible to have a vast network of microservices talking to one other and to different data stores, application programming interfaces, etc. Therefore, it is both crucial and challenging to regulate who can talk to whom. The most safe cloud is one where all doors are locked by default, and only the authorized user with an excellent purpose may get in. For Example, SSRF Attacks The purpose of an SSRF attack is to gain access to restricted resources by impersonating a trusted user on a network. A malicious client is used to initiate communication with the server. The request contains a trigger that initiates a network-based response from the server. Information that would normally be secure within the network's perimeter may be disclosed due to the server's
ability to communicate with any resource, including internal sources. Another option is to coerce the internal server into talking to an external resource, which it would otherwise consider safe. This is a highly effective strategy for breaching the trust barrier and gaining access to sensitive information. SSRF attacks are especially pernicious because they often include the simultaneous exploit of multiple vulnerabilities to gain a foothold on the server and ultimately execute remote code. That was the situation in 2021, when news broke of numerous exploits of an Exchange server vulnerability. There is no public cloud provider immune to this kind of attack. Since cloud metadata services have extensive permissions in the cloud, they are a common target for SSRF attacks. They're enticing targets since they make managing cloud instances simple and are usually reachable over HTTP. An SSRF attack may succeed in convincing an instance to connect to its metadata service, opening a door to it, or in getting the instance to reveal sensitive information such as account credentials.
The quantity of potential vulnerabilities in credential management is shocking for something so fundamental to protection. Many things can go wrong, from simple human error to the use of outdated, insecure authentication protocols. Common Credential Problems
Using Free and Open Source Applications The practice of building software in "components" has grown widespread in the information technology industry. Many programmers choose open-source software because it reduces development time. Since this is the case, many applications may be susceptible to supply chain vulnerabilities.
In this context, "inside threats" refers to both accidental and intentional breaches of security committed by workers. Weak passwords, misconfigurations, and other forms of accidental attacks are all too common. Even if honest mistakes made by workers are more likely to be the cause of insider threats, there are also cases of employees acting unethically.
Distributed Denial of Service Attacks (DOS) DoS attacks are designed to overload a computer network in order to make it inaccessible to legitimate users. By flooding the system with more data than it can process, a denial of service attack can bring it down and prevent it from serving its regular customers. An example of a denial-of-service (DoS) assault is a distributed denial-of-service (DDoS), in which traffic is used to overwhelm the target from several different locations. Because of this technique, simply cutting off access to the network wouldn't be enough to halt the attack. It's possible that there are a lot of people using cloud systems, despite the fact that they have more resources and are therefore tougher to shut down. If something goes wrong in the cloud, it might affect a lot of people. Cryptomining The purpose of cryptomining malware is to steal computational resources from the victim and use them to mine cryptocurrency like bitcoin. Cryptojacking is a term used to describe this practice. In recent years, it has emerged as a leading threat to cloud systems. Attackers frequently utilize insecure APIs to break into services like container management platforms.
Attacks that aim to use cloud technologies for cryptomining seem to be on the rise. Later in 2021, Google disclosed that a large number of compromised Google Cloud accounts had been put to use for cryptomining. A few of them were used to try to infect other computers by scanning for weak ones. These accounts were breached by exploiting security flaws, such as inadequate or nonexistent passwords and weaknesses in the software distribution chain.
Multi-Factor Authentication (MFA) is a method of verifying a user's identity while accessing a protected system by requiring them to provide more than one form of identification. Any safe identity and access management (IAM) plan must include the use of multi-factor authentication (MFA). Beyond just a username and password, multi-factor authentication (MFA) adds an extra layer of protection (or factors). An additional benefit of multi-factor authentication is that it will improve Oway's security by requiring more than just a login and password to log in. Important as they are, login information is easily stolen by hackers using brute force attacks. If users are mandated to use an MFA factor, like a fingerprint or genuine hardware key, Oway is safer from cybercriminals. MFA works because it necessitates the employment of more than one verification method (factors). Users often have to deal with one-time passwords (OTPs) as a form of multi-factor authentication (MFA). Users receive OTPs, which are four- to eight-digit codes, by email, text message, or mobile app. A unique code is generated by OTPs every time authentication is requested or at regular intervals. A seed value and another component, such as an incrementing counter or a time value, are provided by the user during registration, and these are used to generate the code.