Praxis Business School

A White paper on

“Cloud Computing”

Submitted to

Prof. Prithwis Mukherjee

In partial fulfillment of the requirements of the course

Business Information System

On 7/11/2010

By

Nabeela Khaled

(B10011)
 Cloud Computing

Abstract:

If you need milk would you buy a cow? No, you would only be interested in the milk right…well cloud
computing offers this type of service. Resource sharing in a pure plug and play model which dramatically
simplifies infrastructure planning is the „promise‟ of cloud computing. The two key benefits of this model
are its cost effectiveness and speed along with agility. Though there remains the question of security and
privacy, the benefits of the model are many.

The paper aims to explore the basics of cloud computing, it‟s present status and its impact on the future
of IT.

What is cloud computing?

Cloud Computing is one of the latest computer and business industry buzzwords. It joins the rank of
virtualization, grid computing and clustering among others in the IT industry.

Cloud computing is a computing paradigm where a large pool of systems are connected in private or
public networks to provide dynamically scalable infrastructure for application data and file storage. It
allows individuals and enterprises to use applications without installation and access their personal
information through any personal computer with internet connection. A simple example of cloud
computing would be Yahoo or Gmail. The consumer simply needs an internet connection to access his
mails. The server and email management software is all on the internet (cloud) which is totally managed
by Yahoo or Gmail etc. The consumer gets to use the software and enjoy the benefits.

Characteristics of Cloud Computing:

The cloud computing model distinguishes itself from other computing paradigms like grid computing,
utility computing and internet computing in the following aspects:

User centric Interface: Cloud computing is accessed with simple and pervasive methods. Users obtain
and employ computing platforms in computing clouds as easily they access a traditional public utility. In
detail the cloud computing model enjoys the following aspects:

 The cloud computing model does not force users to change their working habits
and environment.
 The cloud client software which is to be required to be installed is lightweight.
 Cloud interfaces are location independent and they can be accessed by some
well established interfaces like web services framework and internet browser.
On demand service Provisioning: Cloud Computing provide resources and services for users
on demand. Users can customize and personalize their computing platforms at their will.
Autonomous system: The cloud computing model is an autonomous system. Hardware,
software and services within the cloud can be reconfigured, redesigned and consolidated to
present a single platform which is finally rendered to the user.
Scalability and flexibility: These two are the most important aspects that are driving the
emergence of cloud computing. Cloud computing services can spread across many concerns
including geographical locations, hardware performance and software configurations. The
 computing platforms are flexible enough to adapt to various requirements to a potentially large
number of users.

Enabling technologies behind Cloud Computing

A number of enabling technology contribute to the emergence of cloud computing. Several techniques
are identified here:

Virtualization Technology: Virtualization technologies partition hardware and thus provide

flexible and scalable computing platforms. Virtual machine techniques, such as VMware and Xen
offer virtualized IT-infrastructures on demand. Virtual network advances, such as VPN, support
users with a customized network environment to access Cloud resources. Virtualization
techniques are the basis of cloud computing since they render flexible and scalable hardware
services.
Orchestration of service and work flow: Computing clouds offer a complete set of service
templates on demand, which could be composed by services inside the computing cloud.
Computing clouds should therefore be able to automatically orchestrate services from different
sources and of different types to form a service flow or workflow transparently and dynamically for
users.
Web services and service oriented Architecture: Cloud computing services are normally
exposed as Web services, which follow the industry standards. The services organization and
orchestration inside clouds could be managed in a Service Oriented Architecture (SOA). A set of
cloud services furthermore could be used in a SOA application environment, thus making them
available on various distributed platforms and could be further accessed across the Internet.
Web 2.0: Web 2.0 is the technology describing the innovative trends of using World Wide Web
and Web Design that aims to enhance creativity, information sharing, collaboration and
functionality of the Web. The essential idea behind Web 2.0 is to improve the interconnectivity
and interactivity of Web applications. The new paradigm to develop and access Web applications
enables the users to access the Web more easily and efficiently. Clouds computing in nature are
Web applications which render desirable computing services on demand. It is thus a natural
technique evolution that Cloud Computing adopts the Web 2.0 technique.

Based on the services the model can provide it can be divided into three categories:

Software as a service (SaaS): In this model an application is offered to the consumer as a service on
demand. A single instance of the software is uploaded on the cloud and multiple end consumers can
licenses and from the provider‟s end his costs are lowered since only a single application needs to be
hosted and maintained by him. Today Saas is offered by companies like Zoho, Google and Microsoft.

Platform as a service (Paas): Here a layer of software is presented to the consumer or a developmental
service is offered to the consumer as a service upon which higher levels of service can be built. The
consumer has the freedom to develop his own applications which run on the provider‟s infrastructure.
Example of PaaS would include Google‟s Engine and Windows Azure by Microsoft.

Infrastructure as a Service (IaaS): This service provides basic storage and computing facilities as
standardized services. Servers, Storage systems networking equipment are made available to handle
3Tera.
Based on the people using this model the model can be classified into three major types of
clouds:

Public Clouds (external cloud): A public cloud is where the resources such as storage and applications
can be used by a mix of users from different locations. The applications can be accessed via a web
application or a web service over the internet. The service is typically low cost or pays on demand mode.
The public clouds are maintained by third party users. Some of the major players include Amazon Elastic
Compute Cloud (EC2), IBM Blue Cloud, Sun Cloud, Google App Engine and Amazon Web Services.*

Private Cloud (internal cloud): A private cloud is meant exclusively for a single enterprise. It is accessed
by a limited number of users. The private cloud has all the benefits of public cloud just that it is hosted
within the firewall of the company. It aims to provide enhanced data security and offer greater control
which lacks in a public cloud. The future of IT is in Private clouds

Hybrid Cloud: This model combines both Public model and the private model. The service providers can
rd
utilize a 3 party service in a full or partial manner thus increasing the flexibility of computing. It is able to
provide on demand service on an extremely provisioned scale. The ability to combine the positive aspects
of both public and private cloud can be used to manage any unexpected surges in workload.

Current players in this area

Cloud computing has been evolving ever since its invention. The current players in this field include the
big IT players. They are:

1) Microsoft: This IT company is one of the major players of Cloud computing. It has launched
Azure based on the cloud computing model.

Azure: Azure is not of product of Microsoft per say rather it includes a variety of services that form
a platform. The services that have been announced so far are:

Windows Azure is a service that allows the user to deploy code on Microsoft‟s
servers. This code has access to local storage resource.
SQL Azure: With the use of this server, the user can out up his database on the
cloud. Even though it uses T-SQL like SQL server, it is not a full SQL Server instance
since not all built in applications of SQL server are available. It can integrate with
SQL server, though.
Azure AppFabric: It serves as a gateway and a router between the user‟s LAN and
the items on the Azure Platform. It deals with authentication and security.
“Dallas”: It is a market place to buy and sell access to services running on Window‟s
Azure Platform.

The Azure platform would be an ideal choice for batch processing where it can be put under a
heavy load and then scaled down. But before considering to use Azure, the user must be certain
that his is architecture is in sync with cloud model and that means things like security, latency,
etc. And anything mission critical that must operate if external connectivity is down is strictly a no-
no.

2) Amazon Elastic Cloud Compute Cloud (EC2): This is a web service that provides resizable
compute capacity to the user. It has been designed to make web scale computing easier for the
user. It allows the user to use web service interfaces to launch instances with a variety of
 operating systems, customize it as per the user and manage the networks‟ access permission
as per the user.

To use Amazon‟s EC2, the following steps should be followed:

Selection of a pre configured template image to start immediately or creation of an

Amazon Machine Image (AMI) containing the user‟s applications, libraries, data and
associated configuration.
Configuration of the network and security access of the user‟s Amazon EC2 instance.
Choice of the instance type(s), operating system, software and the decision to start,
terminate and monitor as many instances of the user‟s AMI.
Determination of whether to run the instances in multiple locations, utilization of static
endpoints or attachment of persistent block storage to the instances.
Payment for the resources that the user actually consumes, like instance-hours and data
transfer.

Features of Amazon EC2

Amazon’s Elastic Block Store: It offers persistent storage for Amazon EC2 instances.
Amazon EC2 volumes are highly available; highly reliable that can be leveraged as an
Amazon EC2 instance‟s boot partition or attached to a running Amazon EC2 instance as
a standard block device.
Multiple locations: It provides the ability to place instances in multiple locations.
Amazon EC2 locations are composed of regional and availability zones. Availability
zones are distinct locations that are designed in a manner such that they are insulated
from other failures in other availability regions. By launching the same instance in several
Availability zones the user can protect users‟ application from failure of a single location.
Elastic IP address: These are static IP addresses designed for dynamic cloud
computing. An elastic IP address is not attached to the instance but rather to the users‟
accounts. This allows the user to control his address until he explicitly chooses to release
it
Amazon Cloud Watch: It is a web service that provides monitoring for Amazon‟s cloud
resources starting with Amazon‟s EC2. It provides the user with visibility into resource
utilization, operational performance and overall demand patterns.
Auto Scaling: This feature automatically allows the user to scale the Amazon‟s EC2
capacity to scale up or down according to the conditions defined by the user. It allows the
user to seamlessly scale up the instances during demand spikes to maintain performance
and scale down automatically during demand lulls to minimize costs.
Amazon EC2 changes the economies of computing by allowing the user to pay for only what he
uses. It has enabled the Amazon EC2 users to build resilient applications and isolating them from
common failure scenarios.

3) Zoho: It is yet another application that runs on cloud computing. They provide several products
in categories like Productivity, Collaboration and Business Applications. Their applications
include Office Suite, CRM, Creator, Mail, projects etc. Zoho has both free and paid versions. In
Zoho, the products are based in software-as-a-Service model. All the applications of Zoho are
US-EU Safe Harbor certified.
 4) Salesforce.com: This is an enterprise cloud computing company headquartered in San
Francisco, USA that distributes business software on a subscription basis. It is best known for its
Customer Relationship Management (CRM). Salesforce‟s CRM solution is broken down into
several broad categories which are as follows:
The sales Cloud: This application which runs on the cloud allowing the user to
access it from anywhere. It includes a real time collaborative tool called the
Chatter which provides sales representatives with a complete profile and account
history therefore allowing the user to manage marketing campaign spending and
planning across a variety of channels from a single application and tracking all
opportunity related data including milestones, decision makers , customer
communications and any other information unique to the company‟s sales
process.
The Service Cloud: This application provides companies with a call-center like
view that enables companies to create and track cases coming in from every
channel and automatically route and escalate what‟s important. The CRM
powered customer portals enable the customers the customers to track their own
cases 24 hours a day. It also allows the user to join in the conversation about
their company on social networking sites, provides analytical tools and other
services including email services, chatting tools and visibility to customers‟
entitlement and service level agreements (SLA) to ensure that the customer gets
the best service possible.
Force.com platform: The Company‟s Platform-as-a service product is known
as the Force.com Platform. It allows the user to build applications fast and in a
very simple manner. It includes a database, security, workflow, user interface
and other tools that guide the user in the process of building powerful business
applications, mobile applications and websites.

Around 82,400 companies use Salesforce to run their business efficiently. Some major
clients of this cloud computing enterprise include Google, Crocs, Cisco, The Wall Street
Journal, Tulip, Qualcomm, Del, Starbucks and many more.

Cloud computing versus other computing paradigms:

As a new metaphor, the cloud computing model is often confused with other existing technologies and
services. In terms of comparison, grid computing which has been existent for the past 13 years is often
confused with the cloud computing model. In this section, a comparison is made between the two
discussing the similarities and differences.

Cloud Computing: To get cloud computing to work, one of the requirement that has to be met is access
to Grid computing. Grid computing is actually a way to link various computer units to form one powerful
infrastructure, harnessing unused resources. The other requirement is Utility computing where the user
pays for what the user uses on shared servers. This can be compared to a public utility e.g. (electricity,
gas etc). Cloud computing has essentially evolved out of grid computing and relies on it as a backbone
and infrastructure support.
Grid Computing: Unlike cloud computing, it is not necessary for grid computing to be available on the
cloud. It is up to the decision of the user to decide. Grid computing requires the use of software that can
divide and distribute pieces of a program as one large system image to several thousand computers.

A comparison cloud computing and grid computing on the following characteristics:

Business Model

Cloud Computing: In a cloud based business model, the customer will pay the provider on a
consumption basis. This model relies on the economies of scale in order to drive prices down for users
and profits for providers.

Grid computing: For grid computing, the business model is project oriented, where the users or the
community using it has a fixed number of service units.
 Architecture

Cloud Computing: A four layer of cloud computing architecture is as follows:

Application

Platform

Unified Resource

Fabric

Fabric Layer: This layer contains the raw hardware resources such as the storage resources, compute
resources and network resources.

Unified Resource Layer: This layer contains resources that have been abstracted so that they can be
exposed to upper layer and end users as integrated resources.

Platform Layer: This layer adds on a collection of specialized tools, middleware and services on top of the
unified resources to provide a development and/or deployment program.

Application Layer: The layer contains the applications that would run in the clouds.
Grid Computing Architecture:
Application

Collective

Resource

Connectivity

Fabric

Fabric Layer: At the fabric layer, grids provide access to different resource types such as network,
compute and storage resource.

Connectivity Layer: This layer defines the core communication and authentication protocols for easy and
secure network transactions.

Resource Layer: This layer defines the protocols for the publication, discovery, negotiation, monitoring,
accounting and payment of sharing resources on individual resources.

Collective Layer: This layer captures the interactions across collection of resources and directory
services.

Application Layer: This layer contains the user applications based on the above protocols.

Application Model

Cloud Computing: It caters to a number of applications most of which is high thorough computing
(HTC). As cloud computing is still in infancy, the applications that will run on clouds are not well defined
but they can be characterized as loosely coupled transaction oriented and interactive.

Grid Computing: This model supports many applications which range from high performance computing
(HPC) to high throughput computing (HTC). HPC applications are efficient at executing a tightly coupled
parallel job within a particular machine with low latency interconnects and are not executed to a wide area
network Grid.
 Security Model

Cloud Computing: In cloud computing, the model is based on the assumption is that the resources are
homogenous to a particular organization. They comprise of dedicated data centers belonging to the same
organization and within each data centre the hardware software and the supporting platforms are in
general more homogeneous to each other. Interoperability can become a serious issue for this model in
this matter.

Grid Computing: However in Grid computing the assumption is that the resources are heterogeneous
and hence each different grid may have its own administration domain and operation autonomy. Thus
security has been engineered as a key element in the fundamental structure of Grid Computing. The key
issues considered are single sign-on so that users can sign in only once and have access to multiple Grid
sites. This will also facilitate accounting and auditing, delegation so that a program can be authorized to
access resources on a user‟s behalf and it can further delegate to other programs; privacy, integration
and segregation, resources belonging to one user cannot be accessed by unauthorized users and cannot
be tampered during transfer.

As compared to Grid Computing, the security model for clouds is relatively simpler and less secure. Cloud
infrastructure mainly rely on web forms to create and manage account information for end users and
allow users to receive and change passwords via Email in an unsafe and unencrypted information. To
contrast this Grids are much stricter. Apart from filling up of grid forms the grid also requires a person to
person conversation to verify the person, perhaps verification from a person who already has an account
and apart from that password will only be faxed or mailed, but under no circumstances can it be emailed.
The Grid approach to security maybe more time consuming, but it does add an extra level of security

Benefits of cloud computing

In order to make the most of cloud computing, developers must be able to redesign their applications so
that they can make the best use of architectural and deployment paradigms that cloud computing
supports. The basic benefits of cloud computing would include reducing run time and response time,
minimizing the risk of deploying physical infrastructure, lowering the cost of entry and increasing the pace
of innovation.

1. Reducing Run Time and Response Time:

For enterprises running batch jobs, cloud computing makes it straight forward to use 1000 servers to
th
accomplish a task in 1/1000 of a time a single server would require. Apart from that enterprises that
would need to offer a good response time to the user, reallocating responses so that any CPU intensive
tasks are farmed to worker” virtual machines which can help to optimize response time while scaling in
demand to meet customer needs.

2. Minimizing Infrastructure Work:

With increase in cloud computing, the dependency on infrastructure decreases. Users need not purchase
software or hardware to get their work done. IT organizations are investing heavily on the cloud
computing model.
 3. Lower cost of entry:

There are a number of attributes of cloud computing that help to reduce the cost to enter new markets.
Firstly because the infrastructure is rented not bought the cost is controlled and the minimum capital
investment can even be zero. In addition to the lower costs of purchase cycles, storage “by the sip” and
the “pay on demand” scheme the massive amount of cloud providers helps to minimize cost, helping to
further reduce the cost of inventory.

Secondly applications are developed by assembly rather than programming. This rapid development
application is the norm thereby reducing the time to market. This results in potential organizations
deploying applications in a cloud environment a head start against the competition.

4. Increased pace of innovation:

Cloud computing can help increase the pace of innovation. The low cost of entry to new markets helps to
level the playing field allowing startup companies to deploy new products quickly and at low cost. This
allows small and new companies to compete more effectively with traditional organizations whose
deployment process in enterprise centers can be significantly longer. An increased competition thus leads
to an increase in the pace of innovation.

Concerns of cloud computing:

While the benefits of cloud computing are many there are significant threats of cloud computing that
needs to be addressed. Privacy and security are the two major issues

Privacy: If a client can login from any location to access his data and applications, there is a possibility
of clients‟ privacy getting compromised. The cloud computing companies will need to find ways to protect
the privacy of the clients. One of the ways could be to authentication techniques where a username and
password is required to access the data or applications. Another way could be an authorization format
where each user can only access the data and application relevant to his job.

Security: while using cloud computing there are significant security issues that need to be addressed.
One of the aspect of cloud computing is that it blurs the natural perimeter between the protected inside
and the hostile outside. Listed below are some of the concerned that need to be addressed while using
cloud computing:

Where’s the data? : Different countries have different requirements and controls placed on
access. Since the data exists in a cloud the user tends to forget that the data is physically stored
at some place. Hence the cloud consumer should give it in writing to provide the level of security
as desired by the user.
Who has access? : Access control is a key concern, because insider attack is a huge concern. A
potential hacker is someone who has been entrusted with approved access to the cloud. Anyone
considering using the cloud needs to look at who is managing their data and what type of
requirements are applied to these individuals.
What are the regulatory requirements? : Organizations operating in the United States, Canada
and the European Union have many regulatory requirements that have to abide. Some of them
include ISO20072, Safe Harbor, ITIL and COBIT. The user using the cloud computing model
 must ensure that the cloud provider is willing to meet these requirements and is willing to undergo
certification, accreditation and review.
Does the user have the right to audit? : The particular issue is no small matter. The cloud
provider should agree in writing to the terms of the audit.
What type of training does the cloud provider offer their employees? : This is a rather
important issue. The weakest link in security will always be the people employed. Knowing what
type of training what types of training the providers provide to their employees is an important
aspect to review.
What type of data classification does the Cloud provider provide? Questions that should be
in concern for the user are: Is my data classified? How is my data separated from the other
users? The encryption should also be discussed. Is it being used while the data is at rest or in
transit? What type of encryption is being used?
What are the service level agreement terms? : The service level agreement (SLA) serves as a
level of guaranteed experience between the cloud provider and the user. It specifies the level of
what type of services will be provided.
What is the long term viability of the provider? How long has the cloud provider been in
business? What is the track recorder of the provider? If they go out of business, what happens to
the data? Is it lost or retained? If it is retained in what format is it retained? If there is an outage
what is time taken for the data to be retained? These are some of the major concerns that a user
should consider while approaching a cloud provider.
What happens if there is a security breach? : If a security breach occurs, what support will the
cloud provider provide? While many services are promoted as unhackable, cloud computing is a
soft target for the hackers.
What is the disaster recovery/business continuity plan (DR/BCP)? : Though the information
is available on the cloud the user needs to understand that the data is physically stored at some
location. All these physical locations face the threats such as fire, storms, natural disasters and
loss of power. In case of any these events have to occur what would be the response of the cloud
provider and what guarantee of continued services are they providing?

These are the two major concerns of cloud computing. Apart from these two factors there are always the
philosophical questions. Does the user or the company which subscribe to the cloud computing service
own the data? Does the cloud computing company which provides storage own the data? Is it possible for
a cloud computing company to deny a client access to that clients‟ data? Several law companies,
business firms are debating these and the nature of cloud computing.

Cloud computing attacks

As many more companies are moving up to cloud computing, the look of hackers tends to follow. Some
of the potential attack vector criminals include:

Denial of Service (DoS) Attacks: Some cloud computing professionals argue that cloud
computing is more vulnerable to DoS attacks, since it is shared by many users. This makes the
Dos attacks more damaging.
Side channel attacks: An attacker could to attempt to compromise a cloud by placing a
malicious virtual machine in close proximity to a target cloud server and then launching a side
channel attack.
Authentication Attacks: Authentication is a weak point in hosted and virtual services and is
frequently targeted.
 Man-in-the middle cryptographic Attacks: This occurs when an attacker places himself
between two users. By placing himself between the communication paths of two users the
attacker has the ability to intercept and modify communications.

The bright future of cloud computing is becoming much clearer now.

The cloud computing model may still have not materialized as much but looking at the players using it, it
at can be said that it has great potential in the future. This was recently proved in the bidding deal
between H-P and Dell over 3Par Inc. HP emerged the winner by acquiring the deal for $2 billion. This
battle had been brewing between the two tech giants as both wanted to increase their cloud computing
capabilities. In July 2007 H-P bought Ospware, a data center automation start-up for $ 1.6 billion. In the
beginning of 2010, this company acquired 3Com Corp., a network maker for $2.7 billion. And in the
beginning of September the company ArcSight Inc. for $1.5. ArcSight makes security software identifies
suspicious activity on corporate networks hence it would help in making HP‟s cloud secure. Meanwhile
Dell acquired EqualLogic Inc. for $1.4 as the foundation for its data storage product. Apart from these
deals, VMware Inc which is a virtualization software maker has announced to buy Integrien, a provider of
network analysis for undisclosed amounts.

While the cloud computing model is gaining great momentum in The United States, Europe is lagging
behind. This is mainly to stringent privacy laws of EU which limits the flow of information beyond the EU
borders. Only US, Argentina and Canada are allowed to provide cloud-computing services. Israel and
Andorra have applied for approval to be designated as computing centers while India and Malaysia-
growing hubs for cloud computing data centers- have to negotiate and enter into binding legal
agreements with data processors called Service Level Agreements (SLAs).

Summary: To summarize, this paper has made an attempt to describe in detail A Cloud Computing
Model, the characteristics of the Model, and the various enabling technologies behind the model. Based
on the services, the model has been classified into three categories namely SaaS, PaaS, IaaS. It has also
been further divided into the three different types of clouds on the basis of the users using the cloud. The
current major players today haven been described in detail which includes Microsoft‟s Azure, Amazon‟s
EC2, Zoho and Salesforce. As cloud computing is the current buzzword many times it is confused with
other computing paradigms like Grid Computing and Utility Computing. Cloud Computing Model and the
Grid Computing Model has been compared on the basis of their architecture, business model and
security model. Then the benefits of the Cloud Computing Model has been described and the reason it
has great potential for today‟s users as well as for enterprises. An attempt has been made to list out the
concerns of cloud computing and the reasons which may result in the cloud computing model not being
successful. Finally the present current scenario has been discussed with the major ongoing deals
between the Tech Giants of today.

Conclusion: Cloud computing as a model has great potential in the future. The trend of the cloud
computing model is greatly catching on and has already been implemented, in several enterprises.
Multinational companies greatly stand to get an advantage of it. The benefits of this model are many,
speed and agility being the main important ones. But the drawbacks it faces like security and privacy may
turn out to be a hindrance in the success of the Cloud Model. But no matter what the drawbacks are,
Cloud Computing is here to stay and we will be no doubt hearing great success stories of this model in
the near future. A light in the cloud can surely be seen.
References:

http://moneymorning.com/2010/09/23/cloud-computing/
http://www.windowsecurity.com/articles/Cloud-Computing-Past-Present-Future-Part1.html
http://whitepapers.zdnet.com/abstract.aspx?docid=1625559
http://whitepapers.zdnet.com/abstract.aspx?docid=1625557&promo=100511&tag=zd-left
http://whitepapers.zdnet.com/abstract.aspx?tag=zd-left&docid=1827981&promo=100511
http://www.salesforce.com/
http://aws.amazon.com/ec2/
http://thecloudtutorial.com/zoho-products.html
http://www.ibm.com/developerworks/web/library/wa-cloudgrid/
http://web2.sys-con.com/node/640237
http://whitepapers.techrepublic.com.com/abstract.aspx?docid=1198679
http://whitepapers.techrepublic.com.com/abstract.aspx?docid=1188463
http://communication.howstuffworks.com/cloud-computing3.htm
http://communication.howstuffworks.com/cloud-computing2.htm