Cloud Computing

Section A
1 Attempt all questions in brief.
a.Compare parallel computing and distributed computing.

Distributed
Feature Parallel Computing Computing

Multiple processors Multiple computers

perform multiple perform multiple
operations operations
Processing simultaneously simultaneously

May have shared or Only distributed

Memory distributed memory memory

Computers
Processors communicate communicate with
Communicatio with each other through each other through
n a bus message passing

Limited scalability due More scalable due to

to the number of the ability to add
processors that can be more computers to
Scalability added the network

b. List the characteristics of cloud computing.

Some of the key characteristics of cloud computing:
On-demand self-service: Cloud computing services can be provisioned,
monitored, and managed by users themselves without the need for human
administrators.
Broad network access: Cloud computing services are generally provided
over standard networks and can be accessed from heterogeneous devices.
c. Define disaster recovery.
 Disaster recovery is an organization's ability to respond to and recover
from an event that negatively affects business operations.
 It is the process of maintaining or reestablishing vital infrastructure and
systems following a natural or human-induced disaster.

d. List types of Virtualizations.

In cloud computing, various types of virtualization serve specific purposes:
 Server Virtualization
 Storage Virtualization
 Network Virtualization
 Application Virtualization
 Desktop Virtualization
 GPU Virtualization
 Data Virtualization

e. community cloud with example.

A community cloud is a type of cloud computing where a group of
organizations with similar interests share a cloud infrastructure.
An example of a community cloud is the Healthcare Community Cloud developed
by Microsoft, which is designed to meet the specific needs of healthcare
organizations

f. List the types of services provided by cloud.

The types of services provided by cloud computing include:-
Infrastructure as a Service (IaaS): This provides virtualized computing
resources over the internet, such as servers, storage, and networking.
Platform as a Service (PaaS): This provides a platform for developers to
build and deploy applications without having to manage the underlying
infrastructure.
Software as a Service (SaaS): This provides access to software applications
over the internet, such as email, customer relationship management (CRM),
and productivity tools.

g. Define VM security.
  VM security refers to the security measures taken to protect virtual machines
(VMs) in a cloud computing environment.
 This includes securing the hypervisor, which is the software that manages the
VMs, as well as securing the VMs themselves.
 VM security measures may include access controls, encryption, and network
security.

h. List the security threats in cloud computing.

Security threats in cloud computing include:
Data breaches: Unauthorized access to sensitive data stored in the cloud.
Insider threats: Malicious or unintentional actions by employees or other
authorized users.
Denial of Service (DoS) attacks: Overloading a cloud service with traffic to
make it unavailable to users.
Malware: Malicious software that can infect cloud systems and steal data or
cause other damage.

The four levels of Federation in cloud computing are:

Identity Federation: This allows users to access multiple cloud services
using a single set of credentials.

i. List four levels of Federation.

Resource Federation: This allows cloud resources to be shared across
multiple cloud providers.
Service Federation: This allows cloud services to be integrated across
multiple cloud providers.
Business Process Federation: This allows business processes to be
integrated across multiple cloud providers

j. Define virtual box.

 VirtualBox is a free and open-source virtualization software that allows users
to run multiple operating systems on a single computer.
It creates virtual machines that can run different operating systems, such as
Windows, Linux, and macOS, on the same physical hardware. VirtualBox is
developed by Oracle and is available for Windows, macOS, Linux, and Solaris.
 SECTION B
2. Attempt any three of the following:
a. Define the need of cloud computing and explain its evolution with a
suitable diagram.
Cloud computing has fundamentally transformed the way businesses and
individuals consume computing resources, offering scalable, on-demand
access to computing services over the Internet. This model eliminates the
need for substantial upfront investment in hardware and lengthy deployment
cycles, thereby enabling organizations to focus on their core activities rather
than IT infrastructure management.
The need for cloud computing arises from several key factors:
 Cost reduction: Cloud computing helps reduce the cost of maintaining IT
systems.
 More storage: It provides more servers, storage space, and computing
power for software and applications to execute quickly and efficiently.
 Better work-life balance: Employees using cloud computing have better
work-life balance.
 Scalability: Cloud allows organizations to grow their users from merely a
few to thousands in a very short time.
 Flexibility and collaboration: Since the data on cloud can be accessed
directly via the internet, it gives employees the ability to work from
anywhere, anytime.

Evolution of CC:
Cloud computing is all about renting computing services. This idea first came
in the 1950s. In making cloud computing what it is today, five technologies played
a vital role. These are distributed systems and its peripherals, virtualization, web
2.0, service orientation, and utility computing.
Distributed Systems:
It is a composition of multiple independent systems but all of them are depicted as
a single entity to the users.

Mainframe computing: (1951)

These are responsible for handling large data such as massive input-output
operations. Even today these are used for bulk processing tasks such as online
transactions etc.

Cluster Computing:
In 1980s, cluster computing came as an alternative to mainframe computing.
Each machine in the cluster was connected to each other by a network with high
bandwidth.
These were way cheaper than those mainframe systems. These were equally
capable of high computations.

Grid Computing
In 1990s, the concept of grid computing was introduced. It means that different
systems were placed at entirely different geographical locations and these all were
connected via the internet.
The main problem that was encountered was the low availability of high
bandwidth connectivity and with it other network-associated issues.

Virtualization:
It was introduced nearly 40 years back. It refers to the process of creating a virtual
layer over the hardware which allows the user to run multiple instances
simultaneously on the hardware.
Web 2.0:
It is the interface through which the cloud computing services interact with the
clients. It is because of Web 2.0 that we have interactive and dynamic web pages.
It also increases flexibility among web pages.

Service orientation:
It acts as a reference model for cloud computing. It supports low-cost, flexible, and
evolvable applications.
Two important concepts were introduced in this computing model. These were
Quality of Service (QoS) which also includes the SLA (Service Level Agreement)
and Software as a Service (SaaS).

Utility computing:
It is a computing model that defines service provisioning techniques for services
such as compute services along with other major services such as storage,
infrastructure, etc which are provisioned on a pay-per-use basis.

b. Describe the different techniques used for the implementation of Hardware

virtualization Explain them with a diagram.
A platform virtualization approach that allows efficient full virtualization with the
help of hardware capabilities, primarily from the host processor is referred to as
Hardware based virtualization in computing. To simulate a complete hardware
environment, or virtual machine, full virtualization is used in which an unchanged
guest operating system (using the common instruction set as the host machine)
executes in sophisticated isolation.
The different logical layers of operating system-based virtualization, in which the
VM is first installed into a full host operating system and subsequently used to
generate virtual machines.

An abstract execution environment in terms of computer hardware in which guest

OS can be run, referred to as Hardware-level virtualization. In this, an operating
system represents the guest, the physical computer hardware represents a host, its
emulation represents a virtual machine, and the hypervisor represents the Virtual
Machine Manager. When the virtual machines are allowed to interact with
hardware without any intermediary action requirement from the host operating
system generally makes hardware-based virtualization more efficient. A
fundamental component of hardware virtualization is the hypervisor, or virtual
machine manager (VMM).

Basically, there are two types of Hypervisors which are described below:
  Type-I hypervisors:
Hypervisors of type I run directly on top of the hardware. As a result,
they stand in for operating systems and communicate directly with the
ISA interface offered by the underlying hardware, which they replicate to
allow guest operating systems to be managed. Because it runs natively on
hardware, this sort of hypervisor is also known as a native virtual
machine.
 Type-II hypervisors:
To deliver virtualization services, Type II hypervisors require the
assistance of an operating system. This means they’re operating system-
managed applications that communicate with it

Hardware compatibility is another challenge for hardware-based virtualization.

The virtualization layer interacts directly with the host hardware, which results that
all the associated drivers and support software must be compatible with the
hypervisor.

c. Explain the major goal of NIST. Also, explain the different layers in cloud
Computing.

 The National Institute of Standards and Technology (NIST) has several

major goals related to cloud computing.
  NIST is committed to fostering cloud computing practices that support
interoperability, portability, and security requirements that are appropriate
and achievable for various usage scenarios.
 The institute focuses on the necessary standards, specifications, and
guidance that must be in place for these requirements to be met.
 NIST seeks to provide leadership and guidance around the cloud computing
paradigm to catalyze its use within industry and government.
 The institute also strives to shorten the adoption life cycle, which will enable
near-term cost savings and increased ability to quickly create and deploy
safe and secure enterprise solutions.
In the context of cloud computing, NIST has defined three service models:
Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure
as a Service (IaaS). These service models form the basis for understanding the
different layers in cloud computing.

The following are the different layers in cloud computing:

Software as a Service (SaaS): This is the top layer, where consumers access
applications over the internet, such as web-based email, customer relationship
management (CRM), or office software. The consumer does not manage or
control the underlying cloud infrastructure, including network, servers,
operating systems, storage, or even individual application capabilities.
Platform as a Service (PaaS): This layer provides a platform allowing
customers to develop, run, and manage applications without the complexity of
building and maintaining the infrastructure typically associated with
developing and launching an app.
Infrastructure as a Service (IaaS): This is the bottom layer, providing
virtualized computing resources over the internet. It offers virtual machines and
other resources like storage networks, and operating systems on a pay-as-you-
go basis

d. Explain resource provisioning and resource provisioning methods.

Resource provisioning in cloud computing refers to the process of allocating

and managing computing resources, such as virtual machines, storage, and
network capacity, to meet the requirements of applications and services
running in the cloud. This involves dynamically assigning resources based on
demand, ensuring that applications have the necessary computing power,
storage, and networking capabilities to operate efficiently and effectively.
Resource provisioning is a crucial aspect of cloud management, enabling
 flexibility, scalability, and optimization of resource usage to meet varying
workload demands.
1. Types of Cloud Provisioning:
o Static Provisioning (Advance Provisioning):
 Suitable for applications with known and relatively constant
demands.
 The cloud provider allocates a fixed number of resources to the
customer.
 The client is responsible for preventing resource overutilization.
 Example: Allocating specific CPU, RAM, and storage for a
database server.
o Dynamic Provisioning:
 Responds to fluctuating workloads.
 Resources are allocated on-demand or based on predicted
workload.
 Ensures scalability and cost-effectiveness.
 Example: Automatically scaling up or down based on user
demand.
2. Importance of Cloud Provisioning:
o Scalability: Cloud computing allows dynamic scaling to handle
varying resource needs.
o Speed: Users can quickly provision or remove resources without IT
administrator intervention.
o Savings: Pay-as-you-go models lead to cost savings.

e.Explain Hadoop and its history. Also illustrate Hadoop architecture.

1. Hadoop Overview:
o Definition: Hadoop is an open-source framework developed by the
Apache Software Foundation for storing, processing, and analyzing
large volumes of data.
o Inspiration: It draws inspiration from Google’s white papers on
the Google File System (GFS) and the MapReduce programming
model.
o Purpose: Hadoop enables distributed storage and parallel processing of
data across a cluster of commodity hardware.
2. History of Hadoop:
o In 2002, Doug Cutting and Mike Cafarella embarked on a project
called Apache Nutch, an open-source web crawler software.
o 2003: Google published its groundbreaking paper on the Google File
System (GFS), which laid the foundation for Hadoop.
 o2005: Doug Cutting and Michael Cafarella designed Hadoop, heavily
influenced by Google’s GFS and MapReduce.
o 2006: The Apache Software Foundation officially launched Hadoop as
an open-source project.
3. Hadoop Architecture:
o A Hadoop cluster comprises a master node and multiple slave nodes:
 Master Node:
 Job Tracker: Accepts MapReduce jobs from clients and
coordinates data processing with the NameNode.
 NameNode: Manages the file system namespace,
including file operations like opening, renaming, and
closing.
 Slave Nodes:
 DataNode: Stores data blocks and handles read/write
requests from clients. Responsible for block creation,
deletion, and replication.
 TaskTracker: Works as a slave node for the Job Tracker,
executing tasks assigned by it.
o Hadoop Distributed File System (HDFS):
 A distributed file system designed for Hadoop.
 Master-Slave Architecture:
 NameNode: Single master server managing the file
system namespace.
 DataNodes: Multiple slaves, each containing data blocks.
 Both can run on commodity machines supporting Java.
 Responsibilities:
 NameNode: Metadata management, simplifying system
architecture.
 DataNode: Reads/writes data, performs block operations.
o MapReduce Engine:
 Can be either MapReduce/MR1 or YARN/MR2.
 Enables parallel computation on data using key-value pairs.
 Map Task: Converts input data into a dataset for computation.
 Reduce Task: Consumes Map output and produces the final
result.

SECTION C
3. Attempt any one part of the following:
a. Discuss cloud computing delivery model with advantages and disadvantages.
 The cloud computing delivery models along with their advantages and
disadvantages:
1. Public Cloud: The public cloud makes it possible for anybody to access
systems and services. The public cloud may be less secure as it is open to
everyone. The public cloud is one in which cloud infrastructure services are
provided over the internet to the general people or major industry groups. The
infrastructure in this cloud model is owned by the entity that delivers the
cloud services, not by the consumer.
o Advantages:
 Easy to Use and Deploy: Public cloud services are readily
available, and users can quickly provision resources.
 Highly Flexible and Scalable: Public clouds offer dynamic
scaling based on demand.
 Pay-as-You-Go: Users pay only for the resources they utilize.
 Top Tech Tools: Access to cutting-edge technologies and
products.
 No Maintenance Costs: Service providers handle infrastructure
maintenance.
 Free Usage for Low-End Requirements: Some public cloud
services offer free tiers.
o Disadvantages:
 Internet Connectivity Dependency: Accessing data from the
cloud relies on a stable internet connection.
 Vendor Lock-In: Switching between cloud providers can be
challenging due to different platforms.
 Limited Control: Users have less control over the cloud
infrastructure.
 Security Concerns: Sensitive data is entrusted to third-party
providers1.
2. Private Cloud: The private cloud deployment model is the exact opposite of
the public cloud deployment model. It’s a one-on-one environment for a
single user (customer). There is no need to share your hardware with anyone
else. The distinction between private and public clouds is in how you handle
all of the hardware. It is also called the “internal cloud” & it refers to the
ability to access systems and services within a given border or organization.
o Advantages:
 Enhanced Security: Private clouds offer better control over
security measures.
 Customization: Tailored to specific organizational needs.
 Compliance: Ideal for industries with strict regulatory
requirements.
 Predictable Performance: Resources are dedicated to a single
organization.
 o Disadvantages:
 Higher Costs: Setting up and maintaining a private cloud can be
expensive.
 Complexity: Requires skilled IT staff for management.
 Scalability Challenges: Scaling may be limited compared to
public clouds.
3. Hybrid Cloud: By bridging the public and private worlds with a layer of
proprietary software, hybrid cloud computing gives the best of both worlds.
With a hybrid solution, you may host the app in a safe environment while
taking advantage of the public cloud’s cost savings.
o Advantages:
 Flexibility: Combines the benefits of public and private clouds.
 Optimized Workloads: Allows workload placement based on
requirements.
 Cost-Efficiency: Use public cloud for non-sensitive data and
private cloud for critical workloads.
o Disadvantages:
 Integration Complexity: Ensuring seamless communication
between public and private components.
 Data Movement Overhead: Transferring data between clouds
can be time-consuming.
4. Community Cloud: It allows systems and services to be accessible by a
group of organizations. It is a distributed system that is created by integrating
the services of different clouds to address the specific needs of a community,
industry, or business. The infrastructure of the community could be shared
between the organization which has shared concerns or tasks.
o Advantages:
 Shared Resources: Designed for specific communities (e.g.,
research institutions, government agencies).
 Cost Sharing: Participants pool resources, reducing costs.
 Common Goals: Community clouds serve common interests.
o Disadvantages:
 Limited Availability: Not as widely available as public clouds.
 Complex Governance: Balancing the needs of different
community members.

b. Describe in detail about cloud computing reference model with a neat

diagram.

There are five major actors in NIST cloud computing reference architecture. They
are:
 1. Cloud Consumer
2. Cloud Provider
3. Cloud Carrier
4. Cloud Auditor
5. Cloud Broker
The below image will explain cloud computing reference model with a neat
diagram.

Each actor is an entity that participates in the process and/or completes duties in
cloud computing. This entity could be a person or an organization.

1. Cloud Consumer

The end user that the cloud computing service is designed to support is the cloud
consumer. An individual or corporation with a working relationship with a cloud
provider and utilizing its services is referred to as a cloud consumer. A cloud
customer peruses a cloud provider's service catalog, makes the proper service
request, enters into a service agreement with the cloud provider, and then utilizes
the service. The cloud customer may be charged for the service provided, in
which case payment arrangements must be made. They need to have a cloud
Service Level Agreement (SLA).

2. Cloud Provider
Any individual, group, or other entity in charge of making a service accessible to
cloud users is a cloud provider. A cloud provider creates the requested software,
platforms, and infrastructure services, manages the technical infrastructure needed
to supply the services, provisions the services at agreed-upon service levels, and
safeguards the services' security and privacy.

Cloud Provider provides three major services :

1. Software as a Service (SaaS)
2. Platform as a Service (PaaS)
3. Infrastructure as a Service (IaaS)

3. Cloud Carrier

A cloud carrier serves as an intermediary between cloud providers and customers,

facilitating connectivity and transport of cloud services. Customers can access the
cloud through the network, telecommunication, and other access equipment
provided by cloud carriers. Customers of cloud services, for instance, can get
them through network access devices, including laptops, mobile phones, PCs, and
mobile Internet devices (MIDs), among others. Network and telecommunication
carriers typically handle the distribution of cloud services, while a transport agent
is a company that arranges for the physical delivery of storage devices like high-
capacity hard drives.

4. Cloud Auditor

An unbiased evaluation of cloud services, information system operations,

performance, and the security of a cloud computing implementation can be done
by a cloud auditor. A cloud auditor can assess a cloud provider's services in terms
of performance, service level agreement compliance, privacy implications, and
security controls.

The management, operational, and technical precautions or countermeasures used

inside an organizational information system to ensure the privacy, availability,
and integrity of the system and its data are known as security controls.
5. Cloud Broker

An organization called a "Cloud Broker" controls how cloud services are used,
performed, and delivered and negotiates contracts between cloud providers and
cloud users. The integration of cloud services could become too difficult for cloud
consumers to handle as cloud computing develops. Instead of contacting a cloud
provider directly in certain circumstances, a cloud consumer may request cloud
services through a cloud broker.

4. Attempt any one part of the following:

a. Discuss Service-oriented architecture (SOA). Also explain building block of
SOAP
Service-Oriented Architecture (SOA) is a stage in the evolution of application
development and/or integration. It defines a way to make software components
reusable using the interfaces.
Formally, SOA is an architectural approach in which applications make use of
services available in the network. In this architecture, services are provided to
form applications, through a network call over the internet. It uses common
communication standards to speed up and streamline the service integrations in
applications. Each service in SOA is a complete business function in itself. The
services are published in such a way that it makes it easy for the developers to
assemble their apps using those services. SOA is different from microservice
architecture.
SOA allows users to combine a large number of facilities from existing
services to form applications.
 SOA encompasses a set of design principles that structure system
development and provide means for integrating components into a
coherent and decentralized system.
 SOA-based computing packages functionalities into a set of interoperable
services, which can be integrated into different software systems
belonging to separate business domains.
Advantages of SOA:
 Service reusability: In SOA, applications are made from existing
services. Thus, services can be reused to make many applications.
 Easy maintenance: As services are independent of each other they can
be updated and modified easily without affecting other services.
 Platform independent: SOA allows making a complex application by
combining services picked from different sources, independent of the
platform.
 Availability: SOA facilities are easily available to anyone on request.
  Reliability: SOA applications are more reliable because it is easy to
debug small services rather than huge codes
 Scalability: Services can run on different servers within an environment,
this increases scalability

Disadvantages of SOA:
 High overhead: A validation of input parameters of services is done
whenever services interact this decreases performance as it increases load
and response time.
 High investment: A huge initial investment is required for SOA.
 Complex service management: When services interact they exchange
messages to tasks. the number of messages may go in millions. It
becomes a cumbersome task to handle a large number of messages.

SOAP Building Block

The SOAP building block describes what XML data is sent to the web service and
client application. The following diagram represents the SOAP building block.

SOAP Envelope: Envelope is used to define the start and end of the SOAP
message. It contains the details of the SOAP message. It is an important element of
the XML documents.

SOAP Header: It is an optional element in which the header contains the

credentials information such as authorization, authentication, etc. is used during the
processing of a SOAP message.
SOAP Body: It is an important element of the SOAP message that contains request
and response information in the XML format. It defines the actual content of the
message to be sent between the client and the webserver.

SOAP Fault: The SOAP Fault element is an optional element used to display an
error message encountered during the transmission of a SOAP message. It holds the
status of SOAP messages and errors.

b. Explain Architectural constraints of web services.

Architectural Constraints of Web Services: There are six architectural
constraints which makes any web service are listed below:
 Uniform Interface
 Stateless
 Cacheable
 Client-Server
 Layered System
 Code on Demand
The only optional constraint of REST architecture is code on demand. If a service
violates any other constraint, it cannot strictly be referred to as RESTful.
Uniform Interface: It is a key constraint that differentiate between a REST API
and Non-REST API. It suggests that there should be an uniform way of interacting
with a given server irrespective of device or type of application (website, mobile
app).
There are four guidelines principle of Uniform Interface are:
 Resource-Based: Individual resources are identified in requests. For
example: API/users.
 Manipulation of Resources Through Representations: Client has
representation of resource and it contains enough information to modify
or delete the resource on the server, provided it has permission to do so.
Example: Usually user get a user id when user request for a list of users
and then use that id to delete or modify that particular user.
 Self-descriptive Messages: Each message includes enough information
to describe how to process the message so that server can easily analyses
the request.
 Hypermedia as the Engine of Application State (HATEOAS): It need
to include links for each response so that client can discover other
resources easily.
Stateless: It means that the necessary state to handle the request is contained
within the request itself and server would not store anything related to the session.
In REST, the client must include all information for the server to fulfill the request
whether as a part of query params, headers or URI. Statelessness enables greater
availability since the server does not have to maintain, update or communicate that
session state. There is a drawback when the client need to send too much data to
the server so it reduces the scope of network optimization and requires more
bandwidth.
Cacheable: Every response should include whether the response is cacheable or
not and for how much duration responses can be cached at the client side. Client
will return the data from its cache for any subsequent request and there would be
no need to send the request again to the server. A well-managed caching partially
or completely eliminates some client–server interactions, further improving
availability and performance. But sometime there are chances that user may
receive stale data.
Client-Server: REST application should have a client-server architecture. A
Client is someone who is requesting resources and are not concerned with data
storage, which remains internal to each server, and server is someone who holds
the resources and are not concerned with the user interface or user state. They can
evolve independently. Client doesn’t need to know anything about business logic
and server doesn’t need to know anything about frontend UI.
Layered system: An application architecture needs to be composed of multiple
layers. Each layer doesn’t know any thing about any layer other than that of
immediate layer and there can be lot of intermediate servers between client and the
end server. Intermediary servers may improve system availability by enabling
load-balancing and by providing shared caches.
Code on demand: It is an optional feature. According to this, servers can also
provide executable code to the client. The examples of code on demand may
include the compiled components such as Java Servlets and Server-Side Scripts
such as JavaScript.

5. Attempt any one part of the following:

a. Describe the components of Cloud Provider. Also explain the responsibility of
cloud provider for SaaS, PaaS, and IaaS.

Software as a Service(SaaS)

Software-as-a-Service (SaaS) is a way of delivering services and applications over

the Internet. Instead of installing and maintaining software, we simply access it via
the Internet, freeing ourselves from the complex software and hardware
management. It removes the need to install and run applications on our own
computers or in the data centers eliminating the expenses of hardware as well as
software maintenance.
SaaS provides a complete software solution that you purchase on a pay-as-you-
go basis from a cloud service provider. Most SaaS applications can be run directly
from a web browser without any downloads or installations required. The SaaS
applications are sometimes called Web-based software, on-demand software, or
hosted software.

Advantages of SaaS
1. Cost-Effective: Pay only for what you use.
2. Reduced time: Users can run most SaaS apps directly from their web
browser without needing to download and install any software. This
reduces the time spent in installation and configuration and can reduce
the issues that can get in the way of the software deployment.
3. Accessibility: We can Access app data from anywhere.
4. Automatic updates: Rather than purchasing new software, customers
rely on a SaaS provider to automatically perform the updates.
5. Scalability: It allows the users to access the services and features on-
demand.
The various companies providing Software as a service are Cloud9 Analytics,
Salesforce.com, Cloud Switch, Microsoft Office 365, Big Commerce, Eloqua,
dropBox, and Cloud Tran.
Disadvantages of Saas :
1. Limited customization: SaaS solutions are typically not as customizable
as on-premises software, meaning that users may have to work within the
constraints of the SaaS provider’s platform and may not be able to tailor
the software to their specific needs.
2. Dependence on internet connectivity: SaaS solutions are typically
cloud-based, which means that they require a stable internet connection
to function properly. This can be problematic for users in areas with poor
connectivity or for those who need to access the software in offline
environments.
3. Security concerns: SaaS providers are responsible for maintaining the
security of the data stored on their servers, but there is still a risk of data
breaches or other security incidents.
4. Limited control over data: SaaS providers may have access to a user’s
data, which can be a concern for organizations that need to maintain strict
control over their data for regulatory or other reasons.

Platform as a Service

PaaS is a category of cloud computing that provides a platform and environment to

allow developers to build applications and services over the internet. PaaS services
are hosted in the cloud and accessed by users simply via their web browser.
A PaaS provider hosts the hardware and software on its own infrastructure. As a
result, PaaS frees users from having to install in-house hardware and software to
develop or run a new application. Thus, the development and deployment of the
application take place independent of the hardware.
The consumer does not manage or control the underlying cloud infrastructure
including network, servers, operating systems, or storage, but has control over the
deployed applications and possibly configuration settings for the application-
hosting environment.

Advantages of PaaS:
1. Simple and convenient for users: It provides much of the infrastructure
and other IT services, which users can access anywhere via a web
browser.
2. Cost-Effective: It charges for the services provided on a per-use basis
thus eliminating the expenses one may have for on-premises hardware
and software.
3. Efficiently managing the lifecycle: It is designed to support the
complete web application lifecycle: building, testing, deploying,
managing, and updating.
4. Efficiency: It allows for higher-level programming with reduced
complexity thus, the overall development of the application can be more
effective.
The various companies providing Platform as a service are Amazon Web services
Elastic Beanstalk, Salesforce, Windows Azure, Google App Engine, cloud Bees
and IBM smart cloud.

Disadvantages of Paas:
1. Limited control over infrastructure: PaaS providers typically manage
the underlying infrastructure and take care of maintenance and updates,
but this can also mean that users have less control over the environment
and may not be able to make certain customizations.
2. Dependence on the provider: Users are dependent on the PaaS provider
for the availability, scalability, and reliability of the platform, which can
be a risk if the provider experiences outages or other issues.
3. Limited flexibility: PaaS solutions may not be able to accommodate
certain types of workloads or applications, which can limit the value of
the solution for certain organizations.

Infrastructure as a Service

Infrastructure as a service (IaaS) is a service model that delivers computer

infrastructure on an outsourced basis to support various operations. Typically IaaS
is a service where infrastructure is provided as outsourcing to enterprises such as
networking equipment, devices, database, and web servers.
It is also known as Hardware as a Service (HaaS). IaaS customers pay on a per-
user basis, typically by the hour, week, or month. Some providers also charge
customers based on the amount of virtual machine space they use.
It simply provides the underlying operating systems, security, networking, and
servers for developing such applications, and services, and deploying development
tools, databases, etc.
Advantages of IaaS:
1. Cost-Effective: Eliminates capital expense and reduces ongoing cost and
IaaS customers pay on a per-user basis, typically by the hour, week, or
month.
2. Website hosting: Running websites using IaaS can be less expensive
than traditional web hosting.
3. Security: The IaaS Cloud Provider may provide better security than your
existing software.
4. Maintenance: There is no need to manage the underlying data center or
the introduction of new releases of the development or underlying
software. This is all handled by the IaaS Cloud Provider.
The various companies providing Infrastructure as a service are Amazon web
services, Bluestack, IBM, Openstack, Rackspace, and Vmware.

Disadvantages of laaS :
1. Limited control over infrastructure: IaaS providers typically manage
the underlying infrastructure and take care of maintenance and updates,
but this can also mean that users have less control over the environment
and may not be able to make certain customizations.
2. Security concerns: Users are responsible for securing their own data and
applications, which can be a significant undertaking.
3. Limited access: Cloud computing may not be accessible in certain
regions and countries due to legal policies.

b. Explain Amazon S3. Also describe the advantages of cloud storage.

Amazon S3 (Simple Storage Service) is a widely used object storage service
provided by Amazon Web Services (AWS). It is designed to store and retrieve any
amount of data from anywhere on the web. S3 offers scalable, durable, and highly
available storage infrastructure that developers and businesses can use to store and
retrieve data.
Here's an overview of Amazon S3's key features:
1. Scalability: S3 can scale virtually infinitely to accommodate growing storage
needs. You can store as much data as needed without worrying about capacity
constraints.
 2. Durability and Reliability: S3 stores data redundantly across multiple
facilities and devices within an AWS region, ensuring high durability and
availability. It is designed to sustain the loss of data in two facilities
simultaneously, making it highly reliable for storing critical data.
3. Security: S3 provides robust security features to protect data at rest and in
transit. It offers access control mechanisms such as bucket policies, access
control lists (ACLs), and encryption options to secure data according to
specific requirements.
4. Accessibility: S3 allows data to be accessed from anywhere on the web using
RESTful APIs or SDKs provided by AWS. This makes it easy for developers
to integrate S3 into their applications and access data programmatically.
5. Cost-effectiveness: S3 offers a pay-as-you-go pricing model, where users
only pay for the storage they consume and the data transfer they use. This
makes it cost-effective for businesses of all sizes, as they can scale storage
resources according to their needs without any upfront investment.
Advantages of cloud storage in general include:
1. Scalability: Cloud storage solutions like Amazon S3 offer virtually unlimited
scalability, allowing businesses to scale their storage resources up or down
based on demand without needing to invest in physical infrastructure.
2. Cost-effectiveness: Cloud storage eliminates the need for businesses to invest
in and maintain expensive hardware infrastructure. With pay-as-you-go
pricing models, businesses only pay for the storage and resources they use,
reducing overall costs.
3. Accessibility: Cloud storage solutions enable users to access their data from
anywhere with an internet connection, making collaboration and remote work
more efficient. This accessibility also facilitates data sharing and distribution
across teams and locations.
4. Reliability and Redundancy: Cloud storage providers typically offer
redundant storage across multiple data centers, ensuring high availability and
data durability. This minimizes the risk of data loss due to hardware failures
or disasters.
5. Security: Cloud storage providers implement robust security measures to
protect data from unauthorized access, including encryption, access controls,
and multi-factor authentication. This helps businesses ensure the
confidentiality, integrity, and availability of their data.
 6. Ease of Management: Cloud storage solutions often come with user-friendly
management interfaces and APIs, making it easy for businesses to manage
and monitor their storage resources. This includes features like automated
backups, versioning, and data lifecycle management.
6. Attempt any one part of the following:
a. Explain inter cloud resource management in cloud computing
A theoretical model for cloud computing services is referred to as the “inter-cloud”
or “cloud of clouds.” combining numerous various separate clouds into a single
fluid mass for on-demand operations Simply put, the inter-cloud would ensure that
a cloud could utilize resources outside of its range using current agreements with
other cloud service providers. There are limits to the physical resources and the
geographic reach of any one cloud.
Need of Inter-Cloud
Due to their Physical Resource limits, Clouds have certain Drawbacks:
 When a cloud’s computational and storage capacity is completely
depleted, it is unable to serve its customers.
 The Inter-Cloud addresses these circumstances when one cloud would
access the computing, storage, or any other resource of the infrastructures
of other clouds.

Benefits of the Inter-Cloud Environment include:

 Avoiding vendor lock-in to the cloud client
 Having access to a variety of geographical locations, as well as enhanced
application resiliency.
 Better service level agreements (SLAs) to the cloud client
 Expand-on-demand is an advantage for the cloud provider.

A cloud’s infrastructure’s processing and storage capacity could be exhausted.

combining numerous various separate clouds into a single fluid mass for on-
demand operations. Simply put, the intercloud would ensure that a cloud could
utilize resources outside of its range combining numerous various separate clouds
into a single fluid mass for on-demand operations. Such requests for service
allocations received by its clients would still be met by it.
Types of Inter-Cloud Resource Management
1. Federation Clouds: A federation cloud is a kind of inter-cloud where
several cloud service providers willingly link their cloud infrastructures
together to exchange resources. Cloud service providers in the federation
 trade resources in an open manner. With the aid of this inter-cloud
technology, private cloud portfolios, as well as government clouds (those
utilized and owned by non-profits or the government), can cooperate.
2. Multi-Cloud: A client or service makes use of numerous independent
clouds in a multi-cloud. A multi-cloud ecosystem lacks voluntarily shared
infrastructure across cloud service providers. It is the client’s or their
agents’ obligation to manage resource supply and scheduling. This
strategy is utilized to use assets from both public and private cloud
portfolios. These multi-cloud kinds include services and libraries.

b. Discuss security challenges and security governance in cloud computing

environment.
Security challenges in a cloud computing environment arise due to the shared
responsibility model, multi-tenancy, dynamic nature of cloud infrastructure, and the
complexity of distributed systems. Here are some common security challenges:
1. Data Security and Privacy: Ensuring the confidentiality, integrity, and
availability of data stored in the cloud is a significant challenge. Data
breaches, unauthorized access, and data loss are potential risks, especially
when sensitive data is stored or transmitted across cloud services.
2. Identity and Access Management (IAM): Managing user identities, access
controls, and permissions across multiple cloud services and users is complex.
Misconfigurations, weak credentials, and improper access controls can lead to
unauthorized access and insider threats.
3. Compliance and Legal Issues: Meeting regulatory compliance requirements
(such as GDPR, HIPAA, PCI DSS) and industry standards in a cloud
environment adds complexity. Organizations need to ensure that their cloud
deployments comply with relevant regulations, data protection laws, and
contractual obligations.
4. Network Security: Protecting network infrastructure and communications
within the cloud environment is crucial. Vulnerabilities in virtual networks,
inadequate segmentation, and lack of network monitoring can lead to
unauthorized access, data interception, and denial-of-service (DoS) attacks.
5. Application Security: Securing cloud-based applications and APIs against
common vulnerabilities (such as injection attacks, cross-site scripting, and
authentication flaws) is essential. Insecure coding practices, third-party
 dependencies, and inadequate security testing can expose applications to
exploitation.
6. Incident Response and Forensics: Detecting and responding to security
incidents in a cloud environment requires robust incident response plans and
forensic capabilities. Rapid incident detection, containment, and recovery are
critical to minimizing the impact of security breaches and maintaining
business continuity.
Security governance in a cloud computing environment involves establishing
policies, procedures, and controls to manage security risks effectively. Key aspects
of security governance include:
1. Risk Management: Identifying, assessing, and prioritizing security risks
associated with cloud deployments. This involves conducting risk
assessments, implementing risk mitigation measures, and monitoring risk
exposure over time.
2. Security Policies and Standards: Developing and enforcing security
policies, standards, and guidelines specific to cloud computing. This includes
defining acceptable use policies, access controls, encryption standards, and
incident response procedures aligned with organizational objectives and
regulatory requirements.
3. Security Controls and Technologies: Implementing security controls and
technologies to protect cloud resources and data. This may include
encryption, access controls, network segmentation, intrusion
detection/prevention systems (IDS/IPS), and security monitoring tools.
4. Security Awareness and Training: Educating employees, contractors, and
partners about cloud security best practices, policies, and procedures. Security
awareness training helps foster a security-conscious culture and empowers
individuals to recognize and respond to security threats effectively.
5. Vendor Management: Assessing the security posture of cloud service
providers (CSPs) and third-party vendors, and establishing contractual
agreements and service-level agreements (SLAs) to ensure compliance with
security requirements. Vendor risk management involves due diligence,
ongoing monitoring, and periodic assessments of vendor security practices.
6. Continuous Monitoring and Compliance: Implementing mechanisms for
continuous monitoring of cloud environments to detect security incidents,
compliance violations, and unauthorized activities. Regular audits, security
 assessments, and compliance checks help ensure that cloud deployments
adhere to security policies and standards.

7. Attempt any one part of the following:

a. Give a suitable definition of cloud federation stack and explain it in detail

Cloud Federation stack

Each level of the cloud federation poses unique problems and functions at a
different level of the IT stack. Then, several strategies and technologies are
needed. The answers to the problems encountered at each of these levels when
combined form a reference model for a cloud federation.

Conceptual Level

The difficulties in presenting a cloud federation as an advantageous option for

using services rented from a single cloud provider are addressed at the conceptual
level. At this level, it’s crucial to define the new opportunities that a federated
environment brings in comparison to a single-provider solution and to explicitly
describe the benefits of joining a federation for service providers or service users.
At this level, the following factors need attention:
 The reasons that cloud providers would want to join a federation.
 Motivations for service users to use a federation.
 Benefits for service providers who rent their services to other service
providers. Once a provider joins the federation, they have obligations.
 Agreements on trust between suppliers.
 Consumers versus transparency.
The incentives of service providers and customers joining a federation stand out
among these factors as being the most important.

Logical and Operational Level

The obstacles in creating a framework that allows the aggregation of providers

from various administrative domains within the context of a single overlay
infrastructure, or cloud federation, are identified and addressed at the logical and
operational level of a federated cloud.
Policies and guidelines for cooperation are established at this level. Additionally,
this is the layer where choices are made regarding how and when to use a service
from another provider that is being leased or leveraged. The operational
component characterizes and molds the dynamic behavior of the federation as a
result of the decisions made by the individual providers, while the logical
component specifies the context in which agreements among providers are made
and services are negotiated.
At this level, MOCC is put into precise and becomes a reality. At this stage, it’s
crucial to deal with the following difficulties:
 How ought a federation should be portrayed?
 How should a cloud service, a cloud provider, or an agreement be
modeled and represented?
 How should the regulations and standards that permit providers to join a
federation be defined?
 What procedures are in place to resolve disputes between providers?
 What obligations does each supplier have to the other?
 When should consumers and providers utilize the federation?
 What categories of services are more likely to be rented than purchased?
 Which percentage of the resources should be leased, and how should we
value the resources that are leased?
Both academia and industry have potential at the logical and operational levels.

Infrastructure Level

The technological difficulties in making it possible for various cloud computing

systems to work together seamlessly are dealt with at the infrastructure level. It
addresses the technical obstacles keeping distinct cloud computing systems from
existing inside various administrative domains. These obstacles can be removed by
using standardized protocols and interfaces.
The following concerns should be addressed at this level:
 What types of standards ought to be applied?
 How should interfaces and protocols be created to work together?
 Which technologies should be used for collaboration?
 How can we design platform components, software systems, and services
that support interoperability?
Only open standards and interfaces allow for interoperability and composition
amongst various cloud computing companies. Additionally, the Cloud Computing
Reference Model has layers that each has significantly different interfaces and
protocols.

b. Explain Web services in detail. Differentiate Web services and APIs.

Web Services:
A Web services are any bit of services that makes it accessible over the Internet
and normalizes its correspondence through XML encoding. A customer conjures
web services by sending a solicitation (for the most part as an XML message), and
the services send back an XML response. Web services summon communication
over a network, with HTTP as the most widely recognized methods for the
network between the two frameworks. Web services are equivalent to SOA
(Services Oriented Architecture) and fundamentally depend on measures, for
example, XML-RPC and SOAP (Simple Object Access
Protocol). Components: All the standard web services work using the following
components.
 SOAP (Simple Object Access Protocol)
 UDDI (Universal Description, Discovery and Integration)
 WSDL (Web Services Description Language)

SOAP (Simple Object Access Protocol)

SOAP stands for “Simple Object Access Protocol.” It is a transport-independent
messaging protocol. SOAP is built on sending XML data in the form of SOAP
Messages. A document known as an XML document is attached to each message.
Only the structure of the XML document, not the content, follows a pattern. The
best thing about Web services and SOAP is that everything is sent through HTTP,
the standard web protocol.

UDDI (Universal Description, Discovery, and Integration)

UDDI is a standard for specifying, publishing and discovering a service provider’s
online services. It provides a specification that aids in the hosting of data via web
services. UDDI provides a repository where WSDL files can be hosted so that a
client application can discover a WSDL file to learn about the various actions that
a web service offers. As a result, the client application will have full access to the
UDDI, which serves as a database for all WSDL files.

WSDL (Web Services Description Language)

If a web service can’t be found, it can’t be used. The client invoking the web
service should be aware of the location of the web service. Second, the client
application must understand what the web service does in order to invoke the
correct web service. The WSDL, or Web services description language, is used to
accomplish this.
 Web Services Web API

APIs are application interfaces,

Web services are a type of API, implying that one application can
which must be accessed communicate with another
through a network connection. application in a standardized
manner.

Web service is used for REST,

API is used for any style of
SOAP and XML-RPC for
communication.
communication.

All Web services are APIs. APIs are not web services.

It has a light-weight architecture

It doesn’t have lightweight
furthermore, useful for gadgets
design, needs a SOAP
which have constrained
convention to send or receive
transmission capacity like smart
data over the system.
phones.

It provides support for the HTTP/s

It provides supports only for
protocol: URL Request/Response
the HTTP protocol.
Headers, and so on.

It is not open source, however,

can be devoured by any It is an open source and also ships
customer that comprehends with .NET framework.
xml.

Web service supports only

API supports XML and JSON.
XML.

Web Services can be hosted on Web API can be hosted only on

IIS. IIS and self.