9/13/2024

Cloud Computing Services

Cloud Services Overview with a Comparison of Major
Cloud Service Providers

Module 4
Sheheryar Malik, Ph.D.

Distributed & Cloud Computing

Cloud Service Model:

Infrastructure Management Context

Traditional
IaaS PaaS SaaS
IT
Managed by user

Application Application Application Application

Managed by user

Data Data Data Data

Managed by cloud provider

Run time Run time Run time Run time

Managed by user

Managed by cloud provider

Middleware Middleware Middleware Middleware

Operating System Operating System Operating System Operating System
Managed by cloud provider

Virtualization Virtualization Virtualization Virtualization

Servers Servers Servers Servers
Storage Storage Storage Storage
Networking Networking Networking Networking

Managed by User Managed by Vendor

Cloud Computing Services Sheheryar Malik, Ph.D. 2

1
 9/13/2024

Distributed & Cloud Computing

Cloud Computing Services

Networking &
Computation Storage Databases
Content Delivery

Security, Identity Operations and Management & Application

& Compliance Monitoring Governance Integration

Developer & Migration & AI & Machine

Data Analytics
Operation Tools Transfer learning

Cloud Computing Services Sheheryar Malik, Ph.D. 3

Distributed & Cloud Computing

Computation

Cloud Computing Services Sheheryar Malik, Ph.D. 4

2
 9/13/2024

Distributed & Cloud Computing

Computation Services
• Compute describes concepts and objects related to software
computation
• It is a generic term used to reference processing power, memory,
networking, storage, and other resources required for the
computational success of any program

Cloud Computing Services Sheheryar Malik, Ph.D. 5

Distributed & Cloud Computing

Computation Services
Core Services
• Compute Instances / Virtual Machines
• Containers
• Function as a Service

Associated Services/Functions
• Load Balancing
• Autoscaling

Cloud Computing Services Sheheryar Malik, Ph.D. 6

3
 9/13/2024

Distributed & Cloud Computing

Computation Services
Name of Service AWS Azure GCP
Virtual machine Amazon EC2 Azure Virtual Machines Compute Engine
Auto scale Amazon EC2 Auto Virtual Machine Scale Autoscaling
Scaling Sets
VMware environment VMware Cloud on AWS Azure VMware
deployment Solutions
Native Container Amazon Elastic Service Fabric
Orchestrator Container Service
Kubernetes Amazon Elastic Azure Kubernetes Google Kubernetes
Container Service for Service Engine
Kubernetes
Serverless for AWS Fargate Cloud Run
containerized
applications
Cloud Computing Services Sheheryar Malik, Ph.D. 7

Distributed & Cloud Computing

Computation Services
Name of Service AWS Azure GCP
Container registry Amazon Elastic Azure Container Container Registry
Container Registry Registry
Web application Amazon Elastic Azure App Service App Engine
execution environment Beanstalk
Function as a Service AWS Lambda Azure Functions Cloud Functions
On-premise AWS Outposts Azure Stack Cloud Platform Service
deployment
Build a hybrid cloud Anthos
VPS Amazon Lightsail
Batch computing AWS Batch Azure Batch

Cloud Computing Services Sheheryar Malik, Ph.D. 8

4
 9/13/2024

Distributed & Cloud Computing

Compute Instances / Virtual Machines • Amazon Elastic

Compute Cloud
(EC2)
• Compute instances or Virtual Machines (instance) runs the
images for servers (Linux, Windows etc.) that a cloud
provided provides
• It may also allow to run a private custom images that user
• Azure Virtual
can create or import from your existing systems Machines
• User may also deploy containers
• It provides users with complete control of their computing
resources

• Compute Engine

Cloud Computing Services Sheheryar Malik, Ph.D. 9

Distributed & Cloud Computing

Compute Instances / Virtual Machines

• It generally provides resizable compute capacity in the cloud
• User can choose the machine properties of instances, such as
o the number of virtual CPUs
o amount of memory, by using a set of predefined machine types or

• Users may create their own custom machine types

• There can be different types of compute instances e.g.
o General Purpose
o Compute Optimized
o Memory-Optimized
o Hardware Accelerated
o Storage Optimized

Cloud Computing Services Sheheryar Malik, Ph.D. 10

10

5
 9/13/2024

Distributed & Cloud Computing

Containers • Amazon Elastic

Container Service
• Amazon Elastic
• Container is an OS-level virtualization Container Service
for Kubernetes
o A container is a virtual runtime environment that runs on top of a • AWS Fargate
single operating system (OS) kernel and emulates an operating system
rather than the underlying hardware
• Containers provide a standard way to package your
application's code, configurations, and dependencies into a • Service Fabric
single object • Azure
Kubernetes
• Containers offer a logical packaging mechanism in which Service
applications can be abstracted from the environment in which
they actually run
o This decoupling allows container-based applications to be deployed
easily and consistently, regardless of whether the target environment is
a private data center, the public cloud, or even a developer’s personal • Google
laptop Kubernetes
Engine

Cloud Computing Services Sheheryar Malik, Ph.D. 11

11

Distributed & Cloud Computing

Containers
• Containers share an operating system installed on the server
o Run as resource-isolated processes, ensuring quick, reliable, and consistent
deployments, regardless of environment
• Containerization provides a clean separation of concerns
o as developers focus on their application logic and dependencies, while IT
operations teams can focus on deployment and management without
bothering with application details such as specific software versions and
configurations specific to the app

Cloud Computing Services Sheheryar Malik, Ph.D. 12

12

6
 9/13/2024

Distributed & Cloud Computing

Function as a Service • AWS Lambda

• It is a cloud computing services that provides a platform allowing

customers to develop, run, and manage application functionalities
without the complexity of building and maintaining the
infrastructure typically associated with developing and launching an
app
• It is one way of achieving a "serverless" architecture
• Azure Functions
• Typically used when building microservices applications
• Use cases are on-demand functionality that enables the supporting
infrastructure to be powered down and not incur charges when not
in use
• Examples include
o data processing (e.g., batch processing, stream processing, extract-transform-
load (ETL))
o Internet of things (IoT) services for Internet-connected devices • Cloud Functions
o Mobile applications
o Web applications

Cloud Computing Services Sheheryar Malik, Ph.D. 13

13

Distributed & Cloud Computing

Web Application Execution Environment • Amazon Elastic

Beanstalk
• This service is used to deploy and scale web applications
• It enables customers to upload code and then it
automatically handles the deployment
o from capacity provisioning, load balancing, and auto scaling to
• Azure App
application health monitoring Service
• As the number of requests increases for an application, this
service automatically allocates more resources for the web
application to handle the additional demand

• App Engine

Cloud Computing Services Sheheryar Malik, Ph.D. 14

14

7
 9/13/2024

Distributed & Cloud Computing

Batch Computing • AWS Batch

• AWS Batch is a fully managed batch computing service that

plans, schedules, and runs your batch workloads across the
full range of compute offerings
• It lets developers, scientists, and engineers efficiently run
• Azure Batch
hundreds of thousands of batch computing jobs while
optimizing compute resources
o so you can focus on analyzing results and solving problems

Cloud Computing Services Sheheryar Malik, Ph.D. 15

15

Distributed & Cloud Computing

Storage

Cloud Computing Services Sheheryar Malik, Ph.D. 16

16

8
 9/13/2024

Distributed & Cloud Computing

Storage Services

• Object storage
• Block storage
• File storage

Cloud Computing Services Sheheryar Malik, Ph.D. 17

17

Distributed & Cloud Computing

Storage Services
Name of Service AWS Azure GCP
Object storage Amazon S3 Azure Blob Cloud Storage
Block storage Amazon EBS Managed Disk Persistent Disk
File storage (NFS) Amazon Elastic File Azure NetApp Files Cloud Filestore
System
File storage (SMB) Amazon FSX for Azure Files
Windows File Server
File system for HPC Amazon FSX for Lustre Azure FXT Edge Filer
Archive storage Amazon S3 Glacier Storage archive access Cloud Storage Coldline
tier
Central management of AWS Backup Azure Backup
backup
Hybrid storage AWS Storage Gateway Azure StorSimple

Cloud Computing Services Sheheryar Malik, Ph.D. 18

18

9
 9/13/2024

Distributed & Cloud Computing

Object Storage • Amazon S3

• Object storage is a computer data storage that manages data as

objects
o Different from other storage architectures like
▪ file systems which manages data as a file hierarchy, and
▪ block storage which manages data as blocks within sectors and tracks
• Each object typically includes the data itself, a variable amount of
metadata, and a globally unique identifier • Azure Blob
• Object storage can be implemented at multiple levels, including
o the device level (object-storage device)
o the system level, and
o the interface level
• In each case, object storage seeks to enable capabilities not
addressed by other storage architectures, like
o interfaces that are directly programmable by the application • Cloud Storage
o a namespace that can span multiple instances of physical hardware, and
o data-management functions like data replication and data distribution at
object-level granularity
Cloud Computing Services Sheheryar Malik, Ph.D. 19

19

Distributed & Cloud Computing

Object Storage
• Object storage systems allow retention of massive amounts of
unstructured data
o data is written once and read once (or many times)
• Object storage is used for purposes such as storing objects like videos
and photos on Facebook, songs on Spotify, or files in online
collaboration services, such as Dropbox
• One of the limitations with object storage is that it is not intended for
transactional data
o object storage was not designed to replace NAS file access and sharing
o it does not support the locking and sharing mechanisms needed to maintain a
single, accurately updated version of a file

Cloud Computing Services Sheheryar Malik, Ph.D. 20

20

10
 9/13/2024

Distributed & Cloud Computing

Block Storage • Amazon EBS

• It is a technology that is used to store data files on Storage Area

Networks (SANs) or cloud-based storage environments
• Block storage is also referred to as block-level storage
• Developers favor block storage for computing situations where
• Managed Disk
they require fast, efficient, and reliable data transportation
• Block storage breaks up data into blocks and then stores those
blocks as separate pieces, each with a unique identifier
o The SAN places those blocks of data wherever it is most efficient
o It can store those blocks across different systems and each block can be
configured (or partitioned) to work with different operating systems
• Persistent Disk

Cloud Computing Services Sheheryar Malik, Ph.D. 21

21

Distributed & Cloud Computing

Block Storage
• Block storage also decouples data from user environments, allowing
that data to be spread across multiple environments
o This creates multiple paths to the data and allows the user to retrieve it
quickly
o When a user or application requests data from a block storage system, the
underlying storage system reassembles the data blocks and presents the data
to the user or application

Cloud Computing Services Sheheryar Malik, Ph.D. 22

22

11
 9/13/2024

Distributed & Cloud Computing

File Storage (NFS) • Amazon Elastic File

System
• Amazon FSX for
Windows File
• File storage is a hierarchical storage methodology used to organize Server
and store data on a network-attached storage (NAS) device • Amazon FSX for
o NAS presents storage to users and applications using the same ideology as a Lustre
traditional network file system
• It is also called file-level or file-based storage
• Data is stored in files, the files are organized in folders, and the • Azure NetApp
folders are organized under a hierarchy of directories and Files
subdirectories • Azure Files
o To locate a file, all you or your computer system need is the path, from
directory to subdirectory to folder to file • Azure FXT Edge
o However, NAS or the Network Operating System (NOS) handle access rights,
Filer
file sharing, file locking, and other controls
• Two common industry-standard protocols for file storage are the
Network File System (NFS) protocol and the Server Message Block
(SMB) protocol • Cloud Filestore
o SMB is Windows compatible whereas NFS is more Linux compatible

Cloud Computing Services Sheheryar Malik, Ph.D. 23

23

Distributed & Cloud Computing

File Storage (NFS)

• Hierarchical file storage works well with easily organized amounts of
structured data
o But, as the number of files grows, the file retrieval process can become
cumbersome and time-consuming
o Scaling requires adding more hardware devices or continually replacing these
with higher-capacity devices, both of which can get expensive
• File storage can be very easy to configure
o but access to data is constrained by a single path to the data, which can
impact performance compared to block or object storage
• File storage also only operates with common file-level protocols, such
as a New Technology File System (NTFS) for Windows or a Network
File System (NFS) for Linux
o This could limit usability across dissimilar systems

Cloud Computing Services Sheheryar Malik, Ph.D. 24

24

12
 9/13/2024

Distributed & Cloud Computing

Archive Storage • Amazon S3

Glacier
• The Archive Storage service is ideal for storing data that is
seldom accessed, but requires long retention periods
• Archive Storage is more cost effective than Object Storage
for preserving cold data
• Storage archive
• Unlike Object Storage, Archive Storage data retrieval is not access tier
instantaneous

• Cloud Storage
Coldline

Cloud Computing Services Sheheryar Malik, Ph.D. 25

25

Distributed & Cloud Computing

Databases

Cloud Computing Services Sheheryar Malik, Ph.D. 26

26

13
 9/13/2024

Distributed & Cloud Computing

Databases Services
• Relational Databases
• Serverless Relational Databases
• NoSQL Databases
• In-memory Databases

Cloud Computing Services Sheheryar Malik, Ph.D. 27

27

Distributed & Cloud Computing

Databases Services
Name of Service AWS Azure GCP
MySQL Amazon RDS for MySQL Azure Database for Cloud SQL for MySQL
/ Amazon Aurora MySQL
PostgreSQL Amazon RDS for Azure Database for Cloud SQL for
PostgreSQL / Amazon PostgreSQL PostgreSQL
Aurora
Oracle Amazon RDS for Oracle
SQL Server Amazon RDS for SQL SQL Database Cloud SQL for SQL
Server Server
MariaDB Amazon RDS for Azure Database for
MariaDB MariaDB
NoSQL Amazon DynamoDB Azure Cosmos DB Cloud Datastore / Cloud
Bigtable
In-memory cache Amazon ElastiCache Azure Cache for Redis Cloud Memorystore

Cloud Computing Services Sheheryar Malik, Ph.D. 28

28

14
 9/13/2024

Distributed & Cloud Computing

Databases Services
Name of Service AWS Azure GCP
Graph DB Amazon Neptune Azure Cosmos DB (API
for Gremlin)
Time series DB Amazon Timestream
MongoDB Amazon DocumentDB Azure Cosmos DB (API
(with MongoDB for MongoDB-
compatibility)
Data Warehouse Amazon Redshift Azure Synapse Google BigQuery
Global distributed RDB Cloud Spanner
Real time DB Cloud Firestore
DB at the edge Azure SQL Database
Edge

Cloud Computing Services Sheheryar Malik, Ph.D. 29

29

Distributed & Cloud Computing

Relational Databases • Amazon RDS for

MySQL,
PostgreSQL,
• A relational database (RDB) is a way of structuring information in Oracle, SQL
tables, rows, and columns
Server, MariaDB
• An RDB has the ability to establish links, or relationships between
information by joining tables, which makes it easy to understand and
gain insights about the relationship between various data points
• It organizes data in predefined relationships where data is stored in • Azure Database
one or more tables (or "relations") of columns and rows, making it for MySQL,
easy to see and understand how different data structures relate to PostgreSQL,
each other
• SQL Database
• Each column in a table holds a certain kind of data and a field stores
the actual value of an attribute
• The rows in the table represent a collection of related values of one
object or entity
• Each row in a table could be marked with a unique identifier called a • Cloud SQL for
primary key, and rows among multiple tables can be made related MySQL,
using foreign keys PostgreSQL, SQL
Server
Cloud Computing Services Sheheryar Malik, Ph.D. 30

30

15
 9/13/2024

Distributed & Cloud Computing

Serverless Relational Databases • Amazon Aurora

MySQL,
PostgreSQL
• A serverless database is any database that embodies the
core principles of the serverless computing paradigm
• The exact flavor of the application doesn’t matter

Cloud Computing Services Sheheryar Malik, Ph.D. 31

31

Distributed & Cloud Computing

NoSQL Databases
• NoSQL databases (aka "not only SQL") are non-tabular databases and
store data differently than relational tables
• NoSQL databases come in a variety of types based on their data
model
• The main types are document, key-value, wide-column, and grap
• They provide flexible schemas and scale easily with large amounts of
data and high user loads
• NoSQL databases are databases that store data in a format other than
relational tables

Cloud Computing Services Sheheryar Malik, Ph.D. 32

32

16
 9/13/2024

Distributed & Cloud Computing

NoSQL Databases – Common Types • Amazon

DocumentDB (with
MongoDB
compatibility)
• Document databases • Amazon DynamoDB
o store data in documents similar to JSON (JavaScript Object Notation) • Amazon Neptune
objects. Each document contains pairs of fields and values
o The values can typically be a variety of types including things like
strings, numbers, booleans, arrays, or objects
• Azure Cosmos DB
• Key-value databases (API for
o a simpler type of database where each item contains keys and values MongoDB)
• Azure Cosmos DB
• Wide-column stores • Azure Cosmos DB
o store data in tables, rows, and dynamic columns (API for Gremlin)

• Graph databases
o store data in nodes and edges
o Nodes typically store information about people, places, and things, • Cloud Datastore
while edges store information about the relationships between the • Cloud Bigtable
nodes
Cloud Computing Services Sheheryar Malik, Ph.D. 33

33

Distributed & Cloud Computing

In-memory Databases • Amazon

ElastiCache
• In-memory databases are purpose-built databases that rely primarily
on memory for data storage, in contrast to databases that store data
on disk or SSDs
• Designed to enable minimal response times by eliminating the need
to access disks
• Risk losing data upon a process or server failure • Azure Cache for
o Because all data is stored and managed exclusively in main memory, in- Redis
memory databases
• Can persist data on disks by storing each operation in a log or by
taking snapshots
• In-memory databases are faster than disk-optimized databases
o because disk access is slower than memory access and the internal
optimization algorithms are simpler and execute fewer CPU instructions
• Ideal for applications that require microsecond response times or • Cloud
have large spikes in traffic such as gaming leaderboards, session Memorystore
stores, and real-time analytics
Cloud Computing Services Sheheryar Malik, Ph.D. 34

34

17
 9/13/2024

Distributed & Cloud Computing

Networking & Content Delivery

Cloud Computing Services Sheheryar Malik, Ph.D. 35

35

Distributed & Cloud Computing

Networking & Content Delivery

• Content Delivery Network (CDN)
• Domain Name System (DNS)
• Virtual Private Cloud
• VPC Peering

Cloud Computing Services Sheheryar Malik, Ph.D. 36

36

18
 9/13/2024

Distributed & Cloud Computing

Networking & Content Delivery

Name of Service AWS Azure GCP
Virtual private cloud Amazon Virtual Private Azure Virtual Network Virtual Private Cloud
Cloud
VPC Peering AWS VPC Peering Virtual network peering VPC Network Peering
CDN Amazon CloudFront Azure CDN Cloud CDN
DNS Amazon Route 53 Azure DNS Cloud DNS
Private connection Amazon VPC PrivateLink Virtual Network Service Private Access Options for
Endpoints Services
API management Amazon API Gateway API Management Cloud Endpoints / Apigee
Service mesh AWS App Mesh Azure Service Fabric Mesh Traffic Director
Service discovery AWS Cloud Map
Dedicated line connection AWS Direct Connect ExporessRoute Cloud Interconnect
Global load balancer AWS Global Accelerator Azure Traffic Manager Cloud Load Balancing
Hub & spoke network AWS Transit Gateway
connection

Cloud Computing Services Sheheryar Malik, Ph.D. 37

37

Distributed & Cloud Computing

Content Delivery Network (CDN) • Amazon

CloudFront
• A content delivery network (CDN) refers to a geographically
distributed group of servers which work together to
provide fast delivery of Internet content
• A CDN allows for the quick transfer of assets needed for
loading Internet content including HTML pages, javascript • Azure CDN
files, stylesheets, images, and videos
• The popularity of CDN services continues to grow, and
today the majority of web traffic is served through CDNs,
including traffic from major sites like Facebook, Netflix, and
Amazon
• A properly configured CDN may also help protect websites • Cloud CDN
against some common malicious attacks, such as
Distributed Denial of Service (DDOS) attacks
https://www.cloudflare.com/learning/cdn/what-is-a-cdn/
Cloud Computing Services Sheheryar Malik, Ph.D. 38

38

19
 9/13/2024

Distributed & Cloud Computing

Domain Name System (DNS) • Amazon Route

53
• The Domain Name System (DNS) is the hierarchical and
decentralized naming system used to identify computers
reachable through the Internet or other Internet Protocol
(IP) networks
• Azure DNS
• The resource records contained in the DNS associate
domain names with other forms of information
• DNS translates human readable domain names
o for example, www.amazon.com to machine readable IP
addresses for example, 192.0.2.44
• Have been extended over time to perform many other • Cloud DNS
functions as well
https://www.cloudflare.com/learning/dns/what-is-dns/
Cloud Computing Services Sheheryar Malik, Ph.D. 39

39

Distributed & Cloud Computing

Virtual Private Cloud • Amazon Virtual

Private Cloud
• A virtual private cloud (VPC) is a secure, isolated private cloud hosted within a
public cloud
• It provides a certain level of isolation between the different organizations using the
resources
• VPC customers can run code, store data, host websites, and do anything else they
could do in an ordinary private cloud, but the private cloud is hosted remotely by a
public cloud provider. • Azure Virtual
• VPCs combine the scalability and convenience of public cloud computing with the Network
data isolation of private cloud computing
• The isolation between one VPC user and all other users of the same cloud (other
VPC users as well as other public cloud users) is achieved normally through
allocation of a private IP subnet and a virtual communication construct (such as a
VLAN or a set of encrypted communication channels) per user
• Isolation within the cloud, is accompanied with a virtual private network (VPN)
function
• VPC is most commonly used in the context of cloud infrastructure as a service • Virtual Private
Cloud

https://www.cloudflare.com/learning/cloud/what-is-a-virtual-private-cloud/
Cloud Computing Services Sheheryar Malik, Ph.D. 40

40

20
 9/13/2024

Distributed & Cloud Computing

VPC Peering • AWS VPC

Peering
• A VPC peering connection is a networking connection
between two VPCs that enables you to route traffic
between them using private IPv4 addresses or IPv6
addresses
• Virtual network
• Instances in either VPC can communicate with each other peering
as if they are within the same network
• You can create a VPC peering connection between your
own VPCs, or with a VPC in another AWS account
• The VPCs can be in different Regions
o also known as an inter-Region VPC peering connection • VPC Network
Peering

Cloud Computing Services Sheheryar Malik, Ph.D. 41

41

Distributed & Cloud Computing

Security, Identity & Compliance

Cloud Computing Services Sheheryar Malik, Ph.D. 42

42

21
 9/13/2024

Distributed & Cloud Computing

Security, Identity & Compliance Services

Name of Service AWS Azure GCP
ID management AWS Identity and Access Azure Active Directory Cloud IAM
Management
Hierarchical data store Amazon Cloud Directory
Customer identity access Amazon Cognito Azure Mobile Apps, Azure Identity Platform
management (CIAM) Active Directory B2C
Threat detection Amazon GuardDuty Azure Security Center Cloud Security Command
Center
Server Security Amazon Inspector Azure Security Center Cloud Security Command
Assessment Center
Confidential data Amazon Macie Azure Information Cloud Data Loss
detection and protection Protection Prevention
Access to compliance AWS Artifact Service Trust Portal
reports
SSL/TLS certificate AWS Certificate Manager App Service Certificates Google-managed SSL
management certificates
Cloud Computing Services Sheheryar Malik, Ph.D. 43

43

Distributed & Cloud Computing

Security, Identity & Compliance Services

Name of Service AWS Azure GCP
Hardware security AWS Cloud HSM Azure Dedicated HSM Cloud HSM
module
Active Directory AWS Directory Service Azure Active Directory Managed Service for
Microsoft Active Directory
Central management of AWS Firewall Manager Azure Firewall Google Cloud Firewalls
firewall rules
Create and manage keys AWS Key Management Azure Key Vault Cloud Key Management
Service Service
Management of AWS Secrets Manager Azure Key Vault GCP Secret Manager
confidential information
Security Information AWS Security Hub Azure Sentinel Security Command Center
Management
DDoS protection AWS Shield Azure DDoS Protection Cloud Armor
Single sign on AWS Single Sign-On Azure Active Directory B2C Cloud Identity
WAF AWS WAF Azure Application Cloud Armor
Gateway
Cloud Computing Services Sheheryar Malik, Ph.D. 44

44

22
 9/13/2024

Distributed & Cloud Computing

Identity and Access Management (IAM) • AWS Identity

and Access
• Identity and access management (IAM or IdAM), is a framework of policies Management
and technologies to ensure that the right users (that are part of the
ecosystem connected to or within an enterprise) have the appropriate
access to technology resources
• IAM systems fall under the overarching umbrellas of IT security and data
management
• Identity and access management systems not only identify, authenticate, • Azure Active
and control access for individuals who will be utilizing IT resources but also Directory
the hardware and applications employees need to access
• IAM systems, products, applications and platforms manage identifying and
ancillary data about entities
o it include individuals, computer-related hardware, and software applications
• IAM covers issues such as how users gain an identity, the roles, and
sometimes the permissions that identity grants, the protection of that
identity, and the technologies supporting that protection • Cloud IAM
o e.g., network protocols, digital certificates, passwords, etc.

Cloud Computing Services Sheheryar Malik, Ph.D. 45

45

Distributed & Cloud Computing

IAM User, Roles, Groups

• IAM Users
o An IAM user is an entity that you create in AWS
o It represents the person or service who uses the IAM user to interact with AWS
o It gives people the ability to sign into the Cloud Management Console for interactive
tasks and to make programmatic requests to AWS services using the API or CLI
o Generally, a user in cloud consists of a name, a password to sign into the cloud
o When you create an IAM user, you grant it permissions by making it a member of a
user group that has appropriate permission policies attached (recommended), or by
directly attaching policies to the user
• IAM Groups
o An IAM user group is a collection of IAM users
o You can use user groups to specify permissions for a collection of users, which can
make those permissions easier to manage for those users
o For example, you could have a user group called Admins and give that user group the
types of permissions that administrators typically need
Cloud Computing Services Sheheryar Malik, Ph.D. 46

46

23
 9/13/2024

Distributed & Cloud Computing

IAM User, Roles, Groups

• IAM Roles
o An IAM role is very similar to a user, in that it is an identity with permission policies
that determine what the identity can and cannot do in AWS
o A role does not have any credentials (password or access keys) associated with it
▪ Instead of being uniquely associated with one person, a role is intended to be assumable by
anyone who needs it
▪ An IAM user can assume a role to temporarily take on different permissions for a specific task
o A role can be assigned to a federated user who signs in by using an external identity
provider instead of IAM
• Policies
o A policy is an object in AWS that, when associated with an identity or resource,
defines their permissions
o When you create a permissions policy to restrict access to a resource, you can
choose an identity-based policy or a resource-based policy
Cloud Computing Services Sheheryar Malik, Ph.D. 47

47

Distributed & Cloud Computing

Identity-based Policies and Resource-based Policies

• Identity-based Policies
o They are attached to an IAM user, group, or role
o These policies let you specify what that identity can do (its permissions)
o For example, you can attach the policy to the IAM user named John, stating that he is
allowed to perform the Amazon EC2 RunInstances action
▪ The policy could further state that John is allowed to get items from an Amazon DynamoDB
table named MyCompany
▪ You can also allow John to manage his own IAM security credentials. Identity-based policies
can be managed or inline.
• Resource-based Policies
o They are attached to a resource
o For example, you can attach resource-based policies to Amazon S3 buckets, Amazon
SQS queues, VPC endpoints, and AWS Key Management Service encryption keys
▪ For a list of services that support resource-based policies, see AWS services that work with
IAM
o With resource-based policies, you can specify who has access to the resource and
what actions they can perform on it

Cloud Computing Services Sheheryar Malik, Ph.D. 48

48

24
 9/13/2024

Distributed & Cloud Computing

Customer Identity Access Management

(CIAM) • Amazon Cognito

• CIAM is a subset of the larger concept of identity access

management (IAM) that focuses on managing and
controlling external parties' access to a business'
applications, web portals and digital services
• The biggest difference between typical IAM and CIAM is • Azure Mobile
that CIAM gives its users (consumers) significantly more Apps
control over their identity • Azure Active
Directory B2C
• Unlike traditional (or inside-out) IAM, which is generally
driven by operational efficiency, CIAM is built on a user-
first, outside-in approach that gives customers the agency
to make changes to their security, privacy and • Identity Platform
personalization settings

Cloud Computing Services Sheheryar Malik, Ph.D. 49

49

Distributed & Cloud Computing

Application Integration

Cloud Computing Services Sheheryar Malik, Ph.D. 50

50

25
 9/13/2024

Distributed & Cloud Computing

Application Integration
• Message queue
• Pub/Sub
• Distributed application creation

Cloud Computing Services Sheheryar Malik, Ph.D. 51

51

Distributed & Cloud Computing

Application Integration Services

Name of Service AWS Azure GCP
Visual Workflow to AWS Step Functions Azure Logic Apps
Create distributed
application
Message queue Amazon Simple Queue Azure Queue Storage Cloud Tasks
Service
Pub/Sub Amazon Simple Azure Service Bus Cloud Pub/Sub
Notification Service
ActiveMQ Deployment Amazon MQ Cloud Pub/Sub
GraphQL AWS AppSync
Event delivery Amazon CloudWatch Event Grid
Events

Cloud Computing Services Sheheryar Malik, Ph.D. 52

52

26
 9/13/2024

Distributed & Cloud Computing

Message Queue • Amazon Simple

Queue Service
• A message queue is a form of asynchronous service-to-service
communication used in serverless and microservices
architectures
• Messages are stored on the queue until they are processed and
deleted
o To send a message, a component called a producer adds a message to • Azure Queue
the queue Storage
o Each message is processed only once, by a single consumer
o Message queues can be used to decouple heavyweight processing, to
buffer or batch work, and to smooth spiky workloads
• The messages are usually small, and can be things like requests,
replies, error messages, or just plain information
• Cloud Tasks

Cloud Computing Services Sheheryar Malik, Ph.D. 53

53

Distributed & Cloud Computing

Message Queue
• Message queues provide communication and coordination for decoupled
distributed applications
o Message queues can significantly simplify coding of decoupled applications, while
improving performance, reliability and scalability
• Message Queue enables messages to wait safely until the receiving
application is ready
o if there is a problem with the network or receiving application, the messages in the
message queue are not lost
• It allows developers to keep processes and applications separate, keeping
their communications self-contained and event-driven to make the
architecture more reliable
• Message queues are available in messaging solutions across numerous
deployment options, including optimized physical appliances, cloud
services, mainframes, and as software
Cloud Computing Services Sheheryar Malik, Ph.D. 54

54

27
 9/13/2024

Distributed & Cloud Computing

Pub/Sub • Amazon Simple

Notification
• Publish/subscribe messaging, or pub/sub messaging, is a form of Service
asynchronous service-to-service communication used in serverless and
microservices architectures
• In a pub/sub model, any message published to a topic is immediately
received by all of the subscribers to the topic
o Unlike message queues, message topics transfer messages with no or very little
queuing, and push them out immediately to all subscribers • Azure Service
• Pub/sub messaging can be used to enable event-driven architectures, or to Bus
decouple applications in order to increase performance, reliability and
scalability
• The Publish Subscribe model allows messages to be broadcast to different
parts of a system asynchronously
• To broadcast a message, a component called a publisher simply pushes a
message to the topic
• All components that subscribe to the topic will receive every message that • Cloud Pub/Sub
is broadcast, unless a message filtering policy is set by the subscriber

Cloud Computing Services Sheheryar Malik, Ph.D. 55

55

Distributed & Cloud Computing

Pub/Sub

Cloud Computing Services Sheheryar Malik, Ph.D. 56

56

28
 9/13/2024

Distributed & Cloud Computing

Pub/Sub

https://cloud.google.com/pubsub/docs/overview
Cloud Computing Services Sheheryar Malik, Ph.D. 57

57

Distributed & Cloud Computing

Pub/Sub Common Use Cases

• Ingestion user interaction and server events
o To use user interaction events from end-user apps or server events from your
system, you might forward them to Pub/Sub
o You can then use a stream processing tool, such as Dataflow, which delivers the
events to databases
• Real-time event distribution
o Events, raw or processed, may be made available to multiple applications across your
team and organization for real- time processing
o Pub/Sub supports an "enterprise event bus" and event-driven application design
patterns
• Replicating data among databases
o Pub/Sub is commonly used to distribute change events from databases
• Enterprise event bus
o You can create an enterprise-wide real-time data sharing bus, distributing business
events, database updates, and analytics events across your organization

Cloud Computing Services Sheheryar Malik, Ph.D. 58

58

29
 9/13/2024

Distributed & Cloud Computing

Pub/Sub Common Use Cases

• Parallel processing and workflows
o You can efficiently distribute many tasks among multiple workers by using Pub/Sub
messages to connect to Cloud Functions
o Examples of such tasks are compressing text files, sending email notifications,
evaluating AI models, and reformatting images
• Data streaming from applications, services, or IoT devices
o For example, a SaaS application can publish a real-time feed of events
• Refreshing distributed caches
o For example, an application can publish invalidation events to update the IDs of
objects that have changed
• Load balancing for reliability
o For example, instances of a service may be deployed on Compute in multiple zones
but subscribe to a common topic
o When the service fails in any zone, the others can pick up the load automatically
Cloud Computing Services Sheheryar Malik, Ph.D. 59

59

Distributed & Cloud Computing

Visual Workflow for Distributed Application

Creation • AWS Step
Functions
• It is a visual workflow service that helps developers use
cloud services to build distributed applications, automate
processes, orchestrate microservices, and create data and
machine learning (ML) pipelines
• You can create and run automated workflows with little to • Azure Logic Apps
no code
• Create automated workflows, including manual approval
steps, for security incident response
• Combine multiple cloud functions into responsive
serverless applications and microservices
• Automate and sequence the steps in your ML pipeline to
train a model using your data
Cloud Computing Services Sheheryar Malik, Ph.D. 60

60

30
 9/13/2024

Distributed & Cloud Computing

Operations and Monitoring

Cloud Computing Services Sheheryar Malik, Ph.D. 61

61

Distributed & Cloud Computing

Operations and Monitoring

• Cloud Monitoring
• Audit Logging
• Performance Tracing

Cloud Computing Services Sheheryar Malik, Ph.D. 62

62

31
 9/13/2024

Distributed & Cloud Computing

Operations and Monitoring Services

Name of Service AWS Azure GCP
Audit logging AWS CloudTrail Azure Audit Logs Cloud Audit Logs
Debugging AWS X-Ray Azure Monitor Cloud Debugger
Application Insights
Snapshot Debugger
Logging Amazon CloudWatch Azure Monitor Logs Cloud Logging
Logs
Monitoring Amazon CloudWatch Azure Monitor Cloud Monitoring
Performance tracing AWS X-Ray Azure Monitor Cloud Trace
Application Insights
Distributed Tracing
Profiling Amazon CodeGuru Azure Monitor Cloud Profiler
Profiler Application Insights
Profiler

Cloud Computing Services Sheheryar Malik, Ph.D. 63

63

Distributed & Cloud Computing

Cloud Monitoring • Amazon

CloudWatch
• Cloud monitoring is a method of reviewing, observing, and managing
the operational workflow in a cloud-based IT infrastructure
• Manual or automated management techniques confirm the
availability and performance of websites, servers, applications, and
other cloud infrastructure
o This continuous evaluation of resource levels, server response times, and
speed predicts possible vulnerability to future issues before they arise • Azure Monitor
• Gain visibility into the performance, availability, and health of your
applications and infrastructure
• Observe and monitor cloud resources and applications in the cloud
and on premises
• Generally, it collects and visualizes real-time logs, metrics, and event
data in automated dashboards to streamline your infrastructure and
application maintenance. • Cloud
• Improve operational performance using alarms and automated Monitoring
actions set to activate at predetermined thresholds
Cloud Computing Services Sheheryar Malik, Ph.D. 64

64

32
 9/13/2024

Distributed & Cloud Computing

Audit Logging • AWS CloudTrail

• Cloud Audit Logging monitors and records account activity

across your AWS infrastructure, giving you control over storage,
analysis, and remediation actions
• Monitor, store, and validate activity events for authenticity
• Cloud services write audit logs to help you answer the • Azure Audit Logs
questions, "Who did what, where, and when" within your
resources
• Protect your organization from penalties using audit logs to
prove compliance with regulations such as SOC, PCI, and HIPAA
• Improve your security posture by recording user activity and
events, and may set up automated workflow rules
• Cloud Audit Logs
• Capture and consolidate user activity and API usage across
regions and accounts on a single, centrally controlled platform
Cloud Computing Services Sheheryar Malik, Ph.D. 65

65

Distributed & Cloud Computing

Performance Tracing • AWS X-Ray

• Analyze and debug production and distributed applications

• Trace user requests through your application while
meeting your security and compliance objectives
• Identify bottlenecks and determine where high latencies
are occurring to improve application performance • Application
Insights
• You can track how requests propagate through your • Distributed
application and receive detailed near real-time Tracing
performance insights
• Remove data silos and get the information you need to
improve user experience and reduce downtime
• Cloud Trace
• Debug serverless applications in real time, and monitor
both cloud cost and performance metrics
Cloud Computing Services Sheheryar Malik, Ph.D. 66

66

33
 9/13/2024

Distributed & Cloud Computing

Management & Governance

Cloud Computing Services Sheheryar Malik, Ph.D. 67

67

Distributed & Cloud Computing

Management & Governance Services

Name of Service AWS Azure GCP
Monitoring Amazon CloudWatch Azure Monitor Google Stackdriver
Create and manage AWS CloudFormation Azure Resource Cloud Deployment
resources Manager Manager
Activity tracking AWS CloudTrail Azure Activity Log Audit logging
Record resource AWS Config Azure Security Control Cloud Asset Inventory
configuration changes,
audit
Deployment of AWS OpsWorks (Chef / Azure App Anthos Config
Configuration Puppet) Configuration Management
Management Service
Manage IT Service AWS Service Catalog Azure Custom Images Private Catalog
Catalog
Infrastructure AWS Systems Manager Azure Bastion, Azure Identity-Aware Proxy
visualization and AD Application Proxy (IAP)
control
Cloud Computing Services Sheheryar Malik, Ph.D. 68

68

34
 9/13/2024

Distributed & Cloud Computing

Management & Governance Services

Name of Service AWS Azure GCP
Performance and AWS Trusted Advisor Azure Advisor
Security Optimization
Display the status of AWS Personal Health Azure Resource Health
the service being used Dashboard
Set up a compliant AWS Control Tower Azure Policy
account
License management AWS License Manager
Workload review and AWS Well-Architected
improvement Tool
Manage multiple AWS Organizations Subspricton + RBAC
accounts
Backup & disaster AWS Resilience Hub Azure Backup and Actifio
recovery Disaster Recovery
Browser based shell AWS Systems Manager Cloud Shell Cloud Shell
Session Manager
Cloud Computing Services Sheheryar Malik, Ph.D. 69

69

Distributed & Cloud Computing

Developer & Operation Tools

Cloud Computing Services Sheheryar Malik, Ph.D. 70

70

35
 9/13/2024

Distributed & Cloud Computing

Developer & Operation Tools Services

Name of Service AWS Azure GCP
Development project AWS CodeStar Azure DevOps
management
Git repository AWS CodeCommit Azure Repos Cloud Source
Repositories
Continuous build and AWS CodeBuild Azure Pipelines Cloud Build
test
Continuous AWS CodeDeploy Azure Pipelines Cloud Deploy
deployment
Pipeline AWS CodePipeline Azure Pipelines Cloud Build
CI/CD for container AWS Proton Azure DevOps Cloud Deploy
applications
Work management Azure Boards
Package registry Azure Artifacts
Cloud Computing Services Sheheryar Malik, Ph.D. 71

71

Distributed & Cloud Computing

Developer & Operation Tools Services

Name of Service AWS Azure GCP
Test plan management Azure Test Plans
IDE AWS Cloud 9 Visual Studio Online Cloud Shell Code editor
Distributed tracing AWS X-Ray Azure Application Stackdriver Trace
Insights
No-code (Fully AppSheet, Amazon Microsoft Power AppSheet
managed cron jobs) Honeycode Platform
Client libraries AWS SDKs Azure SDKs Cloud SDK
Cloud development IDE AWS Toolkit Azure Toolkit Cloud Code
plugin
Cloud-based IDE AWS CloudShell Azure Cloud Shell Cloud Shell
Command-line AWS CLI Azure CLI gcloud CLI
interface (CLI)
Job scheduling AWS Batch Azure Scheduler Cloud Scheduler

Cloud Computing Services Sheheryar Malik, Ph.D. 72

72

36
 9/13/2024

Distributed & Cloud Computing

Migration & Transfer

Cloud Computing Services Sheheryar Malik, Ph.D. 73

73

Distributed & Cloud Computing

Migration & Transfer Services

Name of Service AWS Azure GCP
Management of AWS Migration Hub
migration
Transition assessment AWS Application Azure Migrate
Discovery Service
Database migration AWS Database Azure Database Database Migration
Migration Service Migration Service Service
Container migration AWS App2Container Azure Migrate Migrate for Anthos

Storage migration AWS Storage Gateway Azure Migrate Storage Transfer Service
Mass data migration Snow family Azure Data box Transfer Appliance
Data transfer from on- AWS DataSync
premises
Server migration AWS Server Migration Azure Site Recovery Migrate for Compute
Service Engine
SFTP AWS Transfer for SFTP
Cloud Computing Services Sheheryar Malik, Ph.D. 74

74

37
 9/13/2024

Distributed & Cloud Computing

Data Analytics

Cloud Computing Services Sheheryar Malik, Ph.D. 75

75

Distributed & Cloud Computing

Data Analytics Services

Name of Service AWS Azure GCP
Business intelligence Amazon QuickSight Microsoft Power BI Looker
Query to data lake Amazon Athena Azure Data Lake Google BigQuery
Analytics
Search Amazon CloudSearch Azure Search
Data discovery and AWS Glue Data Catalog Azure Purview, Azure Data Catalog
metadata management Data Explorer
Data processing Amazon Elastic Azure Data Lake Dataproc
MapReduce (EMR), Analytics, HDInsight
AWS Batch, AWS Glue
Data warehouse Amazon Athena, Azure Synapse Analytics BigQuery
Amazon Redshift
Data wrangling AWS Glue Data Brew Azure Data Factory Dataprep by Trifecta
Stream data ingest Amazon Kinesis Azure Event Hubs Pub/Sub
Stream data processing Amazon Kinesis Data Azure Stream Analytics Cloud Dataflow
Firehose
Cloud Computing Services Sheheryar Malik, Ph.D. 76

76

38
 9/13/2024

Distributed & Cloud Computing

Data Analytics Services

Name of Service AWS Azure GCP
Data Warehousing Amazon Redshift Azure SQL Data Google BigQuery
Warehouse
Query service Amazon Redshift Azure Synapse Analytics BigQuery
Spectrum
Workflow AWS Data Pipeline Azure Data Factory Cloud Composer
orchestration
ETL / Data integration AWS Glue Azure Data Factory Cloud Data Fusion
Build a data lake AWS Lake Formation
Data catalog AWS Glue Azure Data Catalog Cloud Data Catalog
Hadoop cluster Amazon EMR HD Insight/Azure CloudDataproc
deployment Databricks
Elasticsearch cluster Amazon Elasticserach
deployment Service
Kafka cluster Amazon Managed
deployment Streaming for Kafka
Cloud Computing Services Sheheryar Malik, Ph.D. 77

77

Distributed & Cloud Computing

AI & Machine Learning

Cloud Computing Services Sheheryar Malik, Ph.D. 78

78

39
 9/13/2024

Distributed & Cloud Computing

AI & Machine Learning Services

Name of Service AWS Azure GCP
Construction of Amazon SageMaker Azure Machine Cloud ML Engine
machine learning Learning Service
model
Natural language Amazon Comprehend Azure Text Analytics Cloud Natural Language
processing AI
Build a chatbot Amazon Lex Azure Conversational AI Dialogflow
Text-to-Speech Amazon Polly Azure Text to Speech Cloud Text-to-Speech
Image recognition Amazon Rekognition Computer vision Cloud Vision AI
Translation Amazon Translate Translator Text Cloud Translation AI
Speech-to-Text Amazon Transcribe Speech Services Cloud Speech-to-Text
Recommendation Amazon Personalize Personalizer Recommendations Al
Time series prediction Amazon Forecast
Document detection Amazon Ttractor

Cloud Computing Services Sheheryar Malik, Ph.D. 79

79

Distributed & Cloud Computing

AI & Machine Learning Services

Name of Service AWS Azure GCP
Speeding up inference Amazon Elastic
Inference
Construct a data set Amazon SageMaker Vertex AI
Ground Truth
Customize your vision Custom Vision Cloud AutoML Vision
model
Voice model Custom Speech
customization
Customize language Amazon Comprehend Cloud AutoML Natural
processing model Language
Customize translation Amazon Translate Translator Text Custom Cloud AutoML
model Custom Terminology Translator Translation

Cloud Computing Services Sheheryar Malik, Ph.D. 80

80

40