UNIT I: CLOUD ARCHITECTURE MODELS AND INFRASTRUCTURE

1. Cloud Computing Architecture

• Design Goals: Scalability, Reliability, Efficiency, and Virtualization.

• Key Requirements: Automated service delivery, support for web standards

(RESTful APIs), loose coupling, enhanced security, self-service portal, and
efficient cloud management software.

• Layered Architecture:

o Infrastructure as a Service (IaaS): Foundation layer providing virtualized

computing resources (CPU, storage, network).

o Platform as a Service (PaaS): Middle layer offering a development and

deployment platform (IDEs, databases, middleware).

o Software as a Service (SaaS): Top layer delivering on-demand software

applications to end-users (e.g., CRM, email).

2. System Models for Distributed and Cloud Computing

• Clusters: Interconnected autonomous computers working as a single resource.

o Key Features: Single System Image (SSI), high availability, fault tolerance,
and load balancing.

• Grid Computing: Couples computers, software, and instruments across

organizations to form a virtual supercomputer.

o Types: Computational Grids and P2P Grids.

• Peer-to-Peer (P2P) Networks: Decentralized model where every node acts as

both client and server.

o Overlay Networks: Logical networks built on top of physical networks

(Structured vs. Unstructured).

3. NIST Cloud Computing Reference Architecture

• Defines five major actors in the cloud ecosystem:

o Cloud Consumer: Uses cloud services.

o Cloud Provider: Offers cloud services.

o Cloud Auditor: Independently assesses cloud services.

o Cloud Broker: Manages and negotiates cloud services (Intermediation,

Aggregation, Arbitrage).
 o Cloud Carrier: Provides connectivity and transport for cloud services.

4. Cloud Deployment Models

• Public Cloud: Services offered over the internet to the general public (e.g., AWS,
Azure). Advantages: Cost-effective, scalable. Disadvantages: Less security
control.

• Private Cloud: Dedicated infrastructure for a single

organization. Advantages: High security and control. Disadvantages: Higher cost,
limited scalability.

• Hybrid Cloud: Combines public and private clouds, offering flexibility and data
deployment options.

• Community Cloud: Shared by several organizations with common concerns.

5. Cloud Service Models

• IaaS: Provides virtualized computing resources over the internet. User manages
OS, apps; provider manages hardware. (e.g., AWS EC2).

• PaaS: Provides a platform for developing, testing, and managing applications.

User manages apps; provider manages the platform. (e.g., Google App Engine).

• SaaS: Delivers software applications over the internet on a subscription basis.

Provider manages everything. (e.g., Gmail, Salesforce).

UNIT II: VIRTUALIZATION BASICS

1. Virtual Machine (VM)

• An emulation of a computer system.

• Types:

o System VMs: Provide a complete platform to run an entire OS (e.g.,

VirtualBox).

o Process VMs: Provide a platform-independent programming environment

(e.g., JVM).

2. Hypervisor (Virtual Machine Monitor - VMM)

• Software that creates and runs VMs.

• Types:
 o Type I (Bare-Metal): Runs directly on hardware. Better performance and
security (e.g., VMware ESXi, Xen).

o Type II (Hosted): Runs on a host OS. Easier to set up but less efficient
(e.g., VMware Workstation, VirtualBox).

3. Implementation Levels of Virtualization

• Instruction Set Architecture (ISA) Level

• Hardware Abstraction Level (HAL)

• Operating System Level

• Library Level

• Application Level

4. Virtualization Mechanisms

• Full Virtualization: Guest OS runs unmodified. Uses binary translation for

sensitive instructions. (e.g., VMware).

• Para-Virtualization: Guest OS is modified to use hypercalls for better

performance. (e.g., Xen).

• Hardware-Assisted Virtualization: CPU hardware extensions (Intel VT-x, AMD-

V) simplify virtualization.

5. Virtualization of CPU, Memory, and I/O

• CPU: x86 uses privilege rings (0-3). Virtualization challenges involve trapping and
handling privileged instructions.

• Memory: Uses shadow page tables and a Translation Lookaside Buffer (TLB) for
efficient virtual-to-physical-to-machine memory mapping.

• I/O Device:

o Full Device Emulation: Software emulates hardware (high overhead).

o Para-Virtualization: Uses split-driver model (front-end in guest, back-end

in host).

o Direct I/O: VM accesses device directly for high performance.

UNIT III: VIRTUALIZATION INFRASTRUCTURE AND DOCKER

1. Types of Virtualization
 • Desktop Virtualization (VDI): Hosting desktops on a central server (e.g.,
VMware Horizon).

• Network Virtualization: Creating virtual networks decoupled from hardware

(e.g., VMware NSX).

• Storage Virtualization: Pooling physical storage to appear as a single unit.

• Server Virtualization: Partitioning a physical server into multiple VMs.

• Application Virtualization: Encapsulating an app from the OS so it can run in an

isolated environment.

2. Virtual Clusters and Resource Management

• Built with VMs installed across multiple physical servers.

• Advantages: Fast deployment, high-performance virtual storage, and efficient

scheduling.

• Live VM Migration: Moving a running VM from one host to another with minimal
downtime.

o Steps: Pre-Migration, Reservation, Iterative Pre-Copy, Stop-and-Copy,

Commitment, Activation.

3. Docker

• An open-source platform for developing, shipping, and running applications

in containers.

• Containers vs. VMs: Containers are more lightweight as they share the host OS
kernel, leading to faster start times and less overhead.

• Key Components:

o Docker Engine: Client-server application with a daemon, REST API, and

CLI.

o Docker Images: Read-only templates used to build containers.

o Docker Containers: Runnable instances of an image.

o Docker Registry/ Hub: Service for storing and sharing images (e.g.,
Docker Hub).

UNIT IV: CLOUD DEPLOYMENT ENVIRONMENT

1. Google App Engine (GAE)

 • A PaaS for developing and hosting web applications.

• Core Infrastructure:

o Google File System (GFS): Distributed file system for large data storage.

o BigTable: Distributed storage system for structured data (rows, columns,

timestamps).

o Chubby: A distributed lock service for coordination.

2. Amazon Web Services (AWS)

• EC2 (Elastic Compute Cloud): IaaS providing resizable compute capacity

(instances/AMIs).

• S3 (Simple Storage Service): Object storage service for data archiving and
backup.

• EBS (Elastic Block Store): Block-level storage volumes for use with EC2
instances.

• Glacier: Low-cost storage service for data archiving and long-term backup.

3. Microsoft Azure

• A cloud platform offering IaaS, PaaS, and SaaS.

• Key Components:

o Compute: Web Roles and Worker Roles.

o Storage: Blobs (for large data), Tables (for structured data), Queues (for
messaging).

o SQL Azure: Cloud-based relational database.

4. Eucalyptus

• An open-source IaaS platform for building private and hybrid clouds, compatible
with AWS APIs.

• Components: Cloud Controller (CLC), Cluster Controller (CC), Node Controller

(NC), Storage Controller (Walrus).

5. OpenStack

• An open-source cloud operating system for building and managing public and
private clouds.

• Core Components:
 o Nova (Compute)

o Swift (Object Storage)

o Cinder (Block Storage)

o Neutron (Networking)

o Glance (Image Service)

o Keystone (Identity Service)

o Horizon (Dashboard)

UNIT V: CLOUD SECURITY

1. Virtualization-Specific Attacks

• Guest Hopping: An attacker breaches one VM to access others on the same

host.

• VM Migration Attack: Attacking the process of moving a VM between hosts to

intercept data or compromise the VM.

• Hyperjacking: Attacking and taking control of the hypervisor, compromising all

VMs it manages.

2. Data Security and Storage

• Concerns revolve around the classic triad: Confidentiality, Integrity, and

Availability (CIA).

• Mitigation: Use encryption (at rest and in transit), access controls, and regular
audits.

3. Identity and Access Management (IAM)

• Framework of policies and technologies for ensuring the right individuals have
appropriate access to technology resources.

• Challenges: Managing identities across different systems,

provisioning/deprovisioning, and ensuring least privilege access.

• Architecture: Involves directories, access control systems, and single sign-on

(SSO) solutions.