An understanding Approach towards Cloud Computing

International Journal of Emerging Technology and Advanced Engineering

91

An understanding Approach towards Cloud Computing

Atesh Kumar

, Ashish Ranjan

, Unique Gangwar

1_{Computer Science and Engineering, IES College of Technology, Bhopal, MP} 2

Computer Science and Engineering, National Institute of Technology, Patna, Bihar

3_{Computer Science and Engineering, Jaypee Institute of information Technology, Noida, UP}

Abstract— ―Cloud‖ computing – a way to increase the capacity of a network without investing in new infrastructure, training new personnel, or licensing new software. It represents service oriented architecture by offering reduced information technology overheads for the end-user, great flexibility, etc. This paper is a brief survey of cloud computing, various elements of cloud computing security and its application areas. This paper also explains cloud computing as a combination of services like Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), Communication as a Service (CaaS), Data Storage as a Service (DaaS), and Hardware as a Service (HaaS).

Keywords—Cloud Computing, Service Oriented Architecture

I. INTRODUCTION

Cloud computing is the next generation in computation. Cloud computing [9] is a metaphor for the Internet. Cloud Computing is a form of computing in which all applications, information and resources are managed in a virtual environment. Cloud computing involves virtual hosted environments allowing users to connect to the services being hosted over the internet. It is Internet ("cloud") based development and use of computer technology ("computing"). It is a style of computing in which IT-related capabilities are provided “as a service” [6], allowing users to access technology-enabled services from the Internet (i.e., the Cloud) without knowledge of, expertise with, or control over the technology infrastructure that supports them. It implies Service Oriented Architecture (SOA) [7]. SOA is a way of reorganizing a portfolio of previous software applications and support infrastructure into an interconnected set of services, each accessible through standard interfaces and messaging protocols. Once all the elements of enterprise architecture are in place, existing and future applications can access these services as necessary without the need of convoluted point-to-point solutions based on inscrutable proprietary protocols. This architectural approach is particularly applicable when multiple applications running on varied technologies and platforms need to communicate with each other. In this way, enterprises can mix and match services to perform business transactions with minimal programming effort.

A simple example of cloud computing is Yahoo email, Gmail, or Hotmail etc. There is no need to have a server or any software to use it. All what is required is just an internet connection and e-mails are just one click away. The server and email management software is all on the cloud (i.e. internet) and is totally managed by the cloud service provider Yahoo, Google, AOL etc. The consumer gets to use the software alone and enjoy the benefits. The analogy [13] is, 'If you need milk, would you buy a cow?' All the users or consumers need is to get the benefits of using the software or hardware of the computer like sending emails etc. Just to get this benefit (milk) why should a consumer buy a (cow) software /hardware?

DB Storage

Control Node

Client Network

Application Servers

Figure 1. Cloud Computing System

II. CHARACTERISTICS OF CLOUD COMPUTING

Various characteristics of Cloud Computing are as follow [12]:

International Journal of Emerging Technology and Advanced Engineering

92

 Application programming interface (API) accessibility to software that enables machines to interact with cloud software in the same way the user interface facilitates interaction between humans and computers. Cloud computing systems typically use REST-based APIs. 



 Cost is claimed to be reduced and in a public cloud delivery model capital expenditure is converted to operational expenditure. This is purported to lower barriers to entry, as infrastructure is typically provided by a third party and does not need to be purchased for one-time or infrequent intensive computing tasks. Pricing on a utility computing basis is fine-grained with usage-based options and fewer IT skills are required for implementation (in-house)

 Device and location independence enable users to access systems using a web browser regardless of their location or what device they are using (e.g., PC, mobile phone). As infrastructure is off-site (typically provided by a third-party) and accessed via the Internet, users can connect from anywhere

 Multi-tenancy enables sharing of resources and costs across a large pool of users thus allowing for: 

O Centralization of infrastructure in locations with lower costs (such as real estate, electricity, etc.)

O Peak-load capacity increases (users need not engineer for highest possible load-levels) O Utilization and efficiency improvement for

systems that are often only 10-20% utilized.  Reliability is improved if multiple redundant sites are

used, which makes well-designed cloud computing suitable for business continuity and disaster recovery.   Scalability and Elasticity via dynamic ("on-demand")

provisioning of resources on a fine-grained, self-service basis near real-time, without users having to engineer for peak loads. 

 Performance is monitored and consistent and loosely coupled architectures are constructed using web services as the system interface. 

 Security could improve due to centralization of data, increased security-focused resources, etc., but concerns can persist about loss of control over certain sensitive data, and the lack of security for stored kernels. Security is often as good as or better than under traditional systems, in part because providers are able to devote resources to solving security issues that many customers cannot afford. 



However, the complexity of security is greatly increased when data is distributed over a wider area or greater number of devices and in multi-tenant systems that are being shared by unrelated users. In addition, user access to security audit logs may be difficult or impossible. Private cloud installations are in part motivated by users' desire to retain control over the infrastructure and avoid losing control of information security. 

 Maintenance of cloud computing applications is easier, because they do not need to be installed on each user's computer. 

III. DEPLOYMENT MODEL

A Cloud can be classified as public, private, community, or hybrid based on model of deployment [9], [10], [12] as shown in Figure 2.

 Public cloud: Public cloud or external cloud describes cloud computing in the traditional mainstream sense, whereby resources are dynamically provisioned on a fine-grained, self-service basis over the Internet, via web applications/web services, from an off-site third-party provider who shares resources and bills on a fine-grained utility computing basis.

 Community cloud: A community cloud may be established where several organizations have similar requirements and seek to share infrastructure so as to realize some of the benefits of cloud computing. With the costs spread over fewer users than a public cloud this option is more expensive but may offer a higher level of privacy, security and/or policy compliance. 1. Hybrid cloud: A hybrid cloud means either two separate

clouds joined together or combination of virtual clouds instances used together with real physical hardware. By integrating multiple cloud services users may be able to ease the transition to public cloud services while avoiding issues such as PCI compliance.

International Journal of Emerging Technology and Advanced Engineering

93

Figure 2. Types of Clouds

IV. LAYERED MODEL

As per the layered model [14] shown in Figure 3, Cloud computing system has following layers and each layer represents a level of abstraction, hiding the underlying complexities and thus providing the simplified access to the

Figure 3. Layers of Cloud Computing

resources: applications, software environment, software infrastructure, software kernel and hardware Descriptions of the layers [10] are as follows:

Cloud Application Layer: The layer which is accessible to the end user is cloud application layer. It is usually accessed through web portals (front-end), the user interacts with when using cloud services. A service in the application layer may consists of a mesh of various other cloud services, but appear as a single service to the end user. This model is referred as „Software as a Service‟ (SaaS). One example of this application layer is CRM system or Google‟s Apps (Word processing, spreadsheet etc.).

Cloud Software Environment Layer: This layer is also known as software platform layer which provides a programming language environment for developers of cloud applications. The layer also provides a set of well defined application programming interfaces (API) to use cloud services and interact with other cloud applications.

The service provided in the software platform layer is known as „Platform as a Service‟ (PaaS).Example of this layer is Google‟s App Engine [5] which provides Python runtime environment and specified APIs to develop Google‟s cloud environment.

Cloud software Infrastructure Layer: This layer provides resources to other higher level layers. Various services offered by this layer are data storage, computational resources and communication with other clod applications.

Computation resources are also known as „Infrastructure

as a Service‟ (IaaS). Virtual machine provides the common form of computational resources to users. Some examples of computational resources are Nimbus [8] and Eucalyptus [3].

Data storage component is also known as „Data Storage

as a Service‟ (DaaS).This component allows users to demands flexible storage on remote disks so that they can access remotely. Some examples of this component are Elastic Block Storage (EBS) and Rackspace‟s Cloud Files [11].

Communication as a Service provides quality of service which ensures communication capabilities like network security, dedicated bandwidth and network monitoring.

Software Kernel Layer: This layer is responsible for managing physical servers in the data centers. Implementation of this software kernel is in OS Kernel, virtual machine monitoring or clustering middleware. Globus [4] is one of the examples of this layer.

Hardware/ Firmware Layer: The bottom layer of cloud computing is actually the physical layer which acts as backbone of any cloud computing service capability. However in as a service context, this layer is also referred as „Hardware as a Service‟ (HaaS).

V. CLOUD COMPUTING SECURITY

Cloud security [1] evolved from information security and includes a wide set of controls, technologies, and policies used to protect the associated infrastructure, applications, and data of cloud computing. It is not related to the cloud-based security software services or commonly referred to as security-as-a-service.

International Journal of Emerging Technology and Advanced Engineering

94

Security issues related to cloud computing can either be security issues experienced by end users or security issues experienced by cloud suppliers. In general, cloud computing security fall into three general categories: Contractual or Legal Issues, Compliance, and Privacy and Security. For the contractual and legal issues, end users and cloud vendors have to negotiate about liability, end-of-service, and intellectual property. They must agree about the degree of liability of each party when data has been compromised or lost. They must also agree on how the applications and data can be returned to the client when the contract isn‟t renewed. Cloud providers must also take into consideration how the records are kept because there certain statutes which require electronic records to be kept in a certain way. Public institutions which are utilizing the cloud and storage must consider the laws regarding record keeping.

With regards to data and storage to the cloud, there are various rules and regulations which must be adhered to such as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act, and the Payment Card Industry Data Security Standard. Cloud computing vendors must be able to provide their users to adhere to such rules and regulations easily. There must also be data recovery and business continuity plans so that service can be maintained in case of emergency and/or disaster. Whatever data is lost must have an assurance that it can be recovered. The clients must be able to review such plans so that they‟ll have an assurance that their information is safe with the cloud providers. Cloud computing providers must be able to provide audit trails and logs and such items must be maintained, secured properly, and accessible in case a forensic investigation takes place. The cloud data centers must be maintain in such as a way that they adhere to compliance requirements.

In terms of privacy and security, every user must have his identity management system in order to access computing and information resources. The cloud providers must be able to provide such system to their users. Aside from securing access of data through the internet, the cloud providers must be able to assure their users that the physical servers are all secured and that access to such servers and even user data are all documented. They must also ensure that users can easily access their applications and data when and where they need them. In the production environment, cloud suppliers must be able to secure applications by implementing procedures not only for packaged or outsourced application but also an application security must be implemented.

Lastly, cloud vendors must be able to secure every critical data like credit card numbers by masking and restrict access to such data. Credentials and digital identities must be secured just like any data which cloud providers produce or collect from their users cloud activities

VI. CLOUD COMPUTING APPLICATIONS

Grid Computing — Media transcending, fraud

detection, statistical research — all require batches of multiple “jobs” to process. The more servers, the faster the result. The cloud can be used to spread a workload over many more servers than you would be able to access in your own data center.

 Development and Test — Given the trend toward

iterative, agile development, the ability to test and roll out fast can be a competitive differentiator. With the cloud, developers can deploy and test complete production-scale systems — saving time and expense over traditional testing scenarios and enabling faster handoff from development to operations. 

 Social Gaming Applications — Building your own

infrastructure to handle peak volume requires capital investments — and no matter how big you build it, it still may not be enough. Cloud-based computer resources and sophisticated management platforms, on the other hand, can deliver increased flexibility and lower costs for large traffic events and ongoing life cycle management. 

 Windows in the Cloud — Running Microsoft

stacks in the cloud is easier than ever with powerful Windows-based Server Template. High availability SQL Server, IIS, and Active Directory are some of the solutions

 Scalable Website — Many websites experience

fluctuations in demand — some can predict that demand, some cannot. Either way, the cloud computing does the auto-scaling which makes a perfect solution

VII. CONCLUSION

International Journal of Emerging Technology and Advanced Engineering

95

Cloud Computing finds application in various areas [2].Some of which are explained below:

Leaders in the industry such as have IBM, Google, and Microsoft have already taken their initiatives in promoting cloud computing. Everyone in the IT sector speaks about cloud computing however this concept is still unclear to many. In this paper we have made efforts to clear the basic concepts of cloud computing. We have brought some light on the applications, characteristics, deployments models and layers of cloud computing and its security issues. Further reading of cloud computing can get some more light on security and its implementation issues.

REFERENCES

[1] Cloud computing security,

http://www.cloudtweaks.com/2012/03/fundamental-elements-of-cloud-computing-security/

[2] Cloud use cases,

http://www.rightscale.com/solutions/cloud-computing-uses/

[3] Eucalyptus, http://eucalyptus.cs.ucsb.edu/

[4] Globus, http://www.globus.org

[5] Google App Engine, http://appengine.google.com

[6] Heiser J. What you need to know about cloud computing security

and compliance, Gartner, Research, ID Number: G00168345, 2009.

[7] M. P. Papazoglou and W.-J. van den Heuvel, Service oriented

architectures:Approaches, technologies and research issues,

TheVLDBJournal, 16:389_415, 2007.

[8] Nimbus, http://workspace.globus.org/

[9] P. Mell and T. Grance, The NIST Definition of Cloud Computing,

National Institute of Standards and Technology, Information Technology Laboratory, Technical Report Version 15, 2009.

[10] R. Buyya, J. Broberg, A.Goscinski. Cloud Computing: Principles

and Paradigms. New York, USA: Wiley Press. pp. 1-44.

[11] Rackspace Cloud,

http://www.rackspacecloud.com/cloud_hosting_products/file

[12] Wikipedia, “Cloud Computing”,

http://en.wikipedia.org/wiki/Cloud_computing

[13] WikiInvest: Cloud Computing Concoet

http://www.wikinvest.com/concept/Cloud_Computing

[14] Youseff, L., M. Butrico,D. Da Silva. 2008. Toward a Unified

Ontology of Cloud Computing. In Grid Computing Environments Workshop