Important Announcement
PubHTML5 Scheduled Server Maintenance on (GMT) Sunday, June 26th, 2:00 am - 8:00 am.
PubHTML5 site will be inoperative during the times indicated!
EN
Home Explore CU-MCA-SEM-II-Cloud Computing-Second Draft

CU-MCA-SEM-II-Cloud Computing-Second Draft

Published by Teamlease Edtech Ltd (Amita Chitroda), 2023-07-17 07:23:29

Description: CU-MCA-SEM-II-Cloud Computing-Second Draft

Search

Read the Text Version

successfully at network nodes (for example, due to software defects), or various updates may well be applied with differing latency, resulting in momentary congestion or packet losses that might harm the performance for sensitive services. Hybrid Using a hybrid system could give distributed control's stability and scalability, as well as performance improvements via global network management. The use of distributed control with centrally determined parameters is a common hybrid strategy. Advantages: Increased performance, scalability, and reliability. A central controller can provide coarse-grained solutions, whereas a distributed method can provide fine-grained control. Work can be divided among central or distributed components in such a way that the disadvantages of centralized and distributed methods are minimized. For multi-tenant cloud datacenters, for example, a hierarchical method can be employed where aggregate bandwidth is estimated centrally and transmission control over flows per tenant is dispersed, lowering central management overhead while boosting each tenant management scalability. Negative aspects: The complexity of the system may increase. Because the central controller already has limited control, the ultimate solution may be less effective than a completely centralized system. Because of the centralized control, there is still a single point of failure, although it has a lower impact in the event of a failure than a fully centralized scheme. Furthermore, the dispersed component continues to operate at a locally optimal level. As example, with multi-tenant cloud datacenters, if bandwidth per tenancy is handled in a dispersed fashion, it may be difficult to implement routing/scheduling policies that maximize utility based on flow attributes due to limited local knowledge per network element. 12.5SUMMARY  Cloud Computing is a cost-effective platform that also offers better data transmission speeds. As a result, traffic management from across CC network is crucial. A number of the above-mentioned solutions are employed to lessen transmission delays. When it comes to increasing network and application performance, traffic management in data centres is critical. This improves the quality of service by decreasing network congestion, packet loss, and latency. The deployment and setup of traffic management techniques, on the other hand, is difficult due to the wide range of traffic characteristics seen in data centres, the huge number of data centre topologies, and the interplay of several protocols at the routing, transport, and connection layers. Even though it takes a comprehensive picture of the network, data centres are frequently joined via traditional networks that employ normal routing protocols.  Despite this, data centres are becoming increasingly popular. Interoperability with legacy systems, end-to-end traffic management, and the avoidance of a complex, time-consuming, and error-prone configuration process for data-center edge network 201 CU IDOL SELF LEARNING MATERIAL (SLM)

devices are all required in order to achieve success.If you have numerous cloud services or various Azure web apps, Traffic Manager can direct your customers' traffic and distribute it over multiple sites. In addition, Traffic Manager may assist you with your geofencing requirements by utilising the geographic routing method. It will be more suited to manage network traffic based on an actual scenario. The network must be scalable when it is set up. This not only makes traffic management easier, but it also improves customer Quality of Service (QoS). The importance of traffic model for cloud computing has been highlighted in this chapter. 12.6 KEYWORDS  ISP - An Internet service provider can help that offers a variety of Internet-related services such as access, use, and participation.  VPN - A virtual private network (VPN) provides a safer connection to both you and the internet. All of the data traffic is routed across an encrypted are there via the VPN.  DTM - Dynamic Traffic Management (DTM) allows you to deal with system traffic based on continuous data.  RTS -Request to Send mechanism aims to reduce frame collisions introduced by the hidden terminal problem.  NDP - The Neighbour Discovery Protocol (NDP) is an Internet protocol suite protocol that is used with Internet Protocol Version 6. 12.7 LEARNING ACTIVITY 1. What is the performance impact of using Traffic Manager? 2. How will you configure Azure Traffic manager on Windows Azure portal? 12.8 UNIT END QUESTIONS 202 A. Descriptive Questions Short Question 1. What is Traffic Manager's major function? 2. What are the differences between a traffic manager and a load balancer? 3. Write short notes on CNM. CU IDOL SELF LEARNING MATERIAL (SLM)

4. What is VTM. Describe its advantages. 5. How Traffic between datacenter has been managed? Long Question 1. What are the benefits of employing a traffic controller? 2. What is the traffic management procedure? 3. What is meant by VPN? 4. How the user will benefit from Traffic manager? 5. How will you Minimizing Flow Completion Times? B. Multiple choice Questions 1. FCT stands for a. Flow Completion Time b. Flaw Completion Time c. Flew Completion Time d. Flow Complement Time 2. ECN expands a. Explicit Completion Notification b. Explicit Congestion Notification c. External Congestion Notification d. External completion Notification 3. Which of the following is not a benefit of Traffic manager? a. Increased application performance b. Availability c. downtimes for upgrades d. Quick Setup 4. ____________allows you to deal with system traffic based on continuous data. a. DTM b. VTM 203 CU IDOL SELF LEARNING MATERIAL (SLM)

c. CNM d. MIB 5. MIB maintains a. Execution b. Distributions c. Collections d. Consumption Answers 1-a,2-b,3-c,4-a,5-a. 12.9REFERENCES Reference book  An Extensive Survey over Traffic Management/Load Balance in Cloud Computing Amith Shekhar C, & Dr. Sharvani. G S Websites  https://docs.microsoft.com/en-us/azure/traffic-manager/ 204 CU IDOL SELF LEARNING MATERIAL (SLM)

UNIT 13 -CLOUD STORAGE STRUCTURE 13.0Learning Objective 13.1Introduction 13.2Cloud Storage 13.3Storage Account 13.4Storage Replications 13.5Summary 13.6Keywords 13.7Learning Activity 13.8Unit End Questions 13.9References 13.0 LEARNING OBJECTIVES After studying this unit students will be able to:  Evaluate Cloud Storage  Analyze Storage Account  Evaluate storage replications 13.1INTRODUCTION Cloud computing has become one of the most popular terms in recent years, yet it is astonishing to learn that people have been utilizing it for over ten years. Gmail, Facebook, Dropbox, Skype, PayPal, or Salesforce.com are all cloud solutions that were not previously thought of in these terms. The primary idea behind its cloud is that information may be available over the internet and without thorough understanding of the communications systems that make it possible. Cloud storage is one of the most important services in Cloud computing. Data is stored on many third-party servers using cloud storage, and the user has no control over where the data is saved. With the growing size of data on a daily basis, the necessity to handle, manage, and, most importantly, store data has become a serious issue for individuals and organizations. This chapter explains the many methods for storing data in the cloud. 205 CU IDOL SELF LEARNING MATERIAL (SLM)

13.2CLOUD STORAGE Various cloud providers are offering data storage and backup administrations, owing to the enormous growth potential in cloud storage. Cloud providers are also giving out a percentage of their capacity for free to entice businesses and individuals to use their services. The following are the best cloud providers: Dropbox: Dropbox provides 2Gb of space storage, which may be expanded to 6GB by linking the user's Dropbox account to social media & recommending friends to the service. Google Drive: Google Drive is indeed a natural choice for Android device owners because it's already built-in, but users of many other platforms may benefit from the ample free storage. Mega states that certain data stored in the cloud was encrypted on the user's device before being sent to the company's servers. OneDrive: The file explorer in Windows 10 now includes OneDrive (previously SkyDrive). It's ready to use right out from the box, which is clearly incredibly helpful for individuals who have upgraded to Microsoft's latest operating system. iCloud: The Mac Finder software includes iCloud Drive, which allows users to store any files they want. Documents written with the iWork office suite were likewise saved to the iCloud cloud and can be synced across multiple devices. Windows users can also use the official client to sync existing files to iCloud Drive and access the iWork apps via the iCloud website. Box: Box has been there for a while, and it's integrated with a number of popular apps including Google Docs & Office 365. It's also connected with G-Suite, so Docs, Sheets, and Slides are stored and handled in Box automatically. The Box Sync client for Mac and Windows, as well as an official Android client, may be downloaded from the Downloads page. NextCloud: NextCloud is not even an online cloud storage service, but it does provide free software that allows users to download and install a cloud storage service on their own server. Using a home network server for cloud storage is far faster, and it also allows for encryption and ensures that the data never leaves the network connection, which is far safer. SpiderOak: SpiderOak is part of the new wave of cloud storage solutions that require no prior knowledge. According to the website, your data is encrypted upon syncing once you install the client. The SpiderOakOne client is available for Android, Mac, Linux, Android, and iOS devices. IDrive: IDrive allows you to sync all of your data, including those on network drives, in real time. Email, Facebook, and Twitter are all supported via the online interface for file sharing. 206 CU IDOL SELF LEARNING MATERIAL (SLM)

Drive now offers IDrive Express, a service that will send a real hard drive to the customer if the data is lost, enabling for the quick restoration of all backed up information. pCloud: The program is accessible on both desktop and mobile devices, with users having the option of logging in through website. Google Drive, pCloud, Microsoft OneDrive, DropBox, and MediaFire are the finest free cloud storage options available. 13.3STORAGE ACCOUNT All of your Azure Storage data items are stored in a storage account: blobs, file shares, queues, tables, or discs. The storage account creates a unique namespace for all Azure Storage data that can be accessed through HTTP or HTTPS anywhere in the world. Your storage account's data is long-lasting and highly available, as well as safe and enormously expandable. The following table describes the types of storage accounts recommended by Microsoft for most scenarios. All of these use the Azure Resource Manager deployment model. Table 13.1 types of storage accounts recommended by Microsoft Types of Storage Accounts Type of Storage Storage services Redundancy Option Usage account supported Standard general- Azure Files, Blob LRS/GRS/RA-GRS Blobs, file shares, purpose v2 (including Data Lake queues, & tables all Storage1), Queue, & ZRS/GZRS/RA- have a standard storage Table storage GZRS2 account type. For the vast majority of Azure Storage cases, this is the best option. Just use premium file shares account type if you want Azure Files to support NFS file shares. 207 CU IDOL SELF LEARNING MATERIAL (SLM)

Premium block blobs3 Blob storage LRS Block blobs and append (including Data Lake ZRS2 blobs have a premium Storage1) storage account type. Suitable for scenarios Premium file shares3 Azure Files LRS with large transaction ZRS2 speeds, tiny objects, or minimal consistency Premium page blobs3 Page blobs LRS storage latency requirements Only use the premium storage account type during file sharing. Enterprise / high- performance scale applications are recommended. If you'd like a storage account that supports all SMB and NFS file shares, use this account type. Only page blobs can be stored in a premium storage account. 13.4STORAGE REPLICATIONS Microsoft Azure, for example, is a cloud storage service. Depending on the data type to be stored, it offers a choice of cloud storage options. Text, binary data, files/documents, message contents, NoSQL, and so on can all be stored. Advantages - Azure cloud storage provides highly available, secure, incredibly scalable, and accessible via HTTP/HTTPS, among other things. Azure storage services include Azure Blobs, Azure Files, Azure Queues, and Azure Tables, among other things. To ensure durability and high availability, the information in the Microsoft Azure storage account is copied at all times. It safeguards our information against a variety of problems, including - Fault domain - relates to unexpected hardware failure, update domain - relates to predefined software upgrades on Azure., disasters, and so on. 208 CU IDOL SELF LEARNING MATERIAL (SLM)

We have the option of replicating our data in the same data center, across zonal data centers in the same region, or across various regions in the Azure cloud. Using cyclic redundancy tests, Azure storage confirms the security of data on a regular basis (CRCs). If its corrupted, redundant data is used to recover it. Azure storage keeps at least three copies of our data, either locally redundant storage (LRS) within the same data center or in a separate data centerutilizing zone-redundant storage (ZRS), geo-redundant storage (GRS), or read-access geo-redundant storage (RA-GRS). Azure ensures that our application remains operational in the event of a breakdown. Redundant locally (LRS) It is a low-cost data redundancy solution that helps us duplicate your data in the same data center. When compared to other replication options, LRS is the least expensive and has the least durability. It guarantees object durability for at least a year at 99.999999999 percent (11 nines). This is useful when we need to quickly reconstruct data in the event of a loss, or when we simply want to replicate data inside a country or region. Zone-redundant (ZRS) It enables us to achieve high speed, low latency, and synchronous data replication across three storage clusters in a single region. Physically, each storage cluster is distinct from the others, yet they are all located in the same region. Over the course of a year, ZRS guarantees the durability of storage items to be at least 99.9999999999 percent (12 9's). Geo-redundant (GRS) As previously stated, it assists us through replicating our data to a remote place hundreds of miles distant from the originating region. It guarantees object durability of at least 99.99999999999999 percent (16 9's) over a year. GRS replicates the data to a different region, but data will be read-only if Microsoft triggers a primary-to-secondary region failure. Geo-redundant storage with read access (RA-GRS) It's based on the GRS, but it also lets you read from the secondary region whether or not Microsoft conducts a failover from of the primary to the secondary. Table 13.2 Difference between LRS, GRS, ZRS Locally- Zone Redundant Geo-redundant storage (GRS) Redundant Storage Your data within your storage Storage (LRS) (ZRS) account is replicated to a Replication In the primary In the primary region, region, your data is it synchronously 209 CU IDOL SELF LEARNING MATERIAL (SLM)

replicated three replicates user data secondary area. times in a single across three Azure physical location, Availability Zones. all at the same time. Redundancy Low Moderate High Although it is more expensive Provides the It is more expensive than ZRS, it ensures availability Cost cheapest alternative than LRS, but it has a inside the event of regional for replication. better availability. outages. Percentage of At least At least At least 99.99999999999999% things that will (16 9’s) 99.999999999% 99.9999999999% (12 last a year (11 9’s) 9’s) Availability SLA At least 99.9% At least 99.9% (99% At least 99.9% (99% for cool for read requests (99% for cool for cool access tier) access tier) for GRS access tier) At least 99.99% (99.9% for cool access tier) for RA-GRS For write requests, At least 99.9% of there is a service the time (99 percent At least 99.9% (99% At least 99.9% (99% for cool access tier) level agreement for cool access tier) for cool access tier) (SLA). Is there a backup Yes Yes Yes plan in place if a node in a data centre fails? Is there a backup No Yes Yes plan in place unless the entire data centre (zonal or non-zonal) goes down? In the principal region, are you No No Yes available during a region-wide outage? Unless the No No Yes primary region is 210 CU IDOL SELF LEARNING MATERIAL (SLM)

offline, does the secondary region have read access? General-purpose v2 Types of storage General-purpose v1 General-purpose v2 General-purpose v2 Block blob storage General-purpose v1 accounts that are Block blob storage File storage Blob storage supported Blob storage File storage 13.5SUMMARY  Cloud storage has a lot of promise to become a viable replacement for traditional storage. This is the practise of keeping digital data in an online area that spans numerous servers and locations. It is often maintained by a hosting firm, and it is defined as follows: To put it simply, an individual or organisation can store and retrieve data in this online area, which is managed by a host service, with the use of an internet connection. Loud storage is a simple and secure method of storing and/or moving data in a safe and secure manner. Using cloud computing, people and companies can store their files with a cloud services provider and access them whenever they need them from whatever device they own. It is also possible to use cloud storage to archive data that needs to be kept for a long period of time but does not need to be accessed regularly, such as some financial documents. To facilitate group collaboration, files saved \"on the cloud\" are becoming increasingly popular.  When using cloud storage, a client computer, tablet, or smartphone can upload and download files to and from a remote data server through the internet. Cloud storage is free. The same data is typically saved on multiple servers at the same time so that customers can always access their data, even if one server is offline or loses data on a particular server. For example, a laptop computer owner may choose to save personal images on her hard drive as well as in the cloud in the event that her device is stolen.  It is possible for a cloud storage system to specialize in keeping a certain sort of data, such as digital images or music files, or it can offer for generic storage of any type of data, such as photos and audio files as well as text documents, PowerPoint presentations, and spreadsheets. But, before subscribing to cloud storage, extreme caution should be taken regarding security as well as execution to avoid any future catastrophe. It will also be vital that the cloud provider not only keep the cost to a reasonableness of both the cloud clients, but also deal the security and execution issues so that those who have got the cloud are gradually satisfied. The development of cloud storage techniques and service models is still in its infancy. To address the 211 CU IDOL SELF LEARNING MATERIAL (SLM)

challenges with cloud storage, the standardization of service provider service standards should be enhanced by using a better load balancing mechanism. 13.6KEYWORDS  Cloud storage- Cloud storage enables you to keep data and files in a remote location that you can access via the internet or even a dedicated data network connection. Data that you send to a third-party cloud service for storage becomes their responsibility.  GRS -The standard & recommended replication option is geo-redundant storage (GRS). Your data is replicated to a secondary region by GRS (hundreds of miles away from the primary location of the source data).  ZRS - Your Azure Storage data is copied synchronously over 3 Azure availability zones in the primary region with zone-redundant storage (ZRS). Each availability zone is a physical site with its own power, cooling, & networking infrastructure.  LRS - LRS' current print & output management solutions can be used in any cloud deployment architecture, include distributing output from SaaS applications hosted in the cloud. The concept of \"printing as a service\" comes into play here.  RA-GRS - read-access geo-redundant storage. It's based on the GRS, but it also allows you to read from the secondary region whether or not Microsoft conducts a failover from of the primary to the secondary. 13.7LEARNING ACTIVITY 1. Suppose you are working in defense, how to Select the Most Appropriate Storage Solution for Your organization. 2. Explain in detail about the file systems used GFS and Amazon S3. 13.8UNIT END QUESTIONS 212 A. Descriptive Questions Short Question 1. What is cloud storage? 2. What is Storage account? 3. Define the use of iCloud and pCloud. 4. What are GRS? CU IDOL SELF LEARNING MATERIAL (SLM)

5. Difference between LRS and ZRS. Long Question 1. Give some examples of cloud storage providers. 2. List out the types of storage accounts which are recommended by Microsoft. 3. List out the advantages of Azure cloud storage. 4. Describe Comparative study on ZRS, LRS and GRS. 5. Brief Description of Storage account with proper example. B. Multiple choice Questions 1. ________states that data stored in the cloud was encrypted on the user's device before being sent to the company's servers. a. Google Drive b. Mega c. ICloud d. pCloud 2. OneDrive was previously named as a. Google drive b. Skydrive c. Icloud d. Pcloud 3. ZRS stands for a. Zone Redundant storage b. Zone Replicate storage c. Zone Redundant solution d. Zone Resource storage 4. GRS stands for 213 a. Geo-redundant Storage b. Geo-resource Storage c. Geo-redundant Solution d. Geo-reduce Storage 5. Which of the following low-cost data redundancy solution? a. GRS b. ZRS CU IDOL SELF LEARNING MATERIAL (SLM)

c. LRS d. RA-GRS Answers 1-b, 2-b, 3-a, 4-a, 5-c. 13.9REFERENCES Reference Book:  Rajkumar Buyya, Christian Vecchiola, S. Thamarai Selvi, “Mastering Cloud Computing”  Kailash Jayaswal, Jagannath Kallakuruchi, Donald J. Houde, Dr. Devan Shah, “Cloud Computing: Black Book  Cloud Computing: Principles and Paradigms, Editors: Rajkumar Buyya, James Broberg, Andrzej M. Goscinski, Wile, 2011. Websites  introduction to cloud storage - cws.web.unc.edu 214 CU IDOL SELF LEARNING MATERIAL (SLM)

UNIT 14 -TYPES OF STORAGE STRUCTURE 14.0 Learning Objective 14.1 Introduction 14.2 Benefits 14.3 Storage Types 14.4 Summary 14.5 Keywords 14.6 Learning Activity 14.7 Unit End Questions 14.8 References 14.0LEARNING OBJECTIVES After studying this unit students will be able to:  Evaluate Benefits of cloud storage  Analyze different types of cloud storage  Evaluate architecture of VM storage  Analyze the Azure file Systems and its benefits 14.1 INTRODUCTION Cloud storage is indeed a cloud computing approach in which data is stored on the Internet and managed and operated by a cloud computing provider. It's on-demand, only with capacity and costs, and it saves you money by not having to buy and manage their own digital storage infrastructure. Through “anytime, anywhere” data access, you get agility, global scale, and durability. A third-party cloud vendor owns and runs data storage capacity that offers it via the Internet inside a pay-as-you-go manner. These cloud storage providers manage capacity, security, and durability to ensure that data is accessible to your apps from anywhere on the planet.Traditional storage methods or even an API are used by applications to access cloud storage. Many vendors provide add-on services to aid in the collection, management, security, and analysis of large amounts of data. 215 CU IDOL SELF LEARNING MATERIAL (SLM)

14.2 BENEFITS IT departments may transform three areas by protecting data: Cost Of ownership: There is no hardware to buy, no storage to provision, and no cash to set aside for \"someday\" situations with cloud storage. You can add and remove capacity at demand, modify performance or retention characteristics fast, and only pay for the storage you use. Less frequently accessed data can also be transferred to lesser cost tiers automatically according to auditable rules, resulting in cost savings. Time to Deployment: Infrastructure should never delay down development teams when they are ready to deploy. IT can swiftly offer the exact amount of capacity needed, exactly when it's needed, thanks to cloud storage. Rather than trying to handle storage systems, IT can focus on solving complicated application problems. Figure 14.1 Storage vs Time Information Management: Using the cloud to centralise storage provides a huge advantage for new use cases. You may execute strong information management operations like automated tiering and data locking down in support of compliance needs by employing cloud storage lifecycle management policies. 14.3 STORAGE TYPES Azure Storage is indeed a Microsoft-managed cloud storage solution that offers high availability, security, durability, scalability, and redundancy. Whether it's photos, audio, video, logs, configuration files, and sensor data from an IoT array, data must be stored in a form that's easy to access for analysis, and Azure Storage has solutions for all of these scenarios. Two types of data accounts, four types of storage, four levels for data redundancy, and three tiers for storing files are available in Azure. We'll go over each of these solutions in depth to help you figure out which one best suits their big data storage requirements. 216 CU IDOL SELF LEARNING MATERIAL (SLM)

Figure 14.2Azure Storage Architecture i) Blob storage ii) File Storage iii) Queue Storage iv) Table storage Blob Storage Blob Storage is a Microsoft Azure service that storing binary big objects (blobs) made up of unstructured data like text, photos, and videos, as well as their metadata. Blobs are stored in “containers,” which are directory-like structures. The blob service has the following features: i) Data items of any type are referred to as blobs. ii) Containers are blob-wrapping devices that hold numerous blobs together. iii) Everyone of the Azure storage data items is stored in your Azure storage account. Blob Categories Despite the fact that blob allows big binary items to be stored in Azure, it is tailored towards 3 distinct storage scenarios: Block blobs: These blobs are used to hold discrete items like photos, log files, and other data. Data can be stored in block blobs of up to 5TB, and 50,000 blocks of down to 100MB apiece. Page blobs: These can be up to 8TB in size and are optimized for randomized read and write operations. Azure provides two forms of storage throughout the page blob category: ordinary and premium. For virtual machine (VM) storage devices, the latter is the best option (including the operating system disk). 217 CU IDOL SELF LEARNING MATERIAL (SLM)

Append Blobs: Append blogs are made up of many blocks of varying sizes, up to a maximum of 4MB, and are optimized for append applications such as log storage. Each add blob can hold up to 50,000 blocks, allowing them to expand up to 200GB in size. Blob storage accounts come in three tiers, which can be selected at the time of account creation. Hot Access Tier: Of the three alternatives, the hot access tier is best for data that is regularly accessed. It has the cheapest access (read-write) but the most expensive storage. Cool Access Tier: This option is better suitable for use cases when data will be held for at least 30 days and will not be accessed frequently. This tier has lower storage costs but greater access charges than the hot access tiers. Archive Access Tier: Archive storing is intended for data that does not require quick access. This tier has greater data retrieval fees as well as a longer data access time. It's intended for situations when data will be held for more than 180 days and accessed infrequently. Why use Blob? Unstructured data, such as logs, files, photos, and videos, are the focus of most of what data consumers are doing with storage. Using Azure's blob storage to avoid having to create multiple database systems across different types of data is a great approach to save time and money. Blob storage offers consumers great data consistency, storage & access flexibility that conforms to the user's needs, as well as high availability through geo-replication. Table Storage Table Storage in Azure is indeed a scalable, NoSQL, key-value storing data system for storing huge amounts of data inside the cloud. This storage solution is schema less, with rows made up of key-value pairs in each table. It's a perfect way of storing structured & non- relational data, according to Microsoft, with use cases ranging between storing terabytes pf structured data for web applications to storing datasets without difficult joins or foreign keys to accessing data via.NET libraries. Table Storage Components The following items are stored on the table: i) All of your tables are stored in a storage account. ii) Tables, which are made up of groups of \"entities.\" iii) Entities are collections of properties that are analogous to database rows. A single entity can be equal to 1MB in size. The list's most granular element is the property, which is made up of name-value pairs. Each entity has 3 groups properties that define its partition key, row key, and timestamp. Entities 218 CU IDOL SELF LEARNING MATERIAL (SLM)

can wrap up to 252 properties to hold data, and each entity has four basic properties that define its partition key, row key, and timestamp. Figure 14.3 Table Storage Components Azure Storage tables were usually contrasted with RDBMS tables since they are expressed in a tabular style. Columns, restrictions, and 1:1 or 1: * connections, as well as their variations, are not available in Azure tables. Azure Table Storage Vs. Azure SQL Database While these two technologies are remarkably similar, they are intended for totally distinct applications. One of the most significant distinctions between both the two was their capacity. Tables in Azure can have up to 1MB rows and no more than 255 attributes, such as the 3 identifying keys: partition, row, and timestamp. This means that the total length of any and all 255 properties cannot exceed 1MB. Azure SQL databases, on the other hand, will have rows equal to 2GB in size. Naturally, this leads the user to believe that using Azure SQL databases to store vast volumes of data is a no- brainer. Nevertheless, Azure SQL databases could only expand up to 150GB, but Azure tables can hold up to 200TB of data. Why use Table Storage? Users can quickly construct cloud applications using Azure table storage without having to worry about schema lockdowns. When developers need to store data in the terabytes range while keeping storage costs low — and the data doesn't require significant server-side joins 219 CU IDOL SELF LEARNING MATERIAL (SLM)

or other logic — they should choose Azure table storage. Other situations include disaster recovery and the storage of data up to 500TB without the requirement for sharing logic. Queue Storage Queues have been around for a long time, and its simple FIFO (first in, first out) features make them a viable solution for storing non-ordered information. Simply said, Azure Queue Storage is a service that allows customers to store large volumes of messages, process those asynchronously, and consume them as needed while maintaining a low cost through a pay- per-use pricing model. Storage Queues Components The following components make up queue storage:  All of your storage services are contained in your Storage Account.  A queue is a collection of messages.  Any type of information can be included in a message. A message could, for example, be a text message intended to activate an event on an app or information on an event that has occurred on a website. A message can only be 64KB in size in any format, and it can only be in a queue for seven days. A single queue, on the other hand, can carry up to 200TB of data. Communications could be textual strings or bytes arrays holding any type of data in formats like XML, CSV, and others. Figure 14.4 Storage queue components Why Use Azure Queue Storage? Queues lessen the risk of data loss due to data store timeouts or long-running processes; a shopping cart or even a forum in which a user can place an \"order\" in the form of a purchase or even a message on a message board are suitable examples of this scenario. The message will then be ingested or \"de-queued\" by a reader, who will then return control to a user so that they can continue surfing the site. Queues allow users to accept all incoming data and then process it at the application's own pace. Returning to the shopping cart example, picture a user who has placed more than 50 220 CU IDOL SELF LEARNING MATERIAL (SLM)

things in their basket and therefore is ready to check out. If there is no queue in place when a user checks out, the order information must be processed and put in the database right away, which, as you can see, could cause a slowdown and bring the entire system down during peak periods. Queues provide such a fault-tolerant technique for storing all orders for a certain time and then processing and executing them when the system's bandwidth allows. This ensures that each item in the queue gets the attention it deserves. File Storage Azure Files is a cloud-based shared network file storage solution that lets administrators access native SMB file shares. These shares, together with the rest of the Azure storage options, can be added to an Azure storage account. The Azure File service allows apps operating upon cloud VMs can share files using common protocols like as WriteFile and ReadFile. Figure 14.5 VM storage architecture Why Use Azure File System (AFS)? There are a variety of circumstances in which Azure File System could be useful: If you do have an on-premises setup that needs a file share and need to move this to the cloud, AFS makes it simple to transfer files between cloud VMs. Users can construct a shared drive using AFS without creating a dedicated VM to manage the file sharing burden. 221 CU IDOL SELF LEARNING MATERIAL (SLM)

AFS may also be used to make cloud development easier; it can be set up as just a shared resource both developers and sysadmins to have when installing devices and technologies. It can be used as a repository for configuration files or monitoring logs. Benefits of Azure Files  Simple to use:All users need to do to deploy a shared file is go to them storage account & initiate a unique file share. The user will also have a fully working file share up and running in minutes.  Azure file storage uses Server Message Block (SBM 3) with HTTPS to encrypt data at rest and in transit.  The SMB protocol, that is natively supported by numerous open-source APIs, libraries, and tools, is used by Azure File.  Users can save up to 5TB of data, and up to 100TB if they're using premium tier to configure the share.  Hybrid Access:Using SMB and REST protocols, Azure File Sync enables users to view data from anywhere. This service allows on-premises installations to extend file shares by generating a local cache of a files and giving local access using protocols like as NFS, SMB, FTPS, and others. Users can have highly accessible access to their files using this form of synchronization, as well as use enterprise-grade security protocols like ACLs. 14.4 SUMMARY  Cloud storage has a lot of promise to become a viable replacement for traditional storage. Through the use of cloud storage, businesses with large amounts of data storage can save a substantial amount of space and money by avoiding the need to install data storage infrastructure on their premises. The cloud storage provider owns and maintains all of the essential hardware and software, so that cloud users do not have to worry about it themselves. It is possible that purchasing ongoing cloud storage will be more expensive in the long run, but that it will be much less expensive upfront. Furthermore, organisations can practically instantaneously increase or decrease the amount of cloud storage they have access to in response to changes in their storage requirements.  The cloud also enables employees to interact with colleagues—as well as work from home or outside of usual office hours—while also supporting smooth document collaboration by providing authorised employees with simple access to the most recent version of a file at all times. At the individual level, cloud storage enables mobile data storage and digital life in the comprehensive manner in which we live it 222 CU IDOL SELF LEARNING MATERIAL (SLM)

now. Smart phones would not be able to serve as the interface for such a large amount of data if the cloud were not present ( photos, documents, information on the go). It is also possible that using the cloud to store files will have a good impact on the environment because it will reduce energy consumption.  A good cloud storage provider will feature data redundancy, which means that the same information will be stored in numerous physical places so that they can survive any human errors, equipment failures, or natural disasters, among other scenarios. Also, a reliable supplier will store and send data in a secure manner, ensuring that no one else has access to it without authorization. Some users may also want that data be stored in a way that it can only be read, rather than altered; cloud storage may accommodate this requirement as well, according to the company. However, before subscribing to cloud storage, extreme caution should be taken with security and execution to avoid any future catastrophe. It will also be vital that the cloud provider not only keep the cost to the reasonableness of the cloud clients, but also deal with security and execution issues so that those who have got the cloud are gradually satisfied. The development of cloud storage techniques and service models is still in its infancy. To address the challenges with cloud storage, the standardization of service provider service standards should be enhanced by using a better load balancing mechanism. 14.5 KEYWORDS  SMB - Server Message Block, also called as Common Internet File System in one version, is a computer networking communication protocol that allows nodes on a network to exchange files, printers, or serial ports. It also has a technique for authorised inter-process communication.  VM -A virtual machine is the virtualization/emulation of a computer system in computing. Virtual machines are computer architectures that give the same functionality as a physical computer.  FTPS -FTPS is a protocol that adds functionality for such Transport Layer Security and, formerly, the Secure Sockets Layer cryptographic technologies to the widely used File Transfer Protocol.  Queue -Queue Storage is just a service that allows you to store a large number of messages in one place.  AFS- Azure File System. Itmakes it simple to transfer files between cloud VMs 14.6 LEARNING ACTIVITY 1. If you are creating website in Windows Azure what will be your idea on table? 223 CU IDOL SELF LEARNING MATERIAL (SLM)

2. Suppose you are working in Airforce, what kind of storage will you use? 14.7 UNIT END QUESTIONS 224 A. Descriptive Questions Short Questions 1. What is the Cloud storage types for data? 2. What are the 3 distinct Blob storage Scenarios? 3. CompareAzure Table Storage Vs. Azure SQL Database 4. Why do go for Queue storage? 5. Define: Hybrid Access Long Questions 1. List out the benefits of Storing data in Cloud. 2. Describe three tiers in Blob storage account creation. 3. Difference between Table and queue Storage type. 4. What are the advantages of Azure Files? 5. Compare Blob storage with File Storage. B. Multiple Choice Questions 1. Azure file storage uses ______-with HTTPS to encrypt data. a. SBM b. SMB c. BMS d. MSB 2. A queue can carry ___________amount of data. a. 200TB b. 200MB c. 200GB d. 200KB CU IDOL SELF LEARNING MATERIAL (SLM)

3. Table Entities can wrap up to _____ properties to hold data a. 252 b. 251 c. 253 d. 254 4. _____ storage made up of unstructured data like text, photos, and videos, as well as their metadata. a. Blob b. File c. Table d. Queue 5. The __________ access tieris best for data that is regularly accessed. a. Hot b. Achieve c. Cool d. None of these Answers 1-b, 2-a, 3-d 4-a, 5-a. 14.8REFERENCES Reference Book:  Kailash Jayaswal, Jagannath Kallakuruchi, Donald J. Houde, Dr. Devan Shah, “Cloud Computing: Black Book  Cloud Computing: Principles and Paradigms, Editors: Rajkumar Buyya, James Broberg, Andrzej M. Goscinski, Wile, 2011. Websites:  https://www.dremio.com/data-lake/adls/ 225 CU IDOL SELF LEARNING MATERIAL (SLM)

UNIT 15 -SECURITY STRUCTURE 15.0 Learning Objective 15.1 Introduction 15.2 Cloud Computing Security 15.3 Benefits 15.4 Security service Providers 15.5 Identity and Access Management 15.6 AAA administration for Cloud 15.7 Summary 15.8 Keywords 15.9 Learning Activity 15.10 UnitEnd Questions 15.11 References 15.0 LEARNING OBJECTIVES After studying this unit students will be able to:  Evaluate Microsoft azure  Analyze difference between ARM and classic portal  Evaluate architecture of azure and its components  Create, configure, deploy and monitor the website 15.1 INTRODUCTION One of the most common users worries regarding Cloud Computing, like with any new Internet technology, is security. Service providers only provide racks and networks in enterprise data centres or Internet Data Centers (IDC), and users must arrange the other devices, such as servers, firewalls, software, and storage devices, themselves. While this is a difficult task for both the end user, he also has a comprehensive understanding of an architecture and system, allowing him to influence the data security design. Physical isolation (including such iron cages) is used by some users to safeguard their servers. The back resources and administration architecture of a service is invisible to users in cloud computing 226 CU IDOL SELF LEARNING MATERIAL (SLM)

(thus the term \"Cloud\" to indicate something far out from our physical reach). Users would naturally doubt the system's security if it did not have physical control and access. A similar analogue to data security in the Cloud can be found in financial institutions, where a consumer transfers his cash bills into a bank account and thus no longer owns a tangible asset. To secure his now-virtual wealth, he will rely on the bank's technology and financial integrity. Similarly, we might expect to witness a shift in the acceptance of data being stored in physical locations beyond our control but with a trustworthy supplier. 15.2CLOUD COMPUTING SECURITY Cloud computing security is a serious concern. Data stored in the cloud should be encrypted. Proxy & brokerage services must be used to prevent clients from directly accessing shared data.To gain the trust of Cloud end users, the architects of Cloud computing solutions have established data security between end users or between final users and service providers in a logical manner. The security for user data might be reflected from a technological standpointin the following implementation rules: 1. The security of user data stored in the cloud. Other persons cannot see or change user storage data (including the operator). 2. Runtime data privacy for users. Other persons cannot see or edit user data while it is in use (loaded to system memory). 3. The security of exchanging user data through a network. It covers the safety of data flow in the cloud computing center's intranet and the internet. Other individuals are unable to see or change it. 4. Users must be authenticated and authorized in order to access their data. Users can gain proper access to their data and authorize other users to do so as well. Cloud computing services may make use of the technologies listed in Table 15.1 to assure security. Table 15.1 Cloud computing services may make use of the technologies assure security. Security scenarios To other users To operators The security of user data stored Zoning and mapping of SAN Encryption of bare devices and in the cloud networks After the callback, file systems clean up the discs. Authentication of the file system 227 CU IDOL SELF LEARNING MATERIAL (SLM)

User data privacy during Isolation of virtual machines OS isolation runtime and operating systems When moving user data across SSL, VPN, VLAN, VPN, SSL the network, there is a concern about privacy. Users must be authenticated and Authentication for the firewall, OS authentication, VPN authorized before they may VPN, and operating system authentication, access their data. Security Planning Before deploying a resource to the cloud, it is necessary to examine numerous aspects of the resource, including: i) determining which resources will be moved to the cloud and determining their risk sensitivity. ii) Take a look at cloud service models including IaaS, PaaS, and SaaS. These models necessitate consumer participation. iii) At various levels of service, he is in charge of security. iv) Consider whether you want to use a public, private, communal, or hybrid cloud. v) Understand the cloud service provider's system, including how data is transported, stored, and retrieved. vi) Data can be moved into or out of the cloud. vii) The risk of cloud deployment is mostly determined by service models or cloud kinds. Security boundaries The line between both the responsibilities of the service provider and the consumer is defined by a certain service model. The CSA stack model establishes the boundaries for each service model or the cloudshows how various functional units are related to one another. The CSA stack model is depicted in the Figure 15.1: 228 CU IDOL SELF LEARNING MATERIAL (SLM)

Figure 15.1 CSA Stack model IaaS is by far the most fundamental level of service, followed by PaaS and SaaS, with each level of service inheriting the capabilities & security concerns of a model before it.Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) provide the infrastructure, platform development environment, and operating environment, respectively.IaaS offers the least amount of integrated functionality and security, whereas SaaS offers the greatest.The security boundaries where the cloud service supplier's responsibility ends as well as the consumer's accountability begins are described in this model. Every security mechanism underneath the security border should be designed this way, and any security mechanism above the security barrier should be built into to the system.The consumer is in charge of upkeep.Despite the fact that each service model contains a security mechanism, security requirements vary depending as to where these services are usedin a private, public, hybrid, or community cloud. 229 CU IDOL SELF LEARNING MATERIAL (SLM)

15.3 BENEFITS DDoS protection: DDoS attacks are on the rise, and a leading cloud computing security solution concentrate on techniques to stop massive quantities of traffic directed at a company's cloud servers. To reduce risk, this requires monitoring, absorbing, and spreading DDoS attacks. Data security: In this day and age with data breaches, a good cloud computing security solution will have security mechanisms in place to secure sensitive data and transactions. This prohibits monitoring or manipulation with data being transferred by a third party. Regulatory adherence: Top cloud computing security services assist businesses in regulated industries in managing and maintaining better infrastructures for compliance & data protection. Flexibility: Whether you're increasing or decreasing capacity, the cloud computing solution gives you the security you need. With expanding your cloud solution, you may avoid system crashes during periods of high demand. Then, once the high traffic period has passed, you may cut back down to save money. High availability and customer service: A finest cyber security solution ensures that a company's assets are protected at all times. This offers live surveillance 24 hours a day, seven days per week, and 365 days a year. There are built-in redundancies to ensure that your company's website or applications are always available. Companies need the availability, reliability, & security of a top-tier cloud computing security solution to conduct business in the global marketplace. Advanced cybersecurity features work in tandem alongside physical infrastructure to provide a comprehensive and secure cloud computing solution. 15.4SECURITY SERVICE PROVIDERS Nowadays, the majority of businesses are migrating its resources to cloud computing, which raises security concerns as key roadblocks. As a result, a growing number of cloud security technologies are now being developed.In general, cloud security and cloud computing security refer to safeguarding cloud information and data against hacking, deletion, online theft, leaking, and other threats.Cloud Security is provided through a collection of apps, firewalls, rules, VPN controls, technologies, and small software-based solutions, among other things. Cloud security is indeed a type of computer or network security. Cloud Security Technologies and Products refers to businesses that provide security services associated with cloud computing. Choosing an influential or commanding cloud security provider is contingent on that company's ability to address security controls such as conformity and privacy concerns, as 230 CU IDOL SELF LEARNING MATERIAL (SLM)

well as to protect with us network from malicious threats, hijacking, and other threats by implementing safety measures and conducting a few tests.Many businesses jumped into cloud computing without having the necessary knowledge or resources to ensure their own security. They relied on providers to handle things behind the scenes, but they overlooked the consequences of a cloud architecture with a dozen or more applications sharing data and credentials. When all of your apps, storage, and infrastructure are hosted on remote servers, what does it mean to protect corporate data and systems? Firewalls and traditional endpoint protection aren't as important as they once were.There are numerous dangers in this bright new world: i) Loss of data ii) Violations of regulatory compliance iii) Credentials in jeopardy iv) APIs that have been hacked v) Persistent advanced threats (APTs) vi) Accounts that have been hacked or traffic that has been hacked vii) DDoS (denial of service) and DoS (distributed denial of service (denial of service; distributed denial of service) Without depleting your own IT resources or spending an exorbitant sum for a server-based solution, the right SECaaS provider can help you overcome these and other weaknesses. Most will function with your existing infrastructure, and some will even work in hybrid setups with a mix of cloud and on-premise resources. It can be challenging to pick which SECaaS supplier is best suited to your needs if you're buying for the first time. SECaaS providers come in a variety of shapes and sizes, with varying expertise, features, and price points. We'll divide the market into five broad areas and showcase a top vendor for each in this chapter. 1. Security brokerage for cloud access The “integrated suites” of a SECaaS world are cloud security brokerages (CASBs). CASB suppliers often offer a variety of services aimed at assisting your firm in safeguarding its cloud infrastructure & data in whatever shape it may take. CASBs, according to McAfee, are “on-premises or cloud-hosted software that sits between cloud service customers and cloud service providers to enforce cloud application security, compliance, or governance policies.” These technologies keep track of and protect all of a company's cloud applications. Oracle Cloud Access Security Broker is the best vendor (CASB) 231 CU IDOL SELF LEARNING MATERIAL (SLM)

Palerra was acquired by Oracle in 2016, allowing them to expand its Identity Cloud Service into a full-featured CASB. This was the first tool on the market to fully automate the security lifecycle, from prevention through detection and remediation. Cloud security, user behaviour analytics, plus shadow IT discovery are all covered by the CASB system. A web application firewall, access management, identity cloud services, plus key management are all included in the Oracle Security and Identity Cloud. 2. Single sign on Users have access all of their cloud computing apps with such a single set of login credentials thanks to single sign-on (SSO) services. SSO also improves the ability of IT and network managers to check access and accounts. Some of the major SaaS providers already have SSO capabilities for their products, but chances are you don't utilize just one vendor's goods, that's where a third-party SSO provider comes in useful. Okta is the best vendor. Okta is a cloud security firm that specializes in identity and access (IAM). “Grant individuals access to programs on any device that is connected, while yet imposing rigorous security protections,” is part of their purpose. Okta's single sign-on solution validates log-in credentials and allows users to securely access any application with a single username and password using Security Assertion Markup Language 2.0 (SAML), Secure Web Authentication (SWA), and OpenID Connect. IT managers may define bespoke policies and report on usage with Okta's strong central administrative tools. They also have one of the industry's most extensive integration networks, allowing you to integrate SSO to virtually any application—cloud or desktop. 3. Email security: This may not be the first app that springs to mind when you think of outsourcing security, but cloud-based email servers handle a tremendous quantity of data that flows in and out of your company. Malvertising, targeted assaults, phishing, and data breaches are all hazards and risks that are inherent in email. SECaaS providers who specialize on data security can defend you from them. Some email security measures are included as part of a bigger platform, while others are sold separately. Proofpoint is the best provider. Proofpoint is among the most well-known email-focused cloud security services. Their technology is built to secure and regulate outbound or inbound email threats in either environment, whether small businesses using Gmail to large corporations with sophisticated, hybrid Sharepoint settings. They safeguard your organization from known and upcoming threats from any IP address using signature-based detection. Proofpoint, like the other solutions in this post, provides administrators with several valuable features, such as 60+ out-of-the-box reports and custom policy generation just at group, user, 232 CU IDOL SELF LEARNING MATERIAL (SLM)

and global level. Graymail management, mobile defence, data loss prevention (DLP), encryption, plus social media security is among the other features. 4. Website and app security: When employing cloud-based applications, you must protect not only your data and infrastructure, but also the apps and digital properties you control and govern, such as your website. Traditional endpoint or firewall protection can leave you open to assaults, hacks, and breaches in this area as well. Vulnerabilities in external-facing websites, online apps, or internal portals & intranets are typically exposed and sealed using tools and services in this area. White Hat Security is the best provider. White Hat Security has a lot more expertise identifying and remediating online and application threats than many of its competitors because they've been around for a long time. They utilize vertical and lateral application security testing in their products to ensure that their websites and source code remain safe. White Hat also has a web application security solution that includes the same analytics & testing capabilities for any mobile apps your company uses. Regardless of which White Hat service you choose, you'll have access to a professional team of engineers there at White Hat Threat Research Center who can help you with any issues that are outside your team's competence or where the business context makes identifying risks challenging. White Hat has a long list of current and former customers, including Dell, NetApp, and Akamai. 4.Network security: Cloud-based network security software assist your company in monitoring traffic entering and exiting your servers and detecting risks before they manifest. You may already have a hardware-based firewall in place, but with the vast array of threats that exist nowadays on the internet, it's a good idea to have many layers of protection. Of course, network security as a service implies that the vendor will provide threat detection as well as intrusion prevention via the cloud. Qualys is the best provider. Qualys is one of the most prominent suppliers in this category, with over 8,800 clients in 100 countries. Their platform is a cloud-based integrated suite of security and compliance solutions which provides all of its services via multi-tenant or private cloud. Continuous network monitoring (via sensor appliances as well as lightweight agents), vulnerability management, compliance management, online scanning, web application firewall, malware detection, as well as secure website testing are just a few of the functional areas covered. Qualys network security tools continuously monitor and discover your assets (servers, computers, and devices), finding new vulnerabilities and assisting you in patching them as soon as possible. You can also follow devices in your local workplace or in remote cloud environments, and get notifications when they engage in suspicious activities. Network 233 CU IDOL SELF LEARNING MATERIAL (SLM)

administrators can maintain a careful eye on all assets, hosts, scans, as well as patches by using the visual reports and dashboards. Cisco, GE, Microsoft, as well as Deloitte are among Qualys' current and former clients. Just few Cloud Computing Security companies are listed below that provide extensive protection against cloud security services.  Datadog,  HackerOne,  Intruder,  Cipher,  Sophos  Hytrust. 1. Datadog Security Monitoring: Datadog Security Monitoring detects clouds security threats across your applications, network, or infrastructure in real time. It analyses security threats and gives extensive information in the form of metrics, traces, and logs, among other things.AWS Cloud Trail, Okta, & GSuite are among the more over 450 vendor-backed built- in connections. You'll receive actionable warnings about dangerous and unusual patterns. With Datadog's rich observability data, you can detects threats throughout dynamic cloud settings.Datadog Security Monitoring includes over 450 ready-to-use integrations, allowing you to collect metrics, logs, or traces across your whole stack as well as security products. The Detection Rules feature in Datadog gives you a strong way to detect security threats or suspicious behaviour in real-time across all ingested logs.With default out-of-the-box rules covering common attacker approaches, you can start identifying threats in minutes. No query language is necessary to change and customize every rule using our simple rule editor to match your organization's specific needs. HackerOne is the world's leading hacker-powered security platform, assisting enterprises in identifying and repairing key vulnerabilities before they're even exploited. HackerOne is trusted by more Fortune 500 & Forbes Global 1000 firms than just about any other hacker- powered security solution.HackerOne has teamed with the US Department of Defense, GM, Google, cyber CERT Coordination Center, more than 1,300 other firms to uncover over 120,000 vulnerabilities and pay over $80 million in bug bounties.HackerOne has offices in London, New York, the Netherlands, & Singapore in addition to its headquarters in San Francisco.Penetration testing, bug bounties, increasing dependency programs, vulnerability assessment, compliance testing, as well as other hacker-powered security services are available. 234 CU IDOL SELF LEARNING MATERIAL (SLM)

Customers include the US Defense department, Play Store, Youtube, Paypal, Slack, Netflix, Verizon, Twitter, Squarespace, Toyota, General Motors, Starbucks, the European Commission, and the European Commission. Intruder: Intruder is an easy-to-use cybersecurity solution that helps organizations reduce their attack vulnerability.Intruder's solution is a cloud-based security feature that scans the entire digital infrastructure for security flaws. Intruder protects organizations of all sizes from hackers by providing rigorous security checks, constant monitoring, and an easy-to-use platform.Intruder has received numerous awards since its launch in 2015, including being selected for GCHQ's Cyber Accelerator. Features to look for:  There are approximately 9,000 automated checks throughout your IT infrastructure.  SQL injection or cross-site scripting are examples of infrastructure and web-layer inspections.  When new threats are found, your systems are automatically scanned.  AWS, Microsoft, Google Cloud, Apis, Jira, Teams, and others all have multiple integrations.  The Pro plan of Intruder comes with a 30-day free trial. Cipher is a security software that can safeguard the Internet-connected services and gadgets. Cipher gathers and enriches data from consumer networks. Cloud apps provide the logs. Cipher detects security log data from any network, applications, systems, or devices then normalizes and analyses it. This data is used to detect risks and sends an alert to the SOC. Respond: Cipher SOC uses automation and orchestration to collaborate alongside customers to ensure risks are mitigated. Cipher's cybersecurity analyst offers expert advice and recommendations on how to respond to vulnerabilities, security incidents, & possible threats. Cipher Box MDR is available for a 30-day free trial from Cipher. Sophos: Sophos is really a hardware & system security company that enables real-time security coordination between firewalls and endpoints. Sophos Central is the new name for Sophos Cloud.Sophos Central provides features such as a modernized plan or aim, increased safety, faster threat detection and exploration, and simpler enterprise-level security solutions, among others.Sophos also offers a variety of other security solutions, such as email, online, mobile devices, servers, and Wi-Fi.Sophos was founded in 1985, and according to the company's 2016 annual report, it employs over 2700 people.A 30-day free trial of Sophos Central is available.Sophos' annual income in 2016 was $478.2 million, according to financial records. 235 CU IDOL SELF LEARNING MATERIAL (SLM)

15.5IDENTITY AND ACCESS MANAGEMENT One of the most difficult difficulties facing IT today is managing ids & access control for enterprise applications. While an organization may be able to use a variety of Cloud Computing services without the need for a robust identity and access strategy, extending an organization's identity services to the cloud is a required prelude to smart usage of on- demand computing services in the long run. Supporting today's aggressive adoption of an obviously immature cloud ecosystem necessitates a candid assessment of an organization's readiness to undertake cloud-based Access management (IAM), and an awareness of that organization's Cloud Computing providers' capabilities. We'll go over the primary IAM services that are required to successful and effective identity management in the cloud:  Provisioning and deprovisioning of identities  Verification of identity  Cooperation  User profile management and authorization  Throughout, compliance is a major priority. Identity Provisioning: Managing the secure and timely onboarding (provisioning) and offboarding (deprovisioning) for users in the cloud is one of the primary issues for enterprises implementing Cloud Computing services. Additionally, businesses which have invested in internal user management systems may seek to extend similar processes and practices to cloud services. Authentication: When companies begin to employ cloud services, they must be able to authenticate users in a secure and controllable manner. Credential management, robust authentication (usually described is multi-factor authentication), delegated verification, especially managing trust throughout all types of cloud services are all difficulties that organizations must face. Federated Identity Management is critical in a Cloud Computing context because it allows enterprises to verify their customers for cloud services using the identity provider of their choice (IdP). In this scenario, securely sharing identity attributes between both the service provider (SP) as well as the identity provider (IdP) is also a must. Organizations contemplating cloud-based federated identity management should be aware of the many issues and solutions available to meet them, including identity lifecycle management, available authentication techniques to protect confidentiality and integrity, and non- repudiation support. Authorization and user profile management: Whether the user is acting on their own behalf (as a consumer) or as a member of an organization, the needs for user profiles and access control policies differ (such as an employer, university, hospital, or other enterprise). 236 CU IDOL SELF LEARNING MATERIAL (SLM)

In SPI environments, access control requirements include building trusted user profiles and policies, leveraging that information can control access inside the cloud service, and doing it in an auditable manner. Recommendations for Identity Provisioning: i) Cloud providers' capabilities are currently inadequate to satisfy enterprise requirements. Customers must avoid proprietary solutions that increase management complexity, such as establishing custom connectors that are specific to cloud providers. ii) To the extent possible, customers should use standard connections provided by the cloud providers, preferably built on the SPML schema. You should request SPML from your cloud provider if it isn't already available. iii) Cloud clients should alter or extend existing authoritative identity data repositories to include cloud-based applications and processes. Recommendations for Authentication: That both cloud provider as well as the customer companies should think about the issues of credential management and robust authentication, and develop cost-effective solutions that mitigate the risk. Typically, SaaS and PaaS providers offer their apps or platforms with built-in authentication services or delegate authentication to the company. The following alternatives are available to customers: i) Authentication for businesses. Enterprises could consider using its Identity Provider (IdP) to authenticate users and federating with the SaaS vendor to develop trust. ii) Individual users working according to their own behalf require authentication. User- centric authentication, like Google, Yahoo, OpenID, Live ID, and others, should be considered by businesses to enable the usage of a single set of credentials that may be used across numerous sites. iii) Before continuing, any SaaS provider which requires proprietary techniques to delegate authentication (for example, handling trust via a shared encrypted cookie or other means) must be properly reviewed using a suitable security evaluation. By use of free software should be preferred in general. Authentication strategies for IaaS can make use of current organizational capabilities. i) Setting up a dedicated VPN for IT employees will be a preferable alternative because it would allow them to leverage existing processes and procedures. ii) Creating a private VPN tunnel towards the business network or federation is one viable approach. When an application uses current identity management systems, a 237 CU IDOL SELF LEARNING MATERIAL (SLM)

dedicated VPN tunnel works better (like a SSO solution or LDAP based authentication that provides an authoritative source of identity data). iii) When a dedicated VPN tunnel is not possible, applications must be designed to handle authentication assertions in a variety of formats (SAML, WS-Federation, etc.) in combination with traditional network encryption like SSL. Organizations can use this strategy to install federated SSO not just within their own business, but to cloud applications. iv) Whenever the application is aimed towards users outside of the organization, OpenID is another alternative. However, because OpenID credentials are controlled outside the company, the access privileges granted to such individuals should be suitably constrained. v) OATH compliance is required for every local authentication service implemented either by cloud provider. Able to avoid becoming trapped into one vendor's authentication credentials by using an OATH-compliant solution. vi) Cloud applications should enable the possibility to outsource authentication to the enterprise who is using the services, including through SAML, so designed to facilitate strong authentication (independent of technology). vii) Strong authentication mechanisms such like One Passwords, biometric, digital certificates, as well as Kerberos should all be supported by cloud providers. This will give businesses another way to make use of their existing infrastructure. Recommendations from the Federation: In a Cloud Computing context, identity federation is critical for allied companies to be able to authenticate, enable single as well as reduced Sign-On (SSO), also exchange identity attributes between both the Service Provider (SP) as well as the Identity Provider (IP) (IdP). When it comes regards identity lifecycle management, authentication techniques, token formats, and non-repudiation, organizational leaders federated identity management and in cloud should be aware of the many issues and possible ways to handle them.  When looking for a cloud provider, companies should make sure that they support at least one of the major standards (SAML and WS-Federation). SAML is becoming a widely adopted federation standard, with major SaaS & PaaS cloud providers supporting it. The ability to support different standards allows for more flexibility.  Cloud providers should be able to accept diverse identity providers' standard federation formats. However, as of this writing, most cloud providers only accept a single standard, such as SAML 1.1 or SAML 2.0. If a cloud provider wants to handle multiple federation token forms, they should consider installing a federation gateway. 238 CU IDOL SELF LEARNING MATERIAL (SLM)

 Federated Public SSO vs. Federated Private SSO is something that organizations should consider. Federated Public SSO works with the cloud provider using standards like SAML and WS-Federation, whereas Federated Private SSO uses existing SSO architecture through VPN. While Federated Public SSO will indeed be preferable in the long run, an enterprise with a mature SSO infrastructure and a tiny proportion of cloud deployments may profit from Federated Private SSO in the medium term.  To manage the issue and verification of tokens, organizations may want to use federation gateways to externalize their federation implementation. Organizations use this strategy to delegate token issuance to a federation gateway, that subsequently handles token translation through one format to the other. Recommendations for Access Control: The following factors must be considered when selecting as well as reviewing the suitability of access control systems for cloud services: i) Examine if the access control model is acceptable for both the sort of service or data. ii) Identify reliable policy as well as user profile information sources. iii) Assess support for the data privacy policies that are required. iv) Choose a format for describing policy or user information. v) Determine how policy is transmitted from a Policy Administration Point (PAP) to a Policy Decision Point (PDP). vi) Identify the method for transmitting user data from either a Policy Information Point (PIP) to a Policy Decision Point (PDP). vii) Obtain a policy decision from either a Policy Decision Point by submitting a request (PDP). viii) Just at Policy Enforcement Point, enforce the policy decision (PEP). ix) Keep track of the data you'll need for audits. Recommendations for IDaaS: Identity as a Service should adhere to the same best practices as an internal IAM solution, with additional privacy, integrity, including auditability considerations. i) Custodians must assess the cloud provider's choices for providing secure access to the cloud for internal enterprise users, via a direct VPN or via an industry standard like SAML and strong authentication. The financial savings from using the cloud must be matched against risk mitigation steps to handle the privacy concerns that come with having employee data kept outside the company. 239 CU IDOL SELF LEARNING MATERIAL (SLM)

ii) Information owners must incorporate interactions between IAM providers within their SDLC, as well as their threat assessments, including external users like partners. Application security — the interactions between the various components and the vulnerabilities that result (like SQL Injection as well as Cross Site Scripting, among others) – must also be studied and safeguarded against. iii) Customers using PaaS should look at whether IDaaS vendors offer industry standards like provisioning, authentication, policy communication, and audit information. iv) Because the lack of accountability into proprietary components, proprietary solutions pose a substantial risk to components of IAM settings in the cloud. Network protocols, encryption algorithms, including data transfer that are proprietary are frequently less secure, robust, and interoperable. It's critical to leverage open standards for both the IAM components you're externalizing. v) Third-party images used to deploy virtual servers for IaaS clients must be checked for user and image validity. A review of the image life cycle management support offered must confirm that the same principles apply just like software installed on the internal network. 15.6AAA ADMINISTRATION FOR CLOUD Authentication, authorization, as well as accounting are acronyms for AAA. AAA is a framework for limiting access to websites intelligently, enforcing policies, auditing consumption, and delivering the data needed to bill for services. The diameter-AAA computing model for cloud computing The \"Diameter-AAA Application with Authentication, Authorization, and Accounting in Cloud Applications\" is a \"Diameter-AAA Application of Authentication, Authorization, and Accounting in Cloud Applications.\" The Diameter-AAA proposed fields of application are those applications that we employed as a Diameter server for user authentication, authorization, and accounting. In addition, a Diameter client that accepts input data authenticates the user using web browsers. Furthermore, it enables the Diameter clients to authorize access to the cloud service provider's applications or services. The deployment of Diameter AAA in security management frameworks wherein there may be varying trust relationships here between cloud provider, the authentication server, and users is an essential use case. This means that the Diameter-AAA is designed to satisfy the authentication, authorization, and accounting needs of security management. As a result, only privileged users within their organization have access to the applications as well as services they need, when they need them, and at all times. 240 CU IDOL SELF LEARNING MATERIAL (SLM)

Unauthorized users are barred from using the system. These controls are much more important in Cloud systems because they serve a huge organization and multiple user groups. Diameter-AAA was required for simplify user authentication both for cloud service provider or hosted applications in order for authorized users to have speedy access to cloud services. This set of three A's (AAA) is a key cost-effective driver for Cloud Computing websites and tools that allows customers to be charged based on their actual consumption. The end user's permission request is sent to the diameter servers through the AAA cloud (Diameter Application). Based on inbound particular services reservation requests, AAA cloud entities will redirect the request to a selected Diameter-AAA server. The role of abdominal aortic aneurysm clouds (Diameter Application) is similar to that of agents, and they are in charge of: i) It is frequently used for mediation of requests from a wide range of distributed NAS instruments, and it performs actions such as relay, proxy, redirect, and Agents of translation ii) It will be in charge of handling requests and responses, as well as load reconciliation across diameter servers. iii) Because there will be multiple diameters in a cloud network, it will sort the requests for supported services reservation requests and forward them to the appropriate party.Each authentication server is unique. 15.7SUMMARY  In this chapter we have discussed various security issues that are present in the cloud computing environment and how we are defeat it with emerging concept and technologies.The security mechanism benefits in the cloud computing have been discussed briefly.  The authentication component of AAA is in charge of providing a means for users to be identified (authenticated) on the network. Login access, as well as other sorts of access, such as PPP network access, can all be included in this category. When you utilise AAA authentication, you can specify one or more authentication methods that the router should use when authenticating a particular user. For example, you could define two authentication methods: one that uses an external security server and another that uses the router's local username database if the external security server is not available. As you will learn later in the chapter, there are a variety of methods that you can use to authenticate users on your router.  The authorization function of AAA is used to restrict the actions a user can take or which services a user can access after successful authentication of the user has been 241 CU IDOL SELF LEARNING MATERIAL (SLM)

performed. For example, you might want to grant privileged EXEC access to a network administrator, but you only want him to use the debug command during his time on the network. You will be able to implement this limitation if you have AAA authority.  In order to maintain a record of events associated with authentication and authorization actions, AAA's accounting component is in charge of keeping track of them. There are many different ways to accomplish this, from something as simple as keeping track of who logs into a router and any changes in its status (such as an interface going down or the router being reloaded) to something more complex like keeping track of each command that a user executes on a router. The accounting department at AAA maintains a record of these occurrences. It is necessary to use an external AAA security server to keep the actual accounting records, which is a limitation of the accounting component. The concept of security Service Provider has been introduced and explained clearly with real world example vendors for the cloud environment.One of the most difficulties facing IT today is managing identities& access control for enterprise applications. For this issue we have cover the concept of IAM and how it will be functioning. Finally, AAA administration for cloud has been explained briefly. 15.8KEYWORDS  IDC – Internet Data Center. A data centre, often known as a data centre, is a facility, a dedicated area within such a building, or a collection of buildings that used host computer systems and related components including telecommunications or storage systems.  DSoS -In computing, a denial-of-service type of cyber in which the perpetrator attempts to render a computer or network asset unavailable to legitimate users via disrupting services of a host connected to the Internet, either momentarily or forever.  VPN-A virtual private network (VPN) stretches a secure network all over a public network, allowing people to send and read data as if their computer equipment were physically linked to the private network.  SECaaS - SECaaS is a subscription-based security service which is hosted via cloud providers.  CASB -A cloud access security broker is on-premises or cloud based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies. 242 CU IDOL SELF LEARNING MATERIAL (SLM)

15.9 LEARNING ACTIVITY 1. Give examples of how existing cloud companies solve the issue of data security. 2. Suppose if you are using a cloud service, which of the questions about security must you address? 3. Explain the baseline Identity and Access Management (IAM) criteria that cloud service stakeholders should follow, as well as the most typical critical privacy issues that may arise in the environment. 15.10UNIT END QUESTIONS A. Descriptive Questions Short Questions 1. What is meant by DDoS? 2. list out the companies in the world which are protect against cloud security services. 3. What is meant by identity provisioning? 4. List out Recommendations for Authentication in IAM. 5. What is AAA? Long Questions 1. What are some of the questions you should ask your cloud provider? 2. List out the benefits of Cloud computing security 3. What is meant by Security planning and Security boundaries? 4. Describe the role of Security service provider? 5. What is meant by IAM? Describe briefly B. Multiple Choice Questions 1. The risk of cloud deployment is mostly determined by _______________ a. service models b. deployment factors c. cost of deployment 243 CU IDOL SELF LEARNING MATERIAL (SLM)

d. time duration 244 2. ________-establishes the boundaries for each service model a. RSA stack model b. CSA stack model c. bSA stack model d. CSK stack model 3. Which of following is not a benefit of Cloud computing security? a. Flexibility b. Data security c. Availability d. Reliability 4. SECaaS stands for a. Security as a Service b. Section as a service c. Secretary as a Service d. Secrete as a Service 5. CASB stands for a. Cloud Access Security Broker b. Cloud Allow Security Broker c. Cloud Access Secrete Broker d. Cloud Access Security bolt Answers 1-a,2-a,3-b,4-a,5-a. CU IDOL SELF LEARNING MATERIAL (SLM)

15.11REFERENCES Reference book:  Cloud Computing: Principles and Paradigms, Editors: Rajkumar Buyya, James Broberg, Andrzej M. Goscinski, Wile, 2011. Websites:  https://www.softwaretestinghelp.com/cloud-security-companies/  https://technologyadvice.com/blog/information-technology/security-as-a-service-saas- software-providers/ 245 CU IDOL SELF LEARNING MATERIAL (SLM)


Teamlease Edtech Ltd (Amita Chitroda)

CU-MCA-SEM-II-Cloud Computing-Second Draft
Share
Like this book? You can publish your book online for free in a few minutes!
Create your own flipbook

TOP SEARCH

business design fashion music health life sports home marketing children

RELATED PUBLICATIONS