Itc561 Cloud Computing For Softarc Assessment Answers

SoftArc Engineering Ltd is a civil engineering company which works across Australia as well as in Indonesia, Timor-Leste and Papua New Guinea. The company is considering the following strategic proposal:

• They plan to close down the Brisbane data centre rather than update or replace the older infrastructure. The existing data and services in that data centre would be moved to the Sydney data centre, which has the most up to date infrastructure, as well as capacity to expand.
• They plan to move all their Web Services into the Cloud in order to provide an increased level of HA (High Availability) as well as a better degree of flexibility in supplying data to their customers and employees.
• They also plan to use the Cloud Infrastructure to increase flexibility and availability for some of the LoB (Line of Business) applications that will continue to run on their own internal infrastructure. However, they are hoping to take advantage of the Cloud infrastructure to help manage and balance demand on internal resource use.

The Board of SoftArc Engineering is contemplating this strategy as a way to increase the company’s flexibility and responsiveness, particularly for its remote area and overseas operations. The Board also expects to achieve significant savings on the cost of maintaining their ICT infrastructure by closing the oldest existing data centre. This would entail retiring the infrastructure in that data centre rather than having to update it.

SoftArc Engineering has again approached you to advise them on this strategy. You have already advised SoftArc Engineering that this strategic approach will mean that they will need to design and operate a “Hybrid Cloud” methodology, where part of their data centre is “on premise” and another part in a Cloud. 

SoftArc Engineering also plan to run a Risk and Security Workshop to assess the risks, security issues and possible methods of control that will be required with this “Hybrid Cloud” approach. You will be required to organise, run and facilitate this workshop.

The Board is also concerned about how this strategy will affect their BCP (Business Continuity Plan) and their backup and disaster recovery strategies.  

Answers

1. Introduction:

The SoftArc Engineering Ltd, a civil engineering company, is planning to utilize the cloud infrastructure for providing increased level of applicability and a better degree of flexibility for some of their Line of Business (LOS) operations. Moreover, the company board also incorporates the hybrid cloud methodology for achieving significant cost savings in the maintenance of their ICT infrastructure. So, this report focuses on how the hybrid cloud strategy will affect their Business Continuity Plan and their disaster recovery and backup strategies.

2. Incorporation of Hybrid Cloud Architecture for SoftArc Engineering:

For SoftArc Engineering firm which needs to achieve higher flexibility can apply the hybrid cloud strategy on Infrastructure as a Service (IaaS) architecture.

Reasons for utilising IaaS cloud Architecture:

The IaaS cloud infrastructure services are ascetic models for acquiring, auditing, and administering the infrastructures of remote datacenter like virtualized, networking, storage, and networking services such as firewalls. The users can procure IaaS based on their utilization like electricity billing (Sotomayor, Keahey & Foster, 2006).

When compared to IaaS and PaaS architectures, IaaS consumers are authoritative for administering applications, runtime, and Operating Systems. The other services provided by IaaS include databases, virtualization layer services, and messaging queues. Examples for IaaS cloud architecture include Amazon Web Services (AWS), Microsoft Azure, Google Compute Engine, Joyent, and Cisco Metapod. According to the Cisco Research in 2013, the service revenues after utilizing IaaS are increased from $ 15.6 billion to $ 35.4 billion (Nurmi, 2008).

3. Benefits of deploying IaaS cloud Architecture:

• IaaS is a cloud service where the organization utilizes a pay-as-you-consume infrastructure that leads to a cost effective solution for both the service providers and users.
• It can overcome the business challenges by reducing the burden of additional operational expenditures.
• It can be accelerate towards high-value and revenue promoting services while attaining advanced security and performance abilities.
• The customers can achieve improved service.

4. Issues of deploying Iaas Architecture:

• Achieving high scalability has certain restrictions. The IaaS architecture results in less robustness since the users have to replace hardware with various software layers, thereby appending complexity and failures.
• The absence of isolation and robustness degrades the performance.
• The security challenges will incur due to the large number of servers used for administration and the utilization of cloud for various development levels like evolution, organization, and staging. For this context, separating and securing each domain is essential because an error in master service can provide unauthorized access by means of secret pins to the entire framework (Foster, 1999).

5. Risks associated with Hybrid cloud IaaS Strategy and Solutions:

6. Security controls for securing Hybrid Cloud:

The security issues encountered in the incorporation of Hybrid cloud is not because of the hybrid cloud strategy but due to several factors like improper organizational network execution, inefficient security protocols, and ineffective management. The larger barriers for hybrid cloud include incompetent compliance, inadequacy of encryption, lack of risk assessment techniques, deficiency in data redundancy, data loss, etc.

Certain security steps and controls are required to avoid the hybrid cloud security threats listed below:

• Inadequate encryption
• Lack of Risk Assessment Techniques
• Insufficient compliance
• Inefficient security administration
• Improper Data Redundancy methods
• Deficiency in authentication and Identification
• Unsecured Application Programming Interfaces
• Denial-of-Service (DoS) and Distributed DoS Threats
• Unprotected IP
• Insufficiency in Data management
• Failures in interaction with cloud service providers
• Lack of well defined SLAs
• Data Loss
• Undefined Management methods
• Improper implementation of cross-platform tools
• Malicious Staff

The security controls for dealing with the above security threats are provide below:

Security Solution for Lack of Encryption:

• Prevent transmissions from certain threats by employing cryptographic protocols for authentication at endpoints.
• A reliable proxy server and virtual private network should be incorporated.
• All the transmissions must be encrypted with Secure Software Layer (SSL) for ensuring authentication and loss of data.
• For sending unencrypted network traffic, Security Shell network tunnel protocols should be utilized.

Security steps for insufficient assessment of security risks:

• Effective risk assessment and prevention measures should be available at all times.
• The malicious network traffic must be scanned by IDS or IPS security systems.
• The software updates are to be done periodically and log evaluation should be activated.
• The organization security can be further enhanced by utilizing reliable holistic approach.

Security controls for Improper Compliance:

• Ensure that two compliant clouds are working together.
• The clouds should meet information security organizational standards while handling confidential information.

Solution for Inefficient Security Management:

• The data controls for the incorporated clouds should be replicated.
• In-house storage management must be employed for the security of sensitive information that are not associated with public cloud.

Solution for Data Redundancy Issues:

• Multiple data centers must be utilized for single cloud service provider, multiple public cloud providers, and hybrid cloud.

Solution for Authentication and Identification failures:

• All the authorization permissions should be monitored and verified well.
• The data security is synchronized by means of IP Multimedia core Network Subsystem.

7. Application Resilience and Disaster Recovery Strategy for SoftArc Engineering BCP:

According to the vice president of cloud services at VMware ‘Mathew Lodge’, the hybrid cloud proffers certain advantages for BCP and disaster recovery. It can leads to the inexpensive disaster recovery while improving the agility and flexibility of disaster recovery.

So planning for the recovery of disasters in cloud environment allows the user to note down the failures instantly. Hence, the users have to deploy a business strategy that will match the application’s downtime tolerance.

The cloud platforms for e.g. Microsoft Azure offers geographically divided networks around the globe. These cloud platforms offer abilities that gives support to high availability and various disaster recovery cases (Sotomayor, 2009). Microsoft Azure contains application resiliency and disaster recovery features utilized in many of its cloud services. Hence, by deploying cloud platforms like Azure, the larger business continuity plan can be implemented in SoftArc organization.

The interrelated characteristics like availability, fault tolerance, and scalability contribute to the overall BCP solution. The specified owner must administer the entire disaster recovery, testing, and automation. The implementation of cloud platform like Azure can offer new capacities and additional challenges for crafting robust hybrid cloud applications that can handle failures.

8. Mechanisms for performing Remote Server Administration, Resource, and SLA Management:

The remote administration system, resource management system, and SLA management system offer integrated application programming interfaces and are offered individually as custom software applications or merged into several product suites.

The remote administration mechanism offers configuration management tools for managing cloud-based IT resources.

The remote administration mechanism can generate a portal for accessing management features of several systems including resource administration, billing management, and SLA management systems (Rochwerger, 2008).

                                                                    Figure 1: Remote Server Administration System

The tasks that can be performed by the cloud users through remote administration system are QOS monitoring, SLA fulfilment, cost management, managing security credentials, authorization management, access control management, capacity planning,

9. Steps for migrating to AWS:

Step 1: Virtual network for multi-tiered SharePoint server and active directory framework should be set up in AWS.

Step 2: The database tier must be launched. An AWS cloud enabled SQL server 2010 Amazon Machine Image is created to authorize configuration of SQL server components of Sharepoint Server farm.

Step 3: Then the application server tier is launched. This involves installing Sharepoint servers using Sharepoint windows PowerShell scripts.

Step 4: After that web Front-end tier is set up. This involves the installation of web Front-end servers for enabling work load balanced acquisition to Sharepoint web application by utilizing Sharepoint Amazon Machine Image created in the above step (Sotomayor,2008). The Amazon elastic load balancer is deployed in front of Web Front End Servers.

Step 5: This includes the configuration of SharePoint farm servers. The application server instances are configured by employing the Sharepoint technologies and Products configuration wizard.

10. AWS migration Issues:

Conclusion:

The migration from a conventional data center based technology environment to cloud-based environment has several advantages. In many cases, the better performance can be achieved by the transition from data center, to private IaaS infrastructure, followed by the migration to Hybrid IaaS cloud environment.

References:

Nurmi, D. (2008, January 8). The Eucalyptus Open-Source Cloud-Computing System. Retrieved from www.cca08.org/papers.php.

Foster, I. (1999). A Distributed Resource Management Architecture that Supports Advance Reservations and Co-Allocation. Proc. Int'l Workshop on Quality of Service, 3(2), 27-36.

Snell, Q. (2000). The Performance Impact of Advance Reservation Meta-Scheduling. Proc. Workshop Job Scheduling Strategies for Parallel Processing (IPDPS 00/ JSSPP 00), 137-153.

Sotomayor, B., Keahey, K. & Foster, I. (2006). Overhead Matters: A Model for Virtual Resource Management, Proc. 1st Int'l Workshop on Virtualization Technology in Distributed Computing (VTDC 06), 5, 2006.

Rochwerger, B. (2008). The Reservoir Model and Architecture for Open Federated Cloud Computing. IBM Systems J, 4(3), 160-178.

Sotomayor, B. (2008, February 9). Capacity Leasing in Cloud Systems using the OpenNebula Engine. Retrieved from www. cca08.org/papers.php.

Sotomayor, B. (2009). Resource Leasing and the Art of Suspending Virtual Machines. Proc. 11th IEEE Int'l Conf. High-Performance Computing and Communications (HPCC 09), 12(4), 59-68.