GOJAN SCHOOL OF BUSINESS AND TECHNOLOGY, CHENNAI-52

CCS335 - CLOUD COMPUTING

COACHING CLASS NOTES

UNIT - 1

PART - A (2 Marks)

1. Define NIST Cloud Computing.

- Cloud Computing is a pay-per-use model for enabling ubiquitous, convenient, on-demand

network access to a shared pool of cofigurable computing resources (e.g., networks, servers, storage,
appliactions and services) that can be rapidly provisioned and released with minimal management effort
or service – provider interaction.

2. Define on-demand provisioning.

- On-Demand Provisioning, is the most flexible and scalable cloud computing model that
dynamically allows cloud service providers to allocate resources to the user as needed.

- The resources may be maintained within the user’s enterprise or made available by a cloud
service provider. On-Demand Provisioning is also known as Dynamic Provisioning.

3. List the essential characteristics of Cloud Computing?

- On-demand self service - Broad network access - Reasource pooling

- Rapid elasticity - Measured service

4. List the service model of Cloud Computing?

- Software as a Service (SaaS) - Platform as a Service (PaaS) - Infrastructure as a Service (IaaS)

5. List the deployment model of Cloud Computing?

- Public Cloud - Private Cloud - Community Cloud - Hybrid Cloud

6. Why do we need hybrid cloud?

- Hybrid cloud solutions enable us to migrate and manage workloads between these various
cloud environments, allowing to create more versatile setups based on specific business needs.

- Many organizations choose to adopt hybrid cloud platforms to reduce costs, minimize risk
and extend their existing capabilities to support digital transformation efforts.

7. What is meant by IAAS in cloud computing?

- Infrastructure as a service (IaaS) is the on-demand availability of highly scalable computing

resources as services over the internet. It eliminates the need for enterprises to procure, configure, or
manage infrastructure themselves, and they only pay for what they use. - With IaaS, you rent access to
cloud infrastructure resources from a cloud service provider (CSP), including: Servers, Networking
Resources and Storage.
8. Define Platform as a service (PaaS)

- Platform as a Service (PaaS) is a type of cloud computing that helps developers to build
applications and services over the Internet by providing them with a platform.

- It includes everything needed to create, deploy, and manage applications, such as servers,
databases, development tools, and operating system software.

- Leading cloud service providers like Amazon Web Services (AWS), Google Cloud, IBM
Cloud, and Microsoft Azure offer their own PaaS solutions.

9. Define Software as a service (SaaS)

- Software as a Service (SaaS), commonly known as SaaS, is a software delivery model where
applications are provided to users over the Internet.

- SaaS allows users to connect to and use cloud-based apps without the need for local
installation. Instead of purchasing and maintaining software, you access it via the Internet.

- Some well known SaaS vendor Amazon Web Services (AWS), Microsoft Azure, IONOS,
Slack, Salesforce and Wordpress.

10. Compare public and private cloud?

PUBLIC CLOUD PRIVATE CLOUD

Public cloud infrastructure is offered via web Private cloud infrastructure is dedicated to a
applications and also as web services over Internet single organization.
to the public.

Support multiple customer. Support dedicated customer.

Full utilized of infrastructure. Does not utilize shared infrastructure.

11. What is a Cloud Deployment Model?

- A cloud deployment model defines the type of cloud environment based on ownership, size,
and access, and it dictates how the cloud services are made available to users. There are several types
of cloud deployment models, each suited for different business needs: - Public Cloud - Private Cloud
- Hybrid Cloud - Multi Cloud - Community Cloud.

- Each model offers different levels of control, flexibility, and management, which can be
chosen based on the specific needs of the business regarding privacy, scalability, and resource
utilization.

12. What is the Right Choice for Cloud Deployment Model?

- Cost: Cost is an important factor for the cloud deployment model as it tells how much amount
you want to pay for these things.

- Scalability: Scalability tells about the current activity status and how much we can scale it.

- Privacy: Privacy tells about what data you gather for the model.
PART - B (13 Marks)

1. Explain the NIST cloud computing reference architecture.

- NIST stands for National Institute of Standards and Technology. The goal is to achieve
effective and secure cloud computing to reduce cost and improve services.

- Cloud Consumer: A person or an organization that maintains a business relationship with and
uses a services from cloud providers

- Cloud Provider: A person, organization or entity responsible for making a service available
to interested parties

- Cloud auditor: A party that conduct independent assessment of cloud services, information
system operation, performance and security of cloud implementation

- Cloud broker: An entity that manages the performance and delivery of cloud services and
negotiates relationship between cloud provider and consumer.

- Cloud carrier: An intermediary that provides connectivity and transport of cloud services from
cloud providers to consumers.

2. Explain in details about Cloud Deployment Models?

- A cloud deployment model defines the type of cloud environment based on ownership, size,
and access, and it dictates how the cloud services are made available to users. There are several types
of cloud deployment models, each suited for different business needs: - Public Cloud - Private Cloud
- Hybrid Cloud - Multi Cloud - Community Cloud.

Diagram (Public, Private, Hybrid, Community and Multi Cloud) Advantages & Disadvantages

- Each model offers different levels of control, flexibility, and management, which can be
chosen based on the specific needs of the business regarding privacy, scalability, and resource
utilization.
Right Choice for Cloud Deployment Model :

• Cost: Cost is an important factor for the cloud deployment model as it tells how much amount you
want to pay for these things.

• Scalability: Scalability tells about the current activity status and how much we can scale it.

• Easy to use: It tells how much your resources are trained and how easily can you manage these models.

• Compliance: Compliance tells about the laws and regulations which impact the implementation of the
model.

• Privacy: Privacy tells about what data you gather for the model.

3. Explain in details about Models of Cloud Computing?

- Cloud Computing helps in rendering several services according to roles, companies, etc.
Cloud computing models are

- Infrastructure as a service (IaaS)

- Platform as a service (PaaS)
- Software as a service (SaaS)

IaaS :

- Infrastructure as a service (IaaS) is the on-demand availability of highly scalable computing

resources as services over the internet. It eliminates the need for enterprises to procure, configure, or
manage infrastructure themselves, and they only pay for what they use.

- With IaaS, you rent access to cloud infrastructure resources from a cloud service provider
(CSP), including: Servers, Networking Resources and Storage.

PaaS :

- Platform as a Service (PaaS) is a type of cloud computing that helps developers to build
applications and services over the Internet by providing them with a platform.

- It includes everything needed to create, deploy, and manage applications, such as servers,
databases, development tools, and operating system software.

- Leading cloud service providers like Amazon Web Services (AWS), Google Cloud, IBM
Cloud, and Microsoft Azure offer their own PaaS solutions.

SaaS :

- Software as a Service (SaaS), commonly known as SaaS, is a software delivery model where
applications are provided to users over the Internet.

- SaaS allows users to connect to and use cloud-based apps without the need for local
installation. Instead of purchasing and maintaining software, you access it via the Internet.

- Some well known SaaS vendor Amazon Web Services (AWS), Microsoft Azure, IONOS,
Slack, Salesforce and Wordpress. - (Advantages & Disadvantages of IaaS, PaaS, SaaS)
4. Explain in details about architecture of cloud computing ?

- Cloud Computing is a pay-per-use model for enabling ubiquitous, convenient, on-demand

network access to a shared pool of cofigurable computing resources (e.g., networks, servers, storage,
appliactions and services) that can be rapidly provisioned and released with minimal management effort
or service – provider interaction.

The cloud architecture is divided into 2 parts i.e. i) Frontend ii) Backend

i) Frontend - Cloud infrastrucure

ii) Backend - Application, Service, RuntimeCloud, Storage, Infrastructure, Management, Security,

Internet, Database, Networking, Analytics.

Benefits of Cloud Computing Architecture :

 Makes overall cloud computing system simpler.

 Improves data processing requirements.
 Helps in providing high security.
 Makes it more modularized.
 Results in better disaster recovery.
 Gives good user accessibility.
 Reduces IT operating costs.
 Provides high level reliability.
 Scalability.
 UNIT - 2

PART - A (2 Marks)

1. Define virtual machine?

- A VM (Virtual Machine) is a virtualized instance of a computer that can perform almost all
of the same functions as a computer, including running applications and operating systems.

- Virtual machines run on a physical machine and access computing resources from software
called a hypervisor.

2. Define a cloud virtual machine?

- A cloud virtual machine is the digital version of a physical computer that can run in a cloud.
Like a physical machine, it can run an operating system, store data, connect to networks, and do all
the other computing functions.

3. List the Advantages of cloud virtual machine?

- Low cost: It is cheaper to spin off a virtual machine in the clouds than to procure a physical
machine.

- Easy scalability: We can easily scale in or scale out the infrastructure of a cloud virtual
machine based on load.

- Ease of setup and maintenance: Spinning off virtual machines is very easy as compared to
buying actual hardware. This helps us get set up quickly.

4. What are Types of Virtualization?

i) Application Virtualization ii) Network Virtualization iii) Desktop Virtualization

iv) Storage Virtualization v) Server Virtualization vi) Data virtualization

5. Define Uses of Virtualization?

 Data-integration
 Business-integration
 Service-oriented architecture data-services
 Searching organizational data

6. What is mean by hypervisor?

- A hypervisor, also known as a virtual machine monitor or VMM, is software that creates and
runs virtual machines (VMs). A hypervisor allows one host computer to support multiple guest VMs
by virtually sharing its resources, such as memory and processing.

Types of Hypervisor –

i) TYPE-1 Hypervisor (Native Hypervisor or Bare metal hypervisor)

ii) TYPE-2 Hypervisor (Hosted Hypervisor)

7. What is Virtualized Infrastructure Manager (VIM)?

- The virtualized infrastructure manager (VIM) in a Network Functions Virtualization (NFV)

implementation manages the hardware and software resources that the service provider uses to create
service chains and deliver network services to customers.

- Allocating resources in accordance with traffic engineering rules and Providing information
for provisioning virtual infrastructure orchestration (VIO).

8. Differentiate between system VM and Process VM

- A System VM provides a complete virtual hardware platform that supports the execution of
an entire operating system (OS). Think of it as a full-fledged virtual computer. Example: VirtualBox.

- A Process VM, also known as an application virtual machine, runs as a normal application
within a host OS. It supports a single process. Example: Java Virtual Machine (JVM).

9. Mention the signification of Network Virtualization

- Network virtualization helps organizations achieve major advances in speed, agility, and
security by automating and simplifying many of the processes that go into running a data center network
and managing networking and security in the cloud.

- Reduce network provisioning time from weeks to minutes. Achieve greater operational
efficiency by automating manual processes Place and move workloads independently of physical
topology. Improve network security within the data center.

10. List the implementation levels of virtualization

 Instruction set architecture (ISA) level

 Hardware abstraction layer (HAL) level
 Operating System Level
 Library (user-level API) level
 Application level

11. Define Application virtualization

- Application-level virtualization is a technique allowing applications to be run in runtime

environments that do not natively support all the features required by such applications.

- These techniques are mostly concerned with partial file systems, libraries, and operating
system component emulation.

- Technologies that use application virtualization are hosted applications and packaged
applications.

12. Define Server virtualization

- Server virtualization is the process of dividing a physical server into multiple unique and
isolated virtual servers by means of a software application.

- Each virtual server can run its own operating systems independently. It’s beneficial in virtual
migration, reducing energy consumption, reducing infrastructural costs, etc.
PART - B (13 Marks)

1. Explain the types of virtualization.

- Virtualization involves creating a virtual version of a computing resource (such as a server,

storage device, operating system, or network) rather than relying solely on a physical resource. It allows
you to abstract and manage resources more efficiently.

Types :

 Application Virtualization
 Network Virtualization
 Desktop Virtualization
 Storage Virtualization
 Server Virtualization
 Data virtualization

Application Virtualization: Isolating applications from the underlying OS.

Network Virtualization: Creating virtual networks for better resource utilization.

Desktop Virtualization: Providing virtual desktops to end-users.

Storage Virtualization: Abstracting storage resources for flexibility.

Server Virtualization: Running multiple virtual servers on a single physical server.

Data Virtualization: provides a single customer view by combining data from various sources.

Benefits:

Resource Efficiency: Optimize hardware utilization by sharing resources among VMs.

Isolation: VMs are isolated from each other, enhancing security.

Flexibility: Easily move VMs between physical hosts.

Cost Savings: Reduce the need for dedicated hardware.

2. Differenciate between Cloud computing and Virtualization

Cloud Computing Virtualization

 Definition: Cloud computing is a client-server Definition: Virtualization creates simulated
architecture that provides on-demand resources environments from a single physical hardware
accessible via the internet. system.

Resource Provisioning: Cloud computing offers Resource Provisioning: It establishes these

pools of automated resources that users can environments by using a hypervisor to create
access as needed. multiple virtual machines (VMs).

Complexity: Setting up a cloud computing Complexity: Virtualization setup is simpler

environment can be tedious and complicated. compared to cloud computing.

Scalability: Cloud computing is highly scalable, Scalability: Virtualization is less scalable than
allowing dynamic resource allocation. cloud computing.

Flexibility: It provides great flexibility for Flexibility: It is less flexible than cloud
deploying and managing applications. computing.

Disaster Recovery: In disaster recovery

Disaster Recovery: Virtualization relies on a
scenarios, cloud computing relies on multiple
single peripheral device for disaster recovery.
machines.

Workload State: Workloads in cloud computing Workload State: Workloads in virtualization are
are typically stateless. stateful.

Cost: The total cost of cloud computing tends to Cost: The total cost of virtualization is lower than
be higher due to its extensive features. cloud computing.

Storage: Cloud computing offers unlimited Storage: Storage space depends on the physical
storage space. server capacity.

Types: Application Virtualization, Network

Types: Public, Private, Hybrid, Community & Virtualization, Desktop Virtualization, Storage
Multicloud. Virtualization, Server Virtualization & Data
virtualization

Configuration: Configuration in cloud Configuration: Configuration in virtualization is

computing is image-based. template-based.

3. Illustrate the concepts of taxonomy of virtual machine.

- Virtualization is a frame work or methodology of dividing the resources of computer into

multiple execution environments. Virtualization is an abstraction layer that decouples the physical
hardware from the operating system to deliver greater IT resource utilization and flexibility. It allows
multiple virtual machines, with heterogeneous operating systems to run in isolation, side-by-side on the
same physical machine.

- It is divided into two main categories:

i) Platform Virtualization ii) Resource Virtualization

4. Explain in detail about hypervisor and Xen architecture.

- A hypervisor, also known as a virtual machine monitor or VMM, is software that creates and
runs virtual machines (VMs). A hypervisor allows one host computer to support multiple guest VMs
by virtually sharing its resources, such as memory and processing.

Types of Hypervisor –

i) TYPE-1 Hypervisor (Native Hypervisor or Bare metal hypervisor)

ii) TYPE-2 Hypervisor (Hosted Hypervisor)

Type 1 Type 2

- Xen is an Open source hypervisor based on paravirtualization.

 UNIT - 3

PART - A (2 Marks)

1. How to implement internal N/W virtualization?

- The guest can share the same network interface of the host and use NAT.

- The VM manager can emulate and install on the host together with the driver.

2. Define desktop virtualization?

- Desktop Virtualization abstract the desktop environment available on a PC to provide access

to it using a client/server approach.

- Desktop Virtualization provide a same outcome of H/W Virtualization but serve a different
purpose.

3. What is node and pod?

- A Pod is a Kubernetes abstraction that represents a group of one or more application containers
and some shared resources for those containers.

- A Node is a worker machine in Kubernetes and may be either a virtual or a physical machine,
depending on the cluster. Each Node is managed by the Master.

4. What is VDI?

- VDI – Virtual Desktop Infrastructure VDI uses VM to provide and manage virtual desktop

- VDI hosts desktop environments on a server and deploy them to end-users on request.

5. What are the advantages of SAN?

- SAN (Storage Area Network) security, high-speed data transfer, centralized back-up.

- Better disk utilization, high-end disaster recovery, no bandwidth bottlenecks.

6. What is network migration?

- Maintain all open N/W connection without relying on forwarding mechanism on the original
host.

- To enable remote system with VM, each VM must be assigned a virtual IP address known to
other entities.

7. What is Hardware-level virtualization?

- Hardware-level virtualization is a virtualization technique that provides an abstract execution

environment in terms of computer hardware on top of which a guest operating system can be run.

- Types: i) Full Virtualization, ii) Emulation Virtualization and iii) Para Virtualization
8. Define hypervisor

- A hypervisor, also known as a virtual machine monitor or VMM, is software that creates and
runs virtual machines (VMs). A hypervisor allows one host computer to support multiple guest VMs
by virtually sharing its resources, such as memory and processing.

Types of Hypervisor –

i) TYPE-1 Hypervisor (Native Hypervisor or Bare metal hypervisor)

ii) TYPE-2 Hypervisor (Hosted Hypervisor)

9. What is Operating system-level virtualization?

- Operating system-level virtualization offers the opportunity to create different and separated
execution environments for applications that are managed concurrently.

- Differently from hardware virtualization, there is no virtual machine manager or hypervisor,

and the virtualization is done within a single operating system, where the OS kernel allows for multiple
isolated user space instances.

10. Differentiate between physical and virtual cluster

- A physical cluster is a collection of physical servers / machines interconnected by a physical

network such as a LAN.

- A virtual cluster is a collection of virtual servers / machines interconnected by a virtual

network

11. List the issues in migration process

 Memory Migration
 File System Migration
 Network Migration

12. List six steps in live migration.

PART - B (13 Marks)

1. Explain in detail about docker components.

Docker is a powerful tool for containerization, allowing developers to package applications and
their dependencies into lightweight, portable containers.
 - Docker Engine - Docker Client - Docker Daemon - Docker Image

- Docker Object - Docker Storage - Docker Networking - Docker Registry

2. Illustrate the concepts of virtual cluster and resource management.

- Virtual clusters are fully functional Kubernetes clusters that operate within a namespace of
another Kubernetes cluster. The cluster in which the virtual cluster resides is often referred to as the
“host” or “parent” cluster.

 Fast Deployment and Effective Scheduling

 High-Performance Virtual Storage
 Live VM Migration Steps and Performance
 Migration of Memory, Files and Network Resources

Dynamic Deployment of Virtual Cluster:

- Virtual clusters consist of VMs distributed across multiple physical clusters. These VMs are
interconnected logically via a virtual network. The provisioning of VMs to virtual clusters is done
dynamically, promoting server utilization and application flexibility.

3. Explain in detail about desktop virtualization.

- Desktop Virtualization abstract the desktop environment available on a PC to provide access

to it using a client/server approach. Desktop Virtualization provide a same outcome of H/W
Virtualization but serve a different purpose.

- Types of Desktop Virtualization: i)VDI ii)RDS iii)DaaS

 i) VDI (Virtual Desktop Infrastructure) segments servers into different virtual machines. VDI
provides dedicated storage, vCPU, RAM, and memory for each user, managed by a hypervisor.

ii) RDS (Remote Desktop Services) RDS allows users to remotely access Windows desktop
sessions via a shared virtual machine. Multiple users work on the same VM, reducing hardware
utilization.

iii) DaaS (Desktop-as-a-Service) DaaS delivers virtual desktops from the cloud. Users access
their desktop environments over the internet. It’s a flexible solution, especially for businesses seeking
scalability and simplified management.

4. Explain in detail about containers with advantages & disadvantages.

- Containers are lightweight packages of software that contain all the necessary elements to run
in any environment. They virtualize the operating system, allowing applications to run consistently from
a private data center to the public cloud or even on a developer’s personal laptop.

Key Characteristics: - Lightweight and Portable - Isolation and Abstraction

- Workload Portability - Efficient Resource Utilization

Advantages:

- Enhanced Portability and Compatibility - Advanced Scalability and Orchestration

- Consistency Across Development Lifecycle - Resource Efficiency and Cost Reduction

Disadvantages: - Security Concerns and Solutions.

 UNIT - 4

PART - A (2 Marks)

1. Define GAE?

- Google App Engine (GAE) is a powerful platform-as-a-service (PaaS) cloud computing

solution offered by Google. GAE offers PaaS platform supporting various cloud and web application.

- It enables users to run their applications on a large number of data centers associated with
Google’s search engine operations.

2. List the key services of OpenStack?

- OpenStack is a powerful open-source cloud computing platform that enables the creation and
management of cloud infrastructure for both public and private clouds.

- Key services - Compute, identity, networking image, block storage, Object storage, telemetry,
orchestration and DB services.

3. What is AWS ecosystem?

- AWS (Amazon Web Services) Amazon Web Services ecosystem is a cloud computing service
that makes it easy to build scalable and reliable applications, websites, and services.

- It makes it easy for businesses to develop, deploy and extend their software, as well as store
data.

4. What are azure queues?

- Azure Queue Storage is a service for storing large numbers of messages.

- A queue message can be up to 64 KB in size. A queue may contain millions of messages, up

to the total capacity limit of a storage account.

5. List the AWS Services?

- Amazon EC2 - AWS Lambda - AWS Elastic Beanstalk - Amazon RDS

- Amazon Route 53 - Amazon S3 - Amazon Glacier - Amazon Dynamo DB

6. List the Features of GAE?

- Language Support - Flexibility - Diagnostics - Automatic Scaling

- Traffic Splitting - Security - Flexible Environment - Persistent Storage

7. Describe about Eucalyptus

- Eucalyptus is an open-source cloud computing software architecture based on Linux that

offers Infrastructure as a Service (IaaS) and a storage platform. It delivers fast and effective computing
services and is designed to be compatible with Amazon's EC2 cloud and Simple Storage Service (S3).
 - Eucalyptus Command Line Interfaces (CLIS) have the capability to manage both Amazon
Web Services and private instances.

8. List different types of computing environment

- Mainframe - Client-Server - Cloud Computing - Mobile Computing - Grid Computing

9. Write short note on Amazon EC2?

- Amazon Elastic Compute Cloud (Amazon EC2) is a cloud-based web service that offers a
secure and scalable computing capacity.

- It allows organizations to customize virtual compute capacity in the cloud, with the flexibility
to choose from a range of operating systems and resource configurations such as CPU, memory, and
storage.

10. Mention the advantages of Dynamo DB

- Amazon DynamoDB is a NoSQL database service that offers fast and flexible storage for
applications requiring consistent, low-latency access at any scale.

- It's fully managed and supports both document and key-value data models.

11. What is Microsoft Azure?

- Azure is a cloud platform developed by Microsoft, similar to Google Cloud and Amazon Web
Services (AWS). It provides access to Microsoft's resources, such as virtual machines, analytical and
monitoring tools, and fast data processing.

- Azure is a cost-effective platform with simple pricing based on the "Pay As You Go" model,
which means the user only pay for the resources the user use.

12. List the three modes of network component in Eucalyptus

i) Static mode, which allocates IP addresses to instances.

ii) System mode, which assigns a MAC address and connects the instance's network interface
to the physical network via NC.

iii) Managed mode, which creates a local network of instances.

PART - B (13 Marks)

1. Explain the important AWS services.

- Amazon Web Services (AWS) is a comprehensive cloud computing platform that offers a
wide range of services to help businesses and developers build, deploy, and manage applications and
infrastructure.

- Compute Services: Amazon EC2 (Elastic Compute Cloud): Provides virtual servers for
building, deploying, and scaling applications. AWS Lambda: Allows running code without managing
servers (serverless computing).
 - Storage: Amazon S3 (Simple Storage Service): Web data storage for archiving data. Amazon
EBS (Elastic Block Store): Persistent block storage volumes for EC2 instances.

- Databases: Amazon RDS (Relational Database Service): Cost-efficient, secure, and scalable
relational databases. Amazon DynamoDB: Fully managed NoSQL database.

- Networking and Content Delivery: Amazon VPC (Virtual Private Cloud): Isolated network
environments. Amazon CloudFront: Content delivery network (CDN) for faster content distribution.

- Developer Tools: AWS CodeDeploy: Automates code deployments. AWS CodePipeline:

Continuous delivery service. AWS CloudFormation: Infrastructure as code (IaC) for resource
provisioning.

- Machine Learning and AI: Amazon SageMaker: Managed machine learning service.
Amazon Rekognition: Image and video analysis. Amazon Polly: Text-to-speech service.

- Analytics and Big Data: Amazon Redshift: Data warehousing. Amazon EMR (Elastic
MapReduce): Big data processing. Amazon Kinesis: Real-time data streaming.

- Security and Compliance: AWS Identity and Access Management (IAM): User access
control. AWS Key Management Service (KMS): Encryption key management. AWS Shield: DDoS
protection.

- IoT (Internet of Things): AWS IoT Core: Connects devices to the cloud. AWS Greengrass:
Edge computing for IoT devices.

- Serverless and Containers: AWS Fargate: Serverless container management. AWS Step
Functions: Workflow automation.

2. Illustrate the concepts of eucalyptus and its components

- Eucalyptus is an open-source cloud computing software architecture based on Linux that

offers Infrastructure as a Service (IaaS) and a storage platform. It delivers fast and effective computing
services and is designed to be compatible with Amazon's EC2 cloud and Simple Storage Service (S3).

- Eucalyptus Command Line Interfaces (CLIS) have the capability to manage both Amazon
Web Services and private instances.
 - Components of Eucalyptus:

i) Node Controller ii) Cluster Controller

iii) Storage Controller iv) Cloud Controller

3. Explain in detail about GAE and its architecture.

- Google App Engine (GAE) is a powerful platform-as-a-service (PaaS) cloud computing

solution offered by Google. GAE offers PaaS platform supporting various cloud and web application.
It enables users to run their applications on a large number of data centers associated with Google’s
search engine operations.

- GAE Architecture: GFS is used for storing large amounts of data. MapReduce is for use in
application program development. Chubby is used for distributed application lock services. BigTable
offers a storage service for accessing structured data.

- Users can interact with Google applications via the web interface provided by each application.

- Third-party application providers can use GAE to build cloud applications for providing services.

- Features
 Language Support
 Flexibility
 Diagnostics
 Traffic Splitting
 Security
 Flexible Environment

- Advantages & Disadvantages of GAE

4. Explain in detail about Microsoft Azure and its services?

- MS Azure is a cloud platform developed by Microsoft, similar to Google Cloud and Amazon
Web Services (AWS). It provides access to Microsoft's resources, such as virtual machines, analytical
and monitoring tools, and fast data processing.

- MS Azure is a cost-effective platform with simple pricing based on the "Pay As You Go"
model, which means the user only pay for the resources the user use.

- MS Azure Services: i) IaaS ii) PaaS iii) SaaS

 - Software as a Service (SaaS): Azure offers ready-to-use software applications accessible via
the cloud.

- Platform as a Service (PaaS): Developers can build and deploy applications without managing
the underlying infrastructure.

- Infrastructure as a Service (IaaS): Provides virtualized computing resources (such as virtual

machines) on-demand.

- Advantages & Disadvantages of MS Azure.

 UNIT - 5

PART - A (2 Marks)

1. What is a virtualization attack?

- Virtualization Attacks One of the top cloud computing threats involves one of its core enabling
technologies: virtualization.

- In virtual environments, the attacker can take control of virtual machines installed by
compromising the lower layer hypervisor.

2. What are the different types of VM attacks?

- Virtualization introduces serious threats to service delivery such as Denial of Service (DoS)
attacks, Cross-VM Cache Side Channel attacks, Hypervisor Escape and Hyper-jacking.

- One of the most sophisticated forms of attack is the cross-VM cache side channel attack that
exploits shared cache memory between VMs.

3. What is guesthopping?

- Guest-hopping attack: In this type of attack, an attacker will try to get access to one virtual
machine by penetrating another virtual machine hosted in the same hardware.

- One of the possible mitigations of guest hopping attack is the Forensics and VM debugging
tools to observe the security of cloud.

4. What is a hyperjacking attack?

- Hyperjacking is an attack in which a hacker takes malicious control over the hypervisor that
creates the virtual environment within a virtual machine (VM) host.

5. How does a hyperjacking attack work?

- Hyperjacking is an attack in which an adversary takes malicious control over the hypervisor
that creates the virtual environment within a virtual machine (VM) host.

6. What is data security and storage in cloud computing?

- Cloud data security is the practice of protecting data and other digital information assets from
security threats, human error, and insider threats. It leverages technology, policies, and processes to
keep your data confidential and still accessible to those who need it in cloud-based environments

7. What are the 5 components of data security in cloud computing?

- Visibility - Exposure Management - Prevention Controls

- Detection - Response

8. What is cloud storage and its types?

- There are three main cloud storage types: object storage, file storage, and block storage. Each
offers its own advantages and has its own use cases.
9. What are the four principles of data security?

- There are many basic principles to protect data in information security. The primary principles
are confidentiality, integrity, accountability, availability, least privilege, separation of privilege, and
least common mechanisms. The most common security principle is CIA triad with accountability.

10. What is the definition if IAM?

- Identity and access management (IAM) ensures that the right people and job roles in your
organization (identities) can access the tools they need to do their jobs. Identity management and access
systems enable your organization to manage employee apps without logging into each app as an
administrator.

11. What are the challenges of IAM?

- Lack of centralized view

- Difficulties in User Lifecycle Management Keeping

- Application Integrations Updated Compliance

- Visibility into Third Party SaaS Tools

12. What is the principle of IAM?

- Identity and Access Management (IAM), A principal of IAM is a human user or workload
that can make a request for an action or operation on an AWS resource. After authentication, the
principal can be granted either permanent or temporary credentials to make requests to AWS, depending
on the principal type.

PART - B (13 Marks)

1. What is virtual migration attacks?

- A virtual migration attack is a cybersecurity threat that targets the virtualization layer in cloud
computing environments.
Types of Virtual Migration Attacks:

- VM Migration Attacks: These attacks exploit vulnerabilities during the migration process of
VMs. Migration serves various purposes, including power management, load balancing, fault tolerance,
and system maintenance.

- Migrant Attack: A specific type of VM migration attack deliberately manipulates resource

usage within a malicious VM to trigger live migration. Even if VMs on the same physical machine are
isolated through virtualization, a malicious VM can still impact the availability of co-located VMs.

Mitigation Strategies:

- To defend against side-channel attacks, virtual machine migration is commonly used. By

migrating VMs, attackers are prevented from realizing co-resident VMs, ensuring data security and
privacy protection in edge computing scenarios based on the Internet of Things.

2. Explain in detail about IAM architecture?

- Identity and access management (IAM) ensures that the right people and job roles in your
organization (identities) can access the tools they need to do their jobs. Identity management and access
systems enable your organization to manage employee apps without logging into each app as an
administrator.

Components of IAM:

- Users - Role - Groups - Policies

IAM Identities Classified As:

- IAM Users: Represent individual users with specific permissions.

- IAM Groups: Group users together for easier access management.

- IAM Roles: Used for granting permissions to AWS services or external entities.

- Root User: The initial superuser with unrestricted rights.

3. What are the challenges of cloud data security?

- Cloud data security presents several challenges that organizations must address to protect their
sensitive information.

i) Unmanaged Attack Surface:

Challenge: As organizations adopt microservices and deploy workloads in the cloud, the attack
surface can expand significantly. Each workload adds to this surface, potentially exposing infrastructure
in ways that might not be immediately apparent

ii) Human Error:

Challenge: According to Gartner, 99% of all cloud security failures through 2025 will be due
to some level of human error. Mistakes during configuration, mismanagement of permissions, or
accidental exposure of sensitive data can lead to security breaches.

iii) Misconfiguration:

Challenge: Improperly configured cloud resources can leave data open and unprotected.
Misconfigurations may occur due to lack of expertise, haste, or oversight.

iv) Lack of Cloud Security Strategy and Skills:

Challenge: Traditional data center security models do not directly translate to the cloud.
Organizations often lack a comprehensive cloud security strategy.

v) Data Visibility and Control:

Challenge: Maintaining control over data security becomes more challenging due to dynamic
provisioning and de-provisioning of cloud resources.

vi) Identity and Access Management (IAM):

Challenge: Managing user identities, permissions, and access across multiple cloud services
can be complex.

vii) Shadow IT:

Challenge: Employees may use unauthorized cloud services or applications without IT’s
knowledge. This can lead to unsecured data and compliance issues.

4. Explain in detail about Cloud Security Threats?

- A threat is an attack against your cloud assets that tries to exploit a risk. Four common threats
faced by cloud security: i) Traffic Eavesdropping: it occurs when a user connects to a network in
which traffic is not secured or encrypted and sends sensitive business data to a colleague.
ii) Malicious Intermediary: It arises when messages are intercepted and altered by a malicious service
agent. The confidentiality and/or integrity of the message are hereby compromised.

iii) DoS (Denial of Service): is a type of cyber attack designed to disable, shut down or disrupt a
network, website or service.

iv) Insufficient Authorization: when an application does not perform adequate authorization checks
to ensure that the user is performing a function or accessing data in a manner consistent with the
security policy.