Task 1

PROPOSED ARCHITECTURES FOR CLOUD COMPUTING

The transition of cloud can become difficult to begin.  Since diligence is now a days customer sided hence designing and planning these transitions is also becoming difficult. It is considered to be a double edged sward that cuts in both ways. Because of this, the control on the designing, choices in technical matters, risks and the economics depends completely on the customer. Services providers have solutions to the design experience more than the customer. This has more of significance as the customer these days carries the burden of cloud computing architecture without any experience.

The foundational building blocks of the design ideas are cloud computing architectures.  To have a jump start on the solution efforts, these common design arrangements are used. And if one wants to leverage standard cloud computing patterns then the baseline architectures come in handy. The cloud service requirements are represented by patterns.to handle common architecture components and the requirements associated with them, baseline architectures is considered as useful model. Some level of storage is available on web layer, application layer and database layer, as these are the baseline compute components.in most of the designs in these modern times consist these layers of web, app and database design

• THREE-TIER-MODEL

Figure 1: THREE-TIER-MODEL

The above kind of layering is known as tiering. Three or four tiers are found in most designs. Tiers are typically the number of individual isolated layers between the environment entry point and the destination data (Borhani, 2018). For instance, a three-tier architecture consists of a web layer, app layer, and database layer. If all three layers are residing on the same virtual or physical server, it is a single-server architecture.

In this article, following topics are covered:

• Baseline architecture types
• OSI model and layer description
• Complex architecture types
• Architecting for hybrid clouds

BASELINE ARCHITECTURE TYPES:

There are many types of baseline architectures as follows.

• SINGLE SERVER

The use of one server, virtual or physical, that contains a web server, an application, and a database, represents a single server template. An example is the LAMP Stack (Linux, Apache, MySQL, PHP). Single server architectures are less common, as they have inherent security risks as one compromise can compromise all. These architectures are usually deployed for development work, enabling developers to rapidly build functionality without having to deal with connectivity and communication issues between various servers, possibly in different locations.

• SINGLE-SITE

non-redundant-cloud architecture

Figure 2: non-redundant-cloud architecture

Single-site architectures take the single server architecture and break all of the layers into their own compute instances, forming the three-tier architecture mentioned. A single-site architecture is created, by placing all the compute resources in the same location. There are two variants of single-site architectures: non- redundant and redundant.

• NON-REDUNDANT THREE-TIER ARCHITECTURES

To save on costs and resources, non-redundant three-tier architectures (at right) are used but must take a higher risk. A single failure in any component, a single point of failure, can cease traffic flowing correctly into or out of the environment (Matos, et.al, 2017). This approach is usually applied in development or testing environments only. However, this type of design is not recommended for production environments. The figure below shows each layer, or tier, as a separate server, virtual or physical.

• REDUNDANT THREE-TIER ARCHITECTURES

An another set of the same components is added for redundancy in redundant three-tier architectures. Although complexity is increased by additional design components, but it is required if designing for failover and recovery protection (Matos, et.al, 2017). A well thought out plan for the components within each layer (horizontal scaling) and also a plan for how the traffic will flow from one layer to another (vertical scaling), is required in designing redundant infrastructures.

redundant-cloud-architecture

Figure 3: redundant-cloud-architecture

1. Single points of failure

In redundant architectures, duplicate components eliminate the single point of failure present when only one device or component is present in the layer. With one component in a layer, there is only one way in and one way out. A second device adds multiple ingress and egress points to the design, eliminating the single point of failure associated with single-component layer designs.

2. Redundancy versus resiliency

The properties of resilience and redundancy are considered confusing. They cannot be interchanged even though they are associated with each other. Redundancy is defined as the measure taken to prevent a failure to happen. It implies that before the occurrence of a failure, the process of redundancy is applied. It takes its meaning from the word resolve. This means that after a problem has already occurred then only solution of that particular problem is found out.  Redundancy happen before the issue and resiliency occurs after the issue has immerged. For example, utilization of redundant databases together with replication can be utilised. If there are many components with multiple copies, then they create a redundant design. Resiliency includes the functions of self-healing and failover.

 

 

 

3. Horizontal scaling

When redundancy is added in the design then the major component in is load balancing. For redundancy in the design, more than 2 load balances can be added. Traffic patterns are controlled by load balancers.

 

4. OSI model and layer description

When we have to work on complex designs then OSI stack is considered to be a great tool. Within the design, every OSI stack has an answer which has its own purpose. The start of the designing is from the physical layer. And increases from bottom to top.it can be seen in the below given diagram.

OSI-MODEL

Figure 4: OSI-MODEL

 

For the same server there can be occurrence of collapsing of web layer and application layer. It can be a threat for security. Both the services will be compromised, if this server is compromised. Since these two layers are tightly integrated, hence there are several designs that collapse these two layers. If there is use of slow network connection then the performance of the system is less. But this performance of the system can be increased if the system bus speeds are used (Suresh, 2016).

Every single design used is built on the previous one, whether it is single server design or single site design. In the below given figure additional components are added these components can be servers or load balancers illustrating the baseline architecture. This design is sufficient enough to collapse both the layers on similar servers. There is also a primary backup which has replication in, named by database servers. RAID configurations are a part of resiliency and can impact the backing up, restoring of the data.

5. Logical and physical designs

The implemented designs can either be physical or can be logical. They have clear goals as what is represented by them. The purpose of logical diagrams is to demonstrate the logical flow of things in the design. If few of the physical connections are eliminated then it becomes easy for the viewer to concentrate on this logical flow. But, it is not necessary that all the physical layout consists details that are logical, it is also possible that physical layouts les the viewer to concentrate on physical characteristics.

• AUTO SCALING ARCHITECTURE

cloud computing has its advantage in the fact that it can consume anything that is need at the time when it is required. As the demand of application user changes through time then there is requirement of horizontal scaling. This ability is known as auto scaling (Ahuja, & Nedbal, 2019). The utilization of base tires is in between app/web tires.in the below given figure, additional server can be added depending on the demand.

auto scaling-architecture

Figure 5: auto scaling-architecture

 

 

 

 

 

 

 

 

 

Task 2

THREAT AND RISK ASSESSMENT REPORT FOR MULTI CLOUD AND MICROSERVICES

Name of the risk	description	Consequence	Fixing strategies
1.Absence of encryption	During transmission, man in the middle or eavesdropping attacks.	Incursions in communication and data	cryptographic protocols to be used. application of trustworthy VPN employ proxy server which is reliable use of SST/TLS to encrypt data that has been transmitted SSH network tunnel protocols to be used.
2.Weak  Compliance	The requirement of hybrid clouds if more because of diligence. Public and private cloud should remain within the parameters of compliance (Carvallo, et.al, 2017).	Due to movement of data in back and forth manner, there is difficulty in maintaining	coordination between two clouds is must. while handling sensitive data the clouds must work according to industry standards.
3. Fragile Security Management	Integration of cloud security protocols is must	Failed authentication, authorization procedures can led enterprise managers to run amuck	replication of controls should be done for both the clouds synchronization of security data maintaining in house data storage especially the data which is sensitive
4. Weak Data Redundancy	If the redundant copies of data is not distributed properly then there are certain risks. But if this distribution is done properly then it mitigates the damage.	IT cloud and enterprise can be at risk if there is lack of redundancy	utilization of multiple data centres from a single cloud provider
5. Insecure APIs	This vulnerability is of particular concern in enterprise mobility management and BYOD transmissions over unsecure connections.	If the API is insecure then sensitive data is at risk of attacks. These attacks manipulates person data by authentication  key	handling of API should be similar to the handling of encryption and code signing token the keys should be handled securely by third party verification of third party
6. Denial-of-Service (DoS) Attacks	If a bad SOAP OR REST request is sent then there is denial of service attacks.	If there is DOS attack then the cloud or mobile enterprise becomes inaccessible.	if the traffic is redirected then DOD attacks can be fended off by analytics the tool used for analytics should be scalable
7. Weak IP Protection	Extra protection must be provided to Intellectual property	security risks if IP is not identified and classified.	manual classification of IP. development of a structured threat model. Create a permission matrix. open source components must be hardened. audit of third party must be extensive infrastructure of network should be secure
8. Insufficient Security Risk assessment	Network administrators will not be able to determine how and when attack has happened if risk profile is not assessed	If assessment is not done then prevention of future breaches is not possible	at all the time assessment and prevention of the risks must be done. scanning of malicious traffic by IDS/IPS system activation of log monitoring use of current software
9. Poorly Defined SLAs	Of the SLA is not defined properly then customers has to relay on service provider when using the public sector	Lost ability to govern data by customer	Access permissions and protections must be clarified and security measures well-defined in the service level agreement (SLA). The same applies to expectations and requirements of the cloud service provider. Reasonable expectations of service must be clearly detailed in the Service Level Agreement so the customer has recourse if service is disrupted or data is compromised. Before signing any agreement, have it reviewed by an attorney.
10. Displeased or Mischievous Employees	Not all employees are insiders but many malicious attacks happen because there are not trustworthy employees	Sensitive data can be used to disrupt corporate activities.	Your Content Security Policy (CSP) managers must have comprehensive security measures by CPC managers. This way they can track activities of the employees strategies and creation of threat program for insiders implementation of policy consisting strong password security development of protocols for immediate response

 

References

Ahuja, R. P. S., & Nedbal, M. (2019). U.S. Patent No. 10,498,601. Washington, DC: U.S. Patent and Trademark Office.

Carvallo, P., Cavalli, A. R., Mallouli, W., & Rios, E. (2017, May). Multi-cloud applications security monitoring. In International Conference on Green, Pervasive, and Cloud Computing (pp. 748-758). Springer, Cham.

Suresh, P. (2016). Survey on seven layered architecture of OSI model. International Journal of research in computer applications and robotics, 4(8), 1.

Matos, R., Dantas, J., Araujo, J., Trivedi, K. S., & Maciel, P. (2017). Redundant eucalyptus private clouds: Availability modeling and sensitivity analysis. Journal of Grid Computing, 15(1), 1-22.

Borhani, A. H. (2018). Adaptive resource optimization of three-tier web applications running on the cloud (Doctoral dissertation).