Overview of Cloud Architecture
Task
Regional Gardens Ltd is a company that runs a number of related gardening enterprises. It has a large display garden that it opens for public inspection a number of times a year. These enterprises include the Regional Gardens Nursery which sells plants and garden supplies to the public, and Regional Garden Planners which provides garden advice, design and consultancy services.
The company is considering the following strategic proposal:
They plan to retain the Bathurst data centre for data storage. This would entail updating their Active Directory and data storage infrastructure, and moving all other infrastructure into the Cloud.
They plan to initially move all their Web Services into the Cloud in order to provide an increased level of HA (High Availability) as well as a better degree of flexibility in supplying data to their customers and employees. This would entail changing their current web software architecture to take advantage of the flexibility and scalability that can be gained by moving to a Microservices model (this would entail the use of such services as AWS Lambda or Azure Functions, Containers, Data Services, and
Cloud Edge capability and monitoring).
They also plan to migrate their LoB (Line of Business) applications to a Cloud Infrastructure to increase their flexibility and availability.
The Board of Regional Gardens is contemplating this strategy as a way to increase the company’s flexibility and responsiveness. The Board also expects to achieve significant savings on the cost of maintaining their ICT infrastructure by closing their existing data centre. They appreciate that this would entail retraining for their existing ICT staff so that they can manage the new Cloud based infrastructure.
Regional Gardens has again approached you to advise them on this strategy. You have already advised Regional Gardens that this strategic approach will mean that they will need to ultimately design and operate a “Hybrid Cloud” methodology, where part of their data centre is “on premise” and another part in a Cloud.
Regional Gardens also plan to run a Risk and Security Workshop to assess the risks, security issues and possible methods of control that will be required with this “Hybrid Cloud” approach. You will be required to organise, run and facilitate this workshop.
The Board is also concerned about how this strategy will affect their BCP (Business Continuity Plan) and their backup and disaster recovery strategies.
Tasks
Your team has been engaged to provide a risk assessment for MetaSoft in their planned move to a Hybrid Cloud strategy.
Team Setup
This assignment is a team assignment. The rationale for using a team approach is that most IT risk management assessments are normally done by teams of between 2-5 Architects, Information Security experts, Operations and Business leaders for each problem. You will be assigned to a team and the team, as a whole, will be responsible for the development of the risk assessment.
The tasks:
Your team’s task is to prepare a report for Regional Gardens that discusses the following:
1.Describe which Cloud architectures you would employ to assist Regional Gardens to meet the Board’s strategy?
1.Describe each of the architectures that you would use, along with your reasons for deploying it.
2.Describe the benefits and issues that would be the result of your deployment of these architectures.
3.Describe the risks that you see associated with this new Hybrid Cloud and Microservices strategy. You should name and describe each risk that you identify, and then describe a possible control for the risk. This should be presented in a tabular form.
4.Describe the general Information Security steps and controls that you would recommend to the Board to secure the Hybrid Cloud. You will need to explain to the Board your reasons for recommending these particular security steps.
5.Discuss briefly what you would recommend should be included in Regional Gardens’s BCP as a result of their adoption of a Hybrid Cloud and Microservices approach. You will need to consider, as a minimum, the issues of application resilience, backup and disaster recovery in a Hybrid Cloud environment.
6.Discuss the requirements that Regional Gardens will need to consider in order to conduct remote server administration, resource management and SLA management for its proposed IaaS and PaaS instances (it may be useful to consider Morad and Dalbhanjan’s operational checklists for this section). This section should be no more than two to three pages in length.
7.The Regional Gardens board has also decided to move their eMail instance to the AWS cloud in order to begin the migration process, and test their strategy.
Overview of Cloud Architecture
The cloud architecture can be classified depending on the service model and the deployment model.
The cloud architecture can to categorized in three different kinds according to the service:
- Platform-as-service: Platform-as-service provides the run time application to the users. The users can run and develop the application using this service (Thakkar et al.,2016). One of the major platform-as-service is the IDE of some software (Tarasuk-levin et al.,2017). Google provides App Engine, which is an example of the platform-as-service.
- Infrastructure –as-service: Infrastructure-as-service provides the primary resource for the running of the processes like the virtual machine , virtual local area network and the software bundles (Chang et al.,2015). This architecture enables the virtualization of the server.
- Software-as-service: This platform ensures the users can use the software through the internet.
Public cloud: The users can access the services from the public cloud. The access right is open for all the users in case of public cloud (Chang et al.,2017). Major IT companies offer the public cloud service to the users. One of the most significant IT cloud is offered by Google. The security of the public cloud is maintained by the third party cloud providers.
Private cloud: The private cloud allows to store the data which can be accessed by the organization. The security of the private cloud can be maintained by the organization or the cloud service providing vendor (Beaty et al.,2015). However, the private cloud is more secured and equally expensive for the deployment.
Hybrid cloud: Hybrid cloud enables the merging of the public cloud and the private cloud. It is the cost effective solution for the organizations which provides the efficiency. In this model the ordinary data are stored in the public cloud, whereas the critical and confidential information are stored in the private cloud (Menzel et al.,2015). The security of the public cloud is managed by the cloud provider and the private cloud is managed by the organization.
The implementation of the hybrid cloud can be done in case of Regional Garden. The organization can migrate the partial data to the public cloud and rest of the data can be kept in the private cloud (Yangui et al.,2016). This will help to give a cost effective solution to the organization by reducing the cost of maintaining the infrastructure. The security of the private cloud can be managed by the Regional Gardens itself.
- Hybrid cloud allows the use of both public cloud and the private cloud.
- It offers the flexibility in the solution.
- Security of the cloud architecture is handled in an effective way.
- The network allows the deployment of both private cloud an d the public cloud. This makes the network more complex.
- The hybrid model is dependent on the redundancy of the network.
- It allows the sharing of the large amount of resources among the users. The solutions provided by the public cloud is inexpensive.
- The public cloud can be accessed from any part of the location.
- The use of public cloud is flexible. It enables the merging with the private cloud to create the hybrid cloud architecture.
- The security is the main concern in the public cloud architecture. The security is maintained by the cloud provider.
- The options for the customization in the public cloud is very much less in the public cloud architecture.
- The security is the major advantage of the private cloud. The data can only be accessed by the organization.
- It provides more control over the resources used by the organizations.
- The implementation of the private cloud is expensive.
- The scalability of the private cloud is limited.
|
Risks
|
Descriptions of risks
|
Solutions
|
|
Architecture design
|
The architecture and management of the architecture in the hybrid cloud is a complex thing.
|
The company can indulge a group of experts to manage the architecture of the hybrid cloud.
|
|
Risks regarding security
|
The risk with the hybrid is the security risk. The data management in the hybrid cloud is complex (Ahmad et al.,2015). The identification of the sensitive data is needed as, it cannot included in the public cloud.
|
The workers in the company are needed to be trained so that they can identify the sensitive data.
|
|
Developing the right strategy is difficult
|
There is no regulations for implementation of the cloud (Breiter et al.,2015). So, it is difficult to manage the cloud with right strategy.
|
Before giving the permission of maintaining the security to the third party cloud provider, the organization should conduct a meeting with the stakeholders.
|
|
No existing standard for the micro service deployment.
|
There is no existing regulation that will guide the process of implementation of use of micro service along with the implementation of the hybrid cloud.
|
In order to resolve the problem, the company can consult with the experts about different features of different micro services.
|
Steps for information security in hybrid cloud:
- The hybrid cloud is the combination of public and private cloud. In this case the selection of the public cloud needs to be done carefully.
- The implementation and monitoring of the cloud needs to be centralized.
- The deployment of the hybrid cloud should ensure the protection of the data. The equipments used in the implementation should be of latest technology.
- The important factors for BCP:
Challenges related to resiliency:
The resiliency and continuity in the business process is important as it will help the Regional Gardens to expand the business and will help to get the required resources. Some of the important factors regarding this attribute are-
- The use of virtualization will be increased.
- One of the major challenge is the complex data recovery system and backup and maintenance system.
- There is a chance of poor performance and unavailability of resources which can become a constraint for the growth of the business of the organization.
- Concerns for the Regional Gardens:
|
Checklist
|
Description
|
|
Billing and accounts
|
Before the implementation of the system, the evaluation of the accounts details are needed to be done.
|
|
Security management.
|
The security of the AWS and API along with the operating system is needed to be evaluated.
|
|
Managing the assets
|
The resources regarding the AWS is needed to be identified by the organizations.
|
|
Resilience
|
During the implementation of the AWS the organization should be aware of the requirements of the client.
|
|
Backup
|
The implemented AWS system is needed to be supported by the disaster recovery strategy.
|
|
Controlling and monitoring
|
The implemented AWS by the Regional Gardens is needed to manage the integrated AWS resource.
|
|
Managing the configuration
|
The AWS system should be monitored during the change in the system.
|
- Steps to migrate eMail to AWS cloud:
There are six steps for the migration of the eMail to AWS cloud:
This steps includes the asses of architecture and the cost and security. This can be regarded as the initial phase of the deployment.
The main functions in this phase includes the building of the support within the organization along with the learning about AWS.
During the migration phase the different storage section is evaluated.
The different strategy for the hybrid cloud implementation is done in this phase.
This step ensures the auto scaling and the high flexibility of the implemented system.
- Phase regarding optimization:
This phase includes the reengineering and monitoring the performance of the system after the implementation.
References
Ahmad, R. W., Gani, A., Hamid, S. H. A., Shiraz, M., Xia, F., & Madani, S. A. (2015). Virtual machine migration in cloud data centers: a review, taxonomy, and open research issues. The Journal of Supercomputing, 71(7), 2473-2515.
Beaty, K. A., Breiter, G., Lindquist, D. B., Naik, V. K., Reinhardt, H., & Schmidt, M. T. H. (2015). U.S. Patent No. 9,063,789. Washington, DC: U.S. Patent and Trademark Office.
Breiter, G., Lindquist, D. B., Naik, V. K., Reinhardt, H., & Schmidt, M. T. H. (2015). U.S. Patent No. 9,009,697. Washington, DC: U.S. Patent and Trademark Office.
Chang, D. W., Patra, A., Bagepalli, N. A., & Mestery, K. (2015). U.S. Patent No. 9,203,784. Washington, DC: U.S. Patent and Trademark Office.
Chang, D., Patra, A., Bagepalli, N., & Anantha, M. (2017). U.S. Patent No. 9,658,876. Washington, DC: U.S. Patent and Trademark Office.
Jansen, G. T. (2015). U.S. Patent No. 9,104,460. Washington, DC: U.S. Patent and Trademark Office.
Menzel, M., Ranjan, R., Wang, L., Khan, S. U., & Chen, J. (2015). CloudGenius: a hybrid decision support method for automating the migration of web application clusters to public clouds. IEEE Transactions on Computers, 64(5), 1336-1348.
Tarasuk-levin, G., Shah, R. P., Prziborowski, N. L., Raghavan, P., Liang, B. Y., & Rajagopal, H. (2017). U.S. Patent Application No. 14/839,350.
Thakkar, S., Basak, D., Maskalik, S., Srinivasan, A., & Bhagwat, A. V. (2016). U.S. Patent Application No. 14/641,314.
Yangui, S., Ravindran, P., Bibani, O., Glitho, R. H., Hadj-Alouane, N. B., Morrow, M. J., & Polakos, P. A. (2016, June). A platform as-a-service for hybrid cloud/fog environments. In Local and Metropolitan Area Networks (LANMAN), 2016 IEEE International Symposium on (pp. 1-7). IEEE.
