Cloud Architecture And Security Essay For SoftArc Engineering Ltd.

Description of the SaaS architecture along with proper reason behind its deployment

SoftArc Engineering Ltd is a civil engineering company which works across Australia as well as in Indonesia, Timor-Leste and Papua New Guinea. The company is considering the following strategic proposal:

They plan to close down the Brisbane data centre rather than update or replace the older infrastructure. The existing data and services in that data centre would be moved to the Sydney data centre, which has the most up to date infrastructure, as well as capacity to expand.
They plan to move all their Web Services into the Cloud in order to provide an increased level of HA (High Availability) as well as a better degree of flexibility in supplying data to their customers and employees.

They also plan to use the Cloud Infrastructure to increase flexibility and availability for some of the LoB (Line of Business) applications that will continue to run on their own internal infrastructure. However, they are hoping to take advantage of the Cloud infrastructure to help manage and balance demand on internal resource use.

The Board of SoftArc Engineering is contemplating this strategy as a way to increase the company’s flexibility and responsiveness, particularly for its remote area and overseas operations. The Board also expects to achieve significant savings on the cost of maintaining their ICT infrastructure by closing the oldest existing data centre. This would entail retiring the infrastructure in that data centre rather than having to update it.

SoftArc Engineering has again approached you to advise them on this strategy. You have already advised SoftArc Engineering that this strategic approach will mean that they will need to design and operate a “Hybrid Cloudâ€Â methodology, where part of their data centre is “on premiseâ€Â and another part in a Cloud.

SoftArc Engineering also plan to run a Risk and Security Workshop to assess the risks, security issues and possible methods of control that will be required with this “Hybrid Cloudâ€Â approach. You will be required to organise, run and facilitate this workshop.

The Board is also concerned about how this strategy will affect their BCP (Business Continuity Plan) and their backup and disaster recovery strategies.

Your task is to prepare a report for SoftArc Engineering that discusses the following:

Describe which Cloud architectures you would employ to assist SoftArc Engineering meet the Board’s strategy?

Describe each of the architectures that you would use, along with your reasons for deploying it.

Describe the benefits and issues that would be the result of your deployment of these architectures. 

Describe the risks that you see associated with this new Hybrid Cloud strategy. You should name and describe each risk that you identify, and then describe a possible control for the risk. This may be presented in a tabular form. 

Describe the general Information Security steps and controls that you would recommend to the Board to secure the Hybrid Cloud. You will need to explain to the Board your reasons for recommending these particular security steps.

Discuss briefly what you would recommend should be included in SoftArc Engineering’s BCP as a result of their adoption of a Hybrid Cloud approach. You will need to consider, as a minimum, the issues of application resilience, backup and disaster recovery in a Hybrid Cloud environment. 

Discuss the requirements that SoftArc Engineering will need to consider in order to conduct remote server administration, resource management and SLA management for it’s proposed IaaS and PaaS instances.(it may be useful to consider Morad and Dalbhanjan’s operational checklists for this section). 

The SoftArc Engineering board has decided, as an initial step, to move their SharePoint instance and their SQL Server 2012 Database servers to the AWS cloud in order to begin the migration process, and test their strategy.

Describe the steps that you would include in the plan to migrate these services. 

What are the critical points and issues that you see occurring at each of these steps? Explain why you see these points or issues as critical. 

 In order to meet the board strategy, SoftArc Engineering Company must adopt Software as a Service Architecture.

The cloud architecture, which is found to be most appropriate for the SoftArc Company, is software as a service architecture, which is considered as one of the software delivering as well as licensing model in which proper software is licensed that is dependent on proper subscription (Toosi, Calheiros & Buyya, 2014).

The reason that exists between the deployments of the architecture is many. It is analyzed that the architecture of Software as a Service can be implemented in a very short time-period. The architecture is quite helpful in upgrading as well as maintaining both the systems as well as software for achieving effective customization. The model is found to be proper for the SoftArc Company, as it is quite flexible in meeting various needs as well as requirements of the organization.

 The benefits as well as challenges that generally occur due to deployment include:

Benefits: The architecture of SaaS is considered proper for SoftArc Company as it helps in maintaining as well as upgrading both the software as well as system appropriately that further helps in achieving effective customization (Sanaei et al., 2014). The architecture can be effectively up and down for maintaining various requirements as well as needs of the customers. By using the SaaS architecture, the users can easily access information as well as data as appropriate information are always available as it is connected with the internet.

Issues: The organization can also face number of challenges by using the SaaS architecture. It is analyzed that one the most important challenge is security problems (Lian, Yen and Wang, 2014).  The cloud architecture does not provide appropriate security as well as privacy to the architecture of the cloud.

  The various risks as well as associated control measures include:

 Improper data redundancy: Improper well-publicized outrages assist in highlighting various types of risks that are helpful in executing the application in a particular data centre.

Solution:  In order to mitigate this problem, proper redundancy must be implemented in the data centre with the help of single appropriate provider (Ercolani, 2013).

Inappropriate security management: It is analyzed that both public as well as private cloud is needed in order to provide appropriate security as well as authentication.

Solution: In order to integrate the cloud, either the control is replicated or the data is kept under proper synchronization that helps in providing appropriate single service to the entire system (Botta et al., 2016).

 The general information security steps include:

Proper security risk assessment: The problem can be mitigated by using proper risk prevention as well as risk assessment methodology. The risks or problems can also be resolved by maintaining appropriate log monitoring.

Effective security management: Effective security management is offered either by replicating the control to the cloud or by managing appropriate data storage for sensitive data (Almorsy, Grundy & Muller, 2016).

Appropriate data redundancy: Appropriate data redundancy is generally implemented by using numerous data centers for resolving the issues that are associated with it.

Benefits as well as issues that occur due to deployment

 The various types of recommendation, which are provided to the company for the adoption of hybrid cloud, include:

Backup: With the help of hybrid cloud, the organization can backup previous data whenever required (Kern, 2014).  This facility is considered very beneficial as it helps in backing up important data whenever needed.

Disaster Recovery: With the adoption of appropriate hybrid cloud, the organization receives the facility of data recovery. With the help of this facility, the organization can recover important data as well as information when they lost the data due to some problem.

Application of resilience: Application of resilience is considered as the ability, which assists in resuming proper execution (Avram,  2014). This facility is provided by hybrid cloud and it cannot be achieved within the infrastructure of web.

 The various requirement of the company include:

Remote server administration: The requirements include proper system understanding, appropriate administration as well as proper system determination. It assists in setting up a system that is very much fast, easier to maintain as well as it does not put much strain on budgets.

SLA management: The needs as well as requirements that is required to be considered by SoftArc Company include service pricing, discounting strategies, information about various service description reporting to the customer and more (Tao et al., 2014). It is identified that entire information are helpful in conducting appropriate SLA management within the organization as it generally provides appropriate alignment between the goals of the business as well as to the IT investments.

Resource Management: The various types of requirements, which are need by the SoftArc Engineering Company, include time optimization, proper availability of resources, tracking resource utilization and response towards the changes in the project (Lian, Yen and Wang, 2014).  Appropriate management of resources with the help of proposed PaaS as well as IaaS helps in providing fast information access, simple user experience as well as providing important information to the SoftArc engineering company.

Discussion on the steps, which are included in the plan for moving the services

  The steps include:

Migration plan: Appropriate planning is needed before migrating the SQL server as well as SharePoint. It includes appropriate definition of scope with appropriate resources as well as timelines.

Architecture plan: Appropriate plan must be created with the help of features that include taxonomy, permission as well as customization (Ercolani, 2013).

Appropriate customization: The plan is mainly migrated with the help of proper customization as well as integration.

Content migration: It is analyzed that both the content of the ShrePoint as well as server SQL should be migrated according to the source as well as target.

Migration verification: After the completion of the migration, it must be verified properly (Kern, 2014).

The steps include:

Migration plan: The activities of planning phase are very much complex as well as dependent and it is one of the important issues.

Architecture plan: Improper planning of information architechture sometimes raises issues.

Appropriate customization: It is very much significant to understand both customization as well as integration appropriately and therefore it causes problems in transforming data during various data migration (Almorsy, Grundy & Muller, 2016).

Content migration: Inappropriate migration of content creates problem, which include rebranding, inappropriate validation and more.

Migration verification: If the procedure of migration is not conducted properly then it is very much difficult to move the content in the new environment (Botta et al,2016).

References

Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.

Avram, M.G., 2014. Advantages and challenges of adopting cloud computing from an enterprise perspective. Procedia Technology, 12, pp.529-534.

Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing and internet of things: a survey. Future Generation Computer Systems, 56, 684-700

Ercolani, G. (2013). Cloud Computing Services Potential Analysis. An integrated model for evaluating Software as a Service. Cloud Computing, 77-80.

Kern, R. (2014). Introduction. In Dynamic Quality Management for Cloud Labor Services (pp. 3-7). Springer International Publishing.

Lian, J.W., Yen, D.C. and Wang, Y.T., 2014. An exploratory study to understand the critical factors affecting the decision to adopt cloud computing in Taiwan hospital. International Journal of Information Management, 34(1), pp.28-36.

Sanaei, Z., Abolfazli, S., Gani, A., & Buyya, R. (2014). Heterogeneity in mobile cloud computing: taxonomy and open challenges. IEEE Communications Surveys & Tutorials, 16(1), 369-392.

Tao, F., Cheng, Y., Da Xu, L., Zhang, L., & Li, B. H. (2014). CCIoT-CMfg: cloud computing and internet of things-based cloud manufacturing service system. IEEE Transactions on Industrial Informatics, 10(2), 1435-1442.

Toosi, A. N., Calheiros, R. N., & Buyya, R. (2014). Interconnected cloud computing environments: Challenges, taxonomy, and survey. ACM Computing Surveys (CSUR), 47(1), 7.