The Cloud

Chapter 6

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-2

“No, I mean 25 cents an hour . . . and probably less.”

• Using traditional, third-party hosting service whose servers not elastic.

• Web hosting costs rising rapidly.• Lucas suggests using Web servers and databases in the cloud.• Cloud storage: $50/mo plus 25-cents per hour for processing

time used.• Need to store large 3D printing design files.• Storage requirements depends on uncertain sales volume.

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-3

Study Questions

Q1: Why is the cloud the future for most organizations?

Q2: What network technology supports the cloud?

Q3: How does the cloud work?

Q4: How do organizations use the cloud?

Q5: How can AllRoad Parts use the cloud?

Q6: How can organizations use cloud services securely?

Q7: 2025?

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-4

Q1: Why Is the Cloud the Future for Most Organizations?

• The Cloud– Elastic leasing of pooled computer resources via Internet– Elastic

Leased computing resources, dynamically increased/decreased, programmatically, organizations only pay for resources actually used

– Flexibility for unpredictable demand while limiting financial risks

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-5

Example of a Video Banner Ad Customer

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-6

Pooled

• Cloud resources pooled – Many organizations share same physical

hardware through virtualization

• Benefit from economies of scale– Average cost of production decreases as size of

operation increases– Major cloud vendors operate enormous data

centers (Web farms)

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-7

• Apple Data Center in Maiden, NC

Billion-dollar facility contains more than 500,000 sq. ft.

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-8

Why Is the Cloud Preferred to In-House Hosting?

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-9

Why Is the Cloud Preferred to In-House Hosting? (cont'd)

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-10

Why Now?

• Time-sharing vendors sold slices of computer time on a use-fee basis since 1960s

• Cloud-based hosting advantages – Cheap processors, essentially free data communication

and data storage– Instantaneous creation of new virtual machine

environments– Internet-based standards enable cloud-hosting vendors to

provide flexible, standardized processing capabilities

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-11

When Does the Cloud Not Make Sense?

• When law or standard industry practice require physical control or possession of the data.

• Financial institution might be legally required to maintain physical control over its data.

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-12

Ethics Guide: Cloudy Profit?

• Data broker (or data aggregator)

• Specialize in acquiring and analyzing market, buyer, and seller data for real estate agents

• Alliance transitioned data storage and processing from own Web farm to the cloud

• Improved speed and quality of data services at fraction of prior costs, cut in-house hardware support staff by 65%

• Plowing money back into R&D

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-13

Q2: What Network Technology Supports the Cloud?

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-14

Typical Small Office/Home

Office (SOHO) LAN

6-15

LAN Protocol

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c .

• IEEE 802.3– Wired LAN– 10/100/1000 Mbps– Ethernet

• IEEE 802.11– Wireless LAN– 802.11n– Up to 600 Mbps– Bluetooth

• 802.11ac - speeds up to 1.3 Gbps• Bluetooth

–For transmitting data short distances

–Connect computer, keyboard, mouse, printer, smartphones, automobile entertainment systems

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-16

Abbreviations Used for Communications and Computer Memory Speeds

• Communications equipment, k = 1,000, not 1,024 as for memory

• M = 1,000,000, not 1,024 × 1,024;

• G = 1,000,000,000, not 1,024 × 1,024 × 1,024. Thus, 100 Mbps =100,000,000 bits per second

• Communications speeds expressed in bits, memory sizes expressed in bytes

6-17

Connecting Your LAN to the Internet

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c .

Important ISP functions:

1.Provide legitimate Internet address

2.Gateway to Internet

3.Pay for Internet by collecting money from customers and paying access fees and other charges to telecoms

• WAN wireless average performance 500 Kbps, with peaks of up to 1.7 Mbps, as opposed to 50 Mbps for typical LAN wireless

6-18

Summary of LAN Networks

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c .

6-19

Q3: How Does the Cloud Work?

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c .

The cloud resides in the Internet

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-20

Carriers and Net Neutrality

• Message, broken into packets, moves across Internet, passing through networks owned by telecom providers known as carriers

• Peering agreements - Carriers freely exchange traffic amongst themselves without paying access fees

• Net neutrality principle, where all data is treated equally

• Problem: some people use more bandwidth than others

6-21

Internet Addressing

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c .

• Public IP addresses – Identifies a particular device on public Internet– Assigned by ICANN (Internet Corporation for

Assigned Names and Numbers– U.S. Department of Commerce no longer has oversight

over ICANN

• Private IP addresses – Identifies a device on a private network, usually a LAN– Assignment controlled within the LAN

6-22

IP Addressing: Major Benefits

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c .

1. Public IP addresses conserved when all computers on a LAN use only one public IP address.

2. Using private IP addresses, eliminates registering public IP address with ICANN-approved agencies.

6-23

Public IP Addresses and Domain Names

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c .

• IPv4

– Four decimal dotted notation ==> 165.193.123.253

• Domain name– Worldwide-unique name affiliated with a public IP address– Affiliation of domain names with IP addresses is dynamic

•URL (Uniform Resource Locator– Internet address using a protocol, such as http:// or ftp://

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-24

Two Important Points

1. Several (or many) domain names can point to same IP address

2. Affiliation of domain names with IP addresses is dynamic – Owner of a domain name can change its affiliated

IP addresses

6-25

Domain Registrar Company

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c .

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-26

Processing on a Web Server

What happens when you visit a Web site and order something, and pay for it?

6-27

Three-tier Architecture

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c .

6-28

Watch the Three Tiers in Action! Sample of Commerce Server Page

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c .

1. Commerce server requests shoe data from DBMS2. DBMS reads from database, returns data to

commerce server3. Commerce server formats Web page with data and

sends html version of page to user’s computer4. Customer places items in shopping cart5. Customer checks out, commerce server program

processes payment, schedules inventory processing, arranges shipping, email receipt to customer

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-29

SOA Analogy: Approval Request Interactions Among Three Departments

• CheckCustomerCredit• ApproveCustomerCredit

• VerifyInventoryAmount• AllocateInventory• ReleaseAllocatedInventory

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-30

Using SOA Principles, Each Department Defines:

• CheckCustomerCredit– ApproveCustomerCredit

• Inventory Department– VerifyInventoryAmount– AllocateInventory– ReleaseAllocatedInventory

• Each department formally states data it expects to receive with request and data it promises to return in response

• Every interaction is done exactly same way

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-31

Using SOA Principles: Encapsulation

• No department needs knowledge of who works in another department, or how it accomplishes its work

• Each department free to change personnel task assignments, change processes for performing its services

• AllRoad could dynamically create 1,000 Inventory Departments and Sales Department and need not change anything it does

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-32

SOA Principles Applied to Three-tier Architecture

Services• ObtainPartData• ObtainPartImages• ObtainPartQuantityOnHand• OrderPart

• JavaScript written to invoke these services correctly.

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-33

Protocols Supporting Web Services

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-34

WSDL, SOAP, XML, and JSON

WSDL (Web ServicesDescription Language)

Standard for describing services, inputs, outputs, other data supported by a Web service. Documents coded according to this standard are machine readable and can be used by developer tools for creating programs to access the service.

SOAP(no longer an acronym)

Protocol for requesting Web services and for sending responses to Web service requests.

XML(eXtensible Markup Language)

Markup language used for transmitting documents. Contains much metadata that can be used to validate format and completeness of a document, but includes considerable overhead (see Figure 6-15a).

JSON(JavaScript Object Notation)

Markup language used for transmitting documents. Contains little metadata and is preferred for transmitting volumes of data between servers and browsers. While the notation is the format of JavaScript objects, JSON documents can be processed by any language (see Figure 6-15b).

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-35

Example XML Document

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-36

Example JSON Document

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-37

Q4: How Do Organizations Use the Cloud?

Three Fundamental Cloud Types

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-38

Content Delivery Networks from Cloud Vendors

• Content delivery network (CDN) – System of hardware and software stores user data

in many different geographical locations and makes data available on demand

– Provides specialized type of PaaS, but usually considered in its own category

– Minimize latency– Used to store and deliver content seldom changed

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-39

CDN Benefits

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-40

Servers Used in a Typical CDN Service

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-41

Using Web Services Internally

AllRoad's private internet on its own infrastructure

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-42

Q5: How Can AllRoad Parts Use the Cloud?

• Some SaaS products AllRoad could use– Google Mail– Google Drive– Office 365– Salesforce.com– Microsoft CRM OnLine– many others . . .

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-43

PaaS Services from Amazon DBMS Products with Elastic Cloud 2 (EC2)

• AllRoad use CDN to distribute content worldwide and respond to leads generated from advertising.

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-44

IaaS Services at AllRoad

• Provides basic hardware in the cloud

• May acquire servers this way to load operating systems on them

• Requires considerable technical expertise and management not available in small company

• Instead, use elastic data storage services, such as Amazon S3 product

• SaaS and PaaS provide more added value to AllRoad

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-45

Q6: How Can Organizations Use Cloud Services Securely?

Remote Access Using VPN: Actual Connections

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-46

Remote Access Using VPN: Apparent Connection

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-47

Private Cloud for Inventory and Other Applications

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-48

Accessing Private Cloud over a Virtual Private Network

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-49

Using A Virtual Private Cloud

Subset of a Public Cloud With Highly Restricted, Secure Access

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-50

So What? Unexpected Geotagging

• What Is Geotagging?– Your smartphone or your digital camera

automatically adds metadata to every picture and video you take.

• Why Should I Worry About Geotagging?– How it might be harmful to you?

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-51

How Does Geotagging Work?

• iPhone with geotagging enabled

• Emailed, opened on PC using free IrfanView

• Image properties (EXIF data) contain laundry list of metadata including GPS latitude at N 40 45.41 0 (40.756833) and longitude at W 73 59.21 0 (73.986833).”

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-52

Q7: 2025

• Cloud services faster, more secure, easier to use, cheaper

• Fewer organizations set up own computing infrastructure

• More pooling of servers across organizations

• More economies of scale achieved by cloud vendors

• Individuals, small businesses, large organizations readily obtain elastic resources at very low cost

• Everything will be connected to everything else, with most data stored in the cloud

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-53

Q7: 2025 (cont'd)

• Large server farms employing few employees reduces number of small companies that install and maintain in-house email exchanges and other servers, and jobs

• Cheap, elastic cloud services enable new small startups

–Enable organizations to develop more information systems, cheaply, quickly, and increase demand for employees who know how to use and manage information systems

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-54

Q7: 2025 (cont'd)

• New categories of work• Mobile systems will be standard • More remote action systems

– Telediagnosis– Telesurgery– Telelaw enforcement– Drones and other military equipment – Live remote digital broadcasting

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-55

Security Guide: Storm Clouds

• May, 2013, Adobe implemented a new subscription licensing model and replaced Adobe Creative Suite with Adobe Creative Cloud.

• Switched from perpetual licensing model to subscription model

• Model introduces additional security risks: – Requires keeping users’ personal information,

passwords, and credit card information

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-56

Security Guide: Storm Clouds (cont'd)

• Oct. 2013: revealed credit card numbers and user login data for nearly 3 million users were stolen

– Then, number to 38 million– Week later, a massive file containing more than 150

million user accounts, apparently from Adobe, posted on AnonNews.org

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-57

Cloud Security Alliance List of Nine Threats

• Data breaches

• Data loss

• Account or service traffic hijacking

• Insecure interfaces and APIs

• Denial of service attacks

• Malicious insiders

• Abuse of cloud services

• Insufficient due diligence

• Shared technology vulnerabilities

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-58

Guide: Is It Spying or Just Good Management

• 92% of employers monitor employees’ email, telephone, and Internet use:

– Key loggers– Log files– Packet sniffers– Text mining

• First Amendment preserves free speech regarding laws Congress may enact, limited protection for federal employees, but does not protect you at work.

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-59

Active Review

Q1: Why is the cloud the future for most organizations?

Q2: What network technology supports the cloud?

Q3: How does the cloud work?

Q4: How do organizations use the cloud?

Q5: How can AllRoad Parts use the cloud?

Q6: How can organizations use cloud services securely?

Q7: 2025

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-60

Case Study 6: FinQloud Forever … Well, at Least for the Required Interval …

• (1937) Securities and Exchange Commission (SEC) set out rules that required securities brokers' records be stored on media that cannot be altered

• (2003) SEC interpreted rule to enable storage of records on read-write medium, provided it include software to prohibit data alteration

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-61

Components of the FinQloud System

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-62

FinQloud Forever … (cont'd)

• Creates “finger print” of record based on its content. If record is changed, fingerprint will indicate it was altered (original record would not be preserved)

• Ability to overwrite or erase records stored on these systems makes them non-compliant with Rule 17a-4(f)

• Excludes extrinsic controls authentication, passwords, and manual procedures

• Meets requirements of SEC’s Rule17a-3) and similar rule set out by Commodities Futures Trading Commission, when properly configured

C o p y r i g h t © 2 0 1 6 P e a r s o n E d u c a t i o n , I n c . 6-63