This is the second post on What is cloud computing. In previous post we have learn about what is the cloud computing and how its work. We have also study about its architecture, Infrastructure Components and its various model. In this post we will study on iaas, paas IDaas Naas and saas.
IaaSprovides access to fundamental resources such as physical machines, virtual machines, virtual storage,
etc., Apart from these resources, the IaaS also offers:
- Virtual machine disk storage
- Virtual local area network (VLANs)
- Load balancers
- IP addresses
- Software bundles
All of the above resources are made available to end user via server virtualization. Moreover, these resources
are accessed by the customers as if they own them. All of the above resources are made available to end user via server virtualization. Moreover, these resources are accessed by the customers as if they own them.
IaaS allows the cloud provider to freely locate the infrastructure over the Internet in a cost-effective manner. Some of the key benefits of IaaS are listed below:
- Full Control of the computing resources through Administrative Access to VMs.
- Flexible and Efficient renting of Computer Hardware.
- Portability, Interoperability with Legacy Applications.
FULL CONTROL OVER COMPUTING RESOURCES THROUGH ADMINISTRATIVE ACCESS TO VMS
IaaS allows the consumer to access computing resources through administrative access to virtual machines in the following manner:
- Consumer issues administrative command to cloud provider to run the virtual machine or to save data on cloud’s server.
- Consumer issues administrative command to virtual machines they owned to start web server or installing new applications.
FLEXIBLE AND EFFICIENT RENTING OF COMPUTER HARDWARE
IaaS resources such as virtual machines, storages, bandwidth, IP addresses, monitoring services, firewalls, etc., all are made available to the consumers on rent. The consumer has to pay based the length of time a consumer retains a resource. Also with administrative access to virtual machines, the consumer can also run any software, even a custom operating system.
PORTABILITY, INTEROPERABILITY WITH LEGACY APPLICATIONS
It is possible to maintain legacy between applications and workloads between IaaS clouds. For example, network applications such as web server, e-mail server that normally runs on consumer-owned server hardware can also be run from VMs in IaaS cloud.
IaaS shares issues with PaaS and SaaS, such as Network dependence and browser based risks. It also have some specific issues associated with it. These issues are mentioned in the following diagram:
COMPATIBILITY WITH LEGACY SECURITY VULNERABILITIES
Because IaaS offers the consumer to run legacy software in provider’s infrastructure, therefore it exposes consumers to all of the security vulnerabilities of such legacy software.
VIRTUAL MACHINE SPRAWL
The VM can become out of date with respect to security updates because IaaS allows the consumer to operate the virtual machines in running, suspended and off state. However, the provider can automatically update such VMs, but this mechanism is hard and complex.
ROBUSTNESS OF VM-LEVEL ISOLATION
IaaS offers an isolated environment to individual consumers through hypervisor. Hypervisor is a software layer that includes hardware support for virtualization to split a physical computer into multiple virtual machines.
DATA ERASE PRACTICES
The consumer uses virtual machines that in turn uses the common disk resources provided by the cloud provider. When the consumer releases the resource, the cloud provider must ensure that next consumer to rent the resource does not observe data residue from previous consumer.
Here are the characteristics of IaaS service model:
- Virtual machines with pre-installed software.
- Virtual machines with pre-installed Operating Systems such as Windows, Linux, and Solaris.
- On-demand availability of resources.
- Allows to store copies of particular data in different locations.
- The computing resources can be easily scaled up and down.
Cloud Computing Platform as a Service(PaaS)
PaaS offers the runtime environment for applications. It also offers development & deployment tools, required to develop applications. PaaS has a feature of point-and-click tools that enables non-developers to create web applications.
Google’s App Engine, Force.com are examples of PaaS offering vendors. Developer may log on to these websites and use the built-in API to create web-based applications.
But the disadvantage of using PaaS is that the developer lock-in with a particular vendor. For example, an application written in Python against Google’s API using Google’s App Engine is likely to work only in that environment. Therefore, the vendor lock-in is the biggest problem in PaaS.
The following diagram shows how PaaS offers an API and development tools to the developers and how it helps the end user to access business applications.
Following are the benefits of PaaS model:
LOWER ADMINISTRATIVE OVERHEAD
Consumer need not to bother much about the administration because it’s the responsibility of cloud provider.
LOWER TOTAL COST OF OWNERSHIP
Consumer need not purchase expensive hardware, servers, power and data storage.
It is very easy to scale up or down automatically based on application resource demands.
MORE CURRENT SYSTEM SOFTWARE
It is the responsibility of the cloud provider to maintain software versions and patch installations.
Like SaaS, PaaS also place significant burdens on consumer’s browsers to maintain reliable and secure connections to the provider systems. Therefore, PaaS shares many of the issues of SaaS. However, there are some specific issues associated with PaaS as shown in the following diagram:
LACK OF PORTABILITY BETWEEN PAAS CLOUDS
Although standard languages are used yet the implementations of platforms services may vary. For example, file, queue, or hash table interfaces of one platform may differ from another, making it difficult to transfer workloads from one platform to another.
EVENT BASED PROCESSOR SCHEDULING
The PaaS applications are event oriented which poses resource constraints on applications, i.e., they have to answer a request in a given interval of time.
SECURITY ENGINEERING OF PAAS APPLICATIONS
Since the PaaS applications are dependent on network, PaaS applications must explicitly use cryptography and manage security exposures.
Here are the characteristics of PaaS service model:
- PaaS offers browser based development environment. It allows the developer to create database and edit the application code either via Application Programming Interface or point-and-click tools.
- PaaS provides built-in security, scalability, and web service interfaces.
- PaaS provides built-in tools for defining workflow and approval processes and defining business rules.
- It is easy to integrate with other applications on the same platform.
- PaaS also provides web services interfaces that allow us to connect the applications outside the platform.
Based on the functions, the PaaS can be classified into four types as shown in the following diagram:
STAND-ALONE DEVELOPMENT ENVIRONMENTS
The Stand-alone PaaS works as an independent entity for a specific function. It does not include licensing, technical dependencies on specific SaaS applications.
APPLICATION DELIVERY-ONLY ENVIRONMENTS
The Application Delivery PaaS includes on-demand scaling and application security.
OPEN PLATFORM AS A SERVICE
Open PaaS offers an open source software that helps a PaaS provider to run applications.
ADD-ON DEVELOPMENT FACILITIES
The Add-on PaaS allows to customize the existing SaaS platform.
Cloud Computing Software as a Service(SaaS)
Software as a Service (SaaS) model allows to provide software application as a service to the end users. It refers to a software that is deployed on a hosted service and is accessible via Internet. There are several SaaS applications, some of them are listed below:
- Billing and Invoicing System
- Customer Relationship Management (CRM) applications
- Help Desk Applications
- Human Resource (HR) Solutions
Some of the SaaS applications are not customizable such as an Office Suite. But SaaS provides us Application Programming Interface (API), which allows the developer to develop a customized application.
Here are the characteristics of SaaS service model:
- SaaS makes the software available over the Internet.
- The Software are maintained by the vendor rather than where they are running.
- The license to the software may be subscription based or usage based. And it is billed on recurring basis.
- SaaS applications are cost effective since they do not require any maintenance at end user side.
- They are available on demand.
- They can be scaled up or down on demand.
- They are automatically upgraded and updated.
- SaaS offers share data model. Therefore, multiple users can share single instance of infrastructure. It is not required to hard code the functionality for individual users.
- All users are running same version of the software.
Using SaaS has proved to be beneficial in terms of scalability, efficiency, performance and much more. Some of the benefits are listed below:
- Modest Software Tools
- Efficient use of Software Licenses
- Centralized Management & Data
- Platform responsibilities managed by provider
- Multitenant solutions
MODEST SOFTWARE TOOLS
The SaaS application deployment requires a little or no client side software installation which results in the following benefits:
- No requirement for complex software packages at client side
- Little or no risk of configuration at client side
- Low distribution cost
EFFICIENT USE OF SOFTWARE LICENSES
The client can have single license for multiple computers running at different locations which reduces the licensing cost. Also, there is no requirement for license servers because the software runs in the provider’s infrastructure.
CENTRALIZED MANAGEMENT & DATA
The data stored by the cloud provider is centralized. However, the cloud providers may store data in a decentralized manner for sake of redundancy and reliability.
PLATFORM RESPONSIBILITIES MANAGED BY PROVIDERS
All platform responsibilities such as backups, system maintenance, security, hardware refresh, power management, etc., are performed by the cloud provider. The consumer need not to bother about them.
Multitenancy allows multiple users to share single instance of resources in virtual isolation. Consumers can customize their application without affecting the core functionality.
There are several issues associated with SaaS, some of them are listed below:
- Browser based risks
- Network dependence
- Lack of portability between SaaS clouds
BROWSER BASED RISKS
If the consumer visits malicious website and browser becomes infected, and the subsequent access to SaaS application might compromise the consumer’s data.
To avoid such risks, the consumer can use multiple browsers and dedicate a specific browser to access SaaS applications or can use virtual desktop while accessing the SaaS applications.
The SaaS application can be delivered only when network is continuously available. Also network should be reliable but the network reliability cannot be guaranteed either by cloud provider or the consumer.
LACK OF PORTABILITY BETWEEN SAAS CLOUDS
Transferring workloads from one SaaS cloud to another is not so easy because work flow, business logics, user interfaces, support scripts can be provider specific.
Open SaaS and SOA
Open SaaS uses SaaS applications that are developed using open source programming language. These SaaS applications can run on any open source operating system and database. Open SaaS has several benefits, some of these are listed below:
- No License Required
- Low Deployment Cost
- Less Vendor Lock-in
- More portable applications
- More Robust Solution
The following diagram shows the SaaS implementation based on SOA:
Cloud Computing Identity as a Service(IDaaS)
Employees in a company require to login into system to perform various tasks. These systems may be based on local server or cloud based. Following are the problems that an employee might face:
- Remembering different username and password combinations for accessing multiple servers.
- If an employee leaves the company, it’s required to ensure that each of the user’s account has been disabled. This increases workload on IT staff.
To solve above problems, a new technique emerged which is known as Identity as a Service (IDaaS).
IDaaS offers management of identity (information) as a digital entity. This identity can be used during electronic transactions.
Identity refers to set of attributes associated with something and make it recognizable. All objects may have same attributes, but their identity cannot be the same. This unique identity is assigned through unique identification attribute.
There are several identity services that have been deployed to validate services such as validating web sites, transactions, transaction participants, client, etc. Identity as a Service may include the following:
- Directory Services
- Federated Services
- Authentication Services
- Risk and Event monitoring
- Single sign-on services
- Identity and Profile management
Single Sign-On (SSO)
To solve the problem of using different username & password combination for different servers, companies now employ Single Sign-On software, which allows the user to login only one time and manages the user’s access to other systems.
SSO has single authentication server, managing multiple accesses to other systems, as shown in the following diagram:
There are several implementations of SSO. Here, we will discuss the common working of SSO:
Following steps explain the working of Single Sign-On software:
- User logs into the authentication server using a username and password.
- The authentication server returns the user’s ticket.
- User sends the ticket to intranet server.
- Intranet server sends the ticket to the authentication server.
- Authentication server sends the user’s security credentials for that server back to the intranet server.
If an employee leaves the company, then it just required to disable the user at the authentication server, which in turn disables the user’s access to all the systems.
Federated Identity Management (FIDM)
FIDM describes the technologies and protocols that enable a user to package security credentials across security domains. It uses Security Markup Language (SAML) to package a user’s security credentials as shown in the following diagram:
It offers users to login into multiple websites with single account. Google, Yahoo!, Flickr, MySpace, WordPress.com are some of the companies that support OpenID.
- Increased site conversation rates.
- Access to greater user profile content.
- Fewer problems with lost passwords.
- Ease of content integration into social networking sites.
Cloud Computing Network as a Service(NaaS)
Networks as a Service allows us to access to network infrastructure directly and securely. NaaS makes it possible to deploy custom routing protocols.
NaaS uses virtualized network infrastructure to provide network services to the consumer. It is the responsibility of NaaS provider to maintain and manage the network resources which decreases the workload from the consumer. Moreover, NaaS offers network as a utility.
NaaS is also based on pay-per-use model.
How NaaS is delivered?
To use NaaS model, the consumer is required to logon to the web portal, where he can get online API. Here, the consumer can customize the route.
In turn, consumer has to pay for the capacity used. It is also possible to turn off the capacity at any time.
Mobile NaaS offers more efficient and flexible control over mobile devices. It uses virtualization to simplify the architecture to create more efficient processes.
Following diagram shows the Mobile NaaS service elements:
NaaS offers a number of benefits, some of them are discussed below:
Each consumer is independent and can segregate the network.
Customers have to pay for high-capacity network only when needed.
There exists reliability treatments that can be applied for critical applications.
There exists data protection solution for highly sensitive applications.
EASE OF ADDING NEW SERVICE ELEMENTS
It is very easy to integrate new service elements to the network.
There exists more open support models, which help to reduce the operation cost.
ISOLATION OF CUSTOMER TRAFFIC
The customer traffic is logically isolated.