Hypervisors, Cloud security

 

 Research Paper Requirements:

  • Paper length: 2 pages
  • APA

Part 1: Hypervisors (1 page)

Select the case from chapter 8 and complete the written exercise.

Case 8-3 Hyper-V (Jamsa page 115)

Review case 8-3 and complete the exercise. Provide a minimum of 2 references to support your writing.

Part 2: Cloud Security (1 page)

Chapter 9 lists several common security threats to cloud-based environments. Analyze 3 types of cloud security threats and describe methods to mitigate the risks. Compare and contrast the difference between these security threats in a data center/on site versus from the cloud. Provide a minimum of 3 references to support.

World
Headquarters

Jones
&
Bartlett
Learning

5
Wall
Street

Burlington,
MA
01803

978-443-5000

info@jblearning.com

www.jblearning.com

Jones
&
Bartlett
Learning
books
and
products
are
avail-
able
through
most
bookstores
and
online
booksellers.
To
contact
Jones
&
Bartlett
Learning
directly,
call
800-832-
0034,
fax
978-443-8000,
or
visit
our
website,
www.jblearning.com.

Substantial
discounts
on
bulk
quantities
of
Jones
&
Bartlett
Learning
publications
are
available
to
corpora-
tions,
professional
associations,
and
other
qualified
orga-
nizations.
For
details
and
specific
discount
information,
contact
the
special
sales
department
at
Jones
&
Bartlett
Learning
via
the
above
contact
information
or
send
an
email
to
specialsales@jblearning.com.

Copyright
©
2013
by
Jones
&
Bartlett
Learning,
LLC,
an
Ascend
Learning
Company

All
rights
reserved.
No
part
of
the
material
protected
by
this
copyright
may
be
reproduced
or
utilized
in
any
form,
electronic
or
mechanical,
including
photocopying,
recording,
or
by
any
information
storage
and
retrieval
system,
without
written
permission
from
the
copyright
owner.
Microsoft,
HealthVault,
Windows
Live,
Bing,
Hotmail,
MSN,
and
SkyDrive
are
either
registered
trade-
marks
or
trademarks
of
Microsoft
Corporation
in
the
United
States
and/or
other
countries.
Additional
photo-
graphic
and
illustration
credits
appear
on
page
321
which
constitutes
a
continuation
of
the
copyright
page.

This
publication
is
designed
to
provide
accurate
and
au-
thoritative
information
in
regard
to
the
subject
matter
covered.
It
is
sold
with
the
understanding
that
the
pub-
lisher
is
not
engaged
in
rendering
legal,
accounting,
or

mailto:info@jblearning.com

http://www.jblearning.com/

http://www.jblearning.com/

mailto:specialsales@jblearning.com

other
professional
service.
If
legal
advice
or
other
expert
assistance
is
required,
the
service
of
a
competent
profes-
sional
person
should
be
sought.

Cloud
Computing
is
an
independent
publication
and
has
not
been
authorized,
sponsored,
or
otherwise
approved
by
the
owners
of
the
trademarks
or
service
marks
refer-
enced
in
this
product.

Production
Credits

Chief
Executive
Officer:
Ty
Field

President:
James
Homer

SVP,
Editor-in-Chief:
Michael
Johnson

SVP,
Chief
Technology
Officer:
Dean
Fossella

SVP,
Chief
Marketing
Officer:
Alison
M.
Pendergast

SVP,
Curriculum
Solutions:
Christopher
Will

VP,
Design
and
Production:
Anne
Spencer

Editorial
Management:
High
Stakes
Writing,
LLC,
Editor
and
Publisher:
Lawrence
J.
Goodrich

Copy
Editor,
HSW:
Ruth
Walker

Reprints
and
Special
Projects
Manager:
Susan
Schultz

Production
Editor:
Keith
Henry

Senior
Marketing
Manager:
Andrea
DeFronzo

VP,
Business
Development:
Todd
Giorza

Marketing
Manager:
Lindsay
White

VP,
Manufacturing
and
Inventory
Control:
Therese
Connell

Manufacturing
and
Inventory
Control
Supervisor:
Amy
Bacus

Composition:
Cenveo
Publisher
Services

Cover
Design:
Kristin
E.
Parker

Rights
&
Photo
Research
Manager:
Katherine
Crighton

Rights
&
Photo
Research
Assistant:
Lian
Bruno

Cover
Image:
©
majeczka/ShutterStock,
Inc.

Chapter
Opener
Image:
©
Risto
Viita/ShutterStock,
Inc.

Printing
and
Binding:
Edwards
Brothers
Malloy

Cover
Printing:
Edwards
Brothers
Malloy

Library
of
Congress
Cataloging­in­Publication
Data

Jamsa,
Kris
A.

Cloud
computing
/
Kris
Jamsa.—1st
ed.

   p.
cm.

Includes
index.

ISBN
978-1-4496-4739-1

1.
Cloud
computing.
I.
Title.

QA76.585.J36
2012

004.6782—dc23

2011051300

6048

Printed
in
the
United
States
of
America

16 15 14 13 12   10 9 8 7 6 5 4 3 2 1

To
Ashton,

May
all
your
clouds
have
a
silver
lining.

Brief
Contents

Preface

Chapter
1


Introducing
Cloud
Computing

Chapter
2


Software
as
a
Service
(SaaS)

Chapter
3


Platform
as
a
Service
(PaaS)

Chapter
4


Infrastructure
as
a
Service
(IaaS)

Chapter
5


Identity
as
a
Service
(IDaaS)

Chapter
6


Data
Storage
in
the
Cloud

Chapter
7


Collaboration
in
the
Cloud

Chapter
8


Virtualization

Chapter
9


Securing
the
Cloud

Chapter
10

Disaster
Recovery
and
Business
Con­
tinuity
and
the
Cloud

Chapter
11

Service­Oriented
Architecture

Chapter
12

Managing
the
Cloud

Chapter
13

Migrating
to
the
Cloud

Chapter
14

Mobile
Cloud
Computing

Chapter
15

Governing
the
Cloud

Chapter
16

Evaluating
the
Cloud’s
Business
Im­
pact
and
Economics

Chapter
17

Designing
Cloud­Based
Solutions

Chapter
18

Coding
Cloud­Based
Applications

Chapter
19

Application
Scalability

Chapter
20

The
Future
of
the
Cloud

Glossary
of
Key
Terms

Index

Credits

Contents

Preface

Chapter
1


Introducing
Cloud
Computing

Web
2.0
and
the
Cloud

Distinguishing
Cloud
Types

Cloud
Deployment
Models

Cloud
Service
Models

Exploring
Uses
of
the
Cloud

Introducing
Scalability

Introducing
Virtualization

Collecting
Processing
Power
Through
Grid
Computing

Chapter
Summary

Key
Terms

Chapter
Review

Chapter
2


Software
as
a
Service
(SaaS)

Getting
Started
with
SaaS

Understanding
the
Multitenant
Nature
of
SaaS
Solutions

Understanding
OpenSaaS
Solutions

Understanding
Mashups

Understanding
Service­Oriented
Architecture
(SOA)

Chapter
Summary

Key
Terms

Chapter
Review

Chapter
3


Platform
as
a
Service
(PaaS)

IT
Evolution
Leading
to
the
Cloud

Benefits
of
PaaS
Solutions

Disadvantages
of
PaaS
Solutions

Chapter
Summary

Key
Terms

Chapter
Review

Chapter
4


Infrastructure
as
a
Service
(IaaS)

Understanding
IaaS

Improving
Performance
Through
Load
Balancing

Taking
a
Closer
Look
at
Load
Balancing

System
and
Storage
Redundancy

Utilizing
Cloud­Based
NAS
Devices

Advantages
of
IaaS
Solutions

Server
Types
Within
an
IaaS
Solution

Chapter
Summary

Key
Terms

Chapter
Review

Chapter
5


Identity
as
a
Service
(IDaaS)

Understanding
Single
Sign­On
(SSO)

Understanding
How
SSO
Works

Understanding
Federated
Identity
Management

Understanding
Account
Provisioning

Understanding
OpenID

Mobile
ID
Management

Chapter
Summary

Key
Terms

Chapter
Review

Chapter
6


Data
Storage
in
the
Cloud

Examining
the
Evolution
of
Network
Storage

Understanding
Cloud­Based
Data
Storage

Advantages
and
Disadvantages
of
Cloud­Based
Data
Storage

Getting
Past
the
Fear
of
Cloud­Based
Data

Cloud­Based
Backup
Systems

Understanding
File
Systems

Industry­Specific
Cloud­Based
Data
Storage

Cloud­Based
Database
Solutions

Cloud­Based
Block
Storage

Chapter
Summary

Key
Terms

Chapter
Review

Chapter
7


Collaboration
in
the
Cloud

Collaborating
in
the
Clouds

Questions
to
Ask
About
Collaborative
Tools

Web­Based
Collaboration
Began
with
Web
Mail

Instant
Messaging
Isn’t
What
It
Used
to
Be

Cloud­Based
Phone
and
Fax
Systems

Revisiting
File
Sharing

Editing
Shared
Files
Within
the
Cloud

Collaborating
via
Web
Logs
(Blogs)

Collaborative
Meetings
in
the
Cloud

Virtual
Presentations
and
Lectures

Using
Social
Media
for
Collaboration

Using
Cloud­Based
Calendar
Management

Using
Streaming
Video
Content
to
Collaborate

Cloud­Based
TV
Content

Chapter
Summary

Key
Terms

Chapter
Review

Chapter
8


Virtualization

Understanding
Virtualization

The
History
of
Virtualization

Leveraging
Blade
Servers

Server
Virtualization

Desktop
Virtualization

Desktop
Solutions
on
Demand

Virtual
Networks

Data
Storage
Virtualization

Not
All
Applications
Are
Well
Suited
for
Virtualization

Why
Virtualize?

Chapter
Summary

Key
Terms

Chapter
Review

Chapter
9


Securing
the
Cloud

General
Security
Advantages
of
Cloud­Based
Solutions

Introducing
Business
Continuity
and
Disaster
Recovery

Understanding
Data
Storage
Wiping

Understanding
Distributed
Denial­of­Service
(DDoS)
Attacks

Packet
Sniffing

Man­in­the­Middle
Attack

Monitoring
Device
Screens

Malicious
Employees

Hypervisor
Attack

Guest­Hopping
Attack

SQL­Injection
Attack

Physical
Security

Chapter
Summary

Key
Terms

Chapter
Review

Chapter
10


Disaster
Recovery
and
Business
Continuity
and
the
Cloud

Understanding
the
Threats

Threat:
Disk
Failure

Threat:
Power
Failure
or
Disruption

Threat:
Computer
Viruses

Threat:
Fire

Threat:
Floods

Threat:
Disgruntled
Employees

Threat:
Lost
Equipment

Threat:
Desktop
Failure

Threat:
Server
Failure

Threat:
Network
Failure

Threat:
Database
System
Failure

Threat:
Phone
System
Failure

Understanding
Service­Level
Agreements

Measuring
Business
Impact:
The
Essence
of
Risk
Mitigation

Disaster
Recovery
Plan
Template

Chapter
Summary

Key
Terms

Chapter
Review

Chapter
11


Service­Oriented
Architecture

Understanding
Service­Oriented
Architecture

Web
Services
Are
Not
Web
Pages

Many
Companies
Provide
Web
Services

Discovering
Web
Services

Understanding
Web
Service
Performance

Web
Service
and
Reuse

Scaling
Web
Services

Web
Services
and
Loose
Coupling

Treating
a
Web
Service
as
a
Black
Box

Web
Service
Interoperability

Web
Service
Description
Language

Governing
Web
Services

Chapter
Summary

Key
Terms

Chapter
Review

Chapter
12


Managing
the
Cloud

Know
Your
Service­Level
Agreement

Ensure
and
Audit
System
Backups

Know
Your
System’s
Data
Flow

Beware
of
Vendor
Lock­In

Source­Code
Escrow

Determine
Technical
Support
and
Help
Desk
Procedures

Determine
Training
Procedures

Know
the
Provider’s
Security
Policies
and
Procedures

Define
the
Data
Privacy
Requirements

Know
Specifics
About
the
Economics
of
the
Cloud
and
Return
on
Investment

Monitor
Capacity
Planning
and
Scaling
Capabilities

Monitor
Audit­Log
Use

Solution
Testing
and
Validation

Chapter
Summary

Key
Terms

Chapter
Review

Chapter
13


Migrating
to
the
Cloud

Define
the
System
Goals
and
Requirements

Protect
Your
Existing
Data

Use
an
Experienced
Cloud
Consultant

Know
Your
Application’s
Current
Characteristics

Remember
Vendor
Lock­In

Define
Your
Training
Requirements

Establish
a
Realistic
Deployment
Schedule

Review
the
Budget
Factors

Identify
IT
Governance
Issues

Understanding
Cloud
Bursting

Chapter
Summary

Key
Terms

Chapter
Review

Chapter
14


Mobile
Cloud
Computing

The
Evolution
of
Mobile
Computing

Understanding
the
G
in
3G
and
4G

The
Mobile
Cloud
Ecosystem

Introducing
the
Mobile
Players

Pages,
Apps,
and
Widgets

Revisiting
the
Role
of
HTML

Mobile
Development
Considerations

Chapter
Summary

Key
Terms

Chapter
Review

Chapter
15


Governing
the
Cloud

Understanding
Corporate
Governance

Understanding
Business
Strategy

Measure
What
Is
Important

Inspect
What
You
Expect

Understanding
Internal
Controls

Extending
Governance
to
Information
Technology

Cloud
Computing
Governance

Chapter
Summary

Key
Terms

Chapter
Review

Chapter
16


Evaluating
the
Cloud’s
Business
Im­
pact
and
Economics

Business
Economics

Total
Cost
of
Ownership

Economies
of
Scale

Capital
Expenditures

Operational
Expenses

Return
on
Investment

Profit
Margins

Moore’s
Law
and
the
Cloud

Understanding
Right­Sizing

Defining
a
Large
Data
Center

Other
Economic
Key
Performance
Indicators

Marketing
the
Cloud

Chapter
Summary

Key
Terms

Chapter
Review

Chapter
17


Designing
Cloud­Based
Solutions

Revisit
the
System
Requirements

When
to
Select
a
Development
Environment

Design
Is
a
Give­and­Take
Process

Designing
for
Accessibility

Designing
for
Audit

Designing
for
Availability

Designing
for
Backup

Designing
for
Existing
and
Future
Capacity

Designing
for
Configuration
Management

Designing
for
Deployment

Designing
for
Disaster
Recovery

Designing
for
the
Environment
(Green
Computing)

Designing
for
Interoperability

Designing
for
Maintainability

Designing
for
Performance

Designing
for
Price

Designing
for
Privacy

Designing
for
Portability

Designing
for
Recovery

Designing
for
Reliability

Designing
for
Response
Time

Designing
for
Robustness

Designing
for
Security

Designing
for
Testability

Designing
for
Usability

Chapter
Summary

Key
Terms

Chapter
Review

Chapter
18


Coding
Cloud­Based
Applications

Creating
a
Mashup
Using
Yahoo!
Pipes

Creating
a
Simple
Yahoo!
Pipe

Using
Google
App
Engine

Creating
a
Hello,
World!
Application
with
Google
App
Engine

Downloading
the
Google
App
Engine
Software
Develop­
ment
Kit

Deploying
a
Simple
Google
App
Engine
Example

Creating
a
More
Advanced
Google
App
Engine
Application

Creating
a
Windows
Azure
“Hello,
World!”
Application

Chapter
Summary

Key
Terms

Chapter
Review

Chapter
19


Application
Scalability

Reviewing
the
Load­Balancing
Process

Designing
for
Scalability

Scaling
Up,
Scaling
Out,
or
Both

Minimize
Objects
on
Key
Pages

Selecting
Measurement
Points

Analyze
Your
Database
Operations

Evaluate
Your
System’s
Data
Logging
Requirements

Revisit
Your
Service­Level
Agreement

Capacity
Planning
Versus
Scalability

Scalability
and
Diminishing
Returns

Performance
Tuning

Complication
Is
the
Enemy
of
Scalability

Chapter
Summary

Key
Terms

Chapter
Review

Chapter
20


The
Future
of
the
Cloud

How
the
Cloud
Will
Change
Operating
Systems

Location­Aware
Applications

Intelligent
Fabrics,
Paints,
and
More

The
Future
of
Cloud
TV

Future
of
Cloud­Based
Smart
Devices

Cloud
and
Mobile

How
HTML5
Will
Drive
Mobile
Applications

Faster
Time
to
Market
for
Software
Applications

Home­Based
Cloud
Computing

Chapter
Summary

Key
Terms

Chapter
Review

Glossary
of
Key
Terms

Index

Credits

Preface

FOR
YEARS,
SOFTWARE
DEVELOPERS
and
net-
work
administrators
have
used
the
image
of
a
cloud
to
represent
the
myriad
of
communication
details
that
oc-
cur
as
messages
flow
across
the
Internet
from
one
com-
puter
network
to
another.
This
cloud
abstraction
has
now
exploded
to
include
processors,
both
physical
and
virtual,
data
storage,
software-as-a-service
solutions,
and
mobile
applications.
Today,
cloud-based
applications
and
new
capabilities
are
emerging
daily
and
bringing
with
them
lower
cost
of
entry,
pay-for-use
processor
and
data-storage
models,
greater
scalability,
improved
per-
formance,
ease
of
redundancy,
and
improved
business
continuity.
With
these
advantages
come
increased
secu-
rity
challenges
and
IT-governance
concerns.
This
book
examines
these
issues.
As
you
will
learn,
two
things
are
certain:
The
dynamic
nature
of
the
cloud
will
continue
and
we
have
only
just
begun
to
scratch
the
cloud’s
surface.

Chapter
1:
Introducing
Cloud
Computing
intro-
duces
the
abstract
nature
of
cloud
computing
and
the
factors
that
led
to
its
evolution.
The
chapter
examines
software
as
a
service
(SaaS),
platform
as
a
service
(PaaS),
and
infrastructure
as
a
service
(IaaS)
and
includes
real-
world
examples
of
each.
The
chapter
discusses
the
key
advantages
of
cloud
computing,
including
scalability,
re-
dundancy,
low
cost
of
entry,
and
virtualization.

Chapter
2:
Software
as
a
Service
(SaaS)
examines
browser-based
SaaS
solutions
and
their
advantages.
The
chapter
features
real-world
solutions
such
as
Sales-
Force.com
for
customer
relationship
management,
Taleo
for
human
resources
solutions,
ADT
for
SaaS-based
pay-
roll
processing,
and
many
others.

Chapter
3:
Platform
as
a
Service
(PaaS)
introduces
cloud-based
hardware
and
software
platforms
which
al-
low
companies,
large
and
small,
to
move
their
ap-
plications
to
the
cloud
quickly
and
cost
effectively.
The
chapter
examines
PaaS
providers
such
as
Amazon,
Google,
and
Microsoft.

Chapter
4:
Infrastructure
as
a
Service
(IaaS)
in-
troduces
the
concept
of
a
cloud-based
data
center
which
reduces
or
eliminates
a
company’s
need
for
a
large
in-
house
data
center.
Because
of
the
IaaS
provider’s

http://salesforce.com/

economies
of
scale,
it
can
reduce
a
company’s
cost
of
IT
operations
significantly.

Chapter
5:
Identity
as
a
Service
(IDaaS)
examines
cloud-based
identity-management
solutions
that
simplify
user
provisioning
and
resource
access.
With
more
solu-
tions
distributed
across
the
cloud,
IDaaS
facilitates
the
user’s
sign-on
process
across
solution
providers.

Chapter
6:
Data
Storage
in
the
Cloud
examines
the
integration
of
cloud-based
data
storage
and
the
evolution
of
network-based
storage,
which
led
to
its
creation.
The
chapter
presents
several
cloud-based
data
storage
solu-
tions
that
can
be
enabled
at
little
or
no
cost.
The
chapter
also
examines
several
low-cost
turnkey
based
backup
solutions.

Chapter
7:
Collaboration
in
the
Cloud
looks
at
cloud-based
technologies
that
allow
two
or
more
users
to
work
together
to
accomplish
a
task.
The
chapter
de-
scribes
the
evolution
of
collaboration
technologies
from
instant
messaging
to
virtual
meetings
to
shared
docu-
ments
that
support
simultaneous
editing
by
multiple
users.

Chapter
8:
Virtualization
introduces
hardware
and
software
used
to
create
the
perception
that
one
or
more
entities
exist,
when
they
may
not
actually
be
physically
present.
The
chapter
examines
solutions
for
virtual
servers,
virtual
desktops,
and
virtual
networks.

Chapter
9:
Securing
the
Cloud
examines
the
real-
world
security
issues
that
people
(even
some
sophisticat-
ed
IT
users)
are
uncomfortable
with
when
placing
their
personal
data,
or
their
company’s
data,
in
the
cloud.
The
chapter
examines
specific
security
threats
and
the
mea-
sures
that
should
be
taken
to
minimize
them.

Chapter
10:
Disaster
Recovery
and
Business
Con­
tinuity
and
the
Cloud
discusses
ways
that
the
cloud
and
its
redundant
resources
improve
a
company’s
ability
to
recover
and
continue
to
operate
after
a
disaster
or
se-
rious
event.
The
chapter
examines
common
threats
to
business
operations
and
some
cloud-computing
solu-
tions
that
can
mitigate
them.

Chapter
11:
Service­Oriented
Architecture
looks
at
how
the
availability
of
web-based
services
is
changing
how
developers
create
programs
and
the
speed
at
which
they
can
deploy
solutions.
The
chapter
examines
a
vari-

ety
of
real-world
web
services
that
are
available
to
pro-
grammers
for
integration
into
programs.

Chapter
12:
Managing
the
Cloud
examines
the
tasks
a
manager
must
perform
after
a
company
migrates
its
applications
to
the
cloud,
including
auditing
logs,
moni-
toring
system
performance,
and
identifying
bottlenecks
within
the
data
flow.

Chapter
13:
Migrating
to
the
Cloud
discusses
man-
agerial
considerations
to
be
evaluated
before
migrating
to
the
cloud,
such
as
avoiding
vendor
lock-in,
identifying
remote
data
backup
operations
and
security
considera-
tions,
preparing
a
budget,
and
integrating
developer
and
user
training.

Chapter
14:
Mobile
Cloud
Computing
evaluates
whether
mobile
computing
is
driving
the
growth
of
cloud
computing
or
vice
versa.
The
chapter
examines
the
“ecosystem”
that
is
mobile
computing
as
well
as
how
HTML5
will
change
computing
models.

Chapter
15:
Governing
the
Cloud
discusses
the
role
of
IT
governance
and
its
extensions
for
cloud-based
com-
puting.
The
chapter
examines
the
need
for
and
ways
to
implement
cloud-based
internal
controls.

Chapter
16:
Evaluating
the
Cloud’s
Business
Im­
pact
and
Economics
examines
how
the
cloud’s
econo-
my
of
scale
and
pay-for-use
model
will
accelerate
the
ability
for
companies,
large
and
small,
to
release
cloud-
based
solutions.
The
chapter
also
evaluates
the
cloud’s
impact
on
operational
and
capital
expenses.

Chapter
17:
Designing
Cloud­Based
Solutions
dis-
cusses
the
fact
that
developers
will
simply
pick
up
and
move
many
existing
applications
to
the
cloud.
In
the
fu-
ture,
however,
developers
should
design
cloud-based
so-
lutions
to
utilize
scalability
and
redundancy.
The
chapter
examines
many
common
design
considerations
and
ways
the
cloud
will
impact
them.

Chapter
18:
Coding
Cloud­Based
Applications
looks
at
two
PaaS
providers,
Google
Apps
and
Windows
Azure,
and
implements
cloud-based
applications
with
each.
Developers
will
learn
that
creating
and
deploying
cloud-based
applications
is
fast,
easy,
and
inexpensive.

Chapter
19:
Application
Scalability
examines
how
developers
can
scale
applications—vertically,
by
using

p pp y y g
faster
processors
or
more
powerful
servers
and
horizon-
tally,
by
supporting
the
ability
to
distribute
processing
better.
The
chapter
looks
at
design
considerations
to
be
evaluated
when
designing
applications
for
scalability.

Chapter
20:
The
Future
of
the
Cloud
examines
ways
the
cloud
will
extend
its
reach
into
cars,
televisions,
appliances,
and
even
our
clothes.
By
the
end
of
the
chap-
ter,
readers
will
realize
that
we
have
just
scratched
the
cloud’s
surface.

chapter
1

Introducing Cloud Computing
FOR
YEARS
DEVELOPERS
AND
network
adminis-
trators
have
represented
the
Internet
within
design
doc-
uments
as
a
cloud.
By
abstracting
the
Internet’s
tech-
nologies
and
underlying
protocols
as
simply
a
cloud,
as
shown
in
FIGURE
1­1,
the
developers
could
temporarily
ignore
the
communication
complexity
and
simply
as-
sume
that
messages
would
flow
successfully
from
one
In-
ternet-connected
network
to
another.

Learning
Objectives

This
chapter
introduces
cloud
computing.
By
the
time
you
finish
this
chapter,
you
will
be
able
to
do
the
following:

•   Understand
the
abstract
nature
of
cloud
computing.

•   Describe
evolutionary
factors
of
computing
that
led
to
the
cloud.

•   Describe
virtualization
at
both
the
desktop
and
the
server
level.

•   Describe
and
identify
common
cloud
types,
which
in-
clude
software
as
a
service,
platform
as
a
service,
and
in-
frastructure
as
a
service.

•   Know
how
businesses
and
individuals
use
the
cloud.

•   Describe
the
benefits
and
disadvantages
of
cloud
computing.

•   Understand
common
security
considerations
with
re-
spect
to
the
cloud.

•   Describe
ways
cloud
computing
can
improve
system
fault
tolerance.

•   Describe
Web
2.0
and
its
relationship
to
cloud
computing.

Today
the
term
cloud
computing
describes
the
ab-
straction
of
web-based
computers,
resources,
and
ser-
vices
that
system
developers
can
utilize
to
implement
complex
web-based
systems.
Often
these
cloud-based
re-
sources
are
viewed
as
virtual,
meaning
that
if
a
system
or
solution
needs
more
resources,
such
as
processors
or
disk
space,
the
resources
can
simply
be
added
on
de-
mand
and
usually
transparently
to
the
application
that
uses
them.
Through
their
virtual
nature,
cloud-based
so-
lutions
can
be
scaled
up
or
down
in
size,
and
the
compa-
nies
whose
solutions
reside
in
the
clouds
normally
pay
only
for
the
resources
they
consume.
Thus,
companies
that
once
relied
on
expensive
data
centers
to
house
their
processing
resources
can
now
shift
their
costs
and
main-
tenance
efforts
to
pay-as-you-go,
scalable,
cloud-based
alternatives.

FIGURE
1­1
For
years
developers
and
network
adminis-
trators
have
represented
the
Internet
as
a
cloud.

CASE
1-1
THE
APPLE
ICLOUD

Whether
one
is
a
PC
user
or
a
Mac
evangelist,
one
must
recognize
Apple’s
ability
to
introduce
technology
that
changes
industries
and
the
way
people
work
and
commu-
nicate.
Apple’s
first
entrée
into
the
cloud
was
the
iTunes
virtual
music
store.
Today
iTunes
offers
millions
of
songs
for
download
to
PCs
and
Macs,
as
well
as
iPods,
iPhones,
iPads,
and
other
handheld
devices.
More
than
just
music
on
a
web-based
storage
device,
iTunes
laid
a
foundation
for
scalable
e-commerce,
high-bandwidth
download
transactions,
and
user
device
independence.

Apple’s
iCloud
extends
the
company’s
existing
function-
ality
by
providing
users
with
a
cloud-based
storage
facili-
ty
for
their
phones,
music,
videos,
books,
and
other
doc-
uments.
Using
iCloud
as
a
centralized
virtual
storage
fa-

cility,
users
can
quickly
exchange
digital
content
among
their
various
devices.
In
fact,
users
can
customize
the
iCloud
settings
to
make
the
file
exchange
seamless
and
automatic.
In
other
words,
if
a
user
stores
a
digital
file
within
iCloud,
behind
the
scenes
iCloud
software
will
push
the
content
to
each
of
the
user’s
registered
devices,
as
shown
in
FIGURE
1­2.

FIGURE
1­2
Using
iCloud,
users
can
synchronize
their
content
to
a
variety
of
devices.

Exercise
What
industries
might
iCloud
disrupt?
What
business
services
do
you
anticipate
Apple
to
offer
in
or-
der
to
drive
revenue
through
the
iCloud?

Web
Resources
For
more
information
on
iCloud,
see
www.CloudBookContent.com/Chapter01/index.html.

Web
2.0
and
the
Cloud

For
years,
when
companies
wanted
to
place
content
on
the
web,
they
hired
web
developers,
who
created
the
un-
derlying
HTML
documents.
Through
this
process,
the
number
of
documents
on
the
web
exploded
to
billions
worldwide.
Web
2.0
is
a
term
used
to
describe
the
set
of
tools
and
websites
that
allow
users
to
publish
content
to
the
web
without
the
direct
use
of
HTML.
Behind
the
scenes,
the
tools
and
sites
build
the
HTML
documents
for
the
user
and
then
upload
the
documents
to
a
web
server.
TABLE
1­1
describes
the
common
Web
2.0
applications.

TABLE
1­1


COMMON
WEB
2.0
SITES
AND
APPLICATIONS

http://www.cloudbookcontent.com/Chapter01/index.html

FIGURE
1­3
Web
2.0
tools
make
it
easy
for
users
who
do
not
possess
web
development
skills
to
easily
publish
content
on
the
web.

As
shown
in
FIGURE
1­3,
with
Web
2.0
tools
and
sites,
users
essentially
publish
content
directly
to
the
cloud
for
access
by
other
users.

Distinguishing
Cloud
Types

Cloud-based
applications
provide
a
wide
range
of
solu-
tions
to
a
very
large
number
of
users.
To
help
us
analyze
and
describe
cloud-based
systems,
many
people
refer
to
a
cloud
solution
in
terms
of
its
deployment
model
and
services
model.
These
two
terms
originated
within
a
cloud
computing
document
from
the
National
Institute
of
Standards
and
Technology
(NIST),
as
shown
in
FIG­
URE
1­4.

Application/Site Purpose
Blog A
web
log
that
users
can
write
and
use
to

publish
content
directly
to
the
web.
Wiki A
software
program
that
allows
users
to

collaborate
on
shared
web-based
documents.
Twitter A
microblogging
service
that
allows
users
to

send
messages
of
up
to
140
characters
to
those
who
follow
the
users’
tweets.

Facebook A
social
networking
site
to
which
users
can
post
text,
photos,
and
video-based
content.

YouTube A
site
to
which
users
can
upload
video
content
for
sharing
with
others.

FIGURE
1­4
Users
refer
to
cloud
solutions
based
on
the
system’s
deployment
and
services
models.

CASE
1-2
THE
MICROSOFT
WINDOWS
AZURE
PLATFORM

When
web
developers
create
web
pages,
they
need
to
host
the
corresponding
HTML
files
on
a
web
server
be-
fore
other
users
can
access
the
content
from
across
the
web.
Developers
have
two
choices
when
it
comes
to
pub-
lishing
their
content.
First,
they
can
host
the
pages
on
their
own
web
server,
which
may
require
hardware
sup-
port
and
maintenance.
Second,
the
developers
can
host
the
files
at
a
server
that
resides
at
an
Internet
service
provider
(ISP),
which
allows
the
developer
to
focus
on
web
page
development
as
opposed
to
server
manage-
ment.
Today
developers
can
host
their
web
pages
at
an
ISP
for
a
few
dollars
per
month.

Windows
Azure
is
a
Microsoft
platform
that
develop-
ers
can
use
to
move
their
applications
to
the
cloud.
Un-
like
support
for
a
simple
HTML
page,
which
requires
only
the
presence
of
a
web
server,
Windows
Azure
pro-
vides
operating-system
support
for
.NET
applications
and
a
cloud-based
SQL
server
(SQL
Azure).
You
can
think
of
Windows
Azure
as
a
cloud-based
data
center
within
which
developers
can
house
their
applications.
The
Windows
Azure
platform,
in
turn,
maintains
servers,
operating
systems,
database
software,
and
other
support-
ing
applications.
As
a
developer’s
application
grows
in
terms
of
users,
processor
demands,
or
disk
storage,
the
Windows
Azure
environment
grows
to
meet
the
develop-
er’s
needs.
In
this
way,
the
Windows
Azure
platform
pro-
vides
the
following:

•

Scalability:
Windows
Azure
can
scale
up,
or
scale
down,
processor
and
storage
resources
on
demand.

•

Redundancy:
Windows
Azure
provides
server,
disk
storage,
and
network
redundancy.

•

Cost
benefits
from
resource
pooling:
Windows
Azure
shares
IT
resources
across
a
very
large
number
of
companies,
which
provides
cost
savings
to
each.

•

Outsourced
server
management:
Microsoft
pro-
vides
Windows
Azure
IT
staff
who
maintain
operating
systems
and
underlying
support
software.

•

Low
cost
of
entry:
To
release
a
cloud-based
solution,
companies
do
not
need
to
invest
in
their
own
IT
data
center.

Exercise
Discuss
the
pros
and
cons
of
hosting
an
appli-
cation
within
one’s
own
data
center
as
opposed
to
using
a
service
provider
such
as
Windows
Azure.

Web
Resources
For
more
information
on
Windows
Azure,
see
www.CloudBookContent.com/Chapter01/in-
dex.html.

Cloud
Deployment
Models

A
cloud
deployment
model
specifies
how
resources
with-
in
the
cloud
are
shared.
As
discussed
in
TABLE
1­2,
there
are
four
primary
cloud
deployment
models:
private
cloud,
public
cloud,
community
cloud,
and
hybrid
cloud.
Each
model
influences
the
corresponding
scala­
bility,
reliability,
security,
and
cost.

TABLE
1­2


CLOUD
DEPLOYMENT
MODELS

Deployment
Model Characteristics
Private
cloud Owned
by
a
specific
entity
and

normally
used
only
by
that
entity
or
one
of
its
customers.
The
underlying
technology
may
reside
on-
or
off-site.
A
private
cloud
offers
increased
security
at
a
greater
cost.

Public
cloud Available
for
use
by
the
general
public.
May
be
owned
by
a
large
organization
or
company
offering
cloud
services.
Because
of
its
openness,
the
cloud
may
be
less
secure.
A
public
cloud
is
usually
the
least
expensive
solution.

Community
cloud The
cloud
is
shared
by
two
or
more
organizations,
typically
with
shared
concerns
(such
as
schools
within
a
university).

Hybrid
cloud A
cloud
that
consists
of
two
or
more
private,
public,
or
community
clouds.

http://www.cloudbookcontent.com/Chapter01/index.html

Cloud
Service
Models

A
cloud
can
interact
with
a
client
(user
or
application)
in
a
variety
of
ways,
through
capabilities
called
services.
Across
the
web,
three
major
types,
or
models,
of
services
have
emerged,
which
are
defined
in
TABLE
1­3.

Examining
Software
as
a
Service
(SaaS)

The
software
as
a
service
(SaaS)
model
provides
a
cloud-based
foundation
for
software
on
demand.
In
gen-
eral,
an
SaaS
solution
is
web-delivered
content
that
users
access
via
a
web
browser.
The
software
can
reside
within
any
of
the
deployment-model
clouds.
FIGURE
1­5
illus-
trates
the
SaaS
model.

TABLE
1­3


COMMON
CLOUD
SERVICE
MODELS

FIGURE
1­5
The
SaaS
model
presents
a
cloud-based
application
with
a
user
interface
to
users
running
only
a
web
browser.

Cloud
Service
Model Characteristics
Software
as
a
service
(SaaS) A
complete
software
application

with
a
user
interface.
Platform
as
a
service
(PaaS) A
platform
within
which
developers

can
deploy
their
applications.
A
PaaS
solution
includes
hardware
(servers
and
disks),
operating
systems,
development
tools,
and
administrative
tools.

Infrastructure
as
a
service
(IaaS) Provides
machines,
storage,
and
network
resources
that
developers
can
manage
by
installing
their
own
operating
system,
applications,
and
support
resources.

The
advantages
of
SaaS
solutions
are
simplicity
of
inte-
gration
(users
need
only
a
browser),
cost
(the
data
center
resides
within
the
cloud),
and
scalability
(customers
can
add
user
licenses
or
seats
as
needed).
The
disadvantage
of
SaaS
solutions
is
the
perception
of
security
issues.
Users
who
are
new
to
the
cloud
may
not
feel
comfortable
storing
company
data
in
a
remote
data-storage
facility
(the
cloud).

Well-known
SaaS
solution
providers
include
Salesforce.-
com,
Google
Apps,
TurboTax,
and
QuickBooks.

Examining
Platform
as
a
Service
(PaaS)

The
platform
as
a
service
(PaaS)
model
provides
the
underlying
hardware
technology,
such
as
one
or
more
servers
(or
virtual
servers),
operating
systems,
database
solutions,
developer
tools,
and
network
support,
for
de-
velopers
to
deploy
their
own
solutions.
The
hardware
and
software
within
a
PaaS
solution
is
managed
by
the
platform
provider.
Developers
need
not
worry
about
per-
forming
hardware
or
operating
system
upgrades.
In-
stead,
developers
can
focus
on
their
own
applications.
FIGURE
1­6
illustrates
the
PaaS
model.
Well-known
PaaS
solution
providers
include
Windows
Azure
and
Google
App
Engine.

Examining
Infrastructure
as
a
Service
(Iaas)

The
infrastructure
as
a
service
(Iaas)
model
pro-
vides
a
virtual
data
center
within
the
cloud.
IaaS
provides
servers
(physical
and
virtualized),
cloud-based
data
stor-
age,
and
more.
Within
an
IaaS
solution,
developers
must
install
their
own
operating
system,
database
manage-
ment
software,
and
support
software.
Then
the
develop-
ers
(or
the
company’s
system
administrators)
must
man-
age
both
the
hardware
and
the
software.
FIGURE
1­7
il-
lustrates
the
IaaS
model.
The
Amazon
Elastic
Compute
Cloud
(Amazon
EC2)
is
an
IaaS
solution.

http://salesforce.com/

FIGURE
1­6
The
PaaS
model
provides
the
underlying
hardware
and
operating
system
a
developer
needs
to
launch
an
application.

FIGURE
1­7
The
IaaS
model
provides
the
underlying
hardware
(servers
and
storage).
Clients
must
install
and
then
manage
their
own
operating
system,
database
soft-
ware,
and
support
software.

CASE
1-3
AMAZON
WEB
SERVICES
(AWS)

If
you
ask
people
to
rank
order
the
top
e-commerce
com-
panies,
Amazon.com
will
make
the
top
of
most
lists.
Amazon
has
grown
from
selling
books
to
selling
a
virtu-
ally
endless
range
of
products.

As
Amazon
evolved
its
sales
plan,
the
company
recog-
nized
the
value
of
extending
its
product
base
(the
things
they
sell)
to
other
sites.
The
other
sites
(Amazon
affili-
ates),
in
turn,
could
offer
links
to
products,
the
sales
and
fulfillment
of
which
would
be
handled
by
Amazon,
in
a
revenue-sharing
model.
This
affiliate
program
was
one
of
the
first
cloud-based
sales
partnerships.

As
Amazon
continued
to
grow,
its
internal
developers
created
a
system
architecture
that
was
redundant,
scal-
able,
and
robust.
With
these
services
fully
operational,
Amazon
recognized
that
most
software
companies
would

http://amazon.com/

need
similar
capabilities.
To
meet
that
demand,
Amazon
released
Amazon
Web
Services
(AWS),
which
com-
panies
can
use
to
host
their
own
systems.
Today,
AWS
process
hundreds
of
thousands
of
web-based
requests
for
companies
every
second!

One
of
Amazon’s
primary
cloud
tools
is
the
Amazon
Elastic
Compute
Cloud
(Amazon
EC2),
which
lets
com-
panies
rent
cloud-based
services
for
their
applications.
Using
Amazon
EC2,
companies
can
pay
by
the
hour
for
the
processing
they
need
and
scale
processor
support
up
or
down
to
meet
user
demands.

To
complement
the
processing
power
of
Amazon
EC2,
Amazon
Simple
Storage
Service
(Amazon
S3)
provides
cloud-based
data-storage
facilities,
and
companies
pay
only
for
the
data
storage
they
consume.
Behind
the
scenes,
Amazon
provides
data
redundancy.

To
further
support
developers,
Amazon
offers
virtual-
network
support,
database
support,
and
e-commerce
capabilities.

Exercise
Assume
your
company
wants
to
use
Amazon
as
its
disk-backup
provider.
What
pros
and
cons
would
you
consider?
Discuss
how
you
might
leverage
Amazon
Web
Services
to
bring
an
e-commerce
site
online.

Web
Resources
For
more
information
on
Amazon
Web
Services,
see
www.CloudBookContent.com/Chap-
ter01/index.html.

Exploring
Uses
of
the
Cloud

The
cloud
is
now
host
to
a
wide
range
of
large-scale
and
small-scale
(custom)
applications.
The
number
and
type
of
applications
that
users
can
deploy
to
the
cloud
is
virtu-
ally
limitless.
Many
software
companies
are
now
moving
key
applications
from
expensive
internal
data
centers
to
cost-effective
and
resource-redundant
cloud
solutions.

As
a
user,
you
might
already
use
cloud-based
personal
productivity
software,
such
as
TurboTax,
bank-specific
bill-pay
software,
or
a
stock
tool
such
as
E*TRADE.
Or
you
may
leverage
a
cloud-based
collaboration
tool,
such
as
Google
Calendar
or
Google
Docs,
to
share
information
and
documents
with
other
users.
Or
you
may
store
files,
such
as
your
music,
photos,
or
videos,
on
cloud-based
data
storage.

http://www.cloudbookcontent.com/Chapter01/index.html

CASE
1-4
SALESFORCE.COM

One
of
the
first
companies
to
launch
a
large-scale
SaaS
solution
was
Salesforce.com.
The
company
recognized
that
as
much
as
three-fourths
of
a
salesperson’s
day
was
spent
on
nonsales
tasks
(calendar
management,
contract
management,
presentation
management,
and
contact
management).
Salesforce.com
recognized
that
regardless
of
the
items
a
company
sold,
the
selling
process
was
sim-
ilar
across
companies
and
even
industries.
Salesforce.-
com
automated
these
tasks
and
put
the
underlying
data
storage
in
the
cloud—the
sales
cloud.

In
a
similar
way,
Salesforce.com
has
recognized
that
af-
ter
the
sale,
customer
service
is
key.
As
a
result,
the
com-
pany
released
a
customer
service
cloud,
which
integrates
common
customer
service
operations.
The
software
manages
the
process
of
responding
to
customer
calls,
e-
mails,
Facebook
updates,
live
chats,
and
more.
After
cus-
tomer
cases
are
resolved,
managers
can
monitor
the
re-
sults
via
cloud-based
dashboards.

Exercise
Discuss
the
common
sales
and
customer
ser-
vice
tasks
supported
by
Salesforce.com.

Web
Resources
For
more
information
on
Salesforce.-
com,
see
www.CloudBookContent.com/Chapter01/in-
dex.html.

Introducing
Scalability

When
they
launch
a
new
website,
many
developers
have
visions
of
having
created
the
next
Google,
Amazon,
or
Facebook.
Unfortunately,
the
developers
have
no
way
of
knowing
what
the
actual
user
demand
will
be.
Should
the
site
become
widely
used,
it
may
require
additional
servers
or
disk-storage
capacity.

Scalability
defines
a
site
or
application’s
ability
to
use
ad-
ditional
resources
on
demand.
The
site
or
application
may
scale
up
to
utilize
additional
resources
when
the
sys-
tem
is
experiencing
high
user
demand
and
may
later
scale
down
its
resource
usage
when
the
user
demand
declines.

Applications
that
run
within
the
cloud
are
normally
high-
ly
scalable.
An
application
administrator
can
manually
add
or
remove
resources,
or
the
application
can
be
con-
figured
to
scale
automatically.
As
shown
in
FIGURE
1­8,

http://salesforce.com/

http://salesforce.com/

http://salesforce.com/

http://salesforce.com/

http://salesforce.com/

http://salesforce.com/

http://salesforce.com/

http://www.cloudbookcontent.com/Chapter01/index.html

applications
scale
through
the
use
of
additional
servers
(physical
or
virtual)
or
through
the
addition
of
disk-stor-
age
space.

Introducing
Virtualization

Chapter
8,
Virtualization,
examines
desktop
and
server
virtualization
in
detail.
For
now
think
of
virtualization
as
the
use
of
hardware
and/or
software
to
create
the
per-
ception
of
something.
For
example,
most
servers
have
a
CPU
that
is
capable
of
running
a
specific
operating
sys-
tem,
such
as
Windows
or
Linux.
Using
special
software,
the
server
can
be
made
to
appear
as
if
it
has
multiple
CPUs
running
the
same
or
different
operating
systems,
as
shown
in
FIGURE
1­9.

FIGURE
1­8
Sites
or
applications
can
scale
up
or
down
through
the
addition
or
removal
of
servers
or
disk-stor-
age
capacity.

FIGURE
1­9
Server
virtualization
makes
a
single
server
appear
as
multiple
independent
servers
running
the
same
or
different
operating
systems.

Behind
the
scenes,
the
server
CPU
switches
its
process-
ing
power
rapidly
among
the
various
operating
systems.

In
a
similar
way,
most
desktop
PCs
typically
run
one
op-
erating
system.
Again,
using
special
virtualization
soft-
ware,
a
desktop
PC,
as
shown
in
FIGURE
1­10,
can
be
made
to
appear
as
if
the
system
is
simultaneously
run-
ning
different
operating
systems.
Desktop
virtualization
provides
an
excellent
solution
for
developers,
application
testers,
and
help
desk
support
personnel
who
must
sup-
port
multiple
operating
systems.
Rather
than
having
multiple
desktop
systems
on
their
desk,
with
each
system
running
a
specific
operating
system,
the
user
can
instead
use
a
single
desktop
PC
with
multiple
(virtual)
operating
systems.

FIGURE
1­10
Desktop
virtualization
allows
a
PC
to
run
multiple
operating
systems
simultaneously.

CASE
1-3
GOOGLE
CLOUD-BASED
SOLUTIONS

Google
is
one
of
the
world’s
most
successful
web-based
businesses.
Through
its
high-performing
search
engine,
Google
leverages
high-margin
automated
advertising
so-
lutions.
Beyond
this,
Google
offers
a
variety
of
ap-
plications
that
leverage
the
cloud’s
ease
of
access
and
de-
vice
independence
to
a
wide
range
of
users.

To
start,
Gmail,
an
early
cloud-based
solution,
has
be-
come
one
of
the
most
widely
used
e-mail
services.
By
storing
user
e-mails
within
the
cloud,
Gmail
provides
ease
of
access
to
e-mail
from
any
computer
or
handheld
device,
at
any
time
and
from
any
place.

Google
Docs,
an
online
set
of
collaborative
document
editing
tools,
provides
many
of
the
common
capabilities
of
Microsoft
Office
tools,
such
as
Word,
Excel,
and
PowerPoint,
from
within
a
web
browser,
with
no
soft-
ware
to
install
and
no
cost!
Not
only
do
the
Google
Docs
tools
make
it
easy
for
developers
to
share
documents,
they
provide
a
preview
of
how
future
cloud-based
solu-
tions
will
allow
users
to
perform
their
daily
computing
tasks
without
the
need
for
a
computer
operating
system
such
as
Windows
or
Mac
OS.

As
you
might
expect,
Google
is
not
conceding
sole
cus-
tody
of
the
music
market
to
Apple.
Google
is
protective
of
its
web
domain
and
now
offers
services
users
can
access
for
common
cloud-based
solutions.

Exercise
Explain
how
Google
makes
money.
Describe
the
pros
and
cons
of
PCs
that
do
not
require
an
operating
system.

Web
Resources
For
more
information
on
Google
cloud-based
solutions,
see
www.CloudBookContent.com/Chapter01/index.html.

Collecting
Processing
Power
Through
Grid
Computing

Through
cloud
computing,
users
leverage
virtual
pro-
cessing
power
and
data
storage
via
Internet-based
com-
puting
resources
that
reside
in
the
cloud.
Through
CPU
(or
server)
farms
and
load
balancing,
cloud-based
ap-
plications
can
scale
on
the
fly
to
meet
user
demands.

Before
the
advent
of
the
cloud,
developers
sought
ways
to
leverage
the
potential
processing
power
of
networked
computers.
The
concept
of
grid
computing
is
based
on
the
fact
that
throughout
the
day
most
PCs
have
spiked
use.
This
means
that
when
a
user
is
active,
the
CPU
uti-
lization
may
grow
to
30
to
50
percent
of
the
processor’s
capacity.
When
the
user
is
not
active,
the
CPU
is
idle,
of-
ten
using
1
percent
or
less
of
its
processing
capabilities.

By
utilizing
the
fact
that
most
computers
are
connected
to
a
network,
the
grid-computing
architects
look
to
de-
sign
applications
that
could
hand
off
work
across
the
net-
work
to
idle
CPUs.
When
the
CPU
completes
its
task,
it
simply
returns
its
result.
Shown
in
FIGURE
1­11,
a
grid-
computing
application
is
well
suited
for
scientific
and
complex
mathematical
processing.

http://www.cloudbookcontent.com/Chapter01/index.html

FIGURE
1­11
Grid
computing
breaks
a
complex
task
into
smaller
pieces
that
are
distributed
to
CPUs
that
re-
side
within
the
network
(grid).

As
you
might
anticipate,
grid
computing
introduces
a
wide
range
of
security
issues.
The
applications
that
move
across
the
grid
must
bring
with
them
code
to
execute,
data,
and
other
state
information.
The
University
of
Cali-
fornia,
Berkeley,
is
one
of
the
leaders
in
grid
computing.
To
facilitate
computer
interaction
across
grids,
the
uni-
versity
developed
the
Berkeley
Open
Infrastructure
for
Network
Computing
(BOINC).
For
specifics,
visit
http://boinc.berkeley.edu.

A
FEW
GOOD
CLOUD-CONTENT
READS

Across
the
web—OK,
make
that
across
the
cloud—there
are
many
sites
that
provide
great
information
about
cloud
issues.
The
following
sections
describe
several
items
you
should

DISTRIBUTED
MANAGEMENT
TASK
FORCE
INC.
(DMTF)
CLOUD
MANAGEMENT

Distributed
Management
Task
Force
Inc.
(DMTF)
pro-
vides
information
technology
standards,
which
exist
to
simplify
computer
system
management
and
reduce
relat-
ed
costs.
Within
DMTF,
the
Cloud
Management
Work
Group
(CMWG)
and
the
Cloud
Auditing
Data
Federation
(CADF)
provide
standards
for
cloud
architecture,
envi-

http://boinc.berkeley.edu/

ronments,
and
interactions.
You
should
take
time,
for
ex-
ample,
to
visit
the
Cloud
Standards
Wiki,
shown
in
FIG­
URE
1­12.

FIGURE
1­12
The
Cloud
Standards
Wiki.

STORAGE
NETWORKING
INDUSTRY
ASSOCIA­
TION
(SNIA)

One
of
the
largest
uses
of
the
cloud
is
for
remote
data
storage,
perhaps
for
live
data,
music,
video,
or
even
back-
ups.
The
Storage
Networking
Industry
Association
(SNIA)
is
a
nonprofit
organization
that
provides
stan-
dards
and
solutions
on
matters
related
to
disk
storage.
As
you
might
expect,
SNIA
provides
content
on
cloud-
based
data
storage.
At
the
SNIA
website,
you
can
find
overviews,
podcasts,
and
standards
on
cloud-based
stor-
age
issues.
For
specifics,
visit
the
SNIA
cloud
site
at
www.snia.org/cloud.

OBJECT
MANAGEMENT
GROUP

The
Object
Management
Group
(OMG)
is
a
nonprofit
or-
ganization
that
provides
standards
for
a
wide
range
of
technology,
including
real-time
and
embedded
software,
analysis
and
design,
middleware,
and
more.
Within
the
OMG,
the
Cloud
Standards
Customer
Council
(CSCC)
is
currently
working
on
a
variety
of
cloud
computing
initia-
tives,
which
will
be
consolidated
into
a
user
guide.
For

http://www.snia.org/cloud

specifics
on
their
research
and
publications,
visit
the
CSCC
website.

CHAPTER
SUMMARY

The
concept
of
a
cloud
and
the
Internet
is
not
new.
For
years
developers
and
network
administrators
have
repre-
sented
the
Internet
as
a
cloud.
Using
the
cloud
abstrac-
tion,
developers
could
temporarily
ignore
the
underlying
communication
complexity
and
simply
assume
that
mes-
sages
would
flow
successfully
from
one
Internet-connect-
ed
network
to
another.

Cloud
computing
is
an
abstraction
of
web-based
comput-
ers,
resources,
and
services
that
system
developers
can
utilize
to
implement
complex
web-based
systems.
Devel-
opers
often
view
cloud-based
resources
as
virtual.
This
means
that
if
a
system
or
solution
need
more
resources,
such
as
servers
or
disk
space,
the
resources
can
simply
be
added
on
demand
and
usually
transparently
to
the
cloud-
based
application.
Cloud-based
solutions
can
normally
scale
up
or
down
in
size
based
on
user
demands.
Compa-
nies
whose
solutions
reside
in
the
cloud
normally
pay
only
for
the
resources
they
consume.
As
a
result,
compa-
nies
that
once
relied
on
expensive
data
centers
to
house
their
processing
resources
can
now
shift
their
costs
and
maintenance
efforts
to
pay-as-you-go,
scalable,
cloud-
based
alternatives.

KEY
TERMS

Amazon
Web
Services
(AWS)

Cloud
computing

Community
cloud

Grid
computing

Hybrid
cloud

iCloud

Infrastructure
as
a
service
(IaaS)

Platform
as
a
service
(PaaS)

Private
cloud

Public
cloud

Reliability

Robust

Scalability

Software
as
a
service
(SaaS)

Virtualization

Web
2.0

Windows
Azure

CHAPTER
REVIEW

1.
Define
and
discuss
cloud
computing.

2.
Discuss
how
cloud
computing
has
changed
how
com-
panies
budget
for
software
solutions.

3.
Compare
and
contrast
SaaS,
PaaS,
and
IaaS,
and
pro-
vide
an
example
of
each.

4.
Define
scalability
and
discuss
how
the
cloud
impacts
it.

5.
List
three
advantages
and
three
disadvantages
of
cloud
computing.

6.
Define
virtualization
and
discuss
how
the
cloud
im-
pacts
it.

7.
Describe
three
cloud-based
solutions
for
individuals
and
three
cloud-based
solutions
for
businesses.

8.
Discuss
how
Web
2.0
has
driven
the
growth
of
the
web.

9.
Compare
and
contrast
public,
private,
community,
and
hybrid
clouds.

chapter
2

Software as a Service (SaaS)
SOFTWARE
AS
A
SERVICE
(SaaS)
is
a
solution
mod-
el
in
which
users
use
a
web
browser
to
access
software
that
resides,
along
with
the
programs
and
user
data,
in
the
cloud.
Companies
that
use
SaaS
solutions
eliminate
the
need
for
in-house
(data-center-based)
applications,
administrative
support
for
the
applications,
and
data
storage.
Because
SaaS
solutions
reside
within
the
cloud,
the
solutions
can
easily
scale
to
meet
customer
needs.
Further,
most
companies
can
pay
for
the
SaaS
solutions
on
demand—meaning
that
the
companies
pay
only
for
the
resources
they
consume,
normally
on
a
per-user
ba-
sis.
SaaS
solutions
exist
for
a
wide
range
of
applications
and
provide
customers
with
a
cost-effective
way
to
get
started
and
an
affordable
long-term
solution.

Learning
Objectives

This
chapter
examines
SaaS
solutions
in
detail.
By
the
time
you
finish
this
chapter,
you
will
be
able
to
do
the
following:

•   Define
and
describe
SaaS.

•   List
the
advantages
and
disadvantages
of
SaaS
solutions.

•   Define
and
describe
OpenSaaS.

•   Define
and
describe
mashups.

•   Discuss
the
wide
range
of
SaaS
solutions
and
their
providers.

Getting
Started
with
SaaS

SaaS
solutions
offer
the
following
advantages:

•  They
reduce
or
eliminate
the
need
for
an
on-site
data
center

•  They
eliminate
the
need
for
application
administration

•  They
allow
customers
to
pay
on
demand
for
software
use,
normally
on
a
per-user
basis

•  They
offer
application,
processor,
and
data
storage
scalability

•  They
offer
device-independent
access
to
key
applications

•  They
increase
disaster
recovery
and
business
continuity

The
biggest
concern,
or
potential
disadvantage,
is
that
the
data,
like
the
applications,
reside
in
the
cloud.
Many
companies
are
concerned
about
letting
go
of
their
data.
Also,
because
the
company
does
not
own
the
solution,
it
can
be
challenging
or
expensive
to
customize
the
application.

CASE
2-1
SALESFORCE.COM
SAAS
FOR
CUSTOMER
RELATIONSHIP
MANAGEMENT
(CRM)

Salesforce.com
was
one
of
the
first
companies
to
unlock
the
power
of
cloud-based
SaaS.
The
site
delivers
cloud-
based
customer
relationship
management
(CRM)
solutions,
which
let
companies
accomplish
the
following:

•  Manage
sales
contacts
and
leads

•  Centralize
contact
information,
presentations,
and
project
details

•  Access
sales
information
and
reports
from
anyplace,
at
any
time,
with
any
device

•  Manage
project
quotes
and
project
work
flow

•  Sync
sales
contacts
and
meetings
with
existing
tools,
such
as
Microsoft
Outlook

Salesforce.com
offers
a
variety
of
solutions
that
support
not
only
the
small
business,
but
also
the
large
enterprise.

Exercise
Salesforce.com
was
one
of
the
companies
to
leverage
the
power
of
the
cloud.
Discuss
the
features
Salesforce.com
provides
that
are
well
suited
for
compa-
nies
large
and
small.

http://salesforce.com/

http://salesforce.com/

http://salesforce.com/

http://salesforce.com/

http://salesforce.com/

Web
Resource
For
more
information
on
Salesforce.-
com,
see
www.CloudBookContent.com/Chapter02/in-
dex.html.

Understanding
the
Multitenant
Nature
of
SaaS
Solutions

SaaS
applications
are
often
multitenant
solutions;
that
is,
within
the
cloud,
two
or
more
companies
may
share
the
same
server
resources,
as
shown
in
FIGURE
2­
1.
Depending
on
their
size
and
fees,
customers
may
also
share
database
resources.
Further,
depending
on
the
SaaS
provider,
customizing
a
multitenant
solution
may
be
difficult,
expensive,
or
impossible.

FIGURE
2­1
Many
SaaS
solutions
are
multitenant,
which
means
that
behind
the
scenes
customers
may
share
computing
resources.

CASE
2-2
TALEO
SAAS
FOR
HUMAN
RESOURCES
MANAGEMENT

To
achieve
wide-scale
use,
an
SaaS
solution
must
have
large
market
potential.
Every
business
must
recruit,
hire,
train,
and
compensate
employees.
The
Taleo
cloud-based
talent
management
system
provides
applications
and
services
to
meet
company
human
resources
demands.
Specifically,
Taleo
SaaS
solutions
provide
the
following:

•  Recruitment
tools
companies
can
use
to
attract,
hire,
and
integrate
talented
individuals
into
the
company
culture

•  Performance-management
tools
companies
can
use
to
evaluate
employees
and
plan
their
growth
and
eventual

http://salesforce.com/

http://www.cloudbookcontent.com/Chapter02/index.html

replacement

•  Compensation
tools
appropriate
for
companies
with
a
global
workforce

•  Workforce
training
and
professional
development
tools
companies
can
use
to
educate
and
train
employees

Exercise
For
an
SaaS
solution
to
be
successful,
the
solu-
tion
must
be
disruptive.
Discuss
whether
or
not
you
con-
sider
the
Taleo
cloud-based
solutions
disruptive.

Web
Resource
For
more
information
on
Taleo
cloud-
based
human
resources
solutions,
see
www.CloudBook-
Content.com/Chapter02/index.html.

Understanding
OpenSaaS
Solutions

The
application
programs
that
run
as
SaaS
solutions
in
the
cloud
were
developed
using
a
specific
programming
language
and
were
designed
to
run
on
a
specific
operat-
ing
system
using
a
specific
database
management
sys-
tem.
An
OpenSaaS
solution
is
an
SaaS
application
creat-
ed
using
an
open
source
programming
language
and
de-
signed
to
run
on
an
open
source
operating
system
and
database.

Many
customers
believe
that
if
a
solution
is
open
source,
it
will
be
easier
for
them
to
move
the
data
to
a
different
application
in
the
future
if
the
current
solution
fails
to
meet
their
needs.
Because
customers
do
not
own
the
SaaS
software,
they
will
not
be
able
to
move
the
applica-
tion
itself.

Customers
that
are
concerned
about
moving
their
data
in
the
future
should
consider
an
OpenSaaS
provider.
That
said,
most
SaaS
solutions,
open
source
or
not,
provide
a
way
for
customers
to
export
their
data
if
the
need
arises.

CASE
2-3
ADP
SAAS
FOR
PAYROLL
PROCESSING
AND
HUMAN
RESOURCES
MANAGEMENT

One
of
the
first
companies
to
leverage
the
power
of
the
cloud
was
ADP—a
payroll
processing
company.
Reaching
far
beyond
payroll
today,
ADP
offers
cloud-based
solu-
tions
for
time
management,
employee
benefits
process-
ing,
workers
compensation,
human
resources
issues,
and
more.
Further,
ADP
has
extended
many
of
its
services
to

http://www.cloudbookcontent.com/Chapter02/index.html

mobile
users,
allowing
payroll
processing
to
occur
any
time,
from
any
place.

Exercise
Discuss
the
market
potential
for
ADP
products
beyond
payroll
processing.

Web
Resource
For
more
information
on
ADP
cloud
so-
lutions,
see
www.CloudBookContent.com/Chapter02/in-
dex.html.

 

CASE
2-4
WEBEX
SAAS
FOR
VIRTUAL
MEETINGS

To
gain
market
share,
an
SaaS
solution
must
be
disrup-
tive;
it
must
change
its
industry.
The
WebEx
solution
not
only
changes
how
and
when
people
meet,
it
disrupts
the
travel
industry
by
reducing
business
trips,
hotel
stays,
and
business
meals.
Millions
of
users
rely
on
WebEx
to
provide
a
virtual
yet
face-to-face
meeting
platform.
A
side
effect
of
less
travel
is
the
greening
of
business,
which
means
it
has
less
impact
on
the
environment.
In
fact,
as
shown
in
FIGURE
2­2,
WebEx
provides
an
online
calcu-
lator
that
shows
the
dollars
saved
and
the
carbon
foot-
print
reduced
through
WebEx-based
meetings,
as
op-
posed
to
corporate
travel.

Beyond
holding
online
meetings,
companies
use
WebEx
for
the
following:

•  Training
webinars
for
hundreds
or
thousands
of
atten-
dees,
within
the
company
and
beyond

•  Press
conferences

•  Product
sales
demonstrations

•  Remote
technical
support

•  And
more

FIGURE
2­3
shows
a
WebEx
presentation
on
cloud
computing.

Exercise
Assume
that
your
company
must
invite
500
employees
into
the
corporate
office
from
states
across
the
country
(an
average
airline
ticket
cost
of
$350).
Us-
ing
the
WebEx
calculator,
determine
the
potential
com-
pany
savings
by
hosting
the
meeting
online.

http://www.cloudbookcontent.com/Chapter02/index.html

Web
Resource
For
more
information
on
WebEx,
see
www.CloudBookContent.com/Chapter02/index.html.

FIGURE
2­2
Calculation
of
cost
savings
and
carbon
footprint
reduction
resulting
from
WebEx
meetings.
Courtesy
of
Cisco
Systems,
Inc.
Unauthorized
use
not
permitted.
www.webex.com/overview/environmen­
t.html.
(6/1/11).

FIGURE
2­3
WebEx
leverages
the
cloud
for
face-to-face
virtual
meetings
and
presentations.
Courtesy
of
Cisco
Systems,
Inc.
Unauthorized
use
not
permitted.
http://theheadoftheclass.webex.com.
(6/1/11).

 

CASE
2-5
CARBONITE
SAAS
FOR
FILE
BACKUPS

Businesses
often
rely
on
a
process
known
as
cloud-based
colocation
to
duplicate
their
company
resources
at
a
re-
mote
site.
If
fire,
theft,
or
some
other
disaster
occurs,
the
business
significantly
reduces
its
risk
of
data
loss.

http://www.cloudbookcontent.com/Chapter02/index.html

http://www.webex.com/overview/environment.html

http://theheadoftheclass.webex.com/

Most
user-based
computer
books
tell
users
that
they,
too,
should
perform
regular
disk
and
file
backup
operations.
However,
because
the
process
is
generally
too
time
con-
suming,
most
users
fail
to
back
up
their
files
on
a
regular
basis.
Worse
yet,
users
who
do
perform
backups
often
store
the
copies
within
the
same
facility
(home
or
office)
as
their
computer.
The
backups
are
at
risk
to
many
of
the
same
factors
that
threaten
the
original
data.

To
provide
users
and
companies
with
a
backup
solution,
many
SaaS
providers
have
emerged
to
back
up
user
data
files
to
redundant
storage
facilities
that
reside
within
the
cloud,
as
shown
in
FIGURE
2­4.

The
SaaS
cloud-based
backup
systems
provide
reliable
and
secure
storage.
Users
simply
select
the
files
or
fold-
ers
they
want
to
back
up
and
then
schedule
when
and
how
often
they
want
the
backups
to
occur.
The
actual
backup
operations
then
happen
behind
the
scenes,
automatically.

FIGURE
2­5
shows
a
screen
for
a
Carbonite-based
backup
operation
occurring
as
a
background
process
while
the
user
performs
other
tasks.

Exercise
Assume
your
company
has
1,000
employees.
Calculate
the
potential
cost
to
integrate
cloud-based
backup
operations
through
Carbonite.
Do
you
have
an
alternative
backup
solution?

Web
Resource
For
more
information
on
Carbonite
cloud-based
backups,
see
www.CloudBookContent.com/Chapter02/index.html.

FIGURE
2­4
Cloud-based
SaaS
backup
providers
store
secure
copies
of
user
and
company
files
at
data
storage
facilities
that
reside
in
the
cloud.

http://www.cloudbookcontent.com/Chapter02/index.html

FIGURE
2­5
The
Carbonite
software
running
as
a
back-
ground
task
to
back
up
files
to
the
cloud.

FIGURE
2­6
A
mashup
is
a
collection
of
services
joined
to
create
an
overall
solution.

Understanding
Mashups

Many
companies
need
a
variety
of
SaaS
solutions.
De-
pending
on
the
various
solution
providers,
the
company
may
create
a
mashup,
a
collection
of
services
joined
to
create
an
overall
solution.
FIGURE
2­6
illustrates
the
concept
of
a
solution
mashup.

Developers
categorize
mashups
as
web-based
or
server-
based.
In
a
web-based
mashup,
the
user’s
browser
(per-
haps
via
JavaScript)
combines
the
various
content
sources
to
create
a
unified
display.
In
server-based
mashups,
an
application
running
on
a
server
combines
the
data.

Not
surprisingly,
the
open
philosophy
has
reached
mashups.
In
fact,
organizations
are
working
on
the
En-
terprise
Markup
Mashup
Language
(EMML)
to
simplify
the
design
and
implementation
of
mashup
solutions
while
increasing
their
portability.
For
more
information,
visit
www.openmashup.org.

CASE
2-6
ONLINE
SCHOOL
SAAS
SOLUTIONS

Online
education
has
remained
one
of
the
fastest
grow-
ing
segments
within
education
markets.
Millions
of
learners
now
take
courses
online.
Using
cloud-based
learning
management
systems,
universities
offer
courses
in
both
synchronous
(learners
meet
at
a
specific
day
and
time)
and
asynchronous
(learners
make
their
own
sched-
ule)
formats.
By
leveraging
cloud-based
systems,
schools
can
reduce
their
IT
resources
and
staffing
costs,
essen-
tially
paying
for
learning
services
on
demand.

Exercise
Using
the
web,
search
for
demographic
infor-
mation
on
the
size
of
the
online
learning
environment.
Discuss
how
you
expect
this
market
to
evolve
over
the
next
10
years.

Web
Resource
For
more
information
on
cloud-based
online
learning,
see
www.CloudBookContent.com/Chap-
ter02/index.html.

 

CASE
2-7
MICROSOFT
OFFICE
365
SAAS
FOR
DOCU-
MENT
CREATION,
EDITING,
AND
SHARING

For
as
long
as
most
of
us
can
remember,
computer
users
have
made
extensive
use
of
the
Microsoft
Office
suite:
Word,
PowerPoint,
Excel,
Outlook,
and
more.
Tradition-
ally
users
have
had
to
purchase
and
install
Office,
a
rela-
tively
expensive
investment.
Then
users
have
had
to
keep
installing
updates
to
the
software
as
they
became
avail-
able
from
Microsoft.
Businesses,
in
turn,
would
normally
license
Office
for
each
of
their
employees.

Over
the
past
few
years,
to
reduce
costs
many
users
be-
gan
to
use
products
such
as
Open-Office
(LibreOffice),
an
open
source,
free,
Office-compatible
solution.
Recently
users
have
found
Google
Docs,
which
can
be
used
from
any
computer—a
compelling
tool.

http://www.openmashup.org/

http://www.cloudbookcontent.com/Chapter02/index.html

To
meet
user
demands
and
to
match
competitor
offer-
ings,
Microsoft
released
Office
365,
a
pay-by-the-month
subscription
to
the
Office
applications,
which,
as
shown
in
FIGURE
2­7,
resides
in
the
cloud.

Using
Office
365,
users
can
access
and
edit
their
docu-
ments
from
any
computer,
as
well
as
many
handheld
de-
vices.
If
needed,
users
can
save
their
documents
to
local
devices.
FIGURE
2.8,
for
example,
shows
a
PowerPoint
document
in
Office
365.

Further,
because
the
Office
365
documents
are
cloud
based,
users
and
teams
can
easily
collaborate
and
share
documents.

Exercise
Assume
your
company
has
1,000
employees
who
need
access
to
the
Microsoft
Office
suite
of
prod-
ucts.
Analyze
the
potential
cost
savings
of
using
Mi-
crosoft
Office
365
over
purchasing
seat
licenses
for
each
user.

Web
Resource
For
more
information
on
Microsoft
Of-
fice
365,
see
www.CloudBookContent.com/Chapter02/index.html.

FIGURE
2­7
Office
365
provides
cloud-based
subscrip-
tion
access
to
the
Office
suite
of
applications.

http://www.cloudbookcontent.com/Chapter02/index.html

FIGURE
2­8
Users
can
access
cloud-based
Office
365
documents
from
any
PC
as
well
as
many
handheld
devices.

Understanding
Service-Oriented
Architecture
(SOA)

Most
SaaS
solutions
provide
complete
solutions,
mean-
ing
an
application
that
can
be
used
within
a
web
browser.
For
example,
Salesforce.com
provides
a
web
application
for
customer
relationship
management,
TurboTax
pro-
vides
a
web
application
for
filing
taxes,
and
QuickBooks
provides
a
web
application
for
business
accounting.
Be-
yond
providing
a
complete
application
with
a
user
inter-
face,
many
solution
providers
offer
specific
services
that
developers
can
access
across
the
web
from
within
pro-
grams
they
create.
Developers
refer
to
these
services
as
web
services.
A
developer
might,
for
example,
use
web
services
to
do
the
following:

•  Query
the
price
of
a
stock

•  Check
a
warehouse
for
current
product
inventory
levels

•  Get
real-time
road
or
weather
conditions

•  Check
airline
flight
departure
or
arrival
information

•  Purchase
a
product
or
service

•  Perform
credit
card
processing

http://salesforce.com/

FIGURE
2­9
Web
services
are
solutions
that
programs
can
call
across
the
web
to
perform
specific
tasks.

As
shown
in
FIGURE
2­9,
an
SaaS
application
interacts
with
a
user,
whereas
a
web
service
interacts
with
a
program.

Service­oriented
architecture
(SOA)
is
an
applica-
tion
development
methodology
with
which
developers
create
solutions
by
integrating
one
or
more
web
services.
Think
of
a
web
service
as
a
function
or
subroutine
a
pro-
gram
can
call
to
accomplish
a
specific
task.
As
shown
in
FIGURE
2­10,
when
a
program
running
on
91
one
com-
puter
calls
a
web
service,
a
message,
possibly
containing
parameter
values,
is
sent
across
the
network
(or
Inter-
net)
to
the
computer
housing
the
web
service.
That
com-
puter,
in
turn,
performs
its
processing
and
normally
re-
turns
a
result
to
the
caller.

Some
developers
refer
to
web
services
as
remote-proce-
dure
calls.
Further,
developers
refer
to
a
set
of
web
ser-
vices
as
an
application
program
interface
(API).
Amazon
and
eBay,
for
example,
provide
APIs
that
pro-
grammers
can
use
to
purchase
products
from
across
the
web
using
the
programs
they
create.
To
gain
a
better
un-
derstanding
of
the
processing
that
web
services
can
per-
form,
visit
the
XMethods
website
shown
in
FIGURE
2­11.
XMethods
provides
a
variety
of
web
services
that
per-
form
a
wide
range
of
tasks.

FIGURE
2­10
To
call
a
web
service,
a
program
typically
sends
a
message
to
the
web
service
that
resides
on
a
re-
mote
computer
and
then
waits
for
the
web
service
to
re-
turn
a
result.

FIGURE
2­11
The
XMethods
website
at
www.xmethod-
s.com
provides
web
services
that
perform
a
wide
range
of
tasks.

 

CASE
2-8
FACEBOOK:
AN
SAAS
MEDIA
SITE?

If
you
ask
10
cloud
experts
if
Facebook
is
an
SaaS
social
media
site,
you
will
likely
get
10
“maybe”
answers.
Face-
book
definitely
has
a
variety
of
SaaS
characteristics:

•  Ability
to
scale
with
respect
to
processor
demands
and
data
storage
needs

http://www.xmethods.com/

•  No
user
software
to
purchase
or
install

•  Redundant
server
hardware
and
data
storage

•  Accessibility
through
a
myriad
of
devices

Exercise
Justify
whether
Facebook
is
an
SaaS
solution.

Web
Resource
For
more
information
on
Facebook
as
an
SaaS
provider,
see
www.CloudBookContent.com/Chapter02/index.html.

 

CASE
2-9
IS
GOOGLE+
A
BETTER,
OR
JUST
ANOTH-
ER,
SOCIAL
NETWORK?

Google+
is
a
new
social
networking
site
that
lets
users
define
and
manage
various
groups
of
people
and
how
they
interact
with
them.
With
Google+,
users
can
define
various
circles,
which
might
include
people
from
work,
good
friends,
and
family,
as
well
as
casual
acquaintances.
Using
such
circle
definitions,
users
can
better
control
the
posts
they
allow
others
to
view.

FIGURE
2­12
Shows
the
Google+
home
page.

Exercise
Compare
and
contrast
the
Google+
features
with
those
of
other
social
networks,
such
as
Facebook.

Web
Resource
For
more
information
on
Google+,
see
www.CloudBookContent.com/Chapter02/index.html.

http://www.cloudbookcontent.com/Chapter02/index.html

http://www.cloudbookcontent.com/Chapter02/index.html

FIGURE
2­12
Google+
is
a
social
network
that
resides
in
the
cloud.

CHAPTER
SUMMARY

SaaS
provides
a
solution
model
that
allows
users
to
use
a
web
browser
to
access
software
that
resides
in
the
cloud.
SaaS
solutions
allow
companies
to
eliminate
or
reduce
their
need
for
on-site,
data-center-based
applications.
By
eliminating
in-house
applications,
companies
can
also
reduce
administrative
support
for
the
applications,
as
well
as
data
storage.
SaaS
solutions
reside
within
the
cloud,
which
lets
the
solutions
easily
scale
processors
or
disk
storage
to
meet
customer
needs.
Companies
nor-
mally
pay
for
SaaS
solutions
on
demand
for
the
resources
they
consume,
usually
on
a
per-user
basis.
SaaS
solutions
exist
for
a
wide
range
of
applications.
Using
SaaS
solu-
tions,
customers
have
a
cost-effective
way
to
get
started
and
an
affordable,
long-term
solution
to
their
data
stor-
age
needs.
Finally,
this
chapter
examined
web
services,
which
are
cloud-based
services
that
developers
can
call
from
within
the
programs
they
create
to
accomplish
spe-
cific
tasks.
Many
SaaS
solution
providers
offer
their
ser-
vices
directly
to
users
via
SaaS
applications
and
to
devel-
oper-created
programs
using
web
services.

KEY
TERMS

Application
program
interface
(API)

Customer
relationship
management
(CRM)

Mashup

Multitenant
solution

Service­oriented
architecture
(SOA)

Web
services

CHAPTER
REVIEW

1.
Define
and
describe
SaaS.

2.
Search
the
web
and
list
an
SaaS
provider
for
each
of
the
following
industries:

•
Sales
and
customer
relationship
management

•
Accounting

•
Income
tax
filing

•
Web-based
meetings

•
Human
resources

•
Payroll
processing

•
Backup
automation

•
Office
document
creation

•
Social
networking

3.
Define
and
describe
mashups.

4.
List
the
advantages
and
disadvantages
of
SaaS
solutions.

5.
Describe
the
role
of
OpenSaaS.

6.
Compare
and
contrast
a
web
service
and
an
SaaS
solution.

7.
Define
and
describe
SOA.

chapter
3

Platform as a Service (PaaS)
PLATFORM
AS
A
SERVICE
(Paas)
solutions
pro-
vide
a
collection
of
hardware
and
software
resources
that
developers
can
use
to
build
and
deploy
applications
with-
in
the
cloud.
Depending
on
their
needs,
developers
may
use
a
Windows-based
PaaS
solution
or
a
Linux-based
PaaS.

Using
PaaS,
developers
eliminate
the
need
to
buy
and
maintain
hardware,
as
well
as
the
need
to
install
and
manage
operating
system
and
database
software.
Be-
cause
the
computing
resources
no
longer
reside
in
the
data
center,
but
rather
in
the
cloud,
the
resources
can
scale
up
or
down
based
on
application
demand,
and
the
company
can
pay
for
only
those
resources
it
consumes.
Further,
because
PaaS
eliminates
the
developers’
need
to
worry
about
servers,
they
can
more
quickly
deploy
their
web-based
solutions.

Learning
Objectives

This
chapter
examines
the
PaaS
model
in
detail.
By
the
time
you
finish
this
chapter,
you
will
be
able
to
do
the
following:

•   Define
and
describe
the
PaaS
model.

•   Describe
the
advantages
and
disadvantages
of
PaaS
solutions.

•   List
and
describe
several
real-world
PaaS
solutions.

•   List
and
describe
cloud-based
database
solutions
and
describe
their
advantages.

•   Discuss
the
development
history
that
led
to
PaaS.

 

CASE
3-1
GOOGLE
APP
ENGINE
AS
A
PAAS

Google
App
Engine,
sometimes
called
GAE,
is
a
PaaS
so-
lution
that
lets
developers
create
and
host
web-based
ap-

plications
that
reside
and
run
on
services
managed
by
Google,
as
shown
in
FIGURE
3­1.

Like
many
Google
services
and
offerings,
Google
App
En-
gine
is
a
free
service
(until
applications
reach
a
large
size
and
consume
significant
bandwidth).
Google
estimates
that
most
developers
can
use
Google
App
Engine
free
of
charge.
Once
they
have
5
million
hits
per
month
the
de-
velopers
must
then
pay,
but
only
for
the
resources
they
use.

Currently,
Google
App
Engine
provides
platform
support
for
a
variety
of
programming
languages,
the
three
most
common
of
which
are
Java,
Python,
and
Go.
The
primary
Google
App
Engine
features
include
the
following:

•  Support
for
dynamic
web
pages

•  Data
storage
and
query
support

•  Load
balancing
for
application
scalability

•  Application
program
interface
(API)
support
for
appli-
cation-based
e-mail
through
Google
services

•  A
local
development,
environment
that
simulates
Google
App
Engine
on
the
developer’s
computer

•  Support
for
event
scheduling
and
triggering

•  An
application
sandbox
that
limits
access
to
the
under-
lying
operating
system

•  Software
development
kits
specific
to
programming
languages

•  An
administrative
console
for
managing
applications
and
databases

For
more
information
on
Google
App
Engine,
visit
www.appengine.google.com.

Exercise
Assume
your
company
must
deploy
Java
and
PHP
solutions.
Discuss
how
your
company
might
use
Google
App
Engine
and
the
company’s
potential
cost.

Web
Resources
For
additional
information
on
Google
App
Engine,
see
www.CloudBookContent.com/Chap-
ter03/index.html.

http://www.appengine.google.com/

http://www.cloudbookcontent.com/Chapter03/index.html

FIGURE
3­1
Google
App
Engine
helps
developers
cre-
ate
web-based
applications
and
then
hosts
the
ap-
plications
in
the
cloud.

IT
Evolution
Leading
to
the
Cloud

The
evolution
of
information
technology
solutions
has
been
defined
by
several
distinct
hardware
and
software
models.
To
start,
early
IT
solutions
from
the
1960s
to
mid-1980s
were
characterized
by
mainframe
computers
similar
to
that
shown
in
FIGURE
3­2,
which
had
the
fol-
lowing
characteristics:

•  Large
capital
investment
for
data-center-based
computers

•  Large,
expensive
disk
and
tape
storage
systems
that
of-
ten
provided
only
limited
storage
capacity

•  User
interface
to
the
system
provided
through
dumb
terminals

•  Limited
computer–network
interconnectivity

•  System
security
maintained
through
physical
security
(few
users
had
direct
access
to
the
computer
hardware)

FIGURE
3­2
Computing
from
the
1960s
through
the
mid-1980s
was
mainframe
driven.

With
the
advent
of
the
IBM
PC
in
1981,
users
shifted
to
local
applications
and
data
storage.
Early
network
solu-
tions
provided
in-house
e-mail
communication
and
lim-
ited
printer
and
file
sharing.
System
security
was
imple-
mented
primarily
at
the
individual
computer
level
be-
cause
network
simplicity
did
not
yet
provide
an
environ-
ment
for
sophisticated
computer
viruses.

FIGURE
3­3
Early
PC-based
servers
were
tower-based
systems
with
a
large
footprint.
They
consumed
consider-
able
power
and
generated
considerable
heat.

As
the
use
of
the
Internet
became
more
widespread,
companies
extended
their
e-mail
communication
beyond
company
users
to
vendors,
customers,
and
others.
Things
changed
drastically
with
the
commercialization
of
the
web
in
1995
and
the
release
of
company
websites.
Initially,
many
companies
brought
in
expensive
T1
or
T3
Internet
connections
and
housed
their
own
web
servers.
These
initial
servers
looked
like
large
desktop
systems,
as
shown
in
FIGURE
3­3.

FIGURE
3­4
ISPs
were
the
first
to
offer
cloud-like
re-
mote
computing
services.

For
smaller
companies,
however,
the
cost
to
connect
to
the
Internet
was
prohibitive.
As
a
result,
Internet
service
providers
(ISPs),
which
maintained
web
servers
and
high-speed,
high-bandwidth
connections,
began
to
emerge.
As
shown
in
FIGURE
3­4,
developers
would
use
languages
such
as
HTML,
Perl,
and
active
server
pages
(ASP)
to
develop
content
locally
and
then
use
a
file
trans-
fer
protocol
(FTP)
application
to
transfer
the
files
to
the
server,
which
resides
within
the
ISP.

The
advantages
of
hosting
solutions
at
an
ISP
included
the
following:

•  Reduced
cost:
The
ISP
provided
the
high-speed,
high-bandwidth
Internet
connection,
which
it
shared
across
several
companies.

•  Less
server
administration:
The
ISP
managed
the
servers
to
which
developers
uploaded
their
solutions.

•  Less
hardware
to
purchase
and
maintain:
The
ISP
purchased
and
managed
the
hardware
and
managed
the
infrastructure
software,
such
as
the
operating
system.

•  Greater
system
uptime:
Through
the
use
of
redun-
dant
hardware
resources,
the
ISP
provided
high
system
uptime.

•  Potential
scalability:
The
ISP
had
the
ability
to
move
a
high-demand
application
to
a
faster
bandwidth
connection.

As
the
use
of
the
Internet
and
web
continued
to
drive
processing
requirements,
many
data
centers
began
to
move
to
blade
servers,
similar
to
that
shown
in
FIGURE
3­5,
which
required
a
smaller
footprint,
involved
less
cost,
and
could
easily
access
shared
network
devices.

By
2005,
many
companies
used
Windows-
and
Linux-
based
web
servers
that
were
housed
at
remote
ISPs
and
laid
the
groundwork
for
the
eventual
creation
of
what
we
describe
today
as
cloud-based
PaaS
solutions,
as
shown
in
FIGURE
3­6.

FIGURE
3­5
Blade
computers
allowed
companies
to
re-
duce
server
footprint,
power
requirements,
and
heat
within
the
data
center.

FIGURE
3­6
The
evolution
of
technology
leading
to
cloud
PaaS
solutions.

CASE
3-2
FORCE.COM
AS
A
PAAS

One
of
the
best
known
software
as
a
service
(SaaS)
solu-
tions
is
Salesforce.com.
To
extend
its
cloud
capabilities
to
application
developers,
Salesforce.com
has
released
the
Force.com
PaaS.
Although
it
was
originally
devel-
oped
to
provide
a
home
for
business
applications,
Force.-
com
now
runs
applications
across
most
sectors.

As
shown
in
FIGURE
3­7,
Force.com
provides
four
differ-
ent
development
environments
that
sit
in
a
cloud-based
data
management
facility.

http://force.com/

http://salesforce.com/

http://salesforce.com/

http://force.com/

http://force.com/

http://force.com/

FIGURE
3­7
Force.com
provides
four
primary
develop-
ment
products
that
leverage
a
cloud-based
database.

The
following
briefly
describes
the
Force.com
application
interface:

•  Appforce:
Provides
a
user
interface
that
lets
nonpro-
grammers
create
applications
to
support
finance,
human
resources,
project
management,
and
more.
Through
a
drag-and-drop
interface,
users
can
develop
business
so-
lutions
without
writing
code.

•

Siteforce:
Provides
the
ability
for
nondevelopers
to
quickly
create
a
data-rich
website
using
the
Salesforce.-
com
customer
relationship
management
(CRM)
editor.
Users
do
not
need
to
know
HTML
or
coding
to
produce
powerful
web
pages.

•

VMforce:
Provides
a
platform
for
Java-based
solu-
tions
in
which
programmers
can
code
locally
using
the
Eclipse
integrated
development
environment
(IDE)
and
then
drag
and
drop
their
solutions
to
VM-
force.com
for
hosting.

•

ISVforce:
Provides
a
platform
that
independent
soft-
ware
vendors
can
use
to
distribute
their
applications
and
updates
to
users
via
the
cloud.
The
platform
includes
ac-
cess
to
an
application
storefront
that
developers
can
use
to
expose
their
application
to
potential
customers.

The
Force.com
applications
sit
on
top
of
a
cloud-based
database
provided
by
Salesforce.com
at
Database.com.
The
cloud­based
database
provides
high
perfor-
mance,
scalability,
backups,
and
data
redundancy.
Data-
base.com
provides
an
API
that
developers
can
use
within
their
programs
to
interact
with
the
database.

Exercise
Assume
your
company’s
vice
president
of
sales
wants
to
produce
sales
reports
from
your
company’s
cloud-based
sales
data.
Unfortunately,
your
company
does
not
have
programming
resources
it
can
allocate
to
the
project.
Discuss
how
your
company
might
leverage
a
Force.com
solution
to
meet
the
requirement.

Web
Resources
For
additional
information
on
Force.-
com,
see
www.CloudBookContent.com/Chapter03/in-
dex.html.

Benefits
of
PaaS
Solutions

http://force.com/

http://force.com/

http://salesforce.com/

http://vmforce.com/

http://force.com/

http://salesforce.com/

http://database.com/

http://database.com/

http://force.com/

http://force.com/

http://www.cloudbookcontent.com/Chapter03/index.html

By
shifting
computing
resources
from
an
on-site
data
center
to
the
cloud,
PaaS
solutions
offer
many
advantages:

•  Lower
total
cost
of
ownership:
Companies
no
longer
need
to
purchase
and
maintain
expensive
hard-
ware
for
servers,
power,
and
data
storage.

•  Lower
administrative
overhead:
Companies
shift
the
burden
of
system
software
administration
from
in-
house
administration
to
employees
of
the
cloud
provider.

•  More
current
system
software:
The
cloud
admin-
istrator
is
responsible
for
maintaining
software
versions
and
patch
installations.

•  Increased
business
and
IT
alignment:
Company
IT
personnel
can
focus
on
solutions
rather
than
on
server-related
issues.

•  Scalable
solutions:
Cloud-based
solutions
can
scale
up
or
down
automatically
based
on
application
resource
demands.
Companies
pay
only
for
the
resources
they
consume.

CASE
3-3
LONGJUMP
AS
A
PAAS

LongJump
provides
a
PaaS
solution
that
includes
cloud-
based
database
management
support.
What
makes
Long-
Jump
unique
is
its
focus
on
the
entire
software
develop-
ment
life
cycle.
To
start
an
application
design,
nonpro-
grammers
can
capture
business
requirements,
forms,
and
data
relationships
without
coding.
The
LongJump
application
development
is
Java
based
and
supports
key
protocols
such
as
SOAP
and
REST.
After
the
developer
hosts
the
site,
LongJump
provides
release
management
and
software
maintenance
support.
Developers
can
try
LongJump
free
of
charge.

Exercise
Discuss
the
role
of
web
services
and
specifical-
ly
the
use
of
the
SOAP
and
REST
protocols.

Web
Resources
For
additional
information
on
Long-
Jump,
see
www.CloudBookContent.com/Chapter03/in-
dex.html.

Disadvantages
of
PaaS
Solutions

http://www.cloudbookcontent.com/Chapter03/index.html

Potential
disadvantages
of
PaaS
solutions
include
the
following:

•  Concerns
about
data
security:
Some
companies
are
hesitant
to
move
their
data
storage
off-site.

•  Challenges
to
integrating
cloud
solutions
with
legacy
software:
A
company
may
need
to
support
on-
site
solutions
as
well
as
cloud-based
solutions.
Commu-
nication
between
the
two
application
types
may
be
diffi-
cult
to
impossible.

•  Risk
of
breach
by
the
PaaS
provider:
If
the
com-
pany
providing
the
PaaS
service
fails
to
meet
agreed-
upon
service
levels,
performance,
security,
and
availabili-
ty
may
be
at
risk,
and
moving
the
application
may
be
difficult.

CASE
3-4
NETSUITE
AS
A
PAAS

NetSuite
is
somewhat
of
a
hybrid
in
that
it
is
a
provider
of
both
SaaS
and
PaaS.
On
the
SaaS
side,
NetSuite
offers
turnkey
enterprise
resource
planning
(ERP),
customer
relationship
management
(CRM),
and
accounting
solu-
tions.
The
benefits
of
using
the
NetSuite
cloud-based
so-
lution
include
the
following:

•  Reduced
total
cost
of
ownership
compared
with
run-
ning
on-site
solutions
within
an
IT
data
center

•  Reduced
duplication
of
data
entry
through
the
use
of
integrated
storage
solutions

•  Enhanced
distributed
access
to
computer
data

•  Simplified
application
updates
because
NetSuite
main-
tains
and
manages
software
solutions

On
the
PaaS
side,
NetSuite
provides
a
development
envi-
ronment
that
sits
on
top
of
the
Net-Suite
business
solu-
tions.
Using
a
drag-and-drop
environment,
developers
can
quickly
build
and
deploy
enterprise
solutions.

Exercise
Visit
the
NetSuite
website
and
then
discuss
the
role
and
capability
of
drag-and-drop
solutions
that
do
not
require
a
programmer
to
create
and
deploy
applications.

Web
Resources
For
additional
information
on
Net-
Suite,
see
www.CloudBookContent.com/Chapter03/in-
dex.html.

 

CASE
3-5
CLOUD
FOUNDRY
AS
A
PAAS

Cloud
Foundry
is
an
open
source
project
enabled
by
VMware.
Developers
have
access
to
and
contribute
to
the
project.
Cloud
Foundry
provides
developers
with
a
com-
plete
PaaS
solution
that
supports
programming
lan-
guages
including
Spring
for
Java
applications,
Rails
and
Sinatra
for
Ruby,
and
other
Java
virtual
machine
(JVM)
frameworks.
Cloud
Foundry
supports
various
open
source
databases,
such
as
MongoDB
and
MySQL.

The
primary
Cloud
Foundry
is
multitenant,
but
through
the
use
of
MicroCloud,
developers
can
use
a
single
in-
stance
of
Cloud
Foundry.

Exercise
Research
cloud
applications
on
the
web.
Dis-
cuss
the
programming
languages
that
cloud
developers
use
most
often
to
implement
the
applications
they
create.

Web
Resources
For
additional
information
on
Cloud
Foundry,
see
www.CloudBookContent.com/Chapter03/index.html.

 

CASE
3-6
OPENSHIFT
AS
A
PAAS

Red
Hat
is
well
known
for
providing
and
supporting
open
source
solutions.
Red
Hat
also
distributes
Red
Hat
Linux.
OpenShift
is
the
Red
Hat
PaaS
offering,
which
lets
developers
quickly
deploy
browser-based
and
command-
line-based
applications.
OpenShift
has
three
primary
de-
velopment
tools:

•

Express:
A
free
platform
for
cloud-based
solutions
written
in
PHP,
Python,
and
Ruby.

•

Flex:
Well
suited
for
cloud-based
Java,
JBoss,
and
PHP
solutions.

•

Power:
Designed
for
Linux-based
solutions
written
in
the
C
programming
language.

http://www.cloudbookcontent.com/Chapter03/index.html

http://www.cloudbookcontent.com/Chapter03/index.html

Exercise
Discuss
the
pros
and
cons
of
using
a
Linux-
based
PaaS
solution
as
opposed
to
a
Windows-based
environment.

Web
Resources
For
additional
information
on
Open-
Shift,
see
www.CloudBookContent.com/Chapter03/in-
dex.html.

 

CASE
3-7
WINDOWS
AZURE
AND
SQL
AZURE
AS
A
PAAS

Microsoft.NET
has
driven
the
development
of
many
dy-
namic
web
solutions
and
web
services.
Windows
Azure
is
a
PaaS
running
within
Microsoft
data
centers.
Users
pay
only
for
the
scalable
processor
resources
that
they
con-
sume.
SQL
Azure
provides
a
cloud-based
database
solu-
tion
for
applications
running
within
Windows
Azure.
FIGURE
3­8
illustrates
the
Windows
Azure
PaaS
environment.

Windows
Azure
goes
beyond
.NET
and
includes
support
for
Java,
PHP,
and
Ruby.
Developers
can
build
and
de-
ploy
their
solutions
to
Azure
using
an
IDE
such
as
Visual
Studio
or
Eclipse.
Developers
can
interface
to
SQL
Azure
using
much
of
the
same
code
they
would
use
to
access
a
local
database.

Exercise
Discuss
advantages
and
disadvantages
of
us-
ing
Microsoft
as
a
PaaS
solution
provider.

Web
Resources
For
additional
information
on
Win-
dows
Azure
and
SQL
Azure,
see
www.CloudBookCon-
tent.com/Chapter03/index.html.

FIGURE
3­8
The
Windows
Azure
PaaS
environment.

http://www.cloudbookcontent.com/Chapter03/index.html

http://microsoft.net/

http://www.cloudbookcontent.com/Chapter03/index.html

CHAPTER
SUMMARY

A
PaaS
solution
provides
a
collection
of
hardware
and
software
resources
that
developers
use
to
build
and
de-
ploy
cloud-based
applications.
PaaS
solutions
run
a
Win-
dows-
or
a
Linux-based
operating
system
and
normally
support
a
specific
programming
environment,
such
as
.NET
or
Java.

PaaS
solutions
eliminate
the
need
for
developers
to
buy
and
maintain
hardware
and
install
and
manage
operat-
ing
system
and
database
software.
Because
the
PaaS
computing
resources
reside
in
the
cloud,
the
resources
can
scale
up
or
down
based
on
application
demand,
and
the
company
pays
only
for
the
resources
it
consumes.
Fi-
nally,
because
PaaS
eliminates
the
developers’
need
to
worry
about
servers,
they
can
more
quickly
deploy
their
web-based
solutions.

KEY
TERMS

Cloud­based
database

Integrated
development
environment
(IDE)

Platform

CHAPTER
REVIEW

1.
Define
and
describe
PaaS.

2.
List
the
benefits
of
PaaS
solutions.

3.
Describe
potential
disadvantages
of
PaaS.

4.
Describe
how
a
cloud-based
database
management
system
differs
from
an
on-site
database.

5.
List
the
computing
resources
normally
provided
with
a
PaaS.

6.
Assume
your
company
must
deploy
a
.NET
solution
to
the
cloud.
Discuss
the
options
available
to
developers.
Research
on
the
web
and
estimate
the
costs
associated
with
deploying
a
PaaS
solution.

7.
Assume
your
company
must
deploy
a
PHP
or
Java
so-
lution
to
the
cloud.
Discuss
the
options
available
to
de-

velopers.
Research
on
the
web
and
estimate
the
costs
as-
sociated
with
deploying
a
PaaS
solution.

chapter
10

Disaster Recovery and Business Conti‐
nuity and the Cloud
FOR
YEARS,
A
PRIMARY
job
of
the
IT
staff
of
an
or-
ganization
was
to
ensure
availability
of
computing
re-
sources
(applications,
files,
and
even
phone
systems)
not
only
on
a
day-to-day
basis,
but
also
in
the
event
of
a
cri-
sis
or
natural
disaster.
Business
continuity
describes
the
policies,
procedures,
and
actions
taken
by
an
organiza-
tion
to
ensure
the
availability
of
critical
business
func-
tions
to
employees,
customers,
and
other
key
stakehold-
ers.
Disaster
recovery
describes
the
steps
a
business
will
take
to
restore
operations
in
the
event
of
a
disaster
(fire,
flood,
hurricane,
tornado,
or
other
event).
Following
9/11,
business
continuity
and
disaster
recovery
became
a
very
real
and
essential
IT
function.

Learning
Objectives

This
chapter
examines
ways
companies
can
leverage
the
cloud
to
increase
business
continuity
and
to
simplify
dis-
aster
recovery.
By
the
time
you
finish
this
chapter,
you
will
be
able
to
do
the
following:

•   Define
and
describe
business
continuity.

•   Define
and
describe
disaster
recovery.

•   Describe
the
benefits
of
cloud-based
or
off-site
backups.

•   Evaluate
the
risk
of
various
threats
and
discuss
steps
to
mitigate
each.

•   Discuss
the
role
of
colocation
as
a
business
continuity
and
disaster
recovery
solution.

•   Identify
and
discuss
a
variety
of
system
threats.

•   Describe
the
benefits
of
a
cloud-based
phone
system.

•   Describe
the
benefit
of
cloud-based
data
storage
to
business
continuity.

•   Describe
the
importance
of
testing/auditing
the
busi-
ness
continuity
and
disaster
recovery
plan.

•   Create
a
business
continuity
and
disaster
recovery
plan.

Understanding
the
Threats

An
IT
staff
must
anticipate
and
prepare
for
a
wide
range
of
system
threats.
The
following
sections
examine
com-
mon
threats,
how
IT
teams
traditionally
tried
to
mitigate
threat
risks,
and
how
cloud-based
solutions
may
further
mitigate
risks.

Threat:
Disk
Failure

Disk
drives
are
mechanical
devices,
and
as
such
they
will
eventually
wear
out
and
fail.
Further,
other
threats,
such
as
fire,
flood,
theft,
or
power
surges,
can
result
in
the
loss
of
disk-based
data.

All
mechanical
devices
have
an
associated
mean
time
between
failure
(MTBF)
rating.
For
a
disk
drive,
the
MTBF
may
be
500,000
hours
of
use
(about
8
years).
That
said,
it
is
important
that
you
understand
how
man-
ufacturers
calculate
the
MTBF.
To
start,
the
manufactur-
er
may
begin
running
1,000
disk
drives.
When
the
first
disk
drive
fails,
the
manufacturer
will
note
the
time—let’s
say
after
500
hours
(less
than
a
month).
The
manufac-
turers
then
multiply
that
time
by
the
number
of
devices
that
they
tested
to
determine
the
MTBF:

MTBF
=
(500)
×
(1000)

            =
500,000
hours

It’s
important
to
note
that
no
device
in
the
group
ran
near
the
500,000
hours!

Traditional
Risk
Mitigation
for
Disk
Failure

The
first
and
foremost
risk
mitigation
for
disk
failure
is
to
have
up-to-date
disk
backups.
If
a
disk
fails,
the
com-
pany
can
simply
replace
the
disk
and
restore
the
backup.
That
implies,
of
course,
that
the
cause
of
the
disk
failure
(fire,
smoke,
flood,
or
theft)
did
not
also
damage
the
disk
backup.
To
reduce
such
risk,
most
companies
store
their
disk
backups
at
an
off-site
storage
facility.

CASE
10-1
IRON
MOUNTAIN
OFF-SITE
TAPE
VAULTING

Because
of
their
ease
of
use,
inexpensive
cost,
and
high
storage
capacity,
many
companies
continue
to
use
tape
backups
for
their
disk
storage.
A
lot
of
companies
use
Iron
Mountain
to
store
the
tape
backups
securely.
If
the
company
ever
needs
to
restore
a
disk
or
retrieve
an
archived
letter,
e-mail,
or
other
data
for
legal
or
compli-
ance
reasons,
the
company
can
simply
retrieve
and
restore
the
magnetic
tape.
The
question
then
becomes,
why
use
Iron
Mountain?
The
answer
is
simple:
they
have
been
storing
key
company
data
since
1951!

Today
Iron
Mountain
provides
a
variety
of
services
be-
yond
digital
tape
storage:

•  Document
management

•  Cloud-based
automatic
backups

•  Records
management
and
storage
(including
health
records)

•  Secure
document
shredding

•  And
more

Exercise
Assume
your
company
must
back
up
500
users’
desktops
and
20
physical
servers.
Visit
the
Iron
Mountain
website
and
create
two
backup
plan
options.

Web
Resources
For
additional
information
on
Iron
Mountain
and
the
company’s
backup
solutions,
see
www.CloudBookContent.com/Chapter10/index.html.

The
problem
with
the
remote
tape
backup
system
is
that
it
takes
time.
To
start,
the
company
may
need
to
pur-
chase
a
replacement
disk.
Then
the
company
must
install
and
format
the
disk
for
use.
Finally
the
company’s
tape
storage
facility
must
locate
and
return
the
tape
that
con-
tains
the
data.

To
reduce
the
potential
need
to
retrieve
and
store
a
tape
backup,
companies
turned
to
multiple
disk
storage
solutions.

RAID­Protected
Storage
Today,
many
data
centers
use
a
redundant
array
of
independent
(or
inex­

http://www.cloudbookcontent.com/Chapter10/index.html

pensive)
disks
(RAID)
to
reduce
the
impact
of
disk
failure.
A
RAID
system
contains
multiple
disk
drives.
Rather
than
simply
store
a
file
on
one
drive,
the
RAID
system
stores
the
data
across
several
drives.
In
addition,
the
RAID
system
stores
data
that
can
be
used
to
recon-
struct
the
file
if
one
of
the
drives
fail.
In
this
way,
if
a
disk
drive
fails,
no
file
recovery
is
required
from
the
tape
backup.
Instead,
the
IT
staff
can
simply
replace
the
failed
disk
and
the
RAID
system
will
rebuild
the
disk’s
contents
on
the
fly!

It
is
important
to
note
that
RAID
systems
do
not
elimi-
nate
the
need
for
disk
backups.
If
fire,
flood,
or
theft
oc-
curs,
the
entire
contents
of
all
the
RAID
drives
may
be
lost.
In
such
a
case,
the
tape
backup
of
the
drives
be-
comes
the
data
restoration
solution.

Cloud-Based
Data
Storage
and
Backup
Solutions

Chapter
6
examined
cloud-based
data
storage
in
detail.
As
you
learned,
cloud-based
storage
not
only
lets
users
access
their
data
from
any
place,
at
any
time,
and
often
with
any
device,
but
it
also
provides
enhanced
data
repli-
cation.
As
shown
in
FIGURE
10­1,
many
cloud-based
data
storage
systems
automatically
replicate
cloud-based
data
at
a
second
off-site,
cloud-based
facility.
In
this
way,
if
one
of
the
RAID-based
cloud
devices
fail,
the
cloud-
based
data
provider
can
immediately
fail
over
to
the
re-
dundant
device.

FIGURE
10­1
Most
cloud-based
data
storage
facilities
provide
automatic
data
replication
to
another
cloud-
based
data
repository.

Further,
as
discussed
in
Chapter
6,
many
cloud-based
fa-
cilities
now
use
a
RAID-like
file
system,
which
produces
recovery
data
the
facility
can
use
in
the
event
of
a
device
failure.

Cloud-Based
Data
Backups

Chapter
6
examined
the
role
of
cloud-based
backups
in
detail.
Because
cloud-based
backups
reside
at
a
remote
storage
facility,
the
backups
immediately
introduce
a
lev-
el
of
protection.
Then,
because
the
backup
files
are
im-
mediately
available
from
any
device,
anywhere,
the
back-
ups
reduce
potential
downtime
because
no
time
is
need-
ed
to
find,
retrieve,
and
restore
a
tape
backup
from
a
tra-
ditional
backup
storage
facility.

Threat:
Power
Failure
or
Disruption

Computers
are
sensitive
electronic
devices.
When
a
com-
puter
loses
power,
the
user’s
current
unsaved
data
is
lost.
Further,
an
electrical
spike
can
permanently
damage
the
computer’s
electronic
components,
rendering
the
device
unusable
or
destroying
disk-based
data.
Although
power
blackouts
can
be
caused
by
storms,
accidents,
or
acts
of
terrorism,
the
more
common
power
brownout
is
typically
more
damaging.
And,
unfortunately,
power
brownouts
can
be
quite
common,
especially
in
the
hot
summer
months
when
electrical
demands
spike.

Traditional
Power
Loss
Risk
Mitigation

To
reduce
the
risk
of
an
electrical
surge
damaging
a
com-
puter
and
its
peripherals,
most
users
plug
their
comput-
ers
and
devices
into
a
surge
suppressor.
Although
the
surge
suppressor
can
prevent
damaging
power
spikes
from
reaching
the
computer’s
electronic
components,
the
surge
suppressor
cannot
help
against
power
loss.
If
a
power
loss
occurs,
the
user’s
unsaved
work
will
be
lost.

FIGURE
10­2
Users
plug
devices
into
surge
suppres-
sors
to
protect
the
devices
from
power
spikes.
A
UPS
provides
users
with
a
few
minutes
of
battery
backup
power
so
the
users
can
save
their
work
and
shut
down
their
systems
in
an
orderly
way.

To
reduce
the
risk
of
lost
work,
many
users
plug
their
de-
vices
into
an
uninterruptible
power
supply
(UPS).
Most
UPS
devices
provide
10
to
15
minutes
of
battery
backup
power,
which
gives
users
time
to
save
their
work
and
shut
down
their
systems
in
a
conventional
way.
FIG­
URE
10­2
shows
a
surge
suppressor
and
a
UPS.

Within
a
data
center,
as
you
can
imagine,
it
would
be
physically
impossible
to
plug
every
device
into
its
own
UPS.
Further,
within
a
data
center,
a
loss
of
power
also
means
a
loss
of
critical
air
conditioning
to
cool
the
com-
puter
devices.
To
mitigate
risks
from
power
loss,
some
data
centers
use
very
large
UPS-like
devices
that
provide
a
period
of
battery
power
to
all
of
the
powered
devices.
Further,
as
shown
in
FIGURE
10­3,
if
the
power
outage
lasts
a
long
time,
the
data
center
can
switch
to
a
large
diesel-powered
generator
to
drive
power.

FIGURE
10­3
Many
data
centers
have
diesel-powered
generators
to
produce
power
in
the
event
of
a
long-term
outage.

Colocation
of
Data
Resources
Colocation
is
the
process
of
replicating
key
data
processing,
data
storage,
and
possibly
telecommunications
equipment
at
a
second
remote
facility.
In
other
words,
a
company
will
duplicate
its
data
center
at
a
second
facility.
The
advantage
of
colo-
cation
is
that
if
one
data
center
fails,
the
system
can
im-
mediately
fail
over
to
the
second
facility.
The
disadvan-

tage
of
colocation
is
cost.
Not
only
does
the
company
have
to
replicate
its
equipment,
but
it
must
also
pay
for
the
power,
air
conditioning,
and
staffing
for
a
second
facility.

Colocation
is
one
way
to
reduce
the
risk
of
power
failure.
It
is
not
enough
to
simply
locate
the
second
facility
across
the
street
or
even
across
town.
One
must
place
the
second
facility
across
the
country
to
eliminate
the
impact
of
storms,
attacks,
or
power
grid
failures.

Cloud-Based
Power
Loss
Risk
Mitigation

Chapter
3,
Platform
as
a
Service
(PaaS),
introduced
the
concept
of
cloud-based
PaaS
solutions.
Likewise,
Chapter
4,
Infrastructure
as
a
Service
(IaaS),
presented
the
con-
cept
of
cloud-based
IaaS
solutions.
When
you
consider
the
expensive
infrastructure
needed
to
reduce
the
impact
of
power
interruption,
that
alone
should
make
you
con-
sider
housing
the
data
center
off-site
within
the
cloud.
Most
PaaS
and
IaaS
solution
providers
have
effectively
dealt
with
power
loss
issues.
Remember,
such
providers
can
share
the
infrastructure
costs
across
many
cus-
tomers.
Also,
most
of
the
providers
have
colocated
facili-
ties
on
different
power
grids.

CASE
10-2
SITE
SECURE
NET
|
THE
PLANET

Many
companies
today
provide
cloud-based
PaaS
and
IaaS
solutions
with
excellent
power
management
facili-
ties.
Site
Secure
Net
|
The
Planet
is
one
such
company,
featured
here
because
its
website,
shown
in
FIGURE
10­
4,
specifically
addresses
the
company’s
power
manage-
ment
infrastructure.
Beyond
a
state-of-the-art
power
management
system,
Site
Secure
Net
|
The
Planet
also
provides
colocation
support.
If
power
fails
in
one
facility,
the
second
facility
can
immediately
take
over
operations.

Exercise
Assume
that
your
company
has
an
in-house
data
center
and
500
on-site
user
computers.
Discuss
the
steps
you
would
recommend
that
the
company
pursue
to
provide
power
management
to
the
computer
resources.

Web
Resources
For
additional
information
on
Site
Se-
cure
Net
|
The
Planet,
see
www.CloudBookContent.com/Chapter10/index.html.

http://www.cloudbookcontent.com/Chapter10/index.html

FIGURE
10­4
The
Site
Secure
Net
|
The
Planet
website
provides
an
excellent
power
management
overview.

Threat:
Computer
Viruses

As
users
surf
the
web
(potentially
downloading
and
in-
stalling
software)
and
share
drives
(such
as
junk
drives),
their
systems
and
those
in
the
same
network
are
at
risk
for
a
computer
virus
attack
or
spyware.
It
is
estimated
that
within
the
United
States
alone,
lost
productivity
time
due
to
computer
viruses
exceeds
$10
billion
per
year!

Traditional
Computer
Virus
Risk
Mitigation

The
best
defense
against
computer
viruses
and
spyware
is
to
ensure
that
every
system
has
antivirus
software
in-
stalled.
Most
antivirus
solutions
today
automatically
up-
date
themselves
across
the
web,
as
often
as
daily,
with
the
most
recent
virus
and
spyware
signatures.

Second,
many
organizations
prevent
users
from
in-
stalling
their
own
software.
Not
only
does
this
practice
reduce
the
chance
of
a
computer
virus
infection,
it
also
aids
the
company
in
preventing
the
installation
of
soft-
ware
that
the
company
does
not
own.

Third,
as
shown
in
FIGURE
10­5,
home
users
should
en-
able
a
firewall
on
their
system,
either
at
their
router
or
on
the
computer
itself.
Most
companies
place
a
firewall
outside
the
network.

FIGURE
10­5
Home
computer
users
and
business
users
should
protect
their
systems
by
placing
a
firewall
be-
tween
the
systems
and
the
Internet.

Fourth,
companies
must
train
users
to
not
open
e-mail
attachments
in
messages
they
receive
from
users
they
do
not
know.

Cloud-Based
Computer
Virus
Risk
Mitigation

In
Chapter
8,
Virtualization,
you
learned
that
many
companies
now
virtualize
desktop
systems
and,
in
some
cases,
download
an
operating
system
image
on
demand.
A
side
effect
of
this
virtualization
process
is
a
reduced
opportunity
for
a
computer
virus
to
make
its
home
with-
in
a
user’s
desktop
environment.
Further,
as
you
learned
in
Chapter
9,
Securing
the
Cloud,
many
companies
are
moving
to
cloud-based
antivirus
solutions.

Threat:
Fire

Fire
can
damage
computer
resources,
data
stored
on
disks,
and
local
copies
of
system
backups.
If
the
fire
itself
does
not
damage
the
equipment,
the
smoke
or
the
process
of
putting
out
the
fire
will.

Traditional
Fire
Risk
Management

Most
offices
have
sprinkler
systems,
which,
as
you
can
imagine,
destroy
computers
when
they
deploy.
Often
there
is
no
good
way
to
protect
office
hardware
other
than
simply
to
insure
it.
The
goal,
when
such
damage
oc-
curs,
is
to
get
the
users
up
and
running
again
as
soon
as
possible—business
continuity,
in
other
words.
That
means
that
system
backups
must
be
up
to
date
and
must
be
stored
at
an
off-site
location.

Within
a
data
center,
you
normally
won’t
find
sprinkler
systems,
but
rather
halon
systems,
based
on
compounds
of
carbon
and
one
or
more
halogens,
that
stop
fire
by
re-
moving
all
the
oxygen
from
the
room.

Cloud-Based
Fire
Risk
Mitigation

If
you
house
your
data
center
in
the
cloud,
your
system
will
reside
in
a
state-of-the-art
data
center
that
provides
fire
suppression
systems
and,
in
most
cases,
colocated
system
redundancy.
Again,
because
the
PaaS
and
IaaS
solution
providers
share
their
costs
across
many
cus-
tomers,
they
are
able
to
provide
their
customers
with
top-level
service
at
a
relatively
low
cost.

Threat:
Floods

During
the
rainy
season,
the
nightly
news
often
leads
with
a
story
about
a
city
or
state
that
is
under
water
due
to
flooding.
Depending
on
the
speed
and
severity
of
the
flood,
companies
may
have
a
chance
to
remove
systems
from
the
area
before
the
flood
hits.
If
not,
the
equipment
and
the
data
stored
within
it
is
typically
lost.

Traditional
Flood
Risk
Mitigation

As
with
fire,
so
with
flood:
the
best
defense
is
to
have
current
backups
and
insured
equipment.
Within
many
data
centers
you
will
find
flood
sensors,
similar
to
the
one
shown
in
FIGURE
10­6,
which
sound
an
alarm
if
wa-
ter
is
detected.
These
sensors
do
not
exist
to
detect
wide-
spread
flooding,
but
rather
water
leaking
from
an
on-site
pipe
break.

FIGURE
10­6
Many
data
centers
use
water
detection
systems
to
sound
alarms
if
a
pipe
breaks.

Cloud-Based
Flood
Risk
Mitigation

A
good
rule
of
thumb
is
to
not
place
your
data
center
within
a
flood
zone.
Historically,
most
companies
had
lit-
tle
choice—they
had
to
place
their
data
center
near
their
business
offices,
often
in
the
same
building.
Today,
how-
ever,
with
cloud-based
PaaS
and
IaaS
solutions
readily
available,
the
data
center
can
essentially
reside
any-
where.
Thus,
the
new
rule
of
thumb
is
to
not
select
a
PaaS
or
IaaS
provider
located
in
a
flood
zone.

Threat:
Disgruntled
Employees

A
disgruntled
employee
can
harm
a
company
by
launch-
ing
a
computer
virus,
changing
or
deleting
files,
or
ex-
posing
system
passwords.
It
is
very
difficult
to
defend
completely
against
a
disgruntled
employee,
particularly
one
who
has
physical
access
to
systems.

Traditional
Disgruntled
Employee
Risk
Mitigation

In
the
past,
businesses
protected
themselves
from
dis-
gruntled
employees
by
trying
to
limit
the
damage
such
an
employee
could
cause.
First,
as
previously
discussed,
companies
must
ensure
that
up-to-date
backups
are
in
place.
Second,
the
company
must
use
controls
to
limit
the
resources
that
employees
can
access
to
only
those
they
need
in
order
to
perform
their
jobs.
Then,
if
an
em-
ployee
is
terminated,
the
company
must
quickly
disable
the
employee’s
access
to
all
systems.

Cloud-Based
Disgruntled
Employee
Risk
Mitigation

Chapter
5,
Identity
as
a
Service
(IDaaS),
presented
the
single
sign-on
process
and
ways
companies
are
using
the
cloud
to
implement
IDaaS.
In
this
way,
if
a
company
ter-
minates
an
employee,
the
company
can
quickly
disable
the
employee’s
access
to
all
systems
by
simply
disabling
the
employee
within
the
authentication
server.
Chapter
8,
Virtualization,
examined
desktop
virtualization.
If
a
company
provides
employees
with
a
desktop
on
demand,
most
employees
(except
for
the
one
in
charge
of
desktop
images)
can
do
little
to
harm
the
system.

Threat:
Lost
Equipment

Each
year,
within
airports
alone,
thousands
of
notebook
computers
are
lost
or
stolen.
When
an
employee
loses
a
notebook,
not
only
is
the
computer
lost,
but
also
the
user’s
local
data,
which
may
be
confidential.
Today,
with
users
carrying
powerful
handheld
devices,
the
opportuni-
ty
for
loss
becomes
even
greater.
Given
the
amount
of
in-

y g
formation
a
user
stores
on
such
a
device,
identity
theft
often
follows
the
theft
of
a
device.

Traditional
Lost
Equipment
Risk
Mitigation

To
reduce
the
risk
of
data
loss
when
a
device
is
lost
or
stolen
(or
broken),
the
user
must
maintain
current
back-
ups.
To
reduce
access
to
company
sensitive
data,
many
systems
require
a
username
and
password
or
biometric
sign-on.
Although
such
techniques
can
be
bypassed
by
an
advanced
hacker,
they
will
prevent
most
criminals
from
accessing
data.

Cloud-Based
Lost
Equipment
Risk
Mitigation

Typically,
the
more
a
company
utilizes
the
cloud,
the
less
risk
the
company
will
have
with
respect
to
a
lost
device.
If,
for
example,
the
user
stores
(or
syncs)
key
files
to
a
cloud-based
data
repository,
the
user
is
likely
to
lose
only
minimal
data.
Likewise,
if
the
company
uses
a
cloud-
based
system
such
as
Exchange
Online,
the
user
will
be
without
e-mail,
calendar,
and
contact
access
for
only
a
brief
period
of
time.

Threat:
Desktop
Failure

Computers,
like
all
devices,
may
eventually
wear
out
and
fail.
The
cause
of
failure
may
be
a
bad
disk
drive,
mother-
board,
power
supply,
and
so
on.
The
bottom
line
is
that
a
user
is
now
without
a
system.

Traditional
Desktop
Failure
Risk
Mitigation

The
first
step
in
recovering
from
a
desktop
failure
is
to
ensure
that
current
backups
of
the
user’s
files
exist.
Many
companies
have
users
store
key
files
on
a
network
disk,
which
the
company
can
easily
back
up
and
later
restore.
In
most
companies,
a
user
experiencing
the
desktop
failure
will
be
offline
until
the
IT
staff
can
locate
a
replacement
computer,
install
and
configure
software,
restore
backups
of
any
of
the
user’s
local
files,
and
then
make
the
system
available.
A
few
hours
of
employee
downtime
can
have
a
significant
cost.

Cloud-Based
Desktop
Failure
Risk
Mitigation

Chapter
8,
Virtualization,
examined
desktop
virtualiza-
tion.
If
a
company
delivers
the
users’
desktops
on
de-
mand,
a
user
whose
system
has
failed
need
only
stand

up,
walk
to
another
system,
and
log
in.
The
employee
can
then
resume
work
right
where
he
or
she
left
off.
Further,
if
the
user
stores
files
in
the
cloud,
he
or
she
can
likely
access
them
from
any
device,
and,
if
necessary,
use
soft-
ware
such
as
Office
Web
Apps
to
access
and
edit
the
files.

Threat:
Server
Failure

Just
as
desktop
computers
can
fail,
so
too
can
servers.
Because
most
servers
today
are
blade
devices,
replacing
a
server
is
a
relatively
simple
process,
as
shown
in
FIGURE
10­7,
as
long
as
the
company
has
an
extra
server
avail-
able.
Because
most
servers
boot
from
a
network-attached
storage
(NAS)
device,
the
process
of
getting
the
new
server
up
and
running
should
be
easy.

FIGURE
10­7
Blade
server
replacement
is
normally
fast
and
simple.
Because
most
servers
boot
from
a
NAS
de-
vice,
only
minimal
software
setup
is
normally
required.

Traditional
Server
Failure
Risk
Mitigation

If
a
company
has
a
mission-critical
application
running
on
a
lone
server
and
does
not
have
a
replacement
server
available,
or
better
yet,
online,
then
shame
on
that
com-
pany.
Device
redundancy
is
the
only
way
to
recover
quickly
from
a
server
failure.

Cloud-Based
Server
Failure
Risk
Mitigation

Given
not
only
the
cost
factors,
but
also
the
advantages
discussed
throughout
this
chapter,
most
server
ap-
plications
should
reside
in
the
cloud
with
a
PaaS
or
IaaS
solution
provider.
Such
providers
typically
provide
99.9
percent
uptime
through
hardware
redundancy
and
auto-
matic
failover.

Threat:
Network
Failure

Although
networks
consist
primarily
of
cables
and
sim-
ple
switching
devices,
things
can
break.
For
simple
net-
works,
the
network
will
remain
down
until
the
faulty
de-
vice
or
cable
is
identified
and
replaced.

Traditional
Network
Failure
Risk
Mitigation

For
home
computer
users,
when
a
network
fails,
users
are
going
to
be
offline
until
a
fix
is
applied.
If
the
prob-
lem
resides
within
the
Internet
service
provider
(ISP),
the
user
can
do
nothing
to
resolve
the
issue.
As
a
solu-
tion,
some
users
are
purchasing
3G
and
4G
wireless
hot-
spot
devices
as
a
backup
method
of
accessing
the
Internet.

To
make
sure
that
the
network
does
not
become
a
single
point
of
failure,
some
companies
bring
in
a
second
Inter-
net
source
from
a
vendor
other
than
their
primary
ISP.
In
this
way,
if
one
network
provider
fails,
the
company
can
gain
access
to
the
Internet
through
the
backup
net-
work.
Further,
given
that
the
backup
network
is
in
place,
many
companies
will
use
it
to
load
balance
their
band-
width
demands.

Cloud-Based
Network
Failure
Mitigation

At
first
consideration,
relying
on
the
cloud
for
applica-
tion
and
data
storage
may
make
the
thought
of
a
network
failure
quite
concerning.
However,
as
you
have
just
read,
to
reduce
the
risk
of
network
failure
many
companies
provide
redundant
network
connections
to
the
Internet.
The
same
is
true
for
cloud
service
providers.
Again,
most
will
guarantee
99.9
percent
uptime.

Threat:
Database
System
Failure

Most
companies
today
rely
on
database
management
systems
to
store
a
wide
range
of
data,
from
customer
data,
to
human
resources
data,
to
application-specific
data.
If
a
company’s
database
fails,
many
applications
may
also
fail.

Traditional
Database
System
Failure
Risk
Mitigation

The
first
defense
in
reducing
the
risk
of
database
failure
is
to
maintain
current
backups
of
the
database.
Most
database
systems
today
make
the
backup
process
easy

and
automatic.
If
the
database
fails,
the
IT
staff
can
restore
the
backup.
Unfortunately,
the
database
and
the
applications
that
rely
on
it
will
be
down
while
the
restoration
is
performed.

To
reduce
the
risk
of
database
downtime
as
a
result
of
a
database
failure,
companies
typically
replicate
data
across
two
database
systems
in
real
time.
When
an
oper-
ation
updates
data
within
the
database,
the
database
replication
software
will
immediately
update
both
data-
base
systems,
as
shown
in
FIGURE
10­8.

FIGURE
10­8
Database
replication
creates
two
live
copies
of
databases
on
separate
servers.
If
one
database
fails,
the
other
can
immediately
take
over
operations.

Cloud-Based
Database
System
Failure
Risk
Mitigation

As
you
just
learned,
to
reduce
potential
system
downtime
in
the
event
of
a
database
system
failure,
many
compa-
nies
replicate
the
database
contents
in
real
time.
The
dis-
advantage
of
database
replication
is
that
it
requires
two
servers
(ideally
in
different
locations)
and
may
be
com-
plicated
for
developers
to
initially
configure.

Chapter
6,
Data
Storage
in
the
Cloud,
discussed
cloud-
based
database
management
systems
in
detail.
As
you
learned,
most
cloud-based
database
storage
providers
use
transparent
database
replication.
If
a
database
in
the
cloud
fails,
the
system
will
fail
over
to
the
backup
data-
base
automatically.
Further,
because
replication
can
oc-
cur
in
both
directions,
the
system
can
use
the
second
database
for
load
balancing.
If
data
is
updated
in
either
system,
the
change
will
be
replicated
to
the
other
system.

Threat:
Phone
System
Failure

Despite
the
fact
that
virtually
all
employees
carry
a
cell
phone
today,
most
organizations
still
maintain
phone
systems
that
provide
voice
mail,
conference
calling,
and
call
forwarding.
If
the
phone
system
fails,
the
company
can
resort
to
cell
phones.
Unfortunately,
customers
call-
ing
in
to
the
company
would
not
know
which
numbers
to
call.

Traditional
Phone
System
Failure
Risk
Mitigation

Historically,
there
have
been
few
ways
outside
of
redun-
dancy
to
reduce
the
impact
of
a
phone
system
failure.
That
was
the
case
until
the
advent
of
cloud-based
phone
systems.

Cloud-Based
Phone
System
Failure
Risk
Mitigation

To
avoid
a
single
point
of
failure
for
phone
systems,
cloud-based
phone
systems
have
now
emerged.
The
cloud-based
systems
provide
the
functionality
of
a
tradi-
tional
phone
system
and,
behind
the
scenes,
provide
sys-
tem
replication.

CASE
10-3
RINGCENTRAL
CLOUD-BASED
PHONE
SYSTEM

RingCentral
is
a
cloud-based
phone
system
provider.
It
offers
a
cost-effective
phone
system
solution.
Features
of
RingCentral
include
the
following:

•  Free
nationwide
calling
and
faxing

•  Support
for
existing
phones
and
faxes
as
well
as
Ring-
Central
IP
phones

•  Lets
users
place
calls
from
any
phone,
anywhere,
while
appearing
to
be
made
from
the
usual
office
number

•  Caller
greetings
customized
by
the
time
of
day

•  Fully
customizable
call
forwarding

•  Forwarding
of
voice
mail
and
faxes
to
e-mail

•  A
phone
directory
system
that
helps
callers
locate
personnel

•  Ability
to
let
companies
deliver
music
or
corporate
messaging
to
callers
who
are
on
hold

FIGURE
10­9
presents
the
RingCentral
website.

Exercise
Discuss
the
pros
and
cons
of
using
a
cloud-
based
phone
system
provider.

Web
Resources
For
additional
information
on
Ring-
Central
and
the
company’s
phone
system
solutions,
see
www.CloudBookContent.com/Chapter10/index.html.

FIGURE
10­9
RingCentral
offers
a
fully
functional
cloud-based
phone
system.

Understanding
Service-Level
Agreements

When
you
sign
a
service
agreement
with
a
cloud-based
solution
provider,
your
agreement
will
normally
contain
a
clause
called
a
service­level
agreement
(SLA).
The
SLA
defines
the
level
of
service
that
the
cloud-based
company
must
provide.
Common
components
of
an
SLA
include
MTBF,
uptime
percentage,
throughput,
and
oth-
er
performance
benchmarks.
Before
you
enter
into
an
agreement,
pay
close
attention
to
the
details
of
the
SLA.

Measuring
Business
Impact:
The
Essence
of
Risk
Mitigation

Often
the
process
of
reducing
risk
will
bring
with
it
some
sort
of
cost,
perhaps
for
backups,
system
redundancy,
and
so
on.
As
a
result,
a
business
cannot
always
elimi-

http://www.cloudbookcontent.com/Chapter10/index.html

nate
all
technology
risks.
Instead,
the
IT
staff
must
evalu-
ate
which
risks
are
most
likely
and
which
risks
have
the
greatest
potential
impact
on
the
company
and
its
ability
to
continue
operations.
The
risk
mitigation
process
re-
quires
that
the
IT
staff
balance
risks
and
potential
impacts.

To
start
the
risk
mitigation
process,
make
a
list
of
the
company’s
potential
technology
risks.
Then
estimate
each
risk’s
potential
for
occurrence
and
its
business
con-
tinuity
impact,
as
shown
in
TABLE
10­1.

You
may
want
to
add
a
column
that
estimates
the
cost
to
reduce
the
risk.
In
this
way,
you
can
provide
manage-
ment
with
the
key
factors
they
should
consider
as
they
invest
in
resources
to
reduce
the
company’s
technology
risks.

TABLE
10­1


RISK
OCCURRENCE
PROBABILITY
AND
BUSINESS
CONTINUITY
IMPACT

Risk Occurrence
Probability

Business
Continuity
Impact

User
disk
failure

Medium Low

Server
disk
failure

Low High

Network
failure Low High

Database
failure

Medium High

Phone
system
failure

Low Medium

Server
power
failure

High High

Disaster
Recovery
Plan
Template

Companies
should
have
a
disaster
recovery
plan
(DRP)
in
place
that
details
their
planned
operations.
To
get
started
with
a
DRP,
you
can
use
the
following
tem-
plate
as
a
guide.

COMPANY
NAME:
BUSSINESS
CONTINUITY
AND
DISASTER
RECOVERY
PLAN

PLAN
OVERVIEW

Company
Name
is
taking
steps
to
provide
risk
mitiga-
tion,
business
continuity,
and
disaster
recovery
for
its
in-
formation
technology
and
communications
in-
frastructure.
The
following
sections
detail
the
opera-
tional
plan
and
recommend
responsible
parties.
When
possible,
the
plan
sections
provide
detailed
contact
infor-
mation
for
the
plan’s
responsible
parties
and
stakeholders.

This
plan
is
CONFIDENTIAL
and
is
the
property
of
Company
Name.

PLAN
GOALS
AND
OBJECTIVES

The
goals
of
this
business
continuity
and
disaster
recov-
ery
plan
include
the
following:

•  To
ensure
the
safety
of
all
Company
Name
employees

•  To
provide
the
ability
to
resume
key
business
opera-
tions
quickly
and
safely
within
the
shortest
possible

Desktop
power
failure

High Low

Desktop
failure Low Low

Fire Low High

Flood Low High

amount
of
time
following
a
disaster
or
business
interruption

•  To
mitigate
the
impact
of
a
disaster
to
Company
Name
stakeholders

•  To
reduce
confusion
with
respect
to
operational
steps
and
responsibility
in
the
event
of
a
disaster

DISASTER
OR
EVENT
CATEGORIZATION

The
Company
Name
recovery
plan
addresses
three
types
of
disaster
or
business
interruption
events:

•  Short
term:
A
day
or
less

•  Medium
term:
A
month
or
less

•  Long
term:
A
month
or
more,
with
the
possible
relo-
cation
of
employees
and
facilities

DISASTER
RECOVERY
TEAM

Company
Name
has
assigned
the
following
key
person-
nel
to
the
disaster
recovery
team:

EMERGENCY
CONTACT
INFORMRATION

RISK
IDENTIFICATION

Tornado Hurricane Flood

Hail Earthquake Fire

Power
failure
(server,
desktop)

Phone
system

Database
failure

Disk
(server,
desktop) Theft Disgruntled
employee

Virus Network
failure

System
failure
(desktop,
server)

RISK
ANALYSIS

RISK
MITIGATION

failure (desktop, server)

Risk Occurrence
Probability

Business
Continuity
Impact

User
disk
failure Medium Low

Server
disk
failure

Low High

Network
failure Low High

Database
failure Low High

Phone
system
failure

Low Medium

Server
power
failure

High High

Desktop
power
failure

High Low

Fire Low High

Flood Low High

Virus High High

Risk Mitigation

User
disk
failure

Company
Name
will
back
up
user
disks
to
the
Carbonite
cloud-based
backup
system.

Server
disk
failure

Company
Name
will
use
RAID
systems
for
all
servers
and
will
back
up
the
server
disks
to
the
Carbonite
cloud-based
backup
system.

Network
failure

Company
Name
will
bring
two
Internet
providers
into
each
facility
and
load
balance
the
network
traffic
across
the
shared
bandwidth.

Database
failure

Company
Name
will
replicate
its
existing
database
system to a remote database that resides in the cloud

CHAPTER
SUMMARY

Since
9/11,
a
primary
job
of
corporate
IT
staffs
has
been
to
ensure
the
availability
of
computing
resources
(ap-
plications,
files,
and
even
phone
systems)
not
only
on
a
day-to-day
basis,
but
also
in
the
event
of
a
crisis
or
nat-
ural
disaster.
Business
continuity
refers
to
the
policies,
procedures,
and
actions
taken
by
an
organization
to
en-
sure
the
availability
of
critical
business
functions
to
em-
ployees,
customers,
and
other
key
stakeholders.
Disaster
recovery
describes
the
steps
a
business
will
take
to
restore
operations
in
the
event
of
a
disaster
(fire,
flood,
hurricane,
tornado,
or
other
event).
By
integrating
cloud-
based
solutions,
many
companies
have
significantly
re-
duced
the
cost
of
their
business
continuity
programs
while
simultaneously
reducing
potential
risks.

KEY
TERMS

Business
continuity

Disaster
recovery
plan
(DRP)

failure system
to
a
remote
database
that
resides
in
the
cloud
and
will
implement
an
automatic
failover.

Phone
system
failure

Company
Name
will
tie
all
company
cell
phones
to
the
RingCentral
cloud-based
phone
system.

Server
power
failure

Company
Name
will
colocate
a
replicated
copy
of
its
servers
within
a
cloud-based
PaaS
facility
and
will
use
load
balancing
to
share
traffic
between
the
two.
Company
Name
will
implement
an
automatic
failover
between
the
servers.

Desktop
power
failure

Company
Name
will
plug
all
desktop
systems
into
UPS
devices.

Fire Company
Name
will
house
its
servers
within
a
cloud-
based
PaaS
provider,
which
will
act
as
fire
suppression.
Company
Name
will
insure
its
desktop
computers
against
loss
from
fire.

Flood Company
Name
will
house
its
servers
within
a
cloud-
based
PaaS
provider
that
does
not
reside
within
a
flood
zone.
Company
Name
will
insure
its
desktop
computers
against
loss
from
flood.

Virus Company
Name
will
install
antivirus
software
on
all
systems,
place
a
firewall
in
front
of
the
network,
and
prevent
users
from
installing
software.

Halon

Mean
time
between
failure
(MTBF)

Redundant
array
of
independent
(or
inexpen­
sive)
disks
(RAID)

Service­level
agreement
(SLA)

Uninterruptible
power
supply
(UPS)

Virus

CHAPTER
REVIEW

1.
Define
and
describe
business
continuity.

2.
Define
and
describe
disaster
recovery.

3.
Discuss
pros
and
cons
of
cloud-based
backup
operations.

4.
Discuss
threats
to
an
IT
data
center
infrastructure
and
provide
cloud-based
solutions
to
mitigate
the
risks.

5.
Create
a
DRP
for
a
company
with
which
you
are
familiar.

chapter
4

Infrastructure as a Service (IaaS)
MANY
COMPANIES
THAT
DEPLOY
applications
to
the
cloud
will
need
a
specific
platform,
such
as
Windows,
.NET,
and
Microsoft
SQL
Server,
or
Linux,
Perl,
and
MySQL.
Utilizing
a
platform
as
a
service
(PaaS)
solution
eliminates
the
company’s
need
to
administer
the
operat-
ing
system
and
supporting
software.
Other
companies,
because
of
security
needs
or
a
desire
to
manage
all
re-
sources,
turn
to
infrastructure
as
a
service
(IaaS)
providers.
An
IaaS
provider
makes
all
of
the
computing
hardware
resources
available;
the
customers,
in
turn,
are
responsible
for
installing
and
managing
the
systems,
which
they
can
normally
do
over
the
Internet.

Learning
Objectives

This
chapter
examines
IaaS
in
detail.
By
the
time
you
fin-
ish
this
chapter,
you
will
be
able
to
do
the
following:

•   Define
and
describe
IaaS
and
identify
IaaS
solution
providers.

•   Define
and
describe
colocation.

•   Define
and
describe
system
and
storage
redundancy.

•   Define
and
describe
cloud-based
network-attached
storage
(NAS)
devices
and
identify
solution
providers.

•   Define
and
describe
load
balancing
and
identify
cloud-
based
solution
providers.

•   Describe
the
pros
and
cons
of
IaaS
solutions.

Understanding
IaaS

Running
a
data
center
is
an
expensive
and
staff-intensive
process.
To
start,
one
must
create
a
facility
with
the
fol-
lowing
capabilities:

•  Access
to
high-speed
and
redundant
Internet
service

•  Sufficient
air
conditioning
to
eliminate
the
heat
gener-
ated
by
servers
and
disk
storage
devices

•  Conditioned
power
with
the
potential
for
uninterrupt-
ed
power
supply
in
the
short
term
and
long
term
through
the
use
of
on-site
diesel-powered
generators

•  Fire
suppression
systems

•  Administrative
staffing
to
support
hardware,
networks,
and
operating
systems

FIGURE
4­1
illustrates
a
typical
data
center
facility.

After
a
company
creates
an
operation
data
center,
it
has
a
second
significant
problem—the
data
center
is
a
single
point
of
failure.
Should
the
data
center
be
damaged
by
fire,
flood,
weather,
or
an
act
of
terrorism,
the
company’s
entire
data
processing
capabilities
will
be
shut
down.

To
reduce
the
risk
of
a
single
point
of
failure,
companies
often
create
a
duplicate
data
center
at
a
remote
location,
as
shown
in
FIGURE
4­2.
Should
one
of
the
data
centers
fail,
the
other
can
immediately
take
over
operations.
Un-
fortunately,
the
second
data
center
will
increase
the
com-
pany’s
costs—essentially
doubling
them—because
there
are
duplicate
servers,
storage
devices,
network
equip-
ment,
Internet
access,
and
staffing.

FIGURE
4­1
Racks
of
servers
within
a
data
center.

FIGURE
4­2
To
eliminate
a
single
point
of
failure,
many
companies
colocate
duplicate
data
centers.

For
many
smaller
companies
with
simpler
data
process-
ing
needs,
a
PaaS
may
eliminate
the
need
for
their
own
data
center.
As
you
will
recall,
a
PaaS
solution
typically
provides
one
or
more
virtual
servers
running
a
specific
operating
system,
as
shown
in
FIGURE
4­3.
Most
PaaS
solutions
eliminate
the
customer’s
need
to
manage
the
operating
system
and
supporting
software.

In
contrast,
larger
companies
or
companies
with
specific
server
needs
may
require
their
own
independent
server
hardware
and
data
storage
devices.
For
such
situations,
IaaS
is
ideal.
An
IaaS
solution
provides
a
customer
with
its
own
hardware
resources.
You
can
think
of
IaaS
as
a
mini
data
center
within
a
large
data
center
facility.
Most
IaaS
providers,
as
shown
in
FIGURE
4­4,
house
data
cen-
ters
for
multiple

companies.
Because
the
IaaS
provider
spreads
the
cost
of
power,
air
conditioning,
fire
suppression,
and
staff
across
multiple
customers,
it
can
normally
offer
pricing
that
beats
what
each
individual
company
would
have
to
pay
for
its
own
facility.

Further,
just
as
with
software
as
a
service
(SaaS)
and
PaaS
solutions,
customers
pay
IaaS
providers
only
for
the
resources
consumed.
Simply
put,
IaaS
solutions
pro-
vide
the
least
expensive
(and
fastest)
way
for
companies
to
launch
a
data
center
or
colocation
facility.

FIGURE
4­3
PaaS
solutions
allow
smaller
companies
to
eliminate
the
need
for
their
own
on-site
data
center.

FIGURE
4­4
IaaS
providers
normally
house
data
cen-
ters
for
many
companies.

Improving
Performance
Through
Load
Balancing

Across
the
web,
sites
experience
a
wide
range
of
network
traffic
requirements.
Sites
such
as
Google,
Yahoo!,
Ama-
zon,
and
Microsoft
experience
millions
of
user
hits
per
day.
To
handle
such
web
requests,
the
sites
use
a
tech-
nique
known
as
load
balancing,
as
shown
in
FIGURE
4­
5,
to
share
the
requests
across
multiple
servers.
For
a
simple
web
page,
a
client’s
web
browser
requests
an
HTML
page
and
then
the
related
graphics,
CSS,
and
JavaScript
files
from
the
web
server,
as
shown
in
FIGURE
4­6.

FIGURE
4­5
Load
balancing
uses
a
server
to
route
traf-
fic
to
multiple
servers
which,
in
turn,
share
the
workload.

When
the
demand
becomes
too
great
for
the
server,
the
company
can
place
a
load-balancing
server
in
front
of
two
or
more
servers
to
which
the
load
balancer
dis-
tributes
the
web
requests.
Load
balancing
for
simple
ap-
plications
is
quite
straightforward
because
either
server
can
handle
all
requests.

When
server-based
applications
become
more
complex,
such
as
accessing
data
within
a
database,
the
developers
must
provide
shared
access
to
the
database.
To
eliminate
a
single
point
of
failure,
companies
often
replicate
copies
of
the
database
on
multiple
servers.
The
database
soft-
ware,
in
turn,
must
then
synchronize
data
updates
across
the
systems,
as
shown
in
FIGURE
4­7.

As
an
alternative,
the
company
may
choose
to
simplify
the
solution
using
a
cloud-based
database
or
a
cloud-
based
network­attached
storage
(NAS)
device,
as
shown
in
FIGURE
4­8.
In
this
way,
the
applications
do
not
need
to
worry
about
the
data
synchronization
and
replication—that
task
is
handled
within
the
cloud.

FIGURE
4­6
A
client
(browser)
typically
makes
multi-
ple
requests
to
a
server
in
order
to
download
the
HTML,
CSS,
JavaScript,
and
page
graphics.

Taking
a
Closer
Look
at
Load
Balancing

To
better
understand
load
balancing,
consider
the
pro-
cessing
that
occurs
when
a
user
visits
a
site
such
as
Ya-
hoo!
To
start,
the
user
types
in
a
domain
name,
such
as
www.yahoo.com.
The
user’s
web
browser,
in
turn,
sends
the
domain
name
to
a
special
server
on
the
web
called
a
domain
name
server
(DNS),
which,
in
turn,
returns
the
site’s
(Yahoo!’s)
Internet
protocol
(IP)
address.
As
shown
in
FIGURE
4­9,
the
browser
in
then
uses
the
IP
address
to
contact
the
server.

http://www.yahoo.com/

FIGURE
4­7
Load-balanced
systems,
for
data
redun-
dancy
purposes,
often
replicate
databases
on
multiple
servers.
Each
database,
in
turn,
will
send
data
updates
to
the
other
to
maintain
data
synchronization
between
the
servers.

FIGURE
4­8
Using
a
cloud-based
NAS
device
and
a
cloud-based
database
to
handle
database
replication
and
load
balancing.

When
a
site
uses
load
balancing,
the
IP
address
returned
by
the
DNS
might
correspond
to
the
load-balancing
server.
When
the
load
balancer
receives
the
browser
re-
quest,
it
simply
sends
the
request
to
one
of
the
servers
on
a
round-robin
basis.
If
demand
on
the
site
increases,
ad-
ditional
servers
can
be
added,
to
which
the
load
balancer
can
distribute
requests.
Using
a
similar
technique,
most
IaaS
solutions
provide
on-demand
scaling
and
load
balancing.

FIGURE
4­9
Web
browsers
use
the
IP
address
they
re-
ceive
from
a
DNS
to
access
a
server
on
the
web.

System
and
Storage
Redundancy

One
of
the
greatest
benefits
of
cloud-based
computing
is
that
it
does
not
matter
where
the
physical
computing
re-
sources
and
data
storage
devices
are
located.
As
a
result,
companies
often
employ
duplicate
off-site
servers
or
disk
storage
devices
through
a
process
known
as
colocation.
As
shown
in
FIGURE
4­10,
by
employing
duplicate
re-
sources,
systems
can
fail
over
from
one
location
to
an-
other
or
they
can
use
the
duplicate
systems
for
load
balancing.

In
this
way,
the
colocated
resources
accomplish
the
following:

•  Makes
the
company
less
susceptible
to
fire,
acts
of
God,
and
terrorism

•  Improves
performance
through
a
distributed
workload

•  Makes
the
company
less
susceptible
to
downtime
due
to
power
loss
from
a
blackout
or
brownout

Over
the
past
few
years,
the
low-cost
options
offered
by
IaaS
providers
have
made
hardware
redundancy
a
must-have
item
for
companies
that
rely
on
the
availabili-
ty
of
key
applications
and
data.
Likewise,
by
leveraging
cloud-based
NAS
devices
and
cloud-based
database
sys-
tems,
companies
can
also
easily
replicate
their
data,
as
shown
in
FIGURE
4­11.

IaaS
providers
allow
companies
to
add
servers,
proces-
sors,
and
RAM
to
their
applications
on
demand.
FIGURE
4­12
shows
an
administrator
window
that
allows
an
ap-
plication
administrator
to
select
the
resources
the
appli-
cation
needs—scaling
resources
up
or
down.
Further,
IaaS
providers
can
also
scale
resource
allocation
up
or
down
automatically.
Customers,
in
turn,
pay
only
for
the
resources
they
require.

FIGURE
4­10
Companies
use
colocated
computing
re-
sources
for
system
failover
or
load
balancing.

FIGURE
4­11
Using
cloud-based
NAS
devices
and
cloud-based
databases,
companies
can
replicate
key
data
within
the
cloud.

FIGURE
4­12
Using
an
administrator
menu
to
allocate
application
resources.

CASE
4-1
RACKSPACE
IAAS

Rackspace
has
emerged
as
one
of
the
largest
players
in
the
IaaS
market.
Rackspace
offers
a
set
of
solutions
that
include
cloud
hosting,
managed
hosting
(including
24/7
data-centerlike
management),
and
hybrid
solutions
that
combine
the
cloud
and
managed
services.

Within
minutes,
from
the
Rackspace
website
an
adminis-
trator
can
select
a
solution
that
deploys
from
1
to
50
servers.
Larger
configurations
are
available.
Today
Rack-
space
offers
cloud-based
solutions
to
hundreds
of
thou-
sands
of
clients.
Rackspace
houses
its
data
centers
at
very
large
facilities
located
around
the
world.

With
respect
to
the
cloud,
Rackspace
offers
pay-as-you-
go
scalability,
with
on-demand
storage
and
load
balanc-
ing.
Beyond
cloud
hosting,
Rackspace
provides
solutions
for
cloud-based
e-mail,
Exchange
hosting,
file
sharing,
backups,
and
collaboration.

Rackspace
storage
on
demand
is
provided
through
a
ser-
vice
called
Cloud
Files,
a
high-performance
file
system
that
provides
very
inexpensive
redundant
storage.
The
Cloud
Files
system
was
developed
using
OpenStack,
a
new
open
source
software
initiative
for
building
private
and
public
clouds.
The
goal
of
OpenStack
is
to
create
a
massively
scalable
cloud
operating
system
to
accomplish
the
following:

•  Leverage
open
standards
to
produce
an
environment
less
susceptible
to
vendor
lock
in
(a
situation
in
which
a
customer
cannot
easily
move
from
an
existing
vendor)

•  Increase
industry-wide
cloud
standards

•  Provide
a
platform
that
leverages
performance
and
flexibility

Exercise
Assume
your
company
is
planning
to
release
a
new
.NET-based
website.
The
company’s
developers
esti-
mate
the
application
will
require
10
servers
to
manage
the
workload.
Visit
the
Rackspace
website
and
recom-
mend
a
solution
for
the
company
(you
can
use
physical
servers,
virtual
servers,
or
a
combination
of
both).
What
start-up
and
monthly
costs
should
your
company
expect?

Web
Resources
For
additional
information
on
Rack-
space
and
OpenStack,
see
www.CloudBookContent.com/Chapter04/index.html.

Utilizing
Cloud­Based
NAS
Devices

Chapter
6,
Data
Storage
in
the
Cloud,
examines
cloud-
based
data
storage
and
database
systems
in
detail.
The
chapter
also
presents
several
solution
providers.
For
now,
you
should
understand
that
companies
can
move
their
data
storage
to
the
cloud
in
a
number
of
ways.
One
of
the
most
innovative
disk
storage
solutions
utilizes
cloud-based
NAS
devices,
which
present
devices
and
ap-
plications
as
mountable
drives
and
file
systems.
Normal-
ly
customers
can
scale
their
cloud-based
storage
on
de-
mand
and
pay
only
for
the
storage
they
consume.

FIGURE
4­13
Cloud-based
NAS
devices
present
cloud-
based
storage
as
mountable
devices,
which
may
be
repli-
cated
in
the
cloud
to
meet
a
company’s
data
redundancy
needs.

http://www.cloudbookcontent.com/Chapter04/index.html

As
shown
in
FIGURE
4­13,
some
cloud-based
NAS
de-
vices
provide
behind-the-scenes
data
replication
for
data
redundancy
needs.

CASE
4-2
NIRVANIX
IAAS

Nirvanix
provides
a
wide
range
of
cloud
solutions,
from
public,
private,
and
hybrid
clouds
to
backup
and
off-site
storage
and
CloudNAS,
which
is
a
cloud-based
NAS
so-
lution.
As
shown
in
FIGURE
4­14,
CloudNAS
is
a
high-
performance,
scalable,
secure,
cloud-based
file
system
that
supports
Linux-
and
Windows-based
applications.

By
supporting
both
the
Common
Internet
File
Sys­
tem
(CIFS)
and
the
Network
File
System
(NFS),
CloudNAS
seamlessly
integrates
into
existing
ap-
plications.
In
general,
CloudNAS
does
not
require
pro-
gramming
or
the
development
of
an
application
program
interface
(API).

Exercise
Within
the
cloud,
IaaS
providers
offer
a
variety
of
ways
for
users
and
applications
to
access
storage.
Dis-
cuss
the
importance
of
having
a
cloud-based
mountable
storage
device.

Web
Resources
For
additional
information
on
Nir-
vanix
and
CloudNAS,
see
www.CloudBookContent.com/Chapter04/index.html.

FIGURE
4­14
The
Nirvanix
IaaS
provides
cloud-based
NAS,
which
is
accessible
through
the
CloudNAS
file
system.

Advantages
of
IaaS
Solutions

In
the
simplest
sense,
IaaS
is
the
process
of
providing
the
hardware
necessary
to
run
an
application.
By
utilizing
IaaS
solutions,
companies
eliminate
the
need
to
house
and
maintain
expensive
data
centers.
Unlike
PaaS,
which

http://www.cloudbookcontent.com/Chapter04/index.html

also
manages
and
administers
the
operating
system
and
support
software,
an
IaaS
solution
requires
the
customer
to
manage
all
software
and
take
responsibility
for
main-
taining
system
updates.
Advantages
of
using
an
IaaS
so-
lution
include
the
following:

•  Elimination
of
an
expensive
and
staff-intensive
data
center

•  Ease
of
hardware
scalability

•  Reduced
hardware
cost

•  On-demand,
pay-as-you-go
scalability

•  Reduction
of
IT
staff

•  Ad
hoc
test
environments
suitability

•  Complete
system
administration
and
management

Server
Types
Within
an
IaaS
Solution

Within
an
IaaS
environment,
customers
can
acquire
one
or
more
servers.
As
shown
in
FIGURE
4­15,
these
servers
fall
under
one
of
three
types:

•  Physical
server:
Actual
hardware
is
allocated
for
the
customer’s
dedicated
use.

•  Dedicated
virtual
server:
The
customer
is
allocated
a
virtual
server,
which
runs
on
a
physical
server
that
may
or
may
not
have
other
virtual
servers.

•  Shared
virtual
server:
The
customer
can
access
a
virtual
server
on
a
device
that
may
be
shared
with
other
customers.

An
IaaS
physical
server
solution
allocates
one
or
more
physical
servers
to
the
customer.
The
servers
will
not
be
shared
with
other
customers.
The
physical
server,
be-
cause
it
is
not
shared
by
others,
will
be
more
expensive.
However,
the
customer
will
have
complete
control
over
the
system.

A
dedicated
virtual
server
solution
allocates
to
a
cus-
tomer
one
or
more
virtual
servers,
which,
as
discussed
in
Chapter
8,
Virtualization,
runs
on
a
server
that
has
spe-
cial
software
installed
to
allow
it
to
run
multiple
operat-

ing
systems
(which
do
not
have
to
be
the
same).
Each
op-
erating
system
is
protected
from
others
on
the
server
and
often
can
be
configured
by
the
customer.
The
virtual
server
is
used
by
only
one
customer,
which,
again,
will
result
in
a
slightly
higher
cost
per
month.

FIGURE
4­15
Within
an
IaaS
environment,
customers
can
allocate
various
server
types.

A
shared
virtual
server
solution
allocates
a
shared
virtual
server
to
a
customer.
The
server
may,
for
example,
pro-
vide
web
server
capabilities
to
multiple
users.
The
cus-
tomer
cannot
configure
the
shared
virtual
server.

CASE
4-3
LAYERED
TECH
IAAS

Layered
Tech
supports
grid,
virtualization,
and
cloud
computing
platforms.
With
Layered
Tech
solutions
cus-
tomers
can
quickly
launch
cloud-based
applications,
sat-
isfy
backup
and
remote
storage
requirements,
or
utilize
high-security,
high-availability
servers.

Layered
Tech
provides
traditional
cloud-based
services,
such
as
dedicated
servers,
virtual
servers,
and
managed
server
solutions.
In
addition,
Layered
Tech
provides
large-scale
enterprise
solutions,
such
as
hosting,
coloca-
tion,
and
virtualization.

If
a
client
performs
e-commerce
operations,
Layered
Tech
provides
a
Payment
Card
Industry
(PCI)-compliant
hosting
system.
By
examining
the
PCI
Data
Security
Standard
(DSS),
you
can
gain
considerable
insight
into
cloud-based
security
issues.
For
more
information
on
the

PCI
DSS,
visit
the
PCI
Security
Standards
Council
web-
site
at
www.pcisecuritystandards.org.

Exercise
Many
cloud-based
sites
implement
e-com-
merce
operations.
Discuss
the
purpose
of
and
some
of
the
standards
involved
in
the
PCI
standards.

Web
Resources
For
additional
information
on
Layer
Tech
and
PCI
standards,
see
www.CloudBookContent.-
com/Chapter04/index.html.

CHAPTER
SUMMARY

Smaller
companies
that
deploy
applications
to
the
cloud
typically
use
a
specific
platform,
such
as
Windows,
.NET,
and
Microsoft
SQL,
or
Linux,
Perl,
and
MySQL.
Compa-
nies
that
use
a
PaaS
solution
eliminate
the
need
to
ad-
minister
the
operating
system
and
supporting
software.
Larger
companies,
because
of
security
needs
or
a
desire
to
manage
all
resources,
turn
to
IaaS
providers,
which
make
all
of
the
computing
hardware
resources
available
but
leave
the
customer
responsible
for
installing
and
managing
the
systems.
This
can
normally
be
done
over
the
Internet.
You
can
think
of
an
IaaS
solution
as
a
turnkey
remote
data
center.

KEY
TERMS

CloudNAS

Colocation

Common
Internet
File
System
(CIFS)

Load
balancing

Network­attached
storage
(NAS)

Network
File
System
(NFS)

Redundancy

CHAPTER
REVIEW

1.
Define
and
describe
IaaS.

2.
Define
and
describe
system
redundancy.
Discuss
how
you
might
use
IaaS
to
implement
a
redundancy
plan.

Official PCI Security Standards Council Site

http://www.cloudbookcontent.com/Chapter04/index.html

3.
Define
and
describe
load
balancing.
Discuss
how
you
might
use
IaaS
to
implement
load
balancing.

4.
Define
and
describe
NAS.
Assume
you
must
imple-
ment
a
shared
file
system
within
the
cloud.
What
compa-
ny
would
you
select?
Why?
What
costs
should
your
client
expect
to
pay
for
cloud-based
data
on
a
gigabyte
(GB)
basis?

5.
Define
and
describe
colocation.
Discuss
how
you
might
use
IaaS
to
implement
colocation.

6.
Compare
and
contrast
a
cloud-based
disk
storage
de-
vice
(with
a
file
system)
with
a
cloud-based
database.

7.
Compare
and
contrast
physical,
dedicated
virtual,
and
shared
virtual
servers.
Search
the
web
for
companies
that
provide
each.
What
cost
should
a
customer
expect
to
pay
for
each?

chapter
5

Identity as a Service (IDaaS)
TODAY,
WITHIN
MOST
COMPANIES,
users
must
log
in
to
a
variety
of
different
systems
in
order
to
per-
form
various
tasks.
Some
of
the
systems
may
be
cloud
based,
some
may
be
based
on
local
servers,
and
some
may
be
accessible
through
different
devices.
The
chal-
lenge
of
having
multiple
servers
to
access
is
that
users
must
remember
and
manage
multiple
username
and
password
combinations.
Further,
if
an
employee
leaves
the
company,
the
IT
staff
must
coordinate
with
the
hu-
man
resources
department
to
ensure
that
each
of
the
user’s
accounts
has
been
disabled.
User
identity
manage-
ment
(ID
management)
is
difficult,
time
consuming,
and
expensive.
Over
the
past
few
years,
companies
have
be-
gun
to
emerge
to
provide
identity
(or
identification)
as
a
service
(IDaaS),
or
cloud-based
ID
management.

Learning
Objectives

This
chapter
examines
cloud-based
ID
management
in
detail.
By
the
time
you
finish
this
chapter,
you
will
be
able
to
do
the
following:

•   Describe
challenges
related
to
ID
management.

•   Describe
and
discuss
single
sign-on
(SSO)
capabilities.

•   List
the
advantages
of
IDaaS
solutions.

•   Discuss
IDaaS
solutions
offered
by
various
companies.

Understanding
Single
Sign­On
(SSO)

As
discussed,
business
users
today
must
log
in
to
a
vari-
ety
of
applications,
which
may
reside
on
many
different
servers.
The
users,
therefore,
must
manage
numerous
username
and
password
combinations.
To
simplify
user
access
to
multiple
systems,
many
companies
now
use
single
sign­on
(SSO)
software,
which,
as
shown
in
FIGURE
5­1,
requires
the
user
to
sign
on
only
one
time.
Behind
the
scenes,
the
SSO
software
manages
the
user’s
access
to
other
systems.

The
advantages
of
SSO
software
include
the
following:

•  Fewer
username
and
password
combinations
for
users
to
remember
and
manage

•  Less
password
fatigue
caused
by
the
stress
of
managing
multiple
passwords

•  Less
user
time
consumed
by
having
to
log
in
to
individ-
ual
systems

•  Fewer
calls
to
help
desks
for
forgotten
passwords

•  A
centralized
location
for
IT
staff
to
manage
password
compliance
and
reporting

The
primary
disadvantage
of
SSO
systems
is
the
poten-
tial
for
a
single
source
of
failure.
If
the
authentication
server
fails,
users
will
not
be
able
to
log
in
to
other
servers.
Thus,
having
a
cloud-based
authentication
server
with
system
redundancy
reduces
the
risk
of
sys-
tem
unavailability.

Understanding
How
SSO
Works

Although
different
implementations
of
SSO
exist,
many
solutions
employ
a
secure
ticket.
When
a
user
logs
in
to
the
authentication
server,
he
or
she
is
given
a
secure
tick-
et.
Later,
when
the
user
accesses
a
server,
that
server,
in
turn,
validates
the
ticket
with
the
authentication
server.
The
authentication
server,
as
shown
in
FIGURE
5­2,
not
only
confirms
that
the
user
is
authorized
to
use
the
server,
but
may
also
provide
the
user’s
access
rights
that
are
specific
to
that
server.

FIGURE
5­1
An
SSO
system
lets
a
user
log
in
to
a
sys-
tem
one
time
and
then
move
freely
among
related
servers
and
applications
without
having
to
authenticate
him-
or
herself
each
time.

Step
1:
User
logs
into
the
authentication
server
using
a
username
and
password

Step
2:
The
authentication
server
returns
the
user’s
ticket

Step
3:
User
sends
the
ticket
to
the
intranet
server

Step
4:
Intranet
server
sends
the
ticket
to
the
authentica-
tion
server

Step
5:
Authentication
server
sends
the
user’s
security
credentials
for
that
server
back
to
the
intranet
server

FIGURE
5­2
SSO
systems
often
assign
authenticated
users
a
ticket,
which
the
software
presents
behind
the
scenes
to
the
servers
that
the
user
accesses.
Each
server
can
use
the
ticket
to
determine
the
user’s
access
rights
on
that
particular
server.

If
an
employee
leaves
the
company,
the
IT
staff
need
only
disable
the
user
at
the
authentication
server
in
order
to
disable
the
user’s
access
to
all
systems.

Understanding
Federated
Identity
Management

As
you
examine
SSO
solutions,
you
may
encounter
the
term
federated
identity
management
(FIDM).
In
short,
FIDM
describes
the
technologies
and
protocols
that
combine
to
enable
a
user
to
bring
security
creden-

tials
across
different
security
domains
(different
servers
running
potentially
different
operating
systems).
Behind
the
scenes,
many
FIDM
systems
use
the
Security
As­
sertion
Markup
Language
(SAML)
to
package
a
user’s
security
credentials,
as
shown
in
FIGURE
5­3.
For
specifics
on
SAML,
visit
the
SAML
website
at
www.sam-
l.xml.org.

FIGURE
5­3
SAML
allows
software
to
package
user
se-
curity
credentials.

Understanding
Account
Provisioning

In
many
companies,
when
an
employee
is
hired
the
hu-
man
resources
department
sends
an
e-mail
to
the
IT
staff,
who
creates
a
user
account
for
the
employee.
Some-
time
during
the
employee’s
first
week,
his
or
her
manag-
er
will
decide
that
the
employee
needs
to
access
other
systems.
The
manager
will
send
additional
e-mails
to
the
IT
staff
requesting
various
account
access.
The
process
of
creating
a
user
account
on
a
system
is
called
account
provisioning.
As
you
might
guess,
because
different
employees
may
need
different
capabilities
on
each
sys-
tem,
the
provisioning
process
can
be
complex.

When
an
employee
leaves
the
company,
a
deprovisioning
process
must
occur
to
remove
the
user’s
accounts.
Unfor-
tunately,
the
IT
staff
is
not
always
immediately
informed
that
an
employee
no
longer
works
for
the
company,
or
the
IT
staff
misses
a
server
account
and
the
user
may
still
have
access
to
one
or
more
systems.

CASE
5-1
PING
IDENTITY
IDAAS

Ping
Identity
provides
cloud-based
ID
management
soft-
ware
that
supports
FIDM
and
user
account
provisioning.
The
company’s
website
provides
an
excellent
article
called
“The
4
A’s
of
Cloud
Identity,”
which
are
as
follows:

http://www.saml.xml.org/

•  Authentication:
The
process
of
determining
and
val-
idating
a
user
for
on-site
as
well
as
cloud-based
solutions.

•

Authorization:
The
process
of
determining
and
spec-
ifying
what
the
user
is
allowed
to
do
on
each
server.

•  Account
management:
The
process
of
synchroniz-
ing
user
accounts
by
provisioning
and
deprovisioning
access.

•

Audit
logging:
The
process
of
tracking
which
ap-
plications
users
access
and
when.
To
perform
its
ID
man-
agement,
Ping
Identity
makes
extensive
use
of
SAML.

Exercise
Discuss
the
importance
of
the
audit
logging
process
within
an
IDaaS
solution.

Web
Resources
For
additional
information
on
Ping
Identity
and
SAML,
see
www.CloudBookContent.com/Chapter05/index.html.

 

CASE
5-2
PASSWORDBANK
IDAAS

PasswordBank
provides
an
IDaaS
solution
that
supports
on-site
and
cloud-based
system
access.
Its
FIDM
service
supports
enterprise-wide
SSO
(E-SSO)
and
SSO
for
web-
based
applications
(WebSSO).
The
PasswordBank
solu-
tions
perform
the
FIDM
without
the
use
of
SAML.
Pass-
wordBank
solutions
support
a
myriad
of
devices,
includ-
ing
the
iPhone.

Exercise
Within
the
cloud,
some
IDaaS
providers
use
SAML
to
package
a
user’s
security
credentials,
and
some
do
not.
Discuss
the
arguments
for
and
against
using
SAML.

Web
Resources
For
additional
information
on
Pass-
wordBank,
see
www.CloudBookContent.com/Chapter05/index.html.

Understanding
OpenID

For
companies
to
support
FIDM
across
autonomous
sys-
tems,
the
security
policies
and
protocols
must
be
open.
OpenID
allows
users
to
use
an
existing
account
to
log
in
to
multiple
websites.
Today,
more
than
1
billion
OpenID

http://www.cloudbookcontent.com/Chapter05/index.html

http://www.cloudbookcontent.com/Chapter05/index.html

accounts
exist
and
are
accepted
by
thousands
of
web-
sites.
Companies
that
support
OpenID
include
Google,
Yahoo!,
Flickr,
Myspace,
WordPress.com,
and
more.
For
companies,
the
advantages
of
using
OpenID
include
the
following:

•  Increased
site
conversion
rates
(rates
at
which
cus-
tomers
choose
to
join
websites)
because
users
do
not
need
to
register

•  Access
to
greater
user
profile
content

•  Fewer
problems
with
lost
passwords

•  Ease
of
content
integration
into
social
networking
sites

FIGURE
5­4
From
the
OpenID
website,
you
can
create
your
own
OpenID
username
and
password,
which
you
can
then
use
to
access
thousands
of
websites.

For
more
information
on
OpenID,
or
to
get
your
own
OpenID
username
and
password,
visit
the
OpenID
web-
site
at
www.openid.net,
as
shown
in
FIGURE
5­4.

Mobile
ID
Management

Every
day
employees
access
e-mail
and
other
business
applications
through
handheld
devices.
More
and
more
business
applications
support
mobile
device
interfaces.
The
challenge
for
developers
today
is
not
only
getting
content
to
the
mobile
device,
but
also
securing
the
de-
vice.
Threats
to
mobile
devices
include
the
following:

CASE
5-3
SYMPLIFIED
IDAAS

http://wordpress.com/

http://www.openid.net/

Symplified
provides
ID
management
solutions
for
on-
site
and
cloud-based
applications.
The
solutions
support
a
variety
of
device
types,
such
as
mobile
devices.
Sympli-
fied
solutions
support
SAML
and
non-SAML-based
ap-
plications,
which
significantly
extends
the
company’s
product
reach.
Symplified’s
key
products
include:

•

Symplified
Access
Manager:
This
compliance
tool
provides
on-demand
web
access
management
for
access
control
and
audit
of
software
as
a
service
(SaaS),
private
cloud,
and
public
cloud
applications.

•

Symplified
Identity
Manager:
This
account
man-
agement
tool
provides
user
account
support
for
on-site
and
SaaS
solutions.

•

SinglePoint:
This
platform
as
a
service
(PaaS)
solu-
tion
provides
a
cloud-based
platform
for
deploying
ID
management,
with
the
following
capabilities:

•
Access
control

•
Authentication

•
Auditing

•
Federation

•
Provisioning
and
user
management

•
Support
for
portals

Exercise
Symplified
provides
IDaaS
solutions
for
on-
site
and
cloud
operations.
Discuss
the
additional
require-
ments
and
challenges
of
implementing
a
solution
for
cloud-based
applications
over
on-ground
applications.

Web
Resources
For
additional
information
on
Sympli-
fied
and
the
company’s
IDaaS
solutions,
see
www.Cloud-
BookContent.com/Chapter05/index.html.

•  Identity
theft
if
a
device
is
lost
or
stolen

•  Eavesdropping
on
data
communications

•  Surveillance
of
confidential
screen
content

•  Phishing
of
content
from
rogue
sites

http://www.cloudbookcontent.com/Chapter05/index.html

•  Man-in-the-middle
attacks
through
intercepted
signals

•  Inadequate
device
resources
to
provide
a
strong
securi-
ty
implementation

•  Social
attacks
on
unaware
users
that
yield
identity
information

CHAPTER
SUMMARY

To
accomplish
a
wide
range
of
tasks,
users
must
often
log
in
to
a
variety
of
different
systems.
Today
some
of
the
systems
may
be
cloud
based
and
some
may
reside
on
lo-
cal
servers.
Further,
users
often
access
servers
(and
their
services)
through
different
devices.
Requiring
users
to
access
multiple
servers
means
that
users
must
often
re-
member
and
manage
multiple
username
and
password
combinations.
To
reduce
this
burden
on
users
as
well
as
the
IT
staff
who
must
help
retrieve
forgotten
passwords,
many
companies
now
use
a
technique
called
SSO.
Users
log
in
to
a
central
authorization
server
that,
in
turn,
uses
a
ticket
that
grants
users
access
to
other
specific
servers
without
requiring
them
to
log
in
again.
In
this
way,
users
must
remember
only
one
username
and
password.

If
an
employee
leaves
the
company,
the
IT
staff
need
only
disable
the
user’s
account
on
the
centralized
authoriza-
tion
server
in
order
to
shut
down
the
user’s
access
to
all
other
servers.

User
ID
management
is
difficult,
time
consuming,
and
expensive.
To
address
the
challenges
and
cost
of
user
management,
many
companies
are
turning
to
IDaaS
so-
lutions
that
reside
in
the
cloud.

KEY
TERMS

Federated
identity
management
(FIDM)

Identity
(or
identification)
as
a
service
(IDaaS)

Provisioning

Security
Assertion
Markup
Language
(SAML)

Single
sign­on
(SSO)

CHAPTER
REVIEW

1.
Define
and
describe
SSO.

2.
Define
and
describe
IDaaS.

3.
Define
SAML
and
describe
its
purpose.

4.
Define
and
describe
provisioning.

5.
Define
and
describe
FIDM.

6.
List
factors
that
make
mobile
ID
management
difficult.

chapter
6

Data Storage in the Cloud
CHAPTER
4,
“INFRASTRUCTURE
AS
a
Service
(IaaS),”
examined
the
process
of
using
a
service
provider’s
servers
and
data
storage
equipment.
Within
the
IaaS
model,
the
customer
is
responsible
for
installing
and
maintaining
the
software
that
runs
on
the
platform.
Chapter
4
introduced
the
use
of
cloud-based
data
storage
and
databases.

Learning
Objectives

This
chapter
will
examine
cloud-based
storage
in
detail.
By
the
time
you
finish
this
chapter,
you
will
be
able
to
do
the
following:

•   Discuss
the
role
of
storage-area
networks.

•   Discuss
the
role
of
network-attached
storage.

•   Describe
cloud-based
storage
solutions.

•   List
the
pros
and
cons
of
cloud-based
storage.

•   Describe
cloud-based
database
solutions.

•   List
the
pros
and
cons
of
cloud-based
databases.

•   Describe
specific
cloud-based
data
storage
solutions
such
as
backups
and
encrypted
file
storage.

•  Provide
an
example
of
an
industry-specific
cloud-based
storage
solution.

Examining
the
Evolution
of
Network
Storage

Years
ago,
local-area
networks
used
special
servers,
called
file
servers,
to
support
file
sharing,
file
replication,
and
storage
for
large
files.
As
shown
in
FIGURE
6­1,
the
file
server
was
a
server
on
the
network
with
large
disk
ca-
pacity
that
users
could
use
to
store
and
retrieve
files.
Over
time,
operating
systems,
specifically
the
file
sys­
tem
within
the
operating
system,
evolved
to
allow
users
and
applications
to
open
files
directly
on
the
file
server.

FIGURE
6­1
Local-area
networks
had
one
or
more
file
servers
that
users
could
access
across
the
network
to
store
and
retrieve
files.

As
computer
networks
evolved,
the
file
server
was
ex-
tended
through
the
use
of
storage­area
networks
(SANs),
which,
as
shown
in
FIGURE
6­2,
could
make
one
or
more
storage
devices
appear
to
be
directly
con-
nected
to
the
network.
Behind
the
scenes,
the
devices
were
actually
connected
to
SAN
hardware
through
the
use
of
network
cables.
Software
running
within
the
SAN
device
made
the
devices
appear
directly
accessible
to
the
rest
of
the
network.

As
storage
demands
continued
to
increase—as
did
disk
storage
capacities—network-attached
storage
(NAS)
de-
vices
emerged,
which,
as
shown
in
FIGURE
6­3,
plug
di-
rectly
into
the
network.

The
advantages
of
SANs
include
the
following:

•  Reliability:
A
NAS
device
typically
provides
advanced
data
striping
across
multiple
volumes
within
the
device.
If
one
(or
more)
volumes
fail,
the
data
striping
would
maintain
the
data
and
allow
reconstruction
of
the
file
contents.

•  Performance:
Because
a
NAS
device
does
not
run
a
complete
operating
system,
the
hardware
has
less
system
overhead,
which
allows
it
to
outperform
a
file
server.

FIGURE
6­2
SANs
allowed
administrators
to
connect
various
storage
devices
to
a
computer
network.

FIGURE
6­3
NAS
devices
are
disk
volumes
that
plug
directly
into
the
network.

•  Compatibility:
NAS
devices
normally
support
com-
mon
file
systems,
which,
in
turn,
make
them
fully
com-
patible
with
common
operating
systems.

•  Ease
of
performing
backups:
NAS
devices
are
commonly
used
for
backup
devices.
Within
a
home,
for
example,
all
devices
can
easily
access
and
back
up
files
to
a
NAS
device.

Understanding
Cloud­Based
Data
Storage

Cloud-based
data
storage
is
the
next
step
in
the
evolution
of
NAS
devices.
Across
the
web
(the
cloud),
many
providers
offer
data
storage
that
resides
in
the
cloud.
De-
pending
on
your
access
needs,
the
data
may
be
accessible
as
follows:

•  Through
a
web
browser
interface
that
lets
you
move
files
to
and
from
the
storage
area
using
a
variety
of
devices

CASE
6-1
HOMEPIPE
REMOTE
FILE
ACCESS

Many
users
now
rely
on
cloud-based
storage
to
provide
them
with
access
to
files
from
anywhere
at
any
time,
of-
ten
with
any
device.
Despite
that,
users
still
encounter
situations
when
the
file
they
need
resides
on
a
computer
at
their
home
or
office—often
because
they
made
a
last-
minute
change
and
forgot
to
upload
the
file
to
the
cloud.
That’s
where
HomePipe
comes
to
rescue.
HomePipe
is
a
program
that
lets
users
access
files
on
their
own
system
from
anywhere
on
the
web.
Further,
HomePipe
supports
file
access
from
a
variety
of
devices.
And
beyond
that,
HomePipe
makes
it
easy
for
you
to
share
specific
files
with
other
users.
FIGURE
6­4
illustrates
the
use
of
HomePipe
to
access
files
on
a
remote
system
using
a
web
browser.

Exercise
Compare
and
contrast
the
use
of
HomePipe
with
that
of
a
tool
such
as
GoToMyPC.

Web
Resources
For
more
information
on
HomePipe,
see
www.CloudBookContent.com/Chapter06/index.html.

FIGURE
6­4
Using
HomePipe
to
access
files
from
a
sys-
tem
across
the
Internet.

•  Through
a
mounted
disk
drive
that
appears
locally
to
your
computer
as
a
disk
drive
letter
or
mounted
file
system

•  For
application
developers,
the
storage
area
may
present
itself
through
a
set
of
application
program
inter-
face
(API)
calls

CASE
6-2
ZUMODRIVE
CLOUD-BASED
STORAGE

ZumoDrive
provides
cloud-based
storage
that
is
scalable
to
meet
customer
needs.
The
company
lets
a
customer
get
started
at
no
charge
and
provides
sufficient
space
to
store
a
considerable
number
of
documents.
The
files
that
are
stored
on
ZumoDrive
are
accessible
from
a
variety
of
devices.
From
their
own
PC,
customers
can
use
the
web
interface
shown
in
FIGURE
6­5
to
move
files
to
or
from
ZumoDrive.

In
addition,
you
can
map
a
drive
letter
to
your
ZumoD-
rive
storage
and
the
access
your
cloud-based
files
as
you
would
files
from
your
local
system.
FIGURE
6­6
shows
ZumoDrive
as
drive
Z
within
Windows
Internet
Explorer.

http://www.cloudbookcontent.com/Chapter06/index.html

Exercise
Discuss
why
a
user
may
need
access
to
cloud-
based
storage
from
a
variety
of
device
types.

Web
Resources
For
more
information
on
ZumoDrive,
see
www.CloudBookContent.com/Chapter06/index.html.

FIGURE
6­5
ZumoDrive
provides
a
web
interface
that
lets
users
easily
move
files
to
or
from
their
ZumoDrive
storage
from
any
device.

FIGURE
6­6
ZumoDrive
lets
users
map
a
logical
drive
letter
to
their
cloud-based
storage
area.

Advantages
and
Disadvantages
of
Cloud­Based
Data
Storage

Cloud-based
data
storage
provides
the
following
advantages:

http://www.cloudbookcontent.com/Chapter06/index.html

•  Scalability:
Most
cloud-based
data
storage
providers
let
you
scale
your
storage
capacity
(up
or
down)
to
align
with
your
storage
needs.

•  Pay
for
use:
With
most
cloud-based
data
storage
fa-
cilities,
users
pay
only
for
the
storage
(within
a
range)
that
they
need.

•  Reliability:
Many
cloud-based
data
storage
facilities
provide
transparent
data
replication.

•  Ease
of
access:
Most
cloud-based
data
storage
facili-
ties
support
web-based
access
to
files
from
any
place,
at
any
time,
using
a
variety
of
devices.

•  Ease
of
use:
Many
cloud-based
data
storage
solutions
let
users
map
a
drive
letter
to
the
remote
file
storage
area
and
then
access
the
files
through
the
use
of
a
logical
drive.

Disadvantages
of
cloud-based
storage
include
the
following:

•  Performance:
Because
the
cloud-based
disk
storage
devices
are
accessed
over
the
Internet,
they
will
never
be
as
fast
as
local
drives.

•  Security:
Some
users
will
never
feel
comfortable
with
their
data
in
the
cloud.

•  Data
orphans:
Users
may
abandon
data
in
cloud
storage
facilities,
leaving
confidential
private
or
company
data
at
risk.

CASE
6-3
DROPBOX
CLOUD-BASED
FILE
SHARING
AND
SYNCHRONIZATION

Most
users
today
manage
their
content
on
a
variety
of
devices.
Dropbox
is
a
cloud-based
storage
facility
for
photos,
documents,
and
other
digital
content.
After
you
download
and
install
Dropbox,
your
system
will
have
a
user-level
Dropbox
folder,
as
shown
in
FIGURE
6­7.

When
you
place
a
file
into
the
Dropbox
folder
(either
by
cutting
and
pasting,
dragging
and
dropping,
or
saving),
a
copy
of
the
file
is
automatically
saved
to
the
Dropbox
cloud
storage
facility.
If
you
later
need
to
access
the
file
from
another
computer,
you
can
simply
log
in
to
your

Dropbox
account
on
the
web,
and,
as
shown
in
FIGURE
6­8,
your
files
will
be
accessible
through
your
browser.

Dropbox
also
makes
it
very
easy
for
users
to
share
files.
If,
for
example,
you
place
a
file
within
the
Dropbox
Pub-
lic
folder,
you
can
then
send
a
link
to
other
users,
which
they
can
use
to
access
the
file.
Dropbox
supports
a
vari-
ety
of
devices.
Also,
Dropbox
lets
users
try
the
software
free
of
charge
and
provides
them
with
ample
storage
space
to
get
started.

Exercise
Discuss
the
benefits
of
having
web-based
ac-
cess
to
a
cloud
storage
area.

Web
Resources
For
more
information
on
Dropbox,
see
www.CloudBookContent.com/Chapter06/index.html.

FIGURE
6­7
Users
can
easily
drag
and
drop
files
to
the
Dropbox
file
folder
structure.

http://www.cloudbookcontent.com/Chapter06/index.html

FIGURE
6­8
Dropbox
users
can
access
their
files
through
the
web,
from
any
device.

 

CASE
6-4
MICROSOFT
SKYDRIVE

Cloud-based
data
storage
systems
allow
users
to
access
their
documents
from
any
place
at
any
time.
Given
Mi-
crosoft’s
presence
within
software
as
a
service
(SaaS)
and
platform
as
a
service
(PaaS)
solutions,
you
might
expect
them
to
have
a
significant
presence
within
cloud-based
storage—and
you
would
be
right.
Microsoft
SkyDrive
provides
cloud-based
data
storage.
Through
the
Sky-
Drive
web
interface,
you
can
drag
and
drop
files
to
and
from
the
cloud,
as
shown
in
FIGURE
6­9.

What
makes
SkyDrive
special
is
that
if
the
PC
from
which
you
are
accessing
the
files
does
not
have
Microsoft
Office
installed,
SkyDrive
lets
you
launch
Word,
Excel,
and
PowerPoint
documents
within
Microsoft
Office
Web
Apps,
as
shown
FIGURE
6­10.

Exercise
Discuss
the
need
for
a
company
to
have
a
poli-
cy
covering
the
types
of
documents
employees
can
store
within
the
cloud.

Web
Resources
For
more
information
on
SkyDrive,
see
www.CloudBookContent.com/Chapter06/index.html.

http://www.cloudbookcontent.com/Chapter06/index.html

FIGURE
6­9
Using
the
SkyDrive
web
interface
to
access
cloud-based
files.

FIGURE
6­10
Using
Microsoft
Office
Web
Apps
to
ac-
cess
cloud-based
documents
within
SkyDrive.

 

CASE
6-5
MOUNTING
CLOUD
DEVICES
USING
GLADINET

As
you
have
learned,
most
cloud-based
data
storage
fa-
cilities
provide
a
drag-and-drop
user
interface
that
you
can
use
to
move
files
to
and
from
the
cloud.
Some
cloud
storage
systems
also
let
you
access
your
files
using
a
logi-
cal
disk
drive
letter,
treating
the
cloud-based
files
as
if
they
reside
on
a
disk
drive
that
is
local
to
your
system.

Gladinet
provides
software
you
can
use
to
mount
many
cloud-based
data
storage
services
as
a
drive
letter.
FIG­
URE
6­11,
for
example,
shows
Microsoft
SkyDrive
mounted
using
a
drive
letter.
In
this
way,
you
can
access
the
SkyDrive-based
files
just
as
you
would
any
files
on
your
system.

Exercise
Discuss
what
it
means
to
mount
a
storage
de-
vice
and
the
importance
of
being
able
to
do
so.

Web
Resources
For
more
information
on
Gladinet,
see
www.CloudBookContent.com/Chapter06/index.html.

FIGURE
6­11
Mounting
a
SkyDrive
file
system
using
Gladinet.

Getting
Past
the
Fear
of
Cloud­Based
Data

As
discussed,
one
of
the
disadvantages
of
cloud-based
data
storage
is
that
some
users
simply
do
not
feel
com-
fortable
placing
their
data
within
the
cloud.
One
ap-
proach
to
such
user
apprehension
is
to
encrypt
the
files
that
you
place
on
the
cloud.
Several
companies
offer
soft-
ware
that
will
encrypt
and
decrypt
files
on
the
fly,
as
they
are
sent
to
and
retrieved
from
the
cloud.

CASE
6-6
BOXCRYPTOR
CLOUD-BASED
FILE
ENCRYPTION

http://www.cloudbookcontent.com/Chapter06/index.html

BoxCryptor
is
a
software
tool
that
encrypts
and
decrypts
cloud-based
files
on
a
file-by-file
basis.
When
you
install
BoxCryptor,
the
installation
process
will
create
a
folder
within
your
cloud-based
folder
on
your
system
and
will
map
a
drive
letter
to
that
folder.
When
you
use
the
drive
letter
to
store
a
file,
BoxCryptor
will
encrypt
the
file
and
place
the
encrypted
contents
on
the
cloud.
When
you
lat-
er
retrieve
the
file,
BoxCryptor
will
decrypt
the
file
on
the
fly.
If
a
hacker
gains
access
to
your
cloud
storage,
the
en-
crypted
file’s
contents
will
be
unusable,
as
shown
in
FIG­
URE
6­12.

Exercise
Discuss
your
level
of
confidence
that
files
re-
siding
in
the
cloud
are
secure.

Web
Resources
For
more
information
on
BoxCryptor,
see
www.CloudBookContent.com/Chapter06/index.html.

http://www.cloudbookcontent.com/Chapter06/index.html

FIGURE
6­12
Encrypted
BoxCryptor
files
within
the
cloud.

 

CASE
6-7
MOZY
CLOUD-BASED
BACKUPS

Mozy
provides
cloud-based
backups
for
personal
and
business
users.
Mozy
provides
an
encrypted
backup
and
runs
without
the
need
for
user
intervention
on
Windows-
and
Mac-based
systems.
Mozy
has
existed
as
a
company
since
2005
and
has
millions
of
customers
worldwide.
FIGURE
6­13
shows
a
Mozy
screen
with
which
you
select
files
for
your
backup
set.

Exercise
Discuss
the
pros
and
cons
of
cloud-based
file
backups.

Web
Resources
For
more
information
on
Mozy,
see
www.CloudBookContent.com/Chapter06/index.html.

FIGURE
6­13
Selecting
files
for
backup
within
Mozy.

Cloud­Based
Backup
Systems

In
Chapter
2,
Software
as
a
Service
(SaaS),
you
exam-
ined
the
Carbonite
cloud-based
backup
software.
Several
companies
provide
cloud-based
backup
capabilities.
The
features
that
most
companies
provide
are
similar:

•  Files
are
backed
up
in
an
encrypted
format.

•  Users
can
schedule
when
backup
operations
are
to
occur.

•  Users
can
easily
retrieve
backup
files
from
the
cloud.

•  Most
systems
support
Windows,
Linux,
and
Mac
OS.

Understanding
File
Systems

Operating
systems
exist
to
allow
users
to
run
programs
and
to
store
and
retrieve
data
(files)
from
one
user
ses-
sion
to
the
next.
Within
the
operating
system,
special
software,
called
the
file
system,
oversees
the
storage
and
retrieval
of
files
to
and
from
a
disk.
When
you
copy
a
file,
delete
a
file,
or
create
and
move
files
between
folders,
the
file
system
is
performing
the
work.

http://www.cloudbookcontent.com/Chapter06/index.html

Initially,
file
systems
allowed
users
to
manipulate
only
local
files
that
reside
on
one
of
the
PC’s
disk
drives.
As
networks
became
more
prevalent,
so
too
did
network
op-
erating
systems,
which
allow
users
and
programs
to
ma-
nipulate
files
residing
on
a
device
across
the
network.
A
cloud
file
system
(CFS)
allows
users
or
applications
to
directly
manipulate
files
that
reside
on
the
cloud.

CASE
6-8
ORACLE
CLOUD
FILE
SYSTEM

Oracle
is
one
of
the
world’s
leading
database
solution
providers.
Oracle
has
on-site
and
cloud-based
database
solutions.
In
addition,
Oracle
offers
a
cloud-based
file
system
that
users
can
use
to
store
and
retrieve
files
that
will
reside
outside
of
the
database.
As
shown
in
FIGURE
6­14,
the
Oracle
Cloud
File
System
resides
above
cloud-
based
storage
devices
and
supports
Windows-
and
Lin-
ux-based
applications.

The
advantages
of
Oracle’s
Cloud
File
System
include
the
following:

FIGURE
6­14
Oracle
provides
a
cloud-based
file
system
that
is
accessible
by
Windows
and
Linux.

 

•  Snapshot­based
file
recovery:
Files
can
be
recov-
ered
to
a
specific
data
snapshot
that
allows
simpler
fallback.

•

File
group
by
tagging:
Users
can
associate
one
or
more
files
via
a
tag
name
grouping
for
subsequent
group-
based
file
operations,
such
as
replication.

•

File
replication:
Key
files
can
be
replicated
across
multiple
volumes.

•

Access­control­based
security:
Administrators
can
finely
control
access
to
specific
files
via
access
con-
trol
lists.

•

Encryption:
The
Oracle
Cloud
File
System
supports
file-by-file,
directory,
or
file
system
encryption.

Exercise
Explain
the
process
of
snapshots
and
how
it
may
be
important
to
an
application
developer.

Web
Resources
For
more
information
on
the
Oracle
Cloud
File
System,
see
www.CloudBookContent.com/Chapter06/index.html.

 

CASE
6-9
APACHE
HADOOP
DISTRIBUTED
FILE
SYSTEM

Apache
Hadoop
is
an
open
source
project,
the
goal
of
which
is
to
support
reliable,
scalable
distributed
comput-
ing.
Part
of
the
project
includes
the
Hadoop
Distributed
File
System
(HDFS),
a
Java-based
file
system
that
is
well
suited
for
cloud-based
storage.
HDFS
is
designed
to
be
highly
fault
tolerant
and
robust
to
maintain
operation
in
the
event
of
a
device
failure.
For
specifics
on
HDFS,
visit
http://hadoop.apache.org/hdfs.

Exercise
Discuss
the
features
of
Hadoop
that
make
it
well
suited
for
a
cloud-based
file
system.

Web
Resources
For
more
information
on
the
Hadoop
system,
see
www.CloudBookContent.com/Chapter06/in-
dex.html.

Today
several
cloud
file
systems
are
emerging
that
allow
users
and
programs
to
manipulate
files
residing
in
the
cloud.

Industry­Specific
Cloud­Based
Data
Storage

Across
different
industries,
groups
have
different
data
storage
and
access
requirements.
The
healthcare
indus-
try,
for
example,
is
working
to
standardize
secure
elec-
tronic
medical
records,
which,
as
shown
in
FIGURE
6­15,
will
be
accessible
from
the
cloud
by
a
variety
of
medical
facilities.

http://www.cloudbookcontent.com/Chapter06/index.html

http://hadoop.apache.org/hdfs

http://www.cloudbookcontent.com/Chapter06/index.html

FIGURE
6­15
In
the
future,
healthcare
data
will
be
ac-
cessible
in
real
time
to
a
wide
range
of
medical
facilities,
some
on-ground
and
some
mobile.

CASE
6-10
MICROSOFT
HEALTHVAULT

Microsoft
HealthVault
provides
a
secure
storage
facility
within
which
people
can
store
their
medical
records,
pre-
scriptions,
and
even
measurements
from
a
variety
of
medical
devices.
People
can
use
Microsoft
HealthVault
to
track
their
own
medical
records
or
those
of
family
mem-
bers
for
whom
they
assist
with
medical
care.
After
you
store
records
within
Microsoft
HealthVault,
you
can
e-
mail
a
link
to
a
physician,
other
healthcare
personnel,
or
a
family
member
to
grant
access
to
all
or
specific
records.
You
can
also
set
an
expiration
date
that
removes
an
indi-
vidual’s
access.
FIGURE
6­16
shows
the
Microsoft
HealthVault
home
page.

Exercise
Discuss
potential
risks
of
placing
your
health
data
within
the
cloud.

Web
Resources
For
more
information
on
HealthVault,
see
www.CloudBookContent.com/Chapter06/index.html.

http://www.cloudbookcontent.com/Chapter06/index.html

FIGURE
6­16
Microsoft
HealthVault
lets
users
store
medical
records
within
the
cloud.

Cloud­Based
Database
Solutions

Many
PaaS
solutions
include
support
for
a
database,
such
as
Microsoft
SQL
Server
or
MySQL.
Often
these
database
solutions
connect
to
a
cloud-based
server,
as
shown
in
FIGURE
6­17,
and,
as
such,
can
be
considered
a
cloud-based
database.

A
better
definition
of
a
cloud-based
database,
however,
is
a
database
that
can
be
used
not
only
by
applications
that
reside
(are
hosted)
in
the
cloud,
but
also
by
applications
that
reside
within
the
customer’s
on-site
data
center,
as
shown
in
FIGURE
6­18.

FIGURE
6­17
A
cloud-based
database
provided
with
a
PaaS
solution.

Advantages
of
cloud-based
database
solutions
include
the
following:

•  Cost­effective
database
scalability:
Cloud-based
databases
can
scale
dynamically
to
meet
customer
needs
on
a
pay-as-you-go
basis.

•  High
availability:
Cloud-based
database
systems
normally
reside
on
redundant
hardware,
which
results
in
high
system
uptime.

•  High
data
redundancy:
Cloud-based
databases
are
normally
replicated
behind
the
scenes
to
increase
data
availability.

•  Reduced
administration:
The
cloud-based
data-
base
provider
maintains
the
database
version
updates
and
patches.

FIGURE
6­18
A
cloud-based
database
should
be
acces-
sible
by
systems
across
the
web.

The
disadvantages
of
cloud-based
databases
include
the
following:

•  Data
security
concerns:
Some
users
still
do
not
feel
comfortable
storing
a
database
system
in
the
cloud.

•  Performance:
Because
data
queries
may
travel
the
Internet,
the
cloud-based
database
access
will
not
be
as
fast
as
a
local
database
solution.

CASE
6-11
MICROSOFT
SQL
AZURE

Microsoft
SQL
Azure
is
a
cloud-based
database
solution
that
supports
not
only
Windows
Azure
PaaS,
but,
as
shown
in
FIGURE
6­19,
on-site
applications
as
well.
As
you
would
expect,
SQL
Azure
provides
scalability,
data-
base
replication,
load
balancing,
and
automatic
server
failover.

Exercise
Discuss
the
steps
a
developer
must
perform
to
connect
to
an
SQL
Azure
database.

Web
Resources
For
more
information
on
SQL
Azure,
see
www.CloudBookContent.com/Chapter06/index.html.

FIGURE
6­19
SQL
Azure
is
a
cloud-based
database
that
supports
local
(PaaS
server-based
access)
and
remote
ap-
plication
access.

 

CASE
6-12
AMAZON
CLOUD-BASED
DATABASE
SOLUTIONS

As
discussed
in
Chapter
1,
Introducing
Cloud
Comput­
ing,
Amazon
is
one
of
the
leading
providers
of
cloud-
based
hosting
solutions.
To
meet
developer
demands
for
cloud-based
database
storage
solutions,
Amazon
pro-
vides
two
key
solutions:

•  Amazon
Relational
Database
Service
(Amazon
RDS):
A
web
service
that
makes
available
the
capabili-
ties
of
MySQL
and
Oracle
through
API
web
service
calls

•

Amazon
SimpleDB:
A
scalable,
nonrelational
data
store
in
which
developers
can
quickly
store
and
query

http://www.cloudbookcontent.com/Chapter06/index.html

data
items
using
API-driven
web
service
calls

Exercise
Discuss
reasons
why
Amazon
chose
to
support
MySQL
and
Oracle
databases.

Web
Resources
For
more
information
on
the
Amazon
database
solutions,
see
www.CloudBookContent.com/Chapter06/index.html.

 

DATABASE.COM
CLOUD-BASED
DATABASE

Database.com
provides
applications
with
access
to
a
cloud-based
database
through
a
library
of
API
calls.
All
access
to
the
underlying
database
is
via
developer-writ-
ten
code.
Database.com
does
not
provide
a
user
interface
to
the
database—instead,
its
focus
is
on
the
database
itself:

•

Administration:
Database.com
administers
all
as-
pects
of
the
database.

•

Performance
tuning:
Database.com
monitors
and
manages
the
overall
database
performance.

•

Scalability:
Database.com
can
scale
a
solution
up
or
down
dynamically
to
meet
user
demands.

•

Backups:
Database.com
manages
data
backups
and
redundancy.

•

Disaster
recovery:
Database.com
provides
redun-
dant
hardware
and
storage
to
reduce
the
risk
of
a
disaster.

Developers
create
applications
that
call
the
Database.-
com
API
using
a
variety
of
programming
languages,
in-
cluding
C#,
Java,
Perl,
PHP,
Ruby,
and
more.

Exercise
Discuss
the
pros
and
cons
of
restricting
data-
base
access
to
developers
using
an
API.

Web
Resources
For
more
information
on
Database.-
com,
see
www.CloudBookContent.com/Chapter06/in-
dex.html.

Cloud­Based
Block
Storage

http://www.cloudbookcontent.com/Chapter06/index.html

http://database.com/

http://database.com/

http://database.com/

http://database.com/

http://database.com/

http://database.com/

http://database.com/

http://database.com/

http://database.com/

http://database.com/

http://www.cloudbookcontent.com/Chapter06/index.html

In
the
simplest
sense,
a
block
of
data
storage
is
a
fixed-
sized
sequence
of
bits.
The
size
of
the
block
normally
cor-
responds
to
an
underlying
unit
of
storage
on
the
cloud­
based
block
storage
device.
Some
applications
work
with
very
large
blocks
of
data,
the
format
of
which
has
meaning
only
to
the
application
itself—meaning
that
the
data
may
not
map
well
to
storage
within
a
file
system
or
database.
To
support
applications
with
large
data
block
needs,
Amazon
provides
the
Amazon
Elastic
Block
Store
(EBS),
a
highly
reliable,
scalable,
and
available
block
storage
solution.
EBS
supports
block
sizes
up
to
a
terabyte.

The
data
within
the
EBS
is
simply
a
collection
of
bits.
To
manage
the
block
data
in
a
meaningful
way,
developers
may
need
to
create
their
own
file
system.
In
this
way,
the
applications
that
use
the
cloud-based
block
storage
are
in
complete
control
of
the
data
contents.

CLOUD
DATA
MANAGEMENT
INTERFACE
(CDMI)

The
Storage
Networking
Industry
Association
(SNIA)
is
a
not-for-profit
association
consisting
of
members
from
hundreds
of
companies
that
share
the
goal
of
standardiz-
ing
data
storage
solutions.
SNIA
is
working
on
the
Cloud
Data
Management
Interface
(CDMI),
which
defines
the
behind-the-scenes
functional
interface
that
applications
will
use
to
create,
retrieve,
update,
and
delete
cloud-based
data
items.

A
goal
of
CDMI
is
that
cloud-based
storage
facilities
be
discoverable
to
applications.
This
means
that
ap-
plications
can
query
the
facility
for
the
data
services
it
provides.
In
addition,
CDMI
is
setting
the
stage
for
meta-
data
assignment
to
data
items
that
will
be
key
to
the
de-
velopment
of
Web
3.0
semantic
capabilities.

Exercise
Discuss
the
role
of
metadata
within
cloud-
based
data
storage.

Web
Resources
For
more
information
on
the
CDMI,
see
www.CloudBookContent.com/Chapter06/index.html.

CHAPTER
SUMMARY

Within
PaaS
and
IaaS
solutions,
customers
often
take
advantage
of
provider-based
disk
storage
solutions.
In
some
cases,
users
don’t
need
cloud-based
processing
ca-

http://www.cloudbookcontent.com/Chapter06/index.html

pabilities,
but
rather
scalable
and
replicated
data
storage
solutions.
In
such
cases,
users
and
applications
can
ac-
cess
cloud-based
data
storage
and
cloud-based
database
systems.
In
some
cases
local
(on-site)
applications
may
access
the
cloud-based
storage,
and
in
other
cases
the
applications
may
also
reside
in
the
cloud.
This
chapter
examined
a
variety
of
cloud-based
data
storage
solutions.
As
you
learned,
many
of
the
data
storage
providers
in-
clude
a
web-based
user
interface
that
lets
users
access
files
anywhere
at
any
time,
often
with
any
device.
Fur-
ther,
some
systems
allow
users
to
mount
the
remote
stor-
age
area
using
a
logical
disk
drive
to
which
they
can
refer
as
they
would
any
local
disk
drive
letter.

KEY
TERMS

Cloud­based
block
storage
device

Cloud
Data
Management
Interface
(CDMI)

Cloud
file
system
(CFS)

File
system

Storage­area
network
(SAN)

CHAPTER
REVIEW

1.
Define
and
describe
a
SAN.

2.
Define
and
describe
NAS.

3.
Describe
how
cloud-based
data
storage
works.

4.
Assume
that
you
must
select
a
cloud-based
data
stor-
age
solution
for
your
company.
List
the
factors
you
would
consider
when
selecting
a
vendor.

5.
Many
users
do
not
yet
feel
comfortable
storing
data
within
the
cloud.
Discuss
some
steps
you
can
take
to
re-
duce
their
concerns.

6.
Assume
that
you
must
select
a
cloud-based
data
stor-
age
solution
for
your
company.
List
the
factors
you
would
consider
when
selecting
a
vendor.

7.
List
the
pros
and
cons
of
cloud-based
data
storage.

8.
List
the
pros
and
cons
of
a
cloud-based
database.

chapter
7

Collaboration in the Cloud
IT
WASN’T
ALWAYS
A
good
thing
when
people
at
a
meeting
were
said
to
have
their
heads
in
the
clouds.
To-
day,
however,
cloud-based
meetings
and
cloud-based
collaboration
tools
are
some
of
the
information
technolo-
gy
industry’s
hottest
items.
What
began
as
web-based
e-
mail
has
exploded
to
include
cloud-based
conference
meetings,
face-to-face
voice
over
Internet
protocol
phone
calls
on
virtually
any
device,
document
sharing,
and
streaming
media
content.

Learning
Objectives

This
chapter
examines
cloud-based
collaboration
in
de-
tail.
By
the
time
you
finish
this
chapter,
you
will
be
able
to
do
the
following:

•   Define
and
describe
collaboration.

•   Define
and
describe
cloud-based
collaboration.

•   List
the
benefits
of
cloud-based
collaboration.

•   List
and
describe
cloud-based
tools
for
document
sharing.

•   List
questions
that
one
should
consider
with
respect
to
cloud-based
collaboration
tools.

•  Discuss
the
potential
uses
of
cloud-based
streaming
media,
from
presentations
to
TV.

Collaborating
in
the
Clouds

In
the
simplest
sense,
collaboration
is
the
process
of
two
or
more
people
working
together
to
achieve
a
result
(a
goal).
For
years,
teams
would
meet
in
conference
rooms
to
collaborate.
Depending
on
the
scope
and
im-
portance
of
the
project,
some
team
members
would
fly
in
for
face-to-face
meetings.
Those
team
members
who
could
not
attend
would
call
in
to
the
speakerphone,
which
was
strategically
placed
at
the
center
of
the
confer-
ence
table.

FIGURE
7­1
The
cloud
provides
team
members
with
a
variety
of
tools
with
which
they
can
collaborate.

With
the
advent
of
the
cloud
has
come
a
vast
collection
of
distributed
or
remote
collaboration
tools,
as
shown
in
FIGURE
7­1.

Questions
to
Ask
About
Collaborative
Tools

Regardless
of
the
collaborative
technology
you
are
con-
sidering,
there
is
a
common
set
of
questions
you
should
consider:

Can
the
solution
scale
to
meet
the
organization’s
future
needs?

•  Is
the
solution
secure?

•  What
are
the
solution’s
start-up
and
operational
costs?

•  How
will
the
solution
impact
the
company’s
IT
staffing
and
resource
requirements?

•  What
are
the
solution’s
learning
curve
and
training
requirements?

FIGURE
7­2
Most
web-based
applications
today,
such
as
Google
Gmail,
support
computer-based
and
handheld
devices.

Web­Based
Collaboration
Began
with
Web
Mail

One
of
the
first
tools
for
collaboration
on
the
web
(it
wasn’t
always
known
as
the
cloud)
was
web
mail.
Using
only
a
web
browser,
users
could
access
their
e-mail
from
any
computer
at
any
time.
Today
web
mail
has
evolved
to
support
access
from
a
wide
range
of
devices.
FIGURE
7­
2a
and
FIGURE
7­2b,
for
example,
show
Google
Gmail
from
within
a
computer
and
an
iPhone.

CASE
7-1
MICROSOFT
EXCHANGE
ONLINE

Many
companies
today
use
Microsoft
Exchange
to
meet
their
e-mail
and
calendar-management
needs.
Microsoft
Exchange
Online
moves
Exchange
from
the
data
center
into
the
cloud.
The
advantages
of
Microsoft
Exchange
Online
include
the
following:

•  Users
can
access
their
e-mail
and
calendar-manage-
ment
tools
from
any
place,
at
any
time,
with
any
device.

•  Microsoft
manages
the
Exchange
Online
software,
keeping
software
versions
and
patches
up
to
date.

•  Companies
maintain
full
control
over
user
e-mail
settings.

•  Users
have
virtually
unlimited
e-mail
storage,
elimi-
nating
the
need
to
move
messages
to
an
archive
folder.

Exercise
Discuss
pros
and
cons
of
a
company
hosting
its
Exchange
server
within
the
cloud.

Web
Resources
For
more
information
on
Microsoft
Exchange
Online,
see

www.CloudBookContent.com/Chapter07/index.html.

Instant
Messaging
Isn’t
What
It
Used
to
Be

For
years,
users
took
advantage
of
instant
messaging
(IM)
to
send
a
short
message
to
another
user
outside
of
e-mail
or
to
have
a
text-based
real-time
chat.
There
is
no
cost
for
IM,
and
the
user
with
whom
one
was
chatting
could
reside
in
the
next
cubicle
or
across
the
globe.
To-
day
many
companies
still
rely
on
IM
to
provide
text-
based
technical
support.
FIGURE
7­3
shows
a
text-based
chat
within
Windows
Live
Messenger.

Over
time,
IM
tools
have
expanded
to
support
file
shar-
ing
and
even
face-to-face
video.
FIGURE
7­4
shows
a
video-based
IM
session.

FIGURE
7­3
The
IM
text-based
interaction
provided
one
of
the
web’s
early
forms
of
collaboration.

http://www.cloudbookcontent.com/Chapter07/index.html

FIGURE
7­4
IM
tools
have
grown
from
a
text-based
medium
for
message
exchange
to
support
audio
and
video
streaming.

CASE
7-2
SKYPE
VOICE
OVER
INTERNET
PROTOCOL
(VOIP
)
MESSAGING

It
used
to
be
that
users
around
the
globe
could
have
text-
based
chats
in
real
time
using
IM.
Skype
changed
the
computer
communications
playing
field
when
it
used
voice
over
Internet
protocol
(VoIP)
to
let
users
place
phone
calls
over
the
web.
Using
Skype,
computer
users
can
make
face-to-face
calls,
as
shown
in
FIGURE
7­
5.

Skype
then
enhanced
its
services
to
allow
users
to
make
calls
from
a
computer
to
a
traditional
phone
or
mobile
phone.
In
fact,
using
Skype,
mobile
users
can
call
each
other
to
talk
face
to
face.
Further,
as
shown
in
FIGURE
7­
6,
Skype
has
expanded
its
services
to
support
group-
based
conference
calling.

Exercise
Discuss
advantages
and
disadvantages
to
us-
ing
VoIP
to
drive
a
company’s
phone
system.

Web
Resources
For
more
information
on
Skype,
see
www.CloudBookContent.com/Chapter07/index.html.

http://www.cloudbookcontent.com/Chapter07/index.html

FIGURE
7­5
Skype
leverages
VoIP
to
allow
users
to
place
face-to-face
or
audio-only
calls
over
the
Internet.

FIGURE
7­6
Using
Skype
to
place
VoIP-based
confer-
ence
calls.

Cloud­Based
Phone
and
Fax
Systems

Although
faxing
is
becoming
(or
has
become)
an
ancient
technology,
businesses
still
must
be
able
to
send
and
re-
ceive
a
fax.
Fortunately,
cloud-based
companies
have
made
the
process
of
sending
and
receiving
a
fax
as
easy
as
sending
and
receiving
an
e-mail
message.
In
this
way,
no
matter
where
you
are,
or
which
device
you
have,
you
can
easily
send
and
receive
a
fax.

CASE
7-3
MYFAX
FAXES
ANYWHERE,
ANYTIME

MyFax
is
one
of
several
companies
that
have
made
the
faxing
process
very
easy
for
those
without
a
fax
machine
or
a
land-based
phone
line.
After
you
sign
up
for
MyFax,
you
will
receive
a
phone
number
that
corresponds
to
your
virtual
fax
machine.
When,
as
shown
in
FIGURE
7­7,
someone
sends
a
fax
to
you,
MyFax
sends
the
fax
con-
tents
to
your
e-mail
as
a
PDF
file.
In
this
way,
you
can
re-
ceive
your
faxes
any
time,
any
place,
with
any
device.

To
send
a
fax,
you
simply
e-mail
the
document
to
your
MyFax
account.
Software
at
MyFax,
in
turn,
will
send
the
document’s
contents
to
the
recipient’s
fax
machine
(or
virtual
fax
account).

Exercise
Discuss
the
potential
cost
savings
to
a
compa-
ny
for
using
cloud-based
faxing.

Web
Resources
For
more
information
on
MyFax,
see
www.CloudBookContent.com/Chapter07/index.html.

FIGURE
7­7
Cloud-based
fax
services
deliver
faxes
as
PDF
documents
to
a
user’s
e-mail.

For
years
companies
have
relied
on
expensive
phone
sys-
tems
to
manage
employee
calls
and
group-based
confer-
ence
calls.
Today,
with
most
employees
in
possession
of
a
cell
phone,
most
phone
operations
can
be
controlled
by
software.
In
fact,
several
companies
now
provide
cloud-
based
phone
systems
that
will
record
and
optionally
transcribe
voice
messages
and
send
the
corresponding
text
to
a
user’s
e-mail
as
a
PDF
document.

CASE
7-4
GOOGLE
VOICE
PHONE
SYSTEM

Many
people
don’t
like
to
give
out
their
cell
phone
num-
bers
to
businesses
or
to
strangers.
A
great
solution
is
to
create
a
Google
Voice
account,
which
provides
a
cloud-
based
answering
system
and
voice
mail.
You
can
also
di-
rect
Google
Voice
to
forward
calls
to
your
cell
phone,
and

http://www.cloudbookcontent.com/Chapter07/index.html

if
a
caller
leaves
a
voice
mail,
Google
Voice
will
transcribe
the
voice
content
into
text.
Later,
from
any
device,
you
can
retrieve
your
recorded
voice
message
or
view
the
message
transcript,
as
shown
in
FIGURE
7­8.
Also,
Google
Voice
is
free!

Exercise
Discuss
the
advantages
of
using
a
cloud-based
phone
system
for
personal
or
company
use.

Web
Resources
For
more
information
on
Google
Voice,
see
www.CloudBookContent.com/Chapter07/in-
dex.html.

FIGURE
7­8
Google
Voice
provides
you
with
a
virtual
phone
account
that
you
can
forward
to
your
phone.
You
can
receive
voice
messages
or
direct
Google
Voice
to
transcribe
the
voice
messages
as
text.

Revisiting
File
Sharing

In
Chapter
6,
Data
Storage
in
the
Clouds,
you
learned
that
most
cloud-based
data
storage
providers
allow
you
to
share
folders
with
other
users.
Using
the
shared
fold-
er,
you
can
easily
exchange
photos,
documents,
and
oth-
er
digital
content.
In
this
way,
users
do
not
have
to
track
and
later
manage
a
myriad
of
e-mail
attachments.

Within
collaborative
environments,
however,
users
often
need
to
edit
the
same
document,
sometimes
at
the
same
time.
Fortunately,
many
cloud-based
disk
storage
providers
now
facilitate
simultaneous
editing
capabilities.

Editing
Shared
Files
Within
the
Cloud

Depending
on
a
document’s
size,
complexity,
and
project
guidelines,
there
are
times
when
users
will
need
to
edit

http://www.cloudbookcontent.com/Chapter07/index.html

the
contents
of
the
same
document
at
the
same
time.
As
you
might
guess,
depending
how
(and
how
many)
users
are
editing
the
document,
managing
changes
to
the
text
can
be
challenging
for
collaborative
editing
software.
In
other
words,
if
two
users
edit
the
same
section
of
text,
it
becomes
tricky
to
determine
which
user’s
edits
to
apply.

One
of
the
most
popular
Web
2.0
tools
for
document
sharing
is
the
wiki,
which
lets
users
collaborate
on
web-
based
content.
The
best-known
wiki
is
Wikipedia,
the
on-
line
user-content-driven
encyclopedia,
shown
in
FIGURE
7­9.

Using
wiki
software,
users
can
edit
shared
content.
After
the
edits
are
saved,
the
document’s
new
contents
are
dis-
played
on
the
web.
Depending
on
the
wiki
software,
changes
to
text
may
have
to
first
be
approved
by
a
page
moderator;
or
the
wiki
software
may
track
edited
ver-
sions
of
the
content
to
make
it
easy
to
fall
back
to
previ-
ous
content
if
users
choose
to
discard
a
change
or
con-
tent
addition.

Many
wikis
are
public
and
accessible
to
all
users
on
the
web.
Some
wiki
software,
however,
supports
private
con-
tent,
which
is
well
suited
for
company-based
internal
messaging
and
documents.

The
advantages
of
using
a
wiki
for
shared
content
in-
clude
the
following:

•  Any
member
of
the
team
can
add
or
edit
content.

•  Most
users
quickly
learn
how
to
edit
content
within
the
wiki.

•  Team
members
who
edit
the
wiki
content
can
reside
anywhere.

•  The
edits
to
wiki
content
are
immediate.

The
disadvantages
of
using
a
wiki
for
shared
content
in-
clude
the
following:

•  Because
any
member
can
edit
the
content,
wikis
some-
times
contain
errors.

•  Public
wikis
are
often
targets
of
hacking
and
spam.

•  The
wiki’s
free-flowing
format
may
lead
to
disorga-
nized
content.

•  Users
are
often
suspicious
of
wiki
content
validity
and
accuracy.

FIGURE
7­9
Wikipedia
provides
the
largest
collection
of
web-based,
user-contributed,
and
user-edited
content.

CASE
7-5
WIKIA
FREE
WIKI
HOSTING

Getting
started
with
a
wiki
is
very
easy.
To
begin,
you
se-
lect
the
cloud-based
host
at
which
your
wiki
will
reside.
Your
selection
of
a
wiki
site
may
include
such
factors
as
content
versioning,
content
moderator
approval,
support
for
private
content,
and
so
on.
FIGURE
7­10
illustrates
a
wiki
focused
on
cloud
computing,
which
I
created
in
a
matter
of
minutes
using
the
Wikia
editor.

Exercise
Discuss
the
pros
and
cons
of
using
a
wiki
for
online
editing
of
cloud-based
documents.

Web
Resources
For
more
information
on
Wikia,
see
www.CloudBookContent.com/Chapter07/index.html.

FIGURE
7­10
Creating
a
cloud-based
wiki,
which
dis-
cusses
cloud-based
topics
and
uses
free
software
at
Wikia.

 

CASE
7-6
GOOGLE
DOCS
FOR
DOCUMENT
SHARING

Google
Docs
provides
users
with
web-based,
free
access
to
a
word
processor,
spreadsheet,
and
presentation
pro-
gram—yes,
Google
Docs
are
meant
to
compete
directly
with
the
Microsoft
Office
tools.
By
default,
the
docu-
ments
that
you
create
using
Google
Docs
reside
in
the
cloud.
That
said,
you
can
easily
save
your
documents
to
a
local
file
on
your
computer’s
disk,
print
your
documents,
or
share
the
document’s
contents
with
other
Google
Docs
users.
To
share
a
Google
Docs
document,
you
simply
e-
mail
a
link
to
the
document
to
other
users.

FIGURE
7­11,
for
example,
illustrates
a
presentation
on
cloud
computing
that
was
created
using
Google
Docs.
The
user
can
access
the
document
using
various
devices.

Exercise
Discuss
the
pros
and
cons
of
using
Google
Docs
for
business-based
documents.

Web
Resources
For
more
information
on
Google
Docs,
see
www.CloudBookContent.com/Chapter07/index.html.

http://www.cloudbookcontent.com/Chapter07/index.html

http://www.cloudbookcontent.com/Chapter07/index.html

FIGURE
7­11
Accessing
a
cloud-based
Google
Docs
pre-
sentation
from
different
devices.

CASE
7-7
MICROSOFT
OFFICE
WEB
APPS

In
Chapter
2,
Software
as
a
Service
(SaaS),
you
learned
about
Microsoft
Office
365,
which
provides
cloud-based
implementations
of
Word,
PowerPoint,
and
Excel
to
users
for
a
monthly
fee.
Given
the
popularity
of
the
cloud-based
Google
Docs,
Microsoft
responded
with
Mi-
crosoft
Office
Web
Apps—a
scaled-down
version
of
its
office
productivity
tools.
Using
Office
Web
Apps,
you
can,
free
of
charge,
create
a
Word,
PowerPoint,
or
Excel
document;
upload
and
edit
your
existing
documents;
or
share
your
documents
with
other
users
for
viewing
or
editing.
FIGURE
7­12
shows
a
PowerPoint
presentation
created
with
Microsoft
Office
Web
Apps.

To
share
an
Office
Web
Apps
document,
you
simply
e-
mail
a
link
to
the
document
to
another
user.
Depending
on
the
permissions
you
have
set,
the
user
can
view
or
edit
the
document’s
contents.

Exercise
Discuss
the
pros
and
cons
of
a
business
using
Microsoft
Office
Web
Apps
in
lieu
of
licensing
the
com-
plete
Office
suite
for
each
employee.

Web
Resources
For
more
information
on
Microsoft
Office
Web
Apps,
see
www.CloudBookContent.com/Chapter07/index.html.

http://www.cloudbookcontent.com/Chapter07/index.html

FIGURE
7­12
Microsoft
Office
Web
Apps
lets
users
cre-
ate
and
share
(for
simultaneous
editing)
cloud-based
Word,
Excel,
and
PowerPoint
documents.

 

CASE
7-8
MICROSOFT
SHAREPOINT
ONLINE

For
years,
many
companies
have
used
Microsoft
Share-
Point
to
provide
a
centralized
document
repository.
Be-
cause
the
SharePoint
user
interface
is
similar
to
that
of
other
Microsoft
applications,
users
quickly
come
up
to
speed,
and
employees
who
move
from
a
different
compa-
ny
that
uses
SharePoint
have
only
a
small
learning
curve.

In
Chapter
2,
Software
as
a
Service
(SaaS),
you
learned
that
Microsoft
now
makes
its
Office
suite
of
products
available
to
the
cloud
through
Office
365.
Within
Office
365,
Microsoft
includes
SharePoint
Online,
the
cloud-
based
version
of
the
software.

The
advantages
of
Microsoft
SharePoint
Online
include
the
following:

•  Ease
of
sharing
documents

•  Centralized
storage
for
key
team
documents

•  Ease
of
document
searching
and
referencing

•  Support
for
internal
and
external
company
sites

•  Centralized
storage
for
company
reports
and
data

Exercise
Discuss
how
Microsoft
SharePoint
Online
dif-
fers
from
other
web-based
document-sharing
utilities.

Web
Resources
For
more
information
on
Microsoft
SharePoint
Online,
see
www.CloudBookContent.com/Chapter07/index.html.

Collaborating
via
Web
Logs
(Blogs)

With
the
advent
of
Web
2.0,
one
of
the
most
widely
used
communication
tools
has
become
the
web
log,
or
blog.
Blogs
allow
virtually
anyone,
with
little
or
no
web
devel-
opment
experience,
to
easily
publish
content
on
the
web.
Blogs
can
provide
one-way
or
two-way
communication—
that
is,
some
users
post
read-only
content
to
blogs,
while
others
allow
readers
to
comment
on
the
content.
Over
the
past
few
years,
blogs
have
become
so
successful
that
many
newspapers
have
replaced
printed
content
with
digital
blogs.

The
primary
advantages
of
blogs
include
the
following:

•  Blogs
provide
a
device-independent
way
for
content
consumers
to
access
digital
content
using
only
a
web
browser.

•  Users
can
create
and
publish
content
to
a
blog
with
lit-
tle
or
no
web
development
experience.

•  Within
an
organization,
intranet-based
blogs
provide
a
convenient
way
to
disseminate
information.

•  Blogs
provide
an
effective
way
to
collect
feedback
from
readers.

The
disadvantages
of
blogs
include
the
following:

•  Maintaining
a
blog
takes
time.

•  Blogs
can
become
opinion
posts
as
opposed
to
fact
posts.

•  User
feedback
may
not
always
be
positive
and
may
re-
quire
moderation.

Collaborative
Meetings
in
the
Cloud

One
of
the
biggest
cost
savings
to
businesses
due
to
the
cloud
is
the
advent
of
the
virtual
meeting.
Using
sites
such
as
WebEx
and
GoToMeeting,
businesses
can
now
reduce
travel
costs
through
cloud-based
meetings.
Addi-

http://www.cloudbookcontent.com/Chapter07/index.html

tional
benefits
of
cloud-based
meetings
include
the
following:

•  Streaming
video
that
allows
face-to-face
interaction

•  Shared
whiteboards
that
presenters
can
use
to
easily
control
the
presentation
of
PowerPoint,
Word,
Excel,
or
related
documents

•  Accessibility
to
users,
in
most
cases,
through
a
myriad
of
devices

•  Shared
applications
that
let
presenters
easily
demon-
strate
software
live
within
a
controlled
environment

•  The
ability
to
hold
company
training
online
instead
of
on-site

•  The
ability
to
record
meetings
for
playback
at
a
later
time

CASE
7-9
WORDPRESS,
A
LEADING
BLOG
SITE

Creating
a
blog
is
very
easy.
To
start,
you
locate
a
free
blog
hosting
provider
within
the
cloud,
such
as
Word-
Press.
After
you
sign
up,
you
will
have
access
to
a
text
ed-
itor,
which
you
can
use
to
create
your
blog.

Most
blog
providers
offer
a
free
user
account,
which
is
often
advertising
based.
For
a
monthly
fee,
providers
may
eliminate
advertisements,
allow
greater
storage
ca-
pacity,
support
streaming
media
such
as
video,
and
allow
a
user
domain
name.
FIGURE
7­13
shows
a
blog
in
edit
mode
and
the
same
content
within
presentation
mode
at
WordPress.

Exercise
Discuss
the
pros
and
cons
of
using
a
blog
to
present
content
on
behalf
of
a
company.
Discuss
the
type
of
content
for
which
a
blog
may
be
most
appropriate.

Web
Resources
For
more
information
on
WordPress,
see
www.CloudBookContent.com/Chapter07/index.html.

http://www.cloudbookcontent.com/Chapter07/index.html

FIGURE
7­13
Blogs
provide
users
who
have
no
web
de-
velopment
experience
with
the
ability
to
easily
publish
content
on
the
web.

 

CASE
7-10
GOTOMEETING
VIRTUAL
MEETINGS

GoToMeeting
is
one
of
the
leading
providers
of
virtual
meetings.
The
site
offers
a
variety
of
scalable
solutions
that
should
meet
most
organizations’
needs.
Using
Go-
ToMeeting,
companies
can
host
face-to-face
meetings
with
two
users
or
webinars
that
include
1,000
or
more
attendees.
FIGURE
7­14
illustrates
a
virtual
presentation
within
the
GoToMeeting
environment.

Exercise
Discuss
the
pros
and
cons
of
virtual
meetings
in
lieu
of
face-to-face
on-site
meetings.

Web
Resources
For
more
information
on
GoToMeet-
ing,
see
www.CloudBookContent.com/Chapter07/in-
dex.html.

http://www.cloudbookcontent.com/Chapter07/index.html

FIGURE
7­14
Virtual
meetings
allow
companies
to
re-
duce
expensive
travel
while
maintaining
the
benefits
of
face-to-face
interaction.

Virtual
Presentations
and
Lectures

Using
cloud-based
tools
such
as
WebEx
and
GoToMeet-
ing,
companies
can
easily
host
virtual
meetings.
Often
companies
will
also
want
to
place
within
the
cloud
multi-
media
content
that
users
can
access
asynchronously
at
a
time
that
best
meets
the
users’
schedules.
Using
products
such
as
Articulate
or
iSpring
Presenter,
companies
can
record
and
post
cloud-based
virtual
presentations
that
may
be
used
for
marketing,
virtual
training,
and
more.
The
advantages
of
virtual
presentations
include
the
following:

•  The
costs
of
production
and
hosting
for
multimedia
content
are
low.

•  Users
can
play
back
content
at
a
time
that
best
meets
their
needs
and
as
often
as
they
desire.

•  Companies
can
create
a
library
of
virtual
marketing
or
training
presentations.

•  Virtual
presentation
software
is
migrating
to
handheld
devices.

Using
Social
Media
for
Collaboration

Facebook
is
obviously
the
most
successful
Web
2.0
site.
Using
Facebook,
users
communicate
with
friends
to
share
photos,
videos,
and
text
messages.
Further,
using
Facebook
groups,
teams
can
share
project
information
in
a
secure
way.
Because
Facebook
resides
within
the
cloud,
it
must
be
considered
a
cloud-based
collaborative
tool.

The
advantages
to
using
a
social
media
tool
for
collabo-
ration
include
the
following:

•  Users
can
exchange
project
information
from
any-
where,
at
anytime,
with
any
device.

•  Groups
can
keep
team
content
secure.

•  Most
users
are
already
familiar
with
the
social
media
user
interface.

CASE
7-11
ZENTATION
VIRTUAL
PRESENTATION
SOFTWARE

Zentation
provides
a
PowerPoint
to
streaming-media
converter,
which
allows
users
to
easily
deploy
multime-
dia
presentations
from
the
cloud.
What
makes
Zentation
unique
is
that
it
supports
the
integration
of
streaming
video,
as
shown
in
FIGURE
7­15.
Zentation
not
only
pro-
vides
software
that
will
combine
a
video
and
PowerPoint,
but
it
also
offers
cloud-based
hosting.

Exercise
Discuss
potential
ways
a
company
might
lever-
age
virtual
presentations.

Web
Resources
For
more
information
on
Zentation,
see
www.CloudBookContent.com/Chapter07/index.html.

FIGURE
7­15
Streaming
a
virtual
presentation
from
the
cloud.

 

CASE
7-12
SALESFORCE.COM
CHATTER

http://www.cloudbookcontent.com/Chapter07/index.html

http://salesforce.com/

Salesforce.com
was
one
of
the
first
companies
to
fully
ex-
ploit
the
power
of
the
cloud.
Salesforce.com
Chatter
is
a
tool,
like
social
media,
that
integrates
with
other
Sales-
force.com
tools
to
improve
communication,
coordina-
tion,
and
data
sharing.
Using
Chatter,
employees
can
do
the
following:

•  Collaborate
privately
and
securely

•  Share
project
documents
and
presentations

•  Exchange
thoughts,
ideas,
and
status
information
with
other
group
members

•  Integrate
Salesforce.com
reporting
data
for
improved
communication
and
information
sharing

Rather
than
having
employees
log
into
a
traditional
so-
cial
media
site,
companies
may
prefer
that
team
interac-
tion
occur
within
a
more
professional
setting.

Exercise
Discuss
ways
that
companies
might
leverage
social
networking
tools
beyond
sales
management
and
customer
relationship
management.

Web
Resources
For
more
information
on
Salesforce.-
com
Chatter,
see
www.CloudBookContent.com/Chap-
ter07/index.html.

 

CASE
7-13
GOOGLE
CALENDAR

Because
it
is
free,
cloud
accessible,
and
easy
to
use,
many
users
turn
to
Google
Calendar.
Users
can
easily
share
their
schedule
with
others
they
choose.
Further,
users
can
delegate
others
as
schedule
administrators
with
the
right
to
schedule
or
cancel
meetings
on
the
user’s
behalf.
FIGURE
7­16
shows
the
cloud-based
Google
Calendar
user
interface.

Exercise
Discuss
tools
beyond
schedule
management
that
would
make
sense
for
companies
such
as
Google
to
support
in
the
cloud.

Web
Resources
For
more
information
on
Google
Cal-
endar,
see
www.CloudBookContent.com/Chapter07/in-
dex.html.

http://salesforce.com/

http://salesforce.com/

http://salesforce.com/

http://salesforce.com/

http://salesforce.com/

http://www.cloudbookcontent.com/Chapter07/index.html

http://www.cloudbookcontent.com/Chapter07/index.html

FIGURE
7­16
Using
the
cloud-based
Google
Calendar
to
manage
meetings
and
appointments.

Using
Cloud­Based
Calendar
Management

Within
a
busy
organization,
it
can
be
difficult
to
schedule
meetings,
reserve
meeting
space,
and
track
one’s
own
ap-
pointments
and
meetings.
Many
companies
use
a
calen-
dar,
such
as
that
built
into
Microsoft
Outlook,
to
manage
employee
appointments
and
meetings.
Smaller
compa-
nies,
which
may
not
have
an
Exchange
server,
may
turn
to
cloud-based
calendars,
the
advantages
of
which
in-
clude
the
following:

•  No
software
other
than
a
web
browser
is
required

•  Calendars
are
accessible
through
most
devices

•  Many
cloud-based
calendars
will
sync
with
other
applications

Using
Streaming
Video
Content
to
Collaborate

YouTube
is
one
of
the
Web
2.0
success
stories.
Each
year
users
upload
hundreds
of
millions
of
videos,
containing
a
wide
variety
of
content,
to
YouTube.
Many
companies
use
YouTube
to
market
their
products
and
services
and
even
to
deploy
corporate
training.
YouTube
supports
video
access
from
all
web
browsers
and
most
handheld
devices.
Users
are
free
to
determine
when
and
from
where
they
retrieve
the
video
content.
More
important,
users
can
easily
update
their
own
videos
to
the
YouTube
cloud-based
storage
and
then
share
the
videos
with
other
users.
FIGURE
7­17
illustrates
an
overview
of
cloud-
based
video
processing
at
YouTube.

Cloud­Based
TV
Content

Over
the
past
few
years,
many
households
have
gotten
rid
of
their
land-based
phone
lines
in
lieu
of
cellular
phones.
Recently,
a
similar
phenomenon
is
taking
place
that
has
people
getting
rid
of
television
sets
and
instead
using
cloud-based
movie
downloads
and
streaming
con-
tent.
In
the
near
future,
companies
may
also
leverage
streaming
content
to
provide
their
own
messaging,
mar-
keting,
and
training.

FIGURE
7­17
YouTube
makes
it
very
easy
for
users
to
upload
and
later
stream
video
content
to
and
from
the
cloud.

©
2010
salesforce.com,
inc.
All
rights
reserved.
Used
with
permission.

CASE
7-14
HULU
STREAMING
CONTENT

Hulu
is
a
website
that
offers
on-demand
streaming
of
TV
shows,
movies,
film
clips,
webisodes
(episodes
created
specifically
for
the
web),
and
more.
Hulu
supports
media
streaming
to
a
variety
of
devices.
FIGURE
7­18,
for
exam-
ple,
presents
a
TV
show
streaming
from
the
cloud-based
Hulu
website.

Exercise
Discuss
how
companies
such
as
Netflix
and
Hulu
are
changing
how
users
view
television
and
movies.

Web
Resources
For
more
information
on
Hulu,
see
www.CloudBookContent.com/Chapter07/index.html.

http://salesforce.com/

http://www.cloudbookcontent.com/Chapter07/index.html

FIGURE
7­18
Hulu
is
one
company
that
is
deploying
streaming
media
content
from
the
cloud,
on
demand.

CHAPTER
SUMMARY

Collaboration
is
the
process
of
two
or
more
people
work-
ing
together
to
achieve
a
result
(a
goal).
It
used
to
be
that
teams
would
meet
in
conference
rooms
to
collaborate.
Depending
on
the
scope
and
importance
of
the
project,
some
team
members
would
fly
in
for
face-to-face
meet-
ings.
Those
team
members
who
could
not
attend
would
call
in
to
a
speakerphone.
The
cloud,
however,
has
changed
the
ways
in
which
teams
collaborate.
Today,
us-
ing
cloud-based
tools,
team
members
can
do
the
following:

•  Use
cloud-based
conferencing
software
to
present
doc-
uments,
share
desktops,
and
benefit
from
face-to-face
video.

•  Collaborate
in
real
time
and
edit
the
same
documents.

•  Share
calendars
to
simplify
appointment
scheduling.

•  Use
VoIP-based
audio
or
video
chats
from
anywhere
with
any
device.

•  Take
advantage
of
virtual
faxing
services
to
send
and
receive
faxes,
without
using
a
fax
machine.

•  Forward
transcripts
of
voice
mail
messages
to
their
e-
mail.

•  Communicate
with
team
members
using
wikis
and
blogs.

•  Leverage
familiar
tools
that
are
like
social
media
for
group
interaction.

•  Stream
media
for
marketing,
training,
or
messaging
purposes.

KEY
TERMS

Blog

Collaboration

Instant
messaging
(IM)

Streaming
media

Virtual
meeting

Virtual
presentation

Voice
over
Internet
protocol
(VoIP)

Wiki

CHAPTER
REVIEW

1.
Define
collaboration.

2.
Define
and
describe
cloud-based
collaboration.

3.
The
CIO
of
Ace
Accounting
Services
suggests
that
the
company
can
save
considerable
money
using
VoIP
for
phone
calls.
Define
and
describe
VoIP.
Then
present
three
companies
that
provide
VoIP
offerings.
Compare
and
contrast
each
company’s
offering.
Also,
discuss
whether
or
not
you
agree
with
the
CIO
and
justify
your
opinion.

4.
List
the
questions
one
should
consider
when
evaluat-
ing
a
cloud-based
collaborative
solution.

5.
Jan,
a
project
manager
at
Smith
Electronics,
wants
her
team
to
be
able
to
easily
share
and
edit
documents.
Most
of
the
documents
are
Word
files—letters
and
memos—
along
with
many
presentations.
Discuss
the
solution
that
you
would
recommend
to
Jan.

6.
Mary,
the
human
resources
vice
president
for
Baker
Equipment,
needs
to
train
500
remote
employees
on
the

company’s
new
sexual-harassment
policy.
Describe
the
cloud-based
solution
you
would
recommend
to
Mary
and
why.
Within
your
discussion,
include
the
costs
that
Mary
should
expect
for
the
cloud-based
training.

7.
Describe
the
pros
and
cons
of
using
the
following
col-
laboration
tools:

•
Wiki

•
Blog

•
IM

•
Shared
documents

chapter
8

Virtualization
VIRTUALIZTION
IS
THE
USE
of
hardware
and
soft-
ware
to
create
the
perception
that
one
or
more
entities
exist,
although
the
entities,
in
actuality,
are
not
physical-
ly
present.
Using
virtualization,
we
can
make
one
server
appear
to
be
many,
a
desktop
computer
appear
to
be
running
multiple
operating
systems
simultaneously,
a
network
connection
appear
to
exist,
or
a
vast
amount
of
disk
space
or
a
vast
number
of
drives
to
be
available.

Learning
Objectives

This
chapter
examines
virtualization
in
detail.
By
the
time
you
finish
this
chapter,
you
will
be
able
to
do
the
following:

•   Define
and
describe
virtualization.

•   Discuss
the
history
of
virtualization.

•   Describe
various
types
of
virtualization.

•   List
the
pros
and
cons
of
virtualization.

•   Identify
applications
that
are
well
suited,
as
well
as
those
that
are
not
suited,
for
virtualization.

•   Describe
why
companies
should
employ
virtualization.

Understanding
Virtualization

Virtualization
uses
hardware
and
software
to
create
the
illusion
that
two
or
more
entities
are
present,
when
there
is
only
one
physical
entity
in
existence.
The
most
com-
mon
forms
of
virtualization
include
the
following:

•

Server
virtualization:
Making
one
server
appear
as
many.
Each
virtual
server
may
run
the
same
or
differ-
ent
operating
systems.
Server
virtualization
provides
greater
CPU
utilization,
a
smaller
equipment
footprint,
less
power
consumption,
and
support
for
multiple
oper-
ating
systems.

•

Desktop
virtualization:
This
allows
a
user
to
switch
between
multiple
operating
systems
on
the
same
com-
puter.
(An
operating
system
that
resides
within
a
virtual-
ized
environment
is
known
as
a
guest
operating
sys­
tem.)
Some
desktop
virtualization
techniques
can
pro-
vide
an
operating
system
environment
on
demand.
Desk-
top
virtualization
provides
support
for
multiple
operat-
ing
systems,
which
is
very
convenient
for
software
devel-
opers,
testers,
and
help
desk
support
staff.
In
addition,
desktop
virtualization
leads
to
ease
of
computer
mainte-
nance
and
reduces
desktop
IT
staff
administration.

•

Virtual
networks:
These
create
the
illusion
that
a
user
is
connected
directly
to
a
company
network
and
re-
sources,
although
no
such
physical
connection
may
exist.
Virtual
networks
are
sometimes
called
virtual
private
networks
or
VPNs.
Using
a
virtual
private
network,
users
can
connect
to
a
network
and
access
the
network
re-
sources
from
any
Internet-connected
computer.
Virtual
networks
also
allow
network
administrators
to
segment
a
network,
making
different
departments
such
as
manage-
ment,
development,
and
sales
appear
to
have
their
own
separate
networks.

•

Virtual
storage:
This
provides
users
(and
ap-
plications)
with
access
to
scalable
and
redundant
physi-
cal
storage
through
the
use
of
abstract,
or
logical,
disk
drives
or
file
systems,
or
a
database
interface.

FIGURE
8­1
Virtual
memory
combines
RAM
with
a
page
file
on
disk
to
create
the
illusion,
to
running
pro-
grams,
of
the
existence
of
a
vast
amount
of
RAM.

The
History
of
Virtualization

Although
virtualization
has,
over
the
past
few
years,
be-
come
one
of
the
hottest
topics
in
computing,
it’s
not
a
new
idea.
IBM,
more
than
30
years
ago,
had
a
virtual
op-
erating
system
that
allowed
a
mainframe
computer
to
run
multiple
copies
of
the
same
or
different
operating
systems.
Further,
most
operating
systems
support
virtual
memory,
which,
as
shown
in
FIGURE
8­1,
combines
ran-
dom
access
memory
(RAM)
and
a
page
file
on
disk
to
create
the
illusion
that
a
process
(a
running
program)
has
much
more
physical
RAM
than
is
present
in
the
com-
puter.
Windows,
Linux,
Mac
OS,
and
other
operating
systems
all
support
virtual
memory.

CASE
8-1
VIRTUAL
MEMORY

Virtual
memory
is
not
physical
memory
(RAM).
Instead,
virtual
memory
combines
RAM
and
space
on
a
connect-
ed
disk,
called
a
page
file,
to
create
the
illusion,
to
run-
ning
programs,
that
a
vast
amount
of
RAM
exists.

Before
the
CPU
can
execute
a
program,
the
program’s
in-
structions
and
data
must
reside
within
RAM.
Virtual
memory
takes
advantage
of
the
fact
that
not
all
of
the
program’s
instructions
or
data
must
be
in
RAM
at
the
same
time.
Rather,
the
CPU
needs
only
the
instructions
and
data
with
which
it
is
currently
working
to
reside
in
RAM.

A
virtual
memory
operating
system
breaks
a
program’s
instruction
and
data
into
fixed-size
chunks
called
pages.
When
the
CPU
needs
specific
instructions
or
data,
the
operating
system
loads
the
corresponding
page
from
disk
into
RAM.
When
the
CPU
no
longer
needs
a
set
of
in-
structions
or
data,
the
operating
system
can
move
the
pages
from
RAM
back
to
disk.
This
process
of
moving
pages
between
RAM
and
the
page
file
on
disk
is
called
paging.

The
advantages
of
virtual
memory
include
the
following:

•  A
running
program
(process)
appears
to
have
unlimit-
ed
memory.

•  The
operating
system
can
easily
manage
several
differ-
ent
programs,
running
at
the
same
time,
and
keep
each
program’s
data
and
instructions
secure.

•  The
operating
system
can
take
advantage
of
disk
stor-
age,
which
is
considerably
less
expensive
than
RAM.

The
disadvantage
of
virtual
memory
is
that
the
paging
process
(the
process
of
moving
instructions
and
data
be-
tween
RAM
and
disk)
adds
overhead,
mostly
because
disk
drives
are
much
slower
than
RAM.

Exercise
With
computers
supporting
larger
amounts
of
physical
memory,
some
users
argue
that
there
are
ap-
plications
for
which
users
should
turn
off
virtual
memory
to
improve
performance.
Discuss
whether
you
agree.

Web
Resources
For
additional
information
on
virtual
memory,
see
www.CloudBookContent.com/Chapter08/index.html.

Leveraging
Blade
Servers

For
years,
when
user
demands
required
additional
servers,
the
IT
department
would
add
a
physical
server
box
within
the
data
center,
as
shown
in
FIGURE
8­2.

Although
the
server
box
met
user
demands,
each
box
consumed
space
within
the
data
center
and
required
con-
siderable
power.

FIGURE
8­2
Server
computers
originally
required
their
own
chassis,
disk,
power
supply,
and
fan.
Servers
con-
sumed
considerable
power,
took
up
considerable
space,
and
generated
considerable
heat
within
the
data
center.

CASE
8-2
GREEN
COMPUTING
INITIATIVE

Years
ago
many
people
made
the
claim
that
computers,
e-mail,
and
computer
networks
would
reduce
the
vast
number
of
printed
pages
and
that
many
forests
would
be
spared.
Unfortunately,
the
“less
paper”
thing
never
hap-
pened.
Worse
yet,
with
desktops,
laptops,
and
handheld

http://www.cloudbookcontent.com/Chapter08/index.html

devices
now
touching
all
aspects
of
our
lives
24/7,
most
devices
never
get
powered
off!

The
result
is
that
computer
and
device
power
usage
is
growing
at
exponential
rates.
Because
of
the
impact
that
computers
now
play
with
respect
to
our
environment,
many
green
computing
initiatives
have
emerged.
Some
general
guidelines
for
green
computing
include
the
following:

•  Power
off
devices
when
they
are
not
in
use.

•  Power
up
energy-intensive
devices,
such
as
laser
print-
ers,
only
when
needed.

•  Use
notebooks
when
possible
instead
of
desktop
computers.

•  Use
the
computer’s
built-in
power
management
features.

•  Minimize
unnecessary
printing.

•  Dispose
of
e-waste
(devices,
ink
cartridges,
monitors,
and
so
on)
in
compliance
with
government
regulations.

For
more
specifics
on
green
computing,
visit
the
Green
Computing
Initiative
website
hosted
by
the
University
of
California,
Berkeley,
shown
in
FIGURE
8­3.

Exercise
Discuss
potential
cost
savings
for
a
company
supporting
green
computing
initiatives.

Web
Resources
For
additional
information
on
green
computing,
see
www.CloudBookContent.com/Chap-
ter08/index.html.

http://www.cloudbookcontent.com/Chapter08/index.html

FIGURE
8­3
The
Green
Computing
Initiative
details
a
variety
of
techniques
and
best
practices.

As
the
server
boxes
were
outgrowing
many
data
centers,
the
blade
server
was
born.
In
short,
the
blade
server,
as
shown
in
FIGURE
8­4,
is
a
scaled-down
server
designed
to
consume
less
power
and
to
fit
within
a
rack
with
other
blade
servers,
while
still
matching
or
exceeding
the
pro-
cessing
potential
of
chassis-based
servers.

To
share
disk
space,
blade
servers
support
network-at-
tached
storage
(NAS)
devices.
Additional
advantages
of
blade
servers
include
the
following:

•  Consume
less
physical
space
(footprint)

•  Consume
less
power

•  Generate
less
heat
and
are
easier
to
cool

•  Easy
to
install
and
configure

Server
Virtualization

Most
servers
today
are
either
very
busy,
running
at
a
high
level
of
CPU
utilization,
or
are
idle
a
significant
por-
tion
of
the
time,
waiting
for
something
to
do.
As
you
have
learned,
when
a
server
becomes
very
busy,
the
IT
staff
may,
as
shown
in
FIGURE
8­5,
introduce
a
load-balanc-
ing
server
and
then
add
additional
servers,
as
necessary,
to
handle
the
workload.

FIGURE
8­4
The
blade
server
is
designed
to
fit
within
a
rack
with
other
blade
servers.
This
reduces
the
server’s
physical
footprint,
makes
the
server
easier
to
cool,
and
reduces
the
server’s
power
consumption.

FIGURE
8­5
Using
load
balancing,
the
IT
staff
can
sup-
ply
the
number
of
servers
necessary
to
meet
the
server
workload
at
a
given
time.

In
contrast,
when
a
server
is
idle,
the
server’s
potential
processing
power
is
being
wasted.
For
a
cloud-based
platform
as
a
service
(PaaS)
provider,
such
wasted
pro-
cessing
time
is
a
wasted
revenue
opportunity.

To
reduce
server
idle
time
and
to
protect
one
client’s
server
from
another,
PaaS
providers
use
special
software
to
divide
the
single
physical
server
into
multiple
virtual
servers.
As
shown
in
FIGURE
8­6,
each
virtual
server
may
run
a
different
operating
system.

Improving
CPU
utilization
is
one
reason
to
virtualize
servers.
Second,
some
companies
(including
PaaS
providers)
need
to
support
multiple
server
operating
sys-
tems.
Fortunately,
several
tools
exist
to
make
it
easy
to
virtualize
most
server
operating
systems.

FIGURE
8­6
Through
virtualization,
a
single
physical
server
can
be
made
to
look
like
multiple
separate
servers,
potentially
running
different
operating
systems.

CASE
8-3
MICROSOFT
WINDOWS
SERVER
VIRTUALIZATION

Given
Microsoft’s
aggressive
approach
to
cloud
comput-
ing,
it
makes
sense
that
Microsoft
would
also
aggressive-
ly
pursue
client
and
server
virtualization.
Microsoft
servers
now
utilize
an
underlying
technology
the
compa-
ny
refers
to
as
Hyper-V
to
allow
administrators
to
create
virtual
servers.

The
advantages
of
Microsoft
Hyper-V
technology
include
the
following:

•  The
ability
to
consolidate
servers
and
increase
CPU
utilization

•  Enhanced
business
continuity
and
disaster
recovery

•  Ease
of
deploying
testing
and
support
environments

•  Enhanced
support
for
Windows-based
client
virtualization

•  Improved
load
balancing

•  Ability
to
move
live
virtual
machines
from
one
physical
server
to
another
on
the
fly
for
load
balancing
and
scalability

Exercise
Assume
your
company
primarily
deploys
.NET-based
solutions.
Periodically,
however,
your
com-
pany
releases
a
PHP
or
Perl
solution
running
under
Lin-
ux.
Discuss
the
pros
and
cons
of
using
Microsoft-based
virtual
servers.

Web
Resources
For
additional
information
on
Mi-
crosoft
server
virtualization,
see
www.CloudBookCon-
tent.com/Chapter08/index.html.

Within
a
virtual
server,
to
support
the
execution
of
mul-
tiple
operating
systems,
each
operating
system
is
actually
installed
on
top
of
special
software
called
the
hypervi­
sor.
The
hypervisor,
in
turn,
essentially
manages
each
operating
system’s
execution
and
resource
use.

CASE
8-4
VMWARE
ESXI

http://www.cloudbookcontent.com/Chapter08/index.html

VMware
is
one
of
the
best-known
providers
of
virtualiza-
tion
solutions.
For
companies
that
need
to
support
mul-
tiple
operating
systems
within
a
virtual-server
environ-
ment,
VMware
ESXi
provides
the
solution.
That
said,
ESXi
is
more
than
a
simple
server-virtualization
tool.
ESXi
provides
the
following:

•  Support
for
multiple
operating
systems

•  Server
consolidation

•  Automated
resource
management
to
drive
disaster
re-
covery
and
service-level
agreements

•  Detail
cost-reporting
services

•  Automated
load
balancing

•  Centralized
management
and
administration
of
virtual
servers
and
the
underlying
machines

Exercise
Assume
your
company
must
deploy
virtual-
server
solutions
for
Windows
and
Linux.
You
anticipate
that
you
will
require
only
one
physical
server
running
the
two
virtual
operating
systems.
Research
and
discuss
the
pros
and
cons
as
well
as
the
costs
of
using
VMware
server
virtualization.

Web
Resources
For
additional
information
on
VMware
server
virtualization,
see
www.CloudBookCon-
tent.com/Chapter08/index.html.

Desktop
Virtualization

If
you
continue
thinking
in
terms
of
the
server-virtualiza-
tion
model,
virtualizing
the
desktop
means
allowing
the
system
to
run
multiple
operating
systems
at
the
same
time,
as
shown
in
FIGURE
8­7.
The
term
for
a
desktop
computer
that
runs
two
or
more
operating
systems
is
a
virtual
desktop.

If
you
consider
a
software
tester
who
must
test
multiple
operating
system
platforms,
or
a
help
desk
staff
member
who
must
answer
calls
from
users
running
a
variety
of
operating
systems,
you
can
understand
how
the
ability
to
quickly
switch
between
operating
systems
is
very
conve-
nient
and
powerful.

http://www.cloudbookcontent.com/Chapter08/index.html

The
advantages
of
desktop
virtualization
of
operating
systems
include
the
following:

•  A
single
desktop
computer
can
simultaneously
run
multiple
operating
systems.

•  There
is
reduced
need
for
duplicate
hardware.

•  Less
power
is
consumed.

FIGURE
8­7
Desktop
virtualization
allows
a
desktop
computer
to
run
two
or
more
operating
systems
at
the
same
time
and
allows
a
user
to
quickly
switch
between
the
systems.

CASE
8-5
PARALLELS
DESKTOP
4
WINDOWS
AND
LINUX

Parallels
Desktop
4
for
Windows
and
Linux
lets
users
easily
integrate
and
install
multiple
Windows-
and
Lin-
ux-based
operating
systems
on
the
same
desktop
com-
puter.
Users
can
then
quickly
switch
between
operating
systems
as
easily
as
clicking
the
mouse
on
the
target
op-
erating
system
window.
FIGURE
8­8
shows
Windows
and
Linux
running
on
the
same
desktop
computer
using
Parallels
Desktop
4
for
Windows
and
Linux.

Exercise
Assume
that
your
company
has
10
program-
mers
who
write
and
test
code
for
applications
running
on
Windows
and
Linux,
and
they
must
also
support
ap-
plications
running
on
these
operating
systems.
Discuss
the
pros
and
cons
as
well
as
the
costs
of
using
Parallels
Desktop
4
for
Windows
and
Linux.

Web
Resources
For
additional
information
on
Paral-
lels
Desktop
4
for
Windows
and
Linux,
see
www.Cloud-
BookContent.com/Chapter08/index.html.

http://www.cloudbookcontent.com/Chapter08/index.html

FIGURE
8­8
Using
Parallels
Desktop
4
for
Windows
and
Linux
to
allow
users
to
quickly
switch
between
oper-
ating
system
environments.

The
primary
disadvantage
of
the
virtual
desktop
is
that
the
system
incurs
overhead
due
to
the
virtualization
and
will
not
be
as
fast
as
an
identical
standalone
system
run-
ning
a
single
operating
system.

Desktop
Solutions
on
Demand

For
years,
desktop
computer
management
went
some-
thing
like
this:

•  A
new
employee
joins
the
company.
The
IT
staff,
in
turn,
prepares
a
computer
with
the
needed
software
and
delivers
it
to
the
new
employee’s
desk.

•  When
it
comes
time
to
upgrade
software,
an
IT
support
member
carrying
a
CD-ROM
disk
would
visit
each
desk-
top
computer
and
take
as
long
as
needed
to
install
the
software.
A
high-tech
data
center,
would
then
have
a
desktop
administrator
push
the
upgrade
across
the
net-
work
either
at
night
or
early
in
the
morning.

•  When
users
encountered
problems,
the
IT
staff
mem-
ber
would
again
show
up
at
the
user’s
desk
to
trou-
bleshoot
the
problem,
or
the
high-tech
data
center
would
have
a
help
desk
support
team
member
remotely
log
in
to
the
user’s
computer
from
across
the
network.

•  Users
who
were
frustrated
with
the
IT
staff
and
its
pro-
cesses
would
simply
install
software
on
their
own
sys-

tems,
which
the
company
may
or
may
not
own.

In
any
case,
managing
user
desktop
computers
took
time,
money,
and
labor.

With
faster
computer
networks,
along
with
the
migration
to
cloud-based
solutions,
the
approach
to
desktop
man-
agement
is
changing.
Today
many
data
centers
are
mov-
ing
to
on-demand
delivery
of
desktop
operating
system
environments.
In
this
way,
when
a
user
logs
in
to
a
sys-
tem,
he
or
she
receives
access
to
his
or
her
system
cus-
tomizations,
assigned
operating
system,
and
needed
applications.

CASE
8-6
MICROSOFT
DESKTOP
VIRTUALIZATION

Most
desktop
computers
today
run
a
Windows
operating
system
and
a
Microsoft
suite
of
applications
(normally
Office).
To
simplify
the
management
of
such
desktop
sys-
tems,
Microsoft
provides
a
suite
of
desktop
virtualization
tools:

•  Microsoft
Virtual
Desktop
Infrastructure
(VDI)
suite

•  Microsoft
Application
Virtualization
(App-V)

•  Microsoft
Enterprise
Desktop
Virtualization
(MED-V)

•  Microsoft
Remote
Desktop
Services
(RDS)

•  Microsoft
User
State
Virtualization
(USV)

•  Windows
Thin
computer

The
advantages
of
the
Microsoft
desktop
virtualization
include
the
following:

•  Simplified
desktop
management
across
the
enterprise

•  Access
to
user
profiles
and
data
from
any
computer

•  Improved
business
continuity

•  Improved
management
of
software
licenses

•  Improved
security
and
business
compliance

Exercise
Assume
that
your
company
has
1,000
desk-
tops,
for
which
your
CIO
wants
to
deliver
an
operating
system
and
environment
on
demand.
Discuss
which
Mi-
crosoft
desktop
virtualization
tools
you
would
require
and
the
corresponding
cost.

Web
Resources
For
additional
information
on
Mi-
crosoft
desktop
virtualization,
see
www.CloudBookCon-
tent.com/Chapter08/index.html.

As
shown
in
FIGURE
8­9,
in
an
on-demand
operating
system,
software
and
user
settings
are
pushed
to
a
desk-
top
across
the
network.

Because
the
operating
system
and
applications
reside
within
a
centralized
location
within
an
on-demand
envi-
ronment,
administrators
can
easily
apply
patches
and
software
upgrades,
which
are
transparently
downloaded
to
the
user’s
computer
the
next
time
he
or
she
logs
in.
Further,
the
on-demand
environment
frees
the
user
from
ties
to
any
one
specific
computer.
A
user
can
log
in
to
the
system
from
any
network
computer
and
receive
his
or
her
work
environment.

FIGURE
8­9
On-demand
operating
system
environ-
ments
deliver
a
user’s
operating
system,
environment
customizations,
and
needed
applications
to
any
comput-
er
the
user
logs
in
to.

CASE
8-7
VMWARE
VIEW

As
one
of
the
top
leaders
within
the
virtualization
space,
VMware
offers
View,
a
tool
for
providing
virtual
desktops
on
demand.
Using
View,
system
administrators
can
cen-

http://www.cloudbookcontent.com/Chapter08/index.html

tralize
the
on-demand
delivery
of
an
operating
system
and
user-assigned
applications.
The
advantages
of
VMware
View
include
the
following:

•  Simplified
desktop
operating
system
and
application
management

•  Automated
desktop
provisioning
(account
generation)

•  Virtual-desktop
image
management

•  Support
for
a
variety
of
client
platforms

Exercise
Discuss
the
pros
and
cons
of
using
VMware,
as
opposed
to
Microsoft,
to
implement
a
company’s
desktop
virtualization.

Web
Resources
For
additional
information
on
VMware
View
desktop
virtualization,
see
www.Cloud-
BookContent.com/Chapter08/index.html.

Virtual
Networks

Networks
allow
users
to
share
resources
such
as
printers,
storage
devices,
and
applications.
Most
businesses
utilize
a
local-area
network
(LAN)
to
connect
users.
Typically,
LANs
are
just
that—the
cables
or
wireles
devices
that
connect
users
are
local
to
a
specific
office,
building,
or
campus,
as
shown
in
FIGURE
8­10.

Often
users
who
travel
and
users
who
work
from
remote
locations
must
connect
to
the
company’s
LAN
in
order
to
accomplish
specific
tasks.
In
such
cases,
the
users
can
use
special
software
to
create
a
virtual
private
net­
work
(VPN)
connection
to
the
LAN.
VPN
software,
as
shown
in
FIGURE
8­11,
uses
a
secure
Internet
connection
to
give
the
user
the
illusion
that
he
or
she
is
physically
connected
to
the
remote
network
from
his
or
her
current
location.

FIGURE
8­10
LANs
are
designed
to
allow
users
to
share
resources
within
a
localized
environment
such
as
a
home,
business,
office
building,
or
small
campus.

http://www.cloudbookcontent.com/Chapter08/index.html

FIGURE
8­11
A
VPN
creates
the
illusion
of
a
secure
physical
connection
to
a
LAN
using
software
and/or
hardware
to
connect
the
user
across
the
Internet.

When
multiple
employees
work
remotely,
there
may
be
times
when
the
group
needs
to
establish
its
own
network
in
order
collaborate
securely
and
effectively.
Rather
than
establish
a
physical
network
for
the
group,
companies
will
configure
a
virtual
local-area
network
(VLAN),
which
uses
special
routers
to
segment
part
of
the
physical
net-
work
in
such
a
way
that
the
group
appears
to
have
its
own
private
network.

CASE
8-8
WINDOWS
VPN
SUPPORT

Across
the
web,
several
companies,
including
Cisco,
pro-
vide
advanced
VPN
support.
Should
you
need
to
get
a
VPN
connection
up
and
running
quickly,
however,
Win-
dows
provides
both
client
and
server
support.
FIGURE
8­
12,
for
example,
shows
the
Windows
Create
VPN
Con-
nection
dialog
box
that
lets
a
client
establish
a
VPN
con-
nection
across
the
Internet.
To
create
the
connection,
the
user
needs
only
to
know
the
IP
address
or
domain
name
of
the
remote
VPN
server.

Exercise
Discuss
the
pros
and
cons
of
using
VPN
soft-
ware
provided
with
Windows
as
opposed
to
licensing
or
buying
a
solution
from
a
network
company
such
as
Cisco.

Web
Resources
For
additional
information
on
Win-
dows
VPNs,
see
www.CloudBookContent.com/Chap-
ter08/index.html.

http://www.cloudbookcontent.com/Chapter08/index.html

FIGURE
8­12
Windows
provides
client
and
server
sup-
port
tools
that
users
can
use
to
establish
a
VPN
connection.

In
a
similar
way,
for
internal
security
purposes,
compa-
nies
may
use
virtual
networks
to
create
separate
net-
working
environments
for
sales,
management,
develop-
ment,
and
support,
as
shown
in
FIGURE
8­13.

Again,
many
companies
such
as
VMware
and
Cisco
pro-
vide
support
for
the
creation,
management,
and
security
of
VLANs.

Data
Storage
Virtualization

Chapter
6,
Data
Storage
in
the
Cloud,
discussed
cloud-
based
data
storage
in
detail.
You
learned
that
the
advan-
tages
of
cloud-based
data
storage
include
the
following:

•  Scalable
disk
storage
space
on
demand

•  The
ability
to
pay
as
you
go
for
the
needed
storage

•  Behind-the-scenes
backup
and
data
replication

•  Support
for
common
operating
systems

•  Access
from
anywhere,
anytime,
and
essentially
any
device

•  Ease
of
document
sharing

FIGURE
8­13
Virtual
networks
create
the
illusion
of
two
or
more
stand-alone
networks.

The
primary
disadvantages
of
cloud-based
storage
in-
clude
the
following:

•  Some
users
are
not
comfortable
with
their
data
resid-
ing
in
the
cloud.

•  Cloud-based
file
access
is
slower
than
local
file
access
due
to
network
overhead.

Data
storage
virtualization
essentially
separates
the
physical
data
storage
from
the
logical
presentation
that
users
(and
applications)
use
to
access
the
device.
For
ex-
ample,
computer
users
will
often
partition
a
large
(physi-
cal)
hard
drive
into
two
more
logical
drives
(often
drives
C
and
D).

The
process
of
making
a
device
available
to
a
user
or
ap-
plication
is
called
mounting
the
device.
As
you
learned
in
Chapter
6,
several
cloud-based
data
storage
providers
al-
low
users
to
mount
the
virtual
storage
so
that
the
user
can
refer
to
the
storage
area
using
a
familiar
disk
drive
letter.

Again,
as
shown
in
FIGURE
8­14,
the
data
storage
virtu-
alization
hides
the
physical
details
of
the
actual
storage
device,
which
makes
it
very
easy
for
administrators
to
scale
the
available
storage
space.

FIGURE
8­14
Data
storage
virtualization
hides
the
physical
storage
device
or
devices
from
the
logical
pre-
sentation
that
users
or
applications
use
to
access
the
space.

CASE
8-9
VMWARE
STORAGE
VMOTION

Despite
the
virtual
nature
of
cloud-based
storage,
at
some
point,
an
administrator,
somewhere,
must
manage
the
physical
data-storage
devices.
The
administrator
may
want
to
upgrade
a
device
to
a
larger
or
faster
drive,
or,
simply
move
data
for
load
balancing.
Unfortunately,
to
perform
such
upgrades,
an
administrator
simply
can’t
call
“time
out”
and
take
the
device
off
line.

VMware’s
Storage
vMotion
allows
an
administrator
to
move
files
from
one
virtual
data
store
to
another
while
the
virtual
disk
is
active
for
use!
If
a
user
updates
a
file
on
the
source
disk
while
the
move
is
in
progress,
the
Storage
vMotion
software
simply
takes
note
and
then
lat-
er
updates
the
file
on
the
target
disk.

Exercise
Discuss
application
types
for
which
a
data
storage
device
cannot
be
taken
offline
in
order
to
per-
form
system
updates.

Web
Resources
For
additional
information
on
VMware
Storage
vMotion,
see
www.CloudBookContent.-
com/Chapter08/index.html.

Not
All
Applications
Are
Well
Suited
for
Virtualization

Despite
the
performance
utilization
gains
that
most
ap-
plications
will
experience
within
a
virtual
environment,
some
applications
are
not
well
suited
for
virtualization:

•  Applications
with
unique
hardware
require­
ments:
If
an
application
requires
a
unique
device
or

http://www.cloudbookcontent.com/Chapter08/index.html

hardware
device
driver,
the
virtualization
software
may
be
unable
to
support
the
device.

•  Graphics­intensive
applications:
If
an
application
is
graphics
intensive,
such
as
a
3-D
modeling
program,
the
virtual
device
drivers
may
slow
down
the
I/O
pro-
cessing
to
an
unacceptable
level.

Why
Virtualize?

Throughout
this
chapter,
you
have
examined
a
variety
of
virtualization
techniques.
The
following
list
summarizes
a
company’s
motivation
to
virtualize:

•  Increased
device
utilization
(particularly
CPU
utilization)

•  Decreased
device
footprint

•  Decreased
power
consumption

•  Simplified
operating
system
and
application
administration

•  Ease
of
software
provisioning
and
patch
releases

•  Device
and
storage
scalability

•  Increased
user
access
to
key
resources

•  Increased
flexibility
in
supporting
multiple
operating
system
environments

•  Improved
use
and
management
of
software
licenses

•  Improved
utilization
reporting,
which
leads
to
im-
proved
capacity
planning

•  Improved
disaster
recovery
and
business
continuity

The
primary
disadvantages
of
virtualization
include
the
following:

•  New
staff
or
staff
training
may
be
required
to
under-
stand
the
virtualization
process.

•  Not
all
applications
are
well
suited
for
virtualization.

•  The
virtualization
process
adds
slight
overhead,
which
will
make
some
applications
run
more
slowly.

CHAPTER
SUMMARY

Virtualization
is
the
use
of
hardware
and
software
to
cre-
ate
the
perception
that
one
or
more
entities
exist,
al-
though
the
entities,
in
actuality,
are
not
physically
present.
Using
virtualization,
we
can
make
one
server
ap-
pear
to
be
many,
a
desktop
computer
appear
to
being
running
multiple
operating
systems
simultaneously,
a
network
connection
appear
to
exist,
or
a
vast
amount
of
disk
space
or
a
vast
number
of
drives
to
be
available.

Through
the
use
of
server
virtualization,
companies
re-
duce
their
server
footprint
and
power
consumption,
al-
low
servers
to
support
multiple
operating
systems,
and
drive
server
CPU
utilization.
Further,
through
the
use
of
desktop
virtualization,
companies
simplify
operating
sys-
tem
and
application
administration.
If
needed,
a
virtual
desktop
can
also
run
two
or
more
operating
systems
at
the
same
time.

Virtualizing
drives
increases
device
utilization,
simplifies
device
administration,
and
improves
business
continuity
and
disaster
recovery.

KEY
TERMS

Guest
operating
system

Hypervisor

Virtual
desktop

Virtual
private
network
(VPN)

Virtual
server

CHAPTER
REVIEW

1.
Define
and
describe
virtualization.

2.
Defend
the
following
statement:
Virtualization
is
not
a
new
concept
within
computer
science.

3.
Describe
the
various
types
of
virtualization.

4.
List
the
pros
and
cons
of
virtualization.

5.
Discuss
the
attributes
of
applications
that
are
not
well
suited
for
virtualization.

6.
List
reasons
why
companies
should
virtualize.

7.
List
the
benefits
of
blade
servers.

8.
Define
and
describe
the
hypervisor.

9.
Define
and
describe
green
computing.

10.
Describe
the
concept
of
the
desktop
on
demand,
and
include
the
benefits
of
such
a
system.

chapter
9

Securing the Cloud
FOR
YEARS,
IT
DATA
centers
have
been
secured
physically
to
prevent
users
who
do
not
have
a
need
to
physically
touch
computers,
servers,
and
storage
devices
from
doing
so.
A
general
security
rule
is
that
if
an
indi-
vidual
can
physically
touch
a
device,
the
individual
can
more
easily
break
into
the
device.
As
you
might
imagine,
for
many
IT
personnel
the
thought
of
hosting
ap-
plications
in
the
cloud
is
very
concerning.
When
you
con-
sider
cloud
security
issues,
you
should
think
in
terms
of
two
types
of
threats.
Your
first
list
of
threats
should
cor-
respond
to
the
threats
common
to
both
cloud-based
and
on-site
solutions.
Your
second
list
should
focus
on
those
concerns
specific
to
the
cloud.

Learning
Objectives

This
chapter
examines
cloud-based
security.
By
the
time
you
finish
this
chapter,
you
will
be
able
to
do
the
following:

•   List
the
security
advantages
of
using
a
cloud-based
provider.

•   List
the
security
disadvantages
of
using
a
cloud-based
provider.

•   Describe
common
security
threats
to
cloud-based
environments.

General
Security
Advantages
of
Cloud-Based
Solutions

As
you
have
learned,
because
cloud-based
solution
providers
spread
their
costs
across
multiple
customers,
the
providers
benefit
from
their
economies
of
scale—
meaning
that
most
have
more
money
available
to
invest
in
different
solutions,
such
as
security
issues.
The
follow-
ing
list
specifies
several
advantages
cloud-based
providers
may
have
with
respect
to
security:

•  Immediate
deployment
of
software
patches:
Many
software
patches
address
specific
security
concerns
and
requirements.
Most
cloud-based
solution
providers
have
a
team
of
patch
installation
specialists
who
immedi-

ately
deploy
system
patches.
In
this
way,
the
cloud-based
systems
may
have
a
shorter
period
of
vulnerability
after
a
software
patch
is
released.

•  Extended
human­relations
reach:
Because
of
their
financial
strength,
cloud-based
solution
providers
may
be
able
to
better
vet
potential
employees
who
will
administer
system
software.
Such
vetting
may
include
increased
reference
checking,
security
and
background
checking,
and
periodic
screening
(such
as
by
polygraph).

•  Hardware
and
software
redundancy:
Most
cloud-based
solution
providers
have
redundant
hard-
ware
and
software
resources
they
can
quickly
deploy
in
an
emergency.

•  Timeliness
of
incident
response:
Within
a
data
center,
key
personnel
often
perform
multiple
tasks.
A
company’s
security
specialist
may
also
be
the
company’s
patch
administrator.
As
a
result,
there
are
often
delays
between
the
start
of
a
security
incident
and
its
identifica-
tion—which
may
have
a
catastrophic
result.
A
cloud-
based
solution
provider,
in
contrast,
likely
has
experts
monitoring
systems
for
intrusion,
system
utilization,
and
more.
In
this
way,
should
a
security
incident
occur,
the
cloud-based
solution
provider
is
likely
to
be
more
responsive.

•  Specialists
instead
of
personnel:
Again,
because
of
their
financial
advantage,
cloud-based
solution
providers
may
be
better
positioned
to
recruit
and
hire
trained
system
specialists.
A
small
company
that
tries
to
handle
its
own
IT,
on
the
other
hand,
may
have
a
one-
person
IT
staff—and
that
employee
may
have
a
steep
learning
curve.

There
are
also
security
disadvantages
to
hosting
ap-
plications
and
their
data
within
the
cloud:

•  Country
or
jurisdiction:
It
is
not
always
clear
where
cloud-based
resources
reside.
If
a
cloud
hosts
its
re-
sources
within
a
remote
country,
for
example,
one
must
be
concerned
with
the
laws
and
the
government
stability
of
the
country.
If
the
cloud
resources
reside
in
multiple
states,
questions
of
jurisdiction
may
arise
in
the
event
of
a
legal
matter.
If
a
cloud-based
provider,
for
example,
re-
ceives
a
subpoena
or
a
request
for
an
e-discovery
process,
a
customer’s
data
may
become
part
of,
and
ex-
posed
to,
an
unwanted
legal
discovery.

•  Multitenant
risks:
Many
cloud-based
solution
providers
use
multitenant
solutions,
which
means
that
two
or
more
customers
may
use
the
same
resources,
such
as
a
database.
As
a
result,
an
application
error
might
ex-
pose
one
company’s
data
to
another
company.
Likewise,
if
a
data
storage
device
is
shared,
data
remnants
from
one
company
may
be
exposed
to
another
company.

•  Malicious
insiders:
Despite
a
cloud
solution
provider’s
best
human-relations
efforts,
there
can
some-
times
be
problems
with
malicious
employees.
Depending
on
the
employee’s
role,
a
company’s
cloud-based
data
may
be
at
risk.

•  Vendor
lock
in:
Depending
on
how
a
cloud-based
so-
lution
provider
stores
a
company’s
data,
it
may
become
difficult
for
the
company
to
change
providers
later
in
the
event
of
a
service-level
agreement
breach
or
other
problem.

•  Risk
of
the
cloud­based
provider
failing:
Compa-
nies
who
rely
on
cloud-based
providers
are
at
risk
that
the
provider
could
fail.
Some
companies
ask
for
a
source
code
escrow
agreement,
which
places
a
copy
of
the
provider’s
source
code
with
a
third-party
company.
If
the
provider
fails,
the
company
can
gain
access
to
the
source
code,
with
which
they
may
be
able
to
rehost
the
solution.

CASE
9-1
MCAFEE
SECURITY
AS
A
SERVICE

To
stay
current
with
virus
and
spyware
threats,
most
an-
tivirus
solutions
perform
constant
updates
to
their
virus
signature
dictionary/database.
When
you
license
an
an-
tivirus
solution,
you
normally
receive
at
least
one
year
of
automatic
security
system
updates.
As
you
work,
the
an-
tivirus
software
updates
your
system
against
new
threats
behind
the
scenes.
In
general,
the
antivirus
software,
as
shown
in
FIGURE
9­1,
pulls
in
the
threat
signatures
from
across
the
cloud.

McAfee
now
offers
a
range
of
security
solutions
that
de-
ploy
from
the
cloud.
The
solutions
protect
e-mail
(spam,
phishing,
redirection,
and
virus
elimination),
websites,
desktop
computers,
mobile
devices,
and
more.
FIGURE
9­2
shows
the
McAfee
security
as
a
service
web
page.

Exercise
Assume
that
you
must
provide
desktop
an-
tivirus
and
antispam
support
for
1,000
desktop
comput-

ers.
Visit
the
McAfee
website
and
create
a
proposal
that
includes
your
solution
features
and
cost.

Web
Resources
For
additional
information
on
McAfee
security
as
a
service,
see
www.CloudBookContent.com/Chapter09/index.html.

FIGURE
9­1
Antivirus
systems
retrieve
cloud-based
up-
dates
regarding
new
threats
in
near
real
time.

FIGURE
9­2
McAfee,
like
many
security
providers,
now
offers
a
range
of
cloud-based
security
solutions.

Introducing
Business
Continuity
and
Disaster
Recovery

Chapter
10,
Disaster
Recovery
and
Business
Continuity
and
the
Cloud,
examines
business
continuity
and
disas-
ter
recovery
in
detail.
Within
Chapter
10,
you
will
learn
that
companies
always
face
a
variety
of
risks.
Each
com-
pany’s
goal
is
to
evaluate
the
risks
and
to
determine
ways
to
mitigate
(reduce)
them.
When
you
work
with
security
issues,
the
same
technique
applies.
To
start,
you
must
determine
where
your
system
is
vulnerable
and
then
you
must
take
steps
to
reduce
the
vulnerability.
The
following
sections
examine
common
security
threats.

http://www.cloudbookcontent.com/Chapter09/index.html

Understanding
Data
Storage
Wiping

In
Chapter
6,
Data
Storage
in
the
Cloud,
you
learned
that
many
facilities
offer
cloud-based
storage.
Often
a
cloud-based
data
storage
provider
may
share
a
storage
device
across
multiple
customers.
Assume,
for
example,
that
you
store
a
confidential
company
document
within
the
cloud.
Later
you
delete
that
document.
Normally,
when
the
file
system
deletes
a
file
on
disk,
the
file
system
simply
marks
the
locations
within
which
the
file
resided
as
available
for
use
to
store
other
files.
Assume
that
an-
other
customer
comes
along
and
allocates
space
on
the
disk
for
storage
but
does
not
write
any
information
to
the
space.
If
the
customer
examines
the
allocated
space,
the
customer
may
have
access
to
your
previously
deleted
confidential
document!

To
prevent
such
inadvertent
data
access,
many
cloud-
based
data
storage
facilities
will
wipe
a
file’s
contents
upon
deletion.
Data
wiping
is
the
term
used
when
a
cloud-based
storage
device
overwrites
(wipes)
a
file’s
contents
when
a
file
is
deleted.
Wiping
involves
overwrit-
ing
the
previous
file
space
with
a
series
of
values.
In
this
way,
as
shown
in
FIGURE
9­3,
if
a
customer
allocates
space
within
a
cloud-based
disk,
that
customer
cannot
read
the
disk’s
previous
content.

FIGURE
9­3
Within
a
cloud-based
disk
storage
facility,
file
wiping
overwrites
a
file’s
previous
contents
when
the
file
is
deleted.

Understanding
Distributed
Denial­of­Service
(DDoS)
Attacks

A
denial­of­service
attack
is
a
hacker
attack
on
a
site,
the
goal
of
which
is
to
consume
system
resources
so
that
the
resources
cannot
be
used
by
the
site’s
users.
The
mo-
tivation
for
and
the
implementation
of
denial-of-service
attacks
differ.
The
following
batch
file,
for
example,
re-
peatedly
sends
ping
requests
to
a
specified
website.
Be-
cause
the
site
must
respond
to
the
requests,
it
may
need
to
deny
or
delay
service
to
other
users:

:Loop

ping
SomeSite.com

GOTO
Loop

A
distributed
denial-of-service
(DDoS)
attack
uses
multi-
ple
computers
distributed
across
the
Internet
to
attack
a
target
site,
as
shown
in
FIGURE
9­4.

It
can
be
challenging
for
a
server
to
defend
itself
against
a
denial-of-service
attack.
Often
a
server
slows
down
considerably
before
the
attack
can
be
detected
and
de-
fended.
The
advantage
of
a
cloud-based
host
with
respect
to
a
denial-of-service
attack
is
that
the
cloud
server
may
scale
its
resources
quickly
to
respond
to
the
attack
mes-
sages
in
such
a
way
that
the
site’s
users
are
not
impacted.
The
increased
scaling
will
notify
the
administrators
that
the
site
is
under
attack
so
they
can
initiate
defensive
actions.

Packet
Sniffing

Across
the
Internet
and
cloud,
applications
communicate
by
exchanging
packets
of
data.
As
shown
in
FIGURE
9­5,
within
a
wired
network
each
computer
examines
packets
to
determine
which
ones
are
addressed
to
it.

http://somesite.com/

FIGURE
9­4
A
DDoS
attack
employs
multiple
comput-
ers
to
attack
a
target
site.

FIGURE
9­5
Network
applications
communicate
by
ex-
changing
network
packets.
Each
computer
within
a
wired
network
examines
the
message
address
to
determine
if
the
message
is
for
an
application
it
is
running.

A
hacker
can
write
code
that
lets
his
or
her
system
exam-
ine
the
content
of
each
packet
that
travels
past
it.
Such
programs,
called
packet
sniffers,
allow
the
hacker
to
view,
and
in
some
cases
change,
a
packet’s
contents.
Within
a
wireless
network,
hackers
can
simply
monitor
the
airways
to
intercept
packets.

The
best
defense
against
a
packet
sniffing
attack
is
to
use
secure
(encrypted)
connections.
The
cloud,
because
it
allows
users
to
connect
to
applications
from
anywhere,
increases
potential
risks.
Users
may
connect
from
an
in-
secure
network
or
a
network
in
which
the
wireless
traffic
is
being
monitored.
To
reduce
the
threat
of
such
attacks,
more
cloud-based
applications
will
require
secure
con-
nections
in
the
future.

Man­in­the­Middle
Attack

A
man­in­the­middle
attack
is
much
as
it
sounds.
In
general,
the
attack
occurs
when
a
hacker,
as
shown
in
FIGURE
9­6,
is
able
to
interrupt
network
messages
and
essentially
place
himself
or
herself
between
the
user
and

the
remote
system.
When
the
hacker
is
positioned
in
this
way,
he
or
she
can
then
then
send
messages
that
appear
to
come
from
either
the
user
or
the
system,
as
needed.

FIGURE
9­6
Within
a
man-in-the-middle
attack,
a
hacker
intercepts
the
messages
a
user
and
system
are
ex-
changing.
The
hacker
can
view
and/or
change
the
mes-
sage
contents.

Because
cloud-based
solutions
rely
on
user
communica-
tions
across
the
Internet,
the
solutions
are
at
risk
for
man-in-the-middle
attacks.
A
good
defense
against
such
attacks
is
to
establish
a
secure
(encrypted)
connection
with
the
remote
server.

Monitoring
Device
Screens

Years
ago,
when
employees
accessed
sensitive
or
confi-
dential
data
only
from
within
their
office,
the
physical
data
were
better
protected
from
prying
eyes.
The
cloud,
however,
extends
the
delivery
of
such
data
to
users
who
are
any
place,
at
any
time,
and
often
to
any
device.
The
net
result
is
that
within
a
busy
coffee
shop
or
an
airport,
strangers
can
see
data
ranging
from
human-relations
in-
formation
or
customer
sales
data
to
student
grades,
and
more.

Unfortunately,
the
problems
caused
by
remote
data
ac-
cess
will
only
get
worse.
The
best
defense
against
screen
monitoring
is
user
training.
Users
who
access
sensitive
data
must
be
aware
of
their
surroundings.

Malicious
Employees

Companies
spend
considerable
amounts
of
money
trying
to
protect
their
data
and
communications
from
hackers.
IT
staffs
deploy
firewalls,
use
encryption,
monitor
net-
work
traffic
for
intrusion,
and
much
more.
With
all
of

these
security
features
in
place,
the
most
difficult
chal-
lenge
for
a
company
to
defend
itself
against
is
a
mali-
cious
employee.
Developers,
for
example,
have
access
to
databases,
and
IT
staff
members
have
access
to
various
system
passwords,
which
means
that
each
may
have
ac-
cess
to
human-relations
data,
payroll
data,
e-mail
con-
tent,
and
so
on.

By
shifting
data
to
the
cloud,
you
move
sensitive
data
away
from
your
own
employees.
However,
the
data
are
now
accessible
to
a
staff
of
IT
personnel
that
you
do
not
know.
For
many
data
items,
such
as
payroll
data,
the
cloud-based
staff
is
likely
less
interested
and
curious
about
the
data.
That
said,
companies
must
feel
confident
that
the
data
they
store
within
the
cloud
are
secure.
To
meet
these
concerns,
cloud-based
solution
providers
are
intensifying
their
recruitment
and
hiring
processes.

Hypervisor
Attack

Chapter
8,
Virtualization,
introduced
you
to
the
concept
of
server
virtualization.
As
you
learned,
when
you
virtu-
alize
a
server,
each
server
operating
system
runs
on
top
of
special
virtualization
software
called
the
hypervisor,
as
shown
in
FIGURE
9­7.

As
you
might
imagine,
hypervisor
developers
such
as
VMware
and
Microsoft
constantly
focus
on
ways
to
lock
down
and
secure
the
hypervisor
to
reduce
risks.
That
said,
the
hypervisor
will
remain
an
attractive
hacker
tar-
get
as
companies
continue
to
virtualize
solutions.
Hack-
ers
refer
to
the
process
of
taking
over
the
hypervisor
as
a
hyperjacking
attack.
In
the
future,
to
reduce
the
chance
of
a
hypervisor
being
taken
over
by
malicious
code,
the
underlying
hardware
may
assign
a
state
value,
like
a
cyclic
redundancy
check
(CRC),
to
the
hypervisor.
If
this
value
changes,
the
hardware
can
detect
that
the
hypervisor
has
been
attacked
or
replaced.

FIGURE
9­7
The
hypervisor
is
special
software
that
al-
lows
virtualization
of
system
resources.

Guest­Hopping
Attack

Within
a
virtualized
server,
the
operating
systems
that
execute
are
called
guest
operating
systems.
Assume,
as
shown
in
FIGURE
9­8,
that
a
virtual
server
is
running
three
operating
systems
and
a
hacker
is
trying
to
attack
operating
system
A.

If
the
hacker
is
unable
to
directly
attack
operating
system
A,
the
hacker
may
then
try
to
attack
operating
system
B.
If
the
hacker
is
successful,
the
hacker
may
then
initiate
a
peer-level
attack
on
operating
system
A,
as
shown
in
FIG­
URE
9­9.
Hackers
refer
to
an
attack
from
one
guest
oper-
ating
system
to
another
as
a
guest­hopping
attack.

FIGURE
9­8
A
virtualized
server
running
three
guest
operating
systems
with
a
hacker
trying
to
attack
operat-
ing
system
A.

FIGURE
9­9
A
guest-hopping
attack
occurs
when
a
hacker
tries
to
attack
one
guest
operating
system
from
another.

CASE
9-2
CLOUD
SECURITY
ALLIANCE

The
Cloud
Security
Alliance
is
a
not-for-profit
organiza-
tion,
the
goal
of
which
is
to
promote
education
of
cloud
security
issues.
The
Cloud
Security
Alliance
consists
of
a
large
coalition
of
cloud
practitioners,
companies,
associ-
ations,
and
other
cloud
stakeholders.
As
shown
in
FIG­
URE
9­10,
the
Cloud
Security
Alliance
offers
training
that
can
lead
to
a
Certificate
of
Cloud
Security
Knowledge.

Exercise
Visit
the
Cloud
Security
Alliance
website.
Pro-
duce
a
list
of
cloud
security
topics
one
should
understand
in
preparation
for
taking
the
cloud
knowledge
certifica-
tion
exam.

Web
Resources
For
additional
information
on
the
Cloud
Security
Alliance,
see
www.CloudBookContent.-
com/Chapter09/index.html.

FIGURE
9­10
The
Cloud
Security
Alliance
offers
train-
ing
and
certification
in
cloud
security
knowledge.

SQL­Injection
Attack

Many
web
applications
present
forms
that
users
must
complete
by
filling
in
fields
and
then
submitting
the
form
contents
for
processing.
The
application
that
receives
the
form
data
often
stores
the
data
within
an
SQL
database.
An
SQL­injection
attack
occurs
when
a
malicious
user
inserts
one
or
more
SQL
queries
within
one
or
more
of
the
fields.
For
example,
rather
than
simply
typing
in
his
or
her
last
name,
the
hacker
might
type
the
following:

http://www.cloudbookcontent.com/Chapter09/index.html

Smith;
DROP
DATABASE
EMPLOYEES;

Depending
on
how
the
database
uses
the
user
input,
the
processing
may
result
in
the
execution
of
the
injected
SQL,
which
in
this
case
would
delete
the
database
of
the
company’s
employees.
When
developers
prompt
users
to
enter
data
within
forms,
the
developers
must
be
aware
of
and
test
for
such
injections.

CASE
9-3
EUROPEAN
NETWORK
AND
INFORMA-
TION
SECURITY
AGENCY
(ENISA)

The
European
Network
and
Information
Security
Agency
(ENISA),
based
in
Greece,
promotes
cybersecuri-
ty
best
practices.
Within
the
ENISA
website,
you
will
find
a
broad
range
of
papers
and
reports
on
a
variety
of
secu-
rity
topics.
FIGURE
9­11,
for
example,
illustrates
the
ENISA
Cloud
Computing
Risk
Assessment
page
which
you
should
read.

Exercise
Visit
the
ENISA
website
and
review
the
Cloud
Computing
Risk
Assessment
page
and
document.
Create
a
two-
to
three-page
executive
summary
that
describes
the
risk
assessment
overview.

Web
Resources
For
additional
information
on
ENISA
security
recommendations,
see
www.CloudBookCon-
tent.com/Chapter09/index.html.

FIGURE
9­11
The
ENISA
website
provides
a
wide
range
of
cybersecurity
best
practices,
including
recommenda-
tions
for
secure
cloud
computing.

Many
cloud-based
SaaS
solutions
are
multitenant
ap-
plications,
which
means
different
customers
may
share
underlying
resources
such
as
a
database.
If
the
SaaS
ap-
plication
falls
victim
to
SQL
injection,
it
might
be
possi-

http://www.cloudbookcontent.com/Chapter09/index.html

ble
for
a
user
in
one
company
to
view,
change,
or
destroy
the
data
of
another
company.

Physical
Security

In
Chapter
10,
Disaster
Recovery
and
Business
Continu­
ity
and
the
Cloud,
you
will
examine
a
variety
of
system
threats,
including
fire,
flood,
theft,
earthquakes,
torna-
does,
hurricanes,
and
power
outages.
A
cloud-based
so-
lution
provider,
like
all
data
center
facilities,
is
subject
to
each
of
these
threats.
Most,
however,
reduce
the
risk
of
such
threats
by
replicating
(colocating)
identical
systems
at
geographically
dispersed
locations,
as
shown
in
FIG­
URE
9­12.

If
one
system
fails,
the
service
provider
can
immediately
fail
over
to
the
other
system.
Further,
because
most
cloud
service
providers
have
state-of-the-art
data
cen-
ters,
they
normally
have
fire
suppression
systems,
back-
up
as
power
generators,
and
strong
physical
security
measures
in
place.

FIGURE
9­12
By
using
colocated,
replicated
hardware
and
software,
cloud
solution
providers
reduce
many
threats
to
IT
resources.

CHAPTER
SUMMARY

For
years,
IT
data
centers
physically
secured
resources
to
prevent
users
who
do
not
have
a
need
to
physically
touch
computers,
servers,
and
storage
devices
from
doing
so.
IT
security
professionals
know
that
anyone
who
can
physically
touch
a
device
can
more
easily
break
into
it,
and
so
much
of
IT
security
is
based
on
preventing
access.
The
cloud,
however,
changes
the
security
model
signifi-
cantly
by
making
data
available
to
users
anywhere,
any-

time,
with
virtually
any
device.
Securing
cloud-based
ap-
plications
takes
planning
and
resources.
As
you
examine
cloud
security
issues,
think
in
terms
of
two
types
of
threats:
those
that
are
common
to
both
cloud-based
and
on-site
solutions,
and
threats
that
are
specific
to
the
cloud.

KEY
TERMS

Data
wiping

Denial-of-service
attack

Guest-hopping
attack

Hyperjacking
attack

Man-in-the-middle
attack

Packet
sniffing

SQL-injection
attack

CHAPTER
REVIEW

1.
List
the
security
advantages
of
cloud-based
solutions.

2.
List
the
security
disadvantages
of
cloud-based
solutions.

3.
Define
and
discuss
the
data
wiping
process.

4.
Discuss
how
a
cloud-based
solution
provider
may
re-
duce
the
risk
of
a
DDoS
attack.

5.
Define
and
discuss
hyperjacking
attacks.

6.
Define
and
discuss
guest-hopping
attacks.

chapter
11

Service-Oriented Architecture
“SOFTWARE
ARCHITECTURE”
DESCRIBES
THE
major
components
that
comprise
a
system,
their
relationships,
and
the
information
the
components
ex-
change.
The
distributed
nature
of
the
cloud
has
provided
an
ideal
platform
to
support
service-oriented
architec-
ture
(SOA),
an
architectural
approach
to
building
solu-
tions
through
the
integration
of
services.
This
chapter
in-
troduces
SOA
and
its
implementation
through
web
services.

Learning
Objectives

This
chapter
examines
SOA.
By
the
time
you
finish
this
chapter,
you
will
be
able
to
do
the
following:

•   Define
and
describe
SOA.

•   Compare
and
contrast
the
roles
of
web
services
and
web
pages.

•   List
common
examples
of
web
services.

•   Discuss
the
benefits
of
treating
a
web
service
as
a
black
box.

•   Discuss
governance
challenges
in
using
web
services.

•   Discuss
the
role
of
the
Web
Service
Description
Lan-
guage
(WSDL)
to
describe
a
web
service
and
its
methods.

Understanding
Service-Oriented
Architecture

A
software
system
consists
of
components
that
imple-
ment
different
aspects
of
the
processing.
There
are
many
different
ways
to
create
the
architecture
for
a
system—
its
components
and
their
relationships
and
interactions.
Service­oriented
architecture
(SOA)
is
a
system
de-
sign
upon
which
the
solution
is
described
in
terms
of
one
or
more
services.
Normally,
to
promote
reuse,
the
ser-
vices
are
distributed
on
the
Web.
When
a
program
must
use
a
service,
the
program
exchanges
messages
with
the
service,
normally
through
the
use
of
a
remote-procedure

(method)
call,
as
shown
in
FIGURE
11­1.
This
chapter
examines
the
use
of
web
services
to
implement
SOA
design.

FIGURE
11­1
Within
SOA,
programs
make
remote-pro-
cedure
calls
to
services
that
reside
on
servers
distributed
across
the
Web.

Web
Services
Are
Not
Web
Pages

Across
the
Web,
people
use
sites
that
perform
specific
tasks.
For
example,
they
book
travel
on
Travelocity,
buy
books
at
Barnes
&
Noble,
check
their
account
balance
at
Bank
of
America,
and
order
pizza
from
Domino’s.
These
sites
offer
services
to
the
user,
but
they
are
web
pages,
not
web
services.
A
web
service
is
program
code
that
re-
sides
on
the
Web
and
performs
a
specific
task
that
other
programs,
not
people,
use.
The
following
are
examples
of
tasks
performed
by
a
web
service:

•  Return
the
weather
conditions
for
a
specific
zip
code

•  Return
real-time
traffic
conditions
for
a
road
or
highway

•  Return
a
stock
price
for
a
particular
company

•  Return
driving
directions
to
a
specific
location

•  Return
the
country
associated
with
an
IP
address

Programmers
use
web
services
within
their
programs
to
perform
specific
processing.
To
use
a
web
service,
a
pro-
gram
exchanges
messages
across
the

FIGURE
11­2
A
program
exchanges
messages
with
a
web
service
to
call
a
specific
method
and
then
normally
waits
for
the
web
service
to
return
its
result.

Internet
with
the
web
service
that
resides
on
a
remote
server.
The
program
may
pass
parameter
values
to
the
service,
such
as
a
stock
symbol
of
a
company
for
which
the
program
wants
the
stock
price
or
the
zip
code
of
the
area
for
which
the
program
wants
weather
conditions.
When
a
program
calls
a
web
service,
normally
the
pro-
gram
will
send
its
message
to
the
web
service
via
a
func-
tion
call
and
then
wait,
as
shown
in
FIGURE
11­2,
for
the
web
service
to
return
its
result.

CASE
11-1
TEST
DRIVING
WEB
SERVICES

As
discussed,
a
web
service
is
code
that
a
program
calls
from
across
the
Internet
to
perform
a
specific
task.
To
help
you
understand
how
a
program
might
use
a
web
service,
there
are
several
simple
programs
(web
ap-
plications)
hosted
on
this
book’s
companion
website.
In
each
case,
the
program
creates
a
web
page
within
which
it
displays
information
it
receives
from
a
web
service.

Exercise
Discuss
potential
pros
and
cons
of
using
a
web
service
to
accomplish
a
specific
task.

Web
Resources
To
test
drive
several
programs
that
use
web
services,
visit
www.CloudBookContent.com/Chap-
ter11/index.html.

Many
Companies
Provide
Web
Services

When
programmers
create
applications,
often
they
need
programs
to
perform
tasks
that
involve
another
compa-
ny,
such
as
the
following:

•  Determining
the
shipping
rate
to
send
a
package
via
UPS
or
FedEx

http://www.cloudbookcontent.com/Chapter11/index.html

•  Determining
if
a
company
has
a
particular
product
in
inventory
and,
if
so,
the
quantity
available

•  Performing
credit
card
processing

•  Placing
an
order
for
a
product

To
help
programs
perform
such
tasks,
many
companies
provide
web
services.
For
example,
FedEx
and
UPS
pro-
vide
web
services
that
programs
can
use
to
integrate
each
company’s
shipping
and
tracking
capabilities.
Amazon
provides
web
services
that
programs
can
use
to
integrate
product
searching
and
purchasing
into
their
ap-
plications.
Google
provides
web
services
that
programs
can
use
to
access
the
site’s
search-engine
capabilities.

Discovering
Web
Services

Before
a
developer
can
take
advantage
of
an
existing
web
service,
he
or
she
must
know
that
the
web
service
exists.
Companies
such
as
FedEx,
UPS,
Amazon,
and
Google
usually
have
developer-specific
web
pages
that
provide
documentation
for
their
service
offerings.
Across
the
Web,
developers
may
take
advantage
of
registries
within
which
other
programmers
store
information
about
the
web
services
they
create.
More
than
10
years
ago,
when
developers
first
began
deploying
web
services,
a
large
registry,
known
as
Universal
Description,
Discovery,
and
Integration
(UDDI),
emerged.
The
goal
of
UDDI
was
to
make
it
easier
for
a
developer
and
a
program
to
discover
web
services.
Unfortunately,
UDDI
was
never
widely
used
and
was
shut
down.

CASE
11-2
XMETHODS
WEB
SITE

As
programmers
develop
web
services,
often
they
will
share
them
with
others—sometimes
for
free,
sometimes
not.
At
the
XMethods
website,
shown
in
FIGURE
11­3,
you
can
find
a
wide
variety
of
web
services
available
for
use
within
programs.
Even
if
you
are
not
a
developer,
you
should
visit
the
site
to
gain
a
better
understanding
of
the
types
of
tasks
performed
by
web
services.

Exercise
Visit
the
XMethods
website.
Describe
three
different
web
services
listed
that
programmers
might
use
within
a
business
application.

Web
Resources
For
more
information
on
web
services,
visit
www.CloudBookContent.com/Chapter11/in-

http://www.cloudbookcontent.com/Chapter11/index.html

dex.html.

FIGURE
11­3
You
can
find
a
wide
variety
of
web
ser-
vices
at
the
XMethods
website.

Understanding
Web
Service
Performance

Primarily
because
of
their
distributed
nature,
web
ser-
vices
provide
advantages
to
developers,
the
most
impor-
tant
of
which
is
ease
of
code
reuse.
The
cost
of
a
web
ser-
vice’s
distributed
processing
is
performance.
Because
web
services
require
network
operations,
a
web
service
will
be
considerable
slower
than
a
program’s
call
to
a
function
that
resides
on
the
same
computer.
Consider,
for
example,
the
following
C#
program
that
determines
the
square
root
of
the
values
1
to
1,000:

http://www.cloudbookcontent.com/Chapter11/index.html

The
program
simply
tracks
how
long
it
takes
to
perform
its
processing
and
then
displays
output
similar
to
the
following:

Ticks
required:
5

In
this
case,
the
square
root
processing
takes
5
ticks
(100
nanosecond
intervals)
to
complete.

In
contrast,
consider
the
following
C#
program
that
uses
a
remote
web
service
to
calculate
the
square-root
values:

In
this
case,
the
program
displays
output
similar
to
the
following:

Ticks
required:
10,562,000

As
you
can
see,
the
message-passing
overhead
associated
with
calling
the
remote
web
service
increases
the
pro-
cessing
to
more
than
10,000,000
ticks.

These
examples
illustrate
that
due
to
network
overhead,
a
web
service,
despite
its
increased
code
reuse,
is
not
al-
ways
the
best
solution
to
a
problem.

Web
Service
and
Reuse

When
programmers
develop
code,
they
break
large,
com-
plex
operations
into
smaller,
more
manageable
tasks.
Then
they
implement
the
well-defined
tasks
as
functions.
Ideally,
each
function
should
perform
one
task
only.
In
this
way,
programmers
can
reuse
the
function
code
in
other
programs,
which
saves
development
and
testing
time
and
ultimately
reduces
costs.
A
common
rule
of
programming
is
not
to
“reinvent
the
wheel,”
which
means
that
if
another
programmer
has
written
code
that
performs
the
task
that
your
program
needs,
you
should
reuse
that
code.

Web
services
contain
functions
that
perform
specific
tasks.
Normally,
the
web
service’s
functions
will
perform
key
tasks
that
many
programs
need.
As
a
result,
web
ser-
vices
typically
have
a
high
level
of
code
reuse.

Scaling
Web
Services

Chapter
19,
Application
Scalability,
examines
ways
to
scale
cloud-based
applications.
Depending
on
its
pro-
gram
demands,
a
web
service
may
become
a
potential
system
bottleneck.
An
easy
first
solution
is
to
scale
up
the
web
service
by
placing
it
on
a
faster
server.
If
high
utilization
of
the
service
continues,
the
developers
may
need
to
distribute
copies
of
the
web
service
onto
addi-
tional
servers
and
then
use
a
load
balancer,
as
shown
in
FIGURE
11­4,
to
distribute
the
program
requests.

FIGURE
11­4
Using
a
load-balancing
model,
developers
can
scale
a
web
service
solution.

Web
Services
and
Loose
Coupling

As
you
have
learned,
a
web
service
contains
code
that
programs
can
call
from
across
the
Internet
to
perform
a
specific
operation.
Coupling
describes
the
degree
of
de-
pendence
between
a
calling
program
and
the
web
ser-
vice.
Ideally,
to
use
a
web
service,
a
program
only
needs
to
know
the
location
of
the
web
service
(its
URL),
the
name
of
the
functions
(methods)
the
web
service
pro-
vides,
and
parameters
the
program
can
pass
to
the
func-
tions.
In
this
way,
programs
and
web
services
are
said
to
be
loosely
coupled.

Because
of
a
program’s
loosely
coupled
relationship
to
a
web
service,
it
is
possible
for
a
developer
to
update
a
web
service
with
a
newer
version
(perhaps
a
faster
version)
and
for
programs
that
use
the
service
to
use
the
new
ver-
sion
immediately
without
requiring
any
modifications.

Treating
a
Web
Service
as
a
Black
Box

The
term
black
box
describes
a
module
for
which
the
software
developer
does
not
care
how
the
processing
is
performed,
but
instead,
knows
that
the
code,
when
pro-
vided
valid
inputs,
will
produce
predictable
results.

Based
on
a
web
service’s
loosely
coupled
relationship
with
a
program
that
uses
the
service,
the
developer
is
confident
that
he
or
she
can
treat
the
web
service
as
a
black
bos
and
not
worry
about
how
it
performs
a
task.
Instead,
the
developer
trusts
that,
with
valid
input,
the
web
service
will
function
consistently.

Web
Service
Interoperability

One
of
the
biggest
advantages
of
web
services
is
their
in­
teroperability.
In
other
words,
they
can
be
called
from
programs
using
a
variety
of
programming
languages.
Consider,
for
example,
the
following
web
service
that
provides
two
methods,
Uppercase
and
Lowercase,
which
return
the
uppercase
or
lowercase
equivalents
of
the
character
strings
they
receive:

This
particular
web
service
was
written
using
the
C#
pro-
gramming
language
within
a
.Net
environment.
The
fol-
lowing
C#
program
uses
the
methods
the
web
service
provides:

When
you
compile
and
execute
this
program,
it
displays
the
following
output:

HELLO
world

Because
they
are
interoperable,
web
services
can
be
called
from
different
programming
languages.
The
fol-
lowing
PHP
script
uses
the
web
service:

When
you
run
this
script,
it
displays
the
following
output:

Hello,
world

HELLO
world

Web
Service
Description
Language

A
web
service
consists
of
one
or
more
functions,
each
of
which
performs
a
specific
task
and
normally
returns
a
specific
result.
Within
the
web
service,
each
function
has
a
unique
name
and
may
receive
zero
or
more
parameter
values.
For
example,
a
web
service
function
called
HousePayment
might
receive
parameter
values
for
the
principal,
interest
rate,
and
length
of
the
loan.
Behind
the
scenes,
the
web
service
uses
a
Web
Service
De­
scription
Language
(WSDL)
file
to
describe
the
web
service
and
its
methods.
Programs
that
use
the
web
ser-
vice
will
use
the
WSDL
file
to
determine
the
available
functions,
parameter
types,
and
more.
The
following
statements,
for
example,
contain
the
WSDL
statements
for
the
previous
web
service
that
provides
the
Uppercase
and
Lowercase
methods.
Within
the
WSDL,
you
can
de-
termine
the
methods
supported,
the
values
returned,
and
the
types
of
parameters
received:

Governing
Web
Services

Chapter
15,
Governing
the
Cloud,
examines
the
process
of
governing
cloud
operations
to
confirm
that
ap-
plications
work
correctly
and
are
protected
from
poten-
tial
malicious
modification
by
an
external
source.
A
web
service
is
program
code
that
resides
on
a
server
that
be-
longs
to
the
company
whose
programs
use
the
service,
or

on
a
server
owned
by
a
third
party.
Before
a
developer
uses
a
web
service
within
an
application,
the
company’s
IT
staff
should
ensure
that
the
web
service
implementa-
tion
and
deployment
satisfies
their
policies
and
proce-
dures.
These
may
include
requirements
such
as
the
following:

•  The
solution
must
be
developed
and
deployed
by
a
rep-
utable
company.

•  The
solution
cannot
be
dynamically
changed
or
updat-
ed
without
the
company’s
notification
and
approval.

•  The
solution
must
provide
secure
communications
to
avoid
threats
such
as
a
man-in-the-middle
attack.

•  The
solution
must
be
scalable
to
meet
potential
demand.

•  The
solution
must
be
able
to
be
validated.

CHAPTER
SUMMARY

Developers
often
refer
to
the
major
components
of
a
soft-
ware
system
as
the
system’s
architecture.
To
leverage
the
distributed
nature
of
the
cloud,
developers
make
exten-
sive
use
of
SOA.
Using
this
architecture,
developers
build
systems
by
taking
advantage
of
distributed
web
services,
which
may
reside
on
a
server
anywhere
across
the
Web.
Traditionally,
programs
call
the
remote
web
service
the
same
way
it
calls
a
function
or
subroutine,
passing
op-
tional
parameters
to
the
service
and
waiting
for
an
op-
tional
response.
Today,
companies
such
as
Amazon
and
eBay
offer
a
wide
range
of
web
services
that
perform
spe-
cific
tasks,
which
programmers
can
integrate
into
the
ap-
plications
they
create.
This
chapter
examined
SOA
and
its
implementation
through
web
services.

KEY
TERMS

Architecture

Black
box

Coupling

Interoperability

Loosely
coupled

Method

Service­oriented
architecture
(SOA)

Web
Service
Description
Language
(WSDL)

CHAPTER
REVIEW

1.
Define
software
architecture.

2.
Define
and
describe
SOA.

3.
Compare
and
contrast
a
web
page
and
a
web
service.

4.
Search
the
Web
for
companies
that
offer
web
services
and
then
describe
three
to
five
web
services
that
pro-
grammers
might
integrate
into
the
applications
they
create.

5.
Discuss
what
it
means
for
a
web
service
to
be
interoperable.

chapter
12

Managing the Cloud
OFTEN,
BY
MOVING
A
solution
to
the
cloud,
IT
man-
agers
shift
a
great
deal
of
day-to-day
management
from
their
in-house
department
to
the
cloud-solution
provider.
That
said,
the
IT
manager
must
not
relinquish
oversight
and
responsibility
for
performance
and
data
management.
Instead,
he
or
she
must
provide
essential
oversight
of
the
key
system
operations.

Learning
Objectives

This
chapter
examines
essential
cloud-management
op-
erations.
By
the
time
you
finish
this
chapter,
you
will
be
able
to
do
the
following:

•   Discuss
components
often
found
within
a
service-level
agreement.

•   Define
and
discuss
vendor
lock-in
and
specify
steps
a
manager
should
take
to
reduce
this
risk.

•   Discuss
a
manager’s
potential
use
of
audit
logs
to
identify
system
bottlenecks
and
resource
use.

•   List
the
specific
aspects
of
the
cloud
deployment
that
a
manager
must
oversee.

Know
Your
Service-Level
Agreement

When
you
contract
with
a
cloud-solution
provider,
part
of
your
contract
will
contain
a
service-level
agreement
(SLA),
which
defines
the
levels
of
service
the
provider
will
meet.
Common
components
of
an
SLA
include
the
following:

•  System
uptime,
normally
expressed
as
a
percentage,
such
as
99.9
percent

•  Run-time
monitoring
capabilities
and
event
notification

•  Billing
policy
for
various
types
of
resource
use
(e.g.,
CPUs,
disk
space,
and
databases)

•  Technical
support
operations
(e.g.,
call-time
delay
and
event
response
time)

•  Data-privacy
policy

•  Multitenant
systems
and
applications

•  Customer
and
provider
roles
and
responsibilities

•  Backup
policies
and
procedures

•  Resolution
steps
in
case
provider
fails
to
meet
the
ser-
vice
levels

CASE
12-1
APICA
CLOUD
LOAD
PERFORMANCE
TESTING

A
key
responsibility
of
cloud
managers
is
to
monitor
sys-
tem
performance.
Several
sites
in
the
cloud
provide
re-
sponse
time-based
cloud
performance
monitoring;
oth-
ers
provide
load
testing,
which
measures
how
a
site
will
perform
during
high
user
demand.
The
Apica
website,
shown
in
FIGURE
12­1,
provides
both
types
of
testing,
as
well
as
cache-utilization
assistance,
which
the
company
says
will
significantly
improve
a
site’s
responsiveness.

Exercise
Discuss
how
a
company
might
deploy
load
testing
and
the
specific
types
of
tests
the
process
might
include.

Web
Resources
For
more
information
on
Apica,
visit
www.CloudBookContent.com/Chapter12/index.html.

http://www.cloudbookcontent.com/Chapter12/index.html

FIGURE
12­1
The
Apica
site
offers
performance
moni-
toring,
load
testing,
and
assistance
in
configuring
a
site’s
cache
settings.

Ensure
and
Audit
System
Backups

Chapter
6,
Data
Storage
in
the
Clouds,
discusses
cloud-
based
backups
in
detail.
Managers
should
consider
dif-
ferent
forms
of
backups.
First,
your
company
may
back
up
user
files
from
on-site
computers
to
disks
that
reside
within
the
cloud.
Hopefully
you
will
never
require
these
backups;
but
regardless,
you
should
periodically
audit
the
backups,
perhaps
by
checking
that
you
can
success-
fully
restore
randomly
selected
files
of
different
users.

CASE
12-2
DISTRIBUTED
MANAGEMENT
TASK
FORCE
CLOUD-MANAGEMENT
STANDARDS

The
Distributed
Management
Task
Force
(DMTF)
con-
sists
of
hundreds
of
organizations
and
thousands
of
members
who
work
to
provide
IT
standards.
As
shown
in
FIGURE
12­2,
the
DMTF
provides
standards
and
recom-
mendations
for
managing
the
cloud
and
virtual
solutions.

Exercise
Review
the
DMTF
cloud-management
recom-
mendations.
List
the
top
10
recommendations.

Web
Resources
For
more
information
on
the
DTMF
cloud-management
standards,
visit
www.CloudBook-

http://www.cloudbookcontent.com/Chapter12/index.html

Content.com/Chapter12/index.html.

FIGURE
12­2
The
DMTF
provides
cloud-management
standards
and
recommendations.

Second,
if
the
cloud
provider
stores
some
or
all
of
your
company
data,
you
must
understand
the
provider’s
back-
up
process
(and
include
it
in
the
SLA).
For
governance
purposes,
you
should
know
if
the
data
is
encrypted,
who
has
access
to
it,
and
if
it
is
replicated
to
a
remote
facility.
If
it
is
backed
up
to
another
location,
you
must
know
where
and
how
often.

Additionally,
if
the
provider
uses
a
database
to
store
your
company
data,
you
need
to
know
if
and
how
the
data
is
replicated
and
whether
your
company’s
information
is
stored
in
a
private
or
multitenant
database.
You
should
also
know
the
system’s
guaranteed
uptime.

Know
Your
System’s
Data
Flow

Often,
developers
and
managers
think
of
a
cloud
solution
as
a
black
box,
which
means
that
they
know
what
the
sys-
tem
does
but
not
how
it
does
it.
Chapter
15,
Governing
the
Cloud,
discusses
the
role
of
internal
controls
in
pro-
viding
stakeholders
with
confidence,
first
and
foremost,
that
a
solution
works
correctly;
second,
that
the
solution
cannot
be
manipulated
by
external
factors;
and
third,
that
the
solution
is
auditable.

Managers
should
create
a
detailed
process-flow
diagram
that
shows
the
movement
of
company
data
throughout

http://www.cloudbookcontent.com/Chapter12/index.html

the
cloud
solution.
They
should
also
identify
within
the
dataflow
various
points
for
the
placement
of
internal
controls
or
auditing.

CASE
12-3
EMBOTICS
CLOUD
AND
VIRTUALIZATION
MANAGEMENT
TOOLS

For
many
IT
professionals,
managing
device
virtualiza-
tion
and
cloud
deployment
is
a
daunting
task.
To
facili-
tate
the
process,
Embotics
offers
V-Commander,
an
off-
the-shelf-product
that
offers
life
cycle
solutions
for
man-
aging
private
cloud
deployments
and
optimizing
the
un-
derlying
virtual
devices.
As
shown
in
FIGURE
12­3,
Em-
botics
states
that
with
its
product
an
IT
team
can
install
the
software
and
manage
the
cloud
within
one
hour.

Exercise
Discuss
how
cloud-management
considera-
tions
may
vary
across
the
life
cycle
of
a
cloud-based
solution.

Web
Resources
For
more
information
on
Embotics,
visit
www.CloudBookContent.com/Chapter12/in-
dex.html.

FIGURE
12­3
Embotics
provides
tools
to
assist
in
cloud
management.

Beware
of
Vendor
Lock-In

Relationships
can
go
bad—even
those
with
a
cloud-solu-
tion
provider.
The
agreement
you
sign
with
a
cloud
provider
should
stipulate
exit
procedures
in
case
the

http://www.cloudbookcontent.com/Chapter12/index.html

p p p
provider
fails
to
meet
the
service
levels
or
breaches
any
other
aspect
of
the
contract.

IT
managers
must
be
able
to
control
their
company’s
data.
In
the
event
of
a
worst-case
scenario,
a
manager
must
be
able
to
export
the
company
data,
ideally
to
a
file
that
can
be
imported
by
another
provider.
Managers
should
test
this
capability
before
a
problem
arises.

Vendor
lock-in
occurs
when
a
provider
does
not
support
data
export
or
when
a
provider’s
service
is
unavailable
through
others.
Thus,
the
customer
is
“locked
in”
to
the
relationship
with
the
vendor.
If
this
happens,
a
company
may
have
to
put
up
with
breaches
of
its
SLA
because
it
has
no
other
place
to
move
its
data.
Managers
should
consider
the
risk
of
vendor
lock-in
before
they
enter
into
a
provider
agreement.

Source­Code
Escrow

Companies
fail.
Therefore,
managers,
should
perform
due
diligence
on
a
cloud-solution
provider
before
they
enter
into
an
agreement.
The
manager
may
want
to
arrange
a
source
code
escrow
agreement,
which
places
a
copy
of
the
provider’s
programming
language
source
code
with
a
third-party
escrow
company.
Then,
if
the
so-
lution
provider
fails,
the
company
can
acquire
and
de-
ploy
the
source
code,
put
it
on
its
own
system,
and
imple-
ment
the
provider’s
solution.

CASE
12-4
JITTERBIT
CLOUD
INTEGRATION

Many
organizations
use
multiple
cloud-based
solutions
provided
by
a
variety
of
providers.
Often,
IT
managers
must
integrate
the
various
solutions,
such
as
combining
sales
and
financial
data,
or
human
resource
and
enter-
prise-resource
planning
solutions.
Jitterbit,
as
shown
in
FIGURE
12­4,
provides
integration
for
cloud-based
solu-
tions
without
the
need
for
programming.
Jitterbit
pro-
vides
a
drag-and-drop
interface
that
allows
a
manager
to
define
how
applications
integrate
and
share
data.
For
companies
with
in-house
developers,
Jitterbit
provides
advanced
scripting
tools
so
that
developers
can
incorpo-
rate
business
rules
into
the
data-integration
process.

Exercise
Discuss
challenges
associated
with
integrating
data
from
different
cloud-based
solutions.

Web
Resources
For
more
information
on
Jitterbit
ca-
pabilities,
visit
www.CloudBookContent.com/Chapter12/index.html.

FIGURE
12­4
Jitterbit
provides
a
drag-and-drop
tool
for
data
integration
across
cloud-based
solutions.

Determine
Technical
Support
and
Help
Desk
Procedures

Depending
on
the
solutions
it
places
in
the
cloud,
a
com-
pany
may
have
various
help
desk
support
requirements.
For
example,
in
the
case
of
a
Solution
as
a
Service
(SaaS)
solution,
the
cloud-solution
provider
may
provide
soft-
ware
technical
support.
For
Platform
as
a
Service
(Paas)
or
Infrastructure
as
a
Service
(IaaS)
solutions,
however,
the
company
may
provide
software
technical
support.
There
may
also
be
shared
support
responsibilities.
In
all
cases,
an
IT
manager
should
ensure
that
the
support
specifics
are
defined
within
the
SLA.

Determine
Training
Procedures

To
be
successful,
large-scale
cloud
applications
often
re-
quire
user
training
before,
during,
and
after
the
integra-
tion.
For
SaaS
solutions,
the
cloud-service
provider
nor-
mally
provides
user
training.
Depending
on
the
applica-
tion’s
processing,
the
company
may
need
to
augment
the
training
with
in-house
instruction.
The
IT
manager
should
stipulate
the
training
responsibilities
within
the
SLA.

http://www.cloudbookcontent.com/Chapter12/index.html

CASE
12-5
NETUITIVE
PREDICTIVE
ANALYTICS
AND
CLOUD
MANAGEMENT

Predictive
analytics
tools
perform
statistical
analysis
to
predict
future
behavior.
Netuitive
integrates
predictive
analytics
to
provide
IT
managers
with
insights
into
how
a
solution
will
work
under
different
conditions.
Netuitive
software
can
monitor
a
group
of
integrated
or
stand-
alone
cloud-based
solutions.
The
software’s
self-learning
capabilities
allow
the
software
to
identify
demand
trends
and
more.
As
shown
in
FIGURE
12­5,
Netuitive
provides
a
dashboard
and
drill-down
reporting.

Exercise
Discuss
factors
a
company
might
want
to
con-
sider
before
using
predictive
analytics
of
a
cloud-based
solution.

Web
Resources
For
more
information
on
Netuitive
predictive
analytics,
visit
www.CloudBookContent.com/Chapter12/index.html.

FIGURE
12­5
Netuitive
provides
predictive
analytics
that
an
IT
manager
can
use
to
model
a
site’s
future
behavior.

Know
the
Provider’s
Security
Policies
and
Procedures

As
discussed
throughout
this
book,
many
clients
are
ap-
prehensive
about
storing
their
data
in
the
cloud.
To
re-
duce
these
concerns,
IT
managers
should
thoroughly
un-
derstand
the
provider’s
security
plans,
policies,
and
pro-
cedures.
Specifically,
a
manager
should
be
aware
of
the

http://www.cloudbookcontent.com/Chapter12/index.html

provider’s
multitenant
use,
e-commerce
processing,
em-
ployee
screening,
and
encryption
policy.
He
or
she
should
examine
the
provider’s
use
of
firewalls,
intrusion
detection,
and
security
mechanisms.
These
security
fac-
tors
should
be
defined
in
the
SLA.

Define
the
Data
Privacy
Requirements

If
a
company
has
specific
data-privacy
requirements,
such
as
the
Health
Insurance
Portability
and
Account-
ability
Act
(HIPAA)
for
health
care
or
the
Family
Educa-
tional
Rights
and
Privacy
Act
(FERPA)
for
student
data,
it
should
ensure
that
the
SLA
details
the
specific
requirements.

CASE
12-6
NEW
RELIC
CLOUD-PERFORMANCE
MONITORING

When
it
comes
to
cloud-performance
monitoring,
most
managers
spend
80
percent
of
their
time
monitoring
20
percent
of
a
solution’s
code
(see
Chapter
19
and
the
Pare-
to
Principle).
New
Relic,
shown
in
FIGURE
12­6,
pro-
vides
monitoring
software
that
will
examine
system
per-
formance
to
identify
potential
bottlenecks.
New
Relic
software
supports
most
common
programming
lan-
guages
and
can
be
easily
integrated
into
a
site.

Exercise
Discuss
common
bottleneck
locations
within
cloud-based
solutions.

Web
Resources
For
more
information
on
New
Relic
cloud-performance
monitoring,
visit
www.CloudBook-
Content.com/Chapter12/index.html.

http://www.cloudbookcontent.com/Chapter12/index.html

FIGURE
12­6
New
Relic
provides
cloud-performance
monitoring
and
bottleneck
identification.

Know
Specifics
About
the
Economics
of
the
Cloud
and
Return
on
Investment

Chapter
16,
Evaluating
the
Cloud’s
Business
Impact
and
Economics,
examines
the
financial
considerations
for
moving
a
solution
to
the
cloud.
An
IT
manager
must
evaluate
the
cloud’s
impact
on
capital
as
well
as
opera-
tional
expenses.
Managers
should
prepare
a
budget
that
compares
the
on-site
costs
to
the
cloud-based
solution
costs.
Chapter
16
presents
several
online
tools
that
can
help
managers
produce
such
budgets.

CASE
12-7
STRANGELOOP
SITE
OPTIMIZATION

Across
the
cloud,
developers
strive
for
web
pages
that
load
in
two
or
three
seconds
or
less.
There
are
a
variety
of
site
performance
monitoring
tools
you
can
use
to
mea-
sure
a
site’s
responsiveness.
That’s
the
easy
part.
The
hard
part
is
making
slow
pages
load
faster.
Often,
that
requires
a
company
to
take
steps
such
as
eliminating
or
compressing
graphics,
compressing
text,
and
improving
cache
utilization.
In
the
age
of
increasing
bandwidth,
many
web
managers
may
ask,
“What’s
the
big
deal
about
a
one-
to
two-second
delay?”
Research
shows,
however,
that
such
delays
are
why
customers
log
off
of
websites!
Strangeloop,
shown
in
FIGURE
12­7,
provides
a
site-opti-
mizing
solution
that
companies
can
easily
deploy
to
im-
prove
their
site’s
performance.

FIGURE
12­7
Strangeloop
provides
site-optimizing
so-
lutions
that
are
easily
integrated
by
cloud-based
solutions.

From
the
Strangeloop
website,
you
can
evaluate
a
specif-
ic
site.
For
example,
FIGURE
12­8
shows
a
performance
report
created
by
Strangeloop.

Exercise
Use
the
Strangeloop
site
to
evaluate
a
site
of
your
choice.
Discuss
the
insights
you
gained
from
the
report.

Web
Resources
For
more
information
on
Strangeloop
reporting,
visit
www.CloudBookContent.com/Chapter12/index.html.

http://www.cloudbookcontent.com/Chapter12/index.html

FIGURE
12­8
A
site
performance
report
created
by
Strangeloop.

Monitor
Capacity
Planning
and
Scaling
Capabilities

Chapter
19,
Application
Scalability,
examines
capacity
planning
and
scalability
issues
in
detail.
For
SaaS
solu-
tions,
the
cloud-solution
provider
will
scale
the
site
to
match
user
demand.
An
IT
manager,
however,
must
de-
fine
in
advance
key
response-time
metrics
the
solution
must
provide
and
then
include
those
measures
within
the
SLA.

For
PaaS
and
IaaS
solutions,
the
IT
manager
must
ini-
tially
estimate
the
solution’s
capacity
plan,
which
defines
the
resources
the
solution
will
need
to
operate
satisfacto-
rily.
The
IT
manager
should
also
estimate
the
site’s
po-

tential
growth
and
define,
with
the
help
of
the
solution
provider,
the
plan
for
scaling
the
site
resources
as
well
as
the
related
costs.

Several
sites
within
the
cloud
provide
system-perfor-
mance
reports
that
managers
can
use
to
measure
current
performance
and
the
potential
system
benefit
from
scal-
ing
specific
resources.

Monitor
Audit-Log
Use

To
identify
potential
system
bottlenecks,
detect
errors
within
the
system,
and
identify
system-resource
use,
the
IT
manager
may
examine
various
system
log
files.
In
a
PaaS
or
IaaS
solution,
the
manager
can
likely
turn
on
the
log
file
reporting
that
meets
his
or
her
needs.
For
a
SaaS
solution,
the
manager
should
discuss
in
advance
with
the
cloud
service
provider
the
various
logs
that
will
be
avail-
able
and
the
costs
of
running
them,
both
in
terms
of
dol-
lars
and
system
performance.

CASE
12-8
UPTIME
SOFTWARE

Too
often,
cloud-solution
managers
do
not
know
that
a
system
error
has
occurred
until
a
user
reports
one.
With
Uptime,
IT
managers
can
easily
monitor
a
wide
range
of
servers
and
produce
resource
utilization
reports
similar
to
that
shown
in
FIGURE
12­9.
Companies
can
download,
install,
and
use
a
trial
version
of
the
Uptime
software
from
the
company
website.

Exercise
Discuss
how
you
would
determine
a
return
on
investment
for
system-event
notification,
such
as
a
sys-
tem
failure.

Web
Resources
For
more
information
on
Uptime,
visit
www.CloudBookContent.com/Chapter12/index.html.

http://www.cloudbookcontent.com/Chapter12/index.html

FIGURE
12­9
The
Uptime
site
provides
system
moni-
toring
and
utilization
reporting
capabilities
a
site
manag-
er
can
easily
implement.

Solution
Testing
and
Validation

Just
because
a
company
provides
a
solution
does
not
mean
that
the
solution
is
error
free.
An
IT
staff
using
a
cloud-based
solution
must
test
the
solution
and
periodi-
cally
audit
key
processing
to
confirm
that
the
application
is
providing
correct
results.
In
particular,
a
cloud-service
provider
will
often
perform
patch
management
and
ver-
sion
updates.
The
IT
staff
should
be
aware
of
all
system
modifications
and
test
accordingly.

CHAPTER
SUMMARY

IT
managers,
by
moving
a
solution
to
the
cloud,
shift
considerable
day-to-day
management
issues
from
their
IT
department
to
the
cloud-solution
provider.
However,
an
IT
manager
must
not
relinquish
the
oversight
and
re-
sponsibility
for
performance
and
management.
Instead,
the
manager
must
provide
essential
oversight
of
the
key
system
operations.
The
manager’s
key
tool
for
managing
the
cloud-service
provider
is
the
SLA,
which
should
con-
tain
specifics
about
key
performance
issues,
policies
and
procedures,
and
clear
definitions
of
all
levels
of
responsibility.

KEY
TERMS

Load
testing

Predictive
analytics

CHAPTER
REVIEW

1.
Discuss
key
items
that
should
be
included
in
an
SLA.

2.
Define
predictive
analytics
and
discuss
how
an
IT
manager
might
use
such
analytics.

3.
Discuss
how
an
IT
manager
might
use
load
testing
on
a
site.

4.
Define
and
discuss
vendor
lock-in
and
identify
steps
a
company
should
take
to
mitigate
this
risk.

5.
With
respect
to
cloud-based
solutions,
list
and
discuss
5
to
10
operations
or
tasks
an
IT
manager
should
oversee.

chapter
13

Migrating to the Cloud
FROM
A
TECHNICAL
PERSPECTIVE,
an
applica-
tion
can
be
moved
to
the
cloud
quickly.
There
are
a
myri-
ad
of
cloud-solution
providers
who
will
eagerly
assist
by
giving
you
instant
access
to
cloud-based
servers,
data
storage,
and
support.
That
said,
like
all
IT
projects,
the
process
of
moving
an
application
to
the
cloud,
or
the
process
of
creating
and
deploying
a
new
cloud
applica-
tion,
should
be
well
planned.
This
chapter
examines
is-
sues
that
should
be
considered
before
you
move
an
appli-
cation
to
the
cloud.

Learning
Objectives

This
chapter
examines
the
process
of
moving
ap-
plications
to
the
cloud.
By
the
time
you
finish
this
chap-
ter,
you
will
be
able
to
do
the
following:

•   Define
requirements
for
migrating
an
application
to
the
cloud.

•   Describe
the
importance
of
backing
up
data
before
and
after
moving
an
application
to
the
cloud.

•   Appreciate
the
benefit
of
using
experienced
consul-
tants
to
assist
with
a
cloud
migration.

•   Describe
an
application
in
terms
of
its
resource
use.

•   Define
and
describe
vendor
lock-in
and
discuss
ways
to
avoid
it.

•   Describe
the
importance
of
training
employees
before,
during,
and
after
a
cloud
migration.

•   Describe
the
importance
of
establishing
a
realistic
cloud-deployment
schedule.

•   Discuss
key
budget
factors
impacted
by
the
cloud.

•   Discuss
potential
IT
governance
issues
related
to
the
cloud.

•   Define
and
describe
cloud
bursting.

Define
the
System
Goals
and
Requirements

All
IT
projects
should
begin
with
specific
requirements.
The
process
of
taking
an
application
to
the
cloud,
known
as
cloud
migration,
is
no
exception.
As
you
begin
to
define
your
solution’s
requirements,
consider
the
follow-
ing
common
issues:

•  Data
security
and
privacy
requirements

•  Site
capacity
plan—the
resources
that
the
application
initially
needs
to
operate

•  Scalability
requirements—the
measurable
factors
that
should
drive
scaling
events

•  System
uptime
requirements

•  Business
continuity
and
disaster
requirements

•  Budget
requirements

•  Operating
system
and
programming
language
requirements

•  Type
of
cloud—public,
private,
or
hybrid

•  Single
tenant
or
multitenant
solution
requirements

•  Data
backup
requirements

•  Client
device
requirements,
such
as
computer,
tablet,
or
smartphone
support

•  Training
requirements

•  Help
desk
and
support
requirements

•  Governance
and
auditing
requirements

•  Open
source
software
requirements
(some
people
be-
lieve
that
open
source-based
cloud
solutions
reduce
the
risk
of
vendor
lock-in)

•  Programming
API
requirements

•  Dashboard
and
reporting
requirements

•  Client
access
requirements

•  Data
export
requirements

After
you
define
your
application
requirements,
discuss
each
in
detail
with
potential
cloud-solution
providers.
Make
sure
you
define
all
of
your
system
requirements
clearly
within
the
Service-level
agreement
(SLA).

CASE
13-1
CLOUDSWITCH
CLOUD
MIGRATION

Many
companies
have
enterprise-based
applications
that
are
widely
used
by
their
employees.
These
ap-
plications,
therefore,
are
mission
critical.
CloudSwitch
provides
a
downloadable
application
that
companies
can
install
within
their
data
center
that
securely
maps
the
company’s
on-site
applications
to
a
cloud-based
solution
in
a
matter
of
minutes.
In
other
words,
CloudSwitch,
shown
in
FIGURE
13­1,
provides
a
way
for
companies
running
Windows
or
Linux
solutions
to
migrate
quickly
to
the
cloud.
The
CloudSwitch
migration
program
re-
quires
no
programming
or
development.
Additionally,
CloudSwitch
provides
a
suite
of
cloud-management
tools
that
the
IT
staff
can
use
to
manage
the
solution
after
it
moves
to
the
cloud.

Exercise
Most
IT
projects
fail
or
come
in
over
budget.
Discuss
steps
you
would
take
to
reduce
the
risk
of
failure
of
a
cloud-migration
project.

Web
Resources
For
more
information
on
Cloud-
Switch,
visit
www.CloudBookContent.com/Chapter13/index.html.

http://www.cloudbookcontent.com/Chapter13/index.html

FIGURE
13­1
CloudSwitch
provides
tools
to
migrate
applications
to
the
cloud
and
then
to
manage
the
appli-
cation
within
the
cloud.

Protect
Your
Existing
Data

Before
you
begin
your
application
migration
to
a
cloud
provider,
make
sure
that
you
back
up
your
data
so
that
you
can
revert,
if
necessary,
to
a
known
restore
point.
Then,
be
sure
that
you
and
the
provider
agree
to
the
backup
procedures
that
will
be
employed
after
they
take
control
of
your
data.
As
discussed,
it
is
easy
to
move
a
so-
lution
to
a
cloud
provider.
You
need
to
ensure
that
it
is
equally
easy
to
move
out
of
the
cloud
if
necessary

Furthermore,
if
your
company
has
specific
privacy
re-
quirements,
such
as
those
of
the
Health
Insurance
Priva-
cy
and
Portability
Act
(HIPAA)
for
health
care,
or
of
the
Family
Educational
Rights
and
Privacy
Act
(FERPA)
for
education,
have
your
provider
state
explicitly,
in
writing,
its
data
privacy
policies
and
procedures.

Use
an
Experienced
Cloud
Consultant

Moving
a
solution
to
the
cloud
is
a
learning
experience.
The
process
has
many
options
and
a
wide
range
of
poten-
tial
pitfalls.
Many
companies
provide
consultants
who
are
experienced
in
the
cloud
migration
process.
Before
you
begin
your
application’s
migration
to
the
cloud,
you
should
consider
hiring
a
consultant.
In
most
cases,
you
will
find
that
this
saves
you
money
in
the
end
by
helping
you
avoid
costly
mistakes.

CASE
13-2
3TERA
CLOUD
SOLUTIONS

Formerly
know
as
Computer
Associates,
CA
Technolo-
gies
provides
a
wide
range
of
services
and
solutions
to
companies
migrating
to
the
cloud.
To
drive
its
cloud
of-
ferings,
CA
Technologies
acquired
3Tera,
a
company
that
helps
businesses
move
solutions
to
public
and
private
clouds
using
a
graphical
user
interface
(GUI)
tool.
As
shown
in
FIGURE
13­2,
the
3Tera
website
offers
a
turnkey
cloud-computing
platform,
driven
by
the
compa-
ny’s
AppLogic
software,
which
allows
large
(enterprise)
or
small
companies
to
migrate
to
the
cloud
through
the
use
of
the
3Tera
virtual
appliance,
a
device
that
behaves
very
much
like
a
virtual
machine.
As
user
demand
for
an
application
grows,
3Tera
can
easily
scale
solutions.

Exercise
Visit
the
3Tera
site
and
research
the
compa-
ny’s
virtual
appliance.
Discuss
how
the
appliance
differs
from
a
server.

Web
Resources
For
more
information
on
3Tera,
visit
www.CloudBookContent.com/Chapter13/index.html.

FIGURE
13­2
3Tera
supports
cloud
migration
through
the
use
of
its
AppLogic
software.

Know
Your
Application’s
Current
Characteristics

Before
you
move
your
application
to
the
cloud
where
you
might
face
scaling
issues,
be
sure
that
you
monitor
your
application
to
identify
its
key
performance
indicators:

•
Demand
periods:
Does
the
application
have
periods
of
high
or
low
demand,
such
as
8
A.M.
to
5
P.M.?

•  Average
users:
How
many
users
typically
use
the
system
simultaneously?

•  Disk­storage
requirements:
What
are
the
applica-
tion’s
typical
disk-storage
needs?
Are
the
files
permanent
or
temporary?
Are
most
operations
read
or
write
operations?

•  Database­storage
requirements:
What
are
the
ap-
plication’s
database
requirements?
Is
the
database
repli-
cated
in
real
time?
What
is
the
application’s
database
read/write
ratio?

•  RAM
use:
What
is
the
application’s
range
of
physical
and
virtual
memory
use?

http://www.cloudbookcontent.com/Chapter13/index.html

•  Bandwidth
consumption:
What
is
the
application’s
bandwidth
requirement?

•  Caching:
How
does
the
application
currently
cache
data?

Remember
Vendor
Lock-In

Vendor
lock­in
occurs
when
a
vendor
makes
it
difficult
for
a
company
to
switch
to
another
provider,
even
if
the
vendor
has
failed
to
fulfill
the
SLA.
This
lock-in
may
oc-
cur
because
the
vendor
is
unable
to
export
data
com-
pletely
or
because
the
vendor
provides
services
its
com-
petitors
do
not.
A
cloud-service
provider
should
make
it
easy
for
clients
to
move
to
another
provider
in
the
event
that
the
provider
fails
to
meet
one
or
more
of
the
SLA
requirements.

In
the
case
of
a
Platform
as
a
Service
(PaaS)
or
In-
frastructure
as
a
Service
(IaaS)
provider,
moving
a
com-
pany’s
applications
and
data
should
be
relatively
straightforward.
Moving
from
a
Software
as
a
Service
(SaaS)
provider,
however,
may
prove
to
be
more
difficult
because
of
the
specific
capabilities
of
the
vendor,
upon
which
the
company
relies.
To
reduce
the
risk
of
vendor
lock-in,
many
companies
seek
providers
who
support
“open”
solutions,
which
use
open
source
software
such
as
Linux,
PHP,
and
MySQL.

CASE
13-3
KAYAKO
HELP
DESK
SOLUTIONS

Change-management
consultants
often
cite
the
integra-
tion
of
a
trained
help
desk
staff
as
key
to
an
application’s
successful
integration.
Kayako,
shown
in
FIGURE
13­3,
provides
a
variety
of
key
help
desk
tools
that
a
company
should
consider
before
migrating
a
solution
to
the
cloud.
The
following
are
features
of
the
Kayako
software:

•  Support
ticket
management

•  Ticket
escalation
support

•  Live
support
desk
chat
software

•  Voice
over
Internet
protocol
(VoIP)
phone
integration

•  Remote
computer
access

Exercise
Discuss
a
company’s
help
desk
requirements
for
SaaS,
PaaS,
and
IaaS
cloud
integrations.

Web
Resources
For
more
information
on
Kayako
help
solutions,
visit
www.CloudBookContent.com/Chapter13/index.html.

FIGURE
13­3
Kayako
provides
cost-effective
help
desk
tools
to
support
software
deployments.

Define
Your
Training
Requirements

To
reduce
employee
stress
during
an
application’s
migra-
tion
to
the
cloud
and
to
increase
employee
productivity
with
the
cloud-based
tools,
you
should
consider
training
before,
during,
and
after
the
cloud
migration.
As
you
de-
fine
your
training
requirements,
consider
the
following:

•  Employee
preparedness
for
the
SaaS
solution

•  Developer
training
on
the
solution
application
pro-
gram
interfaces
(APIs)

•  Administrator
training
for
cloud-based
operations

•  IT-audit
group
training
for
corporate
governance
is-
sues
and
internal
controls

•  Help
desk
support
preparedness
training

•  Business
continuity
and
disaster
preparedness
training

Given
the
cloud’s
cost-effective
ability
to
deploy
solu-
tions,
training
may
prove
to
be
one
of
the
most
expensive
aspects
of
the
company’s
cloud
migration.

http://www.cloudbookcontent.com/Chapter13/index.html

CASE
13-4
RIGHTSCALE
CLOUD
APPLICATION
MANAGEMENT

RightScale,
shown
in
FIGURE
13­4,
provides
a
fully
au-
tomated
cloud-management
platform
that
lets
compa-
nies
deploy
cloud-based
solutions
across
one
or
more
clouds.
RightScale
provides
its
cloud-management
soft-
ware
as
a
SaaS
solution
that
lets
customers
deploy
and
manage
their
solutions
quickly.
The
RightScale
website
also
features
valuable
videos,
white
papers,
and
forums
that
focus
on
cloud
computing.

Exercise
Discuss
a
scenario
within
which
a
company
might
have
to
manage
multiple
cloud
solutions.

Web
Resources
For
more
information
on
RightScale,
visit
www.CloudBookContent.com/Chapter13/in-
dex.html.

FIGURE
13­4
RightScale
provides
support
for
applica-
tion
deployment
to
one
or
more
clouds.

Establish
a
Realistic
Deployment
Schedule

Cloud-solution
providers
can
quickly
deploy
solutions.
Despite
that,
you
should
set
a
deployment
schedule
that
provides
sufficient
time
for
training,
testing,
and
bench-
marking.
Many
organizations,
when
moving
a
new
appli-
cation
to
the
cloud
for
the
first
time,
will
establish
a
beta-
like
release
schedule
that
offers
employees
a
prerelease
opportunity
to
interact
with
the
software
and
provide
feedback.
Furthermore,
the
testing
period
may
provide
time
for
the
company
to
establish
early
system-perfor-
mance
benchmarks.

Review
the
Budget
Factors

http://www.cloudbookcontent.com/Chapter13/index.html

Chapter
16,
Evaluating
the
Cloud’s
Business
Impact
and
Economics,
examines
the
steps
you
should
perform
to
determine
the
return
on
investment
(ROI)
and
total
cost
of
ownership
for
a
cloud-based
solution.
In
Chapter
16,
you
will
learn
that
the
cloud’s
pay-for-use
model
signifi-
cantly
reduces
a
company’s
capital
expenditures
com-
pared
with
what
would
normally
be
required
to
fund
a
data
center.
Furthermore,
you
will
learn
that
because
of
a
cloud
provider’s
economies
of
scale,
the
providers
can
normally
offer
solutions
at
lower
cost
than
a
company
would
normally
pay
for
the
same
on-site
solution.

Before
you
move
to
the
cloud,
you
should
consider
key
budget
factors,
which
may
include
the
following:

•  Current
data
center
costs
breakdown,
including
the
following:

•
Rent

•
Power
and
air
conditioning

•
Colocation
costs

•
Server
costs

•
Data
storage
costs

•
Network
costs

•  Current
payroll
costs
for
existing
site
administrators
and
projections
for
possible
staff
reduction
opportunities

•  Current
costs
for
software
licenses
that
may
shift
to
the
cloud,
and
the
(lower)
projected
cloud-based
costs
for
the
software

•  Current
payroll
costs
for
patch
management
and
soft-
ware
version
updates

•  Current
hardware
maintenance
costs

In
Chapter
16,
you
will
find
many
cloud-based
tools
to
help
you
analyze
the
cloud’s
potential
economic
impact
on
your
company.

CASE
13-5
GOGRID
CLOUD
HOSTING

GoGrid
is
a
very
large
IaaS
solution
provider
that
pro-
vides
scalable
solutions
to
thousands
of
customers.
At
GoGrid
customers
can
acquire
on-demand
solutions
for
physical,
virtual,
or
hybrid
servers
at
cost-effective
pric-
ing
levels.
Additionally,
GoGrid
offers
solutions
for
load
balancing,
colocation,
and
cloud-based
data
storage.

Exercise
Discuss
the
pros
and
cons
of
using
a
large
cloud
provider
instead
of
a
smaller
provider.

Web
Resources
For
more
information
on
GoGrid,
visit
www.CloudBookContent.com/Chapter13/index.html.

Identify
IT
Governance
Issues

Chapter
15,
Governing
the
Cloud,
examines
the
IT
gover-
nance
process
and
how
the
cloud
extends
the
governance
requirements
for
your
IT
staff.
Before
you
migrate
an
ap-
plication
to
the
cloud,
consider
the
following
governance
requirements:

•  Identify
how
the
cloud
solution
aligns
with
the
compa-
ny’s
business
strategy.

•  Identify
and
define
the
internal
and
external
controls
the
company
will
need
within
the
application,
and
at
what
control
points,
in
order
to
validate
that
the
applica-
tion
is
performing
correctly
and
is
free
from
possible
ex-
ternal
modification.

•  Describe
risks
the
IT
staff
is
trying
to
mitigate
and
ways
the
cloud
can
help.

•  Describe
who
within
the
company
will
have
access
to
data
within
the
cloud
and
how
they
will
get
it.

•  Determine
who
within
the
cloud
provider’s
organiza-
tion
will
have
access
to
data
within
the
cloud
and
how
they
will
get
it.

•  Discover
how
the
cloud
provider
logs
errors
and
sys-
tem
events
and
how
you
can
access
them.

•  Determine
how
and
when
the
cloud
provider
performs
system
updates
and
patches.

•  Discover
which
performance-monitoring
tools
are
available
for
your
use.

http://www.cloudbookcontent.com/Chapter13/index.html

Understanding
Cloud
Bursting

One
of
the
cloud’s
biggest
advantages
is
its
ability
to
scale
on
the
fly
to
meet
user
demand.
Some
companies
that
run
on-site
applications
have
started
to
use
the
cloud
as
a
way
to
scale
their
applications
on
demand.
When
the
on-site
application
encounters
increased
user
demand,
the
application
expands
into
the
cloud
through
a
process
called
cloud
bursting,
as
shown
in
FIGURE
13­5.
When
the
user
demand
declines,
the
application
leaves
the
cloud.
Cloud
bursting
is
most
common
for
sea-
sonal
demand,
or
event-driven
demand,
such
as
the
load
on
Google
Maps
when
an
earthquake
or
other
natural
disaster
occurs.

FIGURE
13­5
Cloud
bursting
lets
a
company
extend
an
on-site
application
into
the
cloud
to
scale
temporarily
to
meet
user
demand.

CHAPTER
SUMMARY

An
application
can
be
moved
to
the
cloud
quickly—
cloud-solution
providers
are
eager
to
assist
with
cloud-
based
servers,
data
storage,
and
support.
In
other
words,
the
technical
aspects
of
moving
a
solution
to
the
cloud
are
not
difficult.
The
challenge,
for
most
businesses,
is
to
ensure
that
the
company
is
properly
trained,
has
estab-
lished
policies
and
procedures
for
cloud
operations,
and
has
put
in
place
necessary
governance
requirements.
As
with
all
IT
projects,
proper
planning
and
defining
the
re-
quirements
is
essential
before
a
company
begins
moving
an
application
to
the
cloud
or
creating
and
deploying
a
new
cloud
application.

KEY
TERMS

Cloud
bursting

Cloud
migration

Vendor
lock­in

CHAPTER
REVIEW

1.
List
and
describe
common
system
requirements
one
should
consider
before
moving
an
application
to
the
cloud.

2.
Discuss
why
a
company
should
consider
using
a
con-
sultant
to
oversee
a
cloud
migration
and
list
specific
skills
you
would
expect
the
consultant
to
have.

3.
List
and
discuss
resource
utilization
characteristics
one
should
monitor
for
an
application
prior
to
moving
the
application
to
the
cloud.

4.
List
possible
training
requirements
for
an
SaaS
solu-
tion
integration,
a
PaaS
application
migration,
and
an
IaaS
application
migration.

5.
List
and
describe
budget
considerations
one
should
evaluate
before
moving
an
application
to
the
cloud.

6.
List
and
describe
IT
governance
considerations
one
should
evaluate
before
moving
an
application
to
the
cloud.

7.
Define
and
describe
cloud
bursting.

chapter
14

Mobile Cloud Computing
IF
YOU
ASK
A
roomful
of
cloud
computing
experts
whether
the
cloud
is
driving
the
growth
of
mobile
com-
puting
or
mobile
computing
is
driving
the
growth
of
the
cloud,
the
results
will
be
mixed.
In
any
case,
within
a
few
years,
mobile
computing
will
be
a
trillion-dollar-a-year
business.
This
chapter
examines
various
aspects
of
mo-
bile
computing
and
the
underlying
use
of
the
cloud.

Learning
Objectives

This
chapter
examines
mobile
computing
in
the
cloud.
By
the
time
you
finish
this
chapter,
you
will
be
able
to
do
the
following:

•   Describe
the
evolution
of
mobile
computing.

•   Discuss
the
different
generations
of
cell
phones.

•   Discuss
the
ecosystem
that
comprises
the
mobile
web.

•   Describe
the
roles
of
phone
network
operators,
transcoders,
and
proxies.

•   Compare
and
contrast
web
pages,
applications,
and
widgets.

•   Discuss
the
importance
of
HTML5
with
respect
to
mo-
bile
development.

•   Describe
mobile
development
considerations.

The
Evolution
of
Mobile
Computing

If
you
list
inventions
that
have
had
the
biggest
impact
on
society,
from
the
automobile
to
airplanes
to
television
and
the
telephone,
the
cell
phone
may
(or
likely
eventu-
ally
will)
top
the
list.
It
is
important
to
note
that
in
less
than
30
years
the
cell
phone
has
evolved
from
a
heavy
cumbersome
device,
as
shown
in
FIGURE
14­1,
to
a
small
handheld
device
with
more
than
1
billion
users.
Today,
the
liveliest
sector
of
the
mobile
phone
market
is
“smart-
phones,”
which
integrate
computing
capabilities,
and
of-

ten
a
web
browser,
which
allows
the
phones
to
provide
a
wide
range
of
solutions.
Beyond
traditional
phone
calls,
users
use
smartphones
to
do
the
following:

FIGURE
14­1
In
less
than
30
years,
the
cell
phone
has
gone
from
a
cumbersome
device
used
by
early
adopters
to
a
handheld
device
used
worldwide.

•  Browse
websites,
including
Google,
Facebook,
eBay,
and
more

•  Place
face-to-face
video
calls
to
phones
and
computers

•  Perform
GPS-based
navigational
operations

•  Exchange
text
messages

•  Perform
e-commerce
operations

•  Run
a
myriad
of
applications
(apps)

Understanding
the
G
in
3G
and
4G

When
you
discuss
phone
capabilities,
you
will
hear
terms
such
as
3G
and
4G.
In
the
simplest
sense,
the
G
stands
for
generation.
A
4G
phone,
therefore,
is
a
fourth-gener-
ation
phone.
Although
there
are
standards
with
respect
to
the
potential
speeds
associated
with
each
generation,
the
speed
of
most
devices
today
depends
upon
the
loca-
tion
(some
cities
support
faster
speeds),
the
provider
net-

work,
and
the
phone
technology,
as
well
as
whether
the
user
is
moving
or
stationary.
TABLE
14­1
describes
the
key
generational
attributes.

TABLE
14­1


THE
COMMON
GENERATIONS
OF
CELL
PHONES

The
Mobile
Cloud
Ecosystem

An
ecosystem
is
an
environment
that
consists
of
living
and
nonliving
things
with
which
one
interacts.
Many
cloud-based
companies
use
the
term
ecosystem
to
de-
scribe
the
user’s
environment.
To
that
end,
you
might
de-
scribe
the
mobile-cloud
ecosystem
as
consisting
of
the
following:

•  Phone
class,
which
may
be
voice
or
face-to-face

•  Web
browsing

•  Apps
and
widgets

•  Voice
commands
and
voice
recognition

•  Display
screens

•  Transmission
speeds
for
upload
and
download
operations

•  Keyboard
interface

•  Touchscreens

The
mobile
cloud
consists
of
apps
and
web
pages
that
originate
from
sites
within
the
cloud
from
which
users
download,
or
with
which
they
interact
via
a
mobile
de-
vice.
If
you
are
creating
a
mobile
solution,
you
should

Generation Capability
1G First-generation
phones
supported
analog

communication.
2G Second-generation
phones
introduced

digital
communication.
3G Third-generation
phones
supported
faster

speeds,
which,
in
turn,
made
web
browsing
and
e-mail
readily
available.

4G Fourth-generation
phones
support
near
Wi-
Fi
speed,
which
enables
rich
media
and
video
streaming.

consider
how
your
solution
interacts
with
or
supports
the
various
mobile-device
ecosystem
components.

Introducing
the
Mobile
Players

To
understand
mobile
data
communication,
you
should
understand
the
players.
To
start,
the
operator,
or
net-
work,
is
the
company
that
makes
the
mobile
network
available.
Within
the
United
States,
mobile
operators
in-
clude
Verizon
and
AT&T.
In
the
simplest
sense,
the
oper-
ator
owns
the
cell
tower
through
which
the
data
commu-
nication
occurs.
Most
operators
will
provide
internal
groups
that
support
developers
in
bringing
mobile
solu-
tions
to
the
market.

Within
most
mobile
networks,
operators
will
place
spe-
cial
servers,
called
transcoders,
which
examine
the
con-
tent
a
mobile
device
is
downloading
from
a
website.
The
transcoder,
in
turn,
may
change
the
document
content,
such
as
changing
a
PNG
graphic
to
a
GIF
graphic
to
im-
prove
the
download
performance
or
device
display.
If
you
are
developing
mobile
content,
you
must
be
aware
of
how
the
transcoder
may
change
the
content.
FIGURE
14­
2,
for
example,
shows
how
a
transcoder
(in
this
case
a
Google
transcoder)
might
modify
the
content
of
a
website.

Unfortunately,
standards
for
transcoders
are
still
being
developed.
As
a
result,
you
may
see
differences,
in
some
cases
considerable
ones,
among
the
content
produced
by
different
transcoders.

Many
operators
may
include
proxy
servers
(proxies)
which
perform
operations
on
behalf
of
a
device.
By
serv-
ing
as
an
intermediary,
a
proxy
provides
a
level
of
secu-
rity
that
separates
the
device
from
the
web
server
with
which
the
device
is
interacting.

FIGURE
14­2
Within
a
mobile
network,
a
transcoder
may
modify
web
content
to
a
form
and
layout
more
suit-
able
for
a
mobile
device.

Pages,
Apps,
and
Widgets

When
developers
build
mobile
solutions,
they
can
ap-
proach
their
solution
in
one
of
three
ways.
First,
they
can
build
a
web
page,
ideally
targeted
for
a
mobile
display.
As
users
browse
the
Web
using
mobile
browsers
built
into
their
phones,
the
contents
of
the
web
page
appear.

Second,
developers
can
build
an
app,
which
typically
is
a
device-specific
program
that
users
download
and
install
(either
free
or
for
a
price)
onto
a
device.
The
app,
in
turn,
displays
an
icon
on
the
device,
which
users
click
to
start
the
app.
FIGURE
14­3
illustrates
a
page
from
which
users
can
access
hundreds
of
thousands
of
apps
that
have
been
created
for
the
iPhone.

Third,
developers
can
create
a
widget,
which
is
much
like
an
app
that
the
user
downloads
and
installs
to
his
or
her
mobile
device.
A
widget
differs
from
an
app
in
that

the
widget
is
always
active.
A
clock
widget’s
icon,
for
ex-
ample,
might
constantly
display
the
current
time,
a
weather
widget’s
icon,
in
turn,
might
display
changing
weather
conditions,
and
a
map
widget
may
constantly
update
its
icon
to
show
the
user’s
location.
In
other
words,
a
widget
is
always
running
and
may
possibly
be
communicating.
Having
many
active
widgets
at
one
time
might
affect
a
device’s
performance.

FIGURE
14­3
From
business
apps,
to
games,
to
educa-
tion,
there
are
hundreds
of
thousands
of
apps
available
for
the
iPhone.

CASE
14-1
W3C
MOBILE
PAGE
CHECKER

Web
developers
should
be
familiar
with
the
W3C
web-
site
and
its
outstanding
development
tutorials
and
tools.
When
it
comes
to
malformed
HTML
tags,
mobile
web
browsers,
because
of
their
compact
size
(code
size),
tend
not
to
be
as
forgiving
as
desktop
browsers.
Before
you
launch
your
mobile
pages,
you
should
validate
your
code
using
the
S3C
Mobile
Checker
at
www.w3c.org/mobile,
as
shown
in
FIGURE
14­4.

Within
the
W3C
Mobile
Checker
site,
you
simply
enter
the
URL
(web
address)
of
the
page
you
want
to
examine.
The
W3C
Mobile
Checker,
in
turn,
analyzes
the
page’s
HTML
and
displays
a
summary
similar
to
the
one
shown
in
FIGURE
14­5.

Exercise
Select
several
traditional
web
or
mobile
web
pages
you
commonly
visit
and
use
the
W3C
Mobile
Checker
to
evaluate
the
pages.
Report
your
findings.

Web
Resources
For
more
information
on
the
W3C
Mobile
Checker,
visit

http://www.w3c.org/mobile

www.CloudBookContent.com/Chapter14/index.html.

FIGURE
14­4
The
W3C
Mobile
Checker
provides
warn-
ings
and
error
messages
that
developers
can
use
to
im-
prove
the
quality
of
their
mobile
web
pages.

FIGURE
14­5
A
page
summary
created
by
the
W3C
Mo-
bile
Checker.

Revisiting
the
Role
of
HTML5

HTML
is
the
markup
language
that
developers
use
to
build
pages
for
display
on
the
Web
and
mobile
web.
When
a
user
browses
the
Web,
either
with
a
computer
or
mobile
device,
a
web
browser
downloads
and
interprets
the
HTML
tags
to
build
the
display
page
the
user
sees.
FIGURE
14­6,
for
example,
shows
a
simple
HTML
page
and
its
resultant
display
within
a
web
page
and
mobile
device.

HTML5
is
the
fifth
major
release
of
HTML.
HTML5
is
important
because
developers
can
use
it
to
create
multi-
media
pages
similar
to
what
they
previously
created
us-
ing
Flash.
Unlike
Flash-based
pages,
which
handheld

http://www.cloudbookcontent.com/Chapter14/index.html

browsers
could
not
display,
HTML5
multimedia
pages
display
on
all
devices.
In
this
way,
HTML5
opens
a
vast
new
area
of
development
for
mobile
devices.

FIGURE
14­6
An
HTML
markup
file
and
its
display
within
a
web
browser
and
mobile
device.

CASE
14-2
CISCO
IBSG
PRESENTATION:
“WHEN
MO-
BILE
AND
CLOUD
COLLIDE”

Cisco
is
one
of
the
key
network
solution
companies
dri-
ving
the
infrastructure
upon
which
the
cloud
resides.
Within
Cisco,
the
Internet
Business
Solutions
Group
(IBSG)
studied
mobile
solutions
and
their
use
of
the
cloud.
The
group
created
five
key
predictions,
which
they
titled
“When
Mobile
and
Cloud
Collide.”
You
can
view
the
presentation
from
the
Web
Resources
link
below.

Exercise
Discuss
whether
you
believe
the
cloud
is
dri-
ving
mobile
or
mobile
is
driving
the
cloud.

Web
Resources
For
more
information
on
the
IBSG
mobile
cloud
predictions,
visit
www.CloudBookContent.-
com/Chapter14/index.html.

Mobile
Development
Considerations

Chapter
18,
Coding
Cloud­Based
Applications,
looks
at
the
details
of
creating
a
cloud
application—it
is
the
chap-
ter
for
coders
and
developers.
Many
people
play
different
roles
in
the
development
of
a
mobile
solution
(project
manager,
sales
and
marketing,
technical
support,
coder,
tester,
and
more).
If
you
work
on
a
mobile
solution,
re-
member
the
following
development
considerations:

•  The
mobile
web
is
not
the
traditional
web:
You
should
not
expect
to
use
your
traditional
web
pages
as
mobile
solutions.
You
should
optimize
your
web
solu-
tions
and
then
optimize
your
mobile
solutions.

http://www.cloudbookcontent.com/Chapter14/index.html

•  Fast
is
good:
Mobile
data
communication
is
still
slower
than
most
computer-based
data
communication
solutions.
As
such,
you
should
optimize
your
mobile
web
layout
and
design
to
maximize
download
performance.

•  Remember
your
goals
and
requirements:
As
you
design
your
mobile
solutions,
keep
your
original
goals
and
requirements
in
mind
to
ensure
that
your
solution
matches
your
business
strategy.

•  You
cannot
support
everything:
Pick
your
largest
market
segment
(or
device)
and
focus
your
initial
efforts
there.

•  Do
not
treat
mobile
content
as
an
afterthought;
create,
do
not
convert,
mobile
content:
Do
not
simply
convert
your
traditional
web
content
for
use
on
the
mobile
web.
Instead,
design
your
mobile
content
for
optimal
performance
and
market
impact.

•  Handle
different
display
sizes
differently:
Mo-
bile
applications
should
query
the
browser
or
device
to
determine
the
supported
display
size
and
then
provide
matching
display
content
dynamically.

CASE
14-3
WEBKIT
OPEN
SOURCE
BROWSER

As
you
drill
down
through
the
specifics
of
mobile
web
browsers,
you
will
find
that
many
run
the
WebKit
open
source
browser.
You
can
learn
more
about
this
browser
and
download
the
source
code
at
the
WebKit
website,
www.webkit.org,
shown
in
FIGURE
14­7.

Exercise
Research
several
commonly
used
phones
(based
on
market
share).
Indicate
whether
the
phones
use
the
WebKit
open
source
browser.

Web
Resources
For
more
information
on
the
WebKit
open
source
browser,
visit
www.CloudBookContent.com/Chapter14/index.html.

http://www.webkit.org/

http://www.cloudbookcontent.com/Chapter14/index.html

FIGURE
14­7
The
WebKit
open
source
browser
pro-
vides
the
engine
for
many
handheld
device
browsers.

CASE
14-4
MOBIREADY
PAGE
CHECKER

Developers
will
often
customize
web
pages
for
mobile
delivery.
As
you
develop
your
pages,
you
should
test
their
content
against
the
mobiReady
page
checker,
shown
in
FIGURE
14­8.
As
you
enter
a
URL
on
the
mobiReady
page,
the
site
will
evaluate
your
page
content
and
display
a
detailed
report,
similar
to
that
shown
in
FIGURE
14­9.
Based
on
the
report
feedback,
you
can
adjust
your
page
components.

Exercise
Select
several
traditional
and
mobile
web
pages
that
you
use
regularly.
Use
the
mobiReady
readi-
ness
test
to
examine
the
sites.
Report
your
findings.

Web
Resources
For
more
information
on
the
mobi-
Ready
site
checker,
visit
www.CloudBookContent.com/Chapter14/index.html.

FIGURE
14­8
The
mobiReady
page
checker
examines
key
aspects
of
mobile
page
content.

http://www.cloudbookcontent.com/Chapter14/index.html

FIGURE
14­9
This
report
by
mobiReady
indicates
not
only
that
the
site
will
display
nicely
on
a
mobile
phone,
but
also
that
there
are
areas
that
need
improvement.

CASE
14-5
THE
“.MOBI”
TOP-LEVEL
DOMAIN

Developers
will
often
create
separate
web
pages
for
mo-
bile-device
display.
To
direct
users
to
those
pages,
devel-
opers
have
several
options.
First,
they
can
have
their
web
software
detect
the
device
type,
such
as
a
computer
or
phone,
and
then
download
the
appropriate
pages
dy-
namically.
Second,
many
developers
will
place
the
letter
“m”
before
their
site
domain
name
(creating
a
subdo-
main),
such
as
m.somesite.com
or
even
mobile.some-
site.com.
Third,
just
as
sites
use
the
domain
types.com,
.org,
and
.edu,
many
mobile-based
sites
now
use
the
“.mobi”
domain
type,
such
as
www.somesite.mobi.

Developers
can
purchase
a
.mobi-based
domain
name
at
most
domain
name
registry
sites.

Exercise
Assume
you
are
launching
a
mobile
web
page.
Discuss
how
you
might
make
your
HTML
pages
available
to
site
users.

Web
Resources
For
more
information
on
the
.mobi
domain
type,
visit
www.CloudBookContent.com/Chap-
ter14/index.html.

CHAPTER
SUMMARY

It
is
not
clear
whether
mobile
computing
is
driving
the
growth
of
the
cloud,
or
vice
versa.
Either
way,
the
use
of
the
cloud
and
the
use
of
mobile
devices
continues
to
grow
exponentially.
This
chapter
examined
various
mo-
bile-computing
factors
and
their
underlying
impact
on

http://m.somesite.com/

http://mobile.somesite.com/

http://types.com/

http://www.somesite.mobi/

http://www.cloudbookcontent.com/Chapter14/index.html

cloud-based
solutions.
Today,
most
businesses
under-
stand
the
need
to
have
a
mobile-computing
presence.
Many
of
the
early
players,
however,
came
to
the
cloud
with
a
conversion
of
their
traditional
web-based
content.
To
maximize
the
user
experience,
developers
must
de-
sign
solutions
specifically
within
the
mobile
ecosystem
in
mind.
Whether
a
solution
is
a
mobile
web
page,
an
app,
or
a
widget,
many
of
these
solutions
will
utilize
underly-
ing
cloud-based
resources.

KEY
TERMS

App

Ecosystem

Mobile
cloud

Proxy

Transcoder

Widget

CHAPTER
REVIEW

1.
Define
and
describe
the
mobile
web.

2.
Describe
the
different
generations
of
cell
phones.

3.
Describe
how
smartphones
differ
from
ordinary
cell
phones.

4.
Select
a
mobile
or
traditional
website
that
interests
you.
Describe
the
site
in
terms
of
the
ecosystem
that
makes
up
the
site’s
user
experience.

5.
Describe
how
web
pages
differ
from
apps
and
how
apps
differ
from
widgets.

6.
Discuss
why
developers
say
that
HTML5
will
drive
mobile
solutions.

7.
Describe
some
development
best
practices
for
design-
ing
solutions
for
the
mobile
cloud.

chapter
15

Governing the Cloud
FOLLOWING
THE
DOT­COM
CRASH
and
corpo-
rate
scandals
such
as
Enron,
Tyco,
and
WorldCom,
pres-
sures
emerged
from
the
government,
shareholders,
and
numerous
other
stakeholders
for
companies
to
increase
their
financial
oversight
to
reduce
opportunity
for
fraud
and
to
restore
confidence
in
corporate
financial
report-
ing.
The
need
for
better
corporate
governance
became
an
issue
for
all
public
companies.
Because
most
of
the
data
that
drive
corporate
financial
reports
originate
within
data
centers,
the
new
era
of
governance
has
brought
greater
visibility
and
a
greater
need
for
controls
to
IT
departments.

Learning
Objectives

This
chapter
examines
corporate
and
IT
governance
and
the
new
challenges
introduced
by
cloud
migrations.
By
the
time
you
finish
this
chapter,
you
will
be
able
to
do
the
following:

•   Define
and
describe
corporate
governance.

•   Define
business
strategy
and
provide
examples
of
strategic
goals.

•   Discuss
how
companies
use
the
Capability
Maturity
Model
to
measure
their
current
capabilities.

•   Define
and
describe
internal
controls.

•   Define
and
describe
IT
governance.

•   Discuss
the
various
types
of
governance
a
company
must
perform.

•   Discuss
the
role
of
Sarbanes-Oxley
in
corporate
IT
governance.

•   Discuss
factors
to
consider
when
developing
gover-
nance
procedures
for
the
cloud.

Understanding
Corporate
Governance

Corporate
governance
combines
the
processes,
poli-
cies,
laws,
and
controls
that
affect
how
a
company
oper-
ates.
The
governance
guides
the
company’s
decision-
making
and
administrative
processes.
Corporate
gover-
nance,
as
shown
in
FIGURE
15­1,
is
complex
and
involves
people,
processes,
systems,
and
more.

FIGURE
15­1
Components
of
the
corporate
governance
process.

CASE
15-1
ORGANIZATION
FOR
ECONOMIC
COOP-
ERATION
AND
DEVELOPMENT
PRINCIPLES
FOR
CORPORATE
DEVELOPMENT

In
1999,
the
Organization
for
Economic
Cooperation
and
Development
(OECD)
published
the
“Principles
for
Cor-
porate
Development”.
It
has
been
revised
to
address
cor-
porate
governance
issues.
You
should
take
time
to
read
this
document.

Exercise
Read
the
“Principles
for
Corporate
Develop-
ment”
and
discuss
the
key
factors
that
guide
the
princi-
ples
of
corporate
governance;
that
is,
discuss
groups
that
are
affected
by
the
principles.

Web
Resources
For
more
information
on
the
“Princi-
ples
for
Corporate
Development”,
visit
www.CloudBook-
Content.com/Chapter15/index.html.

Understanding
Business
Strategy

A
strategy
is
a
plan
of
action
designed
to
achieve
one
or
more
particular
goals.
A
business
strategy
comprises
the
plans
a
company
executes
to
achieve
business
goals,
which
may
include
the
following:

•  Maximizing
shareholder
value

•  Reducing
or
managing
costs
to
maximize
profits

•  Providing
a
high-quality
work
environment
to
attract
and
retain
employees

•  Maintaining
a
high
degree
of
customer
satisfaction

•  Supporting
environmentally
friendly
operations

•  Developing
a
sustainable,
competitive
advantage

•  Providing
accurate
reporting
of
company
operations

Measure
What
Is
Important

After
a
business
defines
its
strategic
plans,
it
must
deter-
mine
ways
to
measure
progress
toward
each
goal.
The
initial
measurement
will
establish
a
baseline
for
the
com-
pany’s
current
level
of
operations,
and
future
measure-
ments
will
establish
the
company’s
level
of
improvement.

CASE
15-2
CAPABILITY
MATURITY
MODEL

As
companies
begin
to
govern
IT
operations,
they
must
identify
their
current
level
of
capability.
The
company
might
apply
measures
with
respect
to
software
develop-
ment,
security,
operations,
user
support,
and
more.

The
Capability
Maturity
Model
(CMM)
was
developed
at
Carnegie
Mellon
University
to
help
businesses
measure
and
improve
their
current
capabilities.
Over
time,
as
a
business
matures
and
its
skills
improve,
a
company’s
CMM
scores
should
increase.
As
scores
increase,
so
too
should
the
predictability
and
reliability
of
the
business.

http://www.cloudbookcontent.com/Chapter15/index.html

To
help
businesses
integrate
the
CMM
process,
Carnegie
Mellon
created
the
Capability
Maturity
Model
Integra-
tion
(CMMI)
process.
In
fact,
the
CMMI
group
has
de-
fined
processes
for
common
industry
activities,
such
as
acquisitions,
security,
software
design,
and
system
design.

Within
CMM,
there
are
five
levels
of
maturity,
as
shown
in
TABLE
15­1.

A
company
evaluates
its
processes
using
the
levels
to
de-
fine
its
current
capabilities
and
then
sets
goals
for
mov-
ing
the
processes
to
the
next
level.

Exercise
Select
an
organization
that
you
know
or
one
where
you
can
interview
a
manager.
Identify
the
organi-
zation’s
key
operational
tasks.
Using
the
CMM,
rate
the
company’s
current
capabilities.

Web
Resources
For
more
information
on
the
CMM,
visit
www.CloudBookContent.com/Chapter15/in-
dex.html.

TABLE
15­1


MATURITY
LEVELS
WHITHIN
THE
CMM

Inspect
What
You
Expect

Once
a
company
defines
its
business
goals
and
metrics,
it
must
inspect
the
underlying
factors
that
drive
business
results.
In
other
words,
rather
than
take
its
financials
at
face
value,
the
company
should
examine
the
sources
from
which
the
values
are
derived
to
ensure
that
each
is
accurate
and
free
from
fraud.
This
inspection
process
is
known
as
auditing.

LevelDescriptionCharacteristics
1 Initial Processes
are
typically
changing.
Those
that
are

static
are
likely
undocumented.
Many
operations
are
reactive.

2 Repeatable Some
processes
are
repeatable,
ideally
with
consistent
results.
Many
defined
systems
are
still
lacking.

3 Defined Many
processes
are
now
static
and
documented.
Some
processes
are
under
evaluation
for
improvement
opportunities.

4 Managed Most
processes
are
controlled
and
adjusted
to
improve
quality.

5 Optimized Focus
is
on
continuous
improvement
of
existing
processes.

http://www.cloudbookcontent.com/Chapter15/index.html

The
auditing
process
can
be
internal
(done
by
the
com-
pany)
or
external
(done
by
a
third
party),
as
shown
in
FIGURE
15­2.

Understanding
Internal
Controls

The
auditing
process
will
identify
key
stages
within
pro-
cesses
that
the
auditor
should
inspect.
To
support
the
process,
the
company
should
put
in
place
its
own
inter­
nal
controls
(policies
and
procedures)
at
each
of
these
key
stages,
as
shown
in
FIGURE
15­3.

FIGURE
15­2
Companies
must
audit
the
source
of
the
values
they
measure
and
report
using
internal
or
external
auditors.

FIGURE
15­3
Internal
controls
allow
a
company
audi-
tor
to
inspect
data
values
at
key
stages.

CASE
15-3
COMMITTEE
OF
SPONSORING
ORGANI-
ZATIONS
OF
THE
TREADWAY
COMMISSION

A
key
aspect
of
corporate
governance
is
internal
con-
trols.
In
general,
an
internal
control
is
a
process
that
pro-
vides
assurance
that
the
objectives
of
a
company’s
opera-
tional
goals
and
legal
compliance
requirements
are
being
met,
as
well
as
confidence
in
the
accuracy
of
the
report-
ing
of
operations.
The
Committee
of
Sponsoring
Organi-
zations
of
the
Treadway
Commission
(COSO)
has
defined
a
model
that
companies
can
use
to
evaluate
their
internal
controls.

The
original
COSO
model’s
framework
consisted
of
five
key
components,
defined
in
TABLE
15­2.

To
meet
the
demand
for
companies
to
address
risk
man-
agement,
the
COSO
framework
has
been
expanded
to
support
eight
components,
as
listed
in
TABLE
15­3.

To
download
a
variety
of
documents
focused
on
internal
controls
and
risk
management,
or
to
order
publications
available
for
purchase,
visit
www.coso.org,
as
shown
in
FIGURE
15­4.

Exercise
Select
a
company
with
which
you
are
familiar.
List
five
potential
internal
controls
you
would
expect
to
see
in
place
within
the
company’s
IT
group.

Web
Resources
For
more
information
on
COSO
and
internal
controls,
visit
www.CloudBookContent.com/Chapter15/index.html.

TABLE
15­2


THE
ORIGINAL
FIVE
KEY
COMPO­
NENTS
OF
THE
COSO
MODEL

COSO
Component

Description

Control
environment

The
organization
creates
an
environment
supportive
of
controls,
which
includes
ethical
operations,
managerial
integrity,
and
compliant
operations.

Risk
assessment

Opportunities
and
existing
processes
are
evaluated
with
respect
to
potential
risks
and
ways
to
mitigate
the
risks.

Control
activities

Business
operations
include
control
activities
such
as
approvals,
authorizations,
reviews,
and
audits.

Information
and
communication

Reliable
and
truthful
communication
flows
up,
down,
and
across
the
organization,
as
well
as
out
from
it.

Monitoring Existing
processes
and
internal
controls
are
monitored

http://www.coso.org/

http://www.cloudbookcontent.com/Chapter15/index.html

TABLE
15­3


THE
COMPONENTS
OF
THE
EX­
PANDED
COSO
MODEL

FIGURE
15­4
The
COSO
website
provides
documents
on
internal
controls
and
risk
management.
You
can
also
order
publications
through
the
website.

CASE
15-4
CONTROL
OBJECTIVES
FOR
INFORMA-
TION
AND
RELATED
TECHNOLOGY

Control
Objectives
for
Information
and
Related
Technol-
ogy
(COBIT)
is
an
IT
governance
framework
defined
by
the
Information
Systems
Audit
Control
Association
(ISACA).
COBIT
defines
dozens
of
processes
an
IT
man-
ager
and
staff
can
use
to
plan,
acquire,
implement,
deliv-

on
a
consistent
basis.

COSO
Component

Description

Internal
environment

The
organization
creates
an
environment
supportive
of
controls,
which
includes
ethical
operations,
managerial
integrity,
and
compliant
operations.

Objective
setting

The
business
establishes
defined
and
measurable
objectives
for
operations.

Event
identification

The
business
watches
for,
recognizes,
and
responds
to
events
that
will
impact
operations.

Risk
assessment

Opportunities
and
existing
processes
are
evaluated
with
respect
to
potential
risks
and
ways
to
mitigate
the
risks.

Risk
response Management
accepts
risks
based
upon
a
consistent
approach
to
risk
tolerance.

Control
activities

Business
operations
include
control
activities
such
as
approvals,
authorizations,
reviews,
and
audits.

Information
and
communication

Reliable
and
truthful
communication
flows
up,
down,
and
across
the
organization
as
well
as
out
from
it.

Monitoring Existing
processes
and
internal
controls
are
monitored
on
a
consistent
basis.

er,
support,
monitor,
and
evaluate
IT
solutions.
COBIT,
whose
first
version
was
released
in
1996,
has
evolved
to
support
current
IT
capabilities
and
governance
needs.
COBIT
is
used
by
small
business
owners
to
structure
their
IT
processes
and
by
larger
companies
and
organiza-
tions
(public
and
governmental)
to
align
IT
and
business
strategies
to
conform
with
regulations
such
as
Sarbanes-
Oxley
and
to
implement
IT
best
practices.
You
can
pur-
chase
the
COBIT
guide
from
the
ISACA
website.

Exercise
COBIT
defines
processes
a
company’s
IT
staff
should
consider
when
performing
common
operations.
Assume
you
must
write
the
COBIT
processes
for
selec-
tion
of
a
cloud
provider.
List
the
processes
you
would
recommend.

Web
Resources
For
more
information
on
COBIT,
visit
www.CloudBookContent.com/Chapter15/index.html.

Extending
Governance
to
Information
Technology

Within
most
companies,
the
data
from
which
the
compa-
ny
creates
its
reports
originates
from
data
within
the
company’s
IT
department.
As
you
might
expect,
much
of
corporate
governance
is
based
upon
IT-related
factors.

Furthermore,
over
the
past
decades,
companies
have
in-
vested
heavily
in
IT
solutions
that
drive
a
variety
of
com-
pany-wide
(enterprise)
applications.
Unfortunately,
many
IT
projects
fail
due
to
poor
management,
incorrect
requirements,
or
misalignment
of
the
IT
solution
with
the
company
strategy.
Put
simply,
companies
make
large
investments
in
IT
solutions;
to
succeed,
the
projects
must
be
governed.

IT
Governance
is
a
subset
of
corporate
governance
that
includes
the
policies,
procedures,
and
controls
that
relate
to
IT
use
and
deployment,
performance,
return
on
in-
vestment,
and
risk
mitigation.
As
shown
in
FIGURE
15­5,
IT
governance
is
one
of
many
key
types
of
governance
a
company
must
consider.

http://www.cloudbookcontent.com/Chapter15/index.html

FIGURE
15­5
IT
governance
is
one
of
many
key
types
of
governance
a
company
must
consider.

CASE
15-5
SARBANES-OXLEY

In
2002,
in
the
aftermath
of
the
dot-com
crash
and
cor-
porate
scandals
that
included
Enron,
Tyco,
and
World-
Com,
Senator
Paul
Sarbanes
of
Maryland
and
Represen-
tative
Michael
Oxley
of
Ohio
cosponsored
a
Senate
bill
entitled
the
Public
Company
Accounting
Reform
and
In-
vestor
Protection
Act
and
a
House
bill
entitled
the
Cor-
porate
Auditing,
Accountability,
and
Responsibility
Act.
Once
passed,
the
law
became
known
as
Sarbanes-Oxley.

The
law’s
goal
was
to
improve
confidence
in
the
truthful-
ness
of
company
reporting
by
requiring
greater
trans-
parency
and
controls
of
the
data
that
companies
report.
The
law
put
in
place
criminal
penalties
for
corporate
offi-
cers
who
violated
or
failed
to
comply
with
the
law.

As
you
would
expect,
Sarbanes-Oxley
had
a
large
impact
on
financial
groups
within
an
organization
who
report
a
company’s
financials.
The
law
also
had
a
large
impact
on
corporate
IT
groups,
who
had
to
implement
auditable
controls
on
the
processes,
data,
and
applications
that
produced
the
information
that
drove
the
financial
reports.

In
general,
Sarbanes-Oxley
was
a
major
catalyst
in
dri-
ving
the
origin
of
IT
governance
and
the
related
process-
es.
For
more
information
on
Sarbanes-Oxley,
download
a
copy
of
the
act
shown
in
FIGURE
15­6.

FIGURE
15­6
Individuals
responsible
for
IT
gover-
nance
of
an
organization
should
review
the
complete
Sarbanes-Oxley
Act
of
2002,
which
is
available
on
the
Web.

Exercise
Using
the
Web,
research
Sarbanes-Oxley.
Pro-
vide
a
list
of
five
reasons
why
Sarbanes-Oxley
should
re-
main
in
effect
and
five
reasons
why
it
should
be
abolished.

Web
Resources
For
more
information
on
Sarbanes-
Oxley,
visit
www.CloudBookContent.com/Chapter15/in-
dex.html.

CASE
15-6
IT
GOVERNANCE
INSTITUTE

The
IT
Governance
Institute
(ITGI)
was
formed
in
1998
to
assist
businesses
in
aligning
IT
solutions
with
business
strategies.
The
institute
conducts
research
on
the
global
practices
and
perceptions
of
IT
governance.
The
institute
makes
many
of
its
best
practices,
case
studies,
and
re-
search
papers
available
for
sale
or
download
from
its
website,
as
shown
in
FIGURE
15­7.

Exercise
Assume
you
must
make
a
presentation
on
IT
governance
to
a
company’s
board
of
directors.
Prepare
a
10-slide
PowerPoint
presentation
that
introduces
the
key
aspects
of
IT
governance.

Web
Resources
For
more
information
on
the
ITGI,
visit
www.CloudBookContent.com/Chapter15/in-
dex.html.

http://www.cloudbookcontent.com/Chapter15/index.html

http://www.cloudbookcontent.com/Chapter15/index.html

FIGURE
15­7
You
can
find
a
wide
range
of
research
ar-
ticles
on
IT
governance
at
the
ITGI
website.

Cloud
Computing
Governance

When
a
company
moves
to
the
cloud,
the
company
must
further
extend
its
IT
governance.
First
and
foremost,
the
company
must
ensure
that
on-site
and
within-the-cloud
solutions
align
with
the
company’s
business
strategies.
If
the
IT
resource
development
and
deployment
does
not
align
with
company
strategies,
the
IT
initiatives
are
des-
tined
to
fail.
Then,
the
company
must
govern
the
cloud
deployment.
That
is,
the
company
must
create
policies,
procedures,
and
controls
that
not
only
ensure
strategic
alignment,
but
also
provide
confidence
in
the
accuracy
and
security
of
the
cloud-based
solutions.

A
key
place
to
begin
the
cloud-governance
process
is
with
the
service-level
agreement
(SLA).
Specific
questions
to
consider
with
respect
to
the
agreement
include
the
following:

•  Who
within
the
company
can
access
the
service?

•  Who
within
the
cloud
provider
can
access
the
service?

•  What
can
those
who
can
access
the
service
do?

•  Is
the
solution
multitenant?

•  How
is
the
service
secured?

•  How
is
the
service
replicated
or
colocated?

•  How
can
the
service
be
tested
and
validated?

•  What
is
the
service
uptime?

•  How
and
when
is
the
service
maintained?

•  What
controls
can
be
implemented
and
at
what
stages
of
the
service?

•  How
are
errors
and
exceptions
logged?

•  How
can
performance
be
monitored?

•  What
is
the
upgrading
and
versioning
process?

•  What
auditing
support
is
provided?

CASE
15-7
CLOUDAUDIT
AUTOMATED
AUDIT
AS-
SERTION,
ASSESSMENT,
AND
ASSURANCE
API
(CO-
DENAME
A6)

In
the
future,
many
cloud
service
providers
will
offer
au-
tomated
auditing
capabilities
that
companies
can
use
as
part
of
their
cloud-governance
procedures.
The
CloudAu-
dit/A6
working
group
consists
of
cloud-compliance
ad-
ministrators,
developers,
security
personnel,
auditors,
and
others.
The
group’s
goal
is
to
develop
an
application
program
interface
(API)
that
developers
can
use
and
cloud
service
providers
will
support,
to
allow
the
devel-
opers
to
monitor
key
cloud
issues.

For
more
information
on
CloudAudit/A6,
visit
the
cloudaudit.org
website
shown
in
FIGURE
15­8.

Exercise
Discuss
the
importance
of
having
audit
capa-
bilities
for
cloud-based
solutions.

Web
Resources
For
more
information
on
CloudAudit/A6,
visit
www.CloudBookContent.com/Chapter15/index.html.

http://cloudaudit.org/

http://www.cloudbookcontent.com/Chapter15/index.html

FIGURE
15­8
The
CloudAudit/A6
working
group
is
defining
an
API
that
developers
will
use
to
automate
the
auditing
of
key
cloud
operations.

CHAPTER
SUMMARY

After
the
dot-com
crash
and
corporate
scandals
such
as
Enron,
Tyco,
and
WorldCom,
businesses
were
pressured
by
the
government,
shareholders,
and
various
other
stakeholders
to
increase
their
financial
oversight
to
re-
duce
opportunity
for
fraud
and
to
restore
confidence
in
financial
reporting.
As
a
result,
corporate
governance
be-
came
an
issue
for
all
public
companies.
Because
IT
de-
partments
create
and
store
most
of
the
data
that
drive
corporate
financial
reports,
the
new
era
of
governance
has
brought
greater
visibility
and
a
greater
need
for
con-
trols
to
IT
departments.
IT
governance
consists
of
the
policies
and
procedures
the
IT
staff
uses
to
control
data
and
applications
within
a
data
center.
With
the
advent
of
cloud-based
solutions,
IT
governance
now
extends
to
the
cloud.

KEY
TERMS

Auditing

Business
strategy

Corporate
governance

Internal
control

IT
governance

CHAPTER
REVIEW

1.
Define
corporate
governance.

2.
Discuss
the
events
that
led
up
to
the
need
for
in-
creased
corporate
governance.

3.
Define
business
strategy.
List
five
possible
business
strategies.

4.
Discuss
the
purpose
of
the
Capability
Maturity
Model.

5.
Define
auditing.

6.
Define
internal
control
and
provide
an
example
of
a
control.

7.
Discuss
the
role
Sarbanes-Oxley
has
played
with
re-
spect
to
corporate
governance.

8.
Define
IT
governance.

9.
List
factors
one
should
consider
with
respect
to
gov-
erning
the
cloud.

chapter
16

Evaluating the Cloud’s Business Impact
and Economics
SO
FAR,
YOU
HAVE
learned
that
the
cloud
is
bringing
with
it
new
business
models
and
economics.
Large
com-
panies
are
saving
costs,
reducing
staff,
and
improving
system
scalability
by
moving
from
on-site
data
centers
to
the
cloud.
Small
companies
are
leveraging
pay-on-de-
mand
models
to
“right-size”
their
computing
needs
quickly
and
cost
effectively.
The
cloud
business
model
and
its
economic
opportunities
for
all
businesses,
large
and
small,
is
the
subject
of
this
chapter.

Learning
Objectives

This
chapter
examines
the
impact
of
the
cloud
business
model
on
businesses
and
the
resulting
economic
oppor-
tunities.
By
the
time
you
finish
this
chapter,
you
will
be
able
to
do
the
following:

•   Discuss
the
total
cost
of
ownership
for
an
IT
solution.

•   Compare
and
contrast
the
capital
expenses
and
opera-
tional
expenses
of
an
IT
solution.

•   Describe
supply-side
savings
made
available
through
large-scale,
cloud-based
data
centers.

•   Describe
and
discuss
the
efficiencies
gained
to
providers
through
multitenant
applications.

•   Describe
and
discuss
the
“right-sizing”
process.

•   Identify
the
primary
costs
of
a
data
center.

•   Describe
how
Moore’s
law
relates
to
the
cloud.

CASE
16-1
CLOUD
ECONOMICS

Economics
is
the
study
of
the
production,
distribution,
and
consumption
of
goods
and
services.
One
of
the
best
overviews
of
cloud
economics,
published
in
November
2010,
was
written
by
two
employees
at
Microsoft,
Rolf
Harms
and
Michael
Yamartino.
The
document
provides

an
overview
of
the
cloud,
a
historical
perspective,
and
an
easy-to-follow
discussion
of
its
impact
on
business
(see
FIGURE
16­1).

Exercise
Select
an
industry-changing
event
in
history,
such
as
the
automobile
assembly
line,
the
first
commer-
cial
airline
flight,
or
the
advent
of
radio
or
television,
and
compare
the
rate
of
adoption,
societal
impact,
and
eco-
nomic
impact
with
that
of
the
cloud.

Web
References
For
more
information
on
the
Mi-
crosoft
“Economics
of
the
Cloud”
paper,
visit
www.-
CloudBookContent.com/Chapter16/index.html.

FIGURE
16­1
The
authors
of
an
influential
white
paper
on
the
economics
of
the
cloud
compare
the
current
state
of
cloud
computing
with
the
early
days
of
“horseless
car-
riages,”
when
no
one
could
predict
how
the
modern
au-
tomobile
industry
would
evolve.

Business
Economics
101

To
understand
the
business
and
economics
impact
of
the
cloud,
first
you
should
understand
several
key
terms.
The
following
sections
examine
key
business
concepts
and
their
impact
associated
with
the
cloud.

Total
Cost
of
Ownership

Computer
hardware
and
software
have
associated
direct
and
indirect
costs.
For
example,
when
you
purchase
a
network-attached
disk
drive,
you
incur
the
direct
cost
of

http://www.cloudbookcontent.com/Chapter16/index.html

the
hardware
device,
plus,
possibly,
a
warranty.
Before
you
purchased
the
device,
you
likely
spent
time
research-
ing
it,
shopping,
and
finally
placing
your
order,
which
then
required
tax
and
shipping
expenses.
After
the
device
arrived,
you
spent
time
installing,
configuring,
and
test-
ing
it.
Finally,
the
device
was
ready
for
use
and
began
to
consume
power
and
generate
heat.
Admittedly,
for
the
one
disk
drive
in
this
case,
the
indirect
cost
may
be
small.
The
point
is
that
you
can
establish
a
series
of
costs
before
the
acquisition,
at
the
time
of
the
acquisition,
and
follow-
ing
the
acquisition.

These
different
costs
combined
constitute
the
total
cost
of
ownership
(TCO)—the
total
direct
and
indirect
costs,
including
capital
and
operating
expenses,
of
own-
ing
a
particular
piece
of
equipment
or
other
capital
good.
When
you
examine
the
economics
of
the
cloud,
you
need
to
consider
the
total
cost
of
ownership
of
an
on-site
solu-
tion
compared
with
that
of
the
cloud.

When
you
calculate
the
total
cost
of
ownership
for
vari-
ous
computers,
hardware,
network,
and
software
solu-
tions,
you
should
consider
the
following
items:

•  Software
(server,
desktop,
notebook,
tablet,
and
mobile)

•
Prepurchase
research

•
The
actual
software
purchase
or
licensing

•
Installation

•
Training

•
Version
and
patch
management

•
License
management

•
Security
considerations

•
Administration

•  Hardware
(server,
desktop,
notebook,
tablet,
and
mobile)

•
Prepurchase
research

•
The
actual
hardware
purchase

•
Installation

•
Testing

•
Footprint
and
space

•
System
downtime

•
Electricity
and
air
conditioning

•
Insurance

•
Replacement
costs
of
failed
components

•
Decommission,
removal,
and
disposal
of
previous
equipment

•
Cost
of
scaling
solutions
to
new
demands

•
System
maintenance

•  Data
storage

•
Prepurchase
research

•
The
actual
device
purchase

•
Installation

•
Testing

•
Security
considerations

•
Backup
operations

•
Footprint
and
space

•
Electricity
and
air
conditioning

•
Maintenance

•
Replacement
costs
of
failed
components

•  Network
equipment

•
Internet
access
(Internet
service
provider)

•
Prepurchase
research

•
The
actual
component
acquisition

•
Installation

•
Training

•
Security
considerations

•
System
downtime

•
Maintenance

•
Administration

CASE
16-2
AMAZON
TOTAL
COST
OF
OWNERSHIP
SPREADSHEET

To
help
users
calculate
and
then
compare
the
total
cost
of
ownership
for
a
cloud-based
solution,
collocated
solu-
tion,
and
on-site
solution,
Amazon
provides
the
Excel
spreadsheet
shown
in
FIGURE
16­2.
Using
this
spread-
sheet,
you
can
perform
a
detailed
analysis
of
the
costs
re-
lated
to
each
solution.

Exercise
Assume
you
must
deploy
a
2,000-server
solu-
tion
for
a
new
technology
company.
Using
the
Amazon
spreadsheet,
calculate
and
compare
the
total
cost
of
own-
ership
for
using
Amazon
web
services,
a
colocated
data
center,
and
an
on-site
solution.

Web
Resources
For
more
information
on
the
Amazon
total
cost
of
ownership
spreadsheet,
visit
www.Cloud-
BookContent.com/Chapter16/index.html.

FIGURE
16­2
Amazon
provides
an
Excel
spreadsheet
used
to
calculate
the
total
cost
of
ownership
for
common
IT
installation
solutions.

http://www.cloudbookcontent.com/Chapter16/index.html

Economies
of
Scale

Economies
of
scale
describes
the
cost
savings
that
a
company
may
experience
(up
to
a
point)
by
expanding.
Assume,
for
example,
that
a
data
center
has
two
system
administrators
who
oversee
100
servers.
Each
adminis-
trator
is
paid
$50,000.
The
cost
per
server
for
system
ad-
ministration
becomes
the
following:

Assuming
the
servers
are
running
similar
operating
sys-
tems,
the
two
administrators
may
be
able
to
oversee
as
many
as
1000
servers.
In
that
case,
the
cost
per
server
for
system
administration
becomes
the
following:

In
this
case,
by
scaling
the
number
of
servers,
the
compa-
ny
can
reduce
the
perserver
administrative
costs.
Fur-
thermore,
the
company
may
reduce
its
per-server
soft-
ware
licensing
costs
and
other
expenses
due
to
the
larger
volume
of
servers.

Because
of
their
size,
cloud-based
data
centers
experi-
ence
significant
economies
of
scale.
As
cloud-based
data
centers
supply
computing
resources,
providers
can
offer
supply-side
savings.
Additionally,
because
many
cloud-
based
providers
use
a
multi-tenant
approach,
perhaps
a
software
as
a
solution
(SaaS)
that
uses
virtual
servers
or
an
infrastructure
as
a
solution
(IaaS)
data
center
that
houses
multiple
clients,
the
providers
gain
efficiencies
and
cost
reductions,
some
of
which
can
be
passed
on
to
the
customer.

As
discussed,
one
of
the
largest
costs
within
the
data
cen-
ter
is
power.
Because
larger
data
centers
can
combine
power
across
multiple
customers,
they
can
purchase
power
at
better
rates
than
smaller
data
centers
can.

Capital
Expenditures

Capital
expenditures
(CAPEX)
are
large
expendi-
tures,
normally
for
a
plant,
property,
or
large
equipment.

Companies
make
large
capital
expenditures
to
meet
cur-
rent
or
future
growth
demands.
Because
capital
expendi-
tures
have
value
over
a
number
of
years,
companies
can-
not
expense
the
expenditures
in
full
during
the
current
year.
Instead,
using
a
process
called
expense
capitaliza-
tion,
the
company
can
deduct
a
portion
of
the
expense
over
a
specific
number
of
years.
Different
asset
types,
such
as
buildings,
vehicles,
and
computers,
are
capital-
ized
over
various
lengths
of
time,
based
on
rules
of
the
U.S.
Internal
Revenue
Service.

Traditionally,
a
company
would
have
to
make
a
large
capital
investment
for
a
data
center
facility,
its
comput-
ers,
power
supplies,
air
conditioning,
and
so
on.

For
many
companies,
the
cloud
eliminates
the
need
for
a
large
data
center
and
the
corresponding
capital
expendi-
tures.
Instead,
companies
that
use
the
cloud
experience
operational
expenses.

Operational
Expenses

Operational
expenses
(OPEX)
are
expenses
that
cor-
respond
to
a
company’s
cost

of
operations.
Within
a
data
center,
for
example,
operat-
ing
expenses
include
the

following:

•  Power
and
air
conditioning

•  Rent
and
facilities

•  Equipment
maintenance
and
repair

•  Internet
accessibility

•  Software
maintenance
and
administration

•  Insurance

When
a
company
migrates
its
IT
solutions
to
the
cloud,
it
incurs
a
fee
for
the
cloud-based
services
it
consumes.
However,
because
of
the
cloud-service
provider’s
economies
of
scale,
the
operational
cost
of
using
the
cloud
will
likely
be
lower
than
what
the
company
would
pay
for
an
on-site
data
center.

CASE
16-3
MICROSOFT
OPERATIONAL
EXPENSE
CALCULATOR

To
help
companies
compare
their
operational
costs
to
those
of
the
Windows
Azure
platform
as
a
service
(PaaS),
Microsoft
provides
the
Windows
Azure
pricing
calcula-
tor,
shown
in
FIGURE
16­3.

Exercise
Assume
you
must
deploy
a
system
with
the
fol-
lowing
attributes:

•  5,000
hours
of
medium
computing
capability

•  75
GB
of
relational
database
support

•  1
TB
of
disk
storage

•  2
GB
of
data
transfer

•  Four
2048
MB
caches

Use
the
Windows
Azure
pricing
calculator
to
determine
the
corresponding
monthly
operating
expenses.

Web
Resources
For
more
details
on
the
Windows
Azure
pricing
calculator,
visit
www.CloudBookContent.-
com/Chapter16/index.html.

FIGURE
16­3
The
Windows
Azure
pricing
calculator.

Return
on
Investment

http://www.cloudbookcontent.com/Chapter16/index.html

Return
on
investment
(ROI)
is
a
measure
of
the
fi-
nancial
gain
(or
return)
on
an
investment,
such
as
a
new
piece
of
equipment.
For
example,
assume
that
a
compa-
ny
can
repeatedly
save
$10,000
based
on
a
$50,000
in-
vestment.
The
company’s
first-year
ROI
would
become

Assume
that
company
can
repeatedly
save
$7,000
by
making
a
$25,000
investment.
The
company’s
first-year
ROI
would
become

The
higher
the
ROI,
the
better.
Using
an
ROI
in
this
way,
a
company
can
compare
two
or
more
investment
opportunities.

Traditionally,
before
investing
in
a
large
data
center,
a
company
would
determine
the
ROI.
Because
one
typical-
ly
does
not
have
a
large
investment
within
cloud-based
solutions
(cloud
solutions
normally
have
monthly
opera-
tional
expenses),
calculating
the
ROI
for
cloud-comput-
ing
solutions
can
be
difficult.

Company
IT
personnel
will
instead
evaluate
the
benefits
of
the
monthly
cloud
investment
based
on
factors
includ-
ing
the
following:

•  Rapid
scalability:
Customers
can
make
and
imple-
ment
scaling
decisions
quickly.

•  Reduced
total
cost
of
ownership:
By
leveraging
the
cloud-service
provider’s
economies
of
scale,
the
cus-
tomer’s
total
cost
of
ownership
will
normally
be
less.

•  Improved
business
continuity
and
disaster
re­
covery:
The
cloud
becomes
an
operational
insurance
policy
for
fail-safe
operations.

•  Increased
cost
controls:
Customers
normally
pay
only
for
the
resources
they
consume
and
may
be
able
to
align
that
increased
resource
consumption
with
in-
creased
revenues.

•  Enhanced
ability
to
“right­size”:
Companies
can
monitor
system
utilization
and
scale
resource
use
up
or
down
to
align
resources
with
demand.

CASE
16-4
CLOUD
COMPUTING
RETURN
ON
IN-
VESTMENT
CALCULATOR

To
help
IT
personnel
estimate
the
ROI
for
using
cloud-
based
services,
www.GetApp.com
provides
a
cloud
com-
puting
migration
calculator,
as
shown
in
FIGURE
16­4.
Using
the
calculator,
you
enter
your
current
costs
for
var-
ious
IT
components,
the
facility,
operating
system
licens-
es,
servers,
data
storage,
and
more.
Then,
for
each
item,
you
specify
the
potential
cost
reduction
realized
by
using
the
cloud.
The
calculator,
in
turn,
determines
your
po-
tential
savings
and
ROI
for
the
cloud
migration.

Exercise
Assume
you
must
deploy
a
system
with
the
fol-
lowing
attributes:

•  7,200
hours
of
computing
capability—24/7
monthly
operations

•  100
GB
of
relational
database
support

•  1
TB
of
disk
storage

•  5
GB
of
data
transfer

FIGURE
16­4
The
cloud
computing
ROI
calculator.

Assume
you
have
the
current
data
center
expenses:

http://www.getapp.com/

•  Facilities
rent:
$100,000
a
year

•  Power/AC:
$5,000
a
month

•  System
administration:
$250,000
a
year

•  Operating
system
server
site
licenses:
$25,000
a
year

•  Network
costs:
$80,000
a
year

•  Disk
storage
costs:
$25,000
a
year

•  Disaster
recovery:
$50,000
a
year

•  Developer
costs:
$400,000
a
year

•  Operational
IT
costs:
$150,000
a
year

Use
the
www.GetApp.com
ROI
calculator
to
determine
the
corresponding
monthly
operating
expenses
and
po-
tential
cloud
savings.

Web
Resources
For
specifics
on
calculating
and
ana-
lyzing
the
ROI
for
cloud
computing,
visit
www.Cloud-
BookContent.com/Chapter16/index.html.

Profit
Margins

A
company’s
profit
margin,
often
simply
called
the
margin,
is
a
ratio
of
the
company’s
income
to
revenue:

     Profit
Margin
=
(Income
/
Revenue)
*
100

Assume,
for
example,
a
company
has
$500,000
of
rev-
enue
and
the
following
expenses:

To
calculate
the
company’s
income
or
profit,
you
simply
subtract
the
expenses
from
the
revenues:

http://www.getapp.com/

http://www.cloudbookcontent.com/Chapter16/index.html

Then,
you
can
calculate
the
company’s
profit
margin
as
follows:

Assume
that
by
migrating
its
IT
data
center
to
the
cloud,
the
company
can
reduce
its
IT
expenses
to
$75,000.
The
company’s
margin,
in
turn,
would
improve
as
follows:

One
way
to
determine
the
benefit
of
moving
to
the
cloud
is
to
evaluate
a
company’s
on-site
profit
margins
com-
pared
with
the
cloud-based
profit
margins.

Moore’s
Law
and
the
Cloud

Gordon
Moore,
one
of
the
cofounders
of
Intel,
identified
a
computing
trend
during
the
1960s
that
remains
true
today:

The
number
of
transistors
that
can
be
placed
on
an
inte­
grated
circuit
doubles
every
two
years.

This
observation
is
known
as
Moore’s
law.
We
find
that
computing
power
and
disk
storage
capacity
also
double
at
nearly
this
rate.
The
result
is
that
a
capital
investment
in
computing
devices
has
a
very
short
effective
life
ex-
pectancy.
The
systems
we
buy
today
may
be
only
half
as
fast
as
those
we
will
purchase
two
to
three
years
from
now.

By
shifting
computer
resources
to
the
cloud,
companies
eliminate
the
need
to
update
their
own
data
center

equipment,
which
may
drive
a
considerable
cost
savings.
Today,
within
the
cloud
environment,
you
can
think
of
the
services
provided
(SaaS,
PaaS,
and
IaaS)
as
a
commodity.

Understanding
Right-Sizing

A
goal
of
most
computer
systems
is
high
CPU
utilization.
If
CPUs
have
low
activity,
processing
resources
are
wast-
ed.
However,
if
a
CPU
is
running
at
100
percent,
perfor-
mance
will
suffer
due
to
increased
process
switching.
Thus,
the
goal
is
a
high
level
of
utilization,
but
not
maxi-
mum
utilization.

As
a
company
moves
new
products
to
the
cloud,
it
has
no
way
of
knowing
what
the
level
of
utilization
will
be.
If
a
company
launches
solutions
with
too
few
servers,
the
so-
lution’s
performance
will
suffer.
If
a
company
provides
more
servers
than
necessary,
it
will
pay
for
unused
resources.

The
virtual
and
easily
scalable
nature
of
the
cloud
makes
it
easy
for
companies
to
“right-size”
their
resource
needs.
Right­sizing
is
the
process
of
aligning
computing
re-
sources
(processors,
servers,
disk
capacity,
and
so
on)
with
user
demand
and
requirements.
With
the
compa-
ny’s
optimal
CPU
utilization
come
optimal
related
costs
within
the
cloud’s
pay-as-you-go
environment.
Within
the
cloud
environment,
a
customer
may
pay
for
one
hour
of
processing
by
50
servers—or
the
same
for
50
hours
of
processing
by
one
server.
In
other
words,
it
is
easy
to
“right-size.”

Defining
a
Large
Data
Center

Throughout
this
chapter,
we
have
referred
to
“large
data
centers”
and
their
economies
of
scale.
A
large
data
center
may
house
from
500,000
to
several
million
square
feet
of
space,
and
may
initially
cost
several
billion
dollars.
FIGURE
16­5
shows
the
I/O
Data
Center
website.
Visit
the
site
to
gain
a
better
understanding
of
the
size
and
scope
of
a
large
data
center.

FIGURE
16­5
The
I/O
Data
Center
website.

Other
Economic
Key
Performance
Indicators

Beyond
the
traditional
total
cost
of
ownership,
the
shift
from
capital
to
operational
expenses,
and
ROI,
TABLE
16­1
describes
several
key
performance
indicators
that
should
be
considered
before
initiating
a
cloud
deployment.

TABLE
16­1
ADDITIONAL
KEY
PERFORMANCE
INDICATORS
TO
CONSIDER

Metric/Indicator Measure
System
availability Through
system
redundancy
and

colocation,
cloud-based
service
providers
typically
provide
99.9
percent
uptime
and
system
availability.
Because
cloud
service
providers
maintain
the
operating
system
and
support
software,
companies
normally
experience
little
downtime
for
system
patch
or
version
upgrades.
Most
cloud
service
providers
guarantee
system
availability
as
part
of
their
SLA.

Processor
utilization Because
cloud-based
providers
can
scale
processors
on
demand,
a
company
does
not
have
to
deploy
a
large
number
of
processors
to
meet
potential
demand.
Instead,
a
company
can
estimate
initial
demand
and
then
scale
up
or
down
accordingly
and
dynamically
to
drive
a
more
efficient
processor
utilization.

Time-of-day
utilization Many
applications
experience
spikes
during
specific
times
of
the

Marketing
the
Cloud

As
with
all
products
and
services,
the
rate
at
which
users
migrate
to
the
cloud
follows
a
common
pattern.
FIGURE
16­6
illustrates
a
typical
adoption
cycle.
It
is
interesting
to
note
that
the
innovators
and
early
adopters
comprise
only
50
percent
of
the
eventual
market.
Judged
by
that,
the
cloud
still
experiences
significant
growth
from
the
late
majority
and
laggards.

p g p
day.
For
example,
a
human
resource
(HR)
solution
will
normally
experience
traffic
during
business
hours
and
then
little
traffic
during
off
times.
Because
cloud
service
providers
can
dynamically
scale
resources
to
meet
user
demand,
the
solutions
can
scale
processor
power
up
or
down
as
necessary
throughout
the
day.

Resource
demand/utilization
(RAM,
disk
and
database)

Many
companies
find
that
their
resource
demand
models
their
time-of-day
utilization.
A
cloud
service
provider
may
be
able
to
scale
resources
to
best
align
user
demand
with
costs.

Time
to
market Most
companies
can
turn
on
a
cloud
service
solution
immediately,
without
the
cost
and
time
involved
in
establishing
a
data
center
(small
or
large);
acquiring,
installing,
and
testing
hardware
and
software;
and
hiring
system
administrators.

Opportunity
costs There
are
costs
associated
with
an
activity’s
potential
that
a
company

must
forgo
when
selecting
an
alterative.
For
example,
if
a
company
invests
in
an
on-site
data
center,
the
company
may
have
to
forgo
an
advertising
and
marketing
initiative
that
could
increase
revenues.

User
experience Hiring,
onboarding,
and
training
skilled
IT
employees
is
usually
an
expensive
investment.
Most
cloud
service
providers
have
an
experienced
team
of
administrators
and
security
personnel.

Market
disruption Being
first
to
market
can
have
disruptive
benefits.
By
utilizing
cloud-based
resources,
a
company
may
become
more
nimble
and
faster
to
market
than
a
company
that
integrates
an
on-site
data
center.

FIGURE
16­6
The
cloud’s
market
adoption
cycle
is
sim-
ilar
to
that
of
most
new
product
and
service
offerings.

CHAPTER
SUMMARY

The
cloud
brings
new
business
models
and
economics.
By
moving
to
infrastructure
as
a
service,
large
companies
can
save
costs,
reduce
staff,
and
improve
system
scalabil-
ity.
Through
SaaS
and
PaaS,
small
companies
are
lever-
aging
pay-on-demand
models
to
“right-size”
their
com-
puting
needs
quickly
and
cost-effectively.
This
chapter
examined
the
cloud
business
model
and
related
econom-
ic
opportunities.
Specifically,
you
learned
how
compa-
nies
are
converting
large
capital
expenditures
to
monthly
operational
expenses
and
how
the
cloud
service
provider’s
economies
of
scale
result
in
savings
to
compa-
nies
that
pay
for
the
cloud
services.

KEY
TERMS

Capital
expenditures
(CAPEX)

Economics

Economies
of
scale

Key
performance
indicators

Operational
expenses
(OPEX)

Profit
margin

Return
on
investment
(ROI)

Right­sizing

Total
cost
of
ownership
(TCO)

CHAPTER
REVIEW

1.
Define
and
describe
total
cost
of
ownership.
List
at
least
10
items
to
consider
when
determining
a
data
cen-
ter’s
total
cost
of
ownership.

2.
Define
and
describe
a
capital
expense.
How
are
capital
expenses
different
from
operational
expenses?

3.
Define
and
describe
economies
of
scale
and
provide
a
cloud-based
example.

4.
Define
and
describe
“right-sizing”
as
it
pertains
to
cloud
computing.

5.
Define
Moore’s
law
and
discus
how
it
might
influence
cloud
migration.

6.
Given
company
revenues
of
$2.5
million
and
expenses
of
$2.1
million,
calculate
the
company’s
profit
and
profit
margin.

chapter
17

Designing Cloud-Based Solutions
THROUGHOUT
THIS
BOOK,
WE
have
looked
at
a
variety
of
cloud-related
issues,
from
scalability
to
securi-
ty
to
economics
and
business
models.
In
Chapter
18,
Coding
Cloud­Based
Applications,
we
will
build
and
de-
ploy
several
simple
cloud-based
solutions.
In
this
chap-
ter,
we
look
at
many
design
considerations
a
developer
should
consider
when
designing
a
cloud-based
solution.

Learning
Objectives

This
chapter
examines
cloud-based
solution
designs.
By
the
time
you
finish
this
chapter,
you
will
be
able
to
do
the
following:

•   Compare
and
contrast
functional
and
nonfunctional
system
requirements.

•   Understand
why
developers
should
delay
selecting
an
implementation
platform
during
the
design
phase.

•   Discuss
considerations
designers
should
evaluate
when
they
design
a
system
to
meet
specific
nonfunction-
al
requirements.

Revisit
the
System
Requirements

Before
you
begin
the
design
process,
you
must
ensure
that
you
have
a
complete
set
of
system
requirements.
If
the
system
requirements
were
defined
by
another
indi-
vidual
or
group,
you
should
review
the
requirements
and
then
walk
through
your
understanding
of
them
with
the
group
and
ideally
the
stakeholder
who
served
as
the
ex-
pert
for
the
requirements
specification.
Identifying
er-
rors,
omissions,
and
misunderstandings
early
in
the
de-
sign
process
will
save
considerable
time
and
money
later.

System
requirements
fall
into
one
of
two
categories:
functional
requirements
and
nonfunctional
require-
ments.
The
functional
requirements
specify
what
the
system
does—that
is,
the
specific
tasks
the
system
will
perform.
Normally,
the
functional
requirements
are
pro-
vided
by
the
system
or
business
analyst
to
the
designer
within
the
specification
of
the
things
that
the
system

needs
to
do.
In
contrast,
nonfunctional
requirements
specify
how
the
system
will
work
behind
the
scenes.
Nonfunctional
requirements
are
often
called
quality
requirements
and
include
common
factors
such
as
per-
formance,
reliability,
and
maintainability.
As
a
designer
with
a
strong
working
knowledge
of
the
cloud
environ-
ment,
you
can
exhibit
considerable
influence
on
the
sys-
tem’s
design
to
meet
the
nonfunctional
requirements.
Much
of
this
chapter
examines
specific
design
considera-
tions
for
nonfunctional
requirements.

When
to
Select
a
Development
Environment

Many
developers
want
to
be
quick
to
select
the
platform
upon
which
they
will
develop
and
implement
the
solu-
tion.
That
is,
they
want
to
start
thinking
about
.Net,
Lin-
ux,
C#,
or
Ruby.
When
designing
solutions,
however,
you
should
hold
off
on
the
implementation
details
as
long
as
you
can.
Your
design
goal
is
to
understand
the
require-
ments
(functional
and
nonfunctional)
fully
and
then
to
evaluate
alternative
solutions
and
implementations.
If
you
focus
too
soon
on
platform
capabilities,
the
platform
may
begin
to
dictate
your
design,
not
only
for
a
specific
requirement,
but
also
for
the
requirements
that
follow.

Knowing
the
capabilities
of
a
platform
is
important;
but
it
is
wise
to
hold
off
deciding
on
one
until
you
have
your
requirements
and
potential
solutions
on
the
table.

Design
Is
a
Give-and-Take
Process

Designing
a
system
is
challenging.
Budgets
and
time
con-
straints
mean
you
cannot
solve
every
problem.
That
said,
you
need
to
consider
the
common
design
issues
and
then
help
the
stakeholders
prioritize
the
solutions
they
desire.
As
you
evaluate
your
system’s
nonfunctional
require-
ments,
remember
the
80/20
rule
(Often
80
percent
of
a
program’s
processing
takes
place
within
20
percent
of
the
code).
You
will
want
to
focus
your
system
design
on
the
issues
that
will
produce
the
greatest
impact
for
the
stakeholders.

Designing
for
Accessibility

Depending
on
the
processing
a
system
performs,
a
de-
signer
may
need
to
create
an
interface
that
maximizes
user
access
or
may
have
to
lock
down
the
system
and
control
which
users
can
access
specific
features.
For
a
public
solution,
such
as
a
consumer
website,
maximizing
user
access
not
only
makes
great
marketing
sense,
but

also
may
be
required
by
law
(see
the
Americans
with
Dis-
abilities
Act
website
at
www.ada.gov).
In
contrast,
for
a
secure
site,
controlling
user
access
can
range
from
ensur-
ing
the
security
of
the
login
process
to
some
type
of
bio-
metric
user
authentication.

CASE
17-1
VOICEPAY
CLOUD-BASED
USER
AUTHENTICATION

Authenticating
a
mobile
device
user
can
be
challenging.
Often,
mobile
users
will
preconfigure
different
pages
to
“remember”
them
in
order
to
simplify
login
processes.
If
a
user
loses
the
device,
another
person
may
be
able
to
ac-
cess
those
pages.
VoicePay,
shown
in
FIGURE
17­1,
has
an
interesting
voice-based
biometric
authentication
ca-
pability.
When
a
user
wants
to
make
a
purchase
or
log
in
to
a
specific
site,
the
user
calls
VoicePay
and
speaks.
The
system,
in
turn,
uses
the
user’s
voice
profile
to
authenti-
cate
him
or
her.
The
user
does
not
have
to
provide
a
username,
password,
or
other
confidential
information—
all
he
or
she
has
to
do
is
speak.
As
mobile
device
use
con-
tinues
to
grow
exponentially,
biometric
solutions
such
as
those
offered
by
VoicePay
will
become
mainstream.

Exercise
List
and
describe
other
potential
uses
for
voice-based
user
authentication.

Web
Resources
For
more
information
on
VoicePay,
visit
www.CloudBookContent.com/Chapter17/in-
dex.html.

FIGURE
17­1
Using
biometric
voice
recognition
to
iden-
tify
users
at
VoicePay.

CASE
17-2
WEB
ACCESSIBILITY
INITIATIVE

http://www.ada.gov/

http://www.cloudbookcontent.com/Chapter17/index.html

As
discussed,
designing
for
user
access
is
not
just
good
business—for
most
web-based
companies,
it
is
a
matter
of
law.
To
help
designers
understand
potential
solutions
and
user
needs,
the
World
Wide
Web
Consortium
(W3C)
has
developed
guidelines
within
its
Web
Accessibility
Initiative
pages,
as
shown
in
FIGURE
17­2.
Before
you
begin
a
user
interface
design,
you
should
review
these
ac-
cessibility
issues
and
requirements.

Exercise
Research
and
discuss
lawsuits
that
companies
have
lost
for
failing
to
support
web
accessibility
for
all
users.

Web
Resources
For
more
information
on
the
W3C
Web
Accessibility
Initiative,
visit
www.CloudBookCon-
tent.com/Chapter17/index.html.

FIGURE
17­2
Specifics
on
designing
web-based
solu-
tions
to
increase
accessibility
across
a
spectrum
of
users.

Designing
for
Audit

Chapter
15,
Governing
the
Cloud,
examined
the
cloud’s
impact
upon
the
IT
governance
process.
As
you
design
a
cloud-based
solution,
you
must
first
identify
critical
pro-
cessing
points
at
which
you
will
want
to
place
an
internal
control
to
confirm
that
the
solution’s
processing
is
cor-
rect
and
free
from
outside
manipulation.
You
may
design
such
controls
to
be
active,
meaning
the
code
may
gener-
ate
a
processing
exception
should
unexpected
results
oc-
cur;
or,
the
control
may
be
passive,
possibly
logging
events
to
a
file
or
saving
snapshots
of
data.

In
either
case,
it
is
important
that
you
identify
your
audit
processing
needs
early
so
that
the
appropriate
controls
can
be
integrated
into
the
implementation
process
and

http://www.cloudbookcontent.com/Chapter17/index.html

you
can
discuss
and
confirm
your
processing
needs
with
a
potential
cloud-solution
provider.

Designing
for
Availability

As
part
of
their
service-level
agreement
(SLA),
most
cloud-based
providers
guarantee
system
availability,
normally
specifying
a
percentage
of
uptime,
such
as
99.9
percent.
For
most
applications,
99.9
percent
uptime
is
acceptable
(this
means
that
the
system
is
down
0.1
per-
cent
of
the
time,
or
525
minutes
each
year).
It
is
impor-
tant
that
you
identify
your
system’s
uptime
requirement
and
then,
likely
through
the
use
of
redundant
colocated
servers,
design
a
solution
that
meets
your
needs.

Designing
for
Backup

With
the
myriad
of
inexpensive
high-capacity
data-stor-
age
solutions
available
within
the
cloud,
loss
of
user
data
should
not
occur.
If
you
are
designing
your
own
solution,
you
must
consider
not
only
ways
to
back
up
your
data
(and
databases),
but
also
the
impact
of
each
method
on
your
system
availability
should
you
need
to
bring
down
the
system
to
restore
a
backup.

Designing
redundant
data-storage
solutions
will
always
involve
a
cost-versus-risk
trade-off.
The
issue
is
not
whether
you
back
up
data—data
backups
should
be
a
giv-
en,
always.
The
issue
is
aligning
acceptable
risk
mitiga-
tion
with
cost.

If
you
are
designing
a
solution
for
which
a
third
party
(such
as
a
software
as
a
solution
(SaaS)
provider)
will
manage
your
data,
you
need
to
understand
the
compa-
ny’s
backup
policies
and
procedures,
and
even
then
you
will
probably
still
want
to
integrate
your
own.

Designing
for
Existing
and
Future
Capacity

Chapter
19,
Application
Scalability,
examines
the
capaci-
ty
planning
process.
If
you
are
moving
an
existing
on-site
solution
to
the
cloud,
you
should
monitor
the
application
closely
to
fully
understand
its
processing
attributes,
such
as
user
demand,
CPU
utilization,
RAM
use,
and
data-
storage
consumption.
Knowing
your
system’s
current
re-
source
use,
you
can
better
guess
(it
is
difficult
to
predict
system
demand
accurately)
your
system’s
cloud
resource
needs.

With
this
knowledge,
you
can
design
for
scalability—the
ease
of
integrating
additional
computing
resources.
As
you
will
learn
in
Chapter
19,
there
are
two
primary
ways
you
can
scale
an
application.
First,
you
can
scale
the
ap-
plication
up
(called
vertical
scaling)
by
moving
the
appli-
cation
to
a
faster,
more
powerful
processor.
Second,
you
can
scale
an
application
out
(called
horizontal
scaling)
by
distributing
different
tasks
across
different
servers.
As
you
design
a
solution,
you
should
identify
opportunities
to
leverage
horizontal
scaling.
At
a
minimum,
you
should
design
your
solution
in
such
a
way
that
you
do
not
re-
strict
future
horizontal
scaling
potential.

Designing
for
Configuration
Management

Ideally,
cloud-based
solutions
may
be
used
at
any
time,
from
any
place,
with
any
device.
In
practice,
however,
this
means
that
developers
must
consider
a
variety
of
op-
erating
systems,
browsers,
and
device-specific
GUIs.
Op-
erating
systems
and
browsers
often
require
patches
to
address
security
issues,
and,
eventually,
each
will
face
new
version
releases.
If
you
are
designing
your
own
solu-
tion,
you
will
want
to
layer
configuration
solutions
on
top
of
your
system.
In
this
way,
you
will
reduce
the
impact
to
a
computer-based
user
when
changes
are
made
to
a
handheld
device
interface
or
vice
versa.

If
your
system
design
includes
the
use
of
an
SaaS
provider,
you
need
to
know
that
company’s
patch
man-
agement
and
versioning
policies
and
procedures.

Designing
for
Deployment

Chapter
8,
Virtualization,
examined
ways
that
desktop
virtualization
is
changing
how
solutions
are
delivered.
From
an
operating
system
on
demand,
to
thin
client
(browser-based)
solutions,
developers
have
a
myriad
of
ways
to
deploy
a
system.
As
you
design
a
solution,
you
should
identify
each
potential
user
type
and
its
environ-
ment
attributes
(such
as
operating
system,
device
type,
and
browser).
Then,
you
need
to
consider
not
only
how
you
will
deploy
the
initial
solution
to
the
user,
but
also
how
you
will
deploy
system
upgrades.

Designing
for
Disaster
Recovery

Chapter
10,
Disaster
Recovery
and
Business
Continuity
and
the
Cloud,
examined
considerations
for
reducing
the
risk
from
a
disaster
and
increasing
the
likelihood
that
a
business
is
able
to
continue
operating
after
such
an

event.
When
designing
a
solution
with
respect
to
disaster
recovery
and
business
continuity,
you
must
balance
risks
and
costs.
It
is
likely
impossible
and
unnecessary
to
pro-
tect
a
system
from
all
potential
events.
Instead,
you
must
determine
each
event’s
likelihood
and
business
impact
and
then
seek
to
provide
an
affordable
solution
that
miti-
gates
risks.
Fortunately,
the
cloud’s
affordable
and
dis-
tributable
resources
provide
developers
with
consider-
able
flexibility.

Designing
for
the
Environment
(Green
Computing)

Green
computing
describes
environmentally
friendly
IT
operations.
For
example,
replacing
an
application
that
prints
reams
of
paper
reports
with
a
browser-based
per-
formance
dashboard
is
an
example
of
a
green-computing
initiative.
As
you
have
learned,
within
a
data
center,
the
biggest
environmental
impact
is
the
power
consumption
to
drive
devices
and
air
conditioners.
As
more
companies
migrate
to
platform
as
a
service
(PaaS)
and
in-
frastructure
as
a
service
(IaaS)
providers,
many
smaller
(and
possibly
less
efficient)
data
centers
are
being
accu-
mulated
into
larger,
state-of-the-art
facilities.

As
the
capabilities
of
cloud-based
collaboration
tools
continue
to
increase,
travel
for
face-to-face
meetings
will
decrease,
resulting
in
a
lower
business-related
carbon
footprint.
That
said,
as
solutions
are
made
available
any
place,
any
time,
and
from
any
device,
the
net
result
is
a
huge
number
of
handheld
devices
that
are
never
pow-
ered
off.

As
green-computing
practices
continue
to
emerge,
de-
signers
will
be
pressured
to
consider
the
environmental
impact
of
their
designs.

Designing
for
Interoperability

Cloud-based
solutions
are
emerging
for
a
wide
range
of
applications.
Whereas
just
a
few
years
ago,
a
company
might
have
used
one
cloud-based
solution
for
a
customer
relationship
management
(CRM)
requirement,
or
a
solu-
tion
for
an
HR
application,
today,
many
companies
use
a
wide
range
of
cloud-based
solutions.
To
simplify
the
user
interaction
with
such
solutions,
many
companies
strive
to
integrate
the
solutions
and
often
even
to
share
data
across
solutions.
In
the
past,
companies
would
buy
and
install
middleware
software
to
facilitate
the
exchange
of
data
between
solutions.
Today,
there
are
cloud-based
middleware
solutions
that
let
companies
tie
together
two

cloud-based
solutions,
often
without
the
need
for
pro-
gramming
development.

As
you
design
cloud-based
solutions,
or
when
you
work
with
an
SaaS
provider,
consider
ways
you
may
need
to
integrate
data
between
applications
and
then
design
accordingly.

Designing
for
Maintainability

Designing
and
building
software
solutions
is
an
expen-
sive
process.
Usually,
the
most
costly
phase
of
the
soft-
ware
development
life
cycle
is
the
system
maintenance
phase.
To
maximize
code
reuse
and
to
increase
code
maintainability,
software
engineers
are
taught
to
create
highly
functional
(cohesive)
and
independent
(loosely
coupled)
software
modules.
Chapter
11,
Service­Oriented
Architecture,
discussed
the
role
of
cloud-based
web
ser-
vices
to
make
solutions
readily
available
to
a
variety
of
applications.
By
decomposing
an
application
into
highly
cohesive,
loosely
coupled
modules
and
then
deploying
those
solutions
to
applications
such
as
web
services,
de-
velopers
not
only
increase
component
reuse,
but
they
also
make
the
resulting
systems
easier
to
maintain
by
centralizing
key
processing
as
a
distributed
solution.

If
you
are
using
an
SaaS
solution,
you
need
to
keep
the
long-term
nature
of
your
relationship
in
mind.
Many
people
argue
that
cloud
solutions
are
initially
inexpen-
sive
but
may
cost
you
more
in
the
long
run.

Designing
for
Performance

Speed
matters.
Across
the
cloud,
you
can
find
a
myriad
of
companies
that
will
monitor
your
system
performance
and
will
estimate
a
percentage
of
users
who
will
leave
your
site
if
the
pages
do
not
load
within
2
to
3
seconds.
As
you
design
the
performance
aspects
of
your
solution,
first
you
need
to
identify
the
20
percent
of
your
system
that
will
be
used
80
percent
of
the
time.
Then,
you
need
to
focus
your
initial
performance
optimizations
there.
Chapter
19,
Application
Scalability,
looks
at
ways
you
can
scale
a
solution
to
meet
user
demand.
Designing
for
performance
and
designing
for
scalability
are
two
differ-
ent
issues.
Designing
for
performance
means
optimizing
what
you
have.
Designing
for
scalability
means
designing
for
the
future
integration
of
additional
computing
re-
sources.
The
following
are
some
ways
that
you
can
design
for
performance:

•  Reduce
the
use
of
graphics
on
key
pages.

•  Optimize
the
graphics
file
format
for
all
images.

•  Compress
large
text
blocks
before
downloading
the
text
to
a
browser.

•  Utilize
data
and
application
caching.

•  Fine-tune
disk
and
database
I/O
operations.

•  Reduce,
when
possible,
network
operations.

•  Fine-tune
secure
data
communication
transactions.

As
you
design
solutions,
evaluate
them
for
potential
bot-
tlenecks
as
well
as
for
optimization
points.
Understand
that
you
may
not,
due
to
time
or
budget
constraints,
have
the
ability
to
optimize
everything.

Designing
for
Price

Budgets
are
a
fact
of
life.
As
you
design,
you
must
be
aware
that
your
design
decisions
have
financial
implica-
tions.
A
solution
that
was
inexpensive
to
deploy
may
prove
costly
to
maintain
or
vice
versa.
Just
as
you
would
consider
the
performance
or
security
aspects
of
each
component
you
design,
you
must
also
consider
each
component’s
short-term
and
long-term
budget
impact.

Designing
for
Privacy

As
discussed
throughout
this
book,
many
users
are
not
comfortable
with
the
idea
of
putting
their
data
in
the
cloud.
Cloud-based
solutions
must
protect
a
user’s
data
privacy.
If
you
are
developing
a
healthcare
solution
with
HIPAA
requirements,
an
education
solution
with
FERPA
requirements,
or
an
e-commerce
solution
that
stores
credit
card
information,
you
will
need
to
design
your
so-
lution
in
a
way
that
protects
data
not
only
from
external
access,
but
also
from
internal
users
such
as
developers
and
administrators.

Most
designers
understand
the
importance
of
backing
up
user
data
and
replicating
key
databases.
It
is
important
to
note,
however,
that
each
data
backup
creates
a
poten-
tial
opportunity
for
a
user,
administrator,
or
hacker
to
gain
access
to
the
data.

Designing
for
Portability

Portability
is
a
measure
of
the
ease
with
which
a
solu-
tion
can
be
moved,
typically
from
one
platform
to
anoth-
er.
Ideally,
you
should
design
your
system
so
that
you
can
easily
move
the
solution
from
one
cloud
provider
to
another.
Many
developers
argue
that
by
using
open
source
tools
to
create
an
application
you
increase
the
ap-
plication’s
portability.
In
reality,
within
the
cloud,
devel-
opers
using
.Net
will
find
many
hosting
opportunities
be-
yond
Microsoft—it’s
a
big
cloud
and
solution
providers
want
to
service
all
developers.
If
you
are
designing
your
own
solutions,
be
aware
that
using
a
provider-specific
application
program
interface
(API),
which
may
not
be
available
through
other
providers,
may
create
a
form
of
vendor
lock-in.
Likewise,
if
you
use
an
SaaS
provider,
be
aware
that
each
unique
or
custom
capability
integrated
into
your
solution
may
bind
you
to
that
provider.

Designing
for
Recovery

We
have
discussed
the
need
to
design
a
solution
to
sup-
port
disaster
recovery
and
business
continuity
needs.
Ad-
ditionally,
you
should
design
your
solution
with
consid-
eration
for
how
you
will
recover
from
more
common
events,
such
as
server
failure,
user
error,
power
outages,
and
so
on.
Your
recovery
design
should
tie
closely
to
your
backup
design
and
your
system
redundancy
design.

Designing
for
Reliability

Computing
devices
(disks,
servers,
routers,
and
so
on)
will
eventually
fail.
You
have
learned
that
many
devices
have
an
associated
mean
time
between
failures
(MTBF)
attribute
that
you
can
use
to
estimate
the
device’s
poten-
tial
life
expectancy.
As
you
design
your
solutions,
you
must
identify
potential
signal
points
of
failure
and
then
design
potential
system
redundancy
or
establish
an
ac-
ceptable
system
downtime.

Designing
for
Response
Time

When
you
design
a
solution,
you
should
keep
the
user
ex-
perience
in
mind.
As
discussed,
users
are
conditioned
to
expect
fast
system
response.
In
fact,
a
large
percentage
of
users
will
leave
a
site
if
they
have
to
wait
more
than
a
few
seconds
for
pages
to
download
and
display.
As
you
de-
sign
a
solution,
you
need
to
consider
not
only
the
page
download
times,
but
also
the
system
response
time
after
a
user
performs
an
operation,
such
as
submitting
a
form.

Across
the
cloud,
there
are
companies
that
specialize
in
testing
the
user
experience.
These
companies
will
evalu-
ate
a
system
from
different
geographic
locations,
using
different
connection
speeds,
and
with
a
variety
of
browsers.
Your
response
time
design
efforts
may
be
closely
related
to
your
site’s
capacity
plan
design.

Designing
for
Robustness

Robustness
is
a
measure
of
a
site’s
ability
to
continue
op-
erations
in
the
event
of
an
error
or
system
failure,
such
as
a
server
failure
or
database
error.
Again,
as
you
design
you
should
strive
to
identify
and
eliminate
single
points
of
failure.
Furthermore,
you
should
consider
automating
a
system
resource
utilization
monitor
that
alerts
admin-
istrators
before
a
system’s
resources
become
critically
low.

Designing
for
Security

Chapter
9,
Securing
the
Cloud,
looks
at
a
variety
of
cloud-based
security
issues
developers
must
consider,
including
the
following:

•  Software
patch
installations
and
software
version
management

•  HR
vetting
of
cloud-based
personnel

•  Early
awareness
of
security
incidents
and
appropriate
responses

•  Data
privacy
issues
and
considerations

•  Jurisdictional
issues
for
a
remote
cloud-service
provider

•  Multitenant
solution
issues

•  Cloud-provider
failure
or
collapse

•  Defense
mechanisms
for
common
low-level
network
attacks

•  Data
wiping
for
shared-storage
space

•  Physical
security
considerations

For
each
component
you
design,
you
must
evaluate
the
component’s
potential
security
exposure.
Again,
in
some
cases
you
will
need
to
balance
risk
and
cost.

Designing
for
Testability

Cloud-based
solutions
will
likely
have
a
large
number
of
functional
and
nonfunctional
requirements.
As
you
de-
sign
a
solution,
you
need
to
keep
in
mind
how
you
will
test
various
aspects
of
your
design.
As
you
might
guess,
the
system’s
nonfunctional
requirements
are
often
the
most
difficult
to
test.
Depending
on
a
system
compo-
nent’s
purpose
and
functionality,
some
developers
will
use
a
methodology
called
test-driven
design
by
which
they
first
design
and
implement
one
or
more
test
cases
and
then
build
a
solution
that
can
satisfy
the
test.

Designing
for
Usability

To
be
of
use
a
system
must
be
usable.
Usability,
in
the
world
of
IT,
is
understood
as
a
measure
of
a
system’s
ease
of
use.
As
you
design
a
solution,
you
must
keep
the
user
foremost
in
your
mind.
Because
of
the
importance
of
meeting
system
usability
requirements,
many
design-
ers
will
model
or
create
a
prototype
of
the
user
experi-
ence
so
they
can
receive
user
feedback
early
in
the
design
process.

CHAPTER
SUMMARY

Cloud-based
systems
will
have
functional
requirements,
which
specify
the
tasks
the
system
must
perform,
and
nonfunctional
requirements,
which
define
the
behind-
the-scenes
operational
requirements
the
system
must
satisfy.
This
chapter
focused
primarily
on
considerations
a
designer
must
evaluate
when
addressing
a
system’s
nonfunctional
requirements
for
a
cloud-based
solution.
Designers
must
balance
a
large
number
of
operational
requirements
with
budget
and
time
considerations.
Ini-
tially,
a
designer
should
list
the
known
requirements
and
then
work
with
the
stakeholders
to
focus
on
the
require-
ments
that
will
have
the
biggest
positive
ROI.

KEY
TERMS

Functional
requirements

Green
computing

Middleware

Nonfunctional
requirements

Portability

System
requirements

Usability

CHAPTER
REVIEW

1.
Compare
and
contrast
functional
and
nonfunctional
requirements
and
provide
an
example
of
each.

2.
Discuss
why
a
designer
should
avoid
selecting
an
im-
plementation
platform
for
as
long
as
possible
during
the
design
process.

3.
Discuss
various
trade-offs
a
designer
may
need
to
make
with
respect
to
nonfunctional
requirements.

4.
Discuss
why
the
system
maintenance
phase
is
often
the
most
expensive
phase
of
the
software
development
life
cycle.

chapter
18

Coding Cloud-Based Applications
BEHIND
THE
SCENES,
DEVELOPERS
who
create
new
cloud-based
applications
or
who
move
existing
ap-
plications
to
the
cloud
are
truly
driving
the
cloud’s
explo-
sive
growth.
Creating
a
cloud-based
application
is
very
similar
to
building
a
traditional
web-based
application.
Developers
normally
use
a
programing
language
such
as
PHP,
Ruby,
Perl,
Pty,
or
C#,
along
with
HTML
and
CSS,
and
a
database.
As
discussed
in
Chapter
3,
Platform
as
a
Service
(PaaS),
many
cloud-solution
providers
offer
tools
that
developers
need
to
build
and
deploy
a
solution.
In
this
chapter,
we
will
look
at
two
of
the
most
widely
used
developer
platforms:
Google
App
Engine
and
Win-
dows
Azure.
In
addition,
many
companies
now
offer
tools
that
nonprogrammers
can
use
to
create
and
display
a
solution
without
coding.
We’ll
look
at
one
such
tool,
Yahoo!
Pipes,
and
its
ability
to
help
users
create
a
mashup.

Learning
Objectives

This
chapter
examines
coding
cloud-based
applications.
By
the
time
you
finish
this
chapter,
you
will
be
able
to
do
the
following:

•   Use
Yahoo!
Pipes
to
create
a
mashup.

•   Create
and
deploy
a
cloud-based
application
using
Google
App
Engine.

•   Create
and
deploy
a
cloud-based
application
using
Windows
Azure.

Creating
a
Mashup
Using
Yahoo!
Pipes

Across
the
cloud,
different
sites
provide
different
content
offerings.
A
mashup
is
a
page
that
combines
several
such
independent
pieces
of
content.
As
shown
in
FIGURE
18­
1,
a
mashup
may
be
created
and
delivered
by
a
server,
or
a
browser
may
use
JavaScript
to
combine
the
content.

FIGURE
18­1
A
mashup
combines
content
from
several
sources
onto
the
same
page.

Yahoo!
Pipes
is
a
cloud-based
application
that
provides
a
graphical
user
interface
(GUI)
that
programmers
can
use
to
combine
content
(create
a
mashup)
by
dragging
and
dropping
content
sources
onto
a
canvas.
Later,
when
a
user
views
a
pipe,
the
user
will
see
the
corresponding
content.
FIGURE
18­2,
for
example,
illustrates
the
user
view
of
a
pipe
that
combines
news
feeds
from
a
wide
range
of
sources.

Pipes
are
so
named
because
they
let
developers
connect
the
data
flowing
from
one
source
into
the
data
processed
by
another.
FIGURE
18­3,
for
example,
illustrates
the
pipes
to
create
the
news
feed
previously
shown.

FIGURE
18­2
Yahoo!
Pipes
allows
developers
to
com-
bine
content
from
multiple
sources
into
a
single
mashup.

FIGURE
18­3
Yahoo!
Pipes
flow
the
content
from
one
source
into
the
input
of
a
second
source.

Similarly,
FIGURE
18­4
illustrates
a
pipe
that
combines
movie
reviews
with
photos
from
Flickr
and
videos
from
YouTube.

FIGURE
18­4
Using
Yahoo!
Pipes
to
mash
content
from
several
sites
to
create
a
movie
review.

FIGURE
18­5
Using
Yahoo!
Pipes
to
combine
text,
im-
age,
and
video
data
into
a
user
interface.

Again,
the
developer
created
this
pipe
by
connecting
data
sources,
as
shown
in
FIGURE
18­5.

Creating
a
Simple
Yahoo!
Pipe

To
create
your
own
Yahoo!
Pipe,
visit
pipes.yahoo.com,
as
shown
in
FIGURE
18­6.

FIGURE
18­6
To
create
a
pipe,
start
at
pipes.yahoo.com.

FIGURE
18­7
To
create
a
Yahoo!
Pipe,
users
drag
and
connect
data
sources
within
the
Yahoo!
Pipe
canvas.

Within
the
page,
log
in
to
Yahoo!
and
click
the
Create
Pipe
button.
Your
browser,
in
turn,
will
display
the
pipe
canvas
and
the
data
sources
that
you
can
use
to
create
your
pipe,
as
shown
in
FIGURE
18­7.

In
this
example,
you
will
create
a
pipe
called
FindIt,
which
prompts
the
user
to
enter
an
item
(store,
restau-

http://pipes.yahoo.com/

http://pipes.yahoo.com/

rant,
or
other
destination)
and
a
geographic
area
(city,
state,
or
zip
code)
as
shown
in
FIGURE
18­8.

FIGURE
18­8
The
user
interface
of
a
Yahoo!
Pipe,
which
prompts
the
user
for
an
item
and
location.

FIGURE
18­9
Using
a
Yahoo!
Pipe
to
display
locations
that
offer
pizza.

After
the
user
types
in
the
item
and
location,
the
page
will
display
the
location
of
items
that
match.
For
exam-
ple,
FIGURE
18­9
lists
locations
within
Prescott,
Arizona,
that
offer
pizza.

  To
create
your
Yahoo!
Pipe,
perform
the
following
steps:

1.
From
the
left
side
of
the
screen,
drag
a
Text
Input
ob-
ject
from
the
User
Input
group
onto
the
canvas.

2.
Label
the
Name
of
the
Text
Input
object
as
Item
and
set
the
prompt
to
Item.

3.
From
the
Sources
group,
drag
a
Yahoo!
local
object
onto
the
canvas.
Within
the
object,
change
the
“Within”
field
to
“20
miles.”

4.
Using
your
mouse,
drag
the
circle
found
at
the
bottom
of
the
Text
Input
box
into
the
Find
field
of
the
Yahoo!
Local
box.
The
canvas
will
display
a
pipe,
as
shown
in
FIGURE
18­10.

5.
From
the
Location
group,
drag
and
drop
a
Location
Build
object
onto
the
canvas.

6.
From
the
User
Input
group,
drag
another
Text
Input
object
onto
the
canvas.
Label
the
object’s
Name
as
Loca-
tion
and
set
the
prompt
to
Location.

7.
Using
your
mouse,
drag
the
circle
from
the
new
text
box
into
the
Location
field
of
the
Location
Builder
object.
The
canvas
will
display
a
second
pipe,
as
shown
in
FIG­
URE
18­11.

Figure
18­10
Using
a
pipe
to
connect
objects
within
a
Yahoo!
Pipe.

FIGURE
18­11
Creating
a
second
pipe
to
connect
objects.

8.
Using
your
mouse,
drag
the
circle
from
the
Yahoo!
Lo-
cation
box
to
the
Pipe
Output
object.
The
canvas
will
dis-
play
the
third
and
final
pipe,
as
shown
in
FIGURE
18­12.

FIGURE
18­12
Using
a
pipe
to
specify
the
user
output.

9.
Click
the
Save
button
and
specify
a
name
under
which
to
save
your
pipe.

10.
Click
the
Properties
button.
Your
browser
will
display
a
link
that
you
can
use
to
run
your
pipe
(display
the
pipe’s
output).

Later,
if
you
share
the
URL
to
your
pipe
with
other
users,
they
can
use
it
to
search
for
a
wide
range
of
items.
FIG­
URE
18­13,
for
example,
shows
the
pipe’s
input
screen
and
output
results
for
pipe
search.

Using
Google
App
Engine

Using
Google
App
Engine,
developers
can
deploy
ap-
plications
that
run
on
the
Google
infrastructure.
Google
maintains
the
servers,
scales
the
applications,
and
per-
forms
the
behind-the-scenes
server
administration.
De-
velopers
can
get
started
with
Google
App
Engine
at
no
charge.
As
an
application’s
demand
increases,
Google
al-
lows
developers
to
pay
only
for
the
resources
they
con-
sume.
Developers
normally
build
Google
App
Engine
so-
lutions
using
Java,
Python,
or
PHP.

FIGURE
18­13
Displaying
the
results
of
a
Yahoo!
Pipe.

Creating
a
Hello,
World!
Application
with
Google
App
Engine

To
start,
create
the
following
simple
Python
application,
which
displays
the
text
“Hello,
world!”
to
the
user:

print
“Content-type:
text/html\n\n”

print
“Hello,
world!”

After
you
have
the
application
working
locally,
you
can
upload
the
application
to
the
Google
App
Engine.
Visit
appengine.google.com
and
log
in
to
a
Google
account.
Then
select
the
Create
Application
button.
You
may
need
to
authenticate
yourself
to
Google
further
before
you
can
continue.

Downloading
the
Google
App
Engine
Software
Develop­
ment
Kit

Depending
on
the
programming
language
you
are
using
to
develop
your
application,
you
will
need
to
download
and
install
the
corresponding
Google
App
Engine
soft­
ware
development
kit
(SDK).
For
this
example,
you
would
download
the
Python
SDK.
The
SDK,
in
turn,
pro-
vides
utility
programs
you
can
use
to
upload
your
pro-
gram
into
the
Google
App
Engine.

Deploying
a
Simple
Google
App
Engine
Example

To
begin,
open
a
command
line
window
as
shown
in
FIG­
URE
18­14
and
locate
the
file
folder
that
contains
the
ap-
pcfg.py
script,
which
was
created
by
the
SDK
installation.

http://appengine.google.com/

FIGURE
18­14
Using
a
command
line
window,
locate
the
appcfg.py
script
that
you
will
use
to
upload
your
Python
script
to
the
Google
App
Engine.

For
this
example,
create
a
folder
within
the
folder
that
contains
appcfg.py
named
Hello,
within
which
you
store
the
Hello.py
script:

print
“Content-type:
text/html\n\n”

print
“Hello,
world!”

Next,
within
the
same
folder,
create
a
file
named
ap-
p.yaml,
which
Google
will
use
to
configure
your
applica-
tion.
Use
the
following
script,
replacing
the
value
2a2a2a2a2a2abbb
with
the
application
ID
you
received
from
Google:

Then,
run
the
appcfg.py
script,
as
shown
in
FIGURE
18­
15,
to
upload
your
application.

You
can
then
test
your
application
from
Google’s
appspot
website,
as
shown
in
FIGURE
18­16.

FIGURE
18­15
For
a
Python
script,
the
appcfg.py
script
will
upload
the
application
into
the
Google
App
Engine.

FIGURE
18­16
Running
a
Python
script
deployed
to
the
Google
App
Engine.

Creating
a
More
Advanced
Google
App
Engine
Application

To
assist
developers
in
creating
applications,
Google
pro-
vides
a
variety
of
application
program
interfaces
(APIs).
The
following
code
uses
a
Google
API
to
display
specifics
about
the
current
user:

If
you
place
this
code
into
your
previous
Hello.py
script,
you
can
then
rerun
the
previous
appcfg.py
script
to
up-
load
the
application
into
the
Google
App
Engine.

When
you
later
run
the
script,
Google
will
prompt
you
to
log
in.
Then
the
page
will
display
your
user
specifics,
as
shown
in
FIGURE
18­17.

Creating
a
Windows
Azure
“Hello,
World!”
Application

For
.Net
developers,
creating
a
Windows
Azure
applica-
tion
is
a
natural
extension
of
their
previous
ASP.NET
de-
velopment.
The
developers
will
use
the
Visual
Studio
to
create
and
deploy
their
applications.
Eventually,
support
for
Windows
Azure
will
be
integrated
into
Visual
Studio.
At
the
time
of
this
writing,
however,
developers
must
download
and
install
a
Windows
Azure
software
develop-
ment
kit
as
well
as
tools
for
Visual
Studio.
In
addition,
developers
must
register
at
the
Windows
Azure
site—
which
they
can
do
free
of
charge.
At
the
Windows
Azure
site,
developers
will
find
tutorials
to
guide
them
through
the
process
of
creating
and
deploying
a
cloud-based
application.

http://asp.net/

FIGURE
18­17
Displaying
a
user’s
Google
specifics.

FIGURE
18­18
Creating
a
cloud-based
project
hosted
on
Windows
Azure.

After
you
install
the
Windows
Azure
SDK
and
Visual
Stu-
dio
support
tools,
start
Visual
Studio
and
create
a
new
project.
Within
Visual
Studio’s
list
of
installed
templates,
select
Cloud,
as
shown
in
FIGURE
18­18.

Within
the
New
Windows
Azure
Project
dialog
box,
se-
lect
the
ASP.NET
Web
Role
entry,
as
shown
in
FIGURE
18­19.

FIGURE
18­19
Using
the
ASP.NET
Web
Role
to
create
your
cloud
application.

http://asp.net/

http://asp.net/

FIGURE
18­20
Modify
the
Default.aspx
file’s
contents
and
screen
display.

Next,
within
Visual
Studio,
edit
the
Default.aspx
file
to
change
the
text
from
Welcome
to
ASP.NET!
to
Welcome
to
the
Cloud,
as
shown
in
FIGURE
18­20.

Select
the
Project
menu
Package
option.
Visual
Studio
will
display
the
Package
Windows
Azure
Application
dia-
log
box.
Select
OK.
Your
screen
will
display
a
window
that
contains
the
package
files,
as
shown
in
FIGURE
18­
21.
Note
the
name
of
the
folder
within
which
the
package
files
reside.
You
will
need
the
files
later
to
upload
your
application
to
Windows
Azure.

Log
in
to
the
Windows
Azure
site,
as
shown
in
FIGURE
18­22.

http://asp.net/

FIGURE
18­21
Displaying
package
files
within
Visual
Studio.

FIGURE
18­22
To
upload
a
program,
you
must
first
log
in
to
the
Windows
Azure
site.

FIGURE
18­23
Providing
Windows
Azure
with
specifics
about
your
application.

Click
the
New
Hosted
Services
button.
Your
screen
will
display
a
dialog
box
similar
to
that
shown
in
FIGURE
18­
23,
which
you
must
complete.

Using
the
folders
within
which
you
stored
the
applica-
tion’s
package
files,
complete
the
dialog
box
fields.
Win-
dows
Azure,
in
turn,
will
begin
the
upload
process,
even-
tually
displaying
specifics
about
the
application,
as
shown
in
FIGURE
18­24.

Using
the
URL
provided
in
the
Windows
Azure
project
specifics,
deploy
your
application.
Your
browser,
in
turn,
should
display
the
cloud-hello
message,
as
shown
in
FIG­
URE
18­25.

FIGURE
18­24
Loading
an
application
into
the
Win-
dows
Azure
platform.

FIGURE
18­25
Successfully
deploying
an
application
within
Windows
Azure.

CHAPTER
SUMMARY

Cloud
use
is
driven
by
new
applications,
which
means
that
developers
who
create
new
cloud-based
applications
or
who
move
existing
applications
to
the
cloud
are
the
ones
truly
driving
the
cloud’s
explosive
growth.
In
gener-
al,
creating
a
cloud-based
application
is
similar
to
build-
ing
a
traditional
web-based
application.
That
is,
develop-
ers
will
use
a
programing
language
such
as
PHP,
Ruby,
Perl,
Pty,
or
C#,
along
with
HTML
and
CSS,
and
a
data-
base.
In
addition,
many
cloud-solution
providers
offer
tools
that
developers
need
to
build
and
deploy
a
solution
without
having
to
code.
Such
applications
should
accel-
erate
the
rate
at
which
applications
enter
the
cloud.
In
this
chapter,
you
learned
how
to
use
Google
App
Engine
and
Windows
Azure
to
deploy
a
cloud-based
application.

In
addition,
you
learned
how
Yahoo!
Pipes
allows
users
to
create
mashups
without
the
need
for
code.

KEY
TERMS

Google
App
Engine

Software
development
kit
(SDK)

Yahoo!
Pipes

CHAPTER
REVIEW

1.
Using
Yahoo!
Pipes,
create
a
pipe
that
displays
the
names
of
pizza
restaurants
within
a
given
zip
code.

2.
Using
Google
App
Engine,
create
a
page
that
displays
the
following
Python
script:

print
“Content-type:
text/html\n\n”

print
“Cloud
Computing,
Chapter
18”

chapter
19

Application Scalability
SCALABILITY
REFERS
TO
AN
application’s
ability
to
add
or
remove
resources
dynamically
based
on
user
demand.
Throughout
this
book,
you
have
learned
that
one
of
the
greatest
advantages
of
cloud-based
ap-
plications
is
their
ability
to
scale.
Anticipating
user
de-
mand
is
often
a
“best
guess”
process.
In
the
past,
devel-
opers
had
to
release
site
resources
(servers,
CPUs,
disk
space)
capable
of
meeting
the
anticipated
initial
user
de-
mand,
plus
growth.
Often
developers
could
not
accurate-
ly
project
the
demand,
and
frequently
they
released
too
few
or
too
many
resources.

Learning
Objectives

This
chapter
examines
the
resource-scaling
process.
By
the
time
you
finish
this
chapter,
you
will
be
able
to
do
the
following:

•   Define
and
describe
scalability.

•   Define
and
describe
the
Pareto
principle.

•   Compare
and
contrast
scaling
up
and
scaling
out.

•   Understand
how
the
law
of
diminishing
returns
ap-
plies
to
the
scalability
process.

•   Describe
the
importance
of
understanding
a
site’s
database
read/write
ratio.

•   Compare
and
contrast
scalability
and
capacity
planning.

•   Understand
how
complexity
can
reduce
scalability.

CASE
19-1
THE
PARETO
PRINCIPLE
(80/20
RULE)

Whether
you
are
developing
code,
monitoring
system
utilization,
or
debugging
an
application,
you
need
to
con-
sider
the
Pareto
principle,
also
known
as
the
80/20
rule,
or
the
rule
of
the
vital
few
and
the
trivial
many.
The

Pareto
principle
accurately
describes
different
scenarios
such
as
the
following:

•  80
percent
of
development
time
is
spent
on
20
percent
of
the
code.

•  80
percent
of
errors
reside
in
20
percent
of
the
code.

•  80
percent
of
CPU
processing
time
is
spent
within
20
percent
of
the
code.

•  80
percent
of
system
use
comes
from
20
percent
of
the
users.

If
you
consider
the
Pareto
principle,
you
may
find
that
you
do
not
need
to
optimize
all
of
an
application’s
code.
Instead,
you
can
focus
your
effort
on
20
percent
of
the
code
that
users
use
most
often.

Exercise
Consider
system
performance
monitoring.
What
other
relationships,
such
as
disk
space
use
or
data-
base
space
use,
may
relate
to
the
Pareto
principle?

Web
Resources
For
more
information
on
the
Pareto
principle,
visit
www.CloudBookContent.com/Chapter19/index.html.

Reviewing
the
Load-Balancing
Process

Cloud-based
solutions
should
scale
on
demand.
This
means
that
if
an
application’s
user
demand
reaches
a
specific
threshold,
one
or
more
servers
should
be
added
dynamically
to
support
the
application.
Likewise,
when
the
demand
decreases,
the
application
should
scale
down
its
resource
use.
When
an
application
uses
multiple
servers,
one
server,
as
shown
in
FIGURE
19­1,
must
per-
form
the
task
of
load
balancing.

The
load-balancing
server
receives
client
requests
and
distributes
each
request
to
one
of
the
available
servers.
To
determine
which
server
gets
the
request,
the
load
bal-
ancer
may
use
a
round-robin
technique,
a
random
algo-
rithm,
or
a
more
complex
technique
based
upon
each
server’s
capacity
and
current
workload.
For
an
applica-
tion
to
exploit
load
balancing
fully,
the
application
devel-
opers
must
design
the
application
for
scaling.

http://www.cloudbookcontent.com/Chapter19/index.html

FIGURE
19­1
The
load-balancing
server
distributes
workload
across
an
application’s
server
resources.

CASE
19-2
GANGLIA
MONITORING
SYSTEM

If
you
are
using
Linux-based
servers,
you
should
consid-
er
deploying
the
Ganglia
Monitoring
System
to
monitor
your
system
use.
Ganglia
is
an
open-source
project
creat-
ed
at
the
University
of
California,
Berkeley.
The
software
monitors
and
graphically
displays
the
system
utilization,
as
shown
in
FIGURE
19­2.

FIGURE
19­2
Monitoring
system
utilization
using
the
Ganglia
Monitoring
System.

Exercise
Examine
the
Ganglia
Monitoring
System.
Which
of
the
system’s
features
are
most
critical
to
cloud
administrators?
Why?

Web
Resources
For
more
information
on
the
Ganglia
Monitoring
System,
visit
www.CloudBookContent.com/Chapter19/index.html.

Designing
for
Scalability

Often
developers
take
one
of
two
extremes
with
respect
to
designing
for
scalability—they
do
not
support
scaling
or
they
try
to
support
unlimited
scaling.
In
general,
de-
velopers
should
focus
their
effort
somewhere
in
the
mid-
dle.
In
other
words,
they
should
design
and
build
the
ap-
plication
with
the
expectation
that
it
will
scale
to
a
point,
possibly
beyond
reasonable
expectations.
It
is
important
to
note
that
most
applications
do
not
experience,
and
therefore
do
not
need
to
support,
overnight
success.

Scaling
Up,
Scaling
Out,
or
Both

Before
you
discuss
or
plan
for
scaling,
it
is
important
to
understand
that
there
are
two
ways
to
scale
a
solution.
First,
you
can
scale
up
an
application
(known
as
vertical
scaling)
by
moving
the
application
to
faster
computer
resources,
such
as
a
faster
server
or
disk
drive.
If
you
have
a
CPU-intensive
application,
moving
the
applica-
tion
to
a
faster
CPU
should
improve
performance.
Sec-
ond,
you
can
scale
out
an
application
(known
as
hori­
zontal
scaling)
by
rewriting
the
application
to
support
multiple
CPUs
(servers)
and
possibly
multiple
databases.
As
a
rule,
normally
it
costs
less
to
run
an
application
on
multiple
servers
than
on
a
single
server
that
is
four
times
as
fast.

Assume,
for
example,
that
your
application
makes
exten-
sive
use
of
a
web
service
to
perform
complex
processing.
If
the
web
service
becomes
a
bottleneck,
a
place
where
system
traffic
slows
because
of
lack
of
resources,
you
could
host
the
web
service
on
a
faster
server
(by
scaling
up)
or
you
could
place
the
web
service
on
multiple
servers,
which
the
application
may
call
in
a
round-robin
fashion
(by
scaling
out).
As
shown
in
FIGURE
19­3,
over
time,
a
developer
may
use
both
vertical
and
horizontal
scaling.

http://www.cloudbookcontent.com/Chapter19/index.html

FIGURE
19­3
Developers
often
use
vertical
and
hori-
zontal
scaling
to
meet
application
demands.

CASE
19-3
WEBPAGETEST

Before
you
consider
scaling,
you
should
understand
your
system
performance
and
potential
system
bottlenecks.
www.webpagetest.org
evaluates
your
site
and
creates
a
detailed
report,
as
shown
in
FIGURE
19­4.
The
report
helps
you
identify
images
you
can
further
compress
and
the
impact
of
your
system
caches,
as
well
as
potential
benefits
of
compressing
text.

Exercise
Use
WebPagetest
to
evaluate
two
or
more
websites.
Discuss
how
the
report’s
findings
align
with
your
user
experience.

Web
Resources
For
more
information
on
Web-
Pagetest,
visit
www.CloudBookContent.com/Chapter19/index.html.

http://www.webpagetest.org/

http://www.cloudbookcontent.com/Chapter19/index.html

FIGURE
19­4
Using
WebPagetest
to
evaluate
system
performance.

Minimize
Objects
on
Key
Pages

Across
the
Web,
developers
strive
for
site
pages
that
load
in
2
to
3
seconds
or
less.
If
a
web
page
takes
too
long
to
load,
visitors
will
simply
leave
the
site.
With
that
in
mind,
you
should
evaluate
your
key
site
pages,
particu-
larly
the
home
page.
If
possible,
reduce
the
number
of
objects
on
the
page
(graphics,
audio,
and
so
on),
so
that
the
page
loads
within
an
acceptable
time.

Selecting
Measurement
Points

As
you
analyze
your
site
with
respect
to
scalability,
you
will
want
your
efforts
to
have
a
maximum
performance
impact.
To
begin,
identify
the
potential
bottlenecks
with-
in
the
system,
both
with
respect
to
CPU
utilization
and
database
use.
If,
for
example,
you
scale
part
of
the
system
that
is
not
in
high
demand,
your
scaling
will
not
signifi-
cantly
affect
system
performance.
As
you
consider
your
measurement
points,
keep
the
80/20
rule
in
mind
and
strive
to
identify
the
20
percent
of
your
code
that
per-
forms
80
percent
of
the
processing.

CASE
19-4
ALERTRA
WEBSITE
MONITORING

Often,
system
administrators
do
not
know
that
a
site
has
gone
down
until
a
user
contacts
them.
Alertra,
shown
in
FIGURE
19­5,
provides
a
website
monitoring
service.
When
it
detects
a
problem,
it
sends
an
e-mail
or
text
message
to
the
site’s
administrative
team.
Companies
can
schedule
Alertra
to
perform
its
system
checks
minute-by-minute
or
hourly.

Exercise
Discuss
the
benefits
of
having
a
real-time
site
monitor
and
describe
how
you
would
justify
the
invest-
ment
of
using
such
a
site.

Web
Resources
For
more
information
on
the
Alertra
Website
Monitoring
service,
visit
www.CloudBookCon-
tent.com/Chapter19/index.html.

FIGURE
19­5
Alertra
notifies
system
administrators
about
a
cloud-based
system
error
or
failure.

Analyze
Your
Database
Operations

As
you
know,
load
balancing
an
application
that
relies
on
database
operations
can
be
challenging,
due
to
the
appli-
cation’s
need
to
synchronize
database
insert
and
update
operations.
Within
most
sites,
most
of
the
database
oper-
ations
are
read
operations,
which
access
data,
as
opposed
to
write
operations,
which
add
or
update
data.
Write
op-
erations
are
more
complex
and
require
database
synchronization.

You
may
be
able
to
modify
your
application
so
that
it
can
distribute
the
database
read
operations,
especially
for

http://www.cloudbookcontent.com/Chapter19/index.html

data
that
are
not
affected
by
write
operations
(static
data).
By
distributing
your
database
read
operations
in
this
way,
you
horizontally
scale
out
your
application,
which
may
not
only
improve
performance,
but
also
im-
prove
resource
redundancy.

CASE
19-5
PINGDOM
WEBSITE
MONITORING

Pingdom
provides
real-time
site
monitoring
with
alert
notification
and
performance
monitoring.
It
notifies
you
in
the
event
of
system
downtime
and
provides
perfor-
mance
reports
based
on
your
site’s
responsiveness.
As
shown
in
FIGURE
19­6,
Pingdom
provides
tools
you
can
use
to
identify
potential
bottlenecks
on
your
site.

Exercise
Discuss
the
potential
bottlenecks
that
are
common
to
all
cloud-based
sites.

Web
Resources
For
more
information
on
Pingdom
Website
Monitoring,
visit
www.CloudBookContent.com/Chapter19/index.html.

FIGURE
19­6
Pingdom
performance
reports
identify
system
bottlenecks.

Evaluate
Your
System’s
Data
Logging
Requirements

http://www.cloudbookcontent.com/Chapter19/index.html

y gg g q
When
developers
deploy
new
sites,
often
they
enable
var-
ious
logging
capabilities
so
they
can
watch
for
system
er-
rors
and
monitor
system
traffic.
Frequently,
they
do
not
turn
off
the
logs.
As
a
result,
the
log
files
consume
con-
siderable
disk
space,
and
the
system
utilizes
CPU
pro-
cessing
time
updating
the
files.
As
you
monitor
your
sys-
tem
performance,
log
only
those
events
you
truly
must
measure.

CASE
19-6
GOMEZ
WEB
PERFOMANCE
BENCHMARKS

Many
times
developers
want
to
compare
their
site’s
benchmarks
with
those
of
other
sites.
This
is
where
Gomez
comes
into
play.
Gomez
provides
site
benchmark-
ing
for
web
and
mobile
applications.
It
provides
cross-
browser
testing
as
well
as
load
testing.
In
addition,
as
shown
in
FIGURE
19­7,
Gomez
performs
real-user
moni-
toring,
which
focuses
on
the
user
experience
with
respect
to
the
browser
influence,
geographic
location,
communi-
cation
speed,
and
more.

Exercise
Discuss
the
importance
of
performing
real-
user
monitoring.

Web
Resources
For
more
information
on
Gomez
Web
Performance
Benchmarks,
www.CloudBookContent.-
com/Chapter19/index.html.

http://www.cloudbookcontent.com/Chapter19/index.html

FIGURE
19­7
Using
Gomez
Web
Performance
Bench-
marks
to
measure
the
user
experience.

Revisit
Your
Service­Level
Agreement

As
you
plan
for
your
site’s
scalability,
take
time
to
review
your
service-level
agreement
(SLA)
with
the
cloud-solu-
tion
provider.
The
SLA
may
specify
performance
mea-
sures
that
the
provider
must
maintain,
which,
in
turn,
provides
the
resources
to
which
your
application
can
scale.
As
you
review
your
SLA,
make
sure
you
under-
stand
the
numbers
or
percentages
it
presents.
For
exam-
ple,
many
solution
providers
claim
99.9
percent
uptime
and
availability.
If
you
do
the
math,
you
will
see
that
if
your
site
is
down
0.1
percent
of
the
time,
it
equals

(0.1%)(365
days/year)(24
hours/day)(60
minutes/hour)
=
525
minutes
per
year
(nearly
10
hours)

Capacity
Planning
Versus
Scalability

Scalability
defines
a
system’s
ability
to
use
additional
re-
sources
to
meet
user
demand.
In
contrast,
capacity
plan-
ning
defines
the
resources
your
application
will
need
at
a
specific
time.
The
two
terms
are
related,
yet
different.
When
you
first
design
a
system,
for
example,
you
might
plan
for
10,000
users
accessing
the
system
between
6:00
a.m.
and
6:00
p.m.
Starting
with
your
user
count,
you
can
then
determine
the
number
of
servers
needed,
the
bandwidth
requirements,
the
necessary
disk
space,
and
so
on.
In
other
words,
you
can
determine
the
capacity
your
system
needs
to
operate.

When
your
user
demand
exceeds
your
system
capacity,
you
must
scale
the
system
by
adding
resources.

Scalability
and
Diminishing
Returns

If
an
application
is
designed
to
scale
(vertical,
or
scaling
up
to
faster
resources
is
easy),
the
question
becomes
“How
many
resources
are
enough?”
Keep
in
mind
that
you
will
start
a
scaling
process
to
meet
performance
re-
quirements
based
upon
user
demand.
To
measure
per-
formance,
you
should
select
benchmarks
that
are
most
meaningful,
such
as
the
following:

•  Support
for
5,000
simultaneous
users

•  CPU
utilization
that
does
not
exceed
50
percent

•  Loading
of
the
home
page
in
3
seconds
or
less

•  Loading
of
all
pages
in
5
seconds
or
less

•  Completions
of
all
user
submitted
operations
in
10
sec-
onds
or
less

With
your
selected
benchmarks
in
place,
you
can
begin
to
measure
the
performance
effects
of
scaling.
At
first,
adding
a
faster
processor,
more
servers,
or
increased
bandwidth
should
have
measurable
system
performance
improvements.
However,
you
will
reach
a
point
of
di­
minishing
returns,
as
shown
in
FIGURE
19­8,
when
adding
additional
resources
does
not
improve
perfor-
mance.
At
that
point,
you
should
stop
scaling.

FIGURE
19­8
You
will
reach
a
point
of
diminishing
re-
turns,
at
which
point
further
scaling
does
not
significant-
ly
improve
application
performance.

Performance
Tuning

Your
goal
is
to
maximize
system
performance.
By
scaling
resources,
you
will,
to
a
point,
increase
performance.
In
addition
to
managing
an
application’s
resource
utiliza-
tion,
developers
must
examine
the
application
itself,
be-
ginning
with
the
program
code
and
including
the
objects
used,
such
as
graphics
and
the
application’s
use
of
caching.
Caching
is
the
use
of
a
faster
disk
drive
or
faster
random
access
memory
to
store
items
that
are
used
repeatedly
by
the
application
in
order
to
improve
system
performance

This
process
is
known
as
performance
tuning.
To
start
the
process,
look
for
existing
or
potential
system
bottlenecks.
After
you
correct
those,
you
should
focus
on
the
20
percent
of
the
code
that
performs
80
percent
of
the
processing—which
will
provide
you
the
biggest
return
on
your
system
tuning
investment.

Complication
Is
the
Enemy
of
Scalability

As
you
design
solutions,
remember
that
as
complexity
within
a
system
increases,
so
too
does
the
difficulty
of
maintaining
the
underlying
code,
as
well
as
the
overhead
associated
with
the
complex
code.
Furthermore,
as
an
application’s
complexity
increases,
its
ability
to
scale
usually
decreases.
When
a
solution
begins
to
get
com-
plex,
it
is
worth
stopping
to
evaluate
the
solution
and
the
current
design.
Often,
complexity
occurs
because
a
solu-
tion
is
trying
to
handle
all
possible
conditions—some
of
which
may
never
occur.
If
you
design
the
solution
for
the
common
conditions
(the
80/20
rule)
in
a
simple
way,
your
code
will
be
easier
to
modify
in
the
future,
perhaps
to
support
horizontal
scaling.

CASE
19-7
KEYNOTE
CLOUD
MONITORING

Keynote,
as
shown
in
FIGURE
19­9,
is
one
of
the
world’s
largest
third-party
monitors
of
cloud
and
mobile
ap-
plications.
In
fact,
the
company
performs
more
than
100
billion
site
measurements
each
year.
Keynote
uses
thou-
sands
of
measurements
that
come
from
computers
dis-
persed
across
the
globe.
In
addition
to
providing
notif-
ication
of
site
downtime,
Keynote
provides
a
real-time
performance
dashboard.

Exercise
Discuss
the
importance
of
testing
a
cloud
solu-
tion’s
performance
from
computers
dispersed
across
the
globe.

Web
Resources
For
more
information
on
Keynote
Cloud
Monitoring,
visit
www.CloudBookContent.com/Chapter19/index.html.

http://www.cloudbookcontent.com/Chapter19/index.html

FIGURE
19­9
Keynote
Cloud
Monitoring
provides
site
performance
in
real
time.

CHAPTER
SUMMARY

An
application’s
scalability
corresponds
to
its
ability
to
add
or
remove
resources
dynamically
based
on
user
de-
mand.
One
of
the
greatest
advantages
of
cloud-based
ap-
plications
is
their
ability
to
scale.
Unfortunately,
often
it
is
difficult
for
developers
to
identify
what
an
applica-
tion’s
user
demand
will
be.
Often,
developers
will
release
site
resources
(servers,
CPUs,
disk
space)
capable
of
meeting
the
anticipated
initial
user
demand,
plus
growth.
When
developers
are
wrong,
however,
the
project
will
have
too
few
or
too
many
resources.
This
chapter
examined
ways
applications
can
scale
up
to
faster
processors
or
scale
out
to
utilize
more
resources.

KEY
TERMS

Bottleneck

Caching

Point
of
diminishing
returns

Horizontal
scaling

Pareto
principle

Performance
tuning

Vertical
scaling

CHAPTER
REVIEW

1.
Define
scalability.

2.
List
five
to
ten
potential
relationships
that
align
with
the
Pareto
principle,
such
as
how
80
percent
of
sales
come
from
20
percent
of
customers.

3.
Compare
and
contrast
vertical
and
horizontal
scaling.

4.
Explain
the
importance
of
the
database
read/write
ratio.

5.
Assume
a
site
guarantees
99.99
percent
uptime.
How
many
minutes
per
year
can
the
site
be
down?

chapter
20

The Future of the Cloud
THROUGHOUT
THIS
BOOK,
YOU
have
examined
the
most
recent
cloud-based
solutions
and
applications.
With
many
cloud
solutions
already
seemingly
quite
cut-
ting
edge,
it
is
hard
to
imagine
how
the
cloud
will
evolve
in
the
near
and
far
term.

Learning
Objectives

This
chapter
examines
the
future
of
the
cloud
and
cloud-
based
applications.
By
the
time
you
finish
this
chapter,
you
will
be
able
to
do
the
following:

•   Describe
how
the
cloud
will
influence
future
operating
systems.

•   Describe
how
the
cloud
enables
location-aware
applications.

•   Describe
how
the
cloud
will
change
the
way
people
watch
TV.

•   Describe
how
the
cloud
may
enable
the
use
of
intelli-
gent
fabrics.

•   Describe
how
the
cloud
will
enable
communication
among
smart
devices.

•   Describe
how
the
cloud
will
drive
mobile
solutions
and
mobile
solutions
will
drive
the
cloud.

•   Discuss
the
role
of
HTML5
in
enabling
new
mobile
applications.

•   Describe
the
role
of
home-based
clouds.

CASE
20-1
FUTURE
OF
CLOUD
COPMUTING

Janna
Quitney
of
Elon
University
and
Lee
Rainie
of
the
Pew
Research
Center’s
Internet
&
American
Life
Project
surveyed
cloud
experts
and
produced
“The
Future
of
Cloud
Computing,”
shown
in
FIGURE
20­1.
The
report

includes
opinions
and
insights
as
to
how
the
cloud
will
evolve
over
the
next
10
years.

Quitney
also
heads
Elon
University’s
Imagining
the
In-
ternet
Center,
shown
in
FIGURE
20­2,
where
you
will
find
surveys,
articles,
and
videos
that
look
at
the
Inter-
net’s
past
and
future.
Much
of
the
discussion
provides
insights
into
the
cloud’s
future
as
well.

Finally,
the
Pew
Research
Center’s
Pew
Internet
&
Amer-
ican
Life
Project
provides
surveys
and
articles
on
the
cloud—from
where
it
has
come
to
where
it
is
going.

Exercise
Read
the
predictions
on
the
cloud’s
future.
Ar-
gue
for
one
prediction
and
against
another.

Web
Reference
For
more
information
on
the
predic-
tions
of
the
cloud’s
future,
visit
www.CloudBookCon-
tent.com/Chapter20/index.html.

FIGURE
20­1
“The
Future
of
Cloud
Computing,”
pub-
lished
by
Quitney
and
Rainie,
provides
insights
into
the
evolution
of
cloud
computing.

http://www.cloudbookcontent.com/Chapter20/index.html

FIGURE
20­2
The
Imagining
the
Internet
site
is
filled
with
evaluations
of
the
Internet’s
past
and
predictions
of
its
future.

How
the
Cloud
Will
Change
Operating
Systems

Operating
systems
exist
to
allow
users
to
run
programs
and
store
and
retrieve
data
from
one
user
session
to
the
next.
As
discussed
in
Chapter
8,
Virtualization,
most
server
operating
systems
now
support
and
will
continue
to
support
hypervisors
that
allow
multiple
(and
possibly
different)
operating
systems
to
run
simultaneously.
Vir-
tualized
servers
will
continue
to
play
a
large
role
in
dri-
ving
the
behind-the-scenes
operation
of
the
cloud.

As
also
discussed
in
Chapter
8,
many
organizations
are
going
to
an
operating-system-on-demand
model
for
which
servers
download
a
user’s
operating
system,
ap-
plications,
and
environment
settings
to
any
computer
the
user
logs
in
to.
With
the
advent
of
more
programs
that
run
within
a
browser,
there
may
be
much
less
need
for
powerful
desktop
operating
systems,
such
as
Windows
and
Mac
OS.
If
you
doubt
that
statement,
note
the
rapid
user
adoption
of
smartphones
that
feature
scaled-down
operating
systems
and
applications.

CASE
20-2
HOW
THE
CLOUD
WILL
IMPACT
PLAY-
ERS
SUCH
AS
MICROSOFT

Microsoft
is
heavily
invested
in
all
aspects
of
computing,
including
the
cloud.
Microsoft’s
CEO,
Steve
Ballmer,
has
publicly
stated
that
Microsoft,
like
other
companies,
is

“betting
the
exact
quote
is
betting
our
company
on
the
cloud
company
on
the
cloud.”
Windows
(and
SQL
Azure)
provide
a
platform
as
a
server
(PaaS)
solution
for
.NET
developers,
Office
360
provides
a
powerful
software
as
a
service
(SaaS)
solution,
Microsoft
servers
are
integrating
virtualization
support,
and
the
huge
revenue
generator
that
is
the
Windows
operating
system
faces
risks
from
a
“thin”
and
possibly
downloadable
operating
system.
(A
thin
operating
system
is
one
that
performs
only
the
minimal
tasks
needed
for
a
user
to
run
programs
and
save
and
retrieve
information.)

Accordingly,
Microsoft
has
formed
a
group
named
Cloud
Computing
Futures,
which
focuses
on
scalable
comput-
ing,
data
center
solutions,
and
cloud-based
software
in-
frastructures.
The
cloud,
therefore,
is
not
just
an
industry
changer;
it
is
making
key
players
rethink
their
strategies.

Exercise
Describe
the
cloud’s
potential
biggest
benefit
for
Microsoft
and
the
cloud’s
biggest
threat
to
Microsoft.

Web
Reference
For
more
information
on
the
cloud’s
impact
on
Microsoft’s
future,
visit
www.CloudBookCon-
tent.com/Chapter20/index.html.

Location-Aware
Applications

A
location­aware
application
utilizes
data
from
the
GPS
(global
positioning
system)
capabilities
built
into
mobile
devices
to
integrate
an
individual’s
location
into
the
processing
it
performs.
As
GPS
capabilities
are
built
into
more
devices,
applications
will
begin
to
deliver
more
location-aware
solutions.
For
example,
a
stroll
through
a
mall
may
result
in
coupons
being
pushed
to
your
hand-
held
device.
Grocery
store
aisles
may
become
interactive
zones
with
retailers
able
to
deliver
“bid-based”
coupons
in
real
time
to
influence
your
purchases.

Using
the
cloud
and
location-aware
solutions,
you
will
be
able
to
track
not
only
the
packages
you
ship,
but
also
stolen
cars,
lost
luggage,
misplaced
cell
phones,
missing
pets,
and
more.

CASE
20-3
COUPIOUS
MOBILE
COUPONS

Users
of
computers
and
handheld
devices
are
becoming
on-demand
consumers:
They
want
what
they
want,
when
and
where
they
want
it.
Coupious
Mobile
Coupons
pro-
vides
insights
into
the
future
of
coupon
clipping.
The

http://www.cloudbookcontent.com/Chapter20/index.html

site,
shown
in
FIGURE
20­3,
currently
delivers
on-de-
mand,
location-aware
coupons
to
states
along
the
east
coast
of
the
United
States.

Exercise
Discuss
ways
on-demand
coupons
may
change
how
shoppers
make
purchases.

Web
Resources
For
more
information
on
Coupious
Mobile
Coupons,
visit
www.CloudBookContent.com/Chapter20/index.html.

FIGURE
20­3
Through
sites
such
as
Coupious
Mobile
Coupons,
users
receive
coupons
on
their
smart
devices
from
the
cloud
based
on
their
current
location.

Intelligent
Fabrics,
Paints,
and
More

The
ability
to
connect
devices
to
the
cloud
from
any
place,
at
any
time,
will
open
the
door
to
a
wide
range
of
cutting-edge
applications.
At
the
obvious
end,
devices
that
once
had
to
be
read
by
utility
or
city
employees,
such
as
electric
meters
and
parking
meters,
will
connect
to
the
Web
and
create
a
report.
At
the
cutting
edge,
intelligence
will
be
built
into
the
fabrics
of
our
clothes,
bedding,
and
furniture.
These
intelligent
fabrics
will
provide
a
wide
range
of
services
including
the
following:

•  Automatically
adjust
room
temperature
when
body
temperature
becomes
too
warm
or
too
cold.

•  Notify
rooms
when
we
enter
or
leave
so
that
lights,
music,
and
other
devices
are
automatically
controlled.

http://www.cloudbookcontent.com/Chapter20/index.html

•  Monitor
body
functions
such
as
blood
pressure,
blood
sugar
levels,
stress,
and
more,
and
notify
the
person
and
adjust
the
environment
to
affect
those
functions.

•  Notify
others
when
an
elderly
person
has
fallen.

•  Provide
deterrence
against
mosquitoes
and
other
insects.

FIGURE
20­4
presents
the
Textronics
website,
which
provides
a
wide
range
of
wearable
electronics.

FIGURE
20­4
Through
developments
at
companies
such
as
Textronics,
in
the
near
future
our
clothing
may
interact
with
our
environment
through
the
cloud.

Similarly,
new
paints
being
developed
change
form
based
on
environmental
conditions.
Currently,
paints
can
change
color
on
roads
to
indicate
the
presence
of
ice.
In
the
future,
intelligent
paint
may
report
driving
condi-
tions
back
to
the
cloud.

CASE
20-4
ABOVE
THE
CLOUDS:
A
BERKELEY
VIEW
OF
CLOUD
COMPUTING

Reliable
Adaptive
Distributed
Systems
Laboratory
from
the
University
of
California,
Berkeley,
has
published
a
paper
that
not
only
provides
a
view
of
where
cloud
com-
puting
is
going,
but
also
is
an
excellent
summary
and
overview
of
the
key
cloud-computing
concepts.
The
pa-

per,
as
shown
in
FIGURE
20­5,
is
available
on
the
Web
and
is
a
must-read.
It
addresses
the
following
questions:

FIGURE
20­5
“Above
the
Clouds”
is
a
must-read
for
those
wanting
to
become
cloud
technology
experts.

•  What
is
cloud
computing,
and
how
is
it
different
from
previous
paradigm
shifts
such
as
SaaS?

•  Why
is
cloud
computing
poised
to
take
off
now,
where-
as
previous
attempts
have
foundered?

•  What
does
it
take
to
become
a
cloud
provider,
and
why
would
a
company
consider
becoming
one?

•  What
new
opportunities
does
cloud
computing
drive
or
make
possible?

•  How
might
we
classify
current
cloud
computing
offer-
ings,
and
how
do
the
technical
and
business
challenges
differ
depending
on
where
in
the
spectrum
a
particular
offering
lies?

•  What,
if
any,
are
the
new
economic
models
enabled
by
cloud
computing,
and
how
can
a
service
operator
decide
whether
to
move
to
the
cloud
or
stay
in
a
private
data
center?

•  What
are
the
top
10
obstacles
to
the
success
of
cloud
computing—and
the
corresponding
top
10
opportunities
available
for
overcoming
those
obstacles?

•  What
changes
should
be
made
to
the
design
of
future
application
software,
infrastructure
software,
and
hard-
ware
to
match
the
needs
and
opportunities
of
cloud
computing?

Exercise
Read
the
“Above
the
Clouds”
paper
and
an-
swer
the
questions
listed
above.

Web
Resources
For
more
information
on
“Above
the
Clouds,”
visit
www.CloudBookContent.com/Chapter20/index.html.

The
Future
of
Cloud
TV

As
you
have
learned,
companies
such
as
Hulu
are
chang-
ing
the
way
consumers
watch
TV.
With
greater
band-
width
available
everywhere,
DVDs
will
soon
fall
by
the
wayside.
Not
only
will
TV
viewers
watch
shows
on
de-
mand
in
their
homes,
in
their
cars
(backseats
only,
let’s
hope),
and
on
airplanes,
but
also
a
new
breed
of
projec-
tion
devices
will
make
any
flat
surface
a
TV
screen.
Fur-
thermore,
users
will
be
able
to
interact
with
content,
per-
haps
changing
the
outcome
of
a
story
in
real
time.

CASE
20-5
PREDICTING
CLOUD
TV’S
FUTURE

As
shown
in
FIGURE
20­6,
Cisco’s
Internet
Business
So-
lutions
Group
(IBSG)
has
developed
a
presentation
that
predicts
the
future
of
TV
based
on
cloud-based
delivery.

Exercise
Discuss
how
TV
companies
need
to
change
their
business
models
to
adapt
to
cloud-based
content
delivery.

Web
Resources
For
more
information
on
the
predic-
tions
of
the
cloud’s
impact
on
TV,
visit
www.CloudBook-
Content.com/Chapter20/index.html.

http://www.cloudbookcontent.com/Chapter20/index.html

http://www.cloudbookcontent.com/Chapter20/index.html

FIGURE
20­6
Cisco’s
IBSG
predicts
how
the
cloud
will
change
TV.

Courtesy
of
Cisco
Systems,
Inc.
Unauthorized
use
not
permitted.
www.slideshare.net/

CiscoSystems/future­of­tv­ott­con­ibsgfinal0228.
(ac­
cessed
8/3/11).

CASE
20-6
FUTURE
OF
CLOUD
COMPUTING

CloudTimes
is
a
San
Francisco-based
web
publisher
that
provides
the
latest
news
on
all
aspects
of
cloud
comput-
ing.
Bookmark
and
visit
cloudtimes.org,
shown
in
FIG­
URE
20­7.
Recently,
CloudTimes
published
10
predic-
tions
about
the
future
of
cloud
computing,
which
you
should
consider
and
evaluate.

Exercise
Read
the
10
predictions
by
CloudTimes
about
the
future
of
cloud
computing.
Argue
for
one
prediction
and
argue
against
one
prediction.

Web
Resources
For
more
information
on
the
10
pre-
dictions
on
cloud
computing
by
CloudTimes,
visit
www.-
CloudBookContent.com/Chapter20/index.html.

http://www.slideshare.net/

http://cloudtimes.org/

http://www.cloudbookcontent.com/Chapter20/index.html

FIGURE
20­7
The
10
predictions
about
the
future
of
cloud
computing
by
CloudTimes.

Future
of
Cloud-Based
Smart
Devices

For
years,
futurists
have
forecast
the
day
when
a
refriger-
ator
would
automatically
create
your
grocery
list
and
send
the
list
to
the
store
so
your
essentials
could
be
deliv-
ered.
The
cloud’s
ability
to
provide
Internet
access
and
at
any
time
makes
such
processing
a
reality.
Some
devices
may
initially
be
“intelligent”
with
respect
to
their
ability
to
control
power
consumption,
possibly
avoiding
power
use
during
peak
times
and
costs.

Using
the
cloud
for
communication,
devices
can
coordi-
nate
activities.
For
example,
your
car
may
notify
your
home
automation
system
that
you
are
down
the
block
and
instruct
it
to
light
the
house,
turn
on
your
favorite
music,
and
prompt
the
refrigerator
for
a
list
of
ready-to-
cook
meals.

CASE
20-7
POWER-AWARE
APPLIANCES

Every
household
has
appliances
such
as
a
refrigerators,
water
heaters,
dishwashers,
washers,
dryers,
and
so
on.
If
these
devices
are
replaced
with
smart
appliances—
ones
that
are
“energy
aware”—they
can
control
their
power
demand
during
peak
times
and
in
the
process,
save
the
consumer
money.
The
Pacific
Northwest
Na-
tional
Laboratory
has
created
a
video
that
discusses
such
appliances.

Exercise
Discuss
three
appliances
that
may
benefit
from
power-control
capabilities.

Web
Resources
For
more
information
on
power-aware
appliances,
visit
www.CloudBookContent.com/Chap-
ter20/index.html.

Cloud
and
Mobile

The
cloud
is
going
to
drive
mobile
applications.
No,
wait.
Mobile
applications
will
drive
the
growth
of
the
cloud.
Cloud-based
mobile
applications
are
going
to
experience
explosive
growth!

CASE
20-8
MOBILE
CLOUD:
TOP
FIVE
PREDICTIONS

Cisco
is
a
key
player
in
the
hardware
and
network
tech-
nology
that
drives
the
cloud.
Cisco’s
IBSG
is
a
strategic
consulting
group
that
examines
new
and
emerging
tech-
nologies
that
utilize
the
Web.
The
group
has
developed
five
predictions
about
the
future
of
mobile
cloud
comput-
ing,
“When
Mobile
and
Clouds
Collide.”
You
read
about
these
predictions
in
Chapter
14,
but
here
they
are
again,
shown
in
FIGURE
20­8.

Exercise
Discuss
whether
you
think
the
cloud
will
drive
the
growth
of
mobile
computing
more
than
mobile
com-
puting
will
drive
the
growth
of
the
cloud,
or
vice
versa.

Web
Resources
For
more
information
on
the
predic-
tions
of
the
cloud’s
impact
on
mobile
computing,
visit
www.CloudBookContent.com/Chapter20/index.html.

http://www.cloudbookcontent.com/Chapter20/index.html

http://www.cloudbookcontent.com/Chapter20/index.html

FIGURE
20­8
Five
predictions
about
how
mobile
and
the
cloud
will
drive
each
other,
from
Cisco’s
IBSG.

Courtesy
of
Cisco
Systems,
Inc.
Unauthorized
use
not
permitted.
www.thecloudinfographic.com/mobile­
cloud­top­5­predictions.html.
(accessed
8/3/11).

How
HTML5
Will
Drive
Mobile
Applications

Mobile
applications
are
one
of
the
fastest
growing
IT
market
segments.
Today,
mobile
developers
have
several
choices.
First,
they
can
implement
a
simple
HTML-based
site
that
both
a
computer
and
a
mobile
device
can
dis-
play.
Second,
they
can
build
separate
pages
for
comput-
ers
and
mobile
devices.
Or,
third,
they
may
need
to
im-
plement
a
computer
page,
an
iPhone-specific
page,
and
pages
for
other
devices
such
as
the
Android.

The
primary
problem
facing
developers
is
that
many
computer-based
websites
use
Flash-based
applications,
and
Flash
does
not
work
on
mobile
devices.
As
such,
de-
velopers
cannot
simply
build
a
single
website
that
works
on
all
devices.
Or
rather,
they
could
not
until
the
advent
of
HTML5.

Across
the
Web,
the
content
that
users
view
within
a
browser
must
eventually
become
HTML,
the
hypertext
markup
language.
HTML5
is
the
20th
anniversary
up-
date
release
of
HTML,
which
supports
capabilities
previ-
ously
available
only
through
Flash-based
development.
Using
HTML5,
developers
can
create
multimedia
content

http://www.thecloudinfographic.com/mobile-cloud-top-5-predictions.html

suitable
for
all
devices.
As
a
result,
HTML5
will
further
drive
the
success
of
mobile
applications.

Faster
Time
to
Market
for
Software
Applications

The
cloud
streamlines
many
expensive
and
time-con-
suming
development
steps.
Companies
no
longer
have
to
raise
the
capital
required
to
fund
a
large
data
center.
In-
stead,
they
can
leverage
a
PaaS
solution.
Furthermore,
companies
no
longer
have
to
pay
expensive
upfront
li-
censing
fees
for
various
software
tools
such
as
database
management
systems.
Instead,
they
can
leverage
pay-on-
demand
solutions.
Finally,
companies
no
longer
have
to
guess
their
site’s
adoption
rate
so
that
they
can
provide
the
underlying
computing
resources.
Instead,
they
can
let
their
cloud-based
applications
scale
to
meet
demand.
The
net
result:
Developers
will
release
software
solutions
at
a
faster
pace,
bringing
the
solutions
to
a
market
that
expects
high
functionality
and
demands
lower
cost.

Home-Based
Cloud
Computing

Today,
most
households
have
wireless
network
capabili-
ties
that
allow
family
members
to
connect
to
the
Web
and
access
sites
and
content
they
desire.
With
the
advent
of
smart
devices,
intelligent
fabrics,
and
greater
use
of
radio
frequency
identification
(RFID)
devices,
family
members
will
expect
on-demand
personalized
technolo-
gy
solutions.
When
a
teenager
enters
his
or
her
room,
for
example,
the
music
will
play
louder,
lights
may
dim,
and
the
computer
might
initiate
specific
Skype
connections.
If
a
parent
enters
the
room,
the
volume
will
lower,
lights
will
turn
on,
and
the
Skype
page
might
change
to
an
SAT
prep
application.
In
other
words,
families
will
use
cloud-
based
devices
to
customize
their
environments
and
expe-
riences.
Within
such
an
environment,
families
will
want
to
restrict
processing
to
within
the
home—meaning
that
they
will
not
want
neighbors
to
receive
signals
generated
by
their
devices
and
clothing.
That
implies
the
ability
to
encrypt
a
wide
range
of
signals
within
the
home.
To
that
end,
you
should
expect
to
see
cloud-based,
in-home
de-
vices
that
store
family
files,
maintain
appliance
settings,
download
and
store
movies
and
TV
shows,
and
more.

CHAPTER
SUMMARY

This
book
examines
many
recent
cloud-based
solutions
and
applications.
For
those
who
are
new
to
the
cloud,
many
existing
cloud
solutions
will
seem
quite
cutting
edge.
As
you
have
learned
in
this
chapter,
we
have
just

begun
to
scratch
the
surface
with
respect
to
ways
new
technologies
can
use
the
cloud
to
communicate,
coordi-
nate,
and
develop
applications
that
take
into
account
our
location,
body
feedback,
and
more.
From
mobile-device
applications
to
new
operating
systems
to
an
integration
of
smart
appliances
and
devices,
the
cloud
is
really
just
beginning
to
form.

KEY
TERMS

HTML5

Intelligent
fabrics

Location­aware
application

Smart
appliance

Thin
operating
system

CHAPTER
REVIEW

1.
List
and
describe
five
ways
you
think
the
cloud
will
change
the
future
of
TV.

2.
List
and
describe
five
potential
uses
for
intelligent
fabric.

3.
List
and
describe
five
ways
the
cloud
will
influence
the
mobile
application
market,
or
vice
versa.

4.
Discuss
the
importance
of
HTML5.

5.
Discuss
how
the
cloud
will
impact
future
operating
systems.

6.
List
and
describe
three
potential
location-aware
applications.

7.
List
and
describe
five
ways
intelligent
devices
may
work
together.

GLOSSARY
OF
KEY
TERMS

Amazon
Web
Services
(AWS)
Amazon.com’s
cloud
solution,
which
provides
scalable
hosting
solutions
to
de-
velopers
and
enterprises
for
moving
applications
to
the
cloud.

App
Software
application
that
users
download
and
in-
stall
to
their
phone
to
perform
specific
tasks.

Application
program
interface
(API)
Group
or
li-
brary
of
related
programming
solutions
that
developers
can
use
within
the
programs
they
create.
For
example,
one
API
might
provide
developers
with
prepackaged
code
they
can
use
to
perform
common
Internet
tasks.
Another
might
provide
developers
with
code
they
can
use
to
encrypt
or
decrypt
a
document.

Architecture
Components
that
comprise
a
system,
their
relationships,
and
their
interactions.

Auditing
Process
of
examining
and
verifying
a
financial
record
or
control.

Black
box
Software
component
for
which
developers
can
ignore
how
the
component
performs
its
processing,
knowing
instead
that
the
component
will
produce
correct
results
for
required
inputs.

Blog
Web
log;
users
with
little
or
no
web
development
experience
can
publish
content
in
a
blog.

Bottleneck
Place
within
a
solution
or
system
that
due
to
insufficient
resources,
slows
the
flow
of
system
performance.

Business
continuity
Steps
taken
by
a
business
to
en-
sure
its
continued
operations
in
the
event
of
a
system
failure,
disaster,
or
other
disruptive
event.

Business
strategy
Plans
executed
by
a
company
to
achieve
its
business
goals.

Caching
Items
that
are
used
repeatedly
by
an
applica-
tion
to
improve
system
performance
are
stored
by
using
a
faster
disk
drive
or
faster
RAM.

http://amazon.com/

Capital
expenditures
(CAPEX)
Large
expenditures,
often
for
a
plant,
property,
or
large
equipment
(PPE),
which
have
value
over
a
number
of
years.
As
such,
com-
panies
cannot
write
off
the
expenditures
in
full
during
the
current
year
and
must
instead
use
a
process
called
expense
capitalization,
which
allows
the
company
to
deduct
a
portion
of
the
expense
over
a
number
of
years.

Cloud­based
block
storage
device
Device
that
stores
data
in
raw
(unformatted)
blocks
of
bits,
up
to
a
terabyte.
Usually
it
does
not
provide
a
file
system
to
manage
the
data
stored
within
a
block
or
blocks.

Cloud­based
database
Web-based
database
system
that
scales
to
meet
system
demands,
integrates
automat-
ic
backups,
and
allows
developers
access
from
within
their
programs
through
an
API.

Cloud
bursting
Scaling
of
an
on-site
solution
tem-
porarily
into
the
cloud
to
meet
user
demand,
typically
in
response
to
seasonal
or
event-driven
demand.

Cloud
computing
Abstraction
of
virtualized
web-based
computers,
resources,
and
services
that
support
scalable
IT
solutions.

Cloud
Data
Management
Interface
(CDMI)
Devel-
oping
standard
by
the
Storage
Networking
Industry
As-
sociation
that
defines
how
applications
will
interface
with
cloud-based
storage
devices
behind
the
scenes.

Cloud
file
system
(CFS)
System
that
allows
users
and
applications
to
directly
manipulate
files
that
reside
on
the
cloud.

Cloud
migration
Process
of
moving
one
or
more
ap-
plications
to
the
cloud.

CloudNAS
Trade
name
of
a
particular
cloud-based
NAS
(network-attached
storage)
solution.

Collaboration
Two
or
more
people
working
together
to
achieve
a
goal.

Colocation
Positioning
of
additional
computers
and/or
communications
equipment
at
a
remote
(offsite)
location
for
load
balancing,
redundancy,
or
improved
business
continuity.

Common
Internet
File
System
(CIFS)
A
protocol
that
defines
a
standard
for
remote
file
access
using
a
large
scale
of
computers
at
a
time.

Community
cloud
Cloud
solution
shared
by
two
or
more
organizations,
normally
with
shared
concerns,
such
as
schools
within
a
university.

Corporate
governance
Processes,
policies,
laws,
and
controls
that
affect
the
way
a
company
operates.

Coupling
Degree
of
dependence
between
a
calling
pro-
gram
and
the
web
service.

Customer­relationship
management
(CRM)
Term
used
to
describe
the
various
aspects
of
locating,
recruit-
ing,
managing,
and
growing
a
company’s
customer
base.

Data
integration
Process
of
combining
data
from
two
or
more
solutions.

Data
wiping
Process
performed
by
cloud-based
storage
devices
that
overwrites
(wipes)
a
file’s
contents
when
a
file
is
deleted.
Then,
another
application
that
allocates
the
deleted
file’s
storage
locations
cannot
access
the
deleted
file’s
contents.

Denial­of­service
attack
Hacker
attack
that
attempts
to
consume
resources
on
a
system
in
such
a
way
that
slows
the
system
or
makes
its
resources
unavailable
to
users.

Disaster
recovery
plan
(DRP)
Plan
that
details
the
steps
taken
by
an
organization
to
resume
business
opera-
tions
following
an
event
such
as
a
natural
disaster
or
ter-
rorist
attack.

Economics
Study
of
the
production,
distribution,
and
consumption
of
goods
and
services.

Economies
of
scale
Cost
savings
gained
through
ex-
pansion.
Because
of
its
buying
power
and
ability
to
use
resources
across
multiple
customers,
a
cloud-based
ser-
vice
provider
normally
has
greater
economies
of
scale
than
an
on-site
data
center.

Ecosystem
Environment
that
consists
of
living
and
nonliving
things
with
which
one
interacts.

Federated
identity
management
(FIDM)
Tech-
nologies
and
protocols
that
combine
to
allow
the
ex-
change
of
identity
attributes
across
autonomous
systems.

File
system
Part
of
the
operating
system
that
oversees
file
and
folder
(directory)
access.

Functional
requirements
Requirements
that
specify
tasks
a
system
must
perform.

Google
App
Engine
Development
tools
that
assist
with
the
deployment
of
cloud-based
applications
that
run
within
the
Google
infrastructure.

Green
computing
Environmentally
friendly
IT
opera-
tions,
such
as
reducing
a
device’s
power
demands
when
it
is
inactive.

Grid
computing
Large-scale
use
of
computers
connect-
ed
by
a
network
(the
grid)
to
perform
parallel
processing
on
complex
tasks.

Guest­hopping
attack
Hacker
attack
that
attempts
to
gain
access
to
(hop
onto)
another
guest
operating
system
from
within
a
peer-level
guest
operating
system
running
on
the
same
server.

Guest
operating
system
Operating
system
that
re-
sides
within
a
virtualized
environment.
For
example,
a
virtual
desktop
might
use
Windows
and
Linux
as
guest
operating
systems.

Halon
Chemical
used
in
data-center
fire
suppression
systems,
which
stops
a
fire
by
removing
the
level
of
oxy-
gen
in
the
room.

Horizontal
scaling
Process
of
scaling
out;
that
is,
dis-
tributing
a
system’s
processes
across
multiple
resources.

Hybrid
cloud
Solution
that
comprises
a
combination
of
two
or
more
public,
private,
or
community
clouds.

Hyperjacking
attack
Hacker
attack
that
targets
the
hypervisor
within
a
virtualized
server
or
desktop.

Hypervisor
Software
within
a
virtual
system
that
over-
sees
and
manages
the
virtualization
process.

HTML5
Fifth
release
of
the
hypertext
markup
language,
which
provides
device-independent
support
for
multime-
dia
capabilities
previously
available
through
Flash-based
applications.

iCloud
Apple’s
cloud-based
solution,
which
facilitates
the
exchange
of
music,
photos,
videos,
and
documents.

Identity
(or
identification)
as
a
service
(IDaaS)
Cloud-based
approach
to
managing
user
identities,
in-
cluding
usernames,
passwords,
and
access.
Sometimes
referred
to
as
“identity
management
as
a
service.”

Infrastructure
as
a
service
(IaaS)
Scalable,
cloud-
based
collection
of
server,
data
storage,
and
network
hardware
upon
which
a
company
can
install
and
manage
its
operating
system
and
database
management
software
in
order
to
host
their
applications
within
the
cloud.

Instant
messaging
(IM)
Originally
a
text-based
method
for
users
to
communicate;
today,
IM
supports
text,
audio,
and
video
interaction.

Integrated
development
environment
(IDE)
Soft-
ware
system
for
application
developers
that
provides
a
user
interface
that
allows
access
to
key
software-develop-
ment
activities,
such
as
editing,
compiling,
and
testing.

Intelligent
fabrics
Clothing
that
includes
technology
and
computing
devices
within
the
fabric
that
can
be
used
to
monitor
body
temperature,
blood
pressure,
and
other
vitals.
The
technology
may
be
used
to
broadcast
an
indi-
vidual’s
position
to
location-aware
applications.

Internal
control
Policy
put
in
place
by
a
business
to
provide
confidence
and
assurance
on
the
accuracy
of
the
data
reported
by
the
company.

Interoperability
Measure
of
a
software
component’s
ability
to
support
different
platforms
and
programming
languages.

IT
governance
Processes,
policies,
and
controls
that
affect
the
way
an
IT
staff
operates
to
maximize
a
compa-
ny’s
ROI
and
to
align
its
business
strategy
and
IT
operations.

Key
performance
indicators
Business
ratios
and
re-
sults
measured
and
evaluated
by
a
company
to
under-

stand
the
state
of
the
business
and
its
operations.

Load
testing
Simulation
of
user
demand
on
a
site.

Location­aware
application
Application
that
utilizes
GPS-based
data
to
integrate
an
individual’s
location
into
the
processing
performed
by
the
application,
such
as
lo-
cation-specific
delivery
of
coupons
and
home
environ-
ment
processing.

Loosely
coupled
Ideal
relationship
between
programs
and
the
web
services
they
call
on,
in
which
the
program
need
only
know
the
location
of
the
web
service
(its
URL),
the
name
of
the
functions
(methods)
the
web
service
pro-
vides,
and
parameters
the
program
can
pass
to
the
functions.

Man­in­the­middle
attack
Hacker
attack
that
at-
tempts
to
intercept
messages
between
a
user
and
a
sys-
tem,
insert,
and
then
send
messages
on
behalf
of
the
user
or
the
system.

Mashup
Software
solution
built
from
a
combination
of
two
or
more
other
solutions.

Mean
time
between
failures
(MTBF)
Measure
of
the
estimated
time
a
device
will
operate
without
failing.

Method
Function
that
performs
a
specific
task.

Middleware
Software
that
sits
between
two
ap-
plications
to
facilitate
the
exchange
of
data.

Mobile
cloud
Applications
and
web
pages
that
origi-
nate
from
sites
within
the
cloud
with
which
users
down-
load
or
interact
via
a
mobile
device.

Multitenant
solution
SaaS
or
PaaS
solution
for
which
two
or
more
customers
may
share
computing
resources
simultaneously.
Many
SaaS
solutions
use
a
multi-tenant
architecture.

Network­attached
Storage
(NAS)
Storage
devices
that
can
be
accessed
over
a
computer
network
rather
than
being
directly
connected
to
the
computer.

Network
File
System
(NFS)
A
system
that
allows
di-
rectories
and
files
to
be
shared
with
others
over
a
network.

Nonfunctional
requirements
Requirements
a
sys-
tem
must
meet
to
complete
its
functions,
such
as
perfor-
mance,
response
time,
and
security.

Operational
expenses
(OPEX)
Expenses
that
corre-
spond
to
a
company’s
cost
of
operations.

Packet
sniffing
Process
of
examining
network
packets
that
travel
past
a
system
within
a
wired
network
or
through
the
air
within
a
wireless
network.

Pareto
principle
Rule
of
80/20
that
describes
rela-
tionships
between
two
items,
such
as
80
percent
of
a
company’s
sales
are
generated
by
20
percent
of
its
customers.

Performance
tuning
Process
of
modifying
different
aspects
of
a
system
or
the
supporting
hardware
to
im-
prove
system
performance.

Platform
Combination
of
hardware
and
software
re-
sources
that
yields
a
run-time
environment,
such
as
a
Windows-
or
Linux-based
environment.

Platform
as
a
service
(PaaS)
Software
and
hardware
that
provides
an
operating
system
(such
as
Windows
or
Linux)
upon
which
developers
can
create
and
deploy
so-
lutions,
without
the
need
to
administer
the
underlying
system
software.
Examples
include
the
Google
App
En-
gine
and
Microsoft
Azure.

Point
of
diminishing
returns
Point
at
which
adding
resources
fails
to
change
a
system’s
performance
or
output.

Portability
Measure
of
a
system’s
ease
of
moving
from
one
platform
to
another.

Predictive
analytics
Tools
that
perform
statistical
analysis
in
order
to
predict
future
behavior.

Private
cloud
Solution
in
which
the
underlying
hard-
ware
and
software
is
owned
by
a
specific
entity
(compa-
ny)
for
use
by
the
entity
and
its
customer.

Profit
margin
Measure
of
a
company’s
profitability
and
effectiveness,
calculated
by
dividing
a
company’s
net
in-
come
by
its
revenues.

Provisioning
Process
of
creating
a
user
account
on
a
system;
removing
the
account
is
called
deprovisioning.

Proxy
Person
or
entity
that
performs
a
task
on
behalf
of
another.
Within
the
mobile
web,
proxies
may
perform
a
server-based
interaction
on
behalf
of
a
mobile
user
to
provide
a
layer
of
security
between
the
server
and
device.

Public
cloud
Solution
available
to
the
general
public,
such
as
Google
Docs.

Redundancy
A
system
design
that
duplicates
compo-
nents
to
provide
alternatives
in
case
one
component
fails.

Redundant
array
of
independent
(or
inexpen­
sive)
disks
(RAID)
Collection
of
disk
drives
across
which
a
file
system
stores
information
about
a
file,
as
well
as
recovery
information
the
system
can
use
to
recov-
er
the
file
should
one
or
more
of
the
disk
drives
fail.

Reliability
Measure
of
a
system’s
ability
to
process
without
errors
or
failure.

Return
on
investment
(ROI)
Business
analysis
ratio
that
lets
a
company
compare
the
potential
return
of
two
or
more
investments,
calculated
by
taking
the
revenue
(or
savings)
divided
by
the
cost
of
the
investment.

Right­sizing
Process
of
aligning
computing
resources
(e.g.,
processors,
servers,
and
disk
capacity)
with
user
demand.
Because
cloud-based
providers
can
scale
up
or
down
quickly,
based
on
user
demand,
they
make
it
easier
for
companies
to
right-size
resources.

Robust
Ability
to
function
in
the
event
of
errors,
such
as
a
server
failure.

Scalability
Ability
to
increase
or
decrease
resource
use
(such
as
servers
or
data
storage)
on
demand,
as
process-
ing
needs
require.
Scalable
applications
can
scale
up
(in-
crease)
resources
when
there
is
high
user
demand
and
scale
down
(decrease)
resources
when
there
is
low
demand.

Security
Assertion
Markup
Language
(SAML)
Language
that
applications
use
to
package
a
user’s
secu-
rity
credentials.

Service­level
agreement
(SLA)
Clause
within
a
ser-
vice
provider’s
contract
that
specifies
the
level
of
service
(such
as
system
uptime
or
MTBF).

Service­oriented
architecture
(SOA)
System
design
upon
which
the
solution
is
described
in
terms
of
one
or
more
services,
usually
distributed
on
the
Web.

Single
sign­on
(SSO)
Process
that
allows
a
user
to
log
into
a
central
authority
and
then
access
other
sites
and
services
for
which
he
or
she
has
credentials.

Smart
appliance
Appliance
such
as
a
refrigerator
or
washing
machine
that
integrates
technology
to
perform
specific
tasks
such
as
reducing
energy
demands
during
peak
load
times
or
performing
inventory
analysis
of
groceries.

Software
as
a
service
(SaaS)
Web-based
software
so-
lution
that
users
access
through
a
web
browser.

Software
development
kit
(SDK)
Collection
of
APIs
that
developers
can
integrate
into
programs
to
use
a
spe-
cific
device,
platform,
or
operating
system.

SQL­injection
attack
Hacker
attack
that
attempts
to
insert
SQL
queries
into
one
or
more
fields
of
a
web-based
form.
Depending
upon
how
the
server
processes
the
form’s
data,
the
SQL
commands
may
be
inadvertently
executed.

Storage
area
network
(SAN)
Network
that
combines
hardware
and
software
to
make
storage
devices,
which
may
reside
anywhere
within
a
network,
appear
to
be
local.

Streaming
media
Retrieval
of
media,
such
as
audio
or
video,
often
within
a
web
browser,
that
does
not
require
a
complete
download
of
the
media
file
before
the
play-
back
can
begin.

System
requirements
Functional
tasks
and
nonfunc-
tional
operations
that
a
system
must
perform.

Thin
operating
system
System
that
performs
only
the
minimal
tasks
needed
for
a
user
to
run
programs
and
save
and
retrieve
information.

Total
cost
of
ownership
(TCO)
Total
direct
and
indi-
rect
costs,
including
both
capital
and
operating
expenses,
of
owning
a
particular
piece
of
equipment
or
other
capi-
tal
good.
It
is
an
important
metric
for
organizations
try-
ing
to
decide
whether
to
invest
in
their
own
data
centers
or
move
to
the
cloud.

Transcoder
Server
that
analyzes
and
possibly
changes
content
destined
to
user
devices.

Uninterruptible
power
supply
(UPS)
Battery
back-
up
system
that
typically
provides
10
to
15
minutes
of
power
to
devices
in
the
event
of
a
power
failure,
so
that
users
can
save
files
and
shut
down
the
systems
in
an
or-
derly
way.

Usability
Measure
of
a
system’s
ease
of
use.

User­experience
testing
Software
test
that
attempts
to
simulate
and
evaluate
user
experience
with
the
site,
possibly
including
slower
Internet
bandwidth,
an
older
browser,
or
a
slower
computer.

Vendor
lock­in
Situation
when
it
is
difficult
or
impos-
sible
for
a
company
to
change
a
vendor
because
of
the
vendor’s
inability
to
export
data
or
a
unique
service
pro-
vided
by
the
vendor,
upon
which
the
company
relies.

Vertical
scaling
Process
of
scaling
up;
for
example,
moving
a
system
to
a
faster
disk
drive,
adding
faster
RAM,
or
using
a
faster
disk
drive
to
improve
a
system’s
performance.

Virtual
desktop
Desktop
computer
that
runs
two
or
more
operating
systems
that
users
can
quickly
switch
back
and
forth.
A
virtual
desktop
is
well
suited
for
devel-
opers,
testers,
and
help-desk
support
staff
who
must
ser-
vice
multiple
operating
systems.

Virtualization
Hardware
and/or
software
used
to
cre-
ate
a
perception.
For
example,
with
virtual
desktop
soft-
ware,
a
user
running
an
Intel-based
computer
may
be
able
to
run
multiple
operating
systems
simultaneously.
Similarly,
using
server
virtualization,
a
single
server
may
appear
to
be
running
multiple
(different)
server
operat-
ing
systems
simultaneously,
as
if
the
server
had
multiple
processors.

Virtual
meeting
Online
meeting
between
two
or
more
users.
Using
streaming
video,
users
can
achieve
a
face-
to-face
experience.
Most
virtual
meeting
platforms
allow
document
sharing,
whiteboard
content
presentation,
and
application
sharing.

Virtual
presentation
Cloud-based
presentation
that
users
can
retrieve
and
watch
asynchronously
at
a
time
and
from
a
place
that
best
suits
the
users’
needs.
Virtual
presentations
often
combine
a
PowerPoint
presentation
with
video
or
audio.

Virtual
private
network
(VPN)
Hardware
and/or
software
used
to
establish
a
secure
connection
to
a
local-
area
network
across
the
Internet
from
a
remote
location.
The
remote
user
can,
in
turn,
access
network
resources
as
if
a
physical
connection
to
the
local-area
network
existed.

Virtual
server
Server
that
runs
two
or
more
operating
systems
simultaneously.
The
operating
systems
may
be
the
same,
or
they
may
be
different,
such
as
Windows
and
Linux.
Many
companies
use
server
virtualization
to
con-
solidate
servers
and
drive
server
CPU
utilization.

Virus
Program
written
by
malicious
programmers
with
the
goal
of
damaging
a
target
computer
or
disrupting
the
computer’s
normal
operations.

Voice
over
Internet
Protocol
(VoIP)
Technology
that
allows
users
to
place
phone
calls
over
the
Internet.

Web
2.0
Tools
and
websites
that
allow
users
to
publish
content
(videos,
blogs,
tweets,
and
social
media
posts)
without
having
to
understand
the
web
development
process.

Web
Service
Description
Language
(WSDL)
Lan-
guage
used
to
describe
a
web
service,
its
methods,
and
their
parameters.

Web
services
Web-based
software
modules
that
pro-
grams
can
call
via
the
Internet
to
perform
specific
tasks.

Widget
Application
that,
once
downloaded
and
installed
on
a
device,
remains
active
(constantly
runs),
possibly
updating
its
icon
or
display
with
context-
or
location-
sensitive
content.

Wiki
Tool
for
online
collaborative
document
editing.
The
largest
and
most
popular
Wiki
is
the
Wikipedia
on-
line
encyclopedia.

Windows
Azure
Microsoft
platform
that
developers
can
use
to
move
their
applications
to
the
cloud.

Yahoo!
Pipes
Tool
that
lets
developers
create
mashups
by
joining
(piping)
the
output
of
one
data
source
into
an-
other
data
source,
filter,
or
display
tool
without
having
to
write
program
code.

Index

The
index
that
appeared
in
the
print
version
of
this
title
was
intentionally
removed
from
the
eBook.
Please
use
the
search
function
on
your
eReading
device
to
search
for
terms
of
interest.
For
your
reference,
the
terms
that
appear
in
the
print
index
are
listed
below.

A

Accessibility,
designing
for

Accounting
solutions

Account
management

Account
provisioning

ADP,
SaaS
solution

Alberta
Website
Monitoring

Amazon
Elastic
Compute
Cloud
(Amazon
EC2)

Amazon
Relational
Database
Service
(RDS)

Amazon
SimpleDB

Amazon
Simple
Storage
Service
(S3)

Amazon
Web
Services
(AWS)

Antivirus
software

Apache
Hadoop
Distributed
File
System

API
(application
program
interface)

Apica,
load
performance
testing

App,
defined

Appforce,
PaaS
solution

Apple
iCloud

Application
characteristics

Application
management

Application
program
interface
(API)

Application
virtualization
(App-V)

Microsoft

Architecture

Auditing.
See
also
specific
applications

Audit
logs

Authentication

Authorization

Availability,
designing
for

Azure,
Windows
PaaS
solution

B

Backups

audit
systems

designing
for

functions
of

product
solutions

Berkeley
Open
Infrastructure
for
Network
Computing
(BOINC)

Berkeley
view
of
cloud
computing

Biometric
voice
recognition

Black
box

Blade
servers

Block
storage

Blogs
(web
logs)

Bottleneck,
defined

BoxCryptor,
file
encryption

Browsers

Budget
factors

Business
continuity.
See
also
Security

defined

disaster
recovery
plan

overview

risk
mitigation

service-level
agreements

threats.
See
Threats

Business
impact
and
economics

concepts

data
centers

managing
the
cloud

marketing

Moore’s
Law

overview

performance
indicators

right-sizing

Business
strategy

C

Cache-utilization

Caching

CADF
(Cloud
Auditing
Data
Federation)

Calendar
management

Capability
Maturity
Model
(CMM)

Capacity
planning

Capital
expenditures
(CAPEX)

Carbon
footprint
reduction

Carbonite,
SaaS
solution

CA
Technologies

CDMI
(Cloud
Data
Management
Interface)

Cell
phones

Certificate
of
Cloud
Security
Knowledge

CFS
(cloud
file
system)

CIFS
(Common
Internet
File
System)

Cisco,
IBSG
presentation

CloudAudit/A6
working
group

Cloud
Auditing
Data
Federation
(CADF)

Cloud-based
block
storage
devices

Cloud-based
NAS
devices

Cloud
bursting

Cloud
computing

defined

governance.
See
Governance
issues

grid
computing

scalability.
See
Scalability

types
of

uses
of

virtualization.
See
Virtualization

Cloud
consultants

Cloud
Data
Management
Interface
(CDMI)

Cloud
Files,
rackspace
storage
service

Cloud
file
system
(CFS)

Cloud
Management
Work
Group
(CMWG)

Cloud
migration.
See
Migrating
to
cloud

CloudNAS

Cloud
Security
Alliance
(CSA)

Cloud
service
models

Cloud
Standards
Customer
Council
(CSCC)

Cloud
Standards
Wiki

CloudSwitch,
migration
program

CloudTimes,
publishing

CMM
(Capability
Maturity
Model)

CMWG
(Cloud
Management
Work
Group)

COBIT
(Control
Objectives
for
Information
and
Related
Technology)

Coding

complexity
of

function
codes

Google
App
Engine

overview

source-code
escrow
agreements

transcoders

Windows
Azure

Yahoo!
Pipes

Collaboration

calendar
management

file
sharing

instant
messaging

meetings

overview

phone
and
fax
systems

presentations
and
lectures

social
media

streaming
media
and
video

tools

web-based

web
logs

Colocation

Committee
of
Sponsoring
Organizations
(COSO)

Common
Internet
File
System
(CIFS)

Community
cloud

Computer
Associates

Computer
viruses

Configuration
management

Control
Objectives
for
Information
and
Related
Technol-
ogy
(COBIT)

Corporate
Auditing,
Accountability,
and
Responsibility
Act
(2002)

Corporate
governance.
See
also
Governance
issues

COSO
(Committee
of
Sponsoring
Organizations)

Coupious
Mobile
Coupons

Coupling

CSA
(Cloud
Security
Alliance)

CSCC
(Cloud
Standards
Customer
Council)

Customer
relationship
management
(CRM)

D

Database.com

Database
operations

Database
service

Database
solutions

Database
system
failures

Data
centers

Data
flow

Data
logging
requirements

Data
protection

Data
redundancy

Data
Security
Standards
(DSS)

Data
storage

http://database.com/

backup
systems.
See
Backups

block
storage

cloud-based
systems

database
solutions

file
systems

industry-specific

network
storage

off-site
solutions

overview

virtualization

Data
wiping

DDos
(Distributed
Denial-of-service)
attacks

Dedicated
virtual
servers

Denial-of-service
attacks

Deployment
of
applications

Designing
solutions

development
environment

overview

process

scalability

system
requirements

Desktop
failures

Desktop
virtualization

Development
environment

Development
for
mobile
applications

Development
kits,
software

Development
models,
See
also
Coding

Device
screens

Diminishing
returns

Disaster
recovery
plan
(DRP).
See
also
Security

Disgruntled
employees

Disk
failures

Distributed
Denial-of-service
(DDos)
attacks

Distributed
Management
Task
Force,
Inc.
(DMTF)

Document
management

Document
sharing

Domain
type
for
mobile
apps

Dropbox,
file
sharing
and
synchronization

DRP
(disaster
recovery
plan).
See
also
Security

DSS
(Data
Security
Standards)

E

Economics,
defined.
See
also
Business
impact
and
economics

Economies
of
scale

Ecosystem

EC2
(Amazon
Elastic
Compute
Cloud)

80/20
rule
(Pareto
principle)

Embotics,
cloud
and
virtualization
management
tools

Employees,
disgruntled
or
malicious

Encryption

Energy-aware
appliances

Enterprise
Desktop
Virtualization
(MED-V),
Microsoft

Enterprise
Markup
Mashup
Language
(EMML)

Enterprise
resource
planning
(ERP)

Environmental
concerns

Equipment
losses

ESXi,
virtual-server
environment

European
Network
and
Information
Security
Agency
(ENISA)

Exchange
Online,
Microsoft

F

Facebook

Fax
systems

Federated
identity
management
(FIDM)

File
access
solutions

File
backups.
See
Backups

File
encryption

File
sharing

File
systems

Fire
threats

Flood
threats

Force.com,
PaaS
solution

Functional
requirements

Function
codes

http://force.com/

Future
of
cloud
computing

Berkeley
view
of

home-based
applications

intelligent
fabrics

location-aware
applications

mobile
applications

operating
systems

overview

smart
devices

television

time
to
market
and

G

GAE
(Google
App
Engine)

Ganglia
Monitoring
System

Generation
designations
of
cell
phone
technology

Gladinet,
mounting
device

Global
positioning
system
(GPS)

Gmail

Goals
and
requirements
of
system

GoGrid,
hosting
provider

Gomez
Web
Performance
Benchmarks

Google
+
(social
networking)

Google
App
Engine
(GAE)

Google
Calendar

Google
cloud-based
solutions

Google
Docs

Google
voice
phone
system

GoToMeeting

Governance
issues

cloud
computing
and

corporate
environment
and

information
technology
and

overview

web
services
and

GPS
(global
positioning
system)

Graphic-intensive
applications

Green
computing

Grid
computing

Guest-hopping
attacks

Guest
operating
system

H

Hadoop
Distributed
File
System
(HDFS)

Halon
systems

Hardware
requirements
and
virtualization

Healthcare
medical
records
systems

HealthVault,
Microsoft

Help
desk
procedures
and
solutions

Home-based
cloud
computing

HomePipe,
remote
file
access

Horizontal
scaling

Hosting
systems

HTML5

Hula,
streaming
content

Human
resources
management

Hybrid
cloud

Hyperjacking
attacks

Hypervisor

Hypervisor
attacks

Hyper-V
technology,
Microsoft

I

IaaS.
See
Infrastructure
as
a
Service

IBSG
(Internet
Business
Solutions
Group)

iCloud,
Apple

IDE
(integrated
development
environment)

Identity
as
a
Service
(IDaaS)

mobile
ID
management

OpenID

overview

single-sign-on

Identity
management

Identity
theft

IM
(instant
messaging)

Imagining
the
Internet
Center

Industry-specific
data
storage

Information
Systems
Audit
Control
Association
(ISACA)

Information
technology

Infrastructure
as
a
Service
(IaaS)

advantages
of

characteristics

cloud-based
NAS
devices

load-balancing

overview

redundancy

server
types

Instant
messaging
(IM)

Integrated
development
environment
(IDE)

Intelligent
fabrics

Internal
controls

Internet
Business
Solutions
Group
(IBSG)

Internet
service
providers
(ISPs)

Interoperability

Iron
Mountain,
off-site
tape
vaulting

ISACA
(Information
Systems
Audit
Control
Association)

ISPs
(Internet
service
providers)

ISVforce,
PaaS
solution

IT
Governance
Institute
(ITGI)

iTunes

J

Jitterbit,
cloud
integration
solutions

K

Kayako,
help
desk
solutions

Keynote
Cloud
Monitoring

Key
performance
indicators

L

Languages

EMML

HTML5

SAML

WSDL

Layered
Tech,
IaaS
solution

Load-balancing

Load
testing

Local-area
networks
(LANs)

Location-aware
applications

LongJump,
PaaS
solution

Loosely
coupled

M

Mainframe
computers

Maintainability

Malicious
employees,
security
and

Managing
the
cloud

audit-log
use

backups.
See
Backups

capacity
planning

data
flow

economics
of

help
desk
procedures
and
solutions

overview

return
on
investment

scaling
capabilities

security
policies
and
procedures

service-level
agreements

solution
testing
and
validation

technical
support

training
procedures

vendor
lock-in

Man-in-the-middle
attacks

Marketing

Markup
languages

Mashups

McAfee
Security,
as
a
Service

Mean
time
between
failure
(MTBF)

Media
presentations

MED-V
(Enterprise
Desktop
Virtualization),
Microsoft

Meetings

Memory

Methods
(remote-procedure
calls)

Microsoft,
impact
of
cloud
computing

Microsoft
desktop
virtualization
tools

Microsoft
Exchange
Online

Microsoft
HealthVault

Microsoft
Hyper-V
technology

Microsoft
Office

Microsoft
Office
Web
Apps

Microsoft
SharePoint

Microsoft
SkyDrive

Microsoft
VDI
suite

Middleware

Migrating
to
cloud

application
characteristics

budget
factors

cloud
bursting

cloud
consultants

data
protection

deployment.
See
Deployment
of
applications

goals
and
requirements

governance
issues

overview

training
requirements

vendor
lock-in

Mobi
domain
name

Mobile
cloud,
defined

Mobile
computing

development
considerations

ecosystem
of

evolution
of

future
of

HTML5
and

overview

players
in

Mobile
ID
management

mobiReady,
page
checker
application

Monitoring

audit-log
use

capacity
and
scaling

device
screens

performance

systems
for

Moore’s
Law

Mounting
devices

Mozy,
backup
system

MTBF
(mean
time
between
failure)

Multitenant
solutions

MyFax

N

National
Institute
of
Standards
and
Technology
(NIST)

NetSuite,
PaaS
solution

Netuitive,
predictive
analytics
tools

Network-attached
storage
(NAS)

Network
failures

Network
File
System
(NFS)

Network
storage

Network
virtualization

New
Relic,
cloud-performance
monitoring

Nirvanix,
IaaS
solution

Nonfunctional
requirements

O

Object
Management
Group
(OMG)

Office,
Microsoft

Office
Web
Apps,
Microsoft

Off-site
storage
solutions

On-demand
desktop
solutions

Online
schools,
SaaS
solutions

OpenID

OpenSaaS
solutions

OpenShift,
PaaS
solution

Open
source
browser

OpenStack

Operating
systems,
future
of

Operational
expenses
(OPEX)

Optimization

Oracle
Cloud
File
System

Organization
for
Economic
Cooperation
and
Develop-
ment
(OECD)

P

PaaS.
See
Platform
as
a
Service

Pacific
Northwest
National
Laboratory

Packet
sniffing

Page
checker
applications

Paging
and
page
files

Parallels
Desktop
4
for
Windows
and
Linux

Pareto
principle

PasswordBank,
IDaaS
solution

Payment
Card
Industry
(PCI)-compliant
hosting
system

Payroll
processing

PC-based
servers

Performance,
designing
for

Performance
benchmarks

Performance
indicators
(business)

Performance
monitoring

Performance
of
web
services

Performance
testing

Performance
tuning

Phishing

Phone
systems

Physical
security

Physical
servers

Pingdom
Website
Monitoring

Ping
Identity,
IDaaS
solution

Platform,
defined

Platform
as
a
Service
(PaaS)

benefits
of

characteristics

disadvantages
of

Google
App
Engine

IT
evolution
leading
to

overview

Point
of
diminishing
returns

Portability

Power-aware
appliances

Power
failures
or
disruptions

Predictive
analytics

Presentations
and
lectures

Privacy
requirements

Private
cloud

Profit
margin

Provisioning

Proxy
servers

Public
cloud

Public
Company
Accounting
Reform
and
Investor
Pro-
tection
Act
(2002)

R

Rackspace,
IaaS
solution

Recovery,
designing
for

Red
Hat,
PaaS
solution

Redundancy

Redundant
array
of
independent
(or
inexpensive)
disks
(RAID)

Relational
Database
Service
(RDS),
Amazon

Reliability

Reliable
Adaptive
Distributed
Systems
Laboratory

Remote
Desktop
Services
(RDS),
Microsoft

Remote
file
access

Remote-procedure
calls
(methods)

Response
time

Return
on
investment
(ROI)

RightScale,
application
management

Right-sizing

RingCentral,
cloud-based
phone
system

Risk
mitigation.
See
also
Threats

Robustness

S

SaaS.
See
Software
as
a
Service

Salesforce.com

SAML
(Security
Assertion
Markup
Language)

SANs
(storage-area
networks)

Sarbanes-Oxley
Act
(2002)

Scalability

capacity
planning
vs.

complex
coding
and

defined

designing
for

diminishing
returns
and

load-balancing

monitoring

overview

Pareto
principle

performance
tuning

web
services
and

SDK
(software
development
kit)

Security

advantages

data
storage
wiping

denial-of-service
attacks

http://salesforce.com/

designing
for

disadvantages

guest-hopping
attacks

hypervisor
attacks

malicious
employees
and

man-in-the-middle
attacks

monitoring
device
screens

packet
sniffing

physical
security

policies
and
procedures

product
solutions

SQL-injection
attacks

Security
Assertion
Markup
Language
(SAML)

Servers.
See
also
Load-balancing

blade
servers

failure
of

infrastructure
as

PC-based

physical
servers

proxy
servers

virtualization

virtual
servers

Service-level
agreements
(SLAs)

Service-oriented
architecture
(SOA).
See
also
Web
services

Shared
virtual
servers

SharePoint,
Microsoft

SinglePoint,
PaaS
solution

Single-sign-on
(SSO)

Site
evaluation
systems

Siteforce,
PaaS
solution

Site
optimization

Site
Secure
Net
|
The
Planet

SkyDrive,
Microsoft

Skype

in
home-based
cloud
computing

VoIP
messaging

SLAs
(service-level
agreements)

Smart
appliances

Smart
devices

SNIA
(Storage
Networking
Industry
Association)

SOA.
See
Service-oriented
architecture

Social
media

Social
networking

Software
as
a
Service
(SaaS)

characteristics

multitenant
nature
of

OpenSaaS
solutions

overview

service-oriented
architecture

social
networking

Software
development
kit
(SDK)

Solution
testing
and
validation

Source-code
escrow
agreements

SQL
Azure

SQL-injection
attacks

SSO
(single-sign-on)

Standards
organizations

S3
(Amazon
Simple
Storage
Service)

Storage-area
networks
(SANs)

Storage
Networking
Industry
Association
(SNIA)

Storage
redundancy

Storage
solutions.
See
Data
storage

Storage
vMotion,
VMware

Strangeloop,
site-optimizing
solution

Streaming
media
and
video

Symplified
Access
Manager

Symplified
IDaaS
solution

Symplified
Identity
Manager

System
redundancy

System
requirements

T

Taleo,
cloud-based
talent
management
system

Tape
vaulting

TCO
(total
cost
of
ownership)

Technical
support

Television

future
applications

streaming
content

Testing

Textronics

Thin
operating
system

Threats.
See
also
Security

computer
viruses

database
system
failures

desktop
failures

disgruntled
employees

disk
failures

equipment
loss

fire

floods

network
failures

overview

phone
system
failures

power
failures
or
disruptions

server
failures

3Tera,
cloud
solutions

Total
cost
of
ownership
(TCO)

Training

Transcoders

Treadway
Commission

Twitter,
described

U

Uninterruptible
power
supply
(UPS)

Universal
Description,
Discovery,
and
Integration
(UDDI)

University
of
California,
Berkeley

Uptime,
monitoring
software

Usability

User
State
Virtualization
(USV),
Microsoft

V

Validation
testing

VDI
(Virtual
Desktop
Infrastructure),
Microsoft
suite

Vendor
lock-in

Vertical
scaling

Video
presentations

Virtual
desktop

Virtual
Desktop
Infrastructure
(VDI),
Microsoft
suite

Virtualization

characteristics

data
storage

desktops

hardware
requirements
and

history
of

management
tools

networks

overview

servers

Virtual
meetings

Virtual
memory

Virtual
presentations

Virtual
private
network
(VPN)

Virtual-server
environment

Virtual
servers

Viruses

antivirus
software

VMforce,
PaaS
solution

VMware
ESXi,
virtual-server
environment

VMware
Storage
vMotion

Voice
over
Internet
protocol
(VoIP)

VoicePay,
mobile
authentication

VPN
(virtual
private
network)

W

W3C
(World
Wide
Web
Consortium)
guidelines

W3C
Mobile
Checker

Web
2.0

Web
Apps,
Microsoft
Office

Web-based
collaboration

WebEx,
SaaS
solution

WebKit,
open
source
browser

Web
logs
(blogs)

WebPagetest,
site
evaluation
system

Web
Service
Description
Language
(WSDL)

Web
services

Amazon
and

as
black
box

coupling
and

governance
and

interoperability

overview

performance

reuse
and

scaling

SOA
and

Widget,
defined

Wiki,
described

Wikia,
wiki
hosting

Wikipedia

Windows
Azure

coding
applications

PaaS
solution

Windows
Thin
computer

Windows
VPN
support

WordPress

World
Wide
Web
Consortium
(W3C)
guidelines

WSDL
(Web
Service
Description
Language)

X

XMethods

Y

Yahoo!
Pipes

YouTube

Z

Zentation,
virtual
presentations

ZumoDrive,
cloud-based
storage

Credits

Chapter
2

2­5
Courtesy
of
Carbonite,
Inc.;
2­11
Courtesy
of
X-
Methods.

Chapter
5

5­4
Courtesy
of
OpenID
Foundation.

Chapter
6

6­8
Courtesy
of
Dropbox;
6­12A­B
Courtesy
of
Dropbox.

Chapter
7

7­3
Courtesy
of
Microsoft;
7­4
Courtesy
of
Microsoft;
7­
5
Courtesy
of
Skype,
Inc.;
7­17
©
copyright
salesforce.-
com,
inc.
Used
with
permission.

Chapter
8

8­3
Copyright
©
UC
Regents,
University
of
California,
Berkeley.

Chapter
9

9­10
Courtesy
of
Cloud
Security
Alliance;
9­11
Courtesy
of
ENISA.

Chapter
10

10­9
Courtesy
of
RingCentral,
Inc.

Chapter
11

11­3
Courtesy
of
XMethods.

Chapter
12

12­1
Courtesy
of
Apica;
12­2
Courtesy
of
Distributed
Management
Task
Force,
Inc.;
12­7
Courtesy
of
strange-
loop;
12­8
Courtesy
of
strangeloop;
12­9
Courtesy
of
Uptime
Software.

http://salesforce.com/

Chapter
13

13­3
Courtesy
of
Kayako,
Inc.;
13­4
Courtesy
of
RightScale.

Chapter
14

14­8
Courtesy
of
mobiReady;
14­9
Courtesy
of
mobiReady.

Chapter
15

15­4
Courtesy
of
COSO;
15­7
Courtesy
of
IT
Governance
Institute.

Chapter
17

17­1
Courtesy
of
VoicePay.

Chapter
18

18­2–18­13
Reproduced
with
permission
of
Yahoo!
Inc.
©
2012
Yahoo!
Inc.
YAHOO!
and
the
YAHOO!
logo
are
registered
trademarks
and
PIPES
is
a
trademark
of
Ya-
hoo!
Inc.;
18­20A
Used
with
permission
from
Microsoft;
18­20B
Used
with
permission
from
Microsoft.

Chapter
19

19­4
Courtesy
of
WebPageTest;
19­6
Courtesy
of
Pingdom.

Chapter
20

20­1
Courtesy
of
Pew
Research
Center.

Unless
otherwise
indicated,
all
photographs
and
illustra-
tions
are
under
copyright
of
Jones
&
Bartlett
Learning,
or
have
been
provided
by
the
author(s).

Title

Copyright

Dedication

Brief Contents

Contents

Preface

Chapter 1 Introducing Cloud Computing

Web 2.0 and the Cloud

Distinguishing Cloud Types

Cloud Deployment Models

Cloud Service Models

Exploring Uses of the Cloud

Introducing Scalability

Introducing Virtualization

Collecting Processing Power Through Grid Computing

Chapter Summary

Key Terms

Chapter Review

Chapter 2 Software as a Service (SaaS)

Getting Started with SaaS

Understanding the Multitenant Nature of SaaS Solutions

Understanding OpenSaaS Solutions

Understanding Mashups

Understanding Service-Oriented Architecture (SOA)

Chapter Summary

Key Terms

Chapter Review

Chapter 3 Platform as a Service (PaaS)

IT Evolution Leading to the Cloud

Benefits of PaaS Solutions

Disadvantages of PaaS Solutions

Chapter Summary

Key Terms

Chapter Review

Chapter 4 Infrastructure as a Service (IaaS)

Understanding IaaS

Improving Performance Through Load Balancing

Taking a Closer Look at Load Balancing

System and Storage Redundancy

Utilizing Cloud-Based NAS Devices

Advantages of IaaS Solutions

Server Types Within an IaaS Solution

Chapter Summary

Key Terms

Chapter Review

Chapter 5 Identity as a Service (IDaaS)

Understanding Single Sign-On (SSO)

Understanding How SSO Works

Understanding Federated Identity Management

Understanding Account Provisioning

Understanding OpenID

Mobile ID Management

Chapter Summary

Key Terms

Chapter Review

Chapter 6 Data Storage in the Cloud

Examining the Evolution of Network Storage

Understanding Cloud-Based Data Storage

Advantages and Disadvantages of Cloud-Based Data Storage

Getting Past the Fear of Cloud-Based Data

Cloud-Based Backup Systems

Understanding File Systems

Industry-Specific Cloud-Based Data Storage

Cloud-Based Database Solutions

Cloud-Based Block Storage

Chapter Summary

Key Terms

Chapter Review

Chapter 7 Collaboration in the Cloud

Collaborating in the Clouds

Questions to Ask About Collaborative Tools

Web-Based Collaboration Began with Web Mail

Instant Messaging Isn’t What It Used to Be

Cloud-Based Phone and Fax Systems

Revisiting File Sharing

Editing Shared Files Within the Cloud

Collaborating via Web Logs (Blogs)

Collaborative Meetings in the Cloud

Virtual Presentations and Lectures

Using Social Media for Collaboration

Using Cloud-Based Calendar Management

Using Streaming Video Content to Collaborate

Cloud-Based TV Content

Chapter Summary

Key Terms

Chapter Review

Chapter 8 Virtualization

Understanding Virtualization

The History of Virtualization

Leveraging Blade Servers

Server Virtualization

Desktop Virtualization

Desktop Solutions on Demand

Virtual Networks

Data Storage Virtualization

Not All Applications Are Well Suited for Virtualization

Why Virtualize?

Chapter Summary

Key Terms

Chapter Review

Chapter 9 Securing the Cloud

General Security Advantages of Cloud-Based Solutions

Introducing Business Continuity and Disaster Recovery

Understanding Data Storage Wiping

Understanding Distributed Denial-of-Service (DDoS) Attacks

Packet Sniffing

Man-in-the-Middle Attack

Monitoring Device Screens

Malicious Employees

Hypervisor Attack

Guest-Hopping Attack

SQL-Injection Attack

Physical Security

Chapter Summary

Key Terms

Chapter Review

Chapter 10 Disaster Recovery and Business Continuity and the Cloud

Understanding the Threats

Threat: Disk Failure

Threat: Power Failure or Disruption

Threat: Computer Viruses

Threat: Fire

Threat: Floods

Threat: Disgruntled Employees

Threat: Lost Equipment

Threat: Desktop Failure

Threat: Server Failure

Threat: Network Failure

Threat: Database System Failure

Threat: Phone System Failure

Understanding Service-Level Agreements

Measuring Business Impact: The Essence of Risk Mitigation

Disaster Recovery Plan Template

Chapter Summary

Key Terms

Chapter Review

Chapter 11 Service-Oriented Architecture

Understanding Service-Oriented Architecture

Web Services Are Not Web Pages

Many Companies Provide Web Services

Discovering Web Services

Understanding Web Service Performance

Web Service and Reuse

Scaling Web Services

Web Services and Loose Coupling

Treating a Web Service as a Black Box

Web Service Interoperability

Web Service Description Language

Governing Web Services

Chapter Summary

Key Terms

Chapter Review

Chapter 12 Managing the Cloud

Know Your Service-Level Agreement

Ensure and Audit System Backups

Know Your System’s Data Flow

Beware of Vendor Lock-In

Source-Code Escrow

Determine Technical Support and Help Desk Procedures

Determine Training Procedures

Know the Provider’s Security Policies and Procedures

Define the Data Privacy Requirements

Know Specifics About the Economics of the Cloud and Return on Investment

Monitor Capacity Planning and Scaling Capabilities

Monitor Audit-Log Use

Solution Testing and Validation

Chapter Summary

Key Terms

Chapter Review

Chapter 13 Migrating to the Cloud

Define the System Goals and Requirements

Protect Your Existing Data

Use an Experienced Cloud Consultant

Know Your Application’s Current Characteristics

Remember Vendor Lock-In

Define Your Training Requirements

Establish a Realistic Deployment Schedule

Review the Budget Factors

Identify IT Governance Issues

Understanding Cloud Bursting

Chapter Summary

Key Terms

Chapter Review

Chapter 14 Mobile Cloud Computing

The Evolution of Mobile Computing

Understanding the G in 3G and 4G

The Mobile Cloud Ecosystem

Introducing the Mobile Players

Pages, Apps, and Widgets

Revisiting the Role of HTML

Mobile Development Considerations

Chapter Summary

Key Terms

Chapter Review

Chapter 15 Governing the Cloud

Understanding Corporate Governance

Understanding Business Strategy

Measure What Is Important

Inspect What You Expect

Understanding Internal Controls

Extending Governance to Information Technology

Cloud Computing Governance

Chapter Summary

Key Terms

Chapter Review

Chapter 16 Evaluating the Cloud’s Business Impact and Economics

Business Economics

Total Cost of Ownership

Economies of Scale

Capital Expenditures

Operational Expenses

Return on Investment

Profit Margins

Moore’s Law and the Cloud

Understanding Right-Sizing

Defining a Large Data Center

Other Economic Key Performance Indicators

Marketing the Cloud

Chapter Summary

Key Terms

Chapter Review

Chapter 17 Designing Cloud-Based Solutions

Revisit the System Requirements

When to Select a Development Environment

Design Is a Give-and-Take Process

Designing for Accessibility

Designing for Audit

Designing for Availability

Designing for Backup

Designing for Existing and Future Capacity

Designing for Configuration Management

Designing for Deployment

Designing for Disaster Recovery

Designing for the Environment (Green Computing)

Designing for Interoperability

Designing for Maintainability

Designing for Performance

Designing for Price

Designing for Privacy

Designing for Portability

Designing for Recovery

Designing for Reliability

Designing for Response Time

Designing for Robustness

Designing for Security

Designing for Testability

Designing for Usability

Chapter Summary

Key Terms

Chapter Review

Chapter 18 Coding Cloud-Based Applications

Creating a Mashup Using Yahoo! Pipes

Creating a Simple Yahoo! Pipe

Using Google App Engine

Creating a Hello, World! Application with Google App Engine

Downloading the Google App Engine Software Development Kit

Deploying a Simple Google App Engine Example

Creating a More Advanced Google App Engine Application

Creating a Windows Azure “Hello, World!” Application

Chapter Summary

Key Terms

Chapter Review

Chapter 19 Application Scalability

Reviewing the Load-Balancing Process

Designing for Scalability

Scaling Up, Scaling Out, or Both

Minimize Objects on Key Pages

Selecting Measurement Points

Analyze Your Database Operations

Evaluate Your System’s Data Logging Requirements

Revisit Your Service-Level Agreement

Capacity Planning Versus Scalability

Scalability and Diminishing Returns

Performance Tuning

Complication Is the Enemy of Scalability

Chapter Summary

Key Terms

Chapter Review

Chapter 20 The Future of the Cloud

How the Cloud Will Change Operating Systems

Location-Aware Applications

Intelligent Fabrics, Paints, and More

The Future of Cloud TV

Future of Cloud-Based Smart Devices

Cloud and Mobile

How HTML5 Will Drive Mobile Applications

Faster Time to Market for Software Applications

Home-Based Cloud Computing

Chapter Summary

Key Terms

Chapter Review

Glossary of Key Terms

Index

Credits

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more