Simplicity is the ultimate sophistication.— Leonardo da Vinci

(Italian Painter, Sculptor, Architect andEngineer, 1452-1519)

2.0 INTRODUCTION

In this chapter we will discuss the architectural principleswhich constitute cloud computing services. Cloudcomputing requires co-existence and co-working ofseveral technologies and service providers who togethermake this new model a success. We will understandthe roles played by each one of them and the prevalenttechnologies being used in the cloud computing space.We will also examine the advantages and disadvantagesof some of them.

2.1 ARCHITECTURE DEFINED

The term architecture originates from buildingconstruction where it refers to the art or practice ofdesigning and constructing buildings. While in ordinaryterms it refers to the art form, this term in essence alsoconveys how the functionality is achieved using commonprinciples. In the world of information technology it

Chapter 2Cloud Computing Architecture

Chapter-2.p65 4/21/2012, 12:20 PM27

30 Cloud Computing and Beyond

one of the components is not working properlyalong the access chain, the cloud implementationwill fail.

• Multiple users or multiple tenant applicationdesign: while most discussion happens on theinfrastructure aspect of cloud implementation, theapplication architecture that facilitates multi-userdesign is called multi-tenant architecture. Havinga monolithic application design would createmultiple instant and will make cloud imple-mentation less than optimum. Multi-tenancyfeature distributes costs across a large pool ofusers and better sharing of resources leading tolower costs, higher peak time capacity utilizationand efficiency. We will discuss about it later inthis chapter.

• Pay as you use: This refers to the ability tomeasure (or meter) the usage of cloud basedimplementation so that a charge out mechanismcan be built.

• Ability to reuse resources like hardware andsoftware achieved through virtualization, is yetanother important feature.

2.3 LAYERS OF CLOUD ARCHITECTUREIMPLEMENTATION

Cloud architecture implementation consists of severallayers. On top of these layers is the browser runningon desktops and mobile devices which a user uses toaccess applications hosted on the cloud environment.Cloud user uses Cloud services and applications whichform the next two layers. These services and applicationsrun on software platforms (e.g. Oracle, SAP, .Net etc)which forms the next layer of the cloud architecture.Further down the architecture comprises of

Chapter-2.p65 4/21/2012, 12:20 PM30

Cloud Computing Architecture 31

infrastructure layer having servers, data base, storage,CPU etc. These are shown in figure 2.1

2.4 UNDERSTANDING CLOUD ECOSYSTEM

The cloud computing architecture is implementedthrough several components and players. We willunderstand each one of them through figure 2.2 anddefine their roles and responsibilities.

Users or cloud subscriber: Primarily these are thepeople who use the cloud services either as SaaS, PaaSor IaaS model.

Brokers: While the actual users may want a servicethey will (or may) need an intermediary who representstheir interest and combines various users requirementsinto on standardized requirement. For example, a userwants a driving direction but he will have to need anintermediary who understands and provides theserequirements or may acts a front end. These could becar companies who sell navigational systems or popularweb sites.

Fig. 2.1. Cloud computing layers.

Chapter-2.p65 4/21/2012, 12:20 PM31

32 Cloud Computing and Beyond

The role played by a cloud broker is to act as anintermediary between the cloud provider and the userto make the user transparent from the complexity of thecloud. They play their role as service consumer as wellas service provisioner by doing service intermediation,aggregation and service arbitrage. This entity providesintermediary services like identity management,performance reporting, enhanced security and alsoprovides service aggregations such as data integrationand movement across various cloud users and providers.

Service conceptualizer: These would be people orentity who conceptualize and develop services andpresent them to users/brokers at a fee. So this personconstructs an application and presents to users andbrokers. This entity also hosts this service on the cloudenvironment offered by a cloud service provider.

Resources Allocator: It liaises between the users andthe cloud service provider. This entity takes care ofresources management and guarantees service levels.

Fig. 2.2. Cloud architecture components.

Chapter-2.p65 4/21/2012, 12:20 PM32

Cloud Computing Architecture 33

Cloud Provider: The central player amongst all inthe cloud ecosystem is called cloud provider whoprovides cloud services. e.g., are Amazon, Microsoft,IBM or Google. This entity provides and operatescomputing infrastructure both hardware and softwareto deliver the cloud services to users through theInternet. The role played by the cloud provider will bedifferent depending upon the type of cloud services suchas SaaS, PaaS or IaaS.

1. In case of SaaS the role played by the cloudprovider is to take complete ownership ofapplication and infrastructure and make itavailable to the end-user. In this case the cloudprovider would install, maintain and upgradeapplications and will ensure uptime, responsetime and security aspects of the applicationsoftware. In this case the cloud user haspractically no administrative control on themanagement of application.

2.  However, in case of PaaS, the cloud providerlimits its responsibility to look after theinfrastructure platform. In addition it creates andenables an environment in such a way that thecloud user can develop and deploy its application.The cloud provider creates integrateddevelopment environments (IDEs), softwaredevelopment kits (SDKs), and deployment andmanagement tools. While the end-user managesthe application parameters and controls thebalance responsibility of underlying infrastructuresuch as OS, storage, network etc are managedby the cloud provider.

3. In the most basic of cloud services i.e., IaaS thecloud provider just manages the hardware, hostOS, storage and network and hostinginfrastructure. The only services run by theservice provider are a set of services such as

Chapter-2.p65 4/21/2012, 12:20 PM33

34 Cloud Computing and Beyond

virtual machines and virtual network interfaces.The rest of the overlaying layers are run,managed and controlled by the cloud user. TheIaaS user has far greater control on software,application and also the OS. The cloud provider’sresponsibility includes deployment, combination,management, security, and privacy of the cloudservices.

Service request examiner and controller: Thisperson (or an automated system under monitoring ofan expert) allocates and reallocates resources based onpredefined priority, such as resource availability andcriticality.

Pricer: Based on the request type and paymentplan this person (or an automated system undermonitoring of an expert) does the pricing and accountsfor usage.

VM Monitor: Virtual machine (VM) monitor looksafter the virtual machines and their availability.

The other players in cloud ecosystem are as follows:• The cloud carrier provides connectivity between

the cloud services users and devices such asdesktop computers, laptops, mobile phones, I-phone, I-pad etc.

• Load dispatcher is a system that accepts servicerequests and allocates virtual machines asrequired.

• Monitor of services (MOS) compares the performancelevels of services with the agreed service levels.

• Cloud auditors are independent agencies that checkcloud service control, verify adherence tostandards and examine areas such as privacy andperformance levels. The role played by a cloudauditor is to conduct security audit includingprivacy impact and performance assessment. Useof cloud auditors is necessary to minimize

Chapter-2.p65 4/21/2012, 12:20 PM34

Cloud Computing Architecture 35

disputes between the users and the providers andalso to recognise weak areas. Usually these areobjective agencies set up by the standardsorganizations aided or supported by thegovernment bodies. Like credit rating agencieswho specify the reliability of the investmentproposals (such as mutual funds) or otheragencies who specify fire safety standards ofbuildings, the need of cloud auditors is necessary.Such a third party agency can make periodicchecks if the data backups are being taken, dataarchives are being maintained, data privacy orencryption are being done or other controls arebeing enforced.

2.5 CLOUD ARCHITECTURAL COMPONENTS

Cloud computing architecture comprises two maincomponents, front-end and the back-end.

• The part which is visible to the end-user is calledthe front-end. This comprises the desktop or anyother end-user device (mobile phone, I-pad etc.),browser and network.

• The remaining part of the cloud computingarchitecture is hidden behind the network thatcomprises various applications, software,computers and data storage devices.

Cloud architecture encompasses a variety of systems andtechnologies as well as service and deployment models, andbusiness models2. It is mix of three sub-architectures, viz.,business, technical and operational. As we have seen

2 NIST Special Publication 800-146, DRAFT Cloud Computing Synopsisand Recommendations, Recommendations of the National Institute ofStandards and Technology, http://csrc.nist.gov/publications/nistpubs/index.html.

Chapter-2.p65 4/21/2012, 12:20 PM35

36 Cloud Computing and Beyond

the architecture designs the sub-elements and theirinterfaces with each other to achieve the end objectives,these subdivisions together complete the cloudarchitecture.

• Business architecture designs the business aspectsof the cloud services covering pricing, servicecontract, and cost models. It also entails thebusiness model and its communication to variousstake holders.

• Technical architecture details out the design ofvarious cloud components. It covers amongstothers which cloud platform to adopt, creating astructure of various cloud components showingrelationships, choice of middleware and securityconsiderations.

• Operational architecture covers operationalfeasibility, network availability, legal issuesrelated with location of hosting of data,monitoring of operational performance

Figure 2.2 shows various clouds architecturecomponents and their relationship.

Management of cloud includes activities such asevent management, configuration and compliance,provisioning of resources, workload balancing andservice integration.

Security of cloud includes features such as identityand access management, data encryption, segregationbetween the users and protection, VM isolation, secureVM migration, virtual network isolation, securityintelligence and software, platform, and infrastructuresecurity and security event and access monitoring.Security ensures:

• Access authentication and authorization• Ensuring uninterrupted availability• Maintaining client confidentiality• Subscriber identity management

Chapter-2.p65 4/21/2012, 12:20 PM36

38 Cloud Computing and Beyond

an agile cloud infrastructure which is designed for quickaccess of security features enabled virtual serverenvironments. This can be used for development, testas well for web hosting, developing application pilot,running statistical model and conducting researchactivities. This is an infrastructure as a service (IaaS)cloud offering. This provides features such as:4

• Software licensing options by choosing from cloudasset catalogue containing wide range of ready-to-deploy software.

• Flexibility to deploy open source software orother owned licensed software on cloud virtualmachines.

• Choose and use appropriate workloads (softwareproducts and services).

• Users can configure their x86 servers and storagein the cloud.

• User can set up a global, private or public,enterprise web file sharing system.

• Facility to use virtual private networks, firewallsand filtering of network traffic.

• Ability to create user configured platform-as-a-service and software-as-a-service offerings.

• Delivers at least 99.5 per cent availability.

IBM cloud offers all services across planning, designand implementation and operations of cloud services5.

• IBM Cloud Planning services include cloudreadiness assessment, ROI and migrationstrategies. In addition it will help enterprises toassess and build a security roadmap with IBMProfessional Security Services.

4 Refer www.ibm.com/cloud/solutions/enterprise for further detailsaccessed 140120125 Source IBM Web site : http://www-935.ibm.com/services/in/gts/cloud/accessed 14012012

Chapter-2.p65 4/21/2012, 12:20 PM38

Cloud Computing Architecture 39

• After planning, IBM can help in building cloudplatform using IBM SmartCloud Enterprise. IBMCloud Service Provider Platform (CSP2)accelerates and simplifies deployment of acomplete cloud services environment.

• Finally, the cloud hosted applications can beaccessed through IBM cloud delivery platformwhich in addition gives on-line collaboration toolsfor file sharing, web conferencing and instantmessaging with IBM LotusLive™ CollaborationSuite. IBM Information Protection Services allowsbackup of data and integration of applicationswith Cast Iron Systems6.

• IBM also offers IBM CloudBurst 2.1™ solutionusing IBM BladeCenter® platform which expandscore service management capabilities acrosshardware, middleware and applications.

• Other services offered by IBM on cloud are:• Business continuity and resiliency services (BCRS)

and BCRS information protection services.• IBM vulnerability management services to

assess vulnerability, its remediation, andcustomizable reporting.

• IBM managed email and web security toprotect from spam, viruses, worms, spyware,and unwanted content for hosted email7.

IBM Cloud Implementation

IBM cloud environment is supported through threebuilding blocks, virtualisation, service delivery managerand Tivoli automated monitoring. We will explain eachone of them in the following section.

6 Some of the terminologies used are IBM trade mark protected ones.7 http://www-935.ibm.com/serv ices/in/gts /cloud/workload-solution/accessed 14012012

Chapter-2.p65 4/21/2012, 12:20 PM39

40 Cloud Computing and Beyond

• Availability of virtualized infrastructure: Thisincludes virtualized server, storage, applicationinfrastructure and networking virtualizationservices.

• IBM Service Delivery Manager is a self-serviceportal for users to reserve resources (hardware,software and network) in an automatedprovisioning and de-provisioning mode. Theusers can also monitor cloud resources and seehow the usage and accounting chargeback isbeing done.

• IBM Tivoli® Service Automation Managerfeature helps the users to request, deploy,monitor and manage cloud computing services.Advantages claimed by IBM are reduced skillrequirements and faster deployment. This alsohas IBM CloudBurst™ capability to provideextension of private cloud and integrates withIBM WebSphere® CloudBurst. It supports Linuxoperating systems supported and its NetAppStorage Extension helps entire life cycle of (StaaS- Storage as a Service) and management of filesystems with VMWare virtual machines.

2.8 AMAZON ELASTIC COMPUTE CLOUD (EC2)8

Amazon Elastic Compute Cloud (EC2) offerings of cloudincludes a web service which can be expanded ondemand and computing capacity can be built to hostdifferent software systems. Thus it helps the softwaredesigner to easily make web-scale computing and theycan create, launch, and terminate server instances asneeded. Since they can pay hourly rate to active serversthis is called Elastic Compute.

8 http://aws.amazon.com/ec2/ accessed 14012012

Chapter-2.p65 4/21/2012, 12:20 PM40

42 Cloud Computing and Beyond

scalable non-relational data store that offloads the workof database administration. SimpleDB helps in creatinggeographically dispersed data automatically to facilitatehigh availability and data durability. The charges of thisservice are only for the amount of data stored orcomputing power consumed for query, read or write.

Access of various user instances are facilitatedthrough assigning two addresses—a private and a publicIP address. For example, a replacement instance willhave a different public IP address. Amazon EC2 alsooffers Elastic IP addresses (static IP addresses) fordynamic cloud computing.

Amazon EC2 offers other features such as loaddistribution, load balancing and cloud monitoring tools.It also provides API for starting computing instanceswith any of the operating systems supported.

2.9 MICROSOFT WINDOWS AZURE9

Microsoft also offers a cloud platform in the name ofWindow Azure. This is a development, hosting, andmanagement environment and facilitates enterprise-levelon-demand computing capacity, such as computingpower and storage on-request for a cost. For usingAzure Cloud features one needs to use Azure API.

Windows Azure is hosted in Microsoft data centreand provides OS, development tools to build web basedapplications which can also have interface with localdevices. These applications can be developed usingVisual Studio development environment and the .NETFramework. It also supports multiple Internet protocols,including HTTP, REST, SOAP, and plain XML. Itsvarious supporting components are as follows:

• SQL Azure gives e Microsoft SQL Servercapabilities for cloud based application to store

9 For more details refer to http://www.azurepilot.com/ accessed 14012012

Chapter-2.p65 4/21/2012, 12:20 PM42

Cloud Computing Architecture 43

structured, semi-structured, and unstructureddata.

• Windows Azure Marketplace is an onlinemarketplace for application developers to buy andsell code, components, training, service templates,and many other features that are needed fordeveloping Windows Azure applications.

• Windows Azure Services helps in collaborationacross organizational boundaries by maintainingsecurity across domains with simplicity. It givesauthentication and access control features usingpowerful, secure, standards-based infrastructure.

• Windows Azure HPC Scheduler gives modulesand features to launch and manage high-performance computing (HPC) applications withinwithin a Windows Azure service.

2.10 GOOGLE APP ENGINE

Google App Engine enables development environmentfor developers to design, develop and deploy Java andPython-based applications in Java, Go and Pythonenvironment.

It promises same reliability, availability andscalability at par with its own applications.

Interface is software programming based. It alsoprovides comprehensive programming platformirrespective of the size (small or large) for its users.Some of the useful features include range of templatesand appspot, excellent monitoring and managementconsole for cloud based applications.

2.11 ACADEMIC AND COMMUNITY CLOUDINITIATIVES

We have discussed about community cloud to define

Chapter-2.p65 4/21/2012, 12:20 PM43

Cloud Computing Architecture 45

facilitated through large computing capabilities usingmulti-core servers and storage, large bandwidth andvirtualization.

All this led to the development and need of highpowered computing such as data mining, searchinginformation across web pages (Google, Bing and Ask).In the current knowledge economy data is an importantasset to any organization. By churning huge data basesnew knowledge can be discovered and that need anexpandable, as required capacities. In addition newerprogramming models, and supporting algorithms anddata structures are needed to search this maze of dataof various types.

Google File System: It was created to addressmassive data search of write once and read many(WORM) data typically found in web pages. Googledeveloped MapReduce operation run on a special filesystem called Google File System (GFS) which is highlyoptimized for this purpose. Data contained on theInternet pages are very large in number. The averagenumber of the Internet pages cross peta scale. This datais different from traditional business data stored onenterprise servers. They are not “write once and readmany times” as in enterprise systems. Here the datachanges is fast, is volatile and grows. In order toaddress searching this large data Google created itsGoogle file system (GFS). Google MapReduce algorithmrun on this optimized file system. GFS usage Map reducealgorithm which is explained in the subsequent section.

However GFS is not open source.Google MapReduce10 is a programming model used

by Google for processing large amount of data whileperforming the web based searches. Google is known

10 — Reference: Dean, J. and Ghemawat, S. 2008. MapReduce:simplified data processing on large clusters. Communication of ACM51, 1 (Jan. 2008), 107-113.

Chapter-2.p65 4/21/2012, 12:20 PM45

Cloud Computing Architecture 47

AJAX uses a combination of XMLHttpRequest objectJavaScript/DOM (to display/interact with theinformation), CSS (to style the data) and XML (oftenused as the format for transferring data). AJAXapplications are browser and platform independent andtherefore can be used in any application effectively. Onegood example of AJAX is GoogleSuggest which usesAJAX , send the letters being types in Google tool barthrough a JavaScript to a server and the server returnsa list of suggestions.

Mashup application uses and combines data,presentation or functionality from two or more sourcesto create new services. This became popular to describecombined features or functions of more than one websitewith another. General-purpose functionality Mashups arelikely to be promoted by market-leading webdevelopment companies such as Google. The termimplies easy, fast integration, frequently using open APIsand data sources to produce enriched results that werenot necessarily the only reasons for producing the rawsource data.

SUMMARY

In this chapter we discussed the architectural principleswhich constitute cloud computing services. We definedthe essential features of cloud architecture which areflexible, scalable, standard, reliable, using open sourceproducts, interoperable with wider variety ofinfrastructure and facilitating multiple users or multipletenant application design. Cloud architecture alsofacilitates pay as you use features and ability to reuseresources.

We then described the various layers of cloudarchitecture implementation and developed theunderstanding of cloud ecosystem covering various

Chapter-2.p65 4/21/2012, 12:20 PM47

Chapter-2.p65 4/21/2012, 12:20 PM50