Please note! This essay has been submitted by a student.
Homework 1: Virtualization, Cloud Reference Architectural Concepts
What are other cloud computing reference architectures? How do they compare to NIST’s definition?
a)Mobile cloud computing architecture for computation offloading:
Mobile Computing is a information management platform which does not have time or location constraint. User can access information anytime, from anywhere. Mobile computing is assembly of cloud computing services and mobile services.
One of the biggest problem in mobile computation is resource limitation on mobile devices, which is solved by mobile cloud computing. This is achieved through the concept called as Mobile Computational Offloading. MCO involves the transfer of an application outside a mobile device and allow its execution on a remote computing environment. This remote computing environment can be a virtual machine hosted on a cloud server where the application is allowed to run.
Mobile cloud computing architecture for computation offloading discusses about the idea of dividing the computational task into small individual tasks and offloading of the task will depend on the activity they are performing. For example the if the task is performing CPU related activity, they can be offloaded but activities which require I/O from users are performed on mobile device. In such type of scenario it is very important to take care of dependent activities before making a decision of offloading those tasks. Independent tasks are executed in parallel whereas dependent ones are executed sequentially.
b)Efficient Distributed Cloud Computing Architecture:
In traditional architecture of cloud computing, the resources are located centrally causing the worry of one point failure. Since it provides single entry point, causing limitation of bandwidth, higher latency and increased network traffic.
Distributed cloud computing(DCC) overcomes the limitations in centralized cloud computing architecture. Distributed cloud is formed by gathering together underutilized resources which can perform both the activities of computation and storage. Distributed cloud has data centers located in different region so as if one region goes down, load can be diverted to data center in other regions so as business is not affected.
The resource distributing in DCC takes place by peer-to peer system. Kademlia a popular peer -to – peer protocol in which the hash table containing a 160 bit node id is used to uniquely identify the resources in the network.
Comparing with NIST definition:
According to the definition giving NIST, five essential characteristics are required in cloud computing architecture,
Explain at least two potential ways to integrate AWS services operated by multiple AWS accounts.
AWS organization is a service provided to merge manage multiple AWS accounts into one organization that can be managed centrally. AWS Organizations includes
consolidated billing and account management capabilities that enable you to better meet the budgetary, security, and compliance needs of your business. An administrator creates the organization and invites the existing aws account users to join the organization. Also the new account can be created in the organization. The aws account used to create organization is called Master account. For, compliance purpose you cannot have master account associated with any other aws organization.
Ways to integrate AWS services operated by multiple aws accounts are;
I.AWS Organization console – This is a browser based platform which can be used to create aws organization and manage the resources. As shown in fig1. root folder is where aws organization account information is stored. Organizational Units(ou) can be environments(dev, prod, test) or it can be departments(IT, admin, sales) in the company/firm. Lastly the aws accounts are associated to these OU. Control policies can then be applied to each node which are inherited by the child node. The policy which is applied to the root node will be inherited by entire organization.
AWS organization can be also managed by 1]AWS command line tools, 2]AWS SDK’s and 3] aws organizations HTTP Query API . AWS command line tools is much fasted and convenient as compared to aws organization console.
II.AWS Single Sign-On (SSO)- SSO is user authentication service, where user provides his credentials(username and password) just one time at start of session to access the resources.The Open Group defines SSO as the mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where that user has access permission, without the need to enter multiple passwords.
Amazon integrates aws sso to aws organization to allow the access to aws accounts through existing corporate credentials. With this one can centrally manage the access to multiple aws accounts also we can access many commonly used business applications. Aws sso allows users to manage access to third – party application through SAML(Security Assertion Markup Language) which is secured xml based security mechanism.