Cloud Technology Associaet...Cloud Technology Associaet +

Cloud Technology Associate +

Copyright and Disclaimer

Cloud Technology Associate + | r3.0.0

CopyrightCopyright © 2018 Cloud Credential Council. All rights reserved.

This is a commercial confidential document. All rights reserved. This document may not, in a whole or in part, be copied, reproduced, translated, photocopied, or reduced to any medium without prior and express written consent from the publisher.

This course includes copyrightable work under license and is protected by copyright. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law or further disseminated without the express and written permission of the legal holder of that particular copyright. The Publisher reserves the right to revoke that permission at any time. Permission is not given for any commercial use or sale of this material.

Trade MarksCloud Credential Council® is a registered trademark.

DisclaimerInformation provided about the course, modules, topics and any services for courses including simulations or handouts, are an expression of intent only and are not to be taken as a firm offer or undertaking. The Publisher reserves the right to discontinue or vary or maintain such course, modules, topics, or services at any time without notice and to impose limitations on enrolment in any course.

The course materials provided may have hypertext links to a number of other web sites as a reference to users. This service does not mean that the publisher endorses those sites or material on them in any way. The publisher is not responsible for the use of a hypertext link for which a commercial charge applies. Individual users are responsible for any charges that their use may incur.

The information in this course is written using a blend of British and American English. Although every effort has been made regarding the usage of correct spelling, punctuation, vocabulary, and grammar with regard to the Standard English, the publisher accepts no responsibility for any loss or inconvenience caused due to the regional differences in the usage of the English language.

ii

AcknowledgementsWe would like to sincerely thank the experts who have contributed to the development of the Cloud Technology Associate + course.

Lead Author

Sudhakar Nagasampagi, Cloud SME, ITpreneurs

Sudhakar Nagasampagi is a 28+ year experienced IT professional with expertise in several technologies such as Cloud Computing, Virtualization, DevOps, IoT, Cybersecurity, Machine Learning, etc. In addition, he is a project management (PMP) and service management (ITIL) professional. He has worked in the US for 10 years in Fortune 500/1000 companies, particularly in software development, training, and project management.

He is currently a Cloud Credential Council (CCC) accredited master trainer in Cloud and Virtualization Essentials. He is a master trainer in cloud computing for TUV-SUD South Asia. Additionally, he holds cloud computing certifications from EXIN, Rack Space, VMware, Arcitura Education Inc., Alison, etc. He is an active partner and accredited trainer for DevOps Fundamentals from DASA. He also delivers trainings in AWS related courses such as Cloud Practitioner, Solutions Architect Associate, SysOps Admin Associate, Security Specialty, and AWS DevOps.

He is the lead author for the Cloud Technology Associate (CTA) and IoT Foundation courses (CCC), lead author of the Cybersecurity Overview course (ITpreneurs), co-author and lead author of Cyber Resilience Foundation and Practitioner courses respectively (AXELOS & ITpreneurs).

He is an active speaker and trainer in national/international events on cloud and other related topics. He participated as a speaker in the World Cloud Forum 2014 held at Dubai, UAE on Cloud Security, at Dr. Dobbs Conference on “Hybrid Clouds” at Pune, conducted a 2 day workshop in Bahrain (BITEX 2014) on “Planning, Managing, Implementing and Supporting Your Organization Cloud Computing” and 3 days training on AWS DevOps in Malaysia (2018). He is a Subject Matter Expert (SME) in cloud computing and other technologies and has contributed as an official blogger for CCC, EXIN, and Simplilearn in the topics of cloud computing. He is an alumnus of the Microsoft Bizspark program, a linkedin member of the Cloud Security Alliance (CSA) and a member of several professional organizations.

Copyright © 2018 │ iii

Course OverviewThe Cloud Technology Associate+ course aims to explore a few additional and advanced concepts related to cloud, virtualization, and various other terminologies which are seamlessly blended with latest digitization trends and technologies.

Cloud security advantages, top cloud risk areas, different types of risks and vulnerabilities, trends in cloud security, and main governance issues are covered in the cloud security, risks, and governance section of this course.

Finally, application migration strategies, few cloud failure incidents, and certain recommendations and best practices for adopting the cloud are explained.

Course Learning ObjectivesAt the end of this course, you will be able to:

� Explain the hazardous and disingenuous cloud computing myths and misconceptions.

� Define additional cloud terminologies and concepts.

� Identify the different virtualization aspects.

� Learn about the additional digital disruptive technologies and digitization trends.

� Understand the additional concepts in cloud security, risks, and governance.

� Identify the best practices for adopting the cloud.

1

Copyright © 2018 │ 1

Case StudyThe course includes a case study based on adopting the cloud services in an organization called “Go-Cloud”. This case study will help you to recap and apply the concepts learned in the course.

Lab ActivitiesThis course contains two lab exercises which will allow you to get hands-on experience on the Amazon Web Services (AWS) cloud. These exercises are:

� Creating and launching virtual machines known as Amazon EC2 (Elastic Compute Cloud) instances

� Uploading objects to S3 (Simple Storage Service) storage

Performing these lab exercises will require an Internet connection and an AWS account. Both the exercises are engaging and will allow you to enhance your understanding and knowledge of using virtual machines and storage in the cloud.

ExamAt the end of the course, an exam will be conducted. The exam details are:

Bloom Level: 1 and 2

Question Type: Multiple-Choice Questions (MCQs)

Question Number and Passing Mark: 30 questions with a minimum passing rate of 65%

Time: 45 minutes (15 minutes additional for non-native English candidates)

Exam Type: Closed-Book

Suggestion: Recommended that participants take the exam after the completion of the course

Cloud Computing myths and misConCeptions

Cloud Computing – myths and misconceptions

According to Gartner, many businesses are adopting cloud and are having huge impacts across various sectors and fields of businesses. However, the cloud is easily vulnerable to misconceptions because of its nature and hype environment. Businesses which are planning to move to the cloud to reap its benefits are now thinking twice because

2 │ Copyright © 2018

Self-Study Guide | Cloud Technology Associate +

of some unfolded concerns. The top most myths and misconceptions about cloud computing are:

� Myth 1: Cloud is Always About Money: While prices are going down, especially for Infrastructure as a Service (IaaS) services, not all cloud service pricing is coming down, for example, most Software as a Service (SaaS) applications. Assuming that the cloud always saves money can lead to career-limiting promises. Saving money may end up to one of the benefits, but it should not be taken for granted.

� Myth 2: You Have to be Cloud to be Good: This is the demonstration of extensive “cloud washing.” Some cloud washing is accidental and a result of legitimate confusion, while some is based on a mantra that something cannot be “good” unless it is cloud. IT organizations are also increasingly calling many things cloud as a part of their efforts to gain funds and meet vague cloud demands and strategies. The resultant myth is that people are falling into the trap of believing that if something is good it is because of cloud.

� Myth 3: Cloud Should be Used for Everything: Related to Myth 2, this refers to the belief that the actual characteristics of the cloud are applicable to, or desirable for, everything. Clearly, there are some use cases where there is a great fit, however, not all applications and workloads benefit from the cloud. Unless there are cost savings, moving a legacy application that doesn’t change is not a good factor.

� Myth 4: “The CEO Said So” Is a Cloud Strategy: When asked about what is their cloud strategy, many companies don’t have one and the default is often (stated or not) that they are just doing what their CEO wants. This is not a cloud strategy. A cloud strategy begins by identifying business goals and mapping potential benefits of the cloud to them, while mitigating the potential drawbacks. Cloud should be thought as a means to an end.

� Myth 5: We Need One Cloud Strategy or Vendor: Cloud computing is not one thing and a cloud strategy has to be based on this reality. Cloud services are broad and span across multiple levels (IaaS, PaaS, SaaS), models (“lift and shift,” cloud native), scope (internal, external) and applications. A cloud strategy should be based on aligning business goals with potential benefits. Those goals and benefits are different in various use cases and should be the driving force for any business, rather than attempts to standardize cloud strategy.

� Myth 6: Cloud is Less Secure than On-Premises Capabilities: Cloud computing is perceived as less secure. This is more of a trust issue than based on any reasonable analysis of actual security capabilities. Till date, there have been very few security



breaches in the public cloud; most breaches continue to involve in on-premises data center environments. While cloud providers have to demonstrate their capabilities, once they have done, there is no reason to believe that their offerings are not secure.

� Myth 7: Cloud is Not for Mission-Critical Use: Cloud computing is neither everything nor nothing. It is being adopted in steps and in specific cases. Therefore, it is not surprising that early use cases are not mainly for mission-critical systems. However, many organizations have progressed beyond early use cases and experimentation and are utilizing the cloud for mission-critical workloads. There are many enterprises that are “born in the cloud” and running their business (clearly mission-critical) completely in the cloud.

� Myth 8: Cloud = Data Center: Most cloud decisions are not related to closing down the data centers and moving everything to the cloud. Neither it should be done in a vacuum, that is, there should be a data center space for things not in the cloud and, if things are moved out of the data center, there are implications, nor should a cloud strategy be equated with a data center strategy. However, they are not the same thing. In general, data center outsourcing, data center modernization and data center strategies are not synonymous with the cloud.

� Myth 9: Migrating to the Cloud Means You Automatically Get All Cloud Characteristics: Don’t assume that “migrating to the cloud” means that the characteristics of the cloud are automatically inherited from lower levels (such as IaaS). Cloud attributes are not transitive. This distinguishes the applications hosted in the cloud and from cloud services. There are “half steps” to the cloud that have some benefits which can be valuable. However, they do not provide the same outcomes.

� Myth 10: Virtualization = Private Cloud: Virtualization is a commonly used enabling technology for cloud computing. However, it is not the only way to implement cloud computing. Not only necessary, but it is not sufficient either. Even if virtualization is used (and used well), the result is not cloud computing. This is most relevant in private cloud discussions where highly virtualized, automated environments are common and, in many cases, are exactly what is needed. Unfortunately, these are often erroneously described as “private cloud.”



Cloud terminologies

Content delivery network

A Content Delivery Network or CDN is a system of strategically positioned, replicated, or cached servers around the globe. The main goals of the CDN are speed, scalability, and high availability.

9Copyright © 2018 |

Cloud Technology Associate+ Content Delivery Network

A Content Delivery Network or CDN is a system of strategically positioned, replicated, or cached servers around the globe. The main goals of the CDN are speed, scalability, and high availability.

Legends

The primary benefits of using the traditional CDN services are: � Improved Web page load time to prevent users from abandoning

a slow-loading site or an e-commerce application where purchases remain in the shopping cart.

� Improved security from a growing number of services that include DDoS mitigation, WAFs, and bot mitigation.

� Increased content availability because CDNs can handle more traffic and avoid network failures better than the origin server that may be located several networks away from the end user.

� A diverse mix of performance and Web content optimization services that complement the cached site content.

How does a CDN work?

The process of accessing the content cached on a CDN network edge location is always transparent to the user. The CDN management software dynamically calculates which server is located nearest to the requested user and delivers content based on those calculations. The CDN server at the network edge then communicates with the content original server to make sure that any content that has not been cached previously is also delivered to the end user. This not only eliminates the distance that content travels, but also reduces the



number of hops a data packet must make. This results in lesser loss of data packets, optimized bandwidth, and faster performance, which minimizes timeouts, latency and jitter, and therefore, improves the overall user experience. In the event of an Internet attack or outage, the content hosted on a CDN server will remain available to at least some users.

Vertical Cloud

Vertical cloud is a cloud computing environment optimized for use in a particular vertical, that is, industry or application. The various cloud computing vertical markets are:


Cloud Technology Associate Plus Vertical Cloud

Vertical cloud is a cloud computing environment optimized for use in a particular vertical, that is, industry or application. The various cloud computing vertical markets are:

Various Cloud Computing Vertical

Markets

Human resource management

Finance

Healthcare

Public sector

Education

Retail

Transportation

Cloud service providers tailor vertical cloud offerings to specific industries rather than having one in general. Service providers provide specialized services, apps, and analytics to suit the particular needs of its customers. Organizations and industries tend to benefit a lot from such arrangements as the cloud hosting provider knows its customers’ space, how they conduct business, their particular needs, their regulatory environment, their security requirements, and build their services around these needs and specifications.

For example, a vertical cloud product intended for the healthcare industry may have tools specially designed to work with electronic health records or medical imaging files.

Food For ThoughTTry to think some more examples of the vertical markets associated with cloud computing.



Virtual private Cloud

A Virtual Private Cloud (VPC) is the logical division of a service provider’s public cloud multi-tenant architecture providing the benefits of a virtualized private network while using public cloud resources.


Cloud Technology Associate Plus Virtual Private Cloud

A virtual private cloud (VPC) is the logical division of a service provider's public cloud multi-tenant architecture to support private cloud computing in a public cloud environment providing the benefits of a virtualized network while using public cloud resources.

Public Cloud

Virtual Private Cloud

Private Cloud Private Cloud

Off-Premise at Third-Party Facility

Off-Premise at Third-Party Facility Enterprise Network (Internal Data Centers/Facilities)

Off-Premise at Internal Enterprise Facility

A VPC isolates your data from data belonging to other companies both in transit and in the cloud provider’s network helping you to create a more secure environment. It connects to remote networks through a Virtual Private Network (VPN) connection. Some cloud providers even provide a direct leased line from the cloud to the data center that ensures constant bandwidth and stable performance. A VPC is therefore considered to be an extension of an organization’s on-premise data center.

A VPC provides you the security of a private cloud and the scalability and costs associated with the public cloud. This has therefore become the most popular deployment model with many organizations.

A VPC is ideal for companies, such as healthcare and financial organizations who are dealing with regulatory compliance and are seeking for high levels of security, privacy, and control. Businesses also find VPC an ideal solution for running mission-critical applications.



Cloud portability

Cloud portability is the ability to move platform components, applications, and data from one cloud computing environment to another with minimal disruption. The three cloud portability categories are:


Cloud Technology Associate Plus

Application components across cloud PaaS services and traditional computing platforms

Platform Source Portability: Platform components across cloud IaaS services and non-cloud infrastructure

Machine Image Portability: Bundles containing applications and data with their supporting platforms

Data components across different applications

Cloud Portability

Cloud portability is the ability to move platform components, applications, and data from one cloud computing environment to another with minimal disruption. The three cloud portability categories are:

Cloud Portability

Data Portability

Application Portability

Platform Portability

Cloud Portability Categories

Cloud portability becomes a major concern due to the challenge of vendor lock-in. Proprietary technologies, protocols, and formats limit seriously the ease with which an organization can migrate from one service provider to another, as per the requirements.

Cloud interoperability

Cloud interoperability is the ability of customers to use the same management tools, server images, and other software with a variety of cloud computing providers and platforms.


Cloud Technology Associate Plus Cloud Interoperability

Cloud Interoperability is the ability of customers to use the same management tools, server images and other software with a variety of cloud computing providers and platforms.

The ability of two or more systems, applications, or components to exchange and use information.

The ability of systems to provide and receive services from other systems and to use the services so interchanged to enable them to operate effectively together.

Cloud 1 Cloud 2

� The ability of two or more systems, applications, or components to exchange and use information.

� The ability of systems to provide and receive services from other systems and enable these services to operate effectively together.

Food For ThoughTFind out some other definitions of cloud interoperability and ponder over the similarities and differences between these definitions.



Cloud orchestration

Cloud orchestration is a service that allows you to create, update, and manage groups of cloud resources and their software components as a single unit and then deploy them in an automated, repeatable fashion via a template. Cloud orchestration enforces a workflow order to automated tasks, and enhances the security within identity and access management policies. It can also unite disparate cloud deployments to work together for a given workload.


Cloud Technology Associate+ Cloud Orchestration

Cloud orchestration is a service that allows you to create, update, and manage groups of cloud resources and their software components as a single unit and then deploy them in an automated, repeatable fashion via a template. Cloud orchestration enforces a workflow order to automated tasks, and enhances the security within identity and access management policies. It can also unite disparate cloud deployments to work together for a given workload.

Adapted from https://searchitoperations.techtarget.com/definition/cloud-orchestrator

Compliance with security requires authorization

Microsoft Azure

Amazon Web Services

Deploy monitoring agents with

presetthresholds to

track application performance

User requests additional

copies of an application to scale capacity

Spin up four VMs with dedicated storage

Configure VMs for network, application

requirements

Deploy an application to the cloud with

available capacity Deploy

monitoring agents with

presetthresholds to

track application performance

Automation and Orchestration work together to deliver services and applications on cloud infrastructure

Adapted from https://searchitoperations.techtarget.com/definition/cloud-orchestrator

Cloud orchestration is of best interest to many IT organizations as a way to speed the delivery of services and reduce costs. It is typically used to provision, deploy, or start servers, acquire and assign storage capacity, manage networking, create virtual machines, and gain access to specific software on cloud services. This is accomplished through three attributes of cloud orchestration: service, workload, and resource orchestration. An orchestration platform can integrate permission checks for security and compliance.

Cloud orchestration technology must work with heterogeneous systems, potentially servicing a global cloud deployment in different geographical locations and with different providers. Many cloud orchestrator users use public cloud and private deployments. It brings high availability, scaling, failure recovery, dependency management, and numerous other tasks and attributes into a single process that can tremendously reduce effort and time. Orchestration also provides visibility into resources and processes that simple cloud automation lacks, for example, a business can regulate capacity through predefined resource templates for application deployment and track who requests for these resources.

Food For ThoughT• Try to think some more examples

of the cloud orchestration vendors and their products.

• Try to think some more differences between cloud orchestration and automation.



Cloud Orchestration Versus Automation

Automation is a subset of orchestration, which means that orchestration provides coordination among and across many automated activities. Automation focuses on making one task repeatable rapidly with minimal operator intervention whereas orchestration works on the whole.

Cloud service level agreements

A Cloud Service Level Agreement or Cloud SLA is a documented agreement between the cloud service provider and a cloud service customer that identifies services and associated quality levels, that is, Cloud Service Level Objectives or SLOs.


Cloud Technology Associate Plus Cloud Service Level Agreements

A Cloud Service Level Agreements or Cloud SLAs is a documented agreement between the cloud service provider and cloud service customer that identifies services and associated quality levels, that is, Cloud Service Level Objectives or SLOs.

Client Provider

SLA

Service Delivery

Service Requirement

A Cloud SLA ensures the levels of reliability, availability, and responsiveness to systems and applications, while also specifying who will govern when there is a service interruption.

A cloud infrastructure can span geographies, networks, and systems that are both physical and virtual. While the exact metrics of a cloud SLA can vary by service provider, the areas covered are uniform, such as volume and quality of work, including precision, and accuracy such as speed, responsiveness, and efficiency. It aims to establish a mutual understanding of the services, prioritized areas, responsibilities, guarantees, and warranties provided by the service provider.

A Cloud SLA will commonly use technical definitions that quantify the level of service, such as mean time between failures or mean time to repair, which specifies a target value for service-level performance. Metrics and responsibilities among the parties involved in cloud configurations are clearly outlined, such as the specific amount of response time for reporting or addressing system failures.

A Cloud SLA covers governance, security specifications, compliance, performance, and uptime statistics. It addresses security and encryption practices for data privacy, disaster recovery expectations, data location as well as data access and portability. It should also include an exit strategy that outlines the expectations of the provider to ensure a smooth transition.



Cloud testing

Cloud testing is the process of testing the performance, scalability, and reliability of Web applications in a cloud computing environment. As compared to a traditional on-premise testing environment, cloud-based testing offers various benefits to users such as pay-per-use pricing, scalability, flexibility, and reduced time to market.


Cloud Technology Associate Plus Cloud Testing

Cloud testing is the process of testing the performance, scalability, and reliability of Web applications in a cloud computing environment. As compared to a traditional on-premises testing environment, cloud-based testing offers various benefits to users such as pay-per-use pricing, flexibility, and reduced time to market.

Functional End-to-end business flow

testing Test automation Integration testing Data migration testing Exploratory testing

Compatibility testing Multi-tenancy testing Disaster recovery testing

Cloud Specific

Security Testing Application Network Compliance

Performance Testing Load testing Scalability Availability Volume

Non-Functional

Cloud Apps Testing

Chargeback

Chargeback is an act or policy of allocating the cost of an organization’s centrally located resources to the individuals or departments which use them.


Cloud Technology Associate Plus Chargeback

Chargeback is an act or policy of allocating the cost of an organization's centrally located resources to the individuals or departments which use them.

Adapted from https://www.newsignature.com/wp-content/uploads/2013/01/scsm2012sp1_chargeback_3.png

Adapted from https://www.newsignature.com/wp-content/uploads/2013/01/scsm2012sp1_chargeback_3.png

In the cloud computing world, chargeback is an IT term used for recovering the cost of providing cloud computing services from the service consumers, that is, making the consumer pay for the usage.

Chargeback users can be tempted to provision resources that they don’t require. This drives up the overall IT cost as more servers, storage, and software licenses are required.



The characteristics of a successful chargeback solution are: � It helps to allocate the costs of shared IT infrastructure

based on the relative consumption by the users. This creates transparency and win-win situation between the IT department and the IT consumers.

� It also helps the users to understand how their consumption translates into cost when it comes to their use of IT resources. This also gives them control of their IT costs, as moderate usage will translate into a lower charge at the end of the month.

� It helps to ensure that IT resources are used for activities that deliver business value. It facilitates capacity planning, forecasting, and budgeting.

� It also improves the overall utilization of IT infrastructure as IT resources.

When designing or evaluating a chargeback service, you need to create a chargeback model with the following characteristics:

� Accurate: Evaluate charges for actual resource usage

� Auditable: Store and retrieve detailed records on all charges to handle billing inquiries and disputes

� Flexible: Modify easily to handle pricing variations

� Scalable: Scale components easily to handle cloud-sized workloads

Virtualization

paravirtualization

� Is a technique that presents a software interface to VMs, which is similar but not identical to that of the underlying hardware

� Enables guest servers to be aware of each other’s existence

� Has better performance than bare-metal and hosted hypervisors

With paravirtualization, any software that is running on a virtual system will be able to work directly on the underlying physical system hardware. That is, the software itself on the virtual machine’s guest operating system will be able to make calls on the hardware directly instead of relying just on the virtual machine to make the necessary calls for it. Because of this, performance is increased without the need of sacrificing any computing power.The following figure shows the structure of paravirtualization where the guest operating systems are modified to provide better performance than bare-metal hypervisors.




Cloud Technology Associate Plus Paravirtualization

The following figure shows the structure of para-virtualization where the guest operating systems are modified to provide better performance than bare-metal hypervisors.

Paravirtualized Hypervisor

PARAVIRTUALIZATION

Applications

Guest OS

Modification

Applications

Guest OS

Modification

Applications

Guest OS

Modification

Applications

Guest OS

Modification

Host OS

Hardware

hardware assisted Virtualization (accelerated Virtualization)

� A platform virtualization approach that enables efficient full virtualization using help from hardware capabilities, primarily from the host processors.

� It has better performance than bare-metal and hosted hypervisors.


Cloud Technology Associate Plus Hardware Assisted Virtualization (Accelerated Virtualization)

A platform virtualization approach that enables efficient full virtualization using help from hardware capabilities, primarily from the host processors.

Has better performance than bare-metal and hosted hypervisors.

Note: Hardware assistance refers to two independent technologies created by Intel and AMD, which improve processor performance and support I/O virtualization and memory virtualization. Intel VT-x and AMD-V started being introduced into CPU designs in 2005.

Source: tekeye.biz

Note: Hardware assistance refers to two independent technologies created by Intel and AMD, which improve processor performance and support I/O virtualization and memory virtualization. Intel VT-x and AMD-V started being introduced into CPU designs in 2005.Source: tekeye.biz



Hardware assisted virtualization changes the access to the operating system itself. x86 operating systems are designed to have direct access to run system resources. With software virtualization the virtual machine manager emulates the required hardware to the operating system. With hardware assisted virtualization, the operating system has direct access to resources without any emulation or operating system modification.

Virtual appliances

� Defined as prebuilt software solutions comprising one or more virtual machines that are packaged, updated, maintained, and managed as a unit.

� Examples include virtual firewalls and load balancers.


Cloud Technology Associate+ Virtual Appliances

Defined as prebuilt software solutions comprising one or more virtual machines that are packaged, updated, maintained, and managed as a unit.

Examples include virtual firewalls and load balancers.

A single pre-integrated, pre-tested patch for the OS and applications.

Adapted from imagicle.com

Virtualization Layer

VAVIRTUAL APPLIANCE


A Virtual Appliance (VA) is a Virtual Machine (VM) image file consisting of a pre-configured operating system environment and a single application. The purpose of a virtual appliance is to simplify delivery and operation of an application. To this end, only necessary operating system components are included.

Deploying an application as a virtual appliance can eliminate problems with installation and configuration, such as software or driver compatibility issues. Users can simply download a single file and run the application. Resources required for maintenance are also reduced. Virtual appliances have proven useful in deploying network applications and in the Software as a Service delivery model, where the simplicity of the virtual appliance can help improve economies of scale.

There are two types of virtual appliances, closed and open. A closed VA is always packaged, distributed, maintained, updated, and managed as a unit. An open VA is accessible to customers for modifications. Developers can include a Web interface for custom configurations or delivering patches and updates.

Software VirtualizationThis virtualization involves the creation an operation of multiple virtual environments on the host machine. It creates a computer system complete with hardware that allows the guest operating system to run.



Virtual appliances are a subset of the broader class of software appliances.

Some of the benefits of virtual appliances are: � Simplified development � Enhanced security � Reduced distribution costs � Easier IT management � Portable and vendor independent

Virtual Appliances Versus Virtual Machines: Comparison

The following table shows a comparison between a virtual appliance and virtual machine.

Virtual Appliance Virtual Machine

� Is an image containing a preinstalled, preconfigured operating system, and an application stack that is optimized to provide a specific set of services.

� Possesses the four key characteristics of compatibility, isolation, encapsulation, and hardware independence.

� Relevant patches taken care of in the pretested update due to which no testing is required.

� Is a tightly isolated software container created to run on virtualized platforms.

� Has four key virtualized resources (CPU, RAM, storage, and networking).

� Requires the installation of an operating system and runs on one or more applications.

� Patches need to be tested for compatibility.

Client-side and Server-side Desktop Virtualization


Cloud Technology Associate Plus Client-Side and Server-Side Desktop Virtualization

The following figure shows how a client-system supports both client-side and server-side virtualization models at the same time.

Adapted from © 2011 Riverbed Technology

AV Streaming Client Software

AV Presentation Client Software

V Application

Application Streamed from Server to Client

OS

Abstraction Layer

Client Hardware

Application Hosted on Server Presents

Interface to

Adapted from © 2011 Riverbed Technology



The given figure shows a client system that supports client-side and server-side virtualization models at the same time.

The left-hand side of the figure shows a client system accessing a streamed client-side virtualized application. Application streaming is selective in the sense that only the required application libraries are streamed to the user’s device. The streamed application’s code is isolated and not actually installed on the client system. The user can also have the option to cache the virtual application’s code on the client system. Caching greatly reduces the volume of download traffic for streamed applications and is particularly effective for applications that are infrequently updated. Caching also allows applications to run locally on the client without the use of streaming in the event of network outages or other situations where the user’s device lacks network connectivity.

For the server-side (or hosted) virtualization shown on the right-hand side of the figure, only screen displays, keyboard entries, and mouse movements are transmitted across the network. This approach of virtualization is based on display protocols such as Citrix’s Independent Computing Architecture (ICA) and Microsoft’s Remote Desktop Protocol (RDP). Hosted application virtualization does not require the client device to have a fully-functioned operating system. As such, a primary advantage of hosted application virtualization is that the application can be securely accessed from home PCs, airport Internet kiosks, smart phones, and other thin client devices.

desktop Virtualization types Comparison

The following table shows the comparison of different types of desktop virtualization.

thin device support

remote Working

offline Working

persistent state

Can provide entire desktop

Can provide single app Window

suitable for Wide application mix

Terminal Services

X X X X X

VDI X X X X X

Application Virtualization and Streaming

X X X X

Virtual Machine Copying

X X X X

Browser-Based Desktop

X X X X

Citrix’s Independent Computing Architecture (ICA)This is a proprietary protocol for an application server system. It is designed by Citrix systems, and it is not bound to any single platform. It lays down specifications for passing data between server and clients. Citrix ICA includes a server software component, a network protocol component, and a client software component.

Microsoft’s Remote Desktop Protocol (RDP)This protocol is based on, and is an extension of, the T-120 family of protocol standards. A multichannel capable protocol allows for separate virtual channels for carrying presentation data, serial device communication, licensing information, highly encrypted data (keyboard, mouse activity), and so on.

Food For ThoughTExplain which type of desktop virtualization is suitable for which type of processes.



docker Containers

The Docker platform enables IT operations and development teams to easily pack, ship, and run any application as a lightweight, portable, and self-sufficient container, which can run virtually from anywhere and on any operating system or cloud.

Docker enables you to separate your applications from your infrastructure so that you can deliver the software very quickly. With Docker, you can manage your infrastructure in the same way you manage your applications. The following figure shows the Docker’s architecture.


Cloud Technology Associate Plus Docker Containers

The Docker platform enables IT operations and development teams to easily pack, ship, and run any application as a lightweight, portable, and self-sufficient container, which can run virtually from anywhere and on any operating system or cloud.

Docker enables you to separate your applications from your infrastructure so that you can deliver the software very quickly. With Docker, you can manage your infrastructure in the same way you manage your applications. The following figure shows the Docker’s architecture.

Docker Daemon

Host OS

Con

tain

er 1

Con

tain

er 2

Con

tain

er 3

Imag

es

Client Docker Host Docker RegistryAdapted from imagicle.com


Docker uses a client-server architecture. The Docker client communicates with the Docker daemon, which does the heavy lifting of building, running, and distributing the Docker containers. The Docker client and Docker daemon can run on the same system, or can connect a Docker client to a remote Docker daemon. The Docker client and remote Docker daemon communicate using the REST API, UNIX sockets, or a network interface.

The various components of the Docker’s architecture are: � The Docker daemon: The Docker daemon (dockerd) listens

for Docker API requests and manages the Docker objects such as images, containers, networks, and volumes. It can also communicate with other daemons to manage the Docker services.

� The Docker client: The Docker client (docker) is the primary way through which many Docker users interact with Docker. Commands such as docker run, are sent from the Docker client to dockerd, which carries them out. The docker command uses the Docker API. The Docker client can communicate with more than one daemon.

� Docker registries: A Docker registry stores Docker images. Docker Hub and Docker Cloud are public registries that anyone can use, and Docker is configured to look for images on Docker



Hub by default. You can also run your own private registry. If you use Docker Datacenter (DDC), it includes Docker Trusted Registry (DTR). When you use the docker pull or docker run commands, the required images are pulled from your configured registry. When you use the docker push command, your image is pushed to your configured registry. The Docker store allows you to buy and sell Docker images or distribute them for free. You can upgrade the application by downloading the new version of the image and redeploying the containers.

� Docker objects: When you use Docker, you are creating and using images, containers, networks, volumes, plugins, and other objects. Some of the Docker objects are mentioned below:

{ Images: An image is a read-only template with instructions for creating a Docker container. It is based on another image, with some additional customization. You can create your own images or use predefined images and publish them in a registry. To build your own image, create a Dockerfile and run it. Each instruction in a Dockerfile creates a layer in the image. When you update the Dockerfile and rebuild the image, only the updated layers are rebuilt. This makes images lightweight, small, and fast, as compared to other virtualization technologies.

{ Containers: A container is a runnable instance of an image. You can create, start, stop, move, or delete a container using the Docker API or Docker CLI. You can connect a container to one or more networks, attach storage to it, or create a new image based on its current state. By default, a container is relatively well isolated from other containers and its host machine. You can also control how a container’s network, storage, or other underlying subsystems are isolated from other containers or from the host machine. When you create a container, it is defined by its image and configuration options. When a container is removed, any changes to its state that are not stored in persistent storage will disappear.

Kubernetes Containers

Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. It provides a container-centric management environment. It orchestrates computing, networking, and storage infrastructure on behalf of user workloads. This provides the simplicity of Platform as a Service (PaaS) with the flexibility of Infrastructure as a Service (IaaS), and enables portability across infrastructure. It provides platforms for use cases for containers, microservices, and portable clouds. The following figure shows the Kubernetes architecture.




Cloud Technology Associate Plus Kubernetes Containers

Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. It provides a container-centric management environment. It orchestrates computing, networking, and storage infrastructure on behalf of user workloads. This provides the simplicity of Platform as a Service (PaaS) with the flexibility of Infrastructure as a Service (IaaS), and enables portability across infrastructure. It provides various features such as container platform, a microservices platform, and a portable cloud platform. The following figure shows the Kubernetes architecture.



On a very high-level, Kubernetes provides a set of dynamically scalable hosts for running workloads using containers and uses a set of management hosts called masters for providing an API for managing the entire container infrastructure. The workloads include long-running services, batch jobs, and container host specific daemons. All the container hosts are connected together using an overlay network for providing container-to-container routing.

Applications deployed on Kubernetes are dynamically discoverable within the cluster network and can be exposed to the external networks using traditional load balancers. The state of the cluster manager is stored on a highly distributed key/value store, which runs within the master instances.

Features of Kubernetes

Some of the important features of Kubernetes are: � Continuous development, integration, and deployment

� Containerized infrastructure

� Application-centric management

� Auto-scalable infrastructure

� Environment consistency across development testing and production

� Loosely coupled infrastructure, where each component can act as a separate unit

� Higher density of resource utilization

� Predictable infrastructure which is going to be created



Components of Kubernetes

The various components of Kubernetes are: � Container: It is the smallest unit in the Kubernetes world. Its

main purpose is to manage, deploy, and monitor containers. Kubernetes management is not limited to Docker containers.

� Node: It is the host on which the container runs.

� Pod: It is a management unit in Kubernetes which consists of one or more containers. Each pod has its own unique IP address and storage namespace. All containers share these networking and storage resources. A Yet Another Markup Language (YAML) file is used to define a pod.

� Deployment: A new way to handle High Availability (HA) in Kubernetes in place of the replication controller. A pod by itself is “mortal” but with a deployment, it can make sure that the number of pods that a user specifies is always up and running in the system. It also specifies how many instances of a pod will run. A YAML file is used to define a deployment.

� Service: A Kubernetes service is an abstraction that defines a logical set of pods and a policy to access them. This policy is called a microservice.

digital disruptiVe teChnologies and digitization trends

What is Bring your own device (Byod)?

BYOD is an increasing trend toward employee-owned devices within a business. It is an alternative strategy allowing employees, business partners, and other users to utilize a personally selected and purchased

client device to execute enterprise applications and access data. Typically, it spans smartphones and tablets, but the strategy may also be used for PCs. It may include a subsidy.

Smartphones are the most common example of BYOD, but employees also take their own tablets, laptops, and USB drives into the workplace. BYOD is part of the larger trend of IT consumerization, in which consumer software and hardware are being brought into the enterprise. Bring Your Own Technology, or BYOT refers to the use of consumer devices and applications in the workplace. More specific variations of the term include Bring Your Own Computer (BYOC), Bring Your Own Laptop (BYOL), Bring Your Own Application (BYOA), and Bring Your Own PC (BYOPC).


Cloud Technology Associate Plus What is Bring Your Own Device (BYOD)?

BYOD is an increasing trend toward employee-owned devices within a business. It is an alternative strategy allowing employees, business partners, and other users to utilize a personally selected and purchased client device to execute enterprise applications and access data. Typically, it spans smartphones and tablets, but the strategy may also be used for PCs. It may include a subsidy.

Adapted from Gartner

Adapted from Gartner



Current enterprise observation of Byod


Cloud Technology Associate+ Current Enterprise Observation of BYOD

Your company started out looking like this. More users than devices.

Now, your company looks more like this.More devices than users.

Initially a company started out with only desktops and there were more users than devices. Subsequently, this grew over time to include laptops, mobile devices, and the result was that it created more devices than users. More and more enterprises are adopting the BYOD initiative.

Byod - Benefits


Cloud Technology Associate+ BYOD - Benefits

Adapted from Sage

Employees in the workplace and

students in educational environments can use

the devices they already own like

laptops, tablets, and mobile phones to

connect to company’s IT resources

Studies show that most employees prefer

to use their own devices rather than

those issued by their organizations

Organizations with limited resources and

tight budgets want cost-effective ways to

increase access to technology

Organizations, schools, and

governments are recognizing how

technology and mobile access can enhance

learning, working, and general productivity

It’s expensive for organizations to purchase new or

update old technology systems and devices

Benefits of BYOD

Bring Your Own DevicesManaging the BYOD Revolution

Thousands of organizations around the world are going BYOD to save money and improve productivity by allowing more end-users to use their own personal devices in the office, classroom, or out in the field.

Adapted from Sage



By using the BYOD approach, an organization has new tasks related to security and technical support. BYOD needs to be treated as one of the services of the organization. It is important to clearly describe the policies, and make sure that they are brought to the notice of the employees and that the employees understand them.

This information should be easily accessible. The organization must provide the necessary computing power for those employees who do not use BYOD, as well as to those whose devices do not fit in as per organization’s policy.

The Technical support should have the necessary skills and capabilities to support all devices connected to the organization’s network, and clearly differentiate support levels for different types of problems with such devices.

Even before the introduction of BYOD, it is necessary to assess the possible risks with the help of the legal and human resources departments in order to adapt the future BYOD policy to the particularities of local legislation and sectoral regulations.

Finally, it should be remembered that the main reason for switching to BYOD is to expand the potential, mobility, and creativity of employees, which in turn will benefit the organization.

Byod Challenges


Cloud Technology Associate+ BYOD Challenges

Challenges while

adopting the BYOD

Securely connecting employee devices

Avoiding the use of more IT resources

Ensuring mobile device security

Building enough wireless

coverage and capacity Establishing a

corporate policy on acceptable

use

Enforcing access rights based on users, devices,

and applications

Evaluating the business benefit

related to risk



The main BYOD causes for concern focuses around privacy and security. Additionally, it is very important to consider the consequences of employees using their own devices, and how you choose your BYOD solution that deals with the following security issues:

� Lost or stolen devices

� Security risks in the employees’ hands

� Personal privacy risks in the employers’ hands

� Unauthorised access – employees leaving the organization

� The separation of private and organization data

Byod strategies

The following table shows the impact and recommendations of BYOD strategies for IT Leaders.

impacts top recommendations

BYOD creates new workplace engagement opportunities for CIOs and the business.

� Examine new applications that assume personal devices in the workplace.

� Pursue multi-platform management tools and device-agonistic application platforms.

BYOD drives employee satisfaction, productivity, and new applications.

� Set goals for your program and measure success accordingly.

BYOD requires IT and business units to invest in policy, security, management, and infrastructure expansion.

� Invest in technologies to manage applications, devices, security policy, and infrastructure.

� Periodically benchmark stipends, reimbursements, and allowances.

BYOD increases risks for CIOs and CISOs and changes expectations for workforce enablement.

� Establish clear geography-specific policies for BYOD, addressing business unit and other concerns.

� Clearly set support expectations for diverse device platforms.

Adapted from Gartner (MAY 2014)

Gartner defines a BYOD strategy as “an alternative endpoint deployment strategy that allows employees, business partners and other users to use a personally selected and purchased client device to execute enterprise applications and access data. It typically spans smartphones and tablets, but the strategy may also be used for PCs. It may or may not include a subsidy.”

Almost 40% of organizations worldwide are actively encouraging BYOD, while about 20% are actively discouraging it. There is a wide variation according to different countries and regions.



Byod strengthens the need for mobile device management


Cloud Technology Associate+ BYOD Strengthens the Need for Mobile Device Management

Adapted from http://mobilemacsters.com/wp-content/uploads/2014/06/mdm-architecture.pngAdapted from http://mobilemacsters.com/wp-content/uploads/2014/06/mdm-architecture.png

Gartner states that “With the unabated growth of consumerization, IT leaders need to implement MDM to manage corporate-and employee-owned devices, and assign responsibilities inside IT departments for the service, application, and security for all these devices.”

What is Mobile Device Management?

According to Gartner, Mobile Device Management (MDM) includes software that provides the following functions: software distribution, policy management, inventory management, security management and service management for smartphones and media tablets.

MDM solutions can be deployed on-premise or as a cloud-based service. There are a few vendors who also offer MDM as a managed service wherein routine updating and maintenance is outsourced to third parties. Most MDM solutions enable organizations to manage and provide end-to-end security to mobile devices, applications, network, and data through single software, whereas some MDM solutions also incorporate expense management to provide more elaborative coverage to the management of mobile devices.

How does Mobile Device Management Work?

Most of the MDM solutions offer customizable, on-click dashboards for administrators to get information on all the enrolled devices in the enterprise network whether they are deployed as an on-premise server or as a cloud solution, an MDM lets you manage all the mobile devices deployed across your enterprise.



Every device that has to be controlled and managed in your enterprise, and enrolled into the MDM has to follow an authentication and provisioning process, through which it is registered into the MDM directory. An authenticated and encrypted connection is then established between an enrolled mobile device and the MDM gateway server, enabling all traffic to and from the device network to be redirected through it and the gateway server. A registered device can interact with the MDM server after it authenticates successfully. The device management server collects information about the smartphone or tablet and then sends the applicable settings and applications to it. MDM allows administrators to enable or disable any functionality of the device, decommission inactive devices, blacklist and whitelist applications, or selectively wipe data from a device as per the mobile policy, which the user cannot override. It also supports remote location of any device and provides troubleshooting services to any device. The MDM also regularly checks and evaluates newly published software package distribution.

An MDM helps to: � Configure: Configure device and application settings,

restrictions etc., as per policy.

� Provision: Facilitate automated and over-the-air user device registration, distribute configuration check, and evaluate software package distribution.

� Security: Secure devices, applications, and data by enforcing security measures such as authentication and access policy, enable or disable device functionalities, blacklisting, and whitelisting applications.

� Support: Help users by remotely locating any device and providing troubleshooting services.

� Monitor: Keep a track on device, app, and data usage; check unauthorized user access; abnormal device behaviour, and so on.

� Deactivate: Decommission lost or stolen devices, block user access, and wipe out data from compromised devices.

Case study: the need for mobile device management

Apple began taking pre-orders for the iPad from U.S. customers on March 12, 2010. 300,000 iPads were sold on their first day of availability. By coincidence, 2010 was when IBM began a BYOD policy for employees. 2 years later IBM took a completely different approach, because they found that employees:

� Used public file-transfer services such as Dropbox, which IBM feared could allow sensitive information to be shared.

� Were found to be violating protocol by automatically forwarding their IBM e-mail to public Web mail services.



� Using their smartphones to create open Wi-Fi hotspots, which made data vulnerable to snoops.

The result was that IBM banned applications, such as Dropbox, and created a roadmap that aligned mobile device management with their existing enterprise policies.

This case study depicts the concerns that BYOD implies on organizations, making it essential to have a regulated policy for adopting BYOD that is aligned with existing enterprise objectives.

overview of enterprise mobility management


Cloud Technology Associate Plus Overview of Enterprise Mobility Management

Adapted from notifycorp.comAdapted from notifycorp.com

The MDM market has evolved into the Enterprise Mobility Management (EMM) suites market. EMM is growing quickly, and the vendor landscape has changed significantly, which will impact the IT leaders’ choices.

Enterprise Mobility Management and its Evolution

EMM suites consist of policy and configuration management tools and a management overlay for applications and content intended for mobile devices based on smartphone operating systems. EMM is a mobility management approach that accounts for the entire mobile ecosystem. An approach based on the premise that the endpoint now



is the user and that the same levels of management and security are also necessary that have gone completely unwired. They are in evolution from previous-generation MDM products that lacked application and content management. IT organizations and service providers use EMM suites to deliver IT support to mobile end users and maintain security policies. EMM suites provide the following core functions:

� Hardware inventory

� Application inventory

� OS configuration management

� Mobile application deployment, update, and removal

� Mobile application configuration and policy management

� Remote view and control for troubleshooting

� Execute remote actions, such as remote wipe

� Mobile content management

Key elements of EMM provide IT managers the ability to control and secure mobile assets through:

� Consolidation and governance of all mobility initiatives under IT management

� Enforcement of mobile device policy, user access configuration, and compliance

� Streamline new user enrolment, software updates, Help Desk troubleshooting, and device decommissioning for lower support costs per user

� Automate alerting and controls, preventing excessive charges through real-time cost management

� Secure containerization for email, PIM, and attachments

� Secure access to intranet sites, line-of-business applications, internally published mobile apps, and internal document management systems

� Protection of critical business data, user authentication, and encryption for data at rest and data in motion

To succeed, organizations need a comprehensive strategy that allows IT to control and protect each facet of their mobile enterprise. Whether it’s the devices that employees use, the content they access, or the data they share, EMM tools empower organizations to achieve a secure, agile, and performance-optimized mobile infrastructure.Adapted from gartner.com and notifycorp.com



digital disruption – occurrences


Cloud Technology Associate+

World’s largest Taxi company

World’s largest Accommodation

providerWorld’s largest Phone company

World’s mostValuable retailer

Most popular Media owner

World’s fastestGrowing bank

World’s largest Movie house

World’s largest Software vendors

Owns NO Owns NO Owns NO Owns NO

Taxis Real estate

Telco infra Inventory

Content Actual money Cinemas Apps

Digital Disruption – Occurrences

Creates NO Has NO Owns NO Do Not Write

A digital evolution that threatens to delay, obstruct, or destroy your personal or business goals is called a digital disruption.

Let us now understand the occurrences of digital disruption through various instances such as, Uber Cabs - what is the digital disruption in this case? A digital app has come up to cut down the customer base of regular taxis that still wait at taxi stands or roam on roads to pick up customers. The customers instead of waiting for a taxi at roadside or walking to the nearest taxi stand, now use the Uber mobile app to book a cab that picks them up from their specified location.

To understand this, what could be the solution to Uber disruption? The taxi companies have to change their style of functioning. They have to move forward and embrace the technique of Uber or provide better techniques. They may unite like they did in Mumbai and come up with a competitor app for booking cabs. If curious, the app for booking normal yellow/black taxis in Mumbai is named as 9211.

Another example of digital disruption is Netflix. Until few years ago, people could watch shows only on television. These shows were broadcasted to their TV sets by CBS, NBC, and ABS. Since there were only these three, they could charge higher advertising and subscription rates. With the emergence of Netflix, the delivery mode of videos has changed.

Food For ThoughTTry to think some more examples of digital disruption.



digital disruption Versus disruptive technology

The following table shows the major differences between digital disruption and disruptive technology.

digital disruption disruptive technology

Is caused by technological evolution affecting certain business types.

Is a complete revolutionary technology that changes the way people work forever.

Affects a few entities or a single sector. For example Netflix (digital disruption) affected only the entertainment sector.

Affects a huge base. PC (disruptive technology) changed the style of work in all sectors of the economy.

Apps such as WhatsApp are digital disruptions to phone carriers as these apps provide features, such as calling and texting at a very lower cost, thereby cutting down the phone carriers market segment significantly.

Smartphones are digital disruption technology whereby they have revolutionized the way phones are used making landlines less or practically unrequired anymore.

Can be considered as an obstacle that can be eliminated by changing few processes of a business.

Causes people to overhaul their businesses completely or close down totally.

Is a temporary issue and not necessarily a problem.

Different and more dangerous than digital disruption.

Examples: Windows update forcing a system restart, Internet disconnectivity while browsing, etc.

Examples: Invention of PC, Email, Internet, Cloud, etc.

Virtual reality

Virtual Reality (VR) is an artificial, computer-generated simulation or recreation of a real-life environment or situation. It stimulates vision and hearing, thus making the user feel like they are experiencing the simulated reality. In other words, VR is replacing your real world. VR is typically achieved by wearing a headset, such as Oculus Rift, Samsung Gear, or HTC Vive. VR headsets track head movements of the user. This is necessary in order to give them an immersive experience in a 3D digital world, making it ideally suitable for games and movies.

The VR technology is important in two different ways: � To create and enhance an imaginary reality for

gaming and entertainment, for example, video and computer games, or 3D movies.

� To enhance training for real-life environments by creating a simulation of reality where people can practice beforehand, for example, flight simulators for pilots.


Cloud Technology Associate Plus Virtual Reality

Virtual Reality (VR) is an artificial, computer-generated simulation or recreation of a real life environment or situation. It stimulates vision and hearing, thus making the user feel like they are experiencing the simulated reality first hand. In other words, VR is replacing your real world. VR is typically achieved by wearing a headset such as Oculus Rift, Samsung Gear, or HTC Vive. VR headsets track head movements of the user. This is necessary in order to give them an immersive experience in a 3D digital world, making it ideally suited to games and movies.



VR is possible through a coding language known as Virtual Reality Modeling Language (VRML) which can be used to create a series of images and specify which types of interactions are possible between them. The main features of VR are:

� Believable: You need to believe like you are in the virtual world (on Mars, or wherever) and to keep believing that, or the illusion of VR will disappear.

� Interactive: As you move around, the VR world needs to move with you. For example, when you watch a 3D movie and feel like transported up to the moon or down to the seabed but it is not interactive in any sense. Interactive game-engine based VR takes things one step further by allowing you to move around a computer generated world; picking up objects and moving through a fully interactive environment.

� Computer-generated: Only powerful machines, with realistic 3D computer graphics, are fast enough to make believable, interactive, and alternative worlds that change in real time as we move around them.

� Explorable: A VR world needs to be multi-dimensional and detailed enough for you to explore. For instance, a book can describe a vast and complex “virtual world,” but you can only explore it in a linear way, exactly as the author describes it.

� Immersive: To be both believable and interactive, VR needs to engage with both your body and mind. For instance, paintings created by war artists can give us glimpses of conflict, but they can never convey the sight, sound, smell, taste, and feel of battle. Similarly, you can play a flight simulator game on your PC and be lost in a very realistic, interactive experience for hours, but it’s not like using a real flight simulator, and even less like flying a plane.

Augmented Reality

Augmented Reality (AR) is the real-time use of information in the form of text, graphics, audio, and other virtual enhancements integrated with real-world objects. It is this real world element that differentiates AR from VR. AR integrates and adds value to the user’s interaction with the real world, versus a simulation.

The remarkable benefits of AR apps are: � Improved Training and Education: AR holds immense

potential when it comes to educating employees. Unlike the real-world training scenarios, a trainer can leverage AR to make them learn new concepts and processes easier for trainees. For instance, considering a virtual car engine apart through AR is far easier than a real one. Moreover, the process can be repeated as many times as required. With the help of an AR app, an enterprise not only educates individuals but also helps them to improve their skills and capabilities.

Food For ThoughTTry to think some more examples of virtual reality devices.


Cloud Technology Associate Plus Augmented Reality

Augmented Reality (AR) is the real-time use of information in the form of text, graphics, audio, and other virtual enhancements integrated with real-world objects. It is this real world element that differentiates AR from VR. AR integrates and adds value to the user’s interaction with the real world, versus a simulation.



� Object Visualization: Another application of AR is that it helps to place digital assets in the physical world. Merging the virtual objects with the real world allows developers to interact with the digital elements (3D objects) they created as if they were real objects. For example, car designers have to work on thousands of parts to get the car design right. Using immersive AR technology and computer graphics, they can project the virtual layouts of a car’s interior on a full-size model of a car dashboard. Visualizing digital objects through AR in such a manner provides detailed insights into how a finished product would look compared to a flat product image on the screen.

� Enhanced Customer Service: In case of online retail, AR can make life easier for the consumer-facing employees.

� Augmented Business Operations: Besides helping the remote workers to access customer data on demand, the AR headsets can change the way employees work. For example, an insurance loss adjuster can use AR headset to examine a car that has been damaged in an accident and while the insurance loss adjuster examines the damaged car, the AR headset can be used to add a video of the car into a system that evaluates the damage and estimates the cost to fix it. The recognition capabilities of a device make it easier for the insurance loss adjuster to determine the damage. This helps the insurance loss adjuster to process claims quickly and more precisely. Likewise, the healthcare professionals can use AR headsets to diagnose and treat diseases. For instance, when a doctor examines a patient using the AR headset, it can capture symptoms which help to provide relevant medical information about the patient.

Virtual Reality Versus Augmented Reality

The following table shows the differences between virtual reality and augmented reality.

Virtual Reality Augmented Reality

� Replaces the real world with virtual environment.

� The user enters into a virtual world and is cut off from the real world.

� The virtual environment is created inside a headset or a blank room which helps the user to feel like in the real world.

� The input devices block out all the external world from the user and present a view that is completely under the control of the computer.

� Enriches real-life experience with virtual images by adding sounds and graphics to the real world.

� The user can interact with the real world and at the same time can see, both the real and virtual world.

� Wearable objects are used that displays images on real-world objects.

� The GPRS enabled devices obtain a particular geographical location which can be overlaid with tags. Images or videos can be imposed onto this location.

Food For ThoughTFind out some other definitions of augmented reality and ponder over the similarities and differences between these definitions.



What is Bitcoin Currency?

Bitcoin is a new digital currency which is used and distributed electronically. It is commonly referred to as digital currency, digital cash, virtual currency, electronic currency, or cryptocurrency. Bitcoin was invented by Satoshi Nakamoto in 2009. Bitcoins are completely virtual coins designed to be ‘self-contained’ for their value, with no need for banks to move and store the money.


Cloud Technology Associate+ What is Bitcoin Currency?

Bitcoin is a new digital currency which is used and distributed electronically. It is commonly referred to as digital currency, digital cash, virtual currency, electronic currency, or cryptocurrency. Bitcoin was invented by Satoshi Nakamoto in 2009. Bitcoins are completely virtual coins designed to be 'self-contained' for their value, with no need for banks to move and store the money.

Is a worldwide digital currency that is decentralized and not controlled by any other organization.

Is sent using the Internet directly from one person to another.

Uses fast, safe, and anonymous ways to send money.

Anyone can set up a Bitcoin account.

Charges no fees, chargebacks, or cross-border fees.

Bitcoin Currency

Cryptocurrency is an exchange of digital information that allows you to buy or sell goods and services. The transaction gains its security and trust by running on a peer-to-peer computer network that is similar to Skype or BitTorrent. Bitcoin uses a public key cryptography and an innovative approach to bookkeeping to achieve the authorization, balance verification, and prohibition on double spending, delivery of assets, and record inalterability. It ensures authorization. You can make transactions either by cheque, wiring, or cash. Bitcoin or BTC can also be used when you are referring the purchaser to your signature, which is a long line of security code encrypted with 16 distinct symbols. The purchaser decodes the code with his smartphone to get the cryptocurrency.

Where to find Bitcoins?

Bitcoins can be available from any of the following places: � A cryptocurrency exchange where you can exchange ‘regular’

coins for Bitcoins, or for satoshis, which are like the BTC-type of cents.

� A Bitcoin ATM (or cryptocurrency exchange) where you can exchange Bitcoins or cash for another cryptocurrency.

� A classified service where you can find a seller who will help you to trade Bitcoins for cash.



Bitcoin Transaction Properties

Various transaction properties of the Bitcoin are:1. Irreversible: After confirmation, a transaction cannot be

reversed by anyone. No one can help you, if you sent your funds to a scammer or if a hacker stole them from your computer. There is no safety net.

2. Pseudonymous: Neither transactions nor accounts are connected to real-world identities. You receive Bitcoins on the mentioned address, which are randomly a chain of around 30 characters. While it is usually possible to analyze the transaction flow, it is not necessarily possible to connect the real-world identity of users with those addresses.

3. Fast and global: A transaction is propagated instantly in the network and is confirmed in a couple of minutes. Since it’s happening in a global network of computers, it is completely indifferent of your physical location.

4. Secure: Bitcoin funds are locked in a public key cryptography system. Only the owner of the private key can send cryptocurrency. Strong cryptography and the magic of big numbers makes it impossible to break this scheme. A Bitcoin address is more secure than Fort Knox.

5. Permission-less: You don‘t have to ask anybody to use cryptocurrency. It‘s just a software that everybody can download for free. After you have installed it, you can receive and send Bitcoins or other cryptocurrencies. No one can prevent you from using Bitcoin. There is no gatekeeper.

What is Blockchain technology?

Blockchain is a distributed database system that acts as an “open ledger” to store and manage Bitcoin transactions. Each record in the database is called a block and contains details such as the transaction timestamp as well as a link to the previous block. This makes it impossible for anyone to change the information about the records. Since the technology is secure by design, same transaction is recorded over multiple times in distributed database systems.




Cloud Technology Associate+ What is Blockchain Technology?

Blockchain is a distributed database system that acts as an “open ledger” to store and manage Bitcoin transactions. Each record in the database is called a block and contains details such as the transaction timestamp as well as a link to the previous block. This makes it impossible for anyone to change the information about the records. Since the technology is secure by design, same transaction is recorded over multiple times in distributed database systems.

Adapted from notifycorp.com

A digital ledger that keeps a record of all transactions taking place on a peer-to-peer network.

All information transferred through blockchain is encrypted and every occurrence recorded.

In an IT context, this includes Log files and configuration files.

Encrypted information can be shared across multiple providers without the risk of a privacy breach.

It can be used for much more than the transfer of currency, contracts, records, and other kinds of data that can be shared.

It is decentralized, so that there is no need for any central certifying authority.

BlockchainTechnology

Adapted from notifycorp.com

The blockchain database is not stored at any single location, which means that the records are truly public and easily verifiable. No centralized version of this information exists for a hacker to corrupt. It is hosted by millions of computers simultaneously, and its data is accessible to anyone on the Internet.

The Blockchain technology is like the Internet that has a built-in robustness. By storing blocks of information that are identical across its network, Blockchain cannot be controlled by any single entity and has no single point of failure. Blockchain potentially cuts out the role of middleman for these types of transactions. Personal computing became accessible to the general public with the invention of the Graphical User Interface (GUI), which took the form of a “desktop”. Similarly, the most common GUI devised for Blockchain is called a “wallet” application, which people uses to buy things with Bitcoin, and store it along with other cryptocurrencies.

Cognitive Computing

Cognitive computing is the simulation of human thought processes in a computerized model. It involves self-learning systems that use data mining, pattern recognition, and natural language processing to imitate in the same way as the human brain works. The goal of cognitive computing is to create automated IT systems that are capable of solving problems without requiring human assistance. The following figure shows the cognitive computing framework.




Cloud Technology Associate+ Cognitive Computing

Cognitive computing is the simulation of human thought processes in a computerized model. It involves self-learning systems that use data mining, pattern recognition, and natural language processing to imitate in the same way as the human brain works. The goal of cognitive computing is to create automated IT systems that are capable of solving problems without requiring human assistance. The following figure shows the cognitive computing framework.

Adapted from http://www.dataversity.net/cognitive-computing-hype-reality/

VA

techdata valueprocess

Cognitive Computing Framework

Structured data Unstructured data

Audio Images Video

Machine learning Analytics search

Visualization

Answers Recommendations Patterns predictions

Saved lives Engaged customers

Revenue Security

Productivity Reduced risks Cost savings

+ + =

Adapted from http://www.dataversity.net/cognitive-computing-hype-reality/

With the present state of cognitive computing, basic solutions can play a major role of an assistant or virtual advisor. Siri, Google assistant, Cortana, and Alexa are good examples of personal assistants. In order to implement the cognitive computing in commercial and widespread applications, Cognitive Computing Consortium has recommended the following features for computing systems:

� Adaptive: They must learn as information changes and as goals and requirements evolve. They must resolve ambiguity and tolerate unpredictability. They must be engineered to feed on dynamic data in real time or near real time.

� Interactive: The cognitive solution must interact with all elements in the system such as processors, devices, cloud services, and users. Cognitive systems should interact bidirectional. It should understand the human input and provide relevant results using natural language processing and deep learning. Some intelligent chatbots such as Mitsuku have already achieved this feature.

� Iterative and Stateful: They must aid in defining a problem by asking questions or finding an additional source input if a problem statement is ambiguous or incomplete. They must “remember” previous interactions in a process and return information that is suitable for the specific application at that point in time.

� Contextual: They must understand, identify, and extract contextual elements such as meaning, syntax, time, location, appropriate domain, regulations, user’s profile, process, task, and goal. They may draw on multiple sources of information, including both structured and unstructured digital information, as well as sensory inputs.

Deep LearningDeep Learning is a subfield of machine learning which is concerned with algorithms inspired by the structure and function of the brain called artificial neural networks.



Cognitive computing is definitely the next step in computing started by automation. It sets a benchmark for computing systems to reach the level of the human brain. But it has some limitations as artificial intelligence is difficult to apply in situations with a high level of uncertainty, rapid change, or creative demands. The complexity of problem grows with the number of data sources. It is challenging to aggregate, integrate, and analyze unstructured data. A complex cognitive solution should have many technologies that coexist to give deep domain insights.

Cloud seCurity, risKs, and goVernanCe

general Cloud Computing security advantages


Cloud Technology Associate Plus General Cloud Computing Security Advantages

Benefits of scale

Provider market

differentiator

Standardized interfaces for

managed security services

Rapid and smart scaling of security

resources

Security audit and evidence

gathering

Timely and efficient updates

and defaults

Security risk management

Resource concentration

benefits

Eight general cloud computing

security advantages

Generally, security is considered as a challenge in cloud computing. However, there are several advantages when security is properly planned and addressed. Processes such as timely and efficient updates and defaults, risk and patch management, standardized interfaces, audit and evidence availability, resource concentration, and smart scaling all add up to a very positive approach to transiting to the cloud.

In other words, an organization with a good and efficient security framework makes all the difference in the journey of cloud adoption.



Cloud Computing top risk areas

Though cloud computing has many benefits, there are a few top risk areas that organizations need to identify and address before entering into a contract with a prospective service provider.

The organizations should raise the following security issues before selecting a cloud vendor:

� Long-term viability of the cloud provider: Ideally, the cloud computing provider will never be acquired or get swallowed up by large organizations. But you need to ensure that your data will remain available even after such event(s). You can ask potential providers about how data can be restored and in which format you can import it into a replacement application.

� Data location: When you are using the cloud, you probably don’t know exactly where your data is hosted. In fact, you might not even know in which country it will be stored. You, then, need to ask the cloud providers to store and process data in specific jurisdictions, and whether they will make a contractual commitment to obey local privacy requirements on behalf of their customers.

� Privileged user access: Sensitive data processed outside the organization brings with it an inherent level of risk, because the outsourced services bypass the physical, logical, and personnel controls. You can ask providers to provide specific information on the hiring and oversight of privileged administrators, and the controls over their access.

� Data segregation: Data in the cloud is typically in a shared environment along with data from other customers. The cloud provider should provide evidence that encryption schemes are securely designed and tested by experienced specialists. Encryption accidents make data totally unusable, and even normal encryption can complicate its availability.

� Regulatory compliance: Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider. Traditional service providers are subjected to external audits and security certifications. Cloud computing providers who refuse to undergo this scrutiny are signaling that customers can only use them for the most trivial functions.

� Recovery: Even if you don’t know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster. Any offering that does not replicate the data and application infrastructure across multiple locations is vulnerable to a total failure. You can ask your cloud provider if it has the ability to do a complete restoration, and how much time it will take for the full process. In such a scenario, it is also important to understand the amount of downtime expected.



policy and organizational risks

Besides the cloud computing top risks areas, there are several policy and organizational risks that an organization must address for a successful cloud adoption. These are:


Cloud Technology Associate+ Policy and Organizational Risks

Besides the cloud computing top risks areas, there are several policy and organizational risks that an organization must address for a successful cloud adoption. These are:

SLA challenges

Supply chain failure

Cloud service termination/failure

Loss of business reputation due to co-tenant activities

Compliance challenges

Loss of governance

Provider lock-in

Cloud provider acquisition

The terms such as vendor lock-in, vendor dependencies, and compliance related procedures are already covered in the Cloud Technology Associate course.

technical risks


Cloud Technology Associate Plus Technical Risks

Malicious insider at cloud provider

Management interface compromise

Insecure/ineffective data deletion

Malicious scans

Resource exhaustion

Intercepting data in transit

Data leakage

DDoS

Loss of encryption keys

Compromise service engine

Conflicts customer procedures versus cloud procedures

Isolation failure

Technical Risks



In an organization, technical risks play an important role while adopting the cloud. Many of the technical risks mentioned are due to human errors, lack of proper standards and procedures, malicious insiders, and the improper use of tools and scans. These risks should be addressed effectively before, during, and after the transition to the cloud.

legal risks


Cloud Technology Associate Plus Legal Risks

Data protection risks

Risks from changes in jurisdiction

Licensing risks

Subpoena and e-discovery

Legal risks pertaining to data protection, jurisdictional changes, licensing, and e-discovery violation (unable to provide the necessary records or electronic data for examination by a regulatory authority) when called for, should be addressed appropriately to avoid hindrances, complexities, and delays.

generic Vulnerabilities in Cloud Computing

Vulnerabilities in the cloud are being outright ignored by many enterprises, with poor database security and key leaks commonplace.

The generic vulnerabilities of the cloud computing are: � Lack of security awareness: Cloud customers and providers

are not aware of the risks they could face when migrating into the cloud, particularly those risks that are generated from cloud specific threats, i.e. loss of control, vendor lock-in, exhausted resources, etc.

� Lack of vetting process: Since there may be very high privilege roles within cloud providers, due to the scale involved, lack or inadequate vetting of the risk profile of staff with such roles is an important vulnerability.

� Unclear roles and responsibilities: Inadequate definition of roles and responsibilities in the cloud provider organization.



� Poor enforcement of role definitions: Within the cloud provider, a failure to segregate roles may lead to excessively privileged roles which can make extremely large systems vulnerable.

� No need-to-know principle applied: Poorly defined roles and responsibilities and third-parties should not be given unnecessary access to data.

� Inadequate physical security procedures: Lack of physical controls such as smart card authentication and lack of electromagnetic shielding for critical assets are vulnerable to eavesdropping.

� Poor identification of project requirements:

{ Lack of consideration of security and legal compliance requirements

{ No systems and applications user involvement

{ Inadequate business requirements

� Poor patch management:

{ Conflict patch procedures between the cloud provider and customer

{ Application of untested patches

{ Vulnerabilities in browsers

{ Dormant virtual machines

{ Outdated virtual machine templates

other Vulnerabilities in Cloud Computing

� Poor identity access and management (weak authentication and authorization methods)

� Accidental user deletion

� Resource and hypervisor vulnerabilities

� Missing or faulty encryption procedures

� Poor key management policies

� Lack of standard technologies

� Open to port scanning

� Possible check on co-residence

� Lack of forensic readiness

� Sensitive media sanitization

� Contractual obligations

� Cross cloud applications creating hidden dependency

� Conflicting SLA clauses

� Excessive SLA clauses



� No audit/certification available

� Certification schemes not adapted to cloud infrastructure

� Inadequate resource provisioning/investment in infrastructure

� No policies for resource capping/limits

� Data storage in multiple jurisdictions

� Lack of complete information on jurisdictions

� Lack of completeness and transparency in terms of use

trends in Cloud security

The top cloud security trends that are emerging and as a way to keep the cloud safe for businesses are:

� Securing Serverless Processes: Microservices, also known as serverless processes, are gaining their foundation in the cloud. There are security implications involved, and so security experts are also looking at the benefits and emerging security concerns from these microservices. Virtual machines are widely used and often considered to be the basic building block of cloud infrastructure. However, containers, event-driven code execution, and other unique serverless capabilities are challenging virtual machines due to their ease of use from a developer perspective. Cloud providers and businesses are still figuring out how these microservices play from a security perspective.

� DevSecOps: Enterprises are increasingly focusing on engineering their own secure PaaS stacks to provide an abstraction between their applications and public IaaS offerings, essentially retaining control and independence while leveraging the benefits of cloud economics. These stacks have the ability to provide a set of consistent, appropriate controls across all multi-cloud venues while retaining full control and visibility at the PaaS level.

� Security Through Artificial Intelligence (AI) and Automation: Use AI and Automation for handling security issues at scale.

� Micro-segmentation: It uses identity management tools to identify an endpoint before it has any network visibility, unlike how hidden networks operate.

� Focusing on APIs: Application Programming Interfaces or APIs pose both a threat and an opportunity from a security perspective. The most important trend now is securing them and using specific security APIs for an increased defensive posture.

� Self-Healing Systems: Through strong DevOps practices, applications can take advantage of cloud APIs to resolve issues automatically and return to full production status without needing manual effort or intervention.



Key governance issues in the Cloud

Besides security and risks, governance issues play a prominent role in the cloud. Some of the key governance issues in the cloud computing are:

� Transparency: Providers must demonstrate the existence of effective and robust security controls, assuring customers that their information is properly secured against unauthorized access, change, and destruction.

{ How much transparency is enough?

{ What needs to be transparent?

{ Will transparency aid malefactors?

{ Which employees of the provider have access to customer information?

{ Is Segregation of Duties (SoD) amongst provider employees maintained?

{ How are different customers’ information segregated?

{ What controls are in place to prevent, detect, and react to security breaches?

� Compliance: Concerns with cloud computing that data may not be stored in one place and may not be easily retrievable.

{ Ensure that, if data is demanded by authorities, it can be provided without compromising other information.

{ Audits completed by legal, standard, and regulatory authorities themselves to demonstrate that there can be plenty of overreach in such seizures.

{ When using cloud services, there is no guarantee that an organization can get information when needed, and some providers are even reserving the right to withhold information from authorities.

� Transborder Information Flow: When information can be stored anywhere in the cloud, the physical location of the information can become an issue.

{ Physical location dictates jurisdiction and legal obligation.

{ Country laws governing Personally Identifiable Information (PII) vary greatly.

{ What is allowed in one country can be a violation in another.

� Privacy: Imperative for providers to prove to customers that privacy controls are in place and demonstrate ability to prevent, detect, and react to security breaches in a timely manner.

{ Information and reporting lines of communication need to be in place and agreed on before service provisioning commences.



{ Communication channels should be tested periodically during operations.

� Certification: Providers will need to provide assurance to their customers that they are doing the “right” things.

{ Independent assurance from the third-party audits and/or service auditor reports should be a vital part of any cloud computing program.

Cloud adoption

recommendations for a safe and secure Cloud adoption

It is essential for any organization to have a clear vision, objectives, operating model, and the support to execute the plan in order to adopt the cloud successfully. The 10 recommendations for a safe and secure cloud adoption are:

1. Executive management vision – decision – support

2. Clear roles and responsibilities (RACI)

3. Link with the business plan (business case)

4. Validated and well articulated business risks (and responses)

5. Proper and effective identity and access management controls

6. Methods for buy/build analysis with cost/benefit end-to-end model approved by all relevant stakeholders

7. Continuous communication

8. Inspect what you expect

9. Find a good lawyer who understands IT

10. Never outsource what you do/can manage anyway!

Cloud migration strategies Failure

The cloud migration strategies fail due to the following seven reasons: � Having No Solid Business Case for Cloud Migration: Cloud

migration is only possible when it provides tangible benefits to your business. First, outline the current objectives, build a clearly defined business case, and decide whether the cloud is appropriate for you or not.

� Thinking All Cloud Providers are the Same: Indeed, every cloud vendor offers virtual machines and some storage for rent. First, you’ll have to choose among the different types of cloud services, such as IaaS, PaaS, and SaaS. Larger organizations may need to opt for a multi-cloud, that is, combining multiple cloud computing services within a single heterogeneous architecture. Next, there are different types of cloud deployment models, such as private cloud, hybrid cloud, and public cloud. Finally,



when you have a shortlist of all the possible cloud providers, make sure that you have checked the following points:

{ You have identified who will provide the documentation, support, and training for new services

{ You have a full list of the applications included in the service and at what capacity

{ The selected service provider is compliant with the industry standards and regulations

{ You are well aware of the vendor’s data security and cloud disaster recovery provisions and obligations

{ You understand exactly how the provider will handle the data migration process and have the plans beforehand

{ You clearly understand how scaling can occur with the service provider and to what capacity

{ Respective policies and provisions are in place to alert you about possible security breaches

{ An appropriate SLA is in place, covering all of the service and support provisions

{ Well-defined Key Performance Indicators or KPIs are in place that will measure the level of service offered

Choosing the optimal cloud services provider should be among the top priorities for any enterprise cloud migration strategy. Switching between cloud service providers later can impose additional costs and hamper your operations.

� Neglecting to Establish a Cloud Operating Model: A cloud operating model stands for the ways of how the cloud will transform your current workflows, internal processes, and business operations. It should be based on your business objectives for migration and define how your organization will evolve and function after the migration is accomplished. When establishing a cloud operating model, you should address the following areas:

{ Infrastructure management

{ Application management

{ People

{ Security

{ Support

{ Financials

� Underestimating the Timeline and the Budgets: The cloud transition and transformation processes will occur at ideal speed and on low cost. Keep in mind, however, that it requires proper and timely budgeting costs and estimating timelines,



in order to avoid failures. For instance, when you hire a team of professional migration consultants, you will receive more accurate timeline and budget estimate before the project starts.

� Moving Everything at Once: Cloud migration should not happen at a fast speed. As a first step, you need to build the cloud infrastructure, conduct a strategic portfolio analysis to determine what applications need to move first. Here’s a quick checklist:

{ Examine your current applications and estimate how much refactoring/re-architecting will be required.

{ Jot down the respective costs.

{ Always begin migration with applications that have value but low risks.

{ Align those with the possible ROI/benefits of migrating a certain app within the first batch. Assign priorities and plan the cloud migration accordingly.

� Failing to Test Adequately: Your cloud architecture is only as good as your testing. Moving the entire cloud infrastructure requires the same attention and expertise as building a new data center. Pay attention to the designing and testing of data migration. You need to have a tested disaster recovery plan in place before you start the cloud migration process.

� Slacking on Cloud Security: Cloud security is the shared responsibility between the customer and the cloud service provider. Having incomplete or inadequate security policies within your enterprise is the quickest method for failure.

Cloud Computing Failures

Various cloud computing failures that impacted the world are: � Salesforce goes down: On May 9, 2016, the Silicon Valley

NA14 instance of Salesforce.com went offline, resulting in an outage that lasted for more than 24 hours. Extensive business damage was inevitable, with customers losing hours and hours of data. Salesforce moved to Amazon Web Services for most of its workloads thereafter as a result.

� A bad Christmas for Netflix: It was Christmas Eve in 2012, a time of cheer and uninterrupted entertainment that families looked forward to. However, AWS’s Elastic Load Balancing service went awry, resulting in Netflix downtime. The aftermath was a whole bunch of disgruntled customers who were depending on the streaming service for a good Christmas. As if this souring relationship between Netflix and AWS was not enough, two years later Netflix rebooted 218 of its production nodes during an AWS update, and 22 failed to reboot—an additional instance of differences between AWS and Netflix.



� Microsoft Azure goes bust: On November 18, 2014, the Azure Storage Service was hit by a massive outage as a result of software updates for performance increases. A similar one followed in December, 2015.

� Dyn sees a bad day: On October 21, 2016, Dyn DNS underwent a series of Distributed Denial of Service (DDoS) attacks. Dozens of websites and their businesses were hit, such as those of Airbnb, Twitter, Amazon, Ancestry, Netflix, and PayPal. This alerted the world to the practical threat of large-scale Internet of Things (IoT) attacks.

� The Office 360 joke: Now this is an ongoing discredit given to Microsoft’s Office 365. On June 30, 2016, scores of Office 365 clients saw their email services going offline for more than 12 hours. In the past too, several similar instances followed throughout 2015 and continued through 2016. The standing joke persists that Office 365 is indeed Office 360, with an average downtime of five days off a year.

� Healthcare takes a hit: Stories abound of the HealthCare.gov website frequently crashing due to poor design. Other cited reasons are lack of resources and demand exceeding supply. It turns out that problems with the cloud had let down the crucial government service that caters to public health. Clearly, it is not in the best state of health itself.

application migration strategies

The following figure depicts the six most common application migration strategies.


Cloud Technology Associate+ Application Migration Strategies

The following figure depicts the six most common application migration strategies.

Manual Install Manual Config

Manual Deploy

AutomateUse Migration Tools

Validation Transition Production

Redesign Application / Infrastructure Architecture

App Code Development

Full ALM / SDLC

IntegrationRetire /

Decommission

Retain / Not Moving

Discover / Assess / Prioritize Applications

Determine Migration

Path

Purchase COTS / SaaS and licensing

Manual Install and Setup

Determine new platform

Modify underlying

Infrastructure



The six most common application migration strategies are:1. Rehosting — Otherwise known as “lift-and-shift”: Many

cloud projects move towards new development using cloud-native capabilities, but in a large legacy migration scenario where the organization is looking to scale its migration quickly to meet a business case, we find that the majority of applications are rehosted. For instance, GE Oil & Gas, found that, even without implementing any cloud optimizations, it could save roughly 30 percent of its costs by rehosting. Most rehosting can be automated by using tools, although some customers prefer to do this manually as they learn how to apply their legacy systems to the new cloud platform. We have also found that applications are easier to optimize/re-architect once they are running in the cloud.

2. Replatforming — Also known as “lift-tinker-and-shift”: Here you might make a few cloud (or other) optimizations in order to achieve some tangible benefit, but you are not changing the core architecture of the application. For example, you may want to reduce the amount of time you spend in managing database instances by migrating to a database-as-a-service platform, or migrating your application to a fully managed platform.

3. Repurchasing — Moving to a different product: Repurchasing is most commonly seen as a move to a SaaS platform.

4. Refactoring/Re-architecting — Re-imagining how the application is architected and developed, typically using cloud-native features: This is typically driven by strong business requirements to add new features, scale, or performance that would otherwise be difficult to achieve in the application’s existing environment. Migration from a monolithic architecture to a service-oriented architecture is done to boost agility or improve business continuity. This pattern tends to be the most expensive, but, if you have a good product-market fit, it can also be the most beneficial.

5. Retire — Get rid of: Once you have discovered everything in your cloud environment, you might ask each functional area who owns each application about the usefulness of it. We have found that as much as 10% (I have seen 20%) of an enterprise IT portfolio is no longer useful, and can simply be turned off. These savings can boost the business case, direct your team’s scarce attention to the things that people use, and lessen the surface area you have to secure.

6. Retain — Usually this means “revisit” or do nothing (for now): Maybe you are still riding out some depreciation, aren’t ready to prioritize an application that was recently upgraded, or are otherwise not inclined to migrate some applications. You should only migrate as per your business needs; and, as the gravity of your portfolio changes from on-premises to the cloud, you’ll probably have fewer reasons to retain.



Course summary

In this course, you have learned about: � Cloud Computing Myths and Misconceptions

� Cloud Terminologies (Additional)

� Virtualization (Additional concepts)

� Digital Disruptive Technologies and Digitization Trends

� Cloud Security, Risks, and Governance - Additional Features

� Cloud Adoption - Recommendations and Best Practices



introduCtion to amazon eC2 OverviewThis lab provides you with a basic overview of launching, resizing, managing, and monitoring an Amazon EC2 instance.

Amazon Elastic Compute Cloud (Amazon EC2) is a Web service that provides resizable compute capacity in the cloud. It is designed to make Web scale cloud computing easier for developers. This is a simple Web service interface that allows you to obtain and configure capacity with minimal friction. It provides you with complete control of your computing resources and lets you run on Amazon’s proven computing environment. Amazon EC2 reduces the time required to obtain and boot new server instances into minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change. It changes the economics of computing by allowing you to pay only for capacity that you actually use. It also provides developers the tools to build failure resilient applications and isolate themselves from common failure scenarios.

ObjectivesBy the end of this lab, you will be able to:

� Launch a web server with termination protection enabled.

� Monitor Your EC2 instance.

� Modify the security group that your web server is using to allow HTTP access.

� Resize your Amazon EC2 instance to scale.

� Explore EC2 limits.

lab activities


� Test termination protection.

� Terminate your EC2 instance.

tasKs

To perform this lab, you need to perform the following tasks:1. Launch your Amazon EC2 instance.

2. Monitor your instance.

3. Update your Security Group and access the Web Server.

4. Resize your Instance: Instance Type and EBS Volume.

5. Explore EC2 limits.

6. Test termination protection.

task 1: launch your amazon eC2 instance

In this task, you will launch an Amazon EC2 instance with termination protection. Termination protection prevents you from accidentally terminating an EC2 instance. You will deploy your instance with a User Data script that will allow you to deploy a simple Web Server.

Note: To perform these labs, you must have an AWS account. In addition, note that you may/may not notice some changes in the names of tabs/options while performing these labs as the AWS keeps updating the websiteUI regularly.

To perform this task, you need to perform the following steps:1. Log into your AWS account by navigating to the following URL

in a new browser:

console.aws.amazon.com

2. Once logged in, ensure the region selected on the top menu is Oregon.

3. Click the Services menu.

4. Click the EC2 option under the Compute section.

5. Click the Launch Instance button under the Create Instance section. The Step 1: Choose an Amazon Machine Image (AMI) page is displayed.

6. Click the Select button next to Amazon Linux AMI. The Step 2: Choose an Instance Type page is displayed. You will use the t2.micro instance type which is already selected by default.

7. Click the Next: Configure Instance Details button. The Step 3: Configure Instance Details page is displayed.

8. Select the default vpc option in the Network drop-down list.



9. Ensure that the Protect against accidental termination check box is selected.

10. Click the Advanced Details link. The User data text area is displayed.

11. Ensure that the As text option is selected.

12. Type the following script in the User data text area:

#!/bin/bash

yum update -y

yum install httpd -y

service httpd start

chkconfig httpd on

echo “<html><h1>Hello from Your Web Server!</h1></html>” > /var/www/html/index.html

The script will perform the following actions: { Update the latest system upgrades

{ Install an Apache web server (httpd)

{ Activate / Start the web server

{ Configure the web server to automatically start on boot

{ Create a simple web page called index.html

13. Click the Next: Add Storage button. Leave the default values as they are.

14. Click the Next: Add Tags button.

15. Click the Add Tag button.

16. Specify the name and value of the key in the Key and Value text boxes. For instance, in the Key text box, specify the name of the tag such as “Name” whereas in the Value text box specify “Linux server”.

17. Click the Next: Configure Security Group button. The Step 6: Configure Security Group page is displayed.

18. Type Web Server security group in the Security group name text box.

19. Type Security group for my web server in the Description text box.

20. Retain the existing SSH rule, as shown in the following figure.


Lab Activities

21. Click the Add Rule button. A new line appears with values to be added for the new rule.

22. Select HTTP from the Type drop-down list.

23. Ensure that port 80 should be selected in the Port Range text box.

24. Click the Review and Launch button.

25. Click the Launch button. The Select an existing key pair or create a new key pair dialog box is displayed.

26. Select the Proceed without a key pair option from the drop-down list.

27. Select the I acknowledge that I will not be able to connect to this instance unless I already know the password built into this AMI check box.

28. Click the Launch Instances button.

29. The launch instance process will start, and then after some time the Launch Status page is displayed, as shown in the following figure.

Your instance has been launched.30. Click the View Instances button. The instance details page is

displayed.

31. Wait for your instance to display the following details:

{ Instance State: running

{ Status Checks: 2/2 checks passed

You have successfully launched the first Amazon EC2 instance.



task 2: monitor your instance

Monitoring is an important part of maintaining the reliability, availability, and performance of your Amazon Elastic Compute Cloud (Amazon EC2) instances and your AWS solutions.

To perform this task, you need to perform the following steps:1. Click the Status Checks tab.

2. Ensure that the System reachability check passed and Instance reachability check passed under the System Status Checks and Instance Status Checks sections should be in green color.

3. Click the Monitoring tab. This tab displays CloudWatch metrics for your instance.

4. Select Actions à Instance Settings à Get System Log. The system log dialog box is displayed.

5. Scroll through the output and note that the HTTP package was installed from the user data that you added when you created the instance, as shown in the following figure.


Lab Activities

6. Click the Close button.

7. Select Actions à Instance Settings à Get Instance Screenshot. The Get instance screenshot dialog box is displayed, as shown in the following figure.


You have explored several ways to monitor your instance.

task 3: update your security group and access the Web server

When you launched the EC2 instance, you provided a script that installed a Web server and created a simple Web page. In this task, you will access content from the Web server.

To perform this this task, you need to perform the following steps:1. Ensure that the EC2 Management Console window is open.

2. Select Instances in the left pane.

3. Select the instance, and then click the Description tab.

4. Copy the IPv4 Public IP of your instance to your clipboard.



5. Open a new tab in your Web browser, paste the IPv4 Public IP address you copied, and then press Enter. The message “Hello from Your Web Server!” is displayed.

You have successfully accessed your web server from a browser.

task 4: resize your instance: instance type and eBs Volume

As your needs change, you might find that your instance is over-utilized (too small) or under-utilized (too large). If so, you can change the instance type.

To perform this task, you need to perform the following steps:1. Ensure that the EC2 Management console window is open.

2. Select the Instances option in the left pane.

3. Ensure that the instance is selected. .

4. Select Actions à Instance State à Stop. The Stop Instances dialog box is displayed.

5. Click the Yes, Stop button.

6. Wait for the Instance State status to display stopped.

7. Select Actions à Instance Settings à Change Instance Type. The Change Instance Type dialog box is displayed.

8. Ensure that the t2.micro as Instance Type is selected. Notice that you can select a smaller or larger instance type.

9. Do NOT change the instance type. Click the Cancel button.

10. Select Volumes in the left pane.

11. Ensure that the instance is selected for which volume needs to be resized.

12. Select Actions à Modify Volume. The Modify Volume dialog box is displayed.

13. Type 10 in the size text box.

14. Click the Modify button.

15. Click the Yes button to confirm and increase the size of the volume.



18. Ensure that the instance is selected.

19. Select Actions à Instance State à Start. The Start Instances dialog box is displayed.

20. Click the Yes, Start button.

You have successfully resized your Amazon EC2 Instance. You also modified your root disk volume from 8 GiB to 10 GiB.


Lab Activities

task 5: explore eC2 limits

Amazon EC2 provides different resources that you can use. These resources include images, instances, volumes, and snapshots. When you create an AWS account, there are default limits on these resources on a per-region basis.


2. Select Limits in the left pane.

Note that there is a limit on the number of instances that you can launch in this region. When launching an instance, the request must not cause your usage to exceed the current instance limit in that region. You can request an increase for many of these limits.

task 6: test termination protection

You can delete your instance when it is no longer in use. This is referred to as terminating your instance. You cannot connect to or restart an instance after it has been terminated.



3. Ensure that the instance is selected.

4. Select Actions à Instance State à Terminate. The Terminate Instances dialog box is displayed.

5. You will note that the These instances have Termination Protection and will not be terminated. Use the Change Termination Protection option from the Instances screen Actions menu to allow termination of these instances. message is displayed.

6. Click the Cancel button.

7. Select Actions à Instance Settings à Change Termination Protection. The Disable Termination Protection dialog box is displayed.

8. Click the Yes, Disable button.

9. Select Actions à Instance State à Terminate. The Terminate Instances dialog box is displayed.

10. Click the Yes, Terminate button.

You have successfully tested termination protection and terminated your instance.

You have successfully completed the lab.



introduCtion to amazon simple storage serViCe (s3) OverviewThis lab introduces you to Amazon Simple Storage Service (Amazon S3) using the AWS Management Console. Amazon S3 is a storage for the Internet. You can use Amazon S3 to store and retrieve any amount of data at any time, from anywhere on the Web.

ObjectivesBy the end of this lab, you will be able to:

� Create a bucket in Amazon S3.

� Add an object to your bucket.

� Manage access permissions on an object.

� Create a Bucket Policy.

� Use bucket versioning.

tasKs

To perform this lab, you need to perform the following tasks: � Create a Bucket.

� Upload an Object to the Bucket.

� Make an Object Public.

� Create a Bucket Policy.

� Explore Versioning.

task 1: Create a Bucket

In this task you will create an Amazon S3 bucket. Every object in Amazon S3 is stored in a bucket. To do this task, you need to perform the following steps:

1. Login to your AWS account by navigating to the following URL in a new browser:

console.aws.amazon.com

2. Click the Services drop-drown list. The Services page is displayed.

3. Select S3 under the Storage section.

4. Observe the region has changed to Global on the top menu in the S3 Management Console.


Lab Activities

5. Click the Create bucket button. The Create bucket dialog box is displayed.

6. Type the name of the bucket in the Bucket name text box. For instance, mybucket10. The bucket name should be in lowercase and must be unique across all users of S3.

7. Click the Next button. The Properties page is displayed.

8. Select the Keep all versions of an object in the same bucket check box under the Versioning section.

9. Click the Next button. The Set permissions page is displayed.

10. Ensure that full access rights are provided in the Manage users section.

11. Ensure that Do not grant public read access to this bucket (Recommended) option is selected in the Manage public permissions drop-down list.

12. Ensure that Do not grant Amazon S3 Log Delivery group write access to this bucket option is selected in the Manage system permissions drop-down list.

13. Click the Next button. The Review page is displayed.

14. Click the Create bucket button.

You have now successfully created a bucket.

task 2: upload an object to the Bucket

Now that you have created a bucket, you are ready to store objects. An object can be any kind of file: a text file, a photo, a video, a zip file, etc. When you add an object to Amazon S3, you have the option of including metadata with the object and setting permissions to control access to the object. In this task, you will upload objects to your S3 bucket. To do this, you need to perform the following steps:

1. Ensure that the S3 Management Console window is open.

2. Click the created bucket. The bucket page is displayed.

3. Click the Upload button. The Upload dialog box is displayed.

4. You can drag and drop the files or click the Add Files button.

5. Browse to the location where the file that you want to upload is stored, and then click the Open button. The file is added.

6. Click the Upload button. The file is uploaded.

Once the file is uploaded, it will be displayed in the bucket.



task 3: make an object public

In this task, you will configure permissions on an object so that it is publicly accessible. To do this, you need to perform the following steps:


2. Click the recently downloaded file in the bucket. The image properties page is displayed.

3. Copy the link displayed in the Link section and paste in the new browser.

4. Press the Enter key. The following error message with “Access Denied” is displayed, as shown in the following figure.

5. Return back to the S3 Management Console window.

6. Click the Permissions tab.

7. Select the Everyone option under the Public access section. The Everyone dialog box is displayed.

8. Select Read object under the Access to the object section.

9. Click the Save button.

10. Return back to the Web browser that displayed Access Denied, and then refresh the page. The uploaded image will be displayed in the Web browser.

11. Close Web browser and return back to the S3 Management Console window.

In this task, you granted access only to a specific object. If you wish to grant access to an entire bucket, you should use a Bucket Policy.

task 4: Create a Bucket policy

A Bucket Policy is a set of permissions associated with an Amazon S3 bucket. It can be used to control access to a whole bucket or to specific directories within a bucket. To do this task, you need to perform the following steps:


2. Repeat steps 2 to 6 of task 2.

3. Repeat steps 2 to 4 of task 3.


Lab Activities

4. Keep this Web browser tab open, and return back to the S3 Management Console window.

5. Click the name of your bucket at the top of the window.

6. Click the Permissions tab.

7. Click the Bucket Policy tab. The Bucket policy editor window is displayed

8. Copy the ARN of your bucket to the clipboard. It is displayed at the top of the policy editor, as shown in the following figure.

9. Click the Policy generator link at the bottom of the page. The AWS Policy Generator page is displayed.

10. Select S3 Bucket Policy option from the Select Type of Policy drop-down list.

11. Type * in the Principal text box.

12. Select GetObject from the Actions drop-down list.

13. Paste the ARN number in the Amazon Resource Name (ARN) text box.

14. Append /* at the end of the ARN number.

15. Click the Add Statement button.

16. Click the Generate Policy button. The Policy JSON Document text editor dialog box is displayed.

17. Copy the policy to your clipboard.


19. Close the AWS Policy Generator page.

20. Return back to the Bucket policy editor window and paste the bucket policy.

21. Click the Save button.

22. Return back to the Web browser that displayed Access Denied and refresh the page. The uploaded image will be displayed in the Web browser. This is because the Bucket Policy applies to the bucket as a whole, without having to grant individual permissions to each object individually.



23. Close Web browser and return back to the S3 Management Console window.

task 5: explore Versioning

Versioning is a means of keeping multiple variants of an object in the same bucket. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. With versioning you can easily recover from both unintended user actions and application failures.

To explore versioning, you need to perform the following steps:1. Ensure that the S3 Management Console window is open.

2. Click the Overview tab.

3. Select any image from the Name drop-down list, and then click the Upload button.

4. Click the Add Files button.

5. Search the image with the same name, and then click the Open button.

6. Take note of the contents of the file, then refresh the page. You should now see the edited file.

Note: Amazon S3 always returns the latest version of an object if a version is not otherwise specified or you can also obtain a list of available versions in the S3 Management Console window.

7. Close Web browser displaying the image.

8. Select the same image in the bucket list. The image properties page is displayed.

9. Click the Latest version drop-down list in the image properties page.

10. Select the old version of the image, and then select the Open option. You should now see the first version of the image using the S3 Management Console window.

Note: However, if you try to access the picture using the S3 URL link, you will receive an access denied message. This is expected in the lab because you only have permission to access the latest version of the object. In order to access the previous version of the object, you need to update your bucket policy to have the “s3:GetObjectVersion” permission.


Lab Activities

You have successfully completed the lab.



Module Learning Objectives � Identify the structure of the exam.

� Indicate the key components of the exam.

� Practice the exam.

Topics Covered in This Module1. Qualification Learning Objectives

2. Learning Level of the Syllabus

3. Certification

3.1. Certification Scheme

3.2. Certification Value

4. Exam Instructions

4.1 Exam Format

4.2 Question Formats

4.3 Scoring System

5. Tips for Exam Taking

exam preparation guide


1. QualiFiCation learning oBjeCtiVes

When you have acquired the required knowledge from this course, you will be able to:

� Explain the hazardous and disingenuous cloud computing myths and misconceptions.

� Define additional cloud terminologies and concepts.

� Identify the different virtualization aspects.

� Learn about the additional digital disruptive technologies and digitization trends.

� Understand the additional concepts in cloud security, risks, and governance.

� Identify the best practices for adopting the cloud.

2. learning leVel oF the syllaBus

The modern version of Bloom’s taxonomy of learning is a widely used classification framework for course syllabi and assessments for certification. The taxonomy classifies learning into six ascending levels.

Level 1—the Knowledge Level: Exhibit memory of previously learned materials by recalling facts, terms, basic concepts, and answers.

Level 2—the Comprehension level: Demonstrate understanding of facts and ideas by organizing, comparing, translating, interpreting, giving descriptions, and stating main ideas.

Level 3—the Application level: Use new knowledge. Solve problems to new situations by applying acquired knowledge, facts, techniques, and rules.

Level 4—the Analysis level: Examine and break information into parts by identifying motives or causes. Make inferences and find evidence to support generalizations.

Level 5—the Evaluation level: Present and defend opinions by making judgments about information, validity of ideas, or quality of work based on a set of criteria.

Level 6—the Creation level: Compile information together by combining elements in a new pattern or proposing alternative solutions.

The level of this course for the Professional Cloud Developer is level 1, 2, 3, and 4 (Knowledge, Comprehension, Application, and Analysis).



CCC Cloud technology associate plus learning outcomes

1. Knowledge 2. Comprehension 3. Application 4. Analysis

Generic Definition from Learning Outcomes

Know key facts, terms and concepts from the guidance.

Understand the key concepts from the guidance.

Be able to apply the concepts related to the syllabus area for a given situation.

Be able to analyze and distinguish between appropriate and inappropriate use of the method for a given situation.

Qualification Learning Outcomes

Know key facts, including terms, concepts, and latest technologies/ trends from the CCC Cloud Technology Associate plus program.

Understand the concepts, latest digitization trends, and virtualization in cloud computing and can explain how these are applied.

The professional series is expected to provide a practical level of proficiency for a candidate. The examinations test this level. The examination format of complex multiple choice will offer a scenario and questions with a corresponding series of possible answers.

3. CertiFiCation

Cloud Credential Council® (CCC) is the accreditor of this course. The CCC intends to accelerate successful cloud adoption through training and certification. In line with this, the CCC aims to provide the most comprehensive in-depth cloud training and certification program in the world.

The CCC Cloud Certification Program is a vendor-neutral certification program in the cloud computing domain. The program has been developed by cloud experts that work at leading organizations such as IBM, Microsoft, VMWare, Cisco, EMC, HP, and ING, and aligns to NIST definitions and terminology.

3.1 Certification scheme

The CCC certifications are vendor-neutral and provide an excellent into vendor-specific cloud training and certification programs. They also add value to the career development of business and technology professionals, as the certifications are built with cloud experts from leading organizations.


Exam Preparation Guide

3.2 Certification Value

Cloud computing has been around for a few years now and continues to be built on the foundations of Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). CCC’s Cloud Technology Associate Plus (CTA+) designation is a globally recognized certification for associates.

Enhance your career by earning the CTA+ certification from the CCC-globally known as the standard of achievement for associates involved with cloud-based solutions.

4. exam instruCtions

4.1 exam Format

Prerequisites There are no formal prerequisites. However, it is recommended that you attain the Cloud Technology Associate Certification (or its equivalent) from the Cloud Credential Council, and/or that you are conversant with cloud concepts and vocabulary.

Supervised Webcam Proctored

Exam Type Online

Time Limit The exam will be of 45 minutes. For non-native speakers an additional 15 minutes is available.

Pass Score To pass the exam, an individual must attain a score of 65% or higher.

Open Book No

Number of Questions

30

4.2 Question Formats

The Foundation qualification examines learning outcomes at levels 1 (Knowledge) and 2 (Comprehension).

Question format will be as given below: � Multiple-choice

4.3 scoring system

For the multiple-choice questions, one mark will be provided to each question answered correctly.



5. tips For exam taKing

In order to successfully take the exam, you are advised to keep the following points in mind:

� Read the questions carefully.

� If you are stuck on a question, you should guess the most likely option, mark the question, and come back to it at the end. This way, you will at least have a guess answer if you run out of time.

� Use theoretical knowledge to answer the questions and select the best option. Eliminate the distracters by using theoretical knowledge and assessment of the information provided.

� When in doubt, you should guess — there is no negative marking.


Exam Preparation Guide

IntroductionGo-Cloud is one of the largest IT service providers in Asia with its revenue for the last fiscal year being approximately US$ 15 billion. Its primary business is to provide a variety of application services (application development, maintenance and management) and infrastructure outsourcing to enterprise clients in 50+ countries. The application services range from simple web sites, interactive web applications, mobile and IoT applications to Data Analytics and Machine Learning.

The most critical business and IT processes depend on the requisite capacity planning, provisioning, utilization, secureness, and scaling of infrastructure. This is because the service provider, on average, has 5000 projects being executed simultaneously for more than 500 clients. The teams are spread across multiple diverse locations across the world and have some of the most dynamic requirements for services, software and hardware. In addition, various internal and client-facing teams are constantly piloting all sorts of solutions, prototypes for business development and R&D.

The constant challenge for the service provider staff who work directly with external clients and prospects is to get them the right technology configuration (servers, sizing, security, etc.) in the shortest possible time frame.

The need of the hour is to have an effective and reliable underlying infrastructure that can deliver consistent and predictable service levels to the service provider’s clients.

With reference to the above scenario and subsequent sub-scenarios in each following section, answer the corresponding questions.

Case studyadopting the Cloud


i - Cloud serViCes - strategy

There was a lead time of approximately 45 days in addressing the infrastructure requests from the day of the request to the time the hardware is fully commissioned and operational for use.

The average utilization of the servers was less than 15% and the servers were also sprawled across multiple locations. The spare capacity could not be used for new or alternative teams.

The Project teams were not able to scale the computing environments according to the varying demands of the application workloads.

a) Should the service provider adopt the cloud?

b) Identify the top three business drivers for the service provider to adopt the cloud.

c) What are the typical challenges the service provider faces in its on-premise traditional computing environment?

d) Which cloud essential characteristics play a prominent role for migrating to the cloud?

e) Which service model(s) should the service provider select? Why?

f) Which deployment model(s) should the service provider select and why?

g) Would the service provider need to engage the services of a broker for value-addition?

h) What benefits can the service provider gain by migrating to the cloud?

i) Which challenges, if any, will the service provider still tend to encounter after the migration to the cloud?

j) Depending on the service model selected, what all will be the responsibilities of the service provider?

ii - teChnology – Virtualization

Given the extensive client base, there is a widespread level of heterogeneous technology required. The teams’ requirements had a high diversity of operating systems, platforms, tools and hardware. To meet the above requirements, multiple types of virtualization technologies had to be also supported.

a) What are the advantages and disadvantages of using multiple virtualization technologies?

b) Should the service provider opt for open-source technology stacks or proprietary based?

c) Should virtual machines or containers be used for application deployment? Why?



d) There are different types of containers in use – Docker, Kubernetes, etc. Does it matter which container type is used?

e) How does the service provider mitigate the risk of VM sprawl?

f) How are other risks arising from portability and interoperability handled?

iii - digital transFormation teChnologies

Many project teams required high computing capacity for a short period of time and it was not feasible to procure hardware and software for such projects.

The R&D department was exploring the use of applications that pertained to big data and sensor related use cases such as Cluster Management, Data Analytics, IoT applications, Machine Learning predictions and DevOps.

a) What kind of specific environment(s) would be required for the experimentation of the various digital transformation technologies mentioned?

b) How would you address the regular need of high computing capacity for short periods of time?

c) How would Agile and DevOps enable a faster transition to the cloud?

d) What standards and connectivity protocols would need to be considered for working with the IoT sensors and applications?

e) Identify the risks involved while experimenting the use of digital transformation technologies.

f) Identify the sources of big data required for the purposes of Data Analytics and Machine Learning predictions.

iV - seCurity, risKs and goVernanCe

End-users found it difficult to back up critical files as server failures lead to frequent disconnections from the backup network.

a) What is the purpose of Compliance and Governance in this case study.

b) What is your defined level of risk tolerance?

c) How would you ensure that only authorized users will have access to the important data?

d) How would you ensure that sensitive and confidential data is secured during transit and at rest?

e) How would you mitigate the risks of vendor lock-in?Copyright © 2018 │ 71

Case Study

V - adopting the Cloud

a) What types of applications will you first select for the migration to the cloud?

b) Are the applications developed using the standard 3-tier architecture? Are microservices also being used and why?

c) What programming languages and source-control version will you consider for development?

d) What databases and caching mechanisms would you use in your applications?

e) How do you handle load balancing and performance (latency) issues?

f) What would be your ideal scaling strategy – vertical or horizontal or a combination of both? What are the advantages and disadvantages of using these two forms of scaling?

g) How will you address high availability and disaster recovery?

h) On what media types would you consider taking back-ups of your data plus applications and how frequently would you suggest this practice?

i) What tools would you use for monitoring, auditing, reporting, measuring, billing, debugging?

j) What type of incident response plan would you have in case of outages / disruptions in service?

implementation

You, being an expert cloud consultant, are brought in to assist the adoption to the cloud.

a) What approach would you take to resolve the challenges faced?

b) How would you prioritise the list of challenges?

c) What time-frame would you suggest for the entire implementation of the project?

d) If your cloud solution includes entering into a contract with a public service provider (public cloud / hybrid cloud / virtual private cloud / outsourced private or community cloud), how would you evaluate the fitness of the public service provider?

e) If your solution includes any of the forms of public cloud as mentioned in d, what characteristics of the public cloud will you focus on?



summary

1. How likely will the adoption of cloud be a success in the above case study?

2. What critical success factors will determine this success?

3. Would cost savings play an important part to adopting the cloud?

4. What other suggestions, would you make to optimize the adoption process to the cloud?

5. What factors will enable you to recommend other businesses from adopting the cloud?


Case Study

CLOUD TECHNOLOGY ASSOCIATE +

Syllabus

Version 3.0.0

August 2018

appendix asyllaBus

75

2Copyright © 2018 Cloud Credential Council. All rights reserved. www.cloudcredential.org

COMPONENT DESCRIPTION

Course Title Cloud Technology Associate +

Course Duration (Self-Study eBook course)

8 Hours

Audience Pro� le Suitable for IT professionals who have completed the Cloud Technology Associate (CTA) course.

COURSE INTRODUCTIONThe Cloud Technology Associate Plus course aims to explore a few additional and advanced concepts related to cloud, virtualization, and various other terminologies which are seamlessly blended with latest digitization trends and technologies. In addition, this course also provides various hands-on labs on AWS cloud which will help the participants to enhance their understanding and knowledge of virtual machines and storage in the cloud.

The course include comprehensive reference materials that help the participants to practice their knowledge through a case study. The course prepares candidates for the Cloud Technology Associate + exam provided by the Cloud Credential Council (CCC).

TARGET AUDIENCE• IT Specialists (Analysts, Developers, Architects, Testing, etc.)

• IT Administrators (System, Database, etc.)

• IT Provisioning and Maintenance (Hardware, Network, Storage, etc.)

• IT Managers

• IT Project Managers

• Others (Sales, Purchase, Audit, Legal, etc.)

76



QUALIFICATION OBJECTIVESWhen you have acquired the required knowledge from this course, you will be able to:

• Explain the hazardous and disingenuous cloud computing myths and misconceptions.

• De� ne additional cloud terminologies and concepts.

• Identify the di� erent virtualization aspects.

• Learn about the additional digital disruptive technologies and digitization trends.

• Understand the additional concepts in cloud security, risks, and governance.

• Identify the best practices for adopting the cloud.

COURSE LEVEL The course should include the following:

• Presentation material

• Every concept explanation to be followed by suitable example(s)

• Lab exercises

• Case study with related exercises used throughout the course

• Mock exam (preparation for certi� cation)

CERTIFICATION REQUIREMENTSYou will receive the required certi� cation from CCC on successful completion of the Cloud Technology Associate + exam.

WEIGHTAGERequisite virtualization basics, terminologies and concepts are seamlessly blended with cloud aspects and bene� ts and latest digitization trends/technologies into a holistic integrated course.

77

Appendix A | Syllabus


SECTIONS• Cloud Computing Myths and Misconceptions

• Cloud Terminologies

◊ Content Delivery Network

◊ Vertical Cloud

◊ Virtual Private Cloud

◊ Cloud Portability

◊ Cloud Interoperability

◊ Cloud Orchestration

◊ Cloud Service Level Agreements

◊ Cloud Testing

◊ Chargeback

• Virtualization

◊ Paravirtualization

◊ Hardware Assisted Virtualization (Accelerated Virtualization)

◊ Virtual Appliances

◊ Client-Side and Server-Side Desktop Virtualization

◊ Desktop Virtualization Types Comparison

◊ Virtual Appliances Versus Virtual Machines: Comparison

◊ Docker Containers

◊ Kubernetes Containers

• Digital Disruptive Technologies and Digitization Trends

◊ BYOD

◊ Case Study: The Need for Mobile Device Management

◊ Overview of Enterprise Mobility Management

◊ Digital Disruption – Occurrences

◊ Digital Disruption Versus Disruptive Technology

78



◊ Virtual Reality

◊ Augmented Reality

◊ Virtual Reality Versus Augmented Reality

◊ Bitcoin Currency

◊ Blockchain Technology

◊ Cognitive Computing

• Cloud Security, Risks, and Governance

◊ General Cloud Computing Security Advantages

◊ Cloud Computing Top Risk Areas

◊ Policy and Organizational Risks

◊ Technical Risks

◊ Legal Risks

◊ Generic Vulnerabilities in Cloud Computing

◊ Other Vulnerabilities in Cloud Computing

◊ Trends in Cloud Security

◊ Key Governance Issues in the Cloud

• Cloud Adoption

◊ Recommendations for a Safe and Secure Cloud Adoption

◊ Cloud Migration Strategies Failure

◊ Cloud Computing Failures

◊ Application Migration Strategies

79



LEARNING OUTCOMES A classi� cation widely used when creating assessments for certi� cation and education is the Bloom’s Taxonomy of Educational Objectives. This classi� es learning objectives into six ascending learning levels, each de� ning a higher degree of competencies and skills. (Bloom et al, 1956, Taxonomy of Educational Objectives).

This structured approach helps to ensure:

• A clear segregation in learning level content between the di� erent quali� cation levels.

• Learning outcomes are documented consistently across di� erent areas of the program.

• Exam questions and papers are consistent and are created to a similar level of di� culty.

The Foundation quali� cation examines learning outcomes at levels 1 (Knowledge) and 2 (Comprehension).

CLOUD TECHNOLOGY ASSOCIATE + LEARNING OUTCOMES

1. Knowledge 2. Comprehension 3. Application 4. Analysis

Generic De� nition from Learning Outcomes

Know key facts, terms and concepts from the guidance.

Understand the key concepts from the guidance.

Be able to apply the concepts related to the syllabus area for a given situation.

Be able to analyze and distinguish between appropriate and inappropriate use of the method for a given situation.

Quali� cation Learning Outcomes

Know key facts, including terms, concepts, and latest technologies/ trends from the CCC Cloud Technology Associate + program.

Understand the concepts, latest digitization trends, and virtualization in cloud computing and can explain how these are applied.

80



EXAM DETAILS

ASPECT DETAILS

Exam Type Multiple Choice Questions (MCQs)

Number of Questions 30

Duration 45 minutes

Provisions for additional time relating to language

15 minutes of additional time for non-native speakers

Prerequisite It is recommended that you have completed the Cloud Technology Associate certi� cation (or its equivalent) from the Cloud Credential Council, and/or that you are conversant with cloud concepts and vocabulary.

Supervised (Proctored) Yes

Open Book No

Pass Score 65%

Delivery Online

81


CLOUD TECHNOLOGY ASSOCIATE +

Glossary

Version 3.0.0

August 2018

appendix Bglossary

83


CLOUD CERTIFICATION PROGRAMwww.cloudcredential.org

Reservation of Rights

© 2018 Cloud Credential Council. All rights reserved. No part of this publication may be used, copied, reproduced, modi� ed, distributed, displayed, stored in a retrieval system, or transmitted in any form by any means (electronic, mechanical, photocopying, recording, or otherwise) unless a clear reference to the Cloud Credential Council is included. Reproduction and use of all, or portions of, this publication are permitted but must include full attribution of the material’s source.

THE CLOUD CREDENTIAL COUNCILThe Cloud Credential Council is the international industry representation body mandated to drive alignment and develop standards for the cloud computing domain, which is important for organizational and individual training and certi� cation. The Council is independent and vendor neutral, with membership that includes user organizations, vendors, professional associations, and international certi� cation bodies from across the world. Its mission is brie� y described as follows: To engage in the development, adoption and use of a vendor-neutral, independent, globally accepted, industry-leading cloud computing and virtualization certi� cation program for IT professionals. “The Cloud Credential Council brings together stakeholders in the cloud computing industry and sets a standard for professional certi� cation through its Cloud Certi� cation Program. The Cloud Credential Council is open to everyone who wants to become a member and participate in the Cloud Certi� cation Program.”

84



ACKNOWLEDGEMENTSIn developing and creating the Glossary, the Cloud Credential Council acknowledges the invaluable contribution of its Review Board and in particular, the Glossary Development Team currently consisting of:

• Brian Bourne, Principal, SmarTech, Canada

• Cazzy J. Jordan, Senior Developer Instructional, General Dynamics IT, USA

• Derek Cockerton - Director Converged Infrastructure EMEA - HP, UK

• Edward Newman - Global Practice Director, Private Cloud Services - EMC Corporation, USA

• Eric Charlesworth - Technical Solutions Architect - Cisco Systems, Inc., USA

• Hans Beers, Senior IT Architect – IBM, the Netherlands

• Jaap Bloem, Senior Analyst, Sogeti VINT, the Netherlands

• Laurent Renard, Consultant, Global Knowledge, France

• Peter Hanselman, Cloud Strategist, HMS, the Netherlands

• Peter HJ van Eijk, Cloud SME, ITpreneurs

• Tariq Y. Elsadik, Managing Director, Business IT ecoSystem Consulting, UAE

• Sudhakar Nagasampagi, Cloud SME, ITpreneurs

The Glossary has been created and designed to provide (IT) professionals involved in the “cloud” with standard de� nitions and an understanding of terms. The Glossary Development Team is aware that the cloud domain is evolving rapidly and that, consequently, terms and de� nitions need to be updated regularly. Members are invited to join to contribute and take part in updating and developing the Glossary.

Finally, the Cloud Credential Council acknowledges the sources listed below, which have been inspirational in the creation and design of the Glossary:

• ITIL® v3 Glossary v3.1.24, 11 May 2007

• NIST-CC - Special Publication 800-145 (Draft), NIST-T

• Gartner – IT De� nitions and Glossary http://www.gartner.com/technology/it-glossary/)

• ITpreneurs Cloud Computing Foundation Course

• Business Dictionary (http://www.businessdictionary.com/de� nition/termination-clause.html)

85

Appendix B | Glossary


TERMINOLOGY DEFINITION

Account User identity, implying some contractual relation

Application Software that provides the functions that are required by an IT service; each application may be part of more than one IT service and runs on one or more servers or clients

Application Programming Interface (API)

A particular set of rules and speci� cations that software programs can follow to communicate with each other; it serves as an interface between di� erent software programs and facilitates their interaction, similar to the way the user interface facilitates interaction between humans and computers

Application Virtualization

Application virtualization is software technology that encapsulates application software from the underlying operating system on which it is executed

Architecture (ITIL® phase: Service Design) The structure of a system or IT service, including the relationships of components to each other and to the environment they are in; architecture also includes the standards and guidelines, which guide the design and evolution of the system

Artifi cial Intelligence An area of computer science that emphasizes the creation of intelligent machines that work and react like humans

Augmented Reality Is a type of interactive, reality-based display environment that takes the capabilities of computer generated display, sound, text and e� ects to enhance the user's real-world experience

86




Authentication Establishing the individual identity of a user or determining that the user has certain attributes or is a member of a speci� ed group; the user can be a real user or can be a system or service

Authorization The process of determining a speci� c user’s eligibility to gain access to an application or function or to make use of a resource; a right or permission that is granted to access a system resource; see also de� nition of authentication

Automation Replacement of manual procedures by machines, including hardware and software

AWS Amazon Web Services - A leading and innovative public cloud, Infrastructure-as-a-Service (primarily IaaS) service provider.

Bandwidth The amount of data that can be transmitted per unit of time, for example, Gigabit/second

Bitcoin Bitcoin (BTC) is a digital currency, which is used and distributed electronically.

Blockchain Refers to a type of data structure that enables identifying and tracking transactions digitally and sharing this information across a distributed network of computers, creating in a sense a distributed trust network. The distributed ledger technology o� ered by blockchain provides a transparent and secure means for tracking the ownership and transfer of assets

87




Browser A software program to access content on the Internet, in particular the world wide web of HTTP servers, addressed by a URL

Bring Your Own Device (BYOD)

Refers to employees who bring their personal devices to work, whether laptop, smartphone or tablet, in order to interface to the corporate network

Bring Your Own Application (BYOA)

Is the trend toward employee use of third-party cloud application services in the workplace.

Bring Your Own PC (BYOPC)

Is a concept by which employees are encouraged or allowed to bring and use their own personal computing devices to perform some or part of their job roles

Calls (Web services calls)

Atomic invocations that make up the use of Web services

Chargeback IT chargeback is an accounting strategy that applies the costs of IT hardware, software, cloud services or shared services to the business unit in which they are used

Client A computer that is used directly by a user, for example, a PC, handheld computer, or workstation; the part of a client/server application that the user directly interfaces with, for example, an e-mail client

Cloud Auditor A party that can conduct independent assessment of cloud services, information systems operations, performance, and security of the cloud implementation

88




Cloud Broker An entity that manages the use, performance and delivery of cloud services, and negotiates relationships between Cloud Providers and Cloud Consumers

Cloud Carrier The intermediary that provides connectivity and transport of cloud services from Cloud Providers to Cloud Consumers

Cloud Computing Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of con� gurable computing resources (for example, networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management e� ort or service provider interaction; this cloud model has � ve essential characteristics: on-demand self-service, broad network access; resource pooling, rapid elasticity, measured service

Cloud Customer Cloud subscriber — a person or organization that has been authenticated to a cloud and maintains a business relationship with a cloud (Source: NIST SAJACC)

Cloud Ecosystem An interrelated and interdependent set of providers of cloud services and products

Cloud Service Provider The person, organization, or entity responsible for making a service available to service consumers

Cloud Services Services that are delivered by cloud providers

89




Cloud Portability Refers to the ability to move applications and data from one cloud computing environment to another with minimal disruption. Cloud portability enables the migration of cloud services from one cloud provider to another or between a public cloud and a private cloud

Cloud Interoperability Refers to the ability of customers to use the same management tools, server images, and other software with a variety of cloud computing providers and platforms

Cloud Testing Is a form of software testing in which web applications use cloud computing environments (a “cloud”) to simulate real-world user tra� c

Cloud Orchestration Describes the arranging and coordination of automated tasks, ultimately resulting in a consolidated process or work� ow

Cloud Service Level Agreements

A cloud service level agreement or cloud SLA is an agreement between a cloud service provider and a customer that ensures a minimum level of service is maintained

Cognitive Computing It is the simulation of human thought processes in a computerized model. It involves self-learning systems that use data mining, pattern recognition and natural language processing to mimic the way the human brain works

90




Community Cloud A cloud infrastructure that is shared by several organizations and supports a speci� c community that has shared concerns (for example, mission, security requirements, policy, and compliance considerations); it may be managed by the organizations or a third party and may exist on premise or o� premise (Source: NIST CC De� nition)

Compliance Ensuring that a standard or set of guidelines is followed or that appropriate, consistent accounting or other practices are being employed

Confi dentiality The security goal that generates the requirement for protection from intentional or accidental attempts to perform unauthorized data reads; con� dentiality covers data in storage, during processing, and in transit (ITIL® phase: Service Design); a security principle that requires the data should only be accessed by authorized people

Confi guration (ITIL® phase: Service Transition) A generic term used to describe a group of Con� guration Items that work together to deliver an IT service or a recognizable part of an IT service; con� guration is also used to describe the parameter settings for one or more CIs

Confi guring The process of developing and deploying a con� guration (see con� guration)

Connectivity As in Internet connectivity: the capability of making connections to, for example, servers on the Internet

91




Containers Containers are one way of achieving virtualization (the other way being by using virtual machines). As compared to VMs, they are light-weight, faster to boot, and platform agnostic.

Content Delivery Network

A network of geographically distributed servers that replicate data (content) to users and otherwise improve the performance and its delivery for users

Content Distribution Network

A synonym for a content delivery network

CPU The component of a computer system that controls the interpretation and execution of instructions

Credential Proof of identity issued by a trusted identity provider

Data Center A physical building with a substantial number of servers, storage, and network connections

Deep Learning Deep learning is a subset of machine learning in Arti� cial Intelligence (AI) that has networks capable of learning unsupervised from data that is unstructured or unlabeled. Also known as Deep Neural Learning or Deep Neural Network

Desktop Virtualization It refers to a virtualization technology that separates an individual's PC applications from his or her desktop. Virtualized desktops are generally hosted on a remote central server, rather than the hard drive of the personal computer

92




Digital Identities The digital representation of an identity

Digital Disruption The change that occurs when new digital technologies and business models a� ect the value proposition of existing goods and services

Disruptive Technology Refers to any enhanced or completely new technology that replaces and disrupts an existing technology, rendering it obsolete. It is designed to succeed similar technology that is already in use. It applies to hardware, software, networks and combined technologies

Docker It is a tool designed to make it easier to create, deploy, and run applications by using containers. Containers allow a developer to package up an application with all of the parts it needs, such as libraries and other dependencies, and ship it all out as one package

Environment (ITIL® phase: Service Transition) A subset of the IT infrastructure that is used for a particular purpose; for example, live environment, test environment, and build environment

Enterprise Mobility Management

Enterprise Mobility Management (EMM) is software that allows organizations to securely enable employee use of mobile devices and applications

Firewall A function to restrict network access according to speci� c rules

93




Functionality Function: An intended purpose of a Con� guration Item, person, team, process, or IT service; for example, one function of an e-mail service may be to store and forward outgoing mails while one function of a business process may be to dispatch goods to customers

Governing, Governance

Governance: Ensuring that policies and strategy are actually implemented and that required processes are correctly followed; governance includes de� ning roles and responsibilities, measuring and reporting, and taking actions to resolve any issues identi� ed

Guest Operating System

An operating system that is run on top of a virtualization layer (that is, hypervisor), not directly on the hardware

Hosting Providing a server for an application

HTTP HyperText Transfer Protocol

Hybrid Cloud The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (for example, cloud bursting for load-balancing between clouds) (Source: NIST CC De� nition)

Identity and Access Management

Is a framework for business processes that facilitates the management of electronic or digital identities. The framework includes the organizational policies for managing digital identity as well as the technologies needed to support identity management

94




Identity Provider Issuer of identities, typically including the facility to authenticate

Information Technology (IT)

The use of technology for the storage, communication, or processing of information; the technology typically includes computers, telecommunications, applications, and other software; the information may include business data, voice, images, video, and so on; IT is often used to support business processes through IT services

Infrastructure All the hardware, software, networks, facilities, and so on that are required to develop, test, deliver, monitor, control, or support IT services; the term IT infrastructure includes all of the Information Technology but not the associated people, processes, and documentation

Infrastructure as a Service

The capability provided to the consumer to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications; the consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control over selected networking components (for example, host � rewalls) (Source: NIST CC De� nition)

Integration (software) Here: Bundling applications for use by end users while enabling meaningful data exchange between these applications

95




Integrity (ITIL® phase: Service Design) A security principle that ensures that data and Con� guration Items are only modi� ed by authorized personnel and activities; integrity considers all possible causes of modi� cation, including software and hardware failure, environmental events, and human intervention

Interactive Allowing real-time interaction, as opposed to batch

Interfaces Means through which IT systems are accessed or connected

IT Service Management The implementation and management of quality IT services that meet the needs of the business; IT Service Management is performed by IT service providers through an appropriate mix of people, processes, and Information Technology

IT Strategy A set of objective(s), principles, and tactics relating to the IT that the organization uses

Kubernetes It is a container management system meant to be deployed on Docker-capable clustered environments

LAN Local Area Network

Microservices It’s an architectural approach for creating cloud applications, where each application is built as a set of services

Migration Change of provider, supplier, or architecture while retaining some of the current assets

96




Mobile Device Management

Refers to the control of one or more mobile devices through various types of access control and monitoring technologies

Multicloud It is a cloud approach made up of more than one cloud service, from more than one cloud vendor—public or private

Network The technology through which data is transmitted

Network Perimeter Traditionally, the administrative border of the network

Network Virtualization In computing, network virtualization is the process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network

Operating Model An abstract representation of how an organization works, including processes, organization, and technology

Paravirtualization An enhancement of virtualization technology in which a guest OS is recompiled prior to installation inside a virtual machine

Password A secret used to authenticate a user to an account

Patch A patch is a change applied to a piece of software designed to � x problems

Physical In the context of cloud computing and virtualization: Real, as opposed to virtual

97




Platform A technology to build software solutions on; typically, a combination of hardware and software

Platform as a Service Platform as a Service (PaaS) — the capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment con� gurations (Source: NIST CC De� nition)

Privacy The right of individuals to selectively disclose information about themselves and restrict the further use of that information by any party

Private Cloud The cloud infrastructure is operated solely for an organization; it may be managed by the organization or a third party and may exist on premise or o� premise (Source: NIST CC de� nition)

Public cloud The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services

Resource (ITIL® phase: Service Strategy) A generic term that includes IT Infrastructure, people, money or anything else that might help to deliver an IT service; resources are considered to be the assets of an organization

98




Risk A possible event that could cause harm or loss or a� ect the ability to achieve objectives; a Risk is measured by the probability of a threat, the vulnerability of the asset to that threat, and the impact it would have if it occurred

Risk Management The process responsible for identifying, assessing, and controlling risks

Security Management ISM: (ITIL® phase: Service Design) The process that ensures the con� dentiality, integrity, and availability of an organization’s assets, information, data, and IT services; Information Security Management usually forms part of an organizational approach to Security Management, which has a wider scope than the IT service provider, and includes handling of paper, building access, phone calls, and so on for the entire organization

Sensitive Data Data of which unauthorized disclosure poses a risk

Server (ITIL® phase: Service Operation) A computer that is connected to a network and provides software functions that are used by other computers

Server Virtualization Server virtualization is the masking of server resources, including the number and identity of individual physical servers, processors, and operating systems, from server users

Service Level Agreement (SLA)

SLA — a document explaining expected quality of service and legal guarantees (Source: NIST-SAJACC)

99




Service(s) A means of delivering value to customers by facilitating the outcomes customers want to achieve without the ownership of speci� c costs and risks

Software as a Service Software as a Service (SaaS) — the capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure; the applications are accessible from various client devices through a thin client interface. such as a Web browser (for example, Web-based e-mail); the consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-speci� c application con� guration settings (Source: NIST CC de� nition)

Storage Virtualization Storage virtualization is the amalgamation of multiple network storage devices into what appears to be a single storage unit, from which multiple logical storage devices can be presented to consumers

Synchronization Originally, keeping the same time; in the context of IT typically, the process of making data copies identical

System Management The part of IT Service Management that focuses on the management of IT infrastructure rather than on the management of processes

Uniform Resource Locator (URL)

An address on the World Wide Web

100




User Interface The space where interaction between humans and machines occurs (can include technology as well as service and cognitive elements)

Vertical Cloud A vertical cloud, or vertical cloud computing, is the phrase used to describe the optimization of cloud computing and cloud services for a speci� c vertical/industry or speci� c application use

Virtual Appliance An appliance delivered as a virtual machine image, which includes a bundle of virtual hardware and software created to serve a speci� c purpose (for example, Web server)

Virtual Desktop Infrastructure

Virtual Desktop Infrastructure (VDI) is the practice of hosting a desktop operating system within a virtual machine (VM) running on a centralized server

Virtual Environment An environment consisting of virtualized resources

Virtual Machine Software that looks and behaves just like a physical server onto which an operating system can be loaded

Virtual Private Network (VPN)

A seemingly closed and dedicated network using public network resources

Virtual Server A virtualized server, typically including an operating system

101




Virtualization Abstracting hardware resources, typically through software, to mask the physical boundaries to the user (for example, to provide multiple copies of a server)

Virtualized Development Environment

An environment consisting of virtualized resources, in which development is done

Virtual Reality Refers to computer-generated environments or realities that are designed to simulate a person’s physical presence in a speci� c environment that is designed to feel real. The purpose of VR is to allow a person to experience and manipulate the environment as if it were the real world

Virtual Private Cloud A virtual private cloud is the logical division of a service provider's public cloud multi-tenant architecture to support private cloud computing in a public cloud environment

Web Hosting Hosting of Websites (that is, applications accessed over HTTP)

Web Service An API accessed over the Web

Wide Area Network A network with a large, potentially global, geographical scope

102


i - Cloud serViCes - strategy

a) Should the service provider adopt the cloud?

Yes, the service provider should adopt the cloud as it can overcome the common traditional computing challenges such as provisioning delays, insufficient capacity, poor resource utilization, inability to scale as demand rapidly changes, etc.

b) Identify the top three business drivers for the service provider to adopt the cloud.

Faster Provisioning, better server utilization, rapid scaling are top business drivers for adopting the cloud.

c) What are the typical challenges the service provider faces in its on-premise traditional computing environment?

Expensive up-front capital expenses, provisioning delays, insufficient capacity planning, poor resource utilization, inability to scale rapidly, absence of high availability and disaster recovery, limited support to meet all timely tasks are some of the challenges faced by a typical traditional data center.

d) Which cloud essential characteristics play a prominent role for migrating to the cloud?

All the five essential characteristics namely, on demand self-service, broad network access, resource pooling, rapid elasticity and measured service will play a prominent role for migrating to the cloud.

e) Which service model(s) should the service provider select? Why?

The service provider should adopt the IaaS and PaaS models as it provides the capabilities for provisioning infrastructure as well as developing and deploying applications and services.

appendix CCase study – sample ansWers


f) Which deployment model(s) should the service provider select and why?

The best deployment model in the given scenario would undoubtedly be the Virtual Private Cloud (VPC) as it provides the security of a private cloud and the cost savings and scalability of the public cloud.

g) Would the service provider need to engage the services of a broker for value-addition?

Depends. If the service provider needs specialized services such as Security-as-a-Service or Identity-as-a-Service, etc. then it would be advisable to engage the services of a broker for value-addition.

h) What benefits can the service provider gain by migrating to the cloud?

There are many benefits by moving to the cloud- cost savings, faster provisioning, better utilization rate, rapid scaling, high availability, faster performance, disaster recovery, agility and flexibility, green computing and so on.

i) Which challenges, if any, will the service provider still tend to encounter after the migration to the cloud?

Performance can still be a challenge since network connectivity can become slow at times due to congestion, vendor lock-in may pose a challenge if proprietary technologies or formats used, security challenges if data in transit and rest are not secured properly, VM sprawl challenge if limits are not imposed on the number of virtual machines that can be created, compliance and privacy challenges and so on.

j) Depending on the service model selected, what all will be the responsibilities of the service provider?

For the service models selected, the service provider will be responsible for the Operating System, Runtime, Applications, and Data.

ii - teChnology – Virtualization

a) What are the advantages and disadvantages of using multiple virtualization technologies?

If the organization uses a heterogeneous technology environment, then multiple virtualization technologies would be advantageous as it caters to the widespread use of the requirements. The disadvantages are that managing multiple virtualization technologies is cumbersome and time-consuming and portability across environments can be challenging.



b) Should the service provider opt for open-source technology stacks or proprietary based?

If an option exists, it is better to go for the open-source technology stacks and where it is not feasible, then proprietary based technology stacks can be used with appropriate exit strategies planned.

c) Should virtual machines or containers be used for application deployment? Why?

For isolated and secure workloads, virtual machines may be used and for workloads that need clusters and cluster management, containers would be ideal. One can also use containers within virtual machines. Containers are better suited because they are light-weight, high density, fully packaged, platform agnostic as compared to virtual machines.

d) There are different types of containers in use – Docker, Kubernetes, etc. Does it matter which container type is used?

It does not matter which container type is used. Each container type has its own advantages and disadvantages. The functionality, however, is similar.

e) How does the service provider mitigate the risk of VM sprawl?

Policies should be used to limit the creation of number of virtual machines per user. In development environments, time bound virtual machines can also be created which terminate the vms after the period expires.

f) How are other risks arising from portability and interoperability handled?

One way is to use open source technology stacks and other ways can include creating suitable APIs that expose compatible interfaces between different technologies and platforms.

iii - digital transFormation teChnologies

a) What kind of specific environment(s) would be required for the experimentation of the various digital transformation technologies mentioned?

Specific environments will cater to different types of workloads, for example, containers for cluster management; sensors, actuators, gateways and protocols for IoT; sources of big data for Machine Learning analysis and predictions; data warehousing storage for analytical databases; streaming data feeds; etc.


Appendix C | Case Study – Sample Answers

b) How would you address the regular need of high computing capacity for short periods of time?

Cloud bursting is one such phenomenon that can be utilized for short periods of time in cases of additional demand that needs to be catered in a timely manner.

c) How would Agile and DevOps enable a faster transition to the cloud?

Agile and DevOps focus on the principles of short iterations, incremental development, continuous integration, delivery and deployment. With such short time scales for development and deployment, feedback is also available regularly thereby limiting the number of issues or changes to be incorporated. With the use of automation, this results in a faster transition to the cloud.

d) What standards and connectivity protocols would need to be considered for working with the IoT sensors and applications?

For IoT types of workloads, light-weight protocols such as MQTT are highly preferable over HTTP, as well as different transmission standards such as wi-fi, Bluetooth, etc. need to be used.

e) Identify the risks involved while experimenting the use of digital transformation technologies.

As with any new technology, risks need to be carefully studied and mitigated. In the case of the rapidly evolving digital technologies, there are many proprietary protocols, devices, operating systems that manufacturers adopt that it becomes difficult to narrow down the risks and address the issues arising from them. It is imperative that the service provider selects a reputed few and understand the limitations or disadvantages of the same.

f) Identify the sources of big data required for the purposes of Data Analytics and Machine Learning predictions.

Transactional databases, social media tweets, comments and feedback, blogs, audio and videos, graphics and animation, logs, documents, etc. are some of the sources of big data that can be analyzed for meaningful predictions to enhance the business.



iV - seCurity, risKs and goVernanCe

a) What is the purpose of Compliance and Governance in this case study.

The purpose of governance is to ensure that investments brought value to the business and risks are mitigated. Compliance is required to check that regulations of the land are properly enforced and no jurisdictional violations occur in terms of data retention, storage, processing or transfer.

b) What is your defined level of risk tolerance?

The level of risk tolerance is a matter of organizational objectives, goals and policy. In general, for mission critical workloads the risk tolerance should be very low whereas for general workloads the risk tolerance can be relatively medium.

c) How would you ensure that only authorized users will have access to the important data?

Users should be provided with strong authentication credentials (strong password a must), multi-factor authentication facility, and should have minimal permissions based on their role. As a best practice, important data should always be encrypted in transit and at rest.

d) How would you ensure that sensitive and confidential data is secured during transit and at rest?

Data at rest should be encrypted with secure key management processes and data during transit should be accessed through secure protocols such as HTTPS, SSL, etc.

e) How would you mitigate the risks of vendor lock-in?

As far as possible, make use of open-source technologies, platforms and formats so that if a need arises to move to a different service provider, then the migration does not become difficult and expensive. Also, additionally it is better to have an exit plan ready in case of eventualities.



V - adopting the Cloud

a) What types of applications will you first select for the migration to the cloud?

New Development and Test applications, applications that need to scale rapidly, on and off workload types of applications such as batch jobs, predictable and unpredictable workloads.

b) Are the applications developed using the standard 3-tier architecture? Are microservices also being used and why?

Architectures will remain the same in the cloud as used in the on-premise data center. For new applications and where existing applications are complex and re-factoring is feasible, then microservices will be used since it makes it easier to manage and extend the same.

c) What programming languages and source-control version will you consider for development?

As per the organizational policy, the same programming languages and source-control version repositories will be used as in the on-premise data center. Where necessary, additional repositories can also be considered.

d) What databases and caching mechanisms would you use in your applications?

As per the organizational policy, the same databases will be used as in the on-premise data center. Where data formats and types are suitable and optimal for other cloud-based storage services, the same will be evaluated and considered accordingly. In-memory caching and other services will also be considered for faster performance.

e) How do you handle load balancing and performance (latency) issues?

Depending on the requirement, different types of load balancers (application, network, classic) will be used. Latency based issues will be reduced by using CDNs where appropriate.

f) What would be your ideal scaling strategy – vertical or horizontal or a combination of both? What are the advantages and disadvantages of using these two forms of scaling?

Preferable form of scaling would be horizontal since it does not impose the restrictions found with vertical scaling – namely, brief downtime and physical upper limits. Where feasible and practical, vertical scaling can be used. Additionally, horizontal scaling can be automated without the need to monitor the resources continuously.



g) How will you address high availability and disaster recovery?

In the VPC model, the public service provider provides the default high availability and disaster recovery mechanisms.

h) On what media types would you consider taking back-ups of your data plus applications and how frequently would you suggest this practice?

Backups will be taken from various cloud services on disks and tapes. The frequency of the backups will vary according to the criticality of the application and the data. However, a standard practice would be to run batch-jobs during off-peak hours daily so as to take backups regularly.

i) What tools would you use for monitoring, auditing, reporting, measuring, billing, debugging?

Effective tools used in the on-premise data center will continue to be used in the cloud as well. Additionally, new tools will be evaluated and considered for various purposes such as monitoring, logging, auditing, etc.

j) What type of incident response plan would you have in case of outages / disruptions in service?

Since the deployment model is the VPC, we shall ensure in the SLA with the public service provider that the outages/disruptions are maintained to as minimum as possible. If these incidents occur due to our system configurations or code, we shall have a fully evaluated plan for the same.

implementation

a) What approach would you take to resolve the challenges faced?

First create a business case. If feasible, then evaluate cloud technology, develop a proof of concept, develop and deploy in the VPC for test and development applications, then migrate internal IT applications (stage by stage or one by one).

b) How would you prioritise the list of challenges?

Depending on the business case and the factors that have plagued the organization the most, such factors will be prioritized. For example, provisioning time is always very slow in traditional computing environments which can be speeded up in the cloud. So, this would be one of the priorities. Other priorities include ineffective utilization of hardware, scalability issues, etc.



c) What time-frame would you suggest for the entire implementation of the project?

The implementation would be done in phases. Initially a Proof-of-Concept (PoC) would be evaluated. Then a couple of development and test applications with databases will be migrated and monitored. Finally, each major system will be migrated one by one and observed for any issues.

d) If your cloud solution includes entering into a contract with a public service provider (public cloud / hybrid cloud / virtual private cloud / outsourced private or community cloud), how would you evaluate the fitness of the public service provider?

Some of the ways to evaluate the service provider is to obtain and study the provider’s brochures that highlight its history, financial standing, types of services provided that meet the organization’s objectives, client list, SLA terms, reliability and security posture. Additionally, one can request for a cloud auditor’s report, find out the provider’s reputation from social media reviews, industry experiences and feedback, etc.

e) If your solution includes any of the forms of public cloud as mentioned in d, what characteristics of the public cloud will you focus on?

Cost savings, scalability and flexibility, default high availability and disaster recovery, high agility, use of CDNs for better performance, etc, would be the areas of focus.

summary

1. How likely will the adoption of cloud be a success in the above case study?

This case study is typical of an organization which faces many challenges in the traditional computing environment and should migrate to the cloud where the success rate is high.

2. What critical success factors will determine this success?

Faster provisioning, rapid scaling, automation, minimal capacity planning, efficient resource utilization, green computing, and high agility are some of the critical success factors contributing to the success of this migration.

3. Would cost savings play an important part to adopting the cloud?

Cost savings will be one of the important factors while adopting the cloud, though, it may not be the most important factor.



4. What other suggestions, would you make to optimize the adoption process to the cloud?

Build security from the first stage itself, make use of CDNs, have policies that restrict the number of resources that can be created, follow the principle of least privilege for providing access to services, monitor continuously, log all access requests and actions, are some practices that should be regularly followed.

5. What factors will enable you to recommend other businesses from adopting the cloud?

Faster provisioning, rapid scaling, automation, minimal capacity planning, efficient resource utilization, green computing, and high agility besides cost savings are the main factors for adopting the cloud.



appendix drelease notes

Release Notes

Cloud Technology Associate+

Release Version No. Date

Previous NA NA

Current 3.0.0 August 2018

Next TBD TBD

Course Description

Course Duration: 8 hours Number of Sections: 6

Case Study Based: Yes Associated Certificate: Cloud Technology Associate+

Components Released Presentation Pack and Self-Study Guide

New Features The self-study guide contains additional concepts related to cloud, virtualization, and various other terminologies which are seamlessly blended with latest digitization trends and technologies.

Bugs Reported Action Taken

NA NA

Known Issues Expected Fix

NA NA

Copyright © 2018


appendix epartiCipant FeedBaCK Form

did you like the course?

Please take five minutes to complete our survey. Your feedback is appreciated.

Click here to complete the online feedback form


https://docs.google.com/a/itpreneurs.com/forms/d/e/1FAIpQLSe97t0_906_LBflQQI5z0f17g22tt5shOok1znxIgwx-PEZIA/viewform

Documents

Cloud Technology Associaet...Cloud Technology Associaet +