Chapter 7: Cloud Infrastructure Mechanisms

7.1 Logical Network Perimeter

7.2 Virtual Server
7.3 Cloud Storage Device
7.4 Cloud Usage Monitor
7.5 Resource Replication
7.6 Ready-Made Environment

2
7.1. Logical Network Perimeter
• Isolation of a network environment from the rest of a communications
network

• Establishes a virtual network boundary Figure 7.1

that can encompass and isolate a group of related cloud-based IT

resources

• This mechanism can be implemented to:

– isolate IT resources in a cloud from non-authorized users
– isolate IT resources in a cloud from non-users
– isolate IT resources in a cloud from cloud consumers
– control the bandwidth that is available to isolated IT resources

3
7.1. Logical Network Perimeter

• Established via network devices that supply and control the

connectivity of a data center.
• Deployed as virtualized IT environments that includes:

– Virtual Firewall : An IT resource that actively filters network

traffic to and from the isolated network while controlling its
interactions with the Internet.
– Virtual Network : Usually acquired through VLANs, this IT
resource isolates the network environment inside the data center
infrastructure.

• The cloud consumer’s on-premise environment and a cloud provider’s

cloud-based environment, connected through VPN and protect
communications. Figure 7.3 4
7.1. Logical Network Perimeter

Figure 7.3. Two logical network perimeters surround the cloud consumer
and cloud provider environments
5
7.1. Logical Network Perimeter

VPN is typically implemented by point-to-point encryption of the data packets

sent between the communicating endpoints

6
 Case Study Example

• DTGO -a public organization that specializes in IT infrastructure and technology

services for public sector organization.
• DTGOV has virtualized its network infrastructure to produce a logical network
layout favoring network segmentation and isolation.
• Figure 7.4 depicts the logical network perimeter implemented at each DTGOV data
center. A logical network layout is established through a set of logical network
perimeters using various firewalls and virtual networks.

7
7.2. Virtual Server
• Virtualization software that emulates a physical server
• A virtual resource that can be instantly provided regardless of the
availability of physical resource
• Multitenancy: Share the same physical server with multiple cloud
consumers
Figure
7.5. The first
physical
server hosts
two virtual
servers,
while the
second
physical
server hosts
one virtual
server

8
7.2. Virtual Server

• Virtual server the most foundational architecture of cloud environments

• Virtual server can host numerous IT resources, cloud-based solutions, and

various other cloud computing mechanisms

• The instantiation of virtual servers from image files is a resource allocation

process

• Virtual servers can customize their environments independently from

other cloud consumers that may be using virtual servers hosted by the
same underlying physical server. Figure 7.6

9
 7.2. Virtual Server

Figure 7.6. A virtual server hosts an active cloud service and is further accessed by a cloud
consumer for administrative purposes. 10
 7.2. Virtual Server
• Case Study Example

Figure 7.7. Virtual servers are created via the physical servers’ hypervisors and a central VIM.
11
7.2. Virtual Server

• Virtualization mechanisms
• A core technology enabling cloud computing service platform & the most
fundamental building block of cloud environment
• Instant VM creation by copying template VM image file (on-demand
resource provisioning)
• On-line scaling up/down (by allocating more/less cores) or out/in (by
adding/removing VM instances)
• On-line server migration by replicating VM image file to the other physical host and
switching over
• Seamless service failover by reinstating the same VM image file within the same
physical host or by replicating the VM mage file and reinstating it between different
physical hosts
• Effective load balancing by even provisioning and real-time on-line migration
• Easy administration and self-provisioning

12
7.2. Virtual Server

• The following processes are illustrate the creation and

management of virtual servers process
(1) The cloud consumer uses the self-service portal to select a template
virtual server for creation

(2) A copy of the corresponding VM image is created in a cloud

consumer-controlled cloud storage device

(3) The cloud consumer initiates the virtual server using the usage and
administration portal

(4) Usage and administration portal interacts with the VIM to create the
virtual server instance via the underlying hardware

(5) The cloud consumer is able to use and customize the virtual server via
other features on the usage and administration portal

• The processes are depict in Figure 7.8 13

7.2. Virtual Server

Figure 7.8 the

creation and
management
of virtual
servers
process

14
7.2. Virtual Server

Virtual Server Creation, Migration and Replication

15
7.2. Virtual Server

• DTGOV’s IaaS environment contains hosted virtual servers

that were instantiated on physical servers running the same
hypervisor software that controls the virtual servers. Their
VIM is used to coordinate the physical servers in relation to
the creation of virtual server instances.

• This approach is used at each data center to apply a uniform

implementation of the virtualization layer.

• Figure 7.7 depicts several virtual servers running over physical

servers, all of which are jointly controlled by a central VIM.

16
7.2. Virtual Server (Assignment)

• Create an instance of virtual server at free service for virtual

server instance website.
• Demonstrate the steps while you create an instance of virtual
server and what are you learn on it?

17
7.3. Cloud Storage Device
• Storage devices that are designed specially for cloud-based
provisioning
• Possibly virtualized and/or distributed in general
• Usually upper-bounded due to capacity allocation in support
of the pay-per-use mechanism
• Open to remote access via cloud storage services (via
Representational State Transfer or RETful APIs)
• Main concern: the security, integrity, and confidentiality of
data
• Legal and regulatory issues for relocating data across
geographical or national boundaries
• Performance issues as well due to remote and/or large data
access

18
7.3. Cloud Storage Device

• Cloud storage levels

• Cloud storage device mechanisms provide common
logical units of data storages:
• Files: collections of data are grouped into files that are
located in folders.
• Blocks: the lowest level of storage and the closest to
the hardware – a block is the smallest unit of data that
is still individually accessible.
• Datasets: sets of data are organized into a table-based,
delimited or record format.
• Objects: data and its associated metadata are
organized as Web-based resources.
19
7.3. Cloud Storage Device
• Each data storage levels associated with a certain type of
technical interface or APIs

20
7.3. Cloud Storage Device
• Cloud Storage Levels

Figure 7.9. Different

cloud service consumers
utilize different
technologies to interface
with virtualized cloud
storage devices. (Adapted
from the CDMI Cloud
Storage Reference
Model.)

21
7.3. Cloud Storage Device
Network storage interface
• Storage devices in compliance with industry standard protocols such
as SCSI for storage blocks, the server message block (SMB), common
Internet file system (CIFS) and network file system (NFS) for file and
network storage
• Destitute storage devices for large data sets such as HDFS or Ceph
• File interfaces: data file format with different size and complex
store/retrieve mechanism – less optimal in terms of performance
• Block interface: data block format with fixed size and simple (block
number/LUN) store/retrieve mechanism – optimal in terms of performance,
but need for files ystem mechanism on top of it anyway (except for raw
device usage)

22
7.3. Cloud Storage Device

Network storage interface

• SCSI
– It is one of the most commonly used interface for disk drives
– It is capable of supporting eight devices, or sixteen devices with Wide SCSI
– SCSI host adapter located on ID number 07 and boots from the ID 00
• iSCSI
– It is a storage area networking protocol used to send block storage from storage
arrays or devices to client computers
– It works on top of the Transport Control Protocol (TCP) and allows the SCSI
command to be sent end-to-end over local-area networks (LANs), wide-area
networks (WANs) or the Internet.
• LUNs
– In SCSI , it is stand for logical unit and are specified by unique logical unit
numbers
– LUN represents an individually addressable (logical) SCSI device
– It is part of a physical SCSI device
– In an iSCSI, LUNs are essentially numbered disk drives

23
7.3. Cloud Storage Device

Object Storage Interfaces

• Various types of data can be referenced and stored as Web resources;

Object (all or nothing access – put/get/post/delete)
• Accessed via REST or Web service-based cloud services using HTTP as the
prime protocol

• Defined by Storage Networking Industry Association’s Cloud Data

Management Interface (CDMI) supports the use of object storage
interfaces

24
7.3. Cloud Storage Device
Database Storage Interfaces

• Cloud storage device mechanism typically support a query language in addition to

basic storage operations

• Using a standard API for storage management or an administrative user-interface

• According to storage structure, storage interface is divided into two main categories :
Relational Data Storage and Non-Relational Data Storage

 Relational Data Storage : RDBMSs are used traditionally

- RDBMS rely on tables to organize similar data into rows and columns
- Data normalization : to protect data integrity, and to avoid data redundancy
 A cloud storage device use different commercial or free database products such
as DB2, Oracle Database, Microsoft SQL Server, MySQL and Tibero, etc. with
their own access protocols
 Challenges with cloud-based relational databases : scaling and performance.
- Vertical scaling is more complex than horizontal scaling
- Complex relationship and /or large data volumes caused higher processing
overhead and latency when access via remotely cloud interface
25
7.3. Cloud Storage Device
Database Storage Interfaces

• Non-Relational Data Storage

 Commonly known as NoSQL storage with non-traditional & unstructured data

 Weakening consistency model with BASE (Basically Available, Soft states,
Eventual consistency) properties
 Purpose of avoiding the potential complexity and processing overhead that
can be imposed by relational database
 More horizontally scalable than relational storages – scale-out rather than
scale-up (vertical)
 Trade-off: possible consistency violation with no traditional relational
database functions such as transactions or joins
 Data denormalized while being exported from relational storage to non-
relational storage resulting in size increase due mainly to increased data
redundancy
26
7.4. Cloud Usage Monitor
• The cloud usage monitor mechanism a lightweight and autonomous
software program responsible for collecting and processing IT resource
usage data

• Depending on the type of usage metrics and the way usage data needs to
be collected; cloud usage monitors can exist in different formats

• Agent-based implementation in which usage data are collected and

forwarded to a log database for post processing and reporting purpose

• Three common agent-based implementation formats:

– Monitoring Agent
– Resource Agent
– Polling Agent

• Each format designed to forward collected usage data to a log database

for post-processing and reporting purposes
27
7.4. Cloud Usage Monitor
Monitoring Agent
• An intermediary, event-driven program that exists as a service agent
• It resides along existing communication paths to transparently monitor
and analyze data flows. Figure 7.12
• It is commonly used to measure network traffic and message metrics.

28
7.4. Cloud Usage Monitor
• Monitoring Agent

(1) A cloud service consumer sends a request message to a cloud service .

(2) The monitoring agent intercepts the message to collect relevant usage data
(3a) Before allowing it to continue to the cloud service
(3b)The monitoring agent stores the collected usage data in a log database.
(4) The cloud service replies with a response message
(5)that is sent back to the cloud service consumer without being intercepted by the
29
monitoring agent.
7.4. Cloud Usage Monitor
Resource Agent
• A resource agent is a processing module
• That collects usage data by having event-driven interactions with
specialized resource software Figure 7.13
• Commonly used to monitor usage metrics based on pre-defined,
observable events at the resource software level such as initiating,
suspending, resuming, and vertical scaling

30
7.4. Cloud Usage Monitor
• Resource Agent

(1) The resource agent is actively monitoring a virtual server and detects an increase in
usage
(2) The resource agent receives a notification from the underlying resource management
program that the virtual server is being scaled up and stores the collected usage data in
a log database, as per its monitoring metrics
31
7.4. Cloud Usage Monitor
Polling Agent : processing module
• It collect cloud service usage data by polling IT resources
• It is commonly used to periodically monitor IT resource status, such as
uptime and downtime
• Consumer consideration:
– How do consumers trust the cloud provider’s usage statistics?
– What if those agents work too hard?

32
7.4. Cloud Usage Monitor
Polling Agent

Figure 7.14

(1) A polling agent monitors the status of a cloud service hosted by a virtual server by
sending periodic polling request messages and receiving polling response
messages that report usage status “A” after a number of polling cycles, until it
receives a usage status of “B”

(2) Upon the status of “B”, the polling agent records the new usage status in the log
database
33
7.5. Resource Replication
• Periodic replication of cloud resource including data

• Primarily to enhance the availability and the performance of IT

resource

• Virtualization technology is used to replicate cloud-based IT

resources
– Everything – VM, configuration, memory status and data – stored in image
files in virtualized environment
– Resource replication easily done via replicating image files

• Availability enhancement
– Each VM image files periodically replicated locally (within the same data
center) and/or remotely (to another data center)
– A new VM instance activated with the same service access point (IP) from the
replica locally or remotely in case of a VM/PM failure minimizing VM
downtime

34
7.5. Resource Replication
• Performance enhance
– A VM image files replicated onto another physical machine with enough
processing power when the performance of a VM is degraded
– VM service switched over by deactivating the current VM instance and
activating a new VM instance from the replica on another physical
machine
– VM migration mainly for the purpose of load balancing and on-line VM
scale-up/down

35
7.5. Resource Replication

Figure 7.16. The hypervisor

replicates several instances of a
virtual server, using a stored
virtual server image

36
 Assignment
• Case Study Example :
– Cloud Usage Monitor Figure 7.15

• Case Study Example:

– Resource Replication Figure 7.17 to 7.19

37
7.6. Ready-Made Environment
• A PaaS cloud delivery model that represents a pre-defined, cloud-based
platform comprised of a set of already installed IT resources

• Ready to be used and customized by a cloud consumer

• User-defined environment
– Utilized by cloud consumers to remotely develop and deploy their own services
and applications with a cloud
– Many IT resources pre-installed such as database, middleware, development
tools and governance tools as specified by consumers in general (master or
template VM image files)
– Typically equipped with a complete software development kit (SDK) that
provides cloud consumers with programmatic access to the development
technologies that comprise their preferred programming stacks
– Middleware for multitenant platforms to support the development and
deployment of Web application

38
7.6. Ready-Made Environment

Figure 7.20. A cloud consumer accesses a ready-made environment hosted

on a virtual server.

39