Cloud Computing Asm2 Tran Xuan Tu 2

lOMoARcPSD|15959729
Cloud-Computing ASM2 Tran-Xuan-Tu 2
Computer Architecture (Trường Đại học FPT)
Studocu is not sponsored or endorsed by any college or university

Downloaded by L?c Phú ([email protected])
lOMoARcPSD|15959729
BTEC FPT INTERNATIONAL COLLEGE
INFORMATION TECHNOLOGY
HIGHER NATIONAL DIPLOMA IN COMPUTING
FINAL REPORT OF ASSIGNMENT 2
UNIT: CLOUD COMPUTING
STUDENT : Tran Xuan Tu

CLASS : PBIT15101
STUDENT ID : BDAF190018
SUPERVISOR : MSc. Xuan Ly NGUYEN THE
DaNang, August 2021

lOMoARcPSD|15959729
ASSIGNMENT 2 FRONT SHEET
Qualification BTEC Level 4 HND Diploma in Computing
Unit number and title Unit: Cloud Computing
Date received (1st sub-

Submission date 21/08/2021 21/08/2021
mission)
Date received (2nd

Re-submission date
submission)
Student name Tran Xuan Tu Student ID BDAF190018
Class PBIT15101 Assessor name Xuan Ly Nguyen The
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences
of plagiarism. I understand that making a false declaration is a form of malpractice.
Student’s signature:
Tu
Grading grid
P5 P6 P7 P8 M3 M4 D2 D3

lOMoARcPSD|15959729
Summative Feedbacks: Resubmission Feedbacks:
Grade: Assessor Signature: Date:

Internal Verifier’s Comments:
Signature & Date:

lOMoARcPSD|15959729
TABLE OF CONTENT
TABLE OF CONTENT ........................................................................................ii
LIST OF TABLES AND FIGURES ...................................................................... iv
INTRODUCTION ............................................................................................... 1
CHAPTER 1 CLOUD COMPUTING DEPLOYMENT ......................................... 4
1.1 Configure a Cloud Computing platform with a cloud service provider’s

framework 4
1.1.1 Register and log in to the AWS system ............................................... 4
1.1.2 Request and provision a compute server in AWS cloud ....................... 7
1.2 Implement a cloud platform using open source tools ............................... 21
1.2.1 Connect to the instance using SSH .................................................. 21
1.2.2 Install WordPress on Ubuntu 18.04 LTS with Nginx, MariaDB and PHP-
FPM [1] 22
1.2.3 Configure WordPress ...................................................................... 29
1.2.4 Customize WordPress site .............................................................. 30
1.2.5 Backup website .............................................................................. 38
1.2.6 Website screenshots ....................................................................... 39
1.2.7 Review some admin functions in the dashboard ................................ 48
1.2.8 Review some functions of website.................................................... 58
1.3 Discuss the issues and constraints one can face during the development
process 64
CHAPTER 2 TECHNICAL CHALLENGES AND ASSESS RISKS ..................... 67
2.1 Analyze the most common problems which arise in a Cloud Computing
platform [2] 67
2.2 Appropriate solutions to these problems [2] ............................................ 68
2.3 Assess the most common security issues in cloud environments ............. 69
2.3.1 Overview of security issues in cloud environments [3] ....................... 69

ii

lOMoARcPSD|15959729
2.3.2 Security issues of the company TuDoi .............................................. 71
2.4 Discuss how to overcome these security issues when building a secure cloud
platform 74
2.4.1 Countermeasures for Security Risks [3] ............................................ 74
2.4.2 IaaS Security Solutions[4]................................................................ 76
CONCLUSION................................................................................................. 78
REFERENCES ................................................................................................ 79
iii

lOMoARcPSD|15959729
LIST OF TABLES AND FIGURES
Table 1 Terminal command ............................................................................. 21
Table 2 Ubuntu Server Update Command ......................................................... 22
Table 3 Install NGINX web server ..................................................................... 22
Table 4 Install MariaDB and generate a new root password ................................ 23
Table 5 Install PHP-FPM and related PHP modules ........................................... 24
Table 6 Create a blank database...................................................................... 24
Table 7 Download the latest WordPress version................................................. 25
Table 8 Commands below to create the WordPress ........................................... 26
Table 9 Create your database ........................................................................... 26
Table 10 Configure the WordPress site configuration file .................................... 27
Table 11 Configure the WordPress site configuration file on the server ................ 27
Table 12 Enable the wordpress site................................................................... 28
Table 13 Commands in the terminal to backup the website. ................................ 38
Table 14 Commands in the terminal to restore the website ................................. 38
Figure 1 Link to AWS Site ................................................................................... 4
Figure 2 Click button Signup ............................................................................... 5
Figure 3 A registration interface of AWS .............................................................. 6
Figure 4 AWS login interface............................................................................... 7
Figure 5 Create an EC2 instance ........................................................................ 8
Figure 6 EC2 dashboard..................................................................................... 8
Figure 7 Choose AWS region............................................................................. 9
Figure 8 Launch instance ................................................................................... 9

iv

lOMoARcPSD|15959729
Figure 9 Choose an AMI ................................................................................... 10
Figure 10 Choose EC2 Instance Type ............................................................... 11
Figure 11 select the IAM role 'None' .................................................................. 11
Figure 12 Select Shutdown Behavior ................................................................. 12
Figure 13 Check the option to continue to protect Instance ................................. 12
Figure 14 Configure instance details.................................................................. 12
Figure 15 Add storage ...................................................................................... 13
Figure 16 Configure security group.................................................................... 14
Figure 17 Review and launch instance .............................................................. 15
Figure 18 Create a key pair............................................................................... 16
Figure 19 Status on launch ............................................................................... 16
Figure 20 Launch status ................................................................................... 17
Figure 21 Status of instance ............................................................................. 17
Figure 22 Create an EIP ................................................................................... 18
Figure 23 Allocate EIP address ......................................................................... 19
Figure 24 Associate EIP address ...................................................................... 19
Figure 25 Assign EIP to the instance ................................................................. 20
Figure 26 The instance received EIP ................................................................. 20
Figure 27 Connect to instance using SSH .......................................................... 21
Figure 28 Create a blank WordPress database .................................................. 25
Figure 29 Complete WordPress installation........................................................ 28
Figure 30 Configure WordPress ........................................................................ 29
Figure 31 Login to admin dashboard ................................................................. 30
Figure 32 Dashboard of Tu Doi Store ................................................................ 30
Figure 33 Theme selection interface .................................................................. 31
Figure 34 Add and active theme ........................................................................ 31

lOMoARcPSD|15959729
Figure 35 Customizing the theme ...................................................................... 32
Figure 36 Customize header ............................................................................. 32
Figure 37 Customize footer ............................................................................... 33
Figure 38 Customize menu ............................................................................... 33
Figure 39 Some required plugins....................................................................... 34
Figure 40 Antispam Bee ................................................................................... 34
Figure 41 WooCommerce ................................................................................. 35
Figure 42 Wordfence ........................................................................................ 36
Figure 43 Sucuri Security.................................................................................. 37
Figure 44 Duplicator ......................................................................................... 38
Figure 45 All pages of the site ........................................................................... 39
Figure 46 Home page ....................................................................................... 40
Figure 47 Dynamic Sneaker Page ..................................................................... 41
Figure 48 Slip-On Shoes Page .......................................................................... 42
Figure 49 About Us Page.................................................................................. 43
Figure 50 Shop Page ....................................................................................... 44
Figure 51 My Account Page .............................................................................. 45
Figure 52 Cart Page ......................................................................................... 46
Figure 53 Checkout Page ................................................................................. 47
Figure 54 Add New Post Function ..................................................................... 48
Figure 55 Add Media ........................................................................................ 49
Figure 56 Add New Page .................................................................................. 50
Figure 57 Comments ........................................................................................ 50
Figure 58 Add New Coupon .............................................................................. 51
Figure 59 Add New User .................................................................................. 52
Figure 60 Add New Product .............................................................................. 53
vi

lOMoARcPSD|15959729
Figure 61 Orders Interface ................................................................................ 54
Figure 62 Order status...................................................................................... 54
Figure 63 Overview report ................................................................................ 55
Figure 64 Products Report ................................................................................ 56
Figure 65 Revenue Report................................................................................ 56
Figure 66 Orders Report................................................................................... 57
Figure 67 Log in function .................................................................................. 58
Figure 68 Quick view function ........................................................................... 59
Figure 69 Search function ................................................................................. 59
Figure 70 View Product Information Function ..................................................... 60
Figure 71 Add review ....................................................................................... 61
Figure 72 Add to Cart function .......................................................................... 61
Figure 73 Checkout .......................................................................................... 62
Figure 74 Checkout Detail ................................................................................ 63
Figure 75 Common security issues in cloud environment (Elom Worlanyo, 2015) . 70
vii

lOMoARcPSD|15959729
INTRODUCTION
TuDoi Company is a Vietnamese company that sells shoes in many provinces across
Vietnam. In Vietnam, shoes are quite a popular fashion item. TuDoi company aims to
provide high quality shoe products, meet the needs of customers, at low prices. From the
designs in Assignment 1 and the architectural and functional designs, sum it all up to
implement this Assignment 2. In this report, I will give some e-commerce website
development processes based on the original design. This report consists of two main
chapters as follows:
Chapter 1: CLOUD COMPUTING DEPLOYMENT.
Chapter 2: TECHNICAL CHALLENGES AND ASSESS RISKS.
In chapter 1 the tasks are: Develop Cloud Computing solutions using service provider
open source frameworks and tools. Specifically as follows: I will have to configure the cloud
computing platform routing first, for my company using the AWS platform. Then I go through
the techniques to configure them, and download and install wordpress on the cloud service
provider's operating system. Then I proceeded to implement the e-commerce website
system. First, I'll import the right theme with full store-related functionality, load plugins that
assist me in building, controlling, and maintaining the site. Then proceed to design the
interface with full functionality as the design required in Assignment 1. Includes basic
functions, add products, add product categories, add users, add articles, add feedback
recovery, ... for administrators. And functions such as viewing, purchasing, checking cart,
payment, ... for customers. Next use plugins to fight hackers, spam, hackers or to backup
and analyze the store's data so that management can easily analyze the data. In addition, I
also give some of the difficulties I encountered when building an e-commerce website
system and how to overcome them.
In chapter 2 the tasks are: Analyze technical challenges for cloud applications and
assess their risks. First, I outline common problems that often arise in the cloud computing
system, including many risks and impacts to our company. From those risks, we take
measures to reduce or eliminate risks for the company to develop more stably. Then, given
the common security issues in the cloud environment, evaluate each issue, outline the
limitations of each of these. Then discuss and how to overcome these security issues when
building a secure cloud platform.
Perfomed Student: Tran Xuan Tu 1

lOMoARcPSD|15959729
To develop an e-commerce website here we build a website that sells shoes, we

develop according to the software development life cycle through the following steps:
Survey, then make requirements, from requirements build blueprints after design implement
system implementation and finally test.
After surveying the market, customers and referring to several e-commerce websites
on the internet, we have found several methods and techniques to develop our company's
website. To meet the practical needs of building an e-commerce website specifically, my
company is a website selling shoes. This website will be deployed on cloud computing, via
wordpress, easy to manage and design interface and easy functions. We use the IAAS de-
ployment model provided by AWS (EC2), and public cloud to deploy this website. We will
proceed to configure functions and services on EC2, download and install wordpress on
Ubuntu operating system provided by EC2, configure netword, repository, security,... to
complete the initial step. Leading the way in website building.
The requirement is to build a website that sells shoes with a beautiful interface and
full functions suitable for customers. As for the look and feel of my website, we use the
FlatSome theme to build the interface, we use techniques to come up with the most beautiful
and user-friendly interface possible. In terms of functions, we divide them into admin func-
tions and customer functions. For customers, we will provide functions such as: Customers
only want to see the store's products without requiring login, if they want to buy goods, cus-
tomers must register for an account and log in, add to cart function to help customers select
items and add to cart, checkout function to fill out basic order information, check order and
payment method, comment and suggest each store product ,... For admin there are func-
tions, edit interface, add products, add categories, manage users, manage products, man-
age comments, statistics and evaluate the store's sales,...
The design part of the functional system that I mentioned in Assignment 1 includes
the functions I gave in the requirements section. I will not mention it in this section anymore.
We first deploy the cloud computing system first, namely choose EC2, configure re-
lated issues, use Ubuntu as server for website, then install wordpress on ubuntu, use SSH
to connect with ubuntu and deploy the site on it. Next, log in to the dashboard and proceed
to build the website, add and activate the theme, edit the parts of the website, install the
appropriate plugins for the website such as: Duplicator to backup data, antispam bee to fight
spam, sucuri or wordfence for security, woocommerce for sales and product management,

lOMoARcPSD|15959729
... then build the pages according to the design. Once the interface was up and running, w e
started adding properties, categories, and products to the site.
Finally, we perform tests on the functionality of the website, come up with the right
test cases and test log to check how the website works.

lOMoARcPSD|15959729
CHAPTER 1 CLOUD COMPUTING DEPLOYMENT
1.1 Configure a Cloud Computing platform with a cloud service provider’s

framework
1.1.1 Register and log in to the AWS system
Step 1: Open Google and find the following link " https://aws.amazon.com/en/ " to
enter the AWS interface in the browser.
Figure 1 Link to AWS Site
Step 2: Click the Full Signup button to create an AWS account.

lOMoARcPSD|15959729
Figure 2 Click button Signup
A registration interface will appear, asking the user to enter the fields and steps re-
quired by AWS to complete the user account registration.
When customers sign up for Amazon Web Services (AWS), they automatically reg-
ister an AWS account for all services in AWS, including Amazon EC2. Customers only pay
for the services they use.

lOMoARcPSD|15959729
Figure 3 A registration interface of AWS
Step 3: Sign in to your AWS account
After successfully registering an AWS account, log in to the AWS system to use the
services they provide.

lOMoARcPSD|15959729
Figure 4 AWS login interface
1.1.2 Request and provision a compute server in AWS cloud
Step 1: Choose Compute EC2 to create an EC2 instance.
Move your mouse to the AWS Services tab in the upper left corner. Here, you will see
all AWS services categorized by region. Compute, Storage, Database, etc. To create an
EC2 instance, we must select Computer EC2, as shown in the next step.
An EC2 instance is a virtual server in Amazon Web Services terminology. EC2 stands
for Elastic Computing Cloud. This is a web service where AWS subscribers can request and
configure computing servers in the AWS cloud.

lOMoARcPSD|15959729
Figure 5 Create an EC2 instance
Open all services and click EC2 under Computing Services. The EC2 console will be
launched. This is the EC2 console. Here you will get all the key information about the AWS
EC2 resources that are running.
Figure 6 EC2 dashboard

lOMoARcPSD|15959729
Step 2: Select AWS Region
In the upper right corner of the EC2 console, select the AWS region where you want
to provision the EC2 server. Because our company is in Vietnam, we choose the region
closest to Vietnam. Here we choose Singapore AWS to provide 10 regions around the world.
Figure 7 Choose AWS region
Step 3: Click the 'Launch Instance' button
After selecting the desired region, return to the EC2 console. Click the "Start
Instance" button in the "Create Instance" section.
Figure 8 Launch instance

lOMoARcPSD|15959729
Step 4: Choose an Amazon Machine Image (AMI)
You will be asked to choose the AMI of your choice. When you launch an EC2
instance from your preferred AMI, the instance will automatically launch with the required
operating system. Here we choose Ubuntu 18.04 AMI.
Figure 9 Choose an AMI

Step 5: Choose EC2 instance type
In this step, we need to select the Instance type according to our needs. For business
needs, we will choose the instance type: t2.micro, which is a server with 1vCPU and 1GB
memory provided by AWS. Then click "Config Instance Details" for more configuration.

lOMoARcPSD|15959729
Figure 10 Choose EC2 Instance Type
Step 6: Configure instance
Automatic Public IP Assignment: Leave this feature off for now and we will assign
this case a static IP called EIP (Elastic IP) later.
In the next step, leave the IAM role option 'None' intact. We will cover the topic of
IAM's role in detail in IAM services.
Figure 11 select the IAM role 'None'
Shutdown Behavior: When you accidentally shut down your Instance, you definitely
don't want it to be deleted but stopped.

lOMoARcPSD|15959729
Figure 12 Select Shutdown Behavior
Enable termination protection: If you accidentally terminate your instance, AWS

has a layer of security. If you enable unexpected termination protection, it will not delete
your instance.
Figure 13 Check the option to continue to protect Instance
Click 'Add Storage' to add the data volume to your Insstance in the next step.
Figure 14 Configure instance details

lOMoARcPSD|15959729
Step 7: Add data volumes to instance
In the add storage step, you will see that the instance has been automatically provi-
sioned with an 8GB SSD root drive. (The maximum capacity available for general use is 16
GB). We can adjust the size of the capacity, add new capacity, change the type of capacity,
etc. AWS provides 3 types of EBS capacity: magnetic, general-purpose SSD, and preset
IOPS. You can select the capacity type according to the IOP requirements of the application.
Figure 15 Add storage
Step 8: Configure security group (SG)
In the next step of configuring the security group, you can restrict the traffic on the
instance ports. This is an additional firewall mechanism provided by AWS in addition to the
firewall of the operating system used. Define open IP ports as follows:
1.Create a new Security Group
2.Name Security Group
3.Determine the protocols you want to enable on Instancei
4. Specify IPs allowed to access the Instance
5.Check again, then press Review and launch button

lOMoARcPSD|15959729
Figure 16 Configure security group
Step 9: Review and launch instance
In this step will review all selected options and parameters and continue to launch
Instance.

lOMoARcPSD|15959729
Figure 17 Review and launch instance
Step 10: Create a key pair (a set of public-private keys) to login to the instance.
AWS stores the private key in the instance, and you need to download the public key.
Make sure you download the key and make sure it is safe and secure; if you lose it, you
can’t download it again.
1.Generate a new key pair
2.Name the key
3.Download and save it in a secure folder

lOMoARcPSD|15959729
Figure 18 Create a key pair
Step 11: Launch Instance
Once you've finished downloading and saving the key, launch your Instance.
Figure 19 Status on launch

lOMoARcPSD|15959729
Figure 20 Launch status
Step 12: Wait for Instance's status activation
Click the "instance" option in the left pane, you can see the status of the instance is
"pending" in a short time. When the instance is up and running, you can see that its status
is "Running". Note that the instance received a private IP from the AWS bucket.
Figure 21 Status of instance

lOMoARcPSD|15959729
Step 13: Create a static IP (Elastic IP – EIP) and connect to the instance
EIP is a public static IP provided by AWS. It stands for Elastic IP. Normally, when you
create an instance, it automatically obtains the public IP from the AWS bucket. If you stop/re-
start your instance, this public IP will change-this is automatic. In order for your application
to have a static IP, you can connect via the public network from there, you can use EIP.
1. On the left pane of the EC2 Console, you can access 'Elastic IPs' as shown below.
2. Allocate a new Elastic IP address.
Figure 22 Create an EIP

lOMoARcPSD|15959729
Figure 23 Allocate EIP address
Step 14: Assign this EIP to the instance.
1. Select EIP and click Link this EIP address.
2. Search for the version and associate the IP with it.
3. Back to the instance screen, the instance received the EIP.
Figure 24 Associate EIP address

lOMoARcPSD|15959729
Figure 25 Assign EIP to the instance
Figure 26 The instance received EIP

lOMoARcPSD|15959729
1.2 Implement a cloud platform using open source tools
1.2.1 Connect to the instance using SSH
From the Lubuntu desktop, we can access to the Ubuntu instance via SSH, using
Terminal. The steps and commands are shown below.
1. Verify that the instance is ready.
2. Access to the folder containing the previously downloaded key pair.
3. Gives the user read permission of the key file, and removes all other permission.
4. Connect to the instance using SSH.
Table 1 Terminal command
cd Downloads/
chmod 400 WebServer.pem
ssh -i "WebServer.pem" [email protected]
1.compute.amazonaws.com
Figure 27 Connect to instance using SSH

lOMoARcPSD|15959729
1.2.2 Install WordPress on Ubuntu 18.04 LTS with Nginx, MariaDB and PHP-FPM [1]
On Ubuntu in addition to deploying WordPress with Apache2, MariaDB, PHP. Then

we can also deploy WordPress with Nginx, MariaDB, PHP. Here we show how to deploy
with WordPress with NGINX, MariaDB, PHP and for Apache2 it's the same. Finally, we will
show the results of these two implementations. As mentioned about installing Ubuntu using
the following commands are the results of each stage.
First, install NGINX HTTP Server, WordPress CMS requires web server and NGINX
HTTP server is the most popular open source web server today (Richard Zayzay, 2018).
Step 1: Ubuntu preparation and update
Always update the Ubuntu server before installing the package... To update Ubuntu,
run the following command.
Table 2 Ubuntu Server Update Command
sudo apt update && sudo apt dist-upgrade && sudo apt autoremove
Step 2: Install NGINX web server
After updating Ubuntu, run the following command to install Nginx HTTP Web Server.
After installing Nginx, you can use the following commands to stop, start and enable the
Nginx service that is always started when the server starts.
Table 3 Install NGINX web server
sudo apt install nginx
sudo systemctl stop nginx.service
sudo systemctl start nginx.service
sudo systemctl enable nginx.service
Step 3: Install Mariadb Database Server
The MariaDB database server is now rapidly surpassing MySQL in the Linux and
open source communities. MariaDB is the default database server, and WordPress requires
a database server. Run the following command to install MariaDB. After installation, the

lOMoARcPSD|15959729
following commands can be used to stop, start, and enable the MariaDB service so that it
always starts when the server starts. Then run the following command to protect the Mari-
aDB server and generate a new root password.
Table 4 Install MariaDB and generate a new root password
sudo apt install mariadb-server mariadb-client
sudo systemctl stop mariadb.service
sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service
sudo mysql_secure_installation
When prompted, answer the questions below by doing the following:
- Enter current password for root (enter for none): Just press Enter
- Set root password? [Y/n]: Y
- New password: 123qwe!@#
- Re-enter new password: 123qwe!@#
- Remove anonymous users? [Y/n]: Y
- Disallow root login remotely? [Y/n]: Y
- Remove test database and access to it? [Y/n]: Y
- Reload privilege tables now? [Y/n]: Y
Step 4: Install PHP-FPM and related modules
Now, run the following command to install PHP-FPM and related PHP modules on
the new server. After installing PHP, run the following command to open the PHP-FPM de-
fault configuration file.

lOMoARcPSD|15959729
Table 5 Install PHP-FPM and related PHP modules
sudo apt install php-fpm php-common php-mbstring php-xmlrpc php-soap php-gd phpxml
php-intl php-mysql php-cli php-ldap php-zip php-curl
sudo nano /etc/php/7.2/fpm/php.ini
Then scroll down the lines in the file and change the next lines below and save again.
Or press Ctrl + W to find the corresponding lines as below, edit and save.
- post_max_size = 100M
- memory_limit = 256M
- max_execution_time = 360
- upload_max_filesize = 100M
- date.timezone = Asia/Ho_Chi_Minh
Step 5: Create A Blank Wordpress Database
At this point, all the necessary WordPress servers and software packages have been
installed. The new server is now ready to host WordPress. On the new server, create an
empty WordPress database. WordPress will use this empty database to store its content.
Run the following command to log in to the database server. When prompted for a password,
enter the root password you created above.
- Login to the database server. When prompted for a password, enter the root pass-
word created above (123qwe!@#).
- Create an empty database called TuDoi_database.
- Create a user database called users with a new password (user123!@#).
- Then grant the user full access to the database.
- Finally, save changes and exit.
Table 6 Create a blank database
sudo mysql -u root -p
CREATE DATABASE TuDoi_database;

lOMoARcPSD|15959729
CREATE USER 'user'@'localhost' IDENTIFIED BY 'user123!@#';
GRANT ALL ON ATN_database.* TO 'user'@'localhost' IDENTIFIED BY 'user123!@#'

WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;
Figure 28 Create a blank WordPress database
Step 6: Download Wordpress Latest Release
Next, run the following command to download the latest WordPress version. Then
run the following command to set the correct permissions for the WordPress root directory.
Table 7 Download the latest WordPress version
cd /tmp && wget https://wordpress.org/latest.tar.gz

lOMoARcPSD|15959729
tar -zxvf latest.tar.gz
sudo mv wordpress /var/www/html/wordpress
sudo chown -R www-data:www-data /var/www/html/wordpress/
sudo chmod -R 755 /var/www/html/wordpress/
Step 7: Configure Wordpress
Next, run the following command to create the WordPress wp-config.php file. Run the
following command to open the WordPress configuration file.
Table 8 Commands below to create the WordPress
sudo mv /var/www/html/wordpress/wp-config-sample.php
/var/www/html/wordpress/wp-config.php
sudo nano /var/www/html/wordpress/wp-config.php
Enter the bold text below that we created for the database and save.
Table 9 Create your database
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', TuDoi_database');
/** MySQL database username */
define('DB_USER', 'user');
/** MySQL database password */
define('DB_PASSWORD', 'user123!@#');
/** MySQL hostname */
define('DB_HOST', 'localhost');
/** Database Charset to use in creating database tables. */

lOMoARcPSD|15959729
define('DB_CHARSET', 'utf8');
/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');
Step 8: Configure The New Wordpress Site
Configure the WordPress site configuration file on the server. Run the following com-
mand to create a new profile called WordPress.
Table 10 Configure the WordPress site configuration file
sudo nano /etc/nginx/sites-available/wordpress
Copy and paste the content below into the file and save it.
Table 11 Configure the WordPress site configuration file on the server
server {
listen 80;
listen [::]:80;
root /var/www/html/wordpress;
index index.php index.html index.htm;
server_name 54.255.9.83 atn.com www.tudoi.com;
client_max_body_size 100M;
location / {
try_files $uri $uri/ /index.php?$args;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;

lOMoARcPSD|15959729
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
Step 9: Enable The Wordpress Site
After configuring the above VirtualHost, enable it by running the following command.
Run the following command to reload the Nginx web server and install PHP-FPM.
Table 12 Enable the wordpress site
sudo ln -s /etc/nginx/sites-available/wordpress /etc/nginx/sites-enabled/
sudo systemctl restart nginx.service
sudo systemctl restart php7.2-fpm.service
Step 10: Open browser and browse to the server IP address
WordPress default configuration path. http://54.255.9.83/wordpress
Figure 29 Complete WordPress installation

lOMoARcPSD|15959729
1.2.3 Configure WordPress
Follow the onscreen instructions until we have successfully configured WordPress.

After that, login to the admin dashboard and configure the WordPress settings.
Figure 30 Configure WordPress

lOMoARcPSD|15959729
Figure 31 Login to admin dashboard
Figure 32 Dashboard of Tu Doi Store
1.2.4 Customize WordPress site
Step 1: Choose a theme for the site

lOMoARcPSD|15959729
For my company website I use Flatsome and Flatsome child themes, currently this is
a popular theme for commercial websites. I download these theme files and unzip, then
upload this theme in the dashboard to activate and use them as a theme for the web site.
Figure 33 Theme selection interface
Figure 34 Add and active theme

lOMoARcPSD|15959729
Step 2: Customizing the theme
Set up basic website editing such as menu, header, footer, style, widget, ... of the
theme using drag and drop, to edit them to your liking.
Figure 35 Customizing the theme
Customize website headers:
There are many properties you want to use, drag them into the pre-divided cells to
display on the web page and then press "published" to be saved.
Figure 36 Customize header

lOMoARcPSD|15959729
Customize website footer:
To customize the footer for the website, we have to go to the widget and drag the
blocks in to fit the website. Divide the footer into corresponding columns, depending on the
company. Then press "Published" so that all actions are saved on the website. For me,
dividing the footer into 3 columns I do the following:
Figure 37 Customize footer
Customize website menu:
In this section, we customize the menu to display on our website. You can create
many different menus then click "Published" to save.
Figure 38 Customize menu


lOMoARcPSD|15959729
There are also different sections to customize which I didn't mention.
Step 3: Install required plugins
One of the main reasons why WordPress has become so popular in recent years is
because of the extensive support of WordPress plugins. However, because there are so
many options, choosing a good plugin for WordPress can be tiring.
Figure 39 Some required plugins
Here are some essential plugins for wordpress.
 Antispam Bee
Figure 40 Antispam Bee

lOMoARcPSD|15959729
Antispam Bee is one of Akismet's biggest competitors in the WordPress.org plugin

directory, with nearly 1 million downloads and more than 300,000 active sites to date. In my
opinion, it is the most powerful free anti-spam plugin that uses various techniques to identify
spam comments.
Benefit of Antispam Bee:
- Mark BBCode as spam.
- Use local and external spam databases.
- Block comments written in other languages.
- Ignore references and pingbacks.
- Block visitors from specific countries.
- Randomly arrange the order of some items in the comment box to deceive spam
software.
-And many other useful functions.
 WooCommerce
Figure 41 WooCommerce
WooCommerce is a great plugin that can help you sell online. It is also a free and
paid plugin designed to integrate with WordPress. WooCommerce is a popular and widely
used e-commerce plugin in the world today. It can help you manage your store easily and
simply. With its convenience and flexibility, WooCommerce can easily access hundreds of

lOMoARcPSD|15959729
WordPress extensions. WooCommerce accounts for about 30% of all online stores in the
world, more than any other online sales plugin.
Benefit of WooCommerce:
- Help you sell any item and anywhere.
- Expanded payment options.
- Management control all the most simple items
 Wordfence
Figure 42 Wordfence
Wordfence Security is one of the most fully functional WordPress security plugins. It
allows users to fully manage website security and even automation. Word-fence Security
provides you with many powerful functions and comes with complete and detailed
documents.
Main function:
- Allows you to scan WordPress sites for vulnerabilities.
- If there are any threats, we will alert you via email.
- Support advanced login security measures.
- Can block IP automatically based on suspicious activity.
Advantages:

lOMoARcPSD|15959729
- The free version of the plug-in contains all the functions needed to protect the se-
curity of the website.
- Support automatic alerts of security threats.
- It is completely open-source.
 Sucuri Security
Figure 43 Sucuri Security
Sucuri Security is a free plugin with standard WordPress security enhancements. The
free version of this plugin does not include a firewall. Sucuri Firewall (WAF) is a paid service
that you can integrate with the free Sucuri Security plugin.
 Duplicator
The Duplicator plugin has a WordPress localhost backup function and can be used
as a data backup plugin. In other words, it backs up all data on the website, including source
code and databases. ... copy part or all of the WordPress website data, the maximum file
size is 150MB.

lOMoARcPSD|15959729
Figure 44 Duplicator
1.2.5 Backup website
Backups are critical to operations and should be done regularly after each website
change. It helps to avoid data loss and ensure data recovery in the event of errors or
problems. Execute the following command in the terminal to backup the website.
Table 13 Commands in the terminal to backup the website.
cp /var/www/html/wordpress/wp-config.php wp-config.php.backup
cp /var/www/html/wordpress/index.php index.php.backup
Execute the following commands in the terminal to restore the website.
Table 14 Commands in the terminal to restore the website
rm -f /var/www/html/wordpress/wp-config.php
cp /var/www/html/wordpress/wp-config.php.backup wp-config.php
rm -f /var/www/html/wordpress/index.php
cp /var/www/html/wordpress/index.php.backup index.php

lOMoARcPSD|15959729
1.2.6 Website screenshots
The following are the pages of my website, all include 17 pages shown below:
Figure 45 All pages of the site

lOMoARcPSD|15959729
 Home page
Figure 46 Home page
In the following, we will show a few pages of our company's e-commerce website.

lOMoARcPSD|15959729
 Dynamic Sneaker Page
Figure 47 Dynamic Sneaker Page

lOMoARcPSD|15959729
 Slip-On Shoes Page
Figure 48 Slip-On Shoes Page

lOMoARcPSD|15959729
 About Us Page
Figure 49 About Us Page

lOMoARcPSD|15959729
 Shop Page
Figure 50 Shop Page

lOMoARcPSD|15959729
 My Account Page
I created 1 user with role as customer and then checked my account page. The
results are shown below:
Figure 51 My Account Page

lOMoARcPSD|15959729
 Cart Page
I add 1 product to the cart and proceed to view the interface of the cart page.
Figure 52 Cart Page

lOMoARcPSD|15959729
 Checkout Page
Figure 53 Checkout Page


lOMoARcPSD|15959729
1.2.7 Review some admin functions in the dashboard
 Add New Post
Post WordPress is an article or shared content published on a website programmed

on the WordPress platform. Every website, no matter what source code is used, has posts
and articles, and WordPress is no exception. These posts in WordPress are called Post
WordPress. However, not only that, but this open-source code also has many interesting
features specifically designed for Post.
Figure 54 Add New Post Function
To publish a new post to a WordPress website, you must visit the WordPress
dashboard management page and select the publish menu on the left. This is the place
where you are allowed to manage posts, also known as posts on the website, depending on
the administrator account level, and may have additional add, delete, and edit permissions.
- Click "Add New" in the upper left corner to add a new post.
- After you have finished the article, select the "Publish" button in the top right corner
to post.
 Media Library
This is where the site's images are stored. The administrator can add the site's im-
ages here for storage.

lOMoARcPSD|15959729
- Select Media Library on the left toolbar.
- Select Add New.
- Select File to upload.
- Select image and press Open
Figure 55 Add Media
 Add New Page
This is where the site's page is stored. The administrator can add the site's pages
here to archive, edit, and delete.
- Select Page on the left side of the toolbar.
- Select Add New Page.
- Then click Publish to save the operation.

lOMoARcPSD|15959729
Figure 56 Add New Page
 Comments
This is where the admin can respond, delete, rate,... the customer's product
comments for that product.
Figure 57 Comments

lOMoARcPSD|15959729
 Add new coupon
This is where the admin can add discount codes for his products in the website.
Customers can enter this discount code during checkout to receive the store's offer.
Currently I want to add a discount code:
- Select Marketing on the left toolbar.
- Select Coupons then Add New
- After entering the complete information, press Publish to save and post.
Figure 58 Add New Coupon
 Add New User
This is a function that helps administrators to add customers directly to the database
without customers needing to register on the website. To add an account login to the website
do the following:
- Select Users on the left side of the screen
- Select Add New User
- Enter relevant information.
- Then click the Add New User button to save.

lOMoARcPSD|15959729
The users of the row are stored in the users folder.
Figure 59 Add New User
 Add Product
Adding a product requires the user to enter the product name, description, detailed
description, related images, price, discounted price, a few more product related information.
Here I will show how to import products:
- Select Product on the left side of the screen.
- Select Add New Product.
- Enter the corresponding information and images.
- Then click Publish to post the product

lOMoARcPSD|15959729
Figure 60 Add New Product
 Check Orders
Check the orders and proceed to complete the order. The steps are as follows:
- Click on WooCommerce on the left side of the screen
- Select Orders
- Select the orders that are in processing status.
- Select status as complete to complete the order.
- Then press update.

lOMoARcPSD|15959729
Figure 61 Orders Interface
Figure 62 Order status

lOMoARcPSD|15959729
 View reports
I use wordpress's free Analytics to review products.
Overview report:
Figure 63 Overview report

lOMoARcPSD|15959729
Products report:
Figure 64 Products Report
Revenue Report:
Figure 65 Revenue Report

lOMoARcPSD|15959729
Orders Report:
Figure 66 Orders Report

lOMoARcPSD|15959729
1.2.8 Review some functions of website
 Login
Customers who use an account to register and log in to the website to buy goods,
and customers who just want to view goods, are not required to log in.
Figure 67 Log in function
 Quick View Function
Quick view function to briefly view the products to see the necessary information of
the product so that customers can make their choice.

lOMoARcPSD|15959729
Figure 68 Quick view function
 Search function
The search function is launched to find products related to keywords. For example,
"nike". The system will offer products with the keyword nike for customers to review and
choose the products they want.
Figure 69 Search function


lOMoARcPSD|15959729
 View Product Information
View product information is a function to view information of a certain product in the

website. It shows all the information of the product, image, description, attributes,... Custom-
ers choose the quantity and add it to the cart.
Figure 70 View Product Information Function

lOMoARcPSD|15959729
 Review function
This is a function that allows customers to evaluate products that they feel like or
dislike based on the quality of the product, the store's working attitude, etc. Here, I will add
a Product reviews are as follows:
Figure 71 Add review
 Add to cart function
After selecting the appropriate product and quantity, the customer will click add to the
cart. They can then go to the cart to check the product and quantity they have added.
Figure 72 Add to Cart function

lOMoARcPSD|15959729
 Checkout
The customer will fill in the necessary information for the order such as: delivery
address, full name, phone number, ... so that the system can deliver the goods to the
customer.
Figure 73 Checkout

lOMoARcPSD|15959729
Figure 74 Checkout Detail

lOMoARcPSD|15959729
1.3 Discuss the issues and constraints one can face during the development
process
For someone who has no experience with wordpress, this is one of the challenges
for them. The nature is not difficult, no matter how to program, you can still do it, but without
anyone's guidance, the success rate is not high. To do well, you need someone to guide
and teach you. Here, I share the difficult problems that I encountered when building an e-
commerce website for the company. For me, this is a relatively difficult and very demanding
task, I have to use the tools and knowledge that I have learned to apply to the successful
development of this web site as it is now. In addition, I encountered some difficulties as
follows:
First, I have difficulty at the stage of creating an AWS account, the first steps are very
smooth until the payment step, I do not have a VISA card so it is very difficult to do this. I
have to borrow a card and register, this process takes a long time, so it slows down my
progress. Although it is free for 12 months, this is also one of the first difficulties that I en-
countered when building a website.
Second, the free WordPress themes are limited in the features of the website and the
interface is not beautiful. I have tried a lot of wordpress themes and feeling unsatisfied takes
a lot of my time. Then I asked the trainers and got help, currently I'm using the FlatSome
theme. I feel this theme is very easy to use, optimize the sales website, simple operations,...
Thanks, I found this theme early to help complete the work on time.
Third, my network is also very poor, it takes a long time to load the admin page. In
fact, not only WordPress website, any website that the administrator does not know how to
optimize will run slow. You can optimize your WordPress website with tricks like choosing
the right theme, reducing the number of ads, and so on.
Next, I encountered some difficulties in implementing parts of the website, most word-
press plugins have to upgrade to premium to use the maximum functionality. I had to use
the free versions because the covid epidemic is booming in my country, I don't have the
funds to upgrade. This is also one of the difficulties that I have to face.
The amount of knowledge required to complete this lesson is the combined

knowledge of all 3 subjects: Networking, Security and Cloud Computing. The difficulty for
me is not remembering what I have learned, having to relearn or ask friends to remember
what I have learned to complete. This is a knowledge synthesis course that I used to do, it

lOMoARcPSD|15959729
was interesting that I only had a little difficulty but I still finished the product as expected. In
addition to having knowledge, you also have to be smart to be able to do it quickly and
accurately.
Moreover, I am a newbie, the skills and knowledge are not there, it is very difficult to
start using wordpress. I spend a lot of time and effort researching resources, websites,
watching videos on how to build websites, how to optimize websites for seo standards. I
hope that through this exercise I will have a lot of knowledge of wordpress so that I can work
in the future. Thanks to the school for helping me with these knowledge.
In addition to the difficulties I faced while developing. Skills and knowledge are also
one of the barriers that prevent us from succeeding. Before doing something, we should
have a clear plan, create blueprints step by step, so that the development process is easy,
easy to control, easy to maintain and easy to fix. Working according to the right process
brings us many benefits, gets the job done on time, the quality exceeds our expectations,
gets people's trust and gives you more important tasks. Relationships also make it easier
for us to work, whenever there is difficulty in a certain step, we can ask friends, teachers, ...
to help us. Knowledge and skills will stay with us for a lifetime, with us for a lifetime. Cherish
the knowledge and skills learned because they are always with you.
In addition to subjective reasons, there are also difficulties from AWS. AWS is the
most popular cloud computing platform and also the largest cloud provider in the world. AWS
is known for a wide range of features, reliability, and security. However, AWS is not all about
advantages. Issues, especially those related to security, can still occur in AWS. Here are
some of the least common problems with AWS:
- Invoicing can be quite complicated for a non-tech savvy business owner.
- Amazon's EC2 resource limits by region. So the user's region can determine how
many resources they will have access to. In addition, as a new user, AWS prevents users
from using too many resources and spending a lot of money.
- Because security is one of the key features, AWS limits some features that cannot
be changed.
- AWS charges for immediate support and customers can choose any plan between
Developer, Enterprise, and Enterprise.

lOMoARcPSD|15959729
- AWS also has common cloud issues such as downtime, limited control, and redun-
dancy protection, as well as general cloud security issues.

lOMoARcPSD|15959729
CHAPTER 2 TECHNICAL CHALLENGES AND ASSESS RISKS
2.1 Analyze the most common problems which arise in a Cloud Computing
platform [2]
 Security
The most important concern when investing in cloud services is the security of cloud
computing. That's because your data is stored and processed by a third-party provider and
you cannot see it. Every day, you will receive notifications about invalid authentication,
stolen login, stolen account, data breach, etc.
 Password Security
As more and more people access your cloud account, it becomes vulnerable to
attacks. Anyone who knows your password or breaks into your cloud will be able to access
your confidential information.
 Cost Management
Cloud computing allows you to access application software through a fast Internet
connection and allows you to save investment inexpensive computer hardware, software,
management, and maintenance. This makes it affordable. But it is difficult and expensive to
customize the organization according to the needs of a third-party platform.
 Lack Of Expertise
As the workload of cloud technology increases and cloud tools continue to improve,
management becomes difficult.
 Internet Connectivity
Cloud services rely on high-speed Internet connections. Therefore, companies that

are relatively small and face connectivity issues should first invest in a good Internet
connection to avoid downtime. That’s because internet downtime can cause huge business
losses.
 Performance
As your business applications migrate to the cloud or third-party providers, your

business performance begins to depend on your provider. Another big business of cloud
computing is to invest in the right cloud service provider.

lOMoARcPSD|15959729
 Lack of resources
One of the challenges facing enterprises is the lack of qualified human resources. As
the business grows, so does cloud technology. So you need experts to keep up with the
technology.
 Depends on service provider
When choosing a service provider for your business, you should carefully read the
terms and conditions of the policy. To be authorized, the provider will meet the security
standards set by the government.
2.2 Appropriate solutions to these problems [2]
 Security
Fortunately, cloud providers have recently begun efforts to improve security. Choose
a reputable service provider. You can also exercise caution by verifying that the supplier has
implemented a secure user identity management system and access control procedures.
To ensure the privacy and security of your organization, please verify the security
management, identity verification, and access control permissions of your service provider.
Also, check their database privacy and security.
 Password Security
Here, organizations should use multi-level authentication and ensure that passwords
are protected. In addition, passwords should be changed regularly, especially when a
particular employee resigns and leaves the organization. Must be careful to grant access to
username and password.
 Cost Management
There are several ways to control the cost of using cloud services, which is to analyze
the services to be used. Check your company's financial situation, and then set up tools to
automate financial constraints. Regular financial reports on the cost of using cloud services
to determine the most suitable service.
 Lack Of Expertise
Companies and enterprises must train a workforce that can handle cloud computing
tools and services. Therefore, companies need to take steps to upgrade their IT teams to
alleviate this challenge.

lOMoARcPSD|15959729
 Internet Connectivity
Upgrade the network system for the organization, use large bandwidth, and ensure
the stability of the network connection, so as not to cause major business losses.
 Performance
Before investing, you should look for a supplier with advanced technology. The
performance of BI and other cloud-based systems is also tied to the vendor's system.
Choose suppliers carefully and investigate whether they have an agreement to alleviate the
problem in real-time.
 Lack of resources
Hiring cloud experts for the company is very expensive. Instead, they should work
part-time, because cloud services only need to be customized after they are up and running.
In addition, the tools available in the cloud can be used for monitoring, backup,... these tools
can optimize cost, management, security without much research.
 Service provider dependency
Identify risks and estimate losses in the cloud. Clearly define the roles and
responsibilities of service providers. Use security measures to ensure information security
within the organization and take corrective actions.
2.3 Assess the most common security issues in cloud environments
2.3.1 Overview of security issues in cloud environments [3]
Today, businesses, companies, and governments are shifting workloads to the cloud.
However, due to lingering concerns about data security in cloud computing, some
organizations still resist the huge appeal of the cloud. There are several areas that are at
risk of being compromised, so you must stay safe when it comes to cloud computing. Each
sector represents a potential attack vector or source of error. The following is the specific
area:

lOMoARcPSD|15959729
Figure 75 Common security issues in cloud environment (Elom Worlanyo, 2015)
 Organizational Security Risks
Risk affects the structure of an organization or business as an entity. If the cloud

service provider (CSP) goes bankrupt or is acquired by another organization, there may be
a threat from malicious insiders within the organization, which may harm data usage.
 Physical Security Risks
The physical location of the cloud data center must be protected by CSP to prevent
unauthorized access to CSC data. Even firewalls and encryption cannot prevent data from
being stolen. Since CSPs are responsible for the physical infrastructure, they must
implement and operate appropriate infrastructure control measures, including employee
training, physical location security, and network firewalls. In addition, the CSP is responsible
for complying with the privacy regulations of these jurisdictions.
 Technological Security Risks
These risks are failures related to the hardware, technology, and services provided
by the CSP. In a public cloud with multi-tenant characteristics, these include the problems
of resource sharing and isolation and the risks associated with changing the CSP, namely
portability. Maintain and inspect infrastructure more frequently.
 Compliance and Audit Risks

lOMoARcPSD|15959729
These are legal risks, such as risks related to lack of legal information, jurisdiction
changes, illegal contract terms, and ongoing legal disputes.
 Data Security Risks
It is believed that the core of all computers is the process of processing data into
meaningful information. Therefore, when the processing and storage of such data are
outsourced to an infrastructure owned and maintained by a third party, this leads to many
issues that need to be considered when protecting the data. We need to consider many data
security risks. These issues are particularly obvious in public clouds because multiple parties
(some of which may be malicious) must share the aforementioned infrastructure.
Data security properties:
Some of the attributes we need to ensure with data when using the cloud, I'll list
below.
Privacy: It is one of the more important issues that need to be solved in cloud and
general network security. Privacy ensures that CSC's personal and identifying information
will not be disclosed to unauthorized users.
Confidentiality: It is related to data privacy because it is an asset that ensures that

data belonging to the CSC will not be disclosed to any unauthorized parties. CSP is mainly
responsible for the security of CSC data. Some vendors use job scheduling and resource
management, but most vendors use virtualization to maximize the use of hardware. These
two methods allow attackers with full access to the server and virtual server side-channel
attacks to extract information from the target virtual machine on the same machine.
Integrity: Data integrity refers to the confidence that the data stored in the cloud has
not been altered in any way by unauthorized parties when retrieving data. The CSP must
ensure that no third party can access the data in transit or the data stored. Only authorized
CSC can change its data.
Availability: This attribute ensures that CSC can access its data and will not be
denied access due to errors or malicious attacks by any organization.
2.3.2 Security issues of the company TuDoi
For our company we use the Infrastructure as a Service deployment model and the
public cloud service model. In the following, we will address security issues related to the
Infrastructure as a Service and public cloud model.

lOMoARcPSD|15959729
2.3.2.1 Infrastructure as a Service Security Issues [4]
Infrastructure as a Service (IaaS) provides virtualized computing resources, virtual

storage, and virtual machines that can be accessed through the Internet. Popular
infrastructure services include Amazon's Elastic Compute (EC2), Google Compute Engine,
and Microsoft Azure. The upfront cost of growing IaaS is very low. Organizations using
infrastructure services do not need to purchase or maintain hardware. IaaS is also more
scalable and flexible than hardware. Cloud infrastructure can be scaled as needed and
scaled-down when no longer needed.
However, IaaS may be the target of cyberattacks, attempts to hijack IaaS resources,
launching denial of service attacks, running botnets, or mining cryptocurrency. In many data
breaches, storage and database resources are common targets for data filtering. In addition,
an attacker who successfully penetrated the organization's infrastructure services can use
these accounts to access other parts of the corporate structure. IaaS customers are
responsible for the security of their data, user access, applications, operating systems, and
virtual network traffic. Common problems when using IaaS:
 Unencrypted data:
In hybrid and multi-cloud environments, data moves between local and cloud-based
resources and between different cloud applications. Encryption is essential to protect data
from theft or unauthorized access. Organizations can encrypt local data before or in the
cloud. They can use their own encryption key or the encryption of the IaaS provider.
 Configuration error:
A common cause of cloud security problems is the misconfiguration of cloud

resources. Cloud providers may provide tools to protect their resources, but IT professionals
are responsible for the proper use of these tools. Following, are common errors include:
- The input or output port is misconfigured.
- Multi-factor authentication is not enabled.
- Data encryption turned off.
- Open storage access for Internet services.
 Shadow Service:

lOMoARcPSD|15959729
Restricted or tampered cloud accounts are most common in software-as-a-service

solutions, but they can also appear in IaaS. When employees need to configure applications
or resources, they can use the cloud provider without notifying their IT department. In order
to protect the data in these services, IT first needs to identify services and users through
auditing. For this purpose, IT departments can use the Cloud Access Security Program.
 User role-based access:
This is a best practice for protecting access to the cloud infrastructure by ensuring
that developers and other users only have the permissions needed to complete their work
and no more permissions. It's the same again. Exposing root account credentials allows
attackers to access all resources and deauthorize dormant accounts.
2.3.2.2 Public cloud security issues
 Limit control:
Public clouds provide users with limited control. This lack of access rights prevents
customers from customizing their environment and gives them less control. Public cloud
providers can also choose the authentication, authorization, and access control processes
and software of their choice. As a customer, your organization has no control over the
methods it uses or the procedures for managing those methods.
 Performance:
As mentioned earlier, the performance of the cloud delivery model mainly depends
on the network and resources. Service providers must adequately manage resources and
networks. As the number of users increases, it is a challenging task for service providers to
provide good performance.
 Multi-resource:
Shared resources, that is, multiple users share resources, so it is called multiple
objects. Due to this attribute, there is a high risk of data leakage or possible access without
privileges.
 Lack of security in the public cloud:
The Public cloud is a multi-tenant environment from which it can create its own
security threats because flaws in the infrastructure make the entire environment vulnerable

lOMoARcPSD|15959729
to attacks. Multiple exploitations can allow a single tenant or hacker to view all data or
fraudulently use the identity of another customer.
2.3.2.3 Public cloud security solution
Before using a public cloud, you must choose a cloud service provider. The public
cloud can be selected based on certain parameters, such as performance and flexibility.
This is one way to choose a public cloud, and the other is based on cost. If the work using
resources is not time-sensitive, the lowest cost service provider will be selected.
2.4 Discuss how to overcome these security issues when building a secure
cloud platform
2.4.1 Countermeasures for Security Risks [3]
After covering the various risks faced when using the cloud, we must find a way to
deal with these problems. In this section, I will focus on the methods used to ensure all the
different forms of data security, and briefly review the strategies used to solve these
problems.
 Organizational Security Risks
Malicious insiders: The risk can be reduced by setting strict legal restrictions in the
contract when hiring personnel. A comprehensive evaluation of the CSP by a third party and
a robust notification process for security vulnerabilities also help.
 Physical Security Risks
Physical Leakage-You can restrict access to sensitive locations in the data center by
setting up strong physical security deterrents (such as armed guards, key card access, and
biometric scanning), thereby reducing the risk of intruders physically accessing equipment
used to provide cloud services.
 Technological Security Risks
Virtualization defense and reputation-based trust management: CSP should use the
following structure: DHT-based overlay network hierarchy, each layer performs specific
tasks. Use various sources to verify certain connections. Detecting conspirators refers to
checking whether any sources are associated with known malicious parties. Secure
virtualization: CSPs can use Advanced Cloud Protection System (ACPS) to ensure the
security of guest virtual machines and distributed computing middleware.

lOMoARcPSD|15959729
The trust model for interoperability and security: providers and users should have
separate domains, and each domain has a special trust agent.
In addition, it is recommended that CSPs regularly maintain and audit the

infrastructure.
 Compliance and Audit Risks
This field mainly deals with legal matters, so both CSP and CSC need to understand
legal and regulatory obligations and ensure that any contract fulfilled meets these
obligations. After reviewing some of the methods used to prevent security mistakes in the
other four areas, in the next section, we will introduce some of the main techniques used to
ensure data security.
 Methods to ensure Data security
There are multiple methods that can be used to ensure that different attributes of the
data are safe. Here, we reviewed the authentication and encryption technology and briefly
introduced the following:
Authentication in the Cloud:
Since cloud computing involves the use of CPC and CSP to store sensitive user data,
identity and access management (IAM) is a form of access control and therefore important.
Some authentication methods include identity-based cloud computing hierarchy model
(IBHMCC) and SSH:
Authentication Protocol (SAP). This is mainly used to protect the privacy and
confidentiality of data.
IAM ensures compliance by managing key security issues (authentication, automatic

configuration, and authorization). Other underlying technologies for authentication and
authorization
And access control services are OpenID, OAuth, SAML, XACML. The Trusted
Computing Group (TCG) IF-MAP standard supports real-time communication between
cloud service providers and customers regarding authorized users and other security issues.
Encryption techniques in the cloud:
In order to protect data at rest and at work, a password encryption mechanism is

definitely the best choice. In the transition, homomorphic encryption is such a mechanism.

lOMoARcPSD|15959729
Unlike homomorphic encryption, other methods are used, such as searchable encryption,
so data can be accessed without decrypting it. Example encryption algorithms used include :
The Caesar cipher is a classic alternative cipher. A simple example of this kind of
password is to replace a character in the alphabet with a character in the previous 3 steps,
for example, "ZULU" will be converted to "CXOX". There are only 25 possible key options,
so this password can be easily enforced.
The Simplified Data Encryption Standard (S-DES) has a key generation process in
which the S-DES key generation process generates the following 2 subkeys when
processing the original 10-bit input, instead of using the current key for encryption and
decryption. It is no longer widely used because computing power has caught up to break it.
RSA is an encryption algorithm in which the encryption key is public, which is different
from the secret decryption key. It is one of the most commonly used encryption algorithms
today.
Secure Sockets Layer (SSL) is 128-bit encryption. It is a commonly used protocol for
managing the security of message transmission on the Internet. It uses a public key and
private key encryption system.
2.4.2 IaaS Security Solutions[4]
Traditional enterprise security solutions are not built for cloud services outside the
organization's firewall. Virtual infrastructure services (such as virtual machines, virtual
storage, and virtual networks) require security solutions specifically designed for cloud
environments. The following are security-critical solutions for IaaS:
 Cloud Access Security Program (CASB):
CASB provides visibility and control of cloud resources, including user activity
monitoring, IaaS monitoring, cloud malware detection, data loss prevention, and encryption.
They can integrate with firewalls and cloud platform APIs, and monitor IaaS for
misconfigurations and unprotected data in cloud storage. CASB provides auditing and
monitoring of compromised account and file permissions, configuration, and settings.
 Cloud Business Data Protection Platform (CWPP):
CWPP protects work data from malicious software and manages operations. If it
cannot be managed, it can provide cybercriminals with access to the IaaS environment.

lOMoARcPSD|15959729
 Virtual Cybersecurity Platforms (VNSP):
The VNSP solution scans network traffic moving in the north-south and east-west
directions between virtual instances in an IaaS environment. These include network
intrusion detection and prevention to protect virtual resources.
 Cloud Security Posture Management (CSPM):
The cloud security status manager checks the IaaS cloud environment to find security
and compliance issues and provides manual or automatic repairs.

lOMoARcPSD|15959729
CONCLUSION
After completing this report, I have learned a lot. Not only do I have knowledge of the
history of cloud computing, Cloud Computing basics, cloud-specific properties and cloud
deployment model, the benefits of cloud computing. cloud, the need for Cloud Computing.
In addition, I also selected suitable service models and service deployment models for TuDoi
company. It was a huge success for me. I also give advantages when businesses use cloud
computing. In addition, I also learned how to create an account and sign in to AWS. Not to
mention the fact that I can manually configure the installation of services in AWS, in addition
to installing wordpress to create an e-commerce website. Learn how to edit interfaces, add
products and sell them, learn about plugins for websites, etc. And yet, I also learned about
common problems related to cloud computing and other common problems. solutions to
prevent them from attacking.
Furthermore, during my studies and research at school to complete this report, I was
able to develop skills such as communication, critical thinking, analysis, reasoning and in-
terpretation, retrieving Whether. Whether. These skills are very important to me. I learned
diligence, diligence, hard work after completing this report. A very large amount of
knowledge combining many subjects such as: Networking, Security, Web Design Develop-
ment and Cloud Computing. This wealth of knowledge helped me complete the report with
ease.
However, due to limited knowledge and time, my report is not in-depth. The lack of
practical experience also caused me to overlook many problems that still existed in the sys-
tem. I will try to improve my knowledge to be more successful. Also, when I was just starting
out, I had a lot of trouble implementing the system as my goal. After a lot of research and
with the help of teachers and friends, I have finally completed this report. Some difficulties
include: the details in wordpress are quite difficult to find and how to customize the website
is also very difficult, sometimes I feel tired and do not want to continue. But because the fire
of passion burned in my heart, I tried my best and succeeded beyond my expectations.

lOMoARcPSD|15959729
REFERENCES
[1] Richard Zayzay., (2018, 01 03). Install WordPress on Ubuntu 18.04 LTS with
Nginx, MariaDB and PHP-FPM. [Online]. Available at: https://websiteforstudents.com/in-
stall-wordpress-on-ubuntu-18-04-lts-bata-with-nginx-mariadb-and-php-fpm/
[Accessed 15 August 2021].
[2] Ajay Sarangam., (2020, 30 11). Top 10 Challenges of cloud computing. [Online].
Available at: https://www.jigsawacademy.com/blogs/cloud-computing/challenges-of-cloud-
computing/ [Accessed 15 August 2021].
[3] MSc. Xuan Ly NGUYEN THE’s lecture notes.
[4] Lê Toản., (2021, 18 08). Tìm hiểu về IaaS Security. [Online]. Available at:
https://www.iworld.com.vn/tim-hieu-ve-iaas/ [Accessed 15 August 2021].

Cloud Computing Asm2 Tran Xuan Tu 2

Uploaded by

Copyright:

Available Formats

Cloud Computing Asm2 Tran Xuan Tu 2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cloud Computing Asm2 Tran Xuan Tu 2

Uploaded by

Copyright:

Available Formats

lOMoARcPSD|15959729

Cloud-Computing ASM2 Tran-Xuan-Tu 2

Computer Architecture (Trường Đại học FPT)

Studocu is not sponsored or endorsed by any college or university

BTEC FPT INTERNATIONAL COLLEGE

STUDENT : Tran Xuan Tu

DaNang, August 2021

Downloaded by L?c Phú ([email protected])

ASSIGNMENT 2 FRONT SHEET

Qualification BTEC Level 4 HND Diploma in Computing

Unit number and title Unit: Cloud Computing

Date received (1st sub-

Date received (2nd

Student name Tran Xuan Tu Student ID BDAF190018

Class PBIT15101 Assessor name Xuan Ly Nguyen The

Downloaded by L?c Phú ([email protected])

Summative Feedbacks: Resubmission Feedbacks:

Grade: Assessor Signature: Date:

Signature & Date:

Downloaded by L?c Phú ([email protected])

TABLE OF CONTENT ........................................................................................ii

LIST OF TABLES AND FIGURES ...................................................................... iv

CHAPTER 1 CLOUD COMPUTING DEPLOYMENT ......................................... 4

1.1 Configure a Cloud Computing platform with a cloud service provider’s

1.1.1 Register and log in to the AWS system ............................................... 4

1.1.2 Request and provision a compute server in AWS cloud ....................... 7

1.2 Implement a cloud platform using open source tools ............................... 21

1.2.1 Connect to the instance using SSH .................................................. 21

1.2.3 Configure WordPress ...................................................................... 29

1.2.4 Customize WordPress site .............................................................. 30

1.2.5 Backup website .............................................................................. 38

1.2.6 Website screenshots ....................................................................... 39

1.2.7 Review some admin functions in the dashboard ................................ 48

1.2.8 Review some functions of website.................................................... 58

CHAPTER 2 TECHNICAL CHALLENGES AND ASSESS RISKS ..................... 67

2.2 Appropriate solutions to these problems [2] ............................................ 68

2.3.1 Overview of security issues in cloud environments [3] ....................... 69

Downloaded by L?c Phú ([email protected])

2.3.2 Security issues of the company TuDoi .............................................. 71

2.4.1 Countermeasures for Security Risks [3] ............................................ 74

2.4.2 IaaS Security Solutions[4]................................................................ 76

Downloaded by L?c Phú ([email protected])

LIST OF TABLES AND FIGURES

Table 1 Terminal command ............................................................................. 21

Table 2 Ubuntu Server Update Command ......................................................... 22

Table 3 Install NGINX web server ..................................................................... 22

Table 4 Install MariaDB and generate a new root password ................................ 23

Table 5 Install PHP-FPM and related PHP modules ........................................... 24

Table 6 Create a blank database...................................................................... 24

Table 7 Download the latest WordPress version................................................. 25

Table 8 Commands below to create the WordPress ........................................... 26

Table 9 Create your database ........................................................................... 26

Table 10 Configure the WordPress site configuration file .................................... 27

Table 12 Enable the wordpress site................................................................... 28

Table 13 Commands in the terminal to backup the website. ................................ 38

Table 14 Commands in the terminal to restore the website ................................. 38

Figure 1 Link to AWS Site ................................................................................... 4

Figure 2 Click button Signup ............................................................................... 5

Figure 3 A registration interface of AWS .............................................................. 6