First Steps Cloud Computing

Cloud Computing
First Steps
Learn whats the underneath forces that Cloud Computing runs on and how it is going to change
the face of IT industry. Step by step guide to technicalities behind Virtualization and Cloud
Computing - Different models and architecture of Cloud Computing. An Overview of Major
Service Providers of all the categories - IaaS, PaaS & SaaS.
Navin Sabharwal
Ravi Shankar
About the Authors
Navin Sabharwal has over 13 years of experience in Information Technology and

is a Consultant and Architect in the Cloud Space. He leads the automation and
cloud computing practice for one of the leading IT companies.
He has led consulting engagements in the Cloud Computing Space and is an

evaluator and architect of Cloud Solutions.
Ravi Shankar is a software engineer and holds a Masters degree from Indian
Institute of Information Technology, India. He specializes in building and
architecting Cloud solutions.
Credits
This work includes contents from various sources and contents about of various
products from market leading firms from all around the world. The intent of this
work is to create awareness and provide a simple learning to intended audiences.
The content from various sources have been presented in the best possible form
to showcase the products and solutions that are provided by them to provide
knowledge and awareness about them in a very simple and understanding
language. The content of this work includes contents from various sources that
are under various copyright licenses. The full credit of work is given to the
solutions provider.
The content of this work include work on products and solutions from various
leading firms that include VMWare Inc., Microsoft Corporation, Amazon.com,
Rackspace Inc., GoGrid, Citrix Systems , Google, SalesForce.com , WorkDay Inc.
and many more. Following is the list of the trademarks:
Amazon Web Services, AWS, Amazon EC2, EC2, Amazon Elastic

Compute Cloud, Amazon Virtual Private Cloud, Amazon VPC, Amazon
SimpleDB, SimpleDB, Amazon S3, Amazon Simple Storage Service,
Amazon CloudFront, CloudFront, Amazon SQS, SQS, Amazon Simple
Queue Service, Amazon Simple Email Service, Amazon Elastic Beanstalk,
Amazon Simple Notification Service, Amazon Route 53, Amazon RDS,
Amazon Relational Database, Amazon CloudWatch, AWS Premium
Support, AWS Import/Export, Amazon FPS, Amazon Flexible Payments
Service, Amazon DevPay, DevPay, Amazon Mechanical Turk,
Mechanical Turk, Alexa Web Search, Alexa Web Information Service,
Alexa Top Sites, Alexa Site Thumbnail, Amazon FWS, Amazon Fulfillment
Web Service, Amazon Associates Web Service, and other AWS graphics,
logos, page headers, button icons, scripts, and service names are trademarks,
registered trademarks or trade dress of AWS in the U.S. and/or other
countries.
VMware is a registered trademark or trademark of VMware, Inc. in the

United States and/or other jurisdictions. VMware VSphere, VMware
VSphere, VMWare ESX server,VMWare VCloud Director, VMWare Cloud
Forundary and other products of VMware described in this book is a
registered trademark of VMWare Inc.
Microsoft is a registered trademark of Microsoft Corporation in the

United States and other countries. Microsoft Azure, Microsoft Hyper-v,
Microsoft office 365 (including all the products in it) is a trademark of
Microsoft Corporation.
Salesforce, developerforce, visualforce, Dreamforce, Sforce, ISVForce,

SiteForce, AppForce and other products of SalesForce described in this
book are registered trademark of SalesForce.com.
Heroku described in this book is owned by SalesForce.com.
Google AppEngine, Google Apps is a registered trademark of Google Inc.
WorkDay is a registered trademark of WorkDay Incl.
All the products and technologies described in this book is a registered trademark and the
creator firm owns the right to them as per their legal terms and conditions.
Table of Contents
Cloud Computing First Steps 1
About the Authors 2
Credits 3
Preface 9
1 10
Virtualization 10
I. What is virtualization? 10
II. History of virtualization: 13
III. Benefits of Virtualization: 13
IV. Types of virtualization: 16
Hardware virtualization:.........................................................................................................16
Software virtualization:..........................................................................................................17
Para-Virtualization:.................................................................................................................17
Processor Virtualization:.........................................................................................................18
Desktop virtualization:............................................................................................................18
Coopvirt..................................................................................................................................18
Storage virtualization..............................................................................................................18
Network virtualization............................................................................................................19
V. Virtualization technologies 19
1. VMware:..........................................................................................................................20
i. VMware ESX server.........................................................................................................20
ii. Storage- Data Store, VMFS & RDM:................................................................................22
iii. VMware-networking:..................................................................................................24
iv. VMware VMotion:.......................................................................................................26
v. VMware DRS:..................................................................................................................28
vi. VMware High Availability:...........................................................................................29
2. Windows Hyper-V...........................................................................................................29
i. Introduction:...................................................................................................................29
ii. Hyper-V architecture:......................................................................................................31
iii. Hyper-V Dynamic memory configuration:...................................................................34
iv. Windows Live Migration:.............................................................................................35
v. Hyper-V network configurations.....................................................................................36
vi. Disk and Storage:.........................................................................................................38
3. Xen Server:......................................................................................................................39
i. Xen Server architecture:..................................................................................................39
ii. Host and Resource Pools:................................................................................................41
iii. Storage:........................................................................................................................43
iv. XenServer Networking:................................................................................................45
VI. Virtualize your environment: 46
Physical to virtual migration:..................................................................................................46
1. Pre-migration:.................................................................................................................47
2. Post Migration.................................................................................................................48
Risks and Problems with virtualization:..................................................................................49
VII. Managing a virtualized environment: 50
1. Technical support:...........................................................................................................50
2. Software support:...........................................................................................................51
3. Capacity Management:...................................................................................................52
4. Licenses and agreements:...............................................................................................54
5. Functional considerations:..............................................................................................55
VIII. Storage Virtualization: 57
1. Introduction....................................................................................................................57
2. Types:..............................................................................................................................58
3. Ways:...............................................................................................................................59
4. Storage Area Networks...................................................................................................61
2 65
Cloud Computing 65
I. Introduction 65
II. Cloud Computing defined: 67
III. Service Models 68
1. Cloud Software as a Service............................................................................................68
2. Cloud Platform as a Service.............................................................................................69
3. Cloud Infrastructure as a Service....................................................................................70
IV. Deployment Models 70
1. Private Cloud...................................................................................................................70
2. Community Cloud...........................................................................................................71
3. Public Cloud.....................................................................................................................71
4. Hybrid Cloud....................................................................................................................71
V. Virtualization: the engine of cloud computing 72
1. Virtual Machine...............................................................................................................73
2. Virtual Servers.................................................................................................................74
3. Virtual Network...............................................................................................................74
4. Virtual Storage.................................................................................................................74
5. Virtual Firewall................................................................................................................74
6. Load Balancer..................................................................................................................75
7. Virtual Applications and Middleware..............................................................................75
VI. Features & Benefits of Cloud Computing 75
VII. Architecture: 77
1. Infrastructure as a Service 81
Major IAAS providers:.............................................................................................................82
i. Amazon Web Services.....................................................................................................82
ii. VMware VCloud Director..............................................................................................112
iii. GoGrid:......................................................................................................................127
iv. Rackspace..................................................................................................................133
2. Platform as a Service: 140
Major PaaS providers:..........................................................................................................141
i. Microsoft Windows Azure:............................................................................................141
ii. Heroku:..........................................................................................................................148
iii. VMware Cloud Foundry:............................................................................................154
iv. Google App Engine....................................................................................................161
v. Force.com......................................................................................................................166
3. Software as a Service: 171
Major SaaS providers............................................................................................................172
i. Microsoft office 365......................................................................................................172
ii. SalesForce:....................................................................................................................176
iii. WorkDay....................................................................................................................181
iv. Google Apps:.............................................................................................................184
Preface
As the Cloud Computing Industry is progressing towards maturity and some of these services
are finding huge traction in the mainstream Enterprise IT, its important for both IT professionals
and Businesses to know about the services available in the market and how they can be
leveraged to support the Enterprise IT in providing services with agility and lower cost to the
business.
Cloud computing is future of IT services as it enables business to focus more on their core
business while consuming IT as a Service in a Pay per use model. The benefits of large
infrastructure which is available on demand and in a Pay per use model are providing
opportunities for small businesses to be competitive and start small with the ability to scale up
the IT Infrastructure as and when their business grows. Now a small business can afford to rent
a super computer with 50000 cores and run it for a few hours for a few thousand dollars an
hour and create innovative solutions, thus the advent of the cloud will make innovation easier
and democratize Innovation and way businesses are run.
This book covers aspects from technology point of View and goes on to cover the Service
Providers in the market who can be leveraged by businesses for their Cloud needs. The goal is to
provide the reader with technical details on various service offerings in the cloud space and
provide a basic level of understanding of what each service provider is offering and how it can
be used to create solutions for business needs.
1
Virtualization
I. What is virtualization?
Before starting with our Journey on understanding the various cloud service providers, their
offerings and how businesses can leverage the cloud to offer, lets start with the core
technology which has enabled the creation of cloud computing Virtualization.
In this chapter we will introduce our readers to the concepts of Virtualization. The core
engine of cloud computing.
Over the years with the advances in Microprocessor technology the speed of the processor
and the number of Sockets and Cores in a Server has increased manifold. These days you
can get 12 Core Processors with 4 Sockets and thus 48 Cores in a single Server. Most of the
applications will consume a fraction of this enormous compute power available.
Virtualization enables efficient utilization of compute resources by sharing the compute
resource (The Server) for use by multiple applications which can run in their own secure
Operating System environments but still utilizing the same hardware.
Thus Virtualization enables the sharing of resources of a single hardware and provides
efficiency, cost savings and manageability.
Virtualization as in its literal sense means to virtualize resources and abstract them from the
physical resources. The physical hardware is used by virtualization software to create a
virtualized environment on top of it, thus the applications running in the environment are
abstracted from the fact that they are running in an emulation mode rather than the real full
hardware being made available to them.
By virtualization, we can create virtual resources over a physical hardware so that one can
maximize resource utilization, reduce overhead and thus save costs.
Virtualization enables using virtual resources which functions same as physical resource, i.e.
the use is unaware of the underlying architecture while using a virtual machine and the
resources provided to it behaves same as physical resources.
Virtualization is not limited only to hardware, but there are various types of virtualizations
other than that, like software virtualization, desktop virtualization, etc. A very common
example of virtualization that is being used by a large community of users is a Virtual
Machine.
A virtual machine runs on top of a physical machine. The physical resources like storage,
memory and network are abstracted and presented to the virtual machine using a
Hypervisor / Virtualization layer. The individual resources are presented to the VM (virtual
machine) as if they are physical, and the user doesnt have any idea that they are abstracted
and the actual hardware is shared across multiple applications. This allows running many
virtual machines on a single hardware. All the machines that run on that physical hardware
use its resource by partitioning, encapsulation and isolation.
The Virtual machines on a physical hardware operate in isolation to the other VMs on that
physical hardware. They do not have access to other VMs resources. Storage to the virtual
machines is provided in the form of a virtual hard disk, all the virtual machine share the
same Ethernet card for networking by usage of channel division, they all use the same
memory of the physical machine by the use of memory partition and usage of a table.
The figure below shows how multiple OSs and applications running on a single hardware.
fig.i
Another more common example of virtualization will be virtual memory, which is used by
almost all the modern machines today. The virtual memory allows a user to use more
memory than what is actually present on the machine. This is made possible by abstracting
the hard disk as the memory to the machine. This virtual memory is used by the machine
whenever it runs out of its memory without the user knowing about it.
To provide virtualization, some kind of software is required to abstract the physical resource
and provide them as virtual resources. There are various technologies to provide the same
such as VMware, Xen, Hypervisor, HyperV, etc. The most prevalent technology that is used
today is VMware.
There are two types of virtualization, host based and bare metal.
The host based virtualization layer runs on top of the operating system on the hardware.
This type of virtualization helps in deploying virtual machines on the base OS. The
virtualization layer is designed in order that they are tightly coupled to the operating system.
Other type of virtualization is bare metal which is the virtualization layer that is applied
directly on the hardware.
Virtualization software is not only available for servers but there are desktop versions which
can be used to run virtual machines on laptops and desktops. Some examples of such
software are VMware Workstation, Oracle virtual Box, etc.
II. History of virtualization:
History of Virtualization dates back to the 60s. Hardware level virtualization was pioneered
by IT giant IBM in the 1960s. IBM used virtualization to split large mainframe machines to
multiple virtual machines which can be used independently and allowed mainframe
machines to perform multiple tasks at the same time.
Then it was more recently adopted by UNIX/RISC for hardware level partitioning and
Software Virtualization. The UNIX/RISC or industry standard x86 systems used both host
based and bare metal virtualization for partitioning and to run multiple VMs on a single
hardware.
VMware invented virtualization in the 1990s for x86 systems which helped in more efficient
management and partitioning of resources into individual VMs. They introduced
virtualization technology that transformed the x86 machines into completely shared
systems. After the immense progress of VMware, Microsoft also came into the market after
acquiring a virtual server software company Connectix and launched virtual PC 2004 in
July 2006 as completely open source project and followed it up with release of VPC 2007 on
October 2006.
Now Virtualization has become a key component of any datacenter and large enterprise
datacenters have high virtualization levels.
Virtualization is also the core engine powering the public cloud and private cloud offerings
from vendors like Amazon Web Services(AWS), Microsoft Azure, OpenStack, vCloudDirector
etc.
III. Benefits of Virtualization:
Virtualization has become a part of an overall trend in IT that includes autonomic computing
(scenario where the IT environment is able to manage itself), and utility computing (where
computer processing power is considered as a utility that can be rented by clients who can
pay on usage basis.) Virtualization helps in centralizing administrative tasks while also
improving scalability and workloads.
Easier Manageability: Lesser hardware because of virtualization means easier manageability

with less power, space and cooling requirements. With virtualization, one can run multiple
machines on a single hardware and manage them from a Single Console. This reduces the
overhead of managing hardware, power and cooling equipment. It also reduced the cost of
the infrastructure considerably as now less number of servers and space is required.
Scalability: Virtualization provides scalability. Any machine created with a limited number of
resources can easily be scaled vertically as well as horizontally. The resources allocated to
any VM can be changed at any given time provided they are available on the host. The
Virtualization Machine Manager provides features to add CPU and Memory resources to
even the running machines provided the Operating System Supports it. The Virtual Machine
Manager can also instantiate new machines to enable scale out scenarios where the
application is written in a way to accommodate scalability through multiple instances.
Compatibility: Often people run into problems of running multiple types of Operating
systems and application on one type of hardware, Virtualization enables running different
types of operating systems and applications on same hardware independent of each other.
This helps in reducing any compatibility issues and ensuring that all applications are
provided their own Operating System and environment though running on the same
Hardware.
Isolation & Security: Virtualization enables running multiple machines on a physical

machine and they run in complete isolation to each other. Various resources are abstracted
to the machines running on them using partitioning, isolation and encapsulation. These
individual machines cannot use the resources that are assigned to other machines. Isolation
helps in the previous point of compatibility issues and provides high level of security to the
application since they are completely isolated from each other.
Efficient use of resources: Using multiple VMs on a single host can significantly reduce the
cost as compared to using one physical machine though it is not being fully utilized. One can
easily create different virtual machines on same physical hardware and allocate resources to
each according to the need. Thus the concept of sharing of resources helps in more efficient
use of resources. Virtualization is all about resource sharing and efficient use of resources.
By using the underutilized resources Virtualization provides efficiency and costs savings.
Security Considerations: Earlier when a virus used to infect a system, it used to corrupt the
whole system and all applications running on a machine used to get impacted, but in a
virtualized environment, in case of Virus or worm infections, because of Isolation the other
applications are protected. This is possible because all the virtual machines that run on a
host are isolated from the resources and applications of other virtual machines as they are
treated as separate entities. Thus isolation helps in securing the individual applications and
ensuring that Virus and other vulnerabilities of a single application do not impact the other
applications.
Recovery: Virtualization also helps in restoring to a point in time snapshot or backup in a

simpler way. The built in functions help in creating point in time snapshots at regular
intervals. So, a VM can easily be restored to the state of the back up or snapshot. This
feature of Virtual Machines makes it easy for developers to take snapshots of work in
progress development systems or to do easy code migration from Development Systems to
Quality Assurance or Testing Systems.
Portability: Each virtual machine on a host is stored on it as a file. Even the virtual hard disk
that is attached to the virtual machine is also stored as a file in the data store. These files
can easily be copied or backed up to any other system/device. Thus, Virtualization enables
portability of machines easily. Just like you can copy and paste a movie file or an mp3 file
from one system to another and it will play if the required software and codecs are present
in a similar way you can stop, save and copy a virtual machine and bring it up in the same
state in which you saved it on another hardware provided the virtualization software is
installed and running on the new hardware.
VMs can be used for testing easily: One of the several VMs on a host can be easily used for
testing for some applications or software. If because of certain reasons the virtual machine
operating system or application gets corrupted, rather than wasting time on doing a root
cause analysis and rectifying the problem, a new virtual machine can be quickly brought up,
thus saving precious time and energy and providing quick resources to the developers /
testers.
Rapid Deployment: Since Virtual machines are stored as files on physical machines. These
files can easily be deployed and copied to any other system. New machine can be easily
created similar to any machine on same or different hosts. There are also many automation
technologies available in the market to do the same task. Rapid deployment of Virtual
machines makes it simple and quick to provide compute resources to IT and thus enable
them to be more agile and flexible to meet the needs of business.
The ability to separate different applications: By creating many virtual machines on same
host, the applications that may be conflicting to each other, like using same ports numbers,
can be easily installed on different virtual machines. This ensures the availability of different
applications on same dedicated systems and thus avoiding separate hardware for each
application.
Planned downtime: Even the downtime of the machines can also be planned with minimal
disruption to services. All one needs to do is to copy the virtual machine and deploy it on
any other host and the hosting host can be set free and can be put in the maintenance
mode. The environment can be easily designed to give the maximum uptime for an
application. This can also be automated using automation tools and thus the whole process
can be quick and simple.
IV. Types of virtualization:
Virtualization helps in creation and separation of any from physical or real version of
something. It helps us to separate the compute functionality from the physical.
Virtualization technology has extended from hardware virtualization to now software
virtualization. Various types of virtualization are:
Hardware virtualization:
Hardware virtualization also known as platform virtualization is the creation of multiple
machines on a single hardware. It refers to the creation of virtual machines on top of a
physical server. This enable the virtual machines to behave like real computers with an OS
installed on them. Different virtual machines on top of a physical machine work
independently of each other. The host machine is where the virtualization takes place and
the guest virtual machines are hosted on it. The virtualization layer is what helps in
separating the different guest machines on it and in the communication of the guest
machines and the physical hardware.
The usage of Hardware Virtual Machine Software allows the user to create a private
machine which has fully functional hardware and is separate from other virtual machines
and users. Due to Hardware Virtual Machine Software the users can boot and restart their
machines quickly, since hardware initialization tasks are not necessary.
Hardware can be fully virtualized or partially virtualized.
Full virtualization is virtualization or simulation of complete hardware to allow virtual

machines to run uninterruptedly.
Partial virtualization: Hardware is partially virtualized when only some components not
all of the hardware is virtualized which is used by the virtual machines hosted on it.
Software virtualization:
This is the case when virtualization is done at the software level instead of physical
hardware level. This is same as application virtualization or virtualization of computer
programs. Using software virtualization one can run applications on a network connected
devices which is unsupported by the OS they are running.
For example, one can run Linux compatible software on a windows machine using software
virtualization or Users can run multiple operating systems on a single underlying OS and can
easily switch between them like applications.
Some to the benefits of software virtualization are:
It provides the capability to execute multiple versions of the same application.

The ability to install applications that would otherwise conflict with each other (by
using multiple virtual layers).
The ability to test new applications in an isolated environment.
Para-Virtualization:
In this case, the virtual machine is modified prior to the deployment on the physical
machine. It provides optimized system performance using bypass mechanisms to offload
certain functions to the hardware layer and thus bypassing the Hypervisor(Virtualization
Software)
Though the performance of Para-virtualization is better as compared to full hardware
virtualization, this service has limitations in case of flexibility and security. The virtual
machine must be modified before running on the Para-virtualized environment because the
virtual machine has to run on a different environment and many OS might be incompatible.
The guest OS has much greater control over the underlying hardware; hence the security
aspects may get impacted.
Desktop virtualization:
A very common example of this would be MS virtual desktop infrastructure or interface. This
virtualizes the desktop and separates it from the physical machine desktop environment. It
uses the client server architecture. The desktop of the server is virtualized and provisioned
to the client to use it. Most virtualization technology uses a centralized server to store the
virtual desktop for the clients and the client access the virtual desktop interface from this
server. Using virtual desktop, a user can run an OS on a server and use the desktop from a
thin client or a smartphone. It allows multiple clients to use the same platform by getting
different virtualized desktop of a server from the central server. The detailed description of
VDI is beyond the scope of this book.
Coopvirt
Coopvirt (cooperative virtualization) is somewhat a hybrid type of virtualization. By hybrid, it

means that is a mixture of hardware virtualization and Para-virtualization. Using hardware
assisted virtualization with an OS running on it. The idea is to use the hardware capabilities
of Intel VT and AMD-V (Virtualization enabled hardware) to do some of the virtualization
that is done in software by Para-virtualization, while still having a well-behaved guest that
can run very efficiently in a virtualized environment. Thus Coopvirt provides the
performance benefits of leveraging the Virtualization aware Hardware and thus provides
better performance for the Guests.
Storage virtualization
Storage virtualization is the pooling of storage resources from multiple different storage
devices that are connected over the network and it makes it appear as a single storage
device which can be managed via a single access point or a central management center.
Specifically, storage systems may use virtualization concepts as a tool to enable better
functionality and more advanced features within the storage system. Storage systems can
provide either block accessed storage, or file accessed storage. Block access is typically
delivered over Fiber Channel, iSCSI, SAS, FICON or other protocols. File access is often
provided using NFS or CIFS protocols.
While the storage devices management can be tedious and time-consuming, storage
virtualization helps the storage administrator in performing certain tasks like backup,
archiving, and recovery more easily, and in less time, by masking the actual complexity of
the SAN.
Storage virtualization can be implemented with the help of software applications or by using
hybrid of hardware and software appliances.
Network virtualization
Network virtualization is a methodology which enables the combination of available

network resources by dividing them into channels, which operate independently of each
other. The separated resources can be assigned to a particular server or device at any time.
The divided resources are secured and operate independently of each other. All the
network resources can be accesses by all the users from a single access point.
It reduces the effort of administration. Files, images, programs, and folders can be centrally
managed via a single physical site. Hard drives, tape drives and other storage media can be
easily attached or detached. The servers can share the storage space. Network virtualization
is intended to optimize network speed, reliability, flexibility, scalability, and security.
Network virtualization can be categorized into several categories like external which can be
a combination of many networks or various networks parts to form a virtual unit or internal
which provides functionality that is similar to software containers network on a single
system. Independent of whether virtualization is internal or external, it depends on the
implementation provided by vendors that support the technology.
V. Virtualization technologies
Virtualization combines or divides computing resources to one or many compute

environments by the use of methodologies like partitioning or aggregation of hardware and
software, simulation of partial or complete machine, emulation, time-sharing, and many
others. There are many virtualization technologies that provide virtualization at all levels.
These technologies can be applied to a wide range of areas like server consolidation, secure
computing platforms, to support multiple operating systems on a single system, kernel
debugging and development, migration of a system, etc. resulting in widespread usage.
Some of the technologies that capture the market today are discussed below.
There are many virtualization technologies available in the market which helps in reducing
the complexity of managing the physical resources and also maximizes the utilization of
resources while optimizing the energy utilization.
Virtualization helps is abstracting resources and separating them from the physical
hardware. There are basically two ways in which virtualization is provided.
Host based:
In this type of architecture, there is a layer of operating system on top of the physical
servers and the virtualization layer is deployed on top of it. The base layer OS is
responsible for the management of the virtual machines created over it.
Bare metal:
In this there is no operating system, there is only a layer of modified kernel called
virtualization layer which provides the management of the virtual machines on top of it.
The virtualization layer is responsible for the separation of individual machines from
each other and help in their communication with the underlying hardware.
Discussed below are some of the common virtualization technologies.
1.VMware:
VMware is amongst the pioneers in the field of virtualization. The virtualization technology
has various components in play like VMware ESX Server, VM File Systems, VMware virtual
symmetric multi-processing, VCenter server, VMware infrastructure client, along with
VMware HA, VMware Distributed resource scheduler, VMware consolidated backup. These
individual components help in implementing the functionality of the VMware virtualization
that decouples the virtual resources from the hardware layer and help in greater resource
utilization and flexibility.
Lets look at each of the components individually.
i. VMware ESX server:

This is a virtualization layer that runs on top of the physical hardware.
It is a hypervisor helps in abstracting physical resources like processor, memory,
storage and networking to create multiple virtual machines that each can run an
unmodified operating system and applications.
This layer helps in managing the communications between the virtual machines and
the physical hardware.
VMware ESXi is the latest hypervisor architecture from VMware.
It uses an ultrathin architecture and has very less reliance on general purpose OS, yet
it functions like VMware ESX.
The ESX servers are deployed directly on the hardware and provide a robust
virtualization layer which helps in running multiple Operating system on top of it.
Each virtual machine is itself a complete machine with BIOS, processor, memory,
networking, and storage due to which any OS or applications can be installed on top
of it.
The virtualization layer also helps in completely isolating all the virtual machines
running on top of it, thus providing an environment, where if any of the virtual
machine crash, the others are not affected.
As the ESX server is directly installed on the physical server, it gives it full control over
the physical servers resources and the resources that are allocated to each virtual
machine.
The VMware ESX/ESXi layer provides virtual machines with built-in high availability,
security, and resource management features.
These VMware ESX/ESXi layer can support up to 64 physical CPUs, 256 vCPUs, 1 TB
RAM and up to hundreds of virtual machines.
Some of the key features of VMware ESX/ESXi are:
o Resource management for all the virtual machines and hence, helps in improving
performance and consolidation ratios.
o Manages the execution of virtual machines process by intelligent scheduling and
load balancing across all available CPUs on the physical host.
o Enables memory utilization by safely increasing more number of virtual machines
of more memory than there is on the hosts to run.
o It helps in shifting the available RAM dynamically from idle virtual machines to
active workloads where there is need of RAM. This feature is known as Memory
ballooning which artificially induces idle virtual machines memory pressure, and
forces them to use their own paging areas and release their occupied memory for
active virtual machines.
o It also ensures that critical applications on virtual machine receive network traffic
with a priority, hence helps in prioritizing the network traffic. This feature is known
as network traffic shaper. It manages VMs network traffic so that it can meet peak,
average and burst size bandwidth.
o It also ensures critical VMs receive priority vise access to storage devices on a fair
share basis.
o It also helps in eliminating the need to separately backup the server disks that are
locally attached by booting from SAN.
o IT also helps in virtual networking by providing virtual network capabilities for VMs
on a single host or across various physical hosts to connect. One can easily
configure a VM with multiple NICs and individual MAC address and hence creating
each VM different from other and also configure virtual switches and create a
simulated network environment.
o It leverages a combination of new in-guest virtualization-optimized SCSI drivers and
VMkernel-level storage stack optimizations which helps I/O-intensive applications
such as databases and messaging applications by improving their performance.
o It also supports high availability with features like NIC teaming, multicast built in
feature for storage and also supports Microsoft clustering features.
ii. Storage- Data Store, VMFS & RDM:

The storage of the physical hardware is abstracted and presented to the virtual
machine as simple SCSI disk which is connected to Host Bus Adapter.
This storage is provisioned from the data store in the datacenter which also stores
the virtual machines along with the disk of the virtual machines known as virtual
hard disk.
The virtual machine is stored as files in the data stores directory where the virtual
hard disk is also stored as one or more files inside the directory.
Storing the virtual machine and the virtual hard disk as files helps in migration of the
virtual machine and virtual hard disk from one machine to another as well as for
back-up.
The ESX/ESXi server uses VMDK virtual disk files to provide virtual machine access
to their own private data stores and thus giving administrators to easily manage the
storage, like, creating, managing and migrating virtual machine storage as separate
self-contained files that act as storage to the VMs.
It helps in eliminating single points of failure and balance storage resources by
implementing shared storage for virtual machines with VMware vStorage Virtual
Machine File System (VMFS)
VMFS is a cluster file system that allows multiple VMware ESX hosts to access a
single VMDK file concurrently.
VMFS is supported on a mix of Fibre Channel SAN, iSCSI SAN, and NAS storage arrays
and it is transparent to application owners and end users.
The ESX/ESXi servers also have features that support prioritizing the I/O request from
different virtual machines so that the critical applications can receive request faster
than the non-critical ones.
The Storage Architecture of VMware Infrastructure has abstraction layers that hide
and manage the complexity and differences between physical storage subsystems
and simple standard storage elements are presented to the virtual environment.
The applications and guest operating systems inside each virtual machine has
storage presented as simple as SCSI disks that are connected to a virtual Bus Logic or
LSI SCSI Host Bus Adapter.
The virtual disks of VMs which are iSCSI disk are provisioned from the data store in
the datacenter.
The data store is a storage appliance that stores the virtual disk inside the virtual
machine and the virtual machine itself.
A virtual hard disk can easily be hot added to any virtual machine, i.e. any new or
existing virtual hard disk can be added to any running virtual machine, theres no
need to power down the virtual machine for this.
This data store provides a simple model from which disk can be allocated to different
VMs on hosts without exposing the complexity of variety of physical storage
technologies available, like Fiber Channel and iSCSI SAN, DAS and NAS.
This data store is a VMFS file system and can span multiple physical storage
subsystem.
A single VMFS volume can contain one or more LUNs from a direct attached SCSI disk
array on a physical server, a Fiber Channel SAN disk farm, or iSCSI SAN disk farm.
The new LUNs that are added to any of the physical storage subsystems are
discovered automatically and made available to the virtual machines.
The VMFS as well as the virtual machine is stored in the data store.
As said, each data store can span multiple storage sub systems whereas a single
VMFS can contain multiple LUNs from a direct attached SCSI array.
If any new LUN is added to the physical storage subsystem, it is automatically
discovered and made available without powering down the physical server which is
also known as hot addition.
VMFS is a clustered file system and can be accessed by multiple physical servers at
the same time. This helps in providing high availability of the virtual machines.
The VMFS provides a functionality of locking which ensures that the same virtual
machine is not powered on multiple physical servers and in case of physical server
failure, the lock is released so that the virtual machine can be started on other
physical server.
Crash consistency and recovery mechanism as well as snapshot is also supported
also supported by VMFS.
VMFS also supports Raw device mapping (RDM), that helps in providing a
mechanism for the virtual machines to have direct access to the LUNs on the physical
storage subsystems.
SAN snapshot or other layered applications that run in the virtual machines are also
supported by RDM and any case where Microsoft clustering service spans physical
servers and virtual to virtual cluster or physical to virtual clusters are also supported
by RDM.
The RDM is like a symbolic link from the VMFS to the raw LUN.
This mapping helps is making the LUN appear as files in the VMFS volume but the
reads and writes are made directly to the LUN rather than going via the mapping file.
The VMware storage architecture also supports backing up of storage which is
known as VMware consolidated backup.
It provides an easy way for agent-less backup of virtual machines via a centralized
facility.
o Consolidated backup with the help of 3 rd party agent residing on the separate
backup proxy server provide backup solutions but no agent is required inside the
VMs.
o The schedule of the backup is managed by the 3 rd party agent, which starts the
backup when its time.
o After the startup of the backup, the consolidated backup runs a pre-backup script
and tells the virtual disks to take their point in time snapshot.
o After this the consolidated backup restores the virtual machines back to their
normal state and mounts the snapshot to the backup proxy server.
o And finally, the 3rd party agent helps in creating backup of the snapshot that has
been mounted to its backup targets.
o By taking the snapshot, the consolidated backup ensures consistency.
iii. VMware-networking:
VMware also provides rich set of virtual networking elements that help to connect
different virtual machines on different hosts or same host to connect to each other. It
provides the virtual network capabilities by providing virtual switches which enable the
virtual machines to be isolated and still communicate with each other.
Similar to a physical machine, a virtual machine also has virtual NIC(s) and a MAC
address. All the communication from the OS and the applications takes place through
the vNICs (Virtual NICs).
VMware provides a standard networking device drivers that help the vNICs to function in
the same way as physical NICs. The vNIC responds to the standard networking protocols,
has a MAC address and has one or more IP addresses.
The VMware networking uses the concept of vSwitch which is like a layer 2 physical
switch. Each host has its own vSwitch. A vSwitch is connected to the physical Ethernet on
the host via the uplink and the virtual machines are connected to the vSwitch on
different port groups.
Port groups helps in distinguishing the network traffic. It does so by setting networking
policies that govern the flow of network traffic. A vSwitch has many different port groups
and virtual machines are connected to the port groups via vNIC. The network of a virtual
machine is decided by the port group it is connected to. All the VMs that are connected
to the same port group are on the same network though they are on different physical
servers.
During a VMotion, which involves moving a VM from one physical host to another, the
port group that the VM was connected to in the previous host must be present on the
new host where it is migrated; otherwise, the VM wouldnt be able to start as it cannot
find the port group it was connected to.
Port groups are great, unique concept that can be configured with different policies to
provide enhanced networking security.
A vSwitch can connect to more than one physical NIC through its uplink. This is done to
ensure failover. It is known as NIC teaming. When one physical NIC stops responding, the
other NICs connected to the uplink can be used for the traffic flow.
vDistirbuted Switch:
VMware also has a feature known as vDistributed switch. It is single vSwitch that
functions across multiple hosts. They are different from vSwitch such that they enable
you to set network configurations that span across all member hosts, and helps the
virtual machines to maintain network configuration that are consistent as they migrate
across multiple hosts.
Just like a vSwitch, vDistributed switch is also a network hub that virtual machines can
connect to. A vDistributed switch can be used to forward traffic internally between
virtual machines as well as link to an external network by connecting to physical
Ethernet adapters, also known as uplink adapters.
One or more distributed port groups can be assigned to a vDistributed switch.
Distributed port groups are used to group multiple ports with a common configuration
and also to provide an established anchor point for virtual machines connecting to
labeled networks. Each distributed port group is identified by a network label, which is
unique to the current datacenter.
Each member port on a vDistributed switch can be configured and they are known as
distributed port groups. These port groups as in vSwitch define how the connection of
the virtual machine connected to it via a vNIC is made to the network.
Network resource pools can be created to determine the bandwidth that is allocated to
different network traffic types on a vdistributed switch.
When network I/O control is enabled, vdistributed switch traffic is shared between the
predefined network resource-pools like: Fault Tolerance traffic, iSCSI traffic, vMotion
traffic, management traffic, vSphere Replication (VR) traffic, NFS traffic, and virtual
machine traffic.
One can also create custom network resource pools to control the flow for virtual
machine traffic. The bandwidth each network resource pool is given can be controlled by
setting the physical Ethernet adapter shares and host limit for each network resource
pool.
The network policies can be set up on standard switchs port groups and vdistributed
switch. These policies define how the network configurations are defined. For example a
load balancer policy may define the distribution of network traffic between adapters and
a failover policy may define how the network traffic be routed in case of failure.
iv. VMware VMotion:
vMotion is the term used for migrating virtual machines between physical servers. It is
an automated process means it is done without any server interruption. For example in
case of a failure of a physical host, a VM is configured to move on to another physical
host.
vMotion is an advanced technology which enables Applications to provide high

availability and has low administrative overheads. Thus during maintenance windows or
patching cycles or hardware failure a virtual machine can keep running on another
machine and moved back after the maintenance windows. This greatly simplifies the
high availability configuration and provides improved availability levels for applications.
Live migration of a virtual machine between physical servers with VMware vMotion is
enabled by using three underlying technologies.
Lets discuss the step by step process on how vMotion works:
First, the entire state of a virtual machine which is to be migrated is saved and
encapsulated by a set of files that are stored on some shared storage device such as
Fibre Channel or iSCSI Storage Area Network or Network Attached Storage. VMware
vStorage VMFS has the functionality that allows multiple installations of VMware ESX to
concurrently access the files of the same virtual machine.
Second, the active memory and precise execution state of the virtual machine is rapidly
transferred over a network of high speed, allowing the VM to instantaneously switch
from running on the source ESX host to the destination ESX host.
vMotion ensures that the transfer period is imperceptible to users. It does so by keeping
track of memory transactions that were on-going in a bitmap. After the copy of the
entire memory and system state to the target ESX host, source virtual machine is
suspended by VMotion, and then it copies the bitmap (on-going memory transaction) to
the target ESX host, and the virtual machine is resumed on the target ESX host.
Third, the underlying ESX host also has the network configuration that is being used by
the virtual machines; it ensures that even after the migration, the virtual machine
maintains its network identity and network connections. Virtual MAC address is
managed by VMotion as part of the process. After the destination virtual machine is
powered on, VMotion pings the network router which ensures that the router is aware
of the new physical location of the virtual MAC address. Since vMotion preserves the
precise execution state of the migrating virtual machine along with the network identity,
and its active network connections, VMotion results in zero downtime and no disruption
to users. The figure below shows the overview of the above steps for vMotion.
fig.ii
v. VMware DRS:
VMware DRS is a policy based resource scheduling engine which helps in efficient
utilization of resources. Thus Virtual Machines are moved from one physical host to
another based on rules which the administrator can define in DRS. When one physical
host is starved of compute resources, DRS can move the virtual machine to another Host
which has available compute resources.
This enables the administrators to do an automatic movement of virtual machines and

provide performance to applications without the need for manual intervention.
VMware Distributed resource scheduling utilizes vMotion to distribute the virtual

machine across the physical hosts in a cluster to ensure proper resource utilization as
defined in the policy. It continuously monitors the physical hosts as well as the virtual
machines and matches these policies to the user defined policy for the resource
assignation and then performs vMotion i.e. migrates a VM between physical hosts in
case it is needed.
If a new host is made available to the cluster, VMware DRS automatically redistributes
the VM to take advantage of the new host. This is the same when any host is removed or
fails in that cluster.
vi. VMware High Availability:
VMWare high availability provides simplified high availability it can quickly restart virtual
machines in case of hardware failure and thus provide high availability.
VMware HA helps in simple alternative to clustering of application. It helps in quick

restart of virtual machines on some other physical server within a Cluster automatically
whenever the server that was hosting the VM fails. All applications within the virtual
machines will benefit from high availability, not just one as with application clustering.
VMware works this out by placing an agent on all the physical servers which helps in
heartbeat with all the others servers in the cluster. Whenever a heartbeat is lost, it will
immediately initiate the restart of all affected virtual machines on another server.
This process provided by VMware HA is pretty simple as compared to the application
level clustering. VMware HA requires some amount of non-reserved resources to be
present which will be used for this service. These non-reserved resources should be
available at all times. This is to ensure that HA configurations will function properly when
the live servers gets failed. Though, this doesnt mean that the resources should be
doubled.
2.Windows Hyper-V
Hyper-V is the server virtualization technology from Microsoft.
Microsoft is providing the hyper-v role that comes along with Windows Server 2008 & R2,
provides software infrastructure and basic management tools that one can use to manage
virtualized data center. It also provides functionality for creation and management of a
virtualized server computing environment.
i. Introduction:
Hyper-v role in windows Server 2008 and Windows Server 2008 R2 allows creating a
virtualized environment with functionalities to manage it. This virtualized environment
helps in managing and utilizing the resources efficiently as in case of VMware. The
hyper-v layer on the physical server helps to create virtual machines on physical server
with different operating systems on it. Hyper-v is software that is applied to physical
servers that help to create and manage virtualized infrastructure. Its key feature are as
follows:
64-bit native hypervisor-based virtualization.

It gives the ability to run 32-bit and 64-bit virtual machines independently and
concurrently on a host.
The virtual machines can be of different configurations.
It helps in creating virtual machine snapshots, which capture all the information of the
VM like state, data, and hardware configuration of a running virtual machine. These
snapshots can be used to create a new virtual machine identical to the previous one.
It supports large Virtual machine memory and Virtual local area network (VLAN).
It gives documented Windows Management Instrumentation (WMI) interfaces for
scripting and management.
With Windows Server 2008 R2 with the hyper-v role, there are additional functionalities
like, live migration, Dynamic memory storage, enhanced memory, networks and
processor support.
The hyper-v software enables to run multiple operating systems with virtual machines to
run on one single computer and they can be configured to communicate with each other
and external network.
Hyper-V runs on a computer which must have some standard configurations.
The base configuration for Windows Server 2008 R2 must have an X86 processor, must
have Intel or AMD virtualization technology and a minimum processor of 1.4 GHz. There
should be at least 512 MB of RAM. The system BIOS must be included and enabled on
the processor with hardware enhanced data execution prevention enabled. At least one
network adapter must be installed on that computer.
Under Hyper-V hypervisor virtualization, there is a program which is known as a

hypervisor which is directly applied on top of the hardware in ring 0 (as shown in the
figure below). This layer handles multiple tasks like resource (CPU, memory, etc.)
allocation for the guest virtual machines and interfaces for higher level administration
and monitoring tools are also provided by it.
fig.iii
The hypervisor is applied to the ring 0, so the kernels for any guest operating systems
that is running on the system must run in CPU rings that are less privileged. Until now
most of the operating system kernels are written in order to run in the ring 0, such as the
ability to execute CPU instructions and directly use the memory. But in here, all the
operation of the operating systems is made through the hypervisor. These are called
using hypercall API request to the hypervisor via the VMBus.
ii. Hyper-V architecture:

All the components shown in the diagram are explained below:
Virtual machine management service (VMMS): This service helps in maintaining the
state of all the virtual machines that are running in the child partitions, it preserves the
state of these virtual machines and keeps track of all the tasks that can be performed on
these guest operating systems based on their current state. Besides this, it also manages
the addition and removal of the external devices like storage, etc. It also has the
responsibility of creating a virtual machine worker process when the virtual machine is
started.
Virtual machine worker process: This process is started by the VMM service on the start
of virtual machines. It is created for each of the virtual machine that is created in the
child partitions and is responsible for management of interaction of the virtual machine
with the parent partition hosting the Windows Server 2008. The responsibilities of the
Virtual Machine Worker Process also include creation, configuration, and running,
pausing, resuming, saving, restoring and taking snapshot of the associated virtual
machine. Other tasks like IRQs, memory and I/O port mapping are also handled by VM
Worker process through a Virtual Motherboard (VMB).
Virtual devices: These devices are managed by the virtual motherboard (VMB). The
VMB is a part of the virtual machine worker process and is created for each virtual
machine in the child partition. There are two types of virtual devices: core virtual devices
which can be emulated or synthetic devices and plug in virtual devices
Virtual infrastructure devices: These devices are those that always operate in the kernel
mode and helps in managing partition, memory and processor that are running in child
partitions. These VIDs help the components to communicate with the hypervisor.
Windows Hypervisor Infrastructure library: The parent partition hosting Windows

Server 2008 and the guest partition which are hyper-v aware has a dll named WinHV.sys.
This service helps the operating systems driver to communicate with the hypervisor.
VMBus: All the communications that take place among the child partitions and the
parent partitions are done via VMBus. It is a channel based communication mechanism
and is installed with hyper-v integration services.
Virtualization service providers: It resides in the parent partition and it provides

synthetic device supports to the virtual service clients (VSCs) with the help of VMBus.
Virtualization Service Clients: These reside in the child partitions and whenever there is
a request from the child partitions, they fulfill it by communicating with the
virtualization service providers over the VMBus.
APIC (Application programmable interrupt controller): The interrupts outputs are

assigned priority with the use of the APICs.
Hypercall: It is the interface for communication with the hypervisor.
The virtual machines that are hosted on top of hyper-v are isolated by the partition
technology. The partition is creating different logical separation which is supported by
hypervisor in which the operating system executes. This hypervisor requires at least one
parent partition which is the root partition and runs Windows Server 2008. The parent
partition runs the virtualization stack and it has direct access to the hardware devices
and all the communication between the virtual machines and the hardware takes place
with the help of this parent partitions. The parent partition is responsible for creating
child partitions. These child partitions host the guest operating systems. Whenever a
new virtual machine request comes in, the parent partition creates the child partition via
hypercall API requests.
The partitions (shown in fig. iii) that are created by the parent partitions do not have
direct access to the physical processor. They just have a virtual view of the processor.
They run in the virtual memory partition which is allocated to each guest partitions. All
the interrupts to the physical processor are handled by the hypervisor and redirects the
interrupts to the respective guest partition. Beside this, the hypervisor can also
accelerate the address translation between virtual guest address spaces.
As said, the child partitions dont have direct access to the physical resources; instead
they have a virtual view of the resources which are known as virtual devices. All the
requests to the virtual devices are redirected via 2 ways, one is via VMBus, which is a
logical inter-partition communication channel and the other is through the hypervisor to
the devices that are in the parent partition, which handles the requests from the child
partitions.
The parent partition is responsible for hosting the virtualization service providers (VSPs),
these VSPs communicate over the VMBus for handling the communications of requests
from the child partitions. The child partitions send the device requests via the VMBus to
the parent partitions using the virtualization service providers hosted on them. High
level communication protocols such as SCSI are implemented by using Enlightened I/O.
This is a specialized virtualization aware service that Windows Server virtualization
features take advantage for I/O for storage, networking, graphics, and input subsystems.
This also utilized VMBus directly, bypassing the device emulation layer. Due to this, the
communication is more efficient through the hypervisor. It is part of the integration
service that comes with the hypervisor aware kernel and enlightened I/O which also
includes virtual server client drivers. A processor with hardware assisted virtualization
technology is a must for running hypervisor.
In the below diagram, all the partitions including a root partitions and child partitions of
type Windows, Linux are shown.
fig.iv
iii. Hyper-V Dynamic memory configuration:
The dynamic memory is the new feature in hyper-v that helps to manage physical
memory more efficiently. Using dynamic memory, the hyper-v treats the physical
memory as a shared resource that can be automatically distributed among the running
virtual machines.
The Dynamic Memory feature helps in managing the memory allocated to the virtual
machine by monitoring the changes in the memory usage by the virtual machines and
the value specified by the user. Without the dynamic memory configuration, the
memory of the virtual machine can only be altered after turning off the virtual machine.
It uses memory evaluator to monitor the usage of memory by the virtual machine, has a
data collector set to collect data based on which the decision is taken out about the
memory allocation. The Dynamic Memory Management results in more efficient
utilization of Memory resources and helps in increasing the performance of the
application by providing the right resources to the right virtual machines at the required
time.
Note: The guest operating system must support dynamic memory configuration in order
for the hyper-v to use this feature for that virtual machine.
iv. Windows Live Migration:
Windows Live Migration provides for high availability to applications by moving running
virtual machines across hosts.
This is a feature which is only supported by the hyper-v in Windows Server 2008 R2. It
also requires failover clustering feature to be added and configured on the servers which
are running hyper-v. With the help of Live Migration, one can automatically move a
virtual machine between nodes of the failover cluster without any downtime or network
disconnection. The state of all the running virtual machines are managed by one of the
nodes and all the virtual machines are running in the shared storage area.
Live migration helps in moving a virtual machine between nodes without any downtime
of service to the users. It first copies the memory of the virtual machine to be moved to
the destination host and then moving the virtual machine. The moving virtual machine is
unaware of the migration so, there is no special configuration required for the guest
virtual machine.
Live migration is different from Quick migration which is also an available feature in
Windows Server 2008 & Windows Server 2008 R2. Quick migration also has the same
functionality but it comes with a downtime. It saves the state of the virtual machine,
moves it from the present host to the target host and then restores it, so there is an
associated downtime with quick migration, but in live migration, there is a very
negligible downtime as it first copies the memory of the virtual machine and then moves
the virtual machine, this doesnt give any downtime to the users.
The live migration takes place in a series of stages:
Setup stage: The physical host transfers the VM configuration to the destination host via
a TCP connection with the destination host which helps in setting up a skeleton VM
creation at the destination host with memory allocation.
Memory pages transfer: The memory occupied by the virtual machine is copied from
the present host to the destination host over the network. After and while migration of
the virtual machine, the hyper-v keeps track of the memory pages that are modified by
the virtual machine and marks them. Hyper-v iterates the memory copying process.
During each of this memory copying process, the marked pages that were modified are
transferred from present host to the destination host.
Now, the source host registers and saves the state of the virtual memory and copies
them to the destination host.
During these copy stages, the network connectivity and the bandwidth is a very
important and critical to the process. The faster the copying takes place, the faster live
migration will complete. Now, the destination host
Storage movement: This is the fourth stage. During this, the storage (VHD files or the
pass through disk) is moved from the present host to the destination host.
After this, the destination has the full updated working set of the virtual machine and
storage, so now it is powered on at the destination host and then a notification is sent to
the physical network switched which causes them to re-learn the MAC address of the
migrated VM. Now, the network traffic is re-routed to the correct switch port.
v. Hyper-V network configurations
Same as VMware, Hyper-V also allows users to configure virtual network which is same
as physical networks with a software switch implementation. The virtual machines
connect to the virtual network using ports addition.
The various types of virtual networks are:
i. External virtual network: This is a type of network which allows virtual machines to
connect to the physical networks or connect to the machines located externally to the
server they are hosted on. It is recommended to use two NICs for the physical host, one
for the management operating system and the other for the virtual machines that will
connect to this external network. Because of this, the Hyper-v helps by creating a virtual
network adapter in the management operating system and the standard services and
protocols are bound to the virtual network adapter instead of the physical network
adapter and the physical network adapter and the virtual network service protocol are
bound to each other.
ii. Now, with the external network configured, all the networking traffic will be routed
through the virtual network switch which functions as a physical switch and routes
networking traffic to its destination through the virtual network.
iii. Internal virtual network: This type of network is used when the virtual machines
connected to it have to connect to the virtual machines on the same virtualization server
and the hosting operating system.
iv. Private virtual network: This is the type of network which allows virtual machines
connected to it to connect with the virtual machines on the same virtualization server.
A virtual network adapter is used to connect the virtual machine to the virtual network;
this virtual network adapter available for Hyper-V is of two types, they are:
i. A network adapter: This is specifically designed for Hyper-V and has a requirement of a
virtual machine driver which is included in the Hyper-V integration service, so it can
be used only with those operating systems that has integration service pack available.
This type of networking provides better performance than the other, legacy network
adapter.
ii. Legacy Network adapter: It emulates an Intel 21140- based PCI Fast Ethernet Adapter.
This provides networking capabilities which is suitable for two scenarios: When a
guest operation system for which the integration service is not available and when
network boot capabilities for the operating system is required. IT uses a driver which
is available in most operating system, unlike the virtual network adapter which is
Hyper-V specific. The legacy network adapter also allows booting to the Pre-Boot
Execution Environment (PXE).
A virtual machine is connected to the virtual network by logically connecting to the port on the
virtual network adapter. Any packet that has destination as the external end point must be re-
routed to the external networks virtual port via the virtual network adapter that is connected
to the virtual machine which is then redirected to the physical network adapter to the external
physical network.
When a virtual machine has to communicate with the management operating system, it has two
choices on the way it can do. One is that it can route the network packet to the physical
network via the physical network adapter and then the packet is returned to the second
physical network adapter to the hyper-v management operating system. The other option is to
use the virtual network determined path to route the network packet though the virtual
network. The virtual network has a learning algorithm which helps it to determine the port that
is most efficient to direct the traffic. And before the determination of virtual network, network
packets are sent to all the virtual ports.
MAC addresses used by the virtual machines can be static MAC address as well as
dynamic MAC address. Hyper-V maintains a pool of MAC addresses from which it assigns
dynamic MAC address to the virtual machines; this pool is created when Hyper-V is
installed. In Hyper-V in Windows Server 2008, one can define the ranges of MAC address
to prevent duplicate MAC addresses.
Virtual LAN: VLAN is also supported by Hyper-V by default. A VLAN ID is attached to the
virtual network adapter that is then connected to the virtual machines. So, the physical
network adapter that supports VLAN and VLAN ID is required for setting up the VLAN.
The virtual network should be configured to allow network traffic on the physical port on
the management operating system. And then, the virtual machine must be connected to
the VLAN that it will use for all the communication. The virtual machines can be
distinguished to be on different networks when they are connected to different ports.
The VLAN can be configured in two modes:
Access mode: For using this, the physical network switch that the physical network
adapter is connected to must also be in access mode. The virtual networks external port
is restricted to a single VLAN ID. For using multiple VLANs, use WMI. In order that the
virtual machine gains the external access on the virtual network, the virtual machine
must be configured to use the same VLAN ID.
The other mode is Trunk Mode: the connection between the physical network adapter
and the physical network can be shared using multiple VLAN IDs. For the virtual
machines to have access to the external network in multiple VLANs, the port on the
physical network must be configured in trunk mode. The specific VLANs and VLAN IDs
that are supported by the virtual network and used by the virtual machine must be
known.
vi. Disk and Storage:
Virtual hard disks can be used as a storage option on the management operating system
and then this storage will be made available to the virtual machines. The virtual hard
disks can be created and managed using Hyper-V management tool. The virtual hard disk
can be dynamically expanding disks which expand as the usage increases. The virtual
hard disks are stored as .vhd files, which makes them portable. The .vhd files must be
stored at a secure location and should not be created in a folder that is marked for
encryption, except those volumes that uses Windows BitLocker Drive Encryption.
Physical disk which are directly attached to a virtual machine can be used as a storage
option on the management operating system, so the virtual machines can access storage
that is mapped directly to the server running Hyper-V even without configuring a
volume. This storage can be either a physical disk which is internal to the server, or a
SAN LUN which is mapped to the LUN of the server. The access to the storage by the
virtual machines is exclusive and must be set in an offline state in Disk Management.
3. Xen Server:
Xen Server is another player in the Hypervisor market like VMWare and HyperV. The Xen
Server Virtualization platform also allows multiple operating systems to execute on a single
host or a physical server at the same time. These virtual machines work in the same way as
physical machines and this is made possible due the services and management provided by
the XenServer. In this system, the Xen hypervisor is the software layer that is deployed on
the hardware and it facilitates the running of guest operating system on top of it.
i. Xen Server architecture:

Below are the important components of Xen Server that enable the Xen hypervisor to
efficiently manage and help the virtual machines function same as physical machines.
Xen Hypervisor:
The Xen hypervisor is the layer of software that sits directly on top of the hardware and
abstracts the physical resources. The Xen hypervisor has the responsibility for CPU
scheduling and partitioning of memory of the various virtual machines that are running
on the hardware device. The Xen Hypervisor besides abstracting the physical resources
for the virtual machines, also controls the virtual machine execution. These virtual
machines share a common processing environment. The Xen hypervisor is unaware of
the networking configuration, external storage devices, etc.
Domain 0: This is a modified Linux kernel, running as a unique virtual machine on the
Xen hypervisor. This virtual machine is unique because it has special rights to access
physical I/O resources and interact with other virtual machines on the host. This is a
required component in all Xen Server virtualization environments before they start
hosting any other guest virtual machine.
Domain U PV Guest: All the virtual machines that are Para-virtualized and are running
on Xen hypervisor are known as Domain U PV guest. These can be considered as child
partitions and are run on modified Linux, Solaris or other UNIX operating system. This
guest has the knowledge that it is running on a virtualized platform, doesnt have any
direct access to hardware and there are many other virtual machines running on the
same server. This Domain U PV guest has two drivers that assist in the network and disk
access they are PV network driver and PV Block Driver.
Domain U HVM Guest: All the virtual machines that are fully virtualized are known as
Domain U HVM guest and are run on standard Windows operating system or any other
unchanged operating system. This guest is unaware of the presence of other operating
system and the fact that it sharing the resources of the physical server. This domain
unlike the domain U PV Guest has a daemon known as Qemu daemon which helps the
domain in network and storage access.
There are two drivers that are present in the Domain 0, which help in handling network
and local disk request from Domain U PV and HVM guests; they are Network Backend
Driver and Block Backend Driver. The Network Backend Driver can directly communicate
with the local networking hardware and process the entire virtual machines request
coming from Domain U guests. The Block Backend Driver can communicate with the
local storage disks to read and write data from the drive based on the Domain U guests.
Apart from these functional components there are few Linux daemons that exist with
Domain 0 and help in Domain management and control of the entire virtualization
environment. They are Xend, Xm, Xenstored, LibXenctrl, Qemu-dm and Xen virtual
firmware.
The Xend is the system manager and leverages the LibXenctrl library to make requests to
the Xen hypervisor. All the requests that are processed by the Xend are delivered to
libXenCtrl via XML RPC interface by the Xm tool which takes user input and passes them
to Xend. Xenstored daemon has the responsibility to maintain the registry of memory
and event channel information between Domain 0 and all other Domain U guests with
the help of which Domain 0 virtual machine sets up the device channels with other
virtual machines on the system.
The Xend talks to the Xen hypervisor with the help of LibXenctrl and privcmd, a special
driver within Domain 0 delivers these requests to the hypervisor.
Every Domain U HVM guests also has virtual BIOS, which ensures that the OS receives all
the instructions that are required by it for startup.
All the Domain U PV guests communicate with the Domain 0 via the Xen hypervisor for
all the network and disk access. There is an event channel that exists between the
Domain 0 and the Domain U PV guest which helps in their communication.
The interrupts are received from the Xen hypervisor which causes the PV Block Backend
Driver to access the local system memory, ant this driver reads the appropriate blocks
from Domain U PV guest shared memory, the data that is accessed from the shared
memory is then written at the specified location of the local hard disk.
The above discussed components are depicted in the figure below:

fig.v
ii. Host and Resource Pools:

A resource pool is a group of connected Xen Server hosts. There can at most 16 hosts in
a resource pool. The resource pool along with storage provides a platform on which the
virtual machines can be run. The virtual machines can be live migrated from one host to
another within a resource pool with a minimum downtime. This is known as XenMotion.
If the high availability is enabled, then in case of failure of a host in a resource pool will
automatically cause the virtual machines to be restarted on another host in the resource
pool, and even if it is not enabled, the virtual machines on that host can be manually
migrated and restarted on other hosts in the same resource pool. The resource pool is
homogeneous in nature, which means that each CPU in the resource pool must be of
same vendor, feature and model with all the hosts running same version of XenServer. A
XenServer host can only be added to the resource pool only if it has certain feature
besides being homogenous to the environment, they are:
The host must be licensed.

The servers providing NFS or iSCSi storage must have a static IP address.
(DHCP/manually).
It should not be a member of existing resource pool.
The clocks of all the hosts must be synchronized and same is the case with the pool
master.
No shared storage should be configured.
There should be no VMs that is running or suspended which is joining.
The VMs must not have any active operations, like powering off.
The management NIC of the XenServer host should not be a part of a NIC bond.
When a new host is joined to an existing resource pool, the local database of the joining
host is synchronized and updated with the database of the resource pool and inherits
the necessary settings, like the running VMs are updated on the pool wide database, the
joining host inherits the storage services of the resource pool and the necessary PBD
records are created which ensures that the VMs can access the storage repositories, the
NICs, VLANs structure are updated with some of the policy information being re-
configured.
In High Availability, the XenServer has the task of continuously monitoring the health of
all the hosts in the pool. This helps in automatically moving the VMs to the healthier
host in case of host failure. At any given time the XenServer also maintains a failover
plan of what to do when a host in the resource pool fails. The HA configuration has an
important concept known as host failures to tolerate which gives the number of
failures that are allowed without any loss of service. This helps in dynamically
maintenance of a failover plan which tells us what to do when a host in a resource pool
fails.
The virtual machines which have to avail the features of high availability must have an
agile nature, which means that their virtual disk is on a shared storage.
Each virtual machine in the resource pool must have a flag that shows whether the
virtual machine be protected with high availability feature. The virtual machines also
have an assigned priority which specifies that any halted VM will be started
automatically and in case the server fails, the virtual machine will be restarted on some
other host in the resource pools. The VM which has the lowest restart priority will be the
first to be restarted by the HA mechanism whenever the pool is overcommitted in case
of numeric priorities, overcommitted pool means that the currently running VMs could
not be restarted elsewhere following a user specified number of failure. There can be a
priority of best effort which tells that this VM is to be restarted when all the other
protected VMs will be attempted to restart and a VM can have ha-always-run=false
that says the VM is never to be restarted.
iii. Storage:
XenServer also helps in abstracting storage and mapping various kinds of storage devices
to the VMs. A container called Storage repository (SR) is hosted by XenServer. The virtual
disk images (VDIs), which are disk abstraction containing the contents of a virtual disks
are stored inside these storage repositories.
The storage hardware has interfaces that allow VDIs to be associated with a large
number of SR types. The XenServer host SR is very flexible with built-in support for IDE,
SATA, SCSI and SAS which can be locally connected. There are advanced storage features
that are associated with SR and VDI like sparse provisioning, VDI snapshots and fast
cloning. The other storage subsystems that do not fundamentally support advanced
operations like above, can use software stack provided by Microsofts virtual hard disk
(VHD). Multiple and different SRs can be used simultaneously which can be shared, or
dedicated between hosts.
Virtual disk images:
VDIs are of four basic types. They are:
VHD- can be used either as a local ext3 file system disk or on an NFS share. The image
file is of 2 MB size initially and automatically increases as the necessity, means it
occupies only that amount of space of the physical storage as much is required. The VHD
can also be chained, meaning that multiple VDI can share a common data. Whenever a
clone is made of a VHD backed VM, the resulting cloned VM share the same data as the
previous VM, both of them make their own copy-on-write version of VDI, this facilitates
the VHD backed VM to be cloned easily.
Logical volume manager (LVM)- this kind of format can be used either as a local disk or
shared storage, the access to the shared LVM can be provided using either a Fibre
channel or an iSCSI or a LUN which is hosted on a network array.
EqualLogic- this kind of storage is accessible via EqualLogic SR driver type and EqualLogic
storage array is used to host them. The LUNs are allocated mapped in a dynamic fashion
through the XenServer host management framework.
NetApp managed LUNs- This is accessible only via NetApp managed SR driver type and a
Network appliance device running Ontap > 7.0 are used to host them.
IN XenServer, the storage can be broadly classified into four different classes, they are:
I. The first is Storage repositories (SR), as discussed above, they are homogenous in nature
and contain virtual disks. It is persistent and on-disk data structure. Creating a new SR of
almost all types is same as that of formatting a disk which includes erasing any existing
data on the specified storage target. They are long-lived and in some of the cases, they
are shared among XenServer hosts, or can be moved between them.
II. The second class is PBDs which are physical block devices. They are the interface
between a physical server and attached SR. They act as connector object and can be
mapped to a XenServer host. They store the fields for device configuration which are
sued to connect to and interact with a given storage target. These objects are
responsible for managing task of runtime attachment of a given Storage Repository to a
given XenServer host.
III. The third class is Virtual Disk Images (VDIs) which are provided to the VM as an on disk
depiction of a virtual disk. These VDIs are the fundamental unit of storage in XenServer
which is provided by virtualization. They are also persistent and on disk objects that
independently exist of the XenServer hosts.
IV. The last class is the virtual block devices (VBDs), they also act as a connector object and
allow VDIs mapping VMs. It can be plugged to a VM and help in maintaining a fine
tuning of parameters like QoS, statistics and the boot ability of any given VDI.
The XenServer on a physical host also uses the local disk by default. The local disk and
the storage of a VM are managed using Linux logical volume manager and a VDI is
implemented as a LVM logical volume which can be of any size. The LVM based storage is
of high performance which allows dynamically resizable virtual disk. These virtual disks
are allocated completely which behave as an isolated volume on the physical disk. This
provides high performance storage but it doesnt have the flexibility of file based
storage. These local disks cannot be shared across resource pools of XenServer host, so
the VMs which have VDIs stored in SRs on the local disk of the physical host cannot be
migrated to any other resource pool.
XenServer also allows NFS V3 formatted NFS servers over TCP/IP to be used as virtual
disks in storage repositories.
iv. XenServer Networking:
Same as in any virtualization platform the physical NICs are used for enabling and
configuring networks within the virtual machines. The maximum number of NICs that
are supported by XenServer is 6 and the maximum number of vNICs per VM is 7.
The network entities are represented by 3 types of software objects, they are:
PIF or the physical network interface on a XenServer host. They are associated with a
globally UUID other than name, description, parameters and the network it is connected
to.
VIF or the virtual network interface. They are also associated with name, description,
and an UUID and the network they are connected to.
A network, this is an Ethernet switch placed on the XenServer host. These objects have a
name, description, collection of VIFs, PIFs and a globally UUID. There are one or more
networks on each XenServer host.
An internal network is the one which doesnt have any association without any
association to a PIF and this is used for communication between VMs on a XenServer
host only.
Those networks which are associated to a PIF can connect to the outside world and are
considered external. These act as bridge between VIFs that are connected to the VMs
and PIFs that are connected to the NIC of the physical host.
VLANs: Same as VMware or Windows, the VLANs allow multiple logical networks to be
supported via a single physical network. In order to use the VLAN with XenServer the
hosts NIC VLAN trunk port must be connected. The PIF objects which basically represent
VLAN interfaces that are corresponding to a specified VLAN tag which denote the
XenServer VLANs. The XenServer host is responsible for handling all the interpretation of
the VLAN tags before routing the packets to the VMs.
NIC Bonds: This concept is same as NIC teaming in VMware. It utilizes the use of 2 or
more physical NICs as one. If one of the NIC in the physical server fails, the other NIC will
continue functioning and all the network traffic will flow through this. They function as
an active/active mode balancing traffic between the NICs. In order to be bonded, the
underlying physical NIC must not be in use.
They are represented by additional PIFs and the bond PIF can be connected to a
XenServer network, so that the VM network traffic and host management functions can
work over the bonded NIC. This Bonding is dependent upon the number of NICs in the
host. The VIFs will use only one NIC in a bond at any given time.
The PIFs that are used for the management operations is the only PIF which has an IP
address and the external networking for the VMS happens by bridging the PIFs to VIFs
via a virtual network switch.
VI. Virtualize your environment:

The Virtualization technology and the breakneck speed at which Computer Processor
technology has progressed has enabled the IT organization to think about how to
incorporate virtualization in their environment and give their customers the maximum
benefits.
The Increase in CPU capacity wherein you have multiple cores and multiple sockets in a
single Server provides enough CPU and Memory capacity to run multiple operating system
images on a single server.
Virtualization, in computer, is the creation of a virtual (rather than actual) version of a device
or service, such as a hardware platform, OS, storage device, or network resources.
Virtualization is an art of slicing the it hardware by implementing virtualization technology
or hypervisors on top of IT hardware and convert physical infrastructure into virtual servers,
Virtual Storage, Virtual Networks etc.
Virtualization can be regarded as part of an overall trend in IT enterprise that includes

autonomic computing (scenario where the IT environment is able to manage itself based on
perceived activity), and utility computing (where computer processing power is perceived as
a utility that the clients can rent and have to pay only for whats needed.) The usual goal of
virtualization is to unify administrative tasks through a centralized console while improving
scalability and workloads.
Before migrating applications from a physical environment to a virtual environment, there

must be clear overview of the technologies that is going to be used. The technology should
be chosen according to the application and the enterprise must have a clear view what it is
going to be after virtualization, its advantages as well as drawbacks.
Physical to virtual migration:

Before going any further, there are a series of steps that should be carried out:
1.Pre-migration:
As a first step the list of stakeholders who will be involved in the exercise needs to be
prepared and this will include:
o Program Sponsor
o Project Manager
o Data Center Specialists
o Network Specialists
o Security Specialists
o Virtualization Experts
o Application Owners
o Vendors
o Process Teams
o Operations Support Teams
The Pre Migration exercise should create an inventory of the following:

o Hardware Resources including Compute, Network and Storage
o Software /Applications
o Storage
o Network Resources
o AD / DNS / IP Addresses
The Mapping of Software and Applications and analysis of the same for virtualization is
essential. Most applications can be virtualized with the exception of few legacy applications
or applications which may need certain features which may not be available in the Virtual
Platform. As an example applications which required a hardware dongle were not virtualized
but newer technologies may enable the use of such devices and make them available to
applications running inside virtual machines.
Use Capacity Planning software like Capacity IQ to document and analyze the performance
data of applications and provide a baseline for movement to Virtualization.
Basis the inventory an architecture and resource requirement for Virtualization needs to be
created which will define what will be virtualized and placed where. The Hardware and
Software resources which will be required to complete the virtualization project are defined.
Choose Physical to Virtual Software which will automate the process of converting the
Physical Machines to Virtual Machines.
There should be a clear view of the physical resources that are going to be virtualized, like
the whole enterprise application or is it just the servers which is going to virtualized. Storage
virtualization that is going to be used in case of storage virtualization.
The application or the servers to be migrated should be able to sustain a downtime. There
should be proper planning to minimize this downtime caused due to migration. For a
physical server virtualization, there can be an immediate replacement of the physical server
with the applications replicated over it, so there is least downtime or else the server will be
up only after it is completely virtualized.
There must have a good knowledge of the hardware requirements that is needed for the
proper functioning of the virtualized servers. The ratio of the virtual machines that can be
run on any physical servers should be high enough for cost effectiveness of virtualization.
For ex, virtualizing a physical server which can host only 2 VMs at a time of needed
requirements might not be a very good option.
The most important factor is the storage, as the virtual machines are stored as files in the
hard disk and there should be proper knowledge of the storage requirements for
virtualization. If there are 2 virtual machines each with 100 GB of storage which are going to
be hosted on a physical server, there should be at least 150 GB of storage which is required,
which may also be dependent upon the application. In case, a storage over a network is
used, like SAN, there should be enough capacity available in the SAN and if required the SAN
should be expanded.
The software running information on a virtualized environment is a must. There should be
proper knowledge of the software and how it is going to function in a virtualized
environment. There are certain application which wont work in a virtualized environment or
do not function same as they do in physical environment.
The servers that are going to be created after virtualization must also follow a proper
naming convention. This makes the virtual machines distinguishable from the physical
machines that is not at all virtualized and provide easy management.
2.Post Migration
After proper planning and considerations of the important factors, we can proceed with the
virtualization process. There are a lot of physical to virtual machines conversion tool from
different vendors like VMware convertor tool, PlateSpin, etc. These tools are simple enough
to use and provide many tasks which make it easy for administrators for the P2V conversion.
There are various post virtualization steps that must be carried out to ensure proper
functioning of the resources after virtualization and meet the expected performance.
The extra hardware functions which are no longer required like USB port, Ethernet Cards,
etc. must be disabled on the host which is virtualized for security reasons and better
performance.
When the virtual machines are started for the first time, it should be tested to run properly
as standalone, so it should be powered on with its network card(s) disabled.
After the virtual machines are powered on, the critical applications should be tested so that
there are ensured to run efficiently on the virtual machine and give same performance as on
physical server.
After successfully completing all the above steps, final server configuration to make the
applications back alive. The network configurations should be made and if theres a
temporary server running to reduce downtime, then it can be shut down and the services
can be ran from the virtual machines now.
Risks and Problems with virtualization:
There should be proper management of role based access control for monitoring who can
create a VM or manage the virtualize environment. A small stopping or starting a VM which
conflicts the environment can bring down the whole production environment. It has been
found in many organization that there are more VMs than what is actually needed, it results
in VM sprawl and hence, wastage of resources. It has been found at many organizations that
people create VMs and forget about it, this leads in the VM sprawl. There should be proper
auditing at regular interval to monitor the number of VMs created.
The VMs should be properly patched on regular basis and the operating systems that are
running on the virtual machine must be properly licensed and must be following the
enterprise policies in running the VMs.
There should be a proper naming convention that should be followed in naming the VMs,
this helps in recognizing the VMs and distinguishing between them. A common practice is to
use logical names for VMs. But the problem in most IT enterprises is that they do not follow
naming conventions properly and the virtual machines were created long before there was
any naming conventions implemented, this creates a mess.
All the security considerations that are followed in physical environment are still not
functional in virtual environment; the security is a great concern for all the enterprise level
applications and must be dealt with properly to ensure full security.
Different customers, who are competitors to each other in real world market, can have their
VMs running on the same physical servers which may not be a good option. There should be
proper isolation between the virtual machines that are hosted on a physical server, to
ensure data security.
In case of disaster recovery, restoring of a virtual machine from a backup can be faulty and
may not function properly as expected. There are often cases when the VM back up fails to
restore at a different location and it should be managed with proper network and other
configurations.
Enterprises have their own policies for banning specific internet applications, but with the
virtualization and VMs people have another tool which they can use for running these
applications. A VM can be created on any system, even on a laptop, so there is potential risk
of people violating the IT organization policies.
VII. Managing a virtualized environment:

Virtualization with all its advantages discussed above, comes with a great management
challenges. The support that is required in case of virtualized environment can be
categorized into two broad categories. One is related to the technical support which deals
with the support, proper and efficient implementation of virtualization technology and its
issues with the business. The other support is for the software related which takes care of
the version control and compatibility between various vendors, OS, virtualization software.
1.Technical support:
After the implantation of virtualization in a business, things tend to be overlooked and
forgotten about which may compromise the security and efficiency. So, technical support is
an essential part of the organization to take care of such issues which prevent and help in
implementation to get the maximum out of it.
During the implementation of any software/applications at the hardware level, this kind of
support is automatically provided from the hardware vendor when it is purchased. Now,
after the implementation of virtualization, these things are not as simple and must be dealt
with. If an organization runs an application in a virtualized environment which was not
supposed to, the vendor whose virtualization software is implemented may not provide
technical support, which may cause problems.
Usually, when the software/applications used to run within a single environment, it was
quite easy for the technical support team to function with the help of simple scripts while
troubleshooting. And then the client-server model was developed which caused the
software to be distributed among different servers at many different locations and has tight
integration between them. This made the job of technical support team a little bit more
complex as they now had to manage different scenarios for troubleshooting a problem
related to a single application which may be caused due to many different reasons.
Now, with virtualization technology the complexity has increased for the technical support
team. The traditional software till now were designed to function on a physical environment
rather than virtual environment and these applications were tested to work properly as
expectations on a physical environment but it may not be the same in a virtualized
environment. The software vendors might not be sure and havent tested how these
applications function on a virtualized environment; they might not be as stable as in physical
environment. Hence, the technical support team of the software vendor might not be of
much help when implementing that software on a virtualized environment, this might cause
problem for the organizations, up to the extent that the applications stops working after
they have migrated to the virtual environment. And the technical support team of the
software vendor might be of no use when they reach them for help on this because they
also do not have knowledge of this kind of scenario.
The main cause of this problem is that the software vendors test their applications only on
the most commonly used platforms and not in all the scenarios. Most of them follow what is
known as 80-20 rule, i.e., they would only test their application on 20 percent of all possible
other platforms, so that they can satisfy the need of 80 percent of the customers. They dont
try it on the new and emerging technology and thus do not guarantee the working of that
software on them. Now, that virtualization has been famous and is being widely used by
many organizations, but the software vendors do not test their application on new and
emerging technologies like virtualization. So, all the applications that one can deploy on a
physical environment are still not available to be used expectedly on virtualized
environment. So, it will be a good practice to confirm with the software vendors about the
functionality of the software on a virtualized environment and will they be getting technical
support from the vendors while implementing that software on a virtualization platform.
2.Software support:
This type of support refers to the situation which particular software is supported by which
particular platforms, which can be virtualization, or any other, like what all
software/applications has been tested to run expectedly on which platforms. This is different
from the support at the hardware level where, support is needed to know what and how to
provide virtualization platform on what type of hardware.
There is an host operating system level support which is for the virtualization on a hosted
platform, which tells what vendors virtualization will run efficiently on a host OS.
There is an guest OS level support, which is need to know to run the applications on the
same OS on which it was run when on a physical server, but they need to have the support
of that application on that OS in a virtualized environment.
This application level support is different from all the other level of support. This helps to
know whether a particular application can run or not and how efficiently on a particular
virtualized environment. It tells us the necessary requirement to make that application run
on the virtualize environment. Organization should always confirm with the virtualization
platform vendor whether it will provide support or will the application run on the virtualized
environment. The large IT giant Microsoft published Microsoft virtualization support policy.
So, that the software vendors can run and test their applications to run on the Windows
Server 2008 in a virtualized environment.
3.Capacity Management:
World Wide enterprises are implementing virtualization for the keen need of resource
utilization and infrastructure efficiencies when it comes to handing demand spikes, making
provisioning process highly optimized, and business driven with least delay from order to
receipt. All provisioned machines must be placed in such a fashion that underlying
infrastructure is utilized maximally and there are least delays in placing virtual machines
over underlying cloud infrastructure.
As it is for every new technology in the monitoring, it always opens a whole lot of
opportunities in various fields. The most important is the monitoring the performance of it.
So is with virtualization, there is need to monitor the performance and manage capacity
without which it may lead to no advantages of virtualization.
The goal of the Capacity Management process is to ensure that cost-justifiable IT capacity in
all areas of IT always exists and is matched to the current and future agreed needs of the
business, in a timely manner. In virtualized environment implementing organizations have to
plan for managing their data center capacity and ensure highest levels service performance
and continuity. Inputs for determining capacity requirement are taken from Performance
Data, Business Trends, other virtualization service management processes like Demand
management, Service level management, Service Portfolio Management, Change
Management etc.
Virtualization introduces the aspects of multi tenancy and shared infrastructure which is
leased or rented rather than being bought and as we discussed earlier it changes the way
Capacity Management is done.
Closer links with Financial Management will be the key to understanding the costs
associated with the various options provided by virtualization and using this information to
assess which will best meet the needs of the business. The purpose of these costs and sizing
the environment correctly will be critical to ensure that using virtualization actually pays.
A business may face many issues if they do not manage capacity and monitor the
performance. By managing the performance of the virtualized environment means
managing their physical as well as virtual machines. There must be detailed information
about the activities inside the servers which will help in troubleshooting any problems that
may occur in the set up and the organization will be able to use the resources efficiently. The
problem solving or troubleshooting can be made very easy if the detailed description of the
problem or the activities is known because by this we can know about the root cause of the
problem.
The performance of the virtual machines hosted on physical servers doesnt necessarily
depend upon the hardware, but it also depends upon external factors such as network link
speeds, storage access speeds, etc. So, it is important to have a in depth knowledge of all
the factors that may affect the performance of the virtual machines and can lead to the
degradation of the service.
There are a lot of performance management tools which help in making our work easier, by
monitoring the performance of the environment and can also be used for generating alerts
upon the specified metrics. These tools give us in depth details of the performance of each
of the assets and their usage upon the span of time. Without these tools, monitoring
capacity and managing performance will be a tedious task for the administrators and may
not yield the maximum output. It is advisable for the administrators to manage all the
virtual machines in a domain rather than managing each and every virtual machine
individually. This helps in managing all the virtual machines in a group rather than as
individual elements in a virtualized infrastructure as a black box.
Then the performance and capacity related detailed information is provided for the entire
black box. This information can be used to derive information about the efficiency and
utilization of the resources very quickly. It will also give the information about the access
speed of the storage (which can be SAN) by the virtual machines.
Hence, we see that these practices help in making the business management strategies very
easy and effective and can help generate the maximum output.
The tools that are used for performance management and monitoring capacity also has
features like defining the user based customized metrics that can be used to monitor the as
per the requirement of the environment and gives the user detailed view of the
performance and capacity usage. This also helps in providing data in a very representable
format to the administrators so that they can deduce the required conclusions.
4.Licenses and agreements:
Along the other important factors to be considered while establishing a virtualize

environment, licensing is one of the most and is often overlooked by the businesses. License
of a software determines whether it will provide the required services in a virtualize
environment and also gives the details of the pricing for the usage of the service.
The usual licensing model that were/are being used in the physical environment are not
applicable in virtualized environment, hence there is a requirement of the new licensing
model to meet the need.
CPU (number of virtual cores present) and memory are the most important factors today in
licensing and most of the software use them for licensing and pricing.
New licensing model is different from the old model where it was based on the number of
copies of the software, one has or upon the amount of hardware. But software are very easy
to be copied and changed and that poses a difficulty in modeling the license in the virtualize
environment because it is much more difficult in keeping track of the software.
Whereas hardware, such that total number of memory and the CPU that a virtual machine
has is less likely to change over time, so it is easier to base the licensing model on the
hardware metrics such as the number of vCPU cores that a machine has than on the number
of copies that the software has. The software license can be based on the number of cores
for different amount of vCPU cores, like separate license for two cores, three cores, etc. and
a business will purchase those software license based on the amount of the cores their
servers have and will not worry about the number of software copies running on virtual
environments.
This licensing model based on the hardware rather than the number of copies is beneficial
for both vendors as well as the customers. It is beneficial for customers because they can
save investments for the purchasing of license and it is also good for vendors because they
have based the license on the amount of hardware and are secure about the breaking of the
license terms unless the hardware configuration of the servers are modified which is not as
much frequent in real day scenarios.
While dealing with the license issue, it is important to know which software the business
uses for virtualizing the infrastructure. Because the performance of different platform is
different platform is different, some may allow one to run more number of VMs on the same
hardware than other. The choice of the software may depend on the need of the customers
and should try to get the best that suits the requirements.
While conversion from physical environment to virtualize environment, the previous license
agreement must also be checked and necessary changes that are required must be done,
which may also incur some additional charges for the up gradation, which must be
monitored and analyzed properly because it may lead to a case where the additional cost is
more than or equal to the cost saving. A wise solution to this might be to wait till the
existing license agreement of the software expire and then the customer can migrate to the
virtualize environment.
The business should properly research on the effects of migrating from physical to virtual
environment which includes the cost saving as well as the compute advantages. The reasons
must be good enough and it must be beneficial for the organization to migrate. There must
be a justifiable reason for migration because it may lead to greater problems after migration
for issues such as licensing and contracts and the organization may end up in loss due to
migration instead of cost saving.
5.Functional considerations:
A virtualize environment is very much different from a physical environment. It changes the
entire infrastructure, way the business operate, how people in the organization work and
the roles of the employees is greatly affected. The changes must not be overlooked and
must be carried out properly and in a planned manner.
Change in the role and the work of people.
The most important change that happens in the organization after migration from physical
to virtual environment is in the way how people work. The people must adapt to the
changes that occurs while creating a virtual environment which is not same as physical
environment. Like, many different machines can exist on the same host and an employee
may have to work on a host which is now shared by many different people.
The migration brings a lot of consequences for the business, first of all, the organization
must impose proper security rules for the virtual machines, such that the person only has
access to the machine which is allocated to him and cannot access the other virtual
machines on the same host or in the environment. The business should also organize the
time of the work of the people such that time people access their virtual machines, the
physical machine which host their virtual machine must be free, or it can simplify this by
using desktop based virtualization in which the virtual machine is stored on the server and
can be accessed via a thin client at any time, or else the ports for RDP or SSH is open on the
virtual machines. This enables the employees to work at their own time like they used to do.
Administration and the skills required
Virtualization imposes more administrative overhead than the physical environment. The
administration of the virtual environment becomes more complex than the physical
environment. There may be a lot of changes in the departments of an organization which
needs to be considered. There may be few departments in the organization that will not be
required whereas there may be few other departments which may need to be added. The
central administrative task of the virtualize infrastructure becomes complex due to reasons
like, the servers are at different locations and various resources are scattered. The
administrative department of the organization in a virtualize environment may require more
than one administrator or administrative department depending on the organizations size.
There are many different aspect to the administrative work that needs to be done in a
virtualize environment. The best practice of administration will be to assign different people
for different work that needs to be taken care of. There can one person assigned to monitor
the physical servers whereas other person is assigned to monitor and manage different
virtual machines on the servers.
The administration the virtualized environment also needs administrator with knowledge
and skills to manage the same. This incurs extra effort by the organization to train the
individuals to gain that kind of knowledge and sometimes leads to the downsizing of the
departments as there are less physical servers now in the virtualized environment. The
migration helps the organizations to get rid of the repetitive tasks that were carried out in a
physical environment because the administration and the environment become more
mature and it can direct the resources to other tasks within organization.
The smooth transition from a physical to virtual environment requires some steps. The
network configurations of the virtualized environment are very important, failing to which
there can be a lot many potential problems. The employees must know about the changes
and must be given required training.
VIII. Storage Virtualization:
1.Introduction
Setting up a virtual environment, an organization must consider storage virtualization.

Storage virtualization pertains to the pooling of physical storage from multiple sources over
the network into a logical single storage device. This logical storage device seems to be a
single device to the servers and can be managed from a central management console. There
are various forms in which storage virtualization can be achieved; the most common of
them is SAN which is storage area network. Using such kind of storage virtualization just like
SAN, the management of storage, distributed over the network can be made very simple
and easy which can be very tedious and can impose large administrative overhead.
The various storage management tasks such as backup, archiving and recovery are made
very easy and fast from a central management point. There are many such tasks that can be
performed from the central management point, but the architecture of SAN is much more
complex and is not exposed to it.
The storage virtualization like any other virtualization can be achieved using any software
based virtualization software or using a hybrid solution to achieve it.
There are various different approaches to achieve storage virtualization, some of them are
very easy to implement. An organization should consider a lot many facts before carrying
out the storage virtualization in their environment, like how to get their conventional
environment storage to a virtualized environment considering cost and performance, If
there is an existing storage equipment that can be used?, Is there a SAN type structure in
their environment?, Can their equipment work in SAN?, what are the consideration they
should take care of while migrating to SAN? The architectural considerations, how the data
will be impacted? Etc.
Storage virtualization is the abstraction of the resources providing a combined storage

solution hiding the underlying architecture with proper isolation in consideration. It is the
aggregation of resources from various devices and adds new capabilities to the lower level
storage resources. Storage virtualization can be categorized into four different layers
underneath, these layers resources get abstracted and is presented to the above layer. They
are:
Storage devices (like the disk drives)

Aggregation of blocks
The file/data layer
The application layer
Disk drives are abstracted from several blocks which are aggregated to form a drives. The
blocks are formed by the compilation of several files, thus, the below layer are the building
blocks of the layer above.
The different techniques that are in practice for carrying out storage virtualization at each of
the above layer, they are: RAID groups, physical storage, Logical unit number (LUNs), storage
zones, LUN subdivision, LUN masking and mapping, logical volumes and their management,
file systems & database objects. These techniques achieve their goal using devices like, array
disks, array controllers, storage switched and routers, discrete virtual devices, host bus
adapters OS, virtualization at the application layer, etc.
A very basic storage virtualization can be achieved by abstracting the physical devices to
virtual devices. These devices can be accessed from servers/application without knowing
the underlying architecture. This technique is not as simple as it looks. It hides the complex
underlying working. It uses the virtual interfaces which are similar to physical interfaces, and
the basic operations like adding, changing, replacing, etc. are similar to the physical
environment.
2.Types:
Storage virtualization can be better explained by explaining all the layers of it.
i. Disk virtualization
Virtualization in disks has been implanted in disk long since, people know. Disk
architecture is very complex which is hidden to the users, it has cylinders, heads and
sectors. The size of the disk varies with the number of cylinders. The virtualization at eh
disk layer is done by the disk firmware. The cylinders addresses are transformed into
consecutively numbered logical blocks which are used by OS and application. This
technique is known as logical block addressing (LBA). Now, the size of a disk is known by
the number of LBAs it has. The firmware also takes care of the defected blocks inside a
disk by mapping them to a pool of spare defect free blocks. Thus, it helps in hiding the
underlying complexity and abstracting the resource underneath to be used by OS and
applications.
ii. Block virtualization
The block level virtualization is where most of the new technologies implementing
storage virtualization operate. It is achieved by manipulation of magnetic disks into
logical block addresses, and this is how several physical disks can be abstracted to form a
single logical device. The physical limits of individual devices are overcome and a bigger
disk, which is a large virtual disk with a large logical block address range. Other services
can be introduced into the block virtualization layer, and helps in dealing with
performance, availability, and other important storage attributes.
Block virtualization is about controlling the individual physical storage assets by

combining them to logical volumes to provide sufficient capacity, performance and
reliability so that the storage needs of the consumers is met hiding the underlying
infrastructure and the overall storage looks like a single device. The virtualization
technology is responsible for mapping the I/O requests to the respective physical storage
devices. It also makes the solution scalable by addition of new or extending the existing
the storage to a large ones. The smaller logical volumes are created from a single large
physical disk by slicing which is known as LUNs. For greater performance, it is a good
practice to stripe data across multiple disks or multiple arrays. RAID technology can be
implemented to ensure availability of data.
iii. File virtualization
The most common example of file level virtualization is the hierarchical storage
management (HSM). It is the automation of rarely used data to the least expensive
secondary storage media like, optical disks, tape drives or SATA, which can be low cost
and of high density. The users and applications continue to access the data while
migration. The HSM stores the metadata which along with the pointer ensures that the
migrated file is not lost because they are updated. These help in retrieving the file and
presenting to the user while the actual location of the file is invisible to the user.
3.Ways:
The storage virtualization is carried out differently by different vendors. They operate at
different layer of the stack, they can be as follows:
i. Host based virtualization
This is achieved with the help of logical volume managers, which are also use for
SAN. The host based LUN manages the aggregation of the physical storage from
many LUNs which are seen as one disk drive by the hosting OS. It is also
responsible for the management of health of the individual disk resources which
are under the OS control. It maintains the high availability using the
implementation of software RAID with advanced features like snapshot and
replicating remotely. The host based storage virtualization supports
heterogeneous storage systems. Most of the LVMs used today allow scalability of
the file system so that it can be increased in size when required, but the storage
provisioning must be performed in each of the host which makes it quite
intensive mechanism. One would rather consider the usage of cluster volume
manger in a homogenous environment so that the volumes are common to
multiple servers.
ii. Storage based virtualization
Storage based virtualization uses features of RAID, snapshots, LUN masking and
mapping. Unlike the host based virtualization, it is independent of the host
operating system and the applications. It also uses features like caching which
help in delivery optimum performance in relation with the hardware. It is
confined to a single array. Snapshot of a volume and the volume itself is stored
on the same array. In some cases it may extend to multiple arrays or a cluster of
arrays or controllers, but still it is restricted to the use of hardware from a single
vendor, i.e. it is homogenous.
iii. Network based virtualization

This type of virtualization includes the advantages of both host and storage
based virtualization. It provides automated storage management which helps in
the management of the storage resources easily. It is heterogeneous in nature. It
is implemented using some agent software which is installed on the host and
black box appliances in the SAN fabric. It combines multiple LUNs from multiple
arrays to form a single LUN which is presented to the host. It also helps in slicing
of a single LUN into smaller virtual LUN and can be presented to the host. It
provides replication both synchronous and asynchronous within as well as over
WAN. The security policies are tightly integrated; means LUNs associated to a
host can be accessed by that specific host only. It also includes services like
caching, volume management, on demand storage, scalability and Quality of
service.
There are 2 ways in which SAN and storage infrastructure is integrated.
They are In-band virtualization in which the SAN is in between the storage devices and
servers and all the I/O data and metadata pass through the SAN.
The other way is Out-of-band in which the SAN has access only to commands and
metadata and the I/O directly goes to the storage devices.
There exist a hybrid approach for this which is known as Switch-based-virtualization

which is the combination of both in-band and out-of-band types. There is out-of-band
meta-controller which helps in discovery of device discovery, volume configuration and
I/O error handling. This meta-controller works together with the intelligent ports to
perform in-band operations such as replication. There are two ways in which this can be
implemented, they are as follows:
Command termination and redirection: In this the switch acts as an I/O target for hosts
and initiates I/O for storage. All the requests from the host terminate at the switch
which transforms the requests and reissues it as a new one to the storage. The output of
the storage is transferred back to the host.
Packet Cracking: The I/O output request are sent from the host to the storage, and in
the middle the switch examines and transforms (if required) the packet headers and
payload. During replication of a LUN, the switch would extract the payload from the
write, make a copy of it and send it to another switch port to do the task of replication.
4.Storage Area Networks
SAN architecture is similar to the LAN architecture. Just like LAN, which enables multiple
system to connect and use IT resources on shared basis, such as applications, servers,
shared files, devices, etc. SAN also provides the same functionality but by sharing the
storage devices like file systems, disk arrays, tape drives. Some of the key advantages of
SAN are:
Scalability: SAN allows the expansion of storage system very easily as per the
requirements.
High Availability: SAN ensures that data is available all the times, like when a device
fails, etc. It provides this by replication, backups, etc.
Centralized Management: SAN can be managed via a central management point

which reduces the human effort and provides ease of use.
Resource utilization: SAN provides high resource utilization and is a cost efficient
model and provides value for money services even on device failure or during
performing backups.
Fast data restoration: SAN has features which help in fast data restoration in case of
data loss. So, less time amount of time is wasted during restoring.
i. Components
Servers:
SAN allows multiple servers from different vendors and with different operating system
to share resources to connect to SAN. It is advisable to use fibre-optic cabling, which is
implemented using fibre-channel card known as host bus adapter (HBA). Multiple
servers can be connected to a SA using either a single of dual connections. In case of
dual connection, SAN gives a fallback solution, such that when one fails, the connection
is still active on the second one.
Infrastructure of SAN:
There are several components whose combination helps in building SAN. They are
hardware, cables and software components which help in moving data in and out and
within SAN, Host bus Adapters and fibre-channel switches. The servers are connected to
each other and to other storage devices using the Host bus adapter and the switches. In
case of failures or congestion, the problem is immediately detected by the switches.
These switches provide intelligent routing of data to the destination device. The switches
also help in increasing the number of available connections to the SAN. These help in
providing greater performance and diagnosis against connection failures.
Disk storage:
The disks or RAID arrays help in providing dedicated storage for servers connected to
SAN. While writing the data, SAN provides writing to the multiple disks within an array,
to prevent data loss, even if one of the disks fails. The disk devices also provide features
like fault-tolerance. As said, SAN allows expanding the storage when needed. It gives
greater performance and shared storage access by multiple servers which may be
running different operating systems.
Tape Drives:
SAN allows any types of disk storage, disk arrays or internal disk of a server within it to
connect directly to a tape drive via fibre-channel. This is helpful while availing features
like fat backup and recovery. The attached tape drive can be used for backing up any
kind of data in the SAN for disaster recovery scenario. The backup can be performed
without the data being transferred to the servers. This enable offline backup which
prevents the user for dedicating a resources within SAN. The tape drive can then be
detached and kept at a safe location and data can be easily recovered from it while
failure. Thus, the backup and restore process is made simple though it is also available in
SAN.
Centralized management software:
This is the most important part of the SAN. It helps in making the management easy. It
provides configuration and optimizing the individual components for the best setup. It
can also be used to monitor the entire network and gives a detailed description of the
bottlenecks, areas os failures, etc. which can be used for best performance. It can also
be used to automate tasks which can be time consuming and human labor intensive. The
management gives the usage reports and helps in managing the available storage
devices as a single pool of resources which may be located at different location.
ii. SAN and Availability Management:
High availability of critical applications is very important as a downtime can incur huge
losses. SAN helps in providing high availability via a number of techniques, they are
discusses as follows:
Server Clustering:
Cluster is configuring two or more servers to be connected using some special settings. It
provides various advantages:
It helps in load balancing distributes the processing requests among the different servers
configures evenly so that none of the servers are overloaded and other is ideal. Now, as
we know that servers in a cluster need access to same storage which is shared among
them. So, they require an external storage system which is fulfilled by SAN. SAN provides
multiple connections to storage. Thus if we have our application running on multiple
servers and the database on the SAN, even if one application server fails, the service is
still available via the other servers which has connection to same database. So, SAN
helps in implementing Load Balancing as well as High Availability.
Multi-Pathing:
There are several components which help in connecting the servers and the network
storage solution. They are HBA, Switch, Cables, array controllers, etc. Multi-pathing
prevents the failure of connection through these components. As the name suggests,
there are multiple path for the connection between the servers and the network storage
solution. This gives us redundant components which ensures that if one of the
connection paths fail then the data can be transferred uninterruptedly via the other
path.
Storage replication:
If one or entire data sources fails, the same data should be accessible from other
resources. This is done by continuously copying the data from the prime location to a
secondary location which is a remote sight. SAN helps in providing this solution by
synchronously replicating the data from the data source to some other location. The
replication happens between two disk arrays for higher-end implementation. And for
smaller implementation, the replication can happen among servers over a TCP/IP
network. SAN can provide one-to-one or one-to-many or many-to-many replication and
data is synchronized and copied as incremental blocks, i.e. only the data that has been
modified since the last copy in replicated not the whole data, this is done to minimize
network traffic.
2
Cloud
Computing
I. Introduction
The term cloud computing describes highly scalable computing resources which are
provided as external service over the internet billed as per the usage, i.e. pay-as-you-go
basis.
The main focus of cloud computing is that the customers only use what they need and when
they need and get billed for that appropriately. The Cloud refers to immense pool of
resources from which the services/resources can be used at any time over the internet. The
services are made so simple to the consumers that they dont have to worry about the
technology and management working behind the scenes to provide them the compute
services on demand. This is the reason why cloud computing has another name. It is also
sometimes referred to as IT-on-demand.
The services offered by cloud computing uses the servers at a remote location which are
maintained by the service providers in secure data centers with all the features to ensure
reliable service to the customer.
There are various types of Clouds viz. Public Cloud, Community Cloud, Private Cloud etc.
Latest analyst reports depict that cloud market will continue to grow exponentially
Worldwide companies are investing more in to cloud service or strategically intent to do so

in coming years.
fig.vi
This book will address basics of cloud computing and provide an in depth view of services
provided by the various leading service providers in the market.
II. Cloud Computing defined:
As defined by NIST, Cloud Computing is a model that helps in providing convenient, on-
demand and cost effective network access to a shared pool of unlimited configurable
computing resources (which includes- networks, servers, storage, applications, and services)
which can be rapidly provisioned and released with minimal or no management effort or
service providers interaction.
The consumers can rent the services from the service providers and use them, they pay only
for the amount of resources they used on the metrics that are defined by the service
providers. Such a Cloud Model has three service models, and four deployment models
which we will explain in this chapter.
Cloud is the buzzword these days. CIOs and key decision makers are seriously considering
Cloud to align IT with their business. Technology providers are rushing to acquire cloud
capabilities or build them.
The impact of Cloud Computing has been realized way beyond the critic interpretations and
all so called buzzword or hype names. Virtualization technology which is at the heart of
Cloud Computing appeared magically, right on cue, when it could be put to excellent use for
optimized date center operations. Revolution is the word which truly interprets the impact
of Cloud Computing in the way technology is being offered.
The primary benefit of cloud computing solution includes a lower total cost of ownership
that results from the more efficient utilization and leveraging of technology. For example,
through the use of virtualization technology, several servers may be consolidated down to
just one physical server resulting in reduced cost as well as providing enhanced support
capabilities via centralized automated management.
III. Service Models
fig.vii
There are various types of services that can be provided by the cloud service providers. The
term Cloud Service Models defines the type of cloud services which can be provided by the
service providers and consumed by consumers. There are different models which cater to
various kinds of requirements, and can accomplish different business goals. This can be
categorized into 3 models depending on what customers seek.
1. Cloud Software as a Service (SaaS)

By cloud software as a service or SaaS in short, the consumer can use the applications that are
running on a Cloud infrastructure provided as a service by the provider. The applications are
accessible from various client devices through a thin client interface such as a Web browser (for
example: Web-based e-mail). The consumer does not have to manage or control the underlying
Cloud infrastructure which includes networks, servers, operating systems (OSs), storage, or even
discrete application capabilities.
The consumers do not have to buy the expensive license of the software; they can just rent the
applications from the service providers and use them for the time they require.
The billing models for such services are typically based on the time the service is used and the
number of users who are using the service.
SaaS or Software as a Service provides a business service in the form of application to be

consumed by the business. Some of the SaaS platforms are highly customizable and provide
Rapid Application Development capabilities in the form of PaaS to extend the application.
Some examples of SaaS applications are Salesforce.com, PayDay, workday etc.
2.Cloud Platform as a Service
Using the cloud platform as a service the consumer has the ability to deploy consumer-created
or acquired applications onto the Cloud infrastructure. These applications are created using
programming languages and tools that are supported by the service provider. The consumer
does not have to manage or control the underlying Cloud infrastructure like networks, servers,
OSs, or storage, but the consumer does have control over the deployed applications and
possibly application hosting environment configurations. They dont need to install all the
platforms they need as they are all provided by the cloud service providers.
The Platform as a Service essentially provides as Platform to develop applications, thus the
consumer can focus on the actual task of creation of the application and the responsibility of
managing, maintaining and upgrading the platform on which applications are developed
remains with the service provider.
There are various types of Platform as a Service, some of them provide drag and drop
development capabilities and programming languages other may only provide programming
language and development tools. The execution of the code is done by the platform which is
owned and maintained by the Cloud Provider and rented on a pay per use model by the
consumer.
Platform as a Service is more geared towards meeting the needs of the next generation
software development. Companies offering SaaS platforms typically leverage a powerful PaaS to
create scalable, highly available and flexible applications. As an example the Salesforce.com
CRM application is built on the Force.Com platform.
A PaaS platform provides the key ingredients to a software developer to develop SaaS
applications. The PaaS platform includes things like execution engine, various component
services like notifications, workflow, User Interface, Multi Tenancy and Security.
3.Cloud Infrastructure as a Service

By cloud infrastructure as a service, the consumer has the ability to provision all IT
infrastructures like CPU, storage, networks, and other basic computing resources where the
customer can deploy and run arbitrary applications, including OSs and other softwares.
The consumer does not have to manage or control the underlying Cloud infrastructure but has
control over OSs, storage, deployed applications, with a limited control of selected networking
components. They now do not need to purchase the expensive infrastructure components;
instead they can use it on the pay-by-use model and do not need to worry about the underlying
architectural complexity.
This is the foundation layer of the cloud services in the cloud service pyramid. Virtualization is
the key component which helps in splitting a single physical piece of hardware into multiple
independent environments which have their own set of resources in terms of RAM, CPU, hard
disk, networks, etc. which are abstracted from the physical resources underneath.
In simplistic terms Infrastructure as a Service provides hardware and operating system which
can be consumed by developers and organizations in a pay per use model.
IV. Deployment Models

Enterprises have varied IT requirements and based on the requirements of business they can
choose various deployment models for availing cloud services. The main difference between the
different cloud deployment models lies mainly in the possibility and access of published cloud
services, which are made available to service consumers over the network.
The ways in which the services are deployed in cloud computing can be categorized into four
primary models: private cloud, community cloud, public cloud, and hybrid cloud. Lets define
the four deployment models:
1.Private Cloud
In the Private Cloud deployment model as the name suggests the Cloud infrastructure is
deployed to be operated solely for an organization, mostly hosted within own premises or
hosted in a dedicated space with a hosting service provider.
In other words private cloud is a proprietary computing architecture serving limited number of
people behind the firewall ensuring desired control and management. Private cloud is generally
set up on premises within own network infrastructure (a very common example would be
VMware VCloud Director.
Typically the infrastructure, hardware is dedicated for a particular organizations and the
resource pooling or sharing happens within the organization. An example of this would be
different departments of a large organization using and sharing the same cloud infrastructure
hosted by the enterprise.
The private cloud is essentially an automated and virtualized environment with ability to
chargeback the departments, business functions or users based on the usage of resources.
Resource pooling is limited to the users of a single organization.
A private cloud environment provides complete ownership and control however since the
resource sharing is only within an organization and economies of scale are not to the level as for
a public cloud the savings are lesser as compared to a public cloud. Large organizations with
multiple departments and large user base can derive benefits of automation and resource
pooling by setting up a private cloud.
There is a variation of the private cloud model and it is called the Virtual Private Cloud (VPC) the
primary difference being that the Virtual Private Cloud is hosted and provided by a public cloud
organization which provides separate network connectivity and the ability to use the
organizations IP addressing schema within the public cloud.
It can be a section of a public cloud (discussed below) which is dedicated to a particular

organization. This section is isolated from the rest of the infrastructure and can be integrated as
well depending upon the requirement and configuration of the customer. It can also be
integrated with the on-premise infrastructure of the customer if the necessary equipment(s) are
available. A very good example of this would be Amazon Virtual private cloud.
2.Community Cloud
In this kind of deployment model several organizations share the cloud infrastructure and
support a specific community which has shared concerns like mission, security requirements,
policy, and compliance considerations. The management can be done by an organization or a
third party and may exist on or off premise. It also provides various other features of isolating
some of the resources as per the need.
It is essentially a public cloud shared across enterprises who have similar needs based on
attributes such as location, compliance, security, infrastructure, network etc.
If a few banks of financial institutions come together to create a cloud with specific
characteristics suited to the needs of banking and financial institutions and share it this will be
termed as a community cloud.
The need for a community cloud arises because the public cloud is built for all types of
organizations and it is difficult for a public cloud to accommodate the unique requirements of a
specific community, community cloud solves this requirement.
3.Public Cloud
The most common of deployment model is the Public cloud. In this the general public or a large
industry group has access to the cloud infrastructure which is owned by an organization selling
Cloud services. There are proper configurations to isolate the infrastructure of different
customers so that the resources owned by one cannot be accessed by other customers on the
same infrastructure. There can be various customers machines on the same physical server
(possible by virtualization), but they are isolated. A very good example would be Amazon Webs
Services, which can be accessed by any individual through the amazon management console.
4.Hybrid Cloud
As the name suggest this deployment model is a composed of two or more Clouds deployment
models (private, community, or public) which are basically unique entities but are bound
together by standardized or proprietary technology that enables data and application portability
(for example: Cloud bursting for load-balancing between Clouds.) Hybrid cloud inherits the
features of both private and public cloud and is primarily subjected to application criticality and
customers business needs.
As an example an organization may setup a private cloud for applications and use the public
cloud to burst these applications to the public cloud when the infrastructure in private cloud is
insufficient to meet the resource demand.
An example of this will be intranet or internet facing applications which are hosted in a
companys own datacenter but in case of seasonal peaks say the holiday season they may
leverage the public cloud to burst out and create more applications servers which are load
balanced with the private cloud.
V. Virtualization: the engine of cloud

computing
The breakneck speed at which the computer technology has advanced over the years along with
Virtualization technology has enabled the rise of cloud computing. These technologies
combined altogether make cloud computing viable and beneficial to customers.
Virtualization has advanced to become an important component of any IT organization as it

improves the ROI of IT infrastructure significantly. It can be regarded as part of an overall
development in enterprise IT that includes autonomic computing (scenario where the IT
environment is able to manage itself based on perceived activity), and utility computing (where
computer processing power is perceived as a utility which the clients rent and pay only for
whats needed.) The usual goal of virtualization is to centralize administrative tasks while
improving scalability and workloads.
Cloud computing is a business term, whereas virtualization is a technical term.

Cloud computing essentially uses Virtualization technologies to provide services to the multiple
customers. It makes multi tenancy simple by running multiple OSs on a single server or by using
a single network card for many different virtual machines. Basically, it helps in partitioning of
physical resources into multiple virtual resources which can be isolated from each other to
function independently of each other.
Virtualization forms the key component of the cloud computing, but cloud computing has much
larger scope than virtualization. With the virtualization technology at heart, cloud computing
has the ability to deploy and scale infrastructure rapidly and programmatically, featuring on-
demand, on a pay-as-you-go basis - that's what is the definition of cloud computing.
The various components that are used in working of cloud computing, which are facilitated by
virtualization are discussed below.
1.Virtual Machine
Same as a computer application a Virtual Machine is used to create a virtual environment. The
creation of this virtual environment is referred to as virtualization. Virtualization helps in
creating virtual machines that can run multiple operating systems on a single server which is
known as virtual machine.
Virtual machines are of many different types. Most commonly, it is used to refer to Hardware
Virtual Machine Software. The software like hypervisor or VMware ESX/ESXi servers helps in
achieving that. It is because of these softwares that multiple executions can be done on a single
computer. Each of these executions is separate from other and can run an OS. Thus, multiple
applications can be run on different OSs which otherwise would have captured a single server
dedicated solely for itself.
The Hardware Virtual Machine Software enables the user to have a seemingly private machine
that has a fully functional hardware which is isolated from other users. By the use of hardware
virtual machine software the users can also boot and restart their machines quickly, because the
tasks like hardware initialization are not necessary.
The other type of Virtual machine is termed as Application Software. With this software, the
application can be isolated from the computer that is being used. This software can be used on
multiple computer platforms. Instead of making different versions of software for different OSs
and computers, only one copy can be created and distributed among various such that one is
isolated from other. Java Virtual Machine is a very well-known example of an Application Virtual
Machine.
There is yet another form of virtual machine which may also be a group of computers that are
integrated and work together in order to create a more powerful machine. In this type of a
machine, the software forms a single environment on several computers and it appears as a
single machine to the user where the underlying architecture is hidden from the users and the
users can manage and operate it as a single machine, whereas there are, actually, numerous
computers at work, this is termed as a grid.
2.Virtual Servers
Virtualization also helps in creating a virtual Server which provides the functionality just like that
of physical server. Users get rid of the hardware management and do not have to configure the
network or other properties of the virtual server; they can just start using it.
A virtual server may comprise of multiple physical servers or in other words physical servers can
be consolidated and virtualized to create virtual sever that appears to be one. It can be used
otherwise to create multiple servers from one virtual server with each sever having their own
operating system and administration.
3.Virtual Network
A virtual network is immense pool of virtual nodes that are connected via virtual links. It is built
on top of underlying physical resources. Virtualization helps in forming virtual nodes such that
the virtual and physical nodes talk to each other through various network protocols which are
generally layer 3 network layer protocols. In simple words virtual network is a large network
which is formed by the combination of multiple interconnected groups of networks. Network
virtualization is the technology behind virtual networks.
4.Virtual Storage
Virtual storage is the combination of multiple storage media like disks, tapes etc. and
abstracting them into one storage pool. This pool can then be provided as per need as virtual
space. Storage Virtualization is the technology enabling this for cost effective usage and
resource utilization. There is a mapping done between the virtual address of virtual storage to
physical/real address that helps in the access of data. This whole process is transparent to the
user.
5.Virtual Firewall
All the communications between the virtual machines and other virtual appliances are
controlled and regulated by the virtual firewall in a virtual environment.
The virtual firewall can inspect network packets that are flowing through and has
policies defined which has a number of rules to block to judge and pass the communications
between the virtual machines and other equipment in a virtual environment. Virtual firewall
can also be used for providing monitoring of virtual communication between VMs along with
packet filtering.
6.Load Balancer
Load balancing and Availability management is a very important part of cloud service delivery.
The Load balancer can be used in a cloud environment to distribute network traffic evenly
across a number of virtual servers which are configured to share the load among them. Load
balancers are used to handle the situations of concurrency and ensuring the resource capacity is
utilized optimally without one of the server getting overloaded and other being ideal.
Load balancers are used to improve the overall performance of applications by providing the
servers that are best fit to perform the asked task. There are several techniques like round
robin, least connection etc. by which load balancer decided the server to which traffic or task
should be sent.
7.Virtual Applications and Middleware
The Virtual applications use just enough OS and Middleware and are ready to be deployed in
virtualized environment. These components are essential for desired application performance.
Virtual application uses pre-installed and pre-configured components which makes the
deployment faster and easier. Middleware is one such component and enables connection of
application with other platforms, OS, network and other components. Middleware facilitates
communication between all these components which are required to run the application
successfully.
VI. Features & Benefits of Cloud Computing
This book till now has covered the basic topics of what cloud computing is all about and
virtualization technology used in cloud environment.
Lets discuss the benefits of cloud computing:
Reduced Cost: The pay-as-you-go model of cloud computing has proved to be very cost effective
to the consumers because now, they dont have to buy expensive infrastructure and software
licenses, instead they could just go and rent the IT resources they need from the cloud service
providers.
Increased storage: Now, when the organizations dont need to purchase any IT resources on
their own, cloud services enables them to store more amount of data than they could on their
on-premise hardware. Thus, it gives much more functionality to the customers to extend their IT
to cloud.
Highly Automated: In cloud computing, the services that are used by the customers reduce the
human effort of the customer. The consumer doesnt need to worry about the updates, patches,
or the management of the resources. It is all covered by the service providers. The cloud
computing environment is highly automated means all the tasks that were done by individual in
the past can be done from a single central management console now.
Flexibility: Cloud computing offers much more flexibility to the customers in comparison to the
past computing technologies. The user has the flexibility to access the services from any
location over the internet. Cloud computing, users can be added very quickly and easily at any
point of time. Cloud is an immense pool of resources and users can easily get the resources
whenever they need it. It is very easy to add extra resources in cloud as per the demand of the
customer increases.
Reduced management: Cloud computing enables the delivery of service to the users and the
user doesnt have to worry about the management of the resource, updating the softwares,
patching of OS, etc. The users can just rent the service and start focusing on their work with no
extra effort required elsewhere.
Scalability: Cloud allows the users to scale their resources as they require them. There are
immense amount of resources in the cloud and one could use them as their need increases.
Above are some of the points highlighted that are available in cloud computing and are the key
reasons why Cloud computing is booming all over the world. Beside virtualization, Web 2.0 and
open source technologies have also contributed a lot towards the development of Cloud
platform. While Web 2.0 provides numerous ways to deliver web applications that appear as
desktop applications, open source where both the developers and users have a say provides
technologies that is a part of cloud computing.
VII. Architecture:
Cloud computing has basically various layers which forms the underlying structure upon which
the services to be delivered are built. One layer sits on top of the other and the layer on top is
based on or deployed on the layer below. These layers can be broadly categorized into three
layers and they are:
Software as a service layer.

Platform as a service layer.
Infrastructure as a service layer.
These three layers form the pyramid structure. But this is just the over view, deep beneath the
Cloud Computing Service comprises of various layers which are depicted in the Layered View
and these layers as a service are provided by cloud service creators. Figure below depicts
complete eco system of cloud services models.
Cloud service providers create Cloud Services which are then offered as any of the Service
models like SaaS, PaaS and IaaS.
As per the figure, the Bottom Layer depicts the Colocation facilities which include the basic
infrastructure like the Data Center Facilities, Power Infrastructure, Cooling and facilities like
Cabling. This is also known as the hardware tier which has Compute Resources, Storage
Resources and Network resources to provide the connectivity.
The hardware resources have Virtualization Tier above them which provide the virtualization of
the Compute, Storage and Network resources so that the hardware resources can be automated
and orchestrated by the Automation Engine. As discussed above the, Virtualization is a key piece
and brings standardization and easy automation capabilities. The offerings are built upon the
Virtualization layer. Thus, it is the core piece due to the various advantages it provides over
using just the hardware.
The layer above Virtualization layer hosts the operating system which hosts the PaaS framework
within the OS. The PaaS (platform as a service) layer provides ability to program and develop
and other frameworks to create applications and deploy them on the Platform so the users can
use that platform which is provided by the cloud service providers and start building their
applications on the platform besides worrying about the setup and maintenance of the
platform.
Right above the PaaS layer are applications. These application are created using the PaaS layer
and provide the business functions which are used by businesses examples of applications
available as Software as a Service are Email, Document Management, Collaboration etc.
Then there is the managing and maintenance layer which basically comprise of the Automation
and Orchestration tier. It integrates the deployment and management of the virtualization
layers. The Automation and Orchestration tiers help in converting a Virtualized environment into
a cloud environment by providing the interface from Service Request Management System that
can be directly fulfilled automatically without any human intervention.
The service catalog layer is used by users to select Virtualized templates. These are provisioned
using the Automation engine. The Catalog has all the details about the template which the user
is offered. The components can include attributes like the OS, CPU, Memory and Storage along
with the software which is pre-installed into the system.
Cloud infrastructure and users can view and manage the virtual machines that they own
through the Monitoring, Visibility and Reporting. It is like a dashboard which gives the user a
visibility to monitor and judge the performance and usage of the machines and applications
that are running which were previously requested by him.
Billing is an essential part of the cloud computing process. All the billing details are visible to the
users from the Visibility Layer and they can also view their charges and consumption patterns.
From the perspective of service Aggregators, management and automation part are very critical
so that a smooth and convenient cloud solutions is provided and deployments is carried out .i.e.
Private Cloud, Public Cloud and Hybrid Cloud. They enable their customers to provision the
offered resources like Infrastructure, Platform and Software through a Service Request Portal.
An aggregation of the catalogs of underlying cloud service providers is provided by the Service
catalog of the service aggregator.
As per the requirement or the new trends, the Cloud Aggregator may add other services like
monitoring and management and multiple clouds can be provided single interface and abstract
the underlying differences in cloud architectures, so that the cloud services from different cloud
providers are integrated easily without the user knowing about it.
This is enabled by the creation of templates and service catalogs. The Orchestration helps the
service aggregators to manage and control their heterogeneous environment which can include
multiple components and multiple vendors. All the services that are offered by the service
aggregators include management and automation of cloud components.
There are various cloud characteristics like Resource Pooling, Scalability, Metering and Billing,
Chargeback, Hybrid Cloud Management, Monitoring and Management etc. These characteristics
along with the IT service manager form the integral part of the underlying cloud infrastructure.
The customer may be interested in having visibility into Processes and Metrics like Capacity
Management process and metrics, Availability management processes and metrics. Change
Management, Service level management, Security management etc. Complete control and
visibility of cloud infrastructure must be enabled to customers by the Service Aggregator
through a unified window.
The figure shown below depicts the layers of cloud infrastructure and it also displays the way in
which how cloud services are provided to the customer by the service providers at all layers.
The bottom up view will give a clear understanding of the basic IT infrastructure and Hardware
on which entire Cloud Infrastructure Pyramid is built. This also shows how Virtualization
technology is at the heart of the cloud computing and helps in separating virtual resources from
physical resources. Cloud Service Providers i.e. Creators and Aggregators use the raw IT
infrastructure compile it with one or many Virtualization technology and deliver Cloud Services.
As said above the layer on the top uses the layer below to provide the services. This is true
entirely for all the cloud Service model like IaaS, PaaS and SaaS, the predecessor Service
infrastructure layer is a pre-requisite. For example In order to provide Paas service, it has to be
based on Iaas, same way the SaaS will be based in PaaS. The management and operations of the
infrastructure can be done by the service provider or a 3 rd party service provider. In any ways
Customers do not have to worry about underlying infrastructure layer from these perspectives.
It may be the case that one single service provider provides all types of services and various
customers can use the kind of service they need from a single point. The cloud architecture
described above can be easily understood from the diagram below.
Layer-Based View
fig.viii
The layered view gives a clear overview of how various layers of cloud stack is built and a brief
description of cloud ware elements. These elements are the essential elements in building any
kind of cloud solutions. Lets dig a little deeper into each of the layers and explore the way
things work, how the datacenter is modeled, how the network is configured, how the storage is
attached to the virtual machines, how the applications are built upon the virtual machines and
how they are provided as service to the customers. This will also cover some add on solutions
about how cloud ensures high availability of businesses and disaster recovery scenarios. These
explanations will be accompanied with some examples of the market leading solutions for that
cloud service layer which will give you a better understanding of how the things work and how
they can be improved importantly.
1. Infrastructure as a Service
The main advantage of cloud computing facility is that the customers get rid of worrying about
the infrastructure installations and maintenance costs. These all are given as a service to the
customers from the service providers. The users of the services just have to pay for the services
they use for the amount of time. This enables them to use the service when they need them
and get billed for that amount only instead of buying the whole dedicated infrastructure and
maintaining them. Moreover, all the software updates, installations, email servers, antiviruses,
backups, web servers and both physical and logical security of the customers data is also the
responsibility of the customer. These services provided by the service creator or provider helps
the customers to focus on the core business rather than wasting time on the administrative
work. Infrastructure as a service is all about providing the IT infrastructure as a service to the
customer. The customer can go over the internet and request a service like Servers (with
different configurations of different components), firewalls, load balancers, DNS services,
storage which may be used for database, files, etc. and various infrastructure services that may
be required by the customers to launch their applications or services. The service providers
create some standard set services or some individual services which can be modeled and
integrated by the customers according to their needs.
The cloud service providers while creating a service specify the specifications of the services
like, for a server that details of the various components are provided in the catalog like, the
amount of RAM, CPU, hosted OS, or blank virtual machine, additional packages that are
installed on that server with the detailed billing details for every attributes, etc. These things are
clearly mentioned in the service catalog from where the customers can choose from a list of
services. The customers also have detailed view of the status of their service requests. Besides
these, standard services, the cloud service provider may also build a stack of services like a
three tier application which can be used by the customers and these may include a set of
different components like multiple number of servers, with firewall and load balancer
automatically configured, storage or database engine already running, etc.
Lets look at the some of the major service providers and know how they have modeled their
infrastructure to provide efficient and cost effective solutions to the customers which will give
the understanding of how the services are provided to the customers from a raw infrastructure
at the providers end.
Major IAAS providers:
i. Amazon Web Services:
Amazon web service would be a perfect example of infrastructure as a service. Amazon web
service provides a set of services which are a collection of remote computing services. These
services can be integrated together to form a cloud computing platform which are offered over
the internet to the customers at various locations. The most extensive of all the services that
are provided by AWS would be Amazon Elastic compute cloud and Amazon Simple Storage
service.
fig.ix
Regions and Availability Zones:
Amazon has their data centers spread out at various locations all over the world. The term that
Amazon uses for different data centers at different regions is availability zones. These
Availability zones are distinct locations and are built and maintained in such a way that these
are independent of each other and insulated from each other failures. Amazon Web Services
also guarantees inexpensive, low latency network connectivity to other Availability Zones in the
same Region. Basically these availability zones are different data centers at different locations
which are known as regions in Amazons terms. The low latency and inexpensive network
connectivity between the different availability zones in the same region provides a lot of
advantages like, the customers can use two different availability zones to host their application
with a load balancer on top to ensure high availability, i.e. even if one of the availability zone is
down, the other is failure proof of that and the customers can keep their services running
continuously without any downtime.
As said a region may consist of one or more availability zones. These regions are geographically
dispersed, i.e. different regions lie in different areas or countries over the world. The different
regions at which Amazon provides the services can be used for disaster recovery scenarios like
synchronous back of an applications/ service hosted at one region can be done at any other
regions, so that the customers can restore their data among the regions in case of any disaster
when all the availability zones in a region goes down. The Amazon EC2 Service Level Agreement
gives a commitment of 99.95% availability for each Amazon EC2 Region, i.e. the EC2 services will
be up and available for 99.95 times out of 100, this is actually with a lot of terms and condition,
and Amazon only guarantees the availability of the API services to be available not the
infrastructure. Amazon EC2 services are currently available in eight regions, they are US East
(Northern Virginia), US West (Oregon), US West (Northern California), EU (Ireland), Asia Pacific
(Singapore), Asia Pacific (Tokyo), South America (Sao Paulo), and AWS GovCloud.
Different availability zones at different regions which are distinct data centers are post fixed with
alphabets to the name of the region, like the availability zones in the region US-East will be US-
East-1a or US-East-1b, etc. In such a way, regions consist of single of multiple Availability Zones
which are geographically dispersed, and will be in separate geographic areas or countries.
Lets discuss the deployment of a simple web application (shown in fig ix) over Amazon using
only Amazon features, wherein we will discuss the features that Amazon provides and how the
customers can mold them to use according to their needs.
In a brief structure, the solution that we are going to discuss consists of deployment of a web
application which has separate application server and database tier which are connected via
TCP/IP network. The application also has a load balanced configured and the application is
deployed in two availability zones with a load balancer to balance the loads and distribute them
evenly to both the availability zones. The customer can also use a service from Amazon known
as Route 53, which is used for configuring DNS so that the public DNS record of the customer
points to the load balancers IP which redirects the request to the different application servers in
availability zone on a round robin basis.
The first step is to create a bucket in S3 Buckets.
Amazon Simple storage service (S3).

So, what is S3? In simple words, S3 is the unlimited storage for internet provided by Amazon.
The name simple suggests that the amazon S3 is robust and simple to use over a web interface.
A few advantages of Amazon S3 are discusses below:
Unlimited storage: The storage capacity of Amazon S3 is unlimited means, the user can store as
much as they want.
Standard interface: Amazon S3 uses a standard interface which is based on REST and SOAP and
they are designed to work with any internet development toolkit.
Scalability: Amazon S3 can be scaled to store unlimited data and allows users to support any
number of web scalable applications.
Reliability: Amazon S3 guarantees the services with an SLA of 99.99%, i.e. it guarantees that the
API requests will be served for 99.99 times out of 100, but there is no guarantee on the
availability of the infrastructure.
Inexpensive: The main beauty of Amazon S3 is its less cost, which applied to almost all the
services provided by Amazon.
Amazon S3 stores data in the form of objects in buckets. Lets look at what these things are:
Objects: These are the fundamental units that are stored in Amazon S3. Each and every thing
stored in Amazon S3 is in the form of objects. Each object has some features. They consist of
data and metadata. The data is the data that the users store in the buckets and the metadata is
a set of name-value pairs which describes the object. The objects are associated with some
default metadata such as last modified date, and some standard HTPP metadata such as
Content-Type. The Amazon S3 also gives facilities to define custom metadata for the objects
when they are being stored in the S3 bucket. Each object has a uniquely identifying key within a
bucket.
Buckets: Amazon S3 buckets act as container to the objects. All the objects created in S3 are
stored in a bucket. Amazon S3 provides the objects to be accessed over the internet via URLs.
For example, if a bucket is present in S3 with the name bucket-01, it is accessible via the URL
http://bucket-01.s3.amazonaws.com. And the objects stored in the bucket, like pic.jpg is
accessible via the URL http://bucket-01.s3.amazonaws.com/pic.jpg. It is upto the user to set the
permissions on the objects and the buckets, it can be public or private according to the need to
accessibility by others. Buckets help in identifying the account responsible for storage and data
transfer charges. The name of the bucket has to be unique across all the S3.
Folders: Folders are available only through the console and do not have any role while accessing
the objects and buckets via APIs. It is just used to group objects as per the users convenience.
When a folder is created in the AWS Management Console, there is created forward slash (/) at
the end of the object names in your bucket of zero byte size. The forward slash is interpreted as
a delimiter while performing the list operation. For example, if a new folder is created in the
AWS Management Console called logs, There is an object created called logs/. If there is an
object called history.txt in the logs folder, the full key name for this object is logs/history.txt.
Keys: A key is exactly like a file name. It acts as a unique identifier for an object within a S3
bucket. Every object in an S3 bucket has a exactly one unique key by which that object is
identified. Amazon is a basic data map between bucket+ key+ version along with the object
itself. Every object in S3 bucket can be uniquely addressed via the combination of web service
end point- bucket name, key, and may be a version. For example, in the URL
http://doc.s3.amazonaws.com/2006-03-01/AmazonS3.wsdl, "doc" is the name of the bucket
and "2006-03-01/AmazonS3.wsdl" is the key.
Access control: Amazon S3 buckets and objects access can be controlled in two ways. They are
Access control list (ACLs) and bucket policies. Each individual bucket or object resource can be
assigned a set of permissions. Policies are actually a set of statements that define the users
permissions for accessing the Amazon S3 resources. These policies can be attached to users,
groups or Amazon S3 buckets so that a centralized management of permissions is available.
There are various ways in which the users can upload their data into Amazon S3, it allows
multipart parallel upload of data, where the user can upload the data set divided into parts
parallel. There is another service from Amazon known as Import-Export where the users can
mail their data sets to Amazon on a hard disk or any other device and Amazon uploads that data
into S3 in some amount of time. These services are helpful whenever there is huge amount of
data to be uploaded to S3.
Amazon S3 stores every data as an object and the access to the all the objects in it are via http
GET, PUT or POST request. Amazon doesnt charge anything for movement of data inside the S3
bucket but every request of pulling the data out is chargeable, So a user should be careful about
the numbers of GET requests he makes, because they are also chargeable.
The Amazon S3 bucket can be used as a FuseS3 file system and be mounted on to any machine,
but it is not mounted on as a volume, all the requests are still made via http GET, PUT or POST
method.
The high availability of data in Amazon S3 is ensured by copying the data across multiple servers
within Amazons data center. The data is replicated at many servers to ensure availability. So
until the success is returned from all the server, the operation is not yet complete, like, if a data
is stored and immediately accessed, there might an key does not exist error before the object is
fully propagated. Only after the propagation is complete the data is available.
So to carry on with our web application deployment, we create an S3 bucket of some name in
any of the regions, the bucket we will create is made fully public and will be used to store our
files and photos for the web application.
After this, to ensure that the data stored in Amazon S3 buckets are accessible by the users from
any location with low latency, we use another service from Amazon, known as CloudFront
Distribution. Lets see what CloudFront distribution is.
CloudFront:
It is a content delivery service from Amazon Web Service which can be used to improve
the performance of the web applications by making data available at many different
locations so that the user can access the data from the nearest location when he needs
it, which ensures low latency in the access of data. Cloud Front distribution is associated
with many different locations where Amazon End points are present. Whenever the data
is accessed by the user, the data is copied to the endpoint closest to the user and next
time any request from any user near to that end point is served from that endpoint
instead from the original datacenter, so that the access of data is fast.
CloudFront detects from where the request is being made and that request will be
serviced from the nearby edge location. One can set the no cache control header, by
default, if no cache control header is set, whenever an edge location receives a request
after more than 24 hours from the time since the previous time it checked the origin for
changes to that file, it checks again for an updated version of the data. This is called the
expiration period. The user can set this expiration period and control how long the
data is available in any CloudFront location. Amazon Cloud Front also allows creating
streaming distributions for the on-demand content. These streaming distributions make
use of Adobes Flash Media Server (version 3.5) to deliver the content using the RTMP
protocol and several of its variants.
So, now in our deployment of the web application, we have a S3 bucket with CloudFront
Distribution on it.
Elastic load balancer:

Now, we will proceed with the creation of an Elastic Load Balancer. Elastic load balancer
is used to balance load evenly among different replicas of the same application servers
in our web application. The Elastic load balancer is a cost effective service from Amazon
Web Service that helps to improve the availability or scalability of our service. It
automatically distributes the incoming traffic among the running instances evenly so
that the load is properly balanced. The Elastic Load balancer provided by Amazon Web
Services also has features of health checkup, where a person can define ways to check
the health of the instances registered with the ELB, The default is the ping protocol to
any page. The ELB checks the health of the instance by the way described in the health
check configuration and maintains high availability of the instances.
We have an S3 bucket with CloudFront distribution configured and an Elastic load

balancer created.
Security Groups:
Lets create and configure Amazon EC2 security groups. Amazon EC2 security groups are
firewalls that define the rules about the flow of traffic to and from the EC2 instances.
Each EC2 instance is associated with a security group and the rules defined determine
what kind of traffic is allowed. Security groups allows to add the type of protocols and
the source IP or subnet from where the traffic of that particular protocol is allowed to
flow into the EC2 instances. The security groups are easily modifiable and new rules can
be added or removed from the security groups at any time. For the current application
we will be requiring two security groups, one for the Elastic load balancer and the other
for the Web application instances. The security group for the ELB is automatically
configured while creating the ELB, so while creating the security group for the Web
application instances, we will have to add rules to allow inbound traffic from the ELB on
port 80 and RDP traffic so that we can configure them.
After the creation of the security groups, lets proceed with the creation of the key pair.
Key pairs:
The key pair will be used for logging into our instances. Amazon provides the login to any
instances via a key pair. The users can create a key pair and download it to use it while
logging into the instances. This key that the user creates is a private key and the public
key is present inside the instances, the combination of the keys is used to log into the
system. Every Amazon EC2 instance is associated with a key pair which is used to log into
the system. This is a .pem file which is to be converted to .ppk file by the putty-keygen
tool for logging into t a Linux instance via putty and for Windows instance, Amazon
provides a way to decrypt the key and generate a password, each windows instance get
unique password.
Next step is to launch the EC2 instance using auto-scaling groups.
Auto-scaling groups:
The autoscaling groups are a group which can be configured by the user with a
maximum and a minimum value. This group holds the EC2 instances and the user also
have the abilities to define policies, which are known as auto-scaling group policies,
based on these policies or schedule or alarms, the autoscaling groups can be configured
to maintain a fleet of EC2 instances. This is particularly used to increase or decrease the
number of EC2 instances based on the above mentioned user defined policies or
schedules or alarms. The user can set the minimum and the maximum value which
ensures that there will always be the minimum number of EC2 instances. The
Autoscaling group responds automatically to the changing conditions as defined by the
user, and the autoscaling groups can span Availability zones, i.e. the autoscaling group
can be configured to scale instance in different availability zones so that the failover
scenario is also covered. The auto-scaling group doesnt guarantee to evenly distribute
instances throughout the availability zones, but tries its best. A good practice would be
to have a slowly changing environment. The autoscaling group is registered with the load
balancer and any request from the load balancer is directed to the instances within that
autoscaling group. For example, a user can create a policy to have an autoscaling group
that has minimum number of 1 instance and the number of instance grows by 1 every
time when the CPU utilization of the instances are more than 60% for more than 10
mins. The user does set the maximum limit and whenever the CPU utilization exceeds
60% for more than 10 mins, the auto scaling groups automatically spawns an instance
registers it with the load balancers and the traffic is now also divided to this new
instance.
EC2 instance:
Elastic Compute cloud is a service by Amazon Web Service that allows user to create
instances which are based on predefined templates or Amazon Machine Images. These
instances are launched in Amazons data centers. The instances are based on the
Amazon machine images. These images are prebuilt machines with different
configurations and different packages installed; they have a unique id which can be used
to identify them. The instances can be of Windows and Linux types of different vendors.
The AMIs has all the information for booting the instance, the users just have to select
the AMI from a list and provision it. The Instances can be of different types like, Instance
store backed AMIs (often known as S3 backed AMI) or EBS backed AMIs. The instance
store backed AMIs are those which have their root drive as the instance store. The AMIs
are stored in S3 and when the user request them, these instances get created and the
root drive for that instance is generated from a special storage space which is known as
instance store. The EBS backed AMIs have their root drive as an EBS volumes and all the
advantages of persistent EBS volumes are inherited in those instances.
Elastic Block Storage:
The EBS volumes are persistent storage service provided by Amazon. For instance store
backed AMIs, the main disadvantage is that when the user terminates that instance all
the data stored in that instance is lost and cannot be recovered. The EBS volumes are
assigned to the user account rather than to an instance, so they persist even after the
termination of the instance. The EBS volumes can be attached or detached dynamically
to any instance and can be used as a drive. The EBS backed AMIs are associated with a
flag known as delete-on-termination which when set true, deletes the EBS volume which
acted as the root drive of the instance.
The EBS volumes can be used to provide a wide range of services. Amazon provides a
service to snapshot an EBS volume and store that snapshot in S3 which can be used later
on. A new volume with all the data intact can be created from this snapshot and used as
same EBS volume. The EBS volumes also allow expanding the size of the volume on
demand basis. For increasing the size of an EBS volume, the user can create a snapshot
of the existing volume and then create an EBS volume from that snapshot of larger size.
Amazon EBS volumes are region specific, i.e. an EBS volume cannot be used across the
regions. The snapshot of the EBS volumes can be automated and are created on
incremental basis, meaning that only the data that has modified since the last snapshot
is snapshotted rather than the whole data. This helps in reducing the network traffic.
There are three types of instances that the user can request from the perspective of
requesting: They are:
On-Demand Instances: These are those instances that are provisioned on the demand
basis. The user can request them when they need them and they are charged
accordingly, for the time the instance is running.
Spot Instance: These instances are those where the user is allowed to bid for a particular
instance of AMI id, and as long as the users bid amount is the maximum, the instance
runs and the user is charged as per the market cost which is decided by Amazon. As soon
as there is a higher bid against that instance, the instance is turned off and the user is
not charged for the last hour.
Reserved Instance: Amazon EC2 reserved instances allows the user to pay a low, one-
time fee and get a significant discount on hourly fee for that instance. These reserved
instances help in providing substantial savings over having hardware or running only On-
Demand instances. The other advantage of using reserved instances is that the
customers know the capacity they need is available to them when they need it. Reserved
Instances are available in three varietiesHeavy Utilization, Medium Utilization, and
Light Utilization.
So, we create an Amazon EC2 instance with the auto scaling groups and define our
policies. While creating an Amazon EC2 instances, the key pair, security groups,
Availability zone along with RAM and Kernel ID are required. The user must have all the
things in place and choose them appropriately.
While creating an autoscaling group the user has to specify the load balancer, the launch
configuration which is created with autoscaling groups, security group, AMI id and
instance type. The autoscaling group is responsible to scale the number of instances
according to the launch configuration. The minimum and maximum numbers of
instances are also mentioned in the launch configuration.
As of now, we have created a load balancer, autoscaling group that covers our instances,
with S3 bucket with CloudFront distribution.
We proceed with the creation of a Cloud Watch Alarm.
Cloud Watch Alarm: Amazon CloudWatch is a web Service provided by Amazon with
which the user can monitor, manage and publish various metrics along with the creation
of alarms and the user can also configure the remedial action to be done upon alert
condition based on the data from metrics. Amazon CloudWatch enables to collect,
analyze and view the systems and applications metrics based on which the user can
make operation and business decision. CloudWatch has the capability to automatically
collect the metrics about the AWS resources. It also enables the user to send
notifications about the alerts. The Amazon Simple Notification service can be used to
send the notifications based on the policy defined and metrics created. So we use the
Amazon CloudWatch to ensure that the application is running healthy and efficiently. We
can also make future decisions based on the data from the metrics that can be easily
customized. We will create an alarm and based on the alarm, we will ensure that there is
always the right number of instance to match the amount of traffic. Besides this,
CloudWatch can also be used to identifying the cause and verify the fix by tracking
performance in real time. We can set up Amazon CloudWatch to email the user every
time when the application slows down, to go back and discover that a particular
database was being overloaded, and later to watch response times come back up to
speed.
So, here we need to associate the autoscaling policy created in the last step with the
Amazon CloudWatch alarm to take appropriate action upon a certain condition. Here we
for an example purpose we create an alarm of type Myautoscalinggroup/CPU utilization
where we define if the CPU utilization above 60% for more than 10 mins, will sent a
notification to the autoscaling group which will increase the number of instance by 2 as
we configured in the last step. Thus, we ensure that there is always enough number of
instances to handle the traffic.
Now, we proceed with the creation of Amazon Relational Database instance (RDS). As
the name suggests, we will be using this instance for our Database, There are other
types of databases also offered by Amazon like SimpleDB, DynamoDB, etc. But in our
case we will be using RDS instance. Lets see the differences between each of the types
of DB instances.
Simple DB:
It is a highly available, scalable and flexible non-relational data store that enables the
user to store as well as query data using web services requests. It uses the concept of
creating domains, where each domain is have set of records with properties. Only simple
query are possible, the functions like join are not possible through SimpleDB but the
users can modify their application to use multiple query and extract the required data
from the list.
Dynamo DB:
Amazon Dynamo DB is NoSQL database service that provides scalability. It can be used
to create database of any size and can be extended to serve any amount of request
traffic. It automatically spreads data over sufficient number of servers that is specified by
the user to handle to handle the request traffic. All the data items are stored in Solid
State Disks (SSDs) that are automatically replicated across multiple availability zones in a
region to provide built-in high availability and data durability. It is based on shared
nothing architecture, schema less based database. All the records in the database table
must have the same set of columns. It can have any number of items, though each item
size is limited to 64 KBs. Each item is in the form of name-value pair.
Amazon RDS:
In our example, we launch a multi AZ RDS instance which means that the RDS instance is
replicated across multiple availability zones and all the read operations are done through
the replicas whereas the write operations are directed to the master database instance.
The replication happens asynchronously and the maximum number of read replicas can
be 5. The read replica is used as a stand by in different availability zone for failover
scenarios. By using the read replicas, we get the advantage of distribution traffic as well
as it also helps in failover situations. If the master DB instance is down, we can switch
onto any replica and make that the master DB instance. While creating a RDS instance,
we specify a DB security group and type of the database, like MySQl of certain version
with admin password. Currently only MySql and Oracle standard edition types of
database engine are supported in RDS. We also specify the size of the database while
creating the database.
After creating the RDS instance, we are done with creating all the services that will be
required by our application, so now we can go now and deploy our application.
First we would start with the putting all our images and files in the Amazon S3 bucket we
created and then deploy the application on the EC2 instance with the database in the
RDS instance. We also need to modify the links of the images used in our application to
their link as there are in S3 bucket now. What we finally get can be shown from the
below image:
fig.x
The applications can be deployed and configured into the EC2 instances by taking a RDP
login or SSH depending upon the type of instance. The application here is deployed
using the IIS server on Windows, with all the files at place and proper configurations
done. The user might need to add the S3 bucket link as trusted site for uninterrupted
service. The use may also need to modify the web.config file in order to add the amazon
secret access key and access key id so that data access is authenticated.
The user also needs to point the data/images link to the CloudFront distribution. This is
done by the replacing the bucket name with the DNS of the CloudFront Distribution in
the default.aspx.cs page.
The user also need to replace the database endpoint with the end point of the RDS
instance, Database master user ID, master user password and database name to the
ones that were mentioned while creating the RDS instance.
Amazon CloudFormation:
AWS CloudFormation can be used to create and provision AWS infrastructure that
includes all the features provided by the Amazon Web Services. It can be used to build
web application without worrying about configuring the underlying AWS infrastructure.
AWS CloudFormation uses RUBY structure of language where the user can configure the
features to be launched from that CloudFormation template. A CloudFormation
template to launch an web application like the one we just created would contain the
details of each AWS service, like EC2 AMI ID, Security groups configurations, type of the
instances, autoscaling groups, content of the policy of the autoscaling group and alarm
configuration, etc. Using CloudFormation service, the user can create a stack which is
referred to a stack of features tied altogether.
Note: Deleting a stack deletes all the services associated with it.
Amazon also provides a service called CloufFormer tool which can be used to create a
stack by using the current deployment structure. For example, the user after creating the
above application can use the CloudFormer tool to create a template by including all the
features that have been used and the CloudFormer would automatically create a
template with all the configurations that have been applied to the running services. In
future instead of again configuring all the services from scratch, the user can simply
launch the stack from the template created with the help of CloudFormer tool and have
all the services deployed without even configuring each one of them.
There are many other services that are provided by Amazon and new ones are added
over time, which can be used by the customers to create a web application of any size.
Some of the features are:
Amazon Elastic IP:
The Elastic IP address service of Amazon is simple amazing and very helpful. Amazon has
a set of public IPs which the user can request and these IPs are allocated to an account
rather than an instance, so they persist event if the instance is terminated. Lets for
example, the user has an application running on an instance whose IP is mapped to the
DNS. Now, if in any case the instance goes down, the DNS should be updated with the
new IP of the new instance that replaces it. The problem with this process is that it may
take several hours to update the IP in the DNS tables all around the world. Rather we can
use Elastic IP address, so when the instance goes down, the EIP is removed from that
instance and attached to the other instance. This ensures the availability of the service.
The EIPs are obviously region specific. Lets have a look at the other IPs and DNS that are
provided by Amazon upon creation on an instance.
Public and Private IPs:
Every Amazon EC2 instances are allotted two IP addresses at launch: a private address
and a public address. These IP addresses are directly mapped to each other through
(NAT) Network Address Translation. The private addresses assigned to the instances are
only reachable from inside the Amazon EC2 network. Public addresses are reachable
from the Internet.
The public IP address of any instance is lost when the instance is terminated or stopped
assigned an Elastic IP. It is also mapped to an external DNS which is resolved to private IP
from internal network and as public IP from external network, i.e. over the internet.
Amazon Simple Queuing Service:
Amazon SQS is a distributed queuing system which enables quick queuing of the
messages between components of web service applications. A queue is a temporary
repository for messages that are in about to be processed. The use of SQS service
enables the decoupling of the applications so that they run independently and the
management of the messages from one component to another is managed by the
queue. The messages can be of upto 64 KB of text in any format. SQS ensures the
delivery of the data at least once, so the users have to make the application idempotent
so that the multiple receiving of the same message doesnt make any difference. The
SQS also supports multiple readers and writers interacting with the same queue. The
SQS also doesnt guarantee that the sequencing of the messages, but the user can place
sequencing information in each of the message, so that the messages can be reordered
when the queue returns them. SQS also has the ability to automatically delete the
messages that have been in the queue for more than the maximum message retention
period. The default message retention period is 4 days.
Amazon Elastic Map Reduce:
Amazon EMR is a service provided by AWS that the customers can use to process large
amounts of data efficiently. It uses Hadoop processing combined with several AWS
services to do such tasks as web indexing, data mining, log file analysis, machine
learning, scientific simulation, and data warehousing. The users can create job flows
consisting of multiple steps using EMR. It is a tool that helps in data analysis and
simplifies the set-up as well as management of a cluster. The steps involved in data
processing involve a series of steps of some simple operations on large amount of data.
The job flow is the sequence of steps like, Decrypt the data, process data, encrypt data
and save the data. This service uses Hadoop to divide the work in steps and gives these
steps to the instances in the cluster, tracks the status and then combines the individual
results into one output. The steps involved in the processing using EMR are:
Uploading the data into S3 along with the mapper and reducer executable that
will be used to process the data and then send the request to the EMR to start
the job flow.
EMR is responsible for starting the Hadoop cluster and loading any specified
bootstrap actions and then runs Hadoop on each node.
Hadoop then executes a job flow after downloading the data from S3 to the core
as well as tasks nodes. The data can also be loaded dynamically during the
runtime by the mapper tasks.
After processing the data, Hadoop uploads the results from the cluster to S3.
After the job flow has been completed, the user can retrieve the processed data
fromS3.
Amazon Virtual Private Cloud:
Features:
Amazon VPC is an isolated part of the AWS cloud and launch Amazon EC2 instances that
have private addresses which has IP addresses in the subnet specified.
Amazon VPC can be act as a secure connection between your existing IT infrastructure
and the Amazon Web Services cloud as it allows the users to connect their on premise IT
infrastructure to a set of isolated AWS compute resources via a VPN connection.
The users can easily extend their existing management capabilities and security services
like DNS, LDAP, Active Directory, firewalls, and systems for intrusion detection so that
these services can be easily included in the AWS cloud.
The size of the VPC is defined as addresses in the form of a Classless Inter-Domain
Routing (CIDR) block. For example, 10.0.0.0/16. You can allocate a single CIDR block to a
VPC.
A VPC with multiple subnets can be created.
Each subnet must be associated with a route table, which controls the routing for the
subnet. If theres no explicit association of a subnet with a particular table, the subnet
will use the main route table.
Each route in a table specifies a destination CIDR and a target (e.g., traffic destined for
172.16.0.0/8 is targeted for the virtual private gateway); the most specific route that
matches the traffic is used to determine how to route the traffic.
By using Amazon VPC with Amazon EC2 (instead of Amazon EC2 alone), the users gain the
ability to:
The users can easily group their Amazon EC2 instances, and assign them with private
IP addresses in the subnet of their choice.
The users can easily control the outgoing as well as incoming traffic to/from their
Amazon EC2 instances.
The users are allowed to add an additional layer of security to their EC2 instances
which is known as Network Access Control Lists (ACLs).
The users are also allowed to connect their VPC to their corporate data center and
branch offices using a VPN connection, so that they can use the VPC as an extension
of their corporate data center network.
The users can configure their VPC to be somewhere in between, i.e. using both a virtual
private gateway as well as an Internet gateway. This enables some instances to receive
Internet traffic (e.g., web servers), whereas others remain unexposed (e.g., database
servers), this type of scenario is used mostly in case of multi-tier web applications.
Routing in a VPC can be configured to control the incoming as well as outgoing traffic
(e.g., to the Internet gateway, virtual private gateway, etc.). Other Amazon service can be
reached via the internet gateway.
VPN connections (maximum up to 10) can be configured to connect to your

organizations datacenter and control the traffic that flows through that connection.
Security groups & network ACLs can be used to protect the instances in the VPC.
By default, the instances in you VPC has a private IP address, but if you want your
instances to be reachable from the internet, Elastic IP address can be assigned to your
instances and for instances that do not have EIP, NAT can be configured for them to get
access to the internet.
Different security groups can be added to the different instances, like NAT, Web-Server,
DB- Server, etc. The security groups are defined below.
The users can enable DHCP Option Sets which are associated with their AWS account.
This enables them to use this option across all the VPCs.
The Amazon EC2 instances that are launched within the VPC are private, i.e. they're not
allocated a public IP address.
All instances in a VPC receive an unresolvable host name by default which is assigned by
AWS. The users can assign domain name of their choice to their instances and are
allowed to use up to four of their own DNS servers.
If one of IP address prefix in the VPC overlaps with one of the home networks' prefixes
of the customer then, any traffic to the customers home network's prefix is dropped.
For example, let's say you have the following:
A VPC configured with CIDR block (which is also known as the size of the VPC)
10.0.0.0/16
There is a subnet in that VPC which has CIDR block of 10.0.1.0/24
There are two Instances running in the above defined subnet and have IP addresses
as 10.0.1.4 and 10.0.1.5
There are an On-premises host networks which are using CIDR blocks of 10.0.35.0/24
and 10.1.36.0/24
When the instances (with the IP addresses 10.0.1.4 and 10.0.1.5) in the VPC try to
communicate with the hosts in the 10.0.35.0/24 address space, the outgoing traffic
is dropped because 10.0.37.0/24 is part of the bigger prefix which is assigned to the
VPC (10.0.0.0/16).The instances can however talk to hosts in the 10.1.36.0/24 space
because that block isn't part of the prefix 10.0.0.0/16.
The VPCs communication is also restricted by using Security Groups which are like EC@
security groups with some additional functionality. Lets have a look at the difference
between the EC2 security groups and the VPC security groups are as follows:
EC2 Security Groups VPC Security Groups

The security Groups can control only The security Groups can control both
ingress traffic. ingress and egress traffic.
These Groups allows the access from other Traffic from other security groups in that
security groups in the AWS account or VPC only is only allowed by these security
other AWS accounts. groups.
Once an instance is launched with a Once an instance is launched, the users are
security group attached, the group can't be allowed to change the security groups that
changes. instance is in.
Whenever a rule is added to a group, it is Whenever a rule is added to a group, it is a
not necessary to specify a protocol, and must to specify a protocol, and it can be
only TCP, UDP, or ICMP are available. any protocol which have standard port
numbers, or all protocols.
Whenever a rule is added to a group, it is a Whenever a rule is added to a group, the

must to specify port numbers (for TCP or port numbers can only be specified if the
UDP). rule is for TCP or UDP, and all ports can be
specified.
Network ACLs:
A network ACL is a rules list which is also numbered and this is evaluated by Amazon
VPC in the order starting with the lowermost numbered rule which determines whether
the in or out traffic is allowed for any subnet that is associated with that ACL.
The rules in the Network ACLs are separate for inbound and outbound traffic and these
rules can either allow or deny traffic.
Amazon DHCP & DNS Server:
When the VPC is created, a set of DHCP options are automatically created and
associated with that VPC. There is only a single option included in this set that is:
domain-name-servers=DNS_Provided_By_Amazon. This is an Amazon DNS server,
and with this option DNS is enabled for instances that need to connect over the Internet
gateway of the VPC. The string DNS_Provided_By_Amazon maps to a DNS Server that
is running on a VPC IP address which is reserved for it and is located at the base of the
VPC network range "+ 2". For example, the DNS Server is located at 10.0.0.2 for a
10.0.0.0/16 network.
The set of DHCP options once created cannot be modified. In order to use a different set
of options for the VPC, a new set must be created and associated with the VPC. The can
VPC can also be configured not to use the DHCP options at all. There can be multiple sets
of options, but only one set can be associated with the VPC at a time.
Once the VPC is associated with a set of options, all the existing instances and the new
instances that are launched in that VPC will use these options. There is no need to
restart or re-launch the instances. The instances automatically pick up the changes
within a few hours, which depend upon the frequency of the instance to renew its DHCP
lease. The lease can be renewed explicitly by using the operating system on that
instance.
Scenario 1: VPC with a public subnet only.
fig xii
Recommended when theres a single-tier, public-facing web application such as a blog or

simple website.
The instances run in an isolated section of the AWS Cloud that is private to the
customer. Some of the instances have direct access to the internet, i.e. these
instances have an Elastic IP address along with a private IP address.
Security groups & Network ACLs are used to provide security control to the instances
over incoming and outgoing traffic.
The scenario includes:
A VPC with the size of /16.
An internet gateway to connect the instances to the internet.

A size /24 subnet, which is a subnet of 256 private IP addresses, There can be a total
of 256 subnets like this one in this scenario.
It has an implied router (R in a circle) to route the traffics to the internet gateway.
These traffics are those which are not meant for any other of the instances. A route table
can be configured for such routing. For example: The diagram above shows the route
table as well as the route.
The public subnet which is in the ip range of 10.0.0.0/24 is provided with the IP
address in this subnet.
A total of 256 instances can be launched in this subnet at a particular time.
There can be a total of 256 subnets in this VPC of size /16.
In order for the instances to be reachable from the internet, Elastic IP address is
assigned to those instances.
The EIP address is a static, public IP address that can be assigned to any instance in
the VPC. With an EIP address, the instance failure can be easily masked by rapidly
reassigning the address to another instance in your VPC.
The EIP is assigned first to the VPC and then, it is assigned to the instances in the
VPC.
Elastic IP address can be moved from one instance to another in the same VPC, or in
any other VPCs that you are running, but not to instances outside the VPC, because
the EIPs in the VPC are different from those in the EC2 as explained above.
This scenario is recommended for a multi-tier application, which has a web application
that is accessible from the internet, which is public facing & a backend DB server which
is not (should not be) accessible from the internet.
Numbers of EIPs are limited to 5, if required NAT can be used for any further use.
fig xiii
Scenario 2: VPC with Public & Private subnets only.
fig. xiv
A VPC of size /16 is defined.
There are two subnets in this VPC, public (10.0.0.0/24) & private (10.0.1.0/24) which
are of size of 256 IP addresses each.
The instances in the public subnet have direct access to the internet, with EIPs and
thus can receive inbound or can send outbound traffic to/from the internet.
The instances in the private subnet are private, i.e. they do not have access to the
internet. They can have access to the internet using NAT instances which can be
configured as per the need.
The instances in the private subnet can be managed using bastion servers that act as
proxies and are set up in the public subnet. For example, SSH port forwarders or RDP
gateways in the public subnet can be used to proxy the traffic outgoing to the database
servers from the customers home network.
Different security groups can be configured as per the need, to add rules for routing.
So, if any instances want initiate traffic to the internet, it should be in the public subnet
and have an EIP, or it can be in the private subnet and can be configured to send all the
internet bound traffic to the NAT instance that resides in the public subnet.
If any instance doesnt have an EIP, the other instances in its own subnet can
communicate with it in instances in the VPC can also communicate depending upon
the route tables configuration.
The VPC has an implied router as well as a modifiable main route table which is
associated to the subnets by default but can be disassociated and other custom route
table can be configured.
The route tables can be configured as per the need of the organization.
The instances in the private subnet have access to internet by using the NAT instance
in the public subnet. A bastion server can also be configure for SSH & RDP to the
instances in the private subnet.
The instances in the public subnet have access to the internet using the EIP.
The route tables determine the flow of traffic to/from/within the VPC and are used to
prevent sending of traffic directly to the Internet gateway from the instance.
The database servers that reside in the private subnet arent allowed to receive traffic
directly from the Internet gateway because there is no Elastic IP addresses associated
with them. However, these servers can communicate with the Internet using the NAT
instance. These servers can also be configured to receive SSH traffic and Remote
Desktop traffic from the customers home network using a SSH bastion instance and a
Terminal Services gateway instance that the customers can launch in the public subnet.
After the users create the custom route table and the route, the route table has to t be
associated with a public subnet.
fig xv
Scenario 3: VPC with Public & Private subnets and a hardware VPN access.
fig. xvi
1. An appliance (like a router) is required onsite which will act as gateway on the
customers side of VPN connection.
2. The external interface of the customer gateway must have an internet-routable IP

address. This IP address is used for the VPN connection and it must be static and
can't be behind a device performing network address translation (NAT).
This scenario is suggested when the customers want to extend their data center into the
public cloud and they also need their VPC to be accessible from the internet. Users can
run a multi-tiered application which has a scalable web frontend residing in the public
subnet, and can also be used by customers to store their data in a private subnet which
can be connected to the customers data center using an IPsec VPN connection.
Features of the VPC in this scenario:
It is a VPC of size /16. (10.0.0.0/16)

This VPC has two subnets; they are public (for ex: 10.0.0.0/24) & private (for ex:
10.0.1.0/24). These subnets have 256 IP addresses each.
A customer gateway, A virtual private gateway, A VPN attachment (connecting the virtual
private gateway to the VPC), and a VPN connection is required in the VPN setup.
There can be any types of instances in the public subnet. All of these instances have an
IP address that is in the range of the assigned subnet (for ex: 10.0.0.0/24 - 10.0.0.12).
The instances in the public subnet have direct access to the internet, with EIPs and thus
can receive inbound or can send outbound traffic to/from the internet.
There is another subnet (10.0.1.0/24) known as private. This subnet can be a VPN only
subnet if they don't accept incoming traffic from the Internet. The VPC is configured in
such a way that the subnet can send and receive traffic only from the customers home
network besides communicating with other subnets.
The instances that reside in the VPN-only subnet doesnt have access to the Internet
directly and any traffic that is Internet-bound must navigate the virtual private gateway
to customers home network first, where the traffic can then be subject to customers
firewall and corporate security policies. Even if the there is any AWS-bound traffic (like
requests to the Amazon S3 or Amazon EC2 APIs) from the instances in these subnets,
these types of requests must go to the customers home network through the virtual
private gateway and then it goes to the Internet before reaching AWS and serving those
requests.
Instead they can have access to the internet using NAT instances which can be
configured as per the need or they can have internet access through the virtual private
gateway to the customers network.
Different security groups can be configured as per the need, to add rules for routing.
So, if any instances want initiate traffic to the internet, it should be in the public subnet
and have an EIP, or it must be in the private subnet behind a NAT so that any internet
bound traffic is redirected to the NAT instance (in the public subnet) or to the Virtual
private gateway.
If any instances in the public subnet dont have an EIP, it can still talk to the other
instances in its own subnet or in the VPC depending upon the configuration of the route
tables.
The VPC has an implied router as well as a modifiable main route table which is
associated to the subnets by default but can be disassociated and other custom route
table can be configured.
All the traffic from customers home network going to the public subnet can be
configured to traverse through the virtual private gateway by setting up a route and
security group rules that will allow the traffic to the public subnet from the customers
home network over the virtual private gateway otherwise the traffic from the customers
home network traverses to the public subnet over the internet.
Any subnet that is not explicitly associated with any another route table uses the main
route table by default. The main route table can be updated depending on the needs.
Other custom route tables can also be created depending on the requirement.
fig xvii
Scenario 4: VPC with Private subnet only and a hardware VPN access.
fig. xviii
Note:
1. An appliance (e.g. router) must be present onsite that will act as gateway on the
customers side of VPN connection.
2. The external interface of the customer gateway must have an internet-routable IP
address. This IP address is used for the VPN connection and it must be static and can't be
behind a device performing network address translation (NAT).
This scenario is recommended when the users want to extend their data center into the
cloud and also wants to leverage Amazon's elasticity without exposing their network to
the Internet. This scenario includes a VPN connection from the customers home
network to the VPC, and there is no Internet gateway required.
Features of the VPC in this Scenario:
It is a VPC of size /16.
There is a VPN between the VPC and the customers home network. The entire VPN
setup is comprised of a customer gateway, virtual private gateway, VPN attachment (that
connects the VPC and the virtual private gateway), and a VPN connection.
There is a subnet (10.0.0.0/24) of 256 IP addresses is defined. This subnet is connected
to the customers data center via a VPN connection.
The instances in the private subnet of the VPC are not allowed to communicate with the
Internet directly;
All the traffic that is internet-bound has to traverse to customers home network first
through the virtual private gateway, where this traffic can then be subjected to
customers firewall and corporate security policies.
If there is any AWS-bound traffic from the instances (like requests to the Amazon S3 or
Amazon EC2 APIs), these requests must traverse to customers home network first
through the virtual private gateway and then reaches AWS through the internet.
There is an implied router as well as a main route table that can be modified by the user
in this VPC.
The users are also allowed to create other route tables which can be used in their VPC.
By default, there is local route in each table that allows the instances in the VPC to
communicate with each other.
There is a main route table in the VPC which is automatically created. By default, if any
subnet is explicitly not associated with any other route table then it is associated with
the main route table.
For this VPC scenario, the main route table has to be updated with a route which allows
the instances to send traffic from the VPN-only subnet to the virtual private gateway.
fig xix
VPC to VPC Communication
To enable communication between multiple VPCs, it should be through the Internet or
through your own virtual private gateways.
If you use the virtual private gateway to communicate between the VPCs, you will
experience slower connections and will pay standard data transfer rates.
It is not possible for VPCs to communicate with each other without using an Internet
Gateway or a Virtual Private Gateway.
Elastic Network Interface

The elastic network interface is the service which can be used only in a VPC. It gives the
user ability to provision an elastic network interface which is associated to an account
rather than an instance. So it is persistent and not lost when the instance fails. The ENI is
associated to a subnet thus lives within that subnet within that availability zone. The
different features of an ENI are: Description, Private IP, Elastic IP, MAC address, Security
group, Source/destination check flag and a Delete on termination flag. By the use of an
ENI, an instance can have a maximum of two network interface and these interfaces can
be attached to different subnets.
This basically sums up the basic overview of all the services provided by Amazon Web
Services. Lets look at how the other solution providers help in providing Infrastructure
as a service. Now, that we have seen a perfect example of a public cloud Amazon Web
Service along with how it provides a virtual private cloud within it, lets move on to
VMwares solution of Infrastructure as a service, which is known as VMware VCloud
Director- VCD.
ii. VMware VCloud Director

VCloud Director is VMware solutions for Cloud Computing. It is a software solution that
helps the enterprises to build secure, Private Clouds which can be multitenant by
pooling IT infrastructure resources into a virtual Data Center. It is exposed to users as a
web based portal and a programmatic interface. It is fully automated environment
where users can build catalog based services. It maintains security and control over
multi-tenant environment. It provides business agility which means that the users can
deploy preconfigured and custom build services as per their needs. Along with VSphere
VCD can be one of the best solutions in the market for Infrastructure as a service. VCD
delivers cloud computing for existing Data Center by pooling of resources into virtual
resources and making them available to the users. It helps organizations to build a
private cloud for delivering IT resources via catalog based services that the user can
consume on demand. It helps in increasing IT efficiency and enhancing IT security so that
it can easily support multi-tenant environment. It helps in leveraging the existing IT
infrastructure and adds flexibility to extend the capacity between multiple clouds.
There are various kinds of user in this solution who are distinguished according to their
roles. The Cloud Administrator is the Administrator who has the rights to create services
in the catalog, manage other users, manage the Data Center resources, etc. VCD helps in
providing the interface, automation and management features which helps in supplying
the VSphere resources as a web service so that the users can leverage them. The System
Administrators are responsible for creating Organization and assigns resources to them.
Organization: An organization is comprised of many things like, VApps, users and groups,
virtual data center, catalogs, etc.
We have been using this term a lot VApp, what is it? VApp is a container of VM, just like
a resource pool and can be comprised of one or more virtual machines. It shares some
common functionality with the virtual machines. A VApp can be used to power on or
power off the virtual machines in some specified order and also be cloned.
Lets see VMware approach to provide solutions at every layer of Cloud Computing.
VMware cloud infrastructure and management uses many VMware products in the
market to provide a secure and efficient solution. The product that fits into this category
are VMwares VShield family of products. The foundation of the next generation of cloud
security integrates seamlessly with VMware VSphere to secure applications and data in
the cloud. VMware solutions give user the ability to move the existing IT infrastructure
or any of the applications to public cloud while also retaining the ability to move the
workloads and data between the public and private cloud leveraging a hybrid public
private cloud environment.
So, VCD is built on VMware VSphere foundation to expose virtualize shared

infrastructure as multi-tenant virtual Data center that are developed from hardware and
isolated from one another. It allows exposing Virtual Data Center to users through a web
based portal and also gives the user capabilities to define and expose catalogs of
infrastructure as a service that can be deployed in a virtual data center.
VMware VCenter ChargeBack: It provides increased visibility into usage of provisioned

VMs to facilitate the planning and decision making and also enables organizations to
meter the usage and charge the customers as per chosen policies.
On the public cloud space, VCloud Express and VCLoud Data center services are offered.
VCloud Express: It is an Infrastructure as a service offering which provides reliable, on
demand, pay as you go infrastructure.
VCloud Data Center services: This provides business agility and cost effectiveness of
public cloud without compromising on portability, compatibility, security and control
demanded by IT organizations.
Architecture and components:
VCloud Director is basically a software product to provide interface, automation and

management feature set that allows enterprises and service provides to supply VSphere
resources to user via a Web Base portals and programmatic interfaces as a fully
automated catalog based service.
It gives the user the ability to create, manage, and use virtual machines.
It increases Data Center efficiency.
It helps in standardizing services and automates repetitive management tasks.
Enables innovation like reduces application time to market, makes IT more
responsive to business.
It provides security between multi-tenants by policy based user control and
VShield.
fig.xx
The figure above shows the components and the architecture of the VCloud Director. Lets have
a brief look at each of these components.
So, what does multi-tenant environment means? It isolates users into organizations,
provides unique catalogs for each types of users, Provides LDAP authentication and
enables security between the different groups of users.
VCloud API
It is an interface for providing and consuming virtual resources from cloud. IT

enables deployment, management virtualized workloads in internal as well as
external clouds. It also allows downloading and uploading of VApps which has
installation, deployment operations for multiple virtual machines.
It is Open RESTFUL API that allows scripted access to consumer resources.
It helps in transfer of virtual machines between the Clouds using OVF which
preservers applications, properties, network configurations and settings.
VCD leverages many VMware technologies like VSphere platform, VMotion, Storage,
Vswitch, Thin provisioning, Distributed manager, VShield Manager, scheduler, etc.
VCloud Director Cells

VCD comprises of one or more hosts and each of these hosts runs a group of services
which are known as VCloud Director Cells which contains all the information that are
used by cells.
All the hosts in a VCD cell share a common VCD Database.
VCD web console

It is the console of VCD which helps in managing and provides all the functionalities of VCD.
It is the console for VCD users and system administrators.
There is a load balancer between the VCD Web Console and VCD cells. This load balancer
helps in forwarding all types of requests to appropriate cell. It ensures even distribution of
tasks between the cells.
VSphere:
It provides the compute resources to the VCD like VCenter, ESX/ESXi hosts. The hosts are
managed using VSphere Client.
Each VCenter is imported into the VCD and they must have a VShield integrated with it.
VCenter Chargeback
This is also integrated with VCD and it talks to its own database, VCenter Server Database.
This database along with VCD data base allows for association of cost with the cloud, i.e. it
helps in metering the usage of cloud resources by the customer.
VCloud Agent:
This is a custom agent which is installed in each ESX/ESXi host. It implements and
exposes the host level functionalities which are not available on regular ESX/ESXI
host that are not accessible by vim APIs and on ESX/ESXi hosts.
Essentially it serves as a temporary mechanism for ESX/ESXi host platform.
Only one of the cells in a multi-cell environment listens for VCenter updates and any Cell can
initialize VCenter tasks and then all the cells are updated about the task status via the
message bus, which is described below.
The Message Bus:

It is the critical building block for multi-cell cloud infrastructure.
The message bus is the building block for multi cells cloud infrastructure. It helps to keep
the VCD in sync.
If the message bus breaks, the VCD breaks, because all the tasks are dependent on it.
The components that are dependent upon Message bus are: Event Handler, Failover
component uses message bus to start-stop VC Proxies remotely and finally it is used to
propagate the VShield setting, updates and events.
VC Proxy or VC listener:
It listens to VCenter for updates and sends the task status to VC Control.
This is responsible for publishing VCenter tasks updates to other cells in the
environment via the message bus.
Event handler framework also uses message bus.
VC Control:
This component is responsible for directing the tasks request to the correct VCenter in a
multi VCenter environment.
VC Inventory:
It tracks the changes in the inventory of the VCenter Server to which this cell is attached.
It also notifies the VMware for any changes in the environment.
It also updates cell for the changes that take place.
When a cell gets a user request, say to power on a virtual machine, the request is parsed to
determine which organization, resources pool, VCenter, Host, virtual machine before the
request is delegated by the VC Control to the appropriate VCenter to carry out the task.
OSGi:
It is a java runtime environment which defines an applications life cycle management
model, service registry, execution environment and modules.
It is commonly referred to as java dynamic module.
It is wrapper around current java technology that formulizes java library, jars into plugins
that isolated form one another, public and private packages enumerated and have a
definitive and deterministic dynamic life cycle.
These plugins called bundles can be installed and can be moved in a dynamic fashion for
hot upgrades and patches.
So, OSGi basically provides an environment for modularization of application into smaller
bundles and gives the ability to integrate with LADP without reboot.
VMware Front-End:
It is the module that delivers the User Interface.
Console proxy is the mechanism that allows connection from the outside world over
HTTPs directed to appropriate VMs and ports inside the cloud.
It is used to isolate the user from having to directly connect to the VCenter Server and
ESX/ESXi host.
It pushes all remote connections through port 443 and makes connections to VCenter
Server & ESX/ESXi host via port 443, 902 and 903 on behalf of remote console.
Image transfer service:

It handles uploads and downloads of VApps, VMS and media that can be floppy or iso
image to and from the cloud over HTTPs.
Remote Console/ VMRC: It is the VMware remote console that provides the connection over
the HTTPs to the VM consoles.
VShield:
VSM is a VShield Manager that is deployed on the VCenter Server as a virtual machine.
The VCenter server and the VSM maintain a one-to-one relationship. There is VSM
required for each VCenter Server. VSM deploys and manages the VShield Edge devices as
requested by the VCD on ESX/ESXI host.
It connects to the VCS via VIX API to manage VShield Edge devices deployment.
The synchronization and registering of the VSM with the VCenter Server is not necessary
when using VSM with VCD.
VShield provides end point security like network security for firewall, IP masquerading,
NAT, port forwarding and DHCP. These services are deployed and managed by the VCD.
In cloud it is very important to meter the usage of each of the resources and generate a
report or bill based on that. VCD uses VCenter ChargeBack for this service.
The VCenter Charge Back is updated by the VCS Data Collector.

It has its own Data Base and also uses VCenters Data base along with VCD Database and
meters the usage of the resources by each of the users and creates the billing reports.
Charge Back is licensed per VM.
VCD data collector:

It will process chargeback events from VCD and will be responsible for creating and
updating VCenter chargeback hierarchy.
It is also responsible for setting allocations on VDC, VMS, VApps, templates, media files
and VCenter Network entities and it also monitors the VCD Database for chargeback
events.
VSM Data Collector doesnt directly talk to the VCD Data base and it is also not aware of
the charge back activities.
VCD Cells:
The hosts in the environment run a group of services which are known as VCloud
Directors cells. The VCD Cells are connected to the VCenter Server(s) as per the
configuration and this setup also has a VCD Data base.
The cells are implemented as an OSGi node.
The Cells are responsible for managing the DB connection
It also maintains the user ACL policy the rules to define user permissions and operations
requirement permissions.
It also tracks information about the users like name, public key, address, organization,
etc.
It controls the operations of each of the VMs and also schedules tasks like cleaning up of
logs, lease management, LDAP synch.
It acquires the VDC information for the organization.
The figure below will give you a more understanding of how the above discussed components
work together.
fig.xxi
Multi-Cell environment:
In a multi-cell environment, we have a load balancer to balance the load to each of the cells.
The load balancer is session aware and is not a part of VCD.
One of the cell acts as a master or the co-coordinator cell while the rest of the remaining
cells act as slaves. This master cell is responsible for running all the required critical services
for VCD cells and also designates which slave cell runs which services and generates a task
list of services that should be running on each cells meaning, it allocates task to each of the
respective cells. The slave cells just start those resources as instructed by the master.
The master cell also monitors the liveliness of each service started, also manages the
failover scenarios, like restarting the failed process. IT is able to do this by monitoring the
heartbeat entry in database of each cell table.
The master cell detects the new cells that are added to the VCD and load balances them
when needed.
The slave cells in return always checks the heartbeat of the master cell and check if master is
alive. And if the master is dead then the slave cells try to grab the lock for master and
become the master.
VCD Database:
This database stores all the information and addresses of the cells which are working
together.
It also stores information about the VShield manager, VCenter Server, ESX/ESXI hosts.
VCenter Database:
This database stores information about port groups, resource pools, VCenter Server user
accounts and their roles and also keeps track of the inventory.
Terminologies:
fig.xxii
Organization:
They are isolated tenants in the cloud.
Each organization has its own users, ACLs, catalog, Provisioning policies, resources and
networks.
An organization consists of multiple virtual data centers (VDCs).
VDC:
It provides processor, memory, and storage to the organization.
It is assigned to the organization by the system administrator.
There is a provider VDCs and Organization VDCs.
Provider VDC Organization VDC

It is an abstraction to combine compute, They are logical units provided by the Provider
storage, networks to form a single logical unit VDC to the organization.
It allows to combine tiers of compute, storage Organizations consume capacity from VDCs
and networks, these resources are offered as and offer tiered services to users.
differential service tiers.
It is differentiated by SLAs.
Catalog:
These are containers of VApps and media files in an organization.
Its contents can be shared by other users in the organization.
Organizations who have permission to publish catalog can share VApps with other
organizations in the cloud.
VCD utilizes the Virtual network distributed switch and VSphere port groups which helps
in supporting the networking of Virtual machines.
VCD relies on VSphere to provide IT resources like CPU, memory to run the VMs.
The VSphere data store provides the storage for VM files and other necessary for VM
operation.
The cloud resources can be divided into Provider VDCs, organization provider VDCs,
organization PVDCs, network pools, organization networks, external networks, etc.
Organization PVDCs provides resources to an organization and it is partitioned from a

PVDC, meaning one PVDC can have more than one organization VDCs. The organization
PVDC provides an environment where VMs can be stored, deployed and operated. It acts
as the storage for virtual media like floppy, CDs, etc. Whereas the PVDC combines the
resources like compute and memory of a single or multiple VCenter Server pool with
the storage of one or more data stores. It can create multiple VDCs for users at different
locations or for users with different performance like gold, silver, bronze, etc.
Networking:
Network Pools:
Network pools in VCD are divided into 3 types from which the different segments are
provided whenever there is any independent VApp or Organization network. When
there is directly connected Org/VApp network, the network pool is not used because
these Org/vApp network are just a logical object and the VM/vApp are directly
connected to the port group of the layer above.
The network pools are used by VCD to create some organization networks & all of the
VApp networks. The network pools are basically a set of pre provisioned network
resources. Network pools help in creating networks on the fly whenever an organization
or VApp network is created. It is backed by network resources of VSphere like VLAN ID,
Port groups or cloud isolated networks. Traffic from each network in the network pool is
isolated on layer 2 from all other networks. Each organization VDC can have only one
network pool. Multiple organizations VDC can use same network pool, but with proper
isolation.
Packets tagged for particular vlans can be intercepted due to misconfiguration. The use
of trunk port or other physical infrastructure that ignores that ignores the vlan, but vlans
are appropriate for isolating one organization from other in a typical shared resources
cloud environment. VSphere enforces the separation of packets for different vlans.
VLAN Backed
This is a pool of network that is based on a range of vlans and a distributed virtual
switch. The distributed switch should be configured to span all the hosts in the resource
pools assigned to the organization VDC using its associated network pool.
Uniqueness of VLANS, assigned to different network pools to help enforce isolation

between vApp, specific firewall rules can be added to organization network created from
network pools.
It requires 1 vlan per organization. It should be used when there is a large number of
hosts, organizations, vApps in the vCenter clusters.
A set of unused VLANs must be available for this pool. Upon the creation of an Org or
vApp network based on a VLAN-backed network pool, there is a port group created on a
dvSwitch and a VLAN is allotted to this port group. All VLANs specified for the pool must
be trunked to the host and the numbers of available VLANs are limited in most
environments.
The basic requirements for this type of network are a distributed vSwitch, pool of
available VLANs and Physical uplinks need to support VLAN Trunks.
Constraints: Regular Switches and Nexus 1000v are unsupported currently for this type
of network. The amount of available VLANs in most environments is also restricted.
VCloud Network Isolation Backed (VCDNI)
It is a pool of networks that are based on distributed virtual switch and an optional vlan
id with isolation enforced at the vSphere kernel. They do not require the use of any vlan.
This can be used when there are many organizations, hosts, vApps assigned to a vCenter
Server cluster and the available number of Vlans is of concern and when it is not feasible
to assign large number of vlans or trunk ports to the hosts in the cluster.
It is easier to manage because there is less number of vlans.
This network pool is flexible, easily configurable and VLANs are not required. VCDNI
provides layer2 isolation by utilizing a network overlay. VCD uses a Mac-In-Mac
encapsulation technique to create an isolated layer 2 network without using a vlan and it
also requires a VDS. For each consumed network vCD creates a port group and this port
group is assigned a network ID number. This network ID number helps for the
encapsulation of the traffic. MAC-in-MAC technique is used for the encapsulation of
traffic by VCD. However, the MAC in MAC encapsulation causes a minor overhead which
leads to frame fragmentation, so to avoid this; the MTU of the underlying transport
network (dvSwitch) has to be increased. MTU size needs to be configured because when
both the VMs guest OS & the underlying physical infrastructure is configured to the
standard MTU size of 1500 bytes, then the VMware network isolation protocol will
fragment frame, to avoid this frame fragmentation, we need to increase the MTU to at
least 1524 bytes for both the network pool & the underlying physical network. You can
increase the network pool MTU up to the MTU of the physical network.
Port Group Backed:
It require on a preconfigured set of port groups either on a regular switch or a

Distributed virtual switch and the port groups must be available on each ESX/ESXi hosts
in the cluster. The port groups need to import when creating this network pool.
It is used when vCenter cannot programmatically configure port groups on the fly or
when you do not have distributedVirtualSwitch.
The standard vSwitch or Nexus 1000 switch can be used for creating this network pool.
The port groups must be isolated at the layer 2 levels from other port groups and must
be physically or by using Vlan tagging.
After the creation of a VLAN-backed or a vCloud Network Isolation-backed network pool,

whenever an isolated or NAT routed vApp/Org network is created, a new network
segment will be instantiated by VCD. This segment is essentially a port group on a
distributed vSwitch. Layer 2 isolation between the different segments is provided by this
port group. As a distributed vSwitch is used every host in your cluster will instantly have
the same port groups available otherwise in case of Port group Backed pool all the port
groups should be pre-created manually and it must be ensured that all those port groups
are available on every host in the cluster or use VTP.
Networks in vCD
There are three different layers networking in VCD with Each of them having a specific
purpose. These layers are as follows
1. External Network
2. Org Network
3. vApp Network
External Network
This type of network (as the name suggests) helps for inter-Cloud connections. It is the
connection to the external world and is also the first network object which is created
within vCD. Multiple organizations can share an external network but it is typically
created per organization and provides connectivity from or to the virtual datacenter.
Note: A Portgroup is an essential component for and External Network, so a Portgroup

should exist within vSphere before the user can create this vCD network object. This
portgroup can be created on a regular vSwitch, a dvSwitch or the user can use Nexus
1KV. This Portgroup must be set up with a VLAN for layer 2 isolation as per
recommendation.
Org Network
The Org Network is the second object that is created. The Org Network helps in intra-
Cloud connections. An Org Network can be used to link to an organization and provides:
Direct connectivity to an External Network

NAT/Routed connectivity to an External Network
Completely Isolatation.
This means that although an Org Network is primarily created for internal traffic, it can
also be used for linking to an External Network which creates an entry to or exit the
virtual datacenter.
Org Network is mandatory. An Org Network must be present in an organization; and is
the only mandatory network object. An Org Network uses a segment from the Network
Pool when it is NAT/Routed or Isolated. A directly connected Org Network is just a logical
entity and it doesnt exist physically.
Note: Org Network doesnt always have to be connected to an External Network; it can
be used in complete isolation or for Cloud internal traffic only! For example when the
vApps can communicate only to each other and not with the tenants, the Org Network
doesnt have to be connected to an External Network.
vApp Network
The vApp Network enables the users to have an internal network for vApp, which can be
used for isolating specific VMs of a vApp. This vApp Network can be:
Connected to an Org Network directly,

Connected to an Org Network via NAT/Routing,
Completely Isolated
vApp Network is useful for isolating specific VMs from the outside world. This Network is
kind of Org Network because a segment from a Network Pool is required. The Org
Network and the vApp Network can just be connected via a logical connection while in
the back-end it will be directly connected to the layer above it. The figure below depicts
the high level structure of various types of networks that are available in vCloud Director.
fig.xxiii
iii. GoGrid:
Go-Grid is another example of Cloud IAAS. It provides hosting Linux as well as Windows
services as virtual machines which are managed by a central point multi-server control panel
and also provides RESTful APIs to do that. GoGrid is not open source and is a tough
competitor in the market with RackSpace.
Following is the brief overview of GoGrid solution. Lets look at various components of
GoGrid architecture and how it helps in providing secure and efficient IT Infrastructure as a
service.
Customer Portal:
The GoGrid Customer Portal provides secure space that enables users to set up and manage
their infrastructure and includes other tasks such as deployment, load balancing between
different components of an applications, cloud servers, and it also provides dedicated
hardware servers which we will explain later on.
It also helps the user to get updated billing information.
It also manages user access and controls. The users can be given permissions on various
objects on their roles so that they can be able to a set of different functions.
It also enables users to easily set their passwords if they have forgotten with proper security
in place to prevent others from accessing their resources.
Servers:
There are different types of services that helps user to get their own servers running in
the GoGrid Cloud Space. Lets have a look at some of them below:
Cloud Servers (virtual servers):

GoGrid enables users to provision a server of their choice from a list of server types
really easy and fast. The user gets to select the server image (or the template in general
language) and the features like, the amount of CPU, RAM, etc. and provision it, which is
provided to the users in a matter of minutes. The server types that GoGrid supports are
Windows and Linux from various vendors like RedHat, Ubuntu, etc. GoGrid provides
these servers with full administrative access and rights so that the user can configure
their resources according to their need to meet the business requirements. GoGrid
provides servers with maximum limit of RAM up to 16 GB of RAM with many server
images which broadly contains all types of basic as well as advanced level of features.
Dedicated Servers:
As mentioned earlier, dedicated servers are another type of server that GoGrid provides
as a service to its customers. These dedicated servers are basically physical servers that
can be managed directly through the GoGrids customer portal. These servers are not
shared meaning they are dedicated to a single customer so that the customers can run
applications which they do not want to run on a multi-tenant environment. These
physical dedicated servers reside on the same private VLAN that the GoGrid
cloud/virtual servers resides on and enables users to build a highly scalable hybrid
infrastructure which is an optimal solution for building a scalable dynamic applications
which is secure and flexible. The applications on these dedicated servers can be
configured to handle any kind of spikes in the applications requests and any amount of
traffic.
GoGrid also provides a very secure payment portal for users to pay their bills which are
very flexible and users also have an option of prepaid monthly service or a pre-paid
annual plan.
Server Image (MyGSI):
GoGrid provides a service known as My GoGrid Server Image (MyGSI) which helps the
users to create, edit, save and deploy a GoGrid server Image in a very easy and semi-
automated process. This GSI image contains all the information which is pre-configured
and contains the users customized applications along with the server operating system.
This service gives users a great flexibility to manage their infrastructure. This GSI image
can be used by the user to instantiate am image server, install softwares, websites,
applications, etc. The user can also save the image server to storage of GoGrid cloud and
the user can also instantiate new application servers or database servers from the server
images stored in the GoGrids cloud storage.
The server image allows the user to reuse the images which forms the base of the server
and can be easily scaled.
Accessibility to the users servers:
GoGrid provides a very easy way for users to log into their servers using SSH for Linux
Servers and Remote Desktop to Windows servers. The users have option like Putty, or
any 3rd party client to access their servers.
Log in to Windows Servers:
The users can log into their Windows server using RDP connection with the default user
name of Administrator. The password of the servers are generated randomly by
GoGrid and can be retrieved from the user interface i.e. customer portal. The users also
have the option of changing their password once they have logged into their servers but
the users need to edit their updated passwords in the console to be viewed from the
customers portal.
Log into Linux Servers:

The users can log into their Linux servers using SSH or any 3 rd party SSH client. The
default username for accessing these servers is root and the password is generated in
the same as for Windows Servers and the user have the ability to update their
passwords.
Networking:
IP Address :
GoGrid provides a private IP address to each of the servers provisioned.
When the user creates an account, it comes with a public and a private VLAN and GoGrid
provides 8 usable IP addresses of public type and 251 private IP address in each of the
data centers. The users can also request more public IP addresses at any time for which
they are charged accordingly. The public IP addresses are used to provide public internet
access to the servers. The user might want to configure every servers firewall properly
in-order they can restrict the access of their servers. The users can provide the servers
with private IP addresses which they do not want to be accessed over the public
networks, like database servers.
GoGrid reserves certain IP addresses in the subnets to be used in their network

infrastructure and they are not available to be used by the users and so are not
displayed in the GoGrids customer portal.
Network interfaces:
There are 3 network interfaces (NICs) attached to the server provisioned from GoGrid.
Among the three, 2 are physically attached to the public facing switch fabric and the 3 rd
or the last one is connected to a private switch fabric. The two switch fabrics that the
interfaces are attached to are completely separated and they are separated by different
switching and routing infrastructures.
The NIC attached to the public VLAN is configured with the IP address that is assigned by
the DHCP whereas the private VLAN to which the private NIC is attached to is given a
static IP addresses. Note that each account comes with a set of private VLAN. Whenever
the server is to be configured to provide network access, it is configured to be given IP to
the Public_1 VNIC from DHCP whose MAC address is also associated with the IP address
the user choses when the server was first added to the DHCP server. This is done to so
that when there is an attempt to get a new DHCP lease; it will always result in the same
IP address being bound to the interface. The Public_1 VNIC can be shut down or disabled
whenever by the user at any time, but the user must be careful because doing so, it will
result in loss of access to the GoGrid server.
The public_2 addresses can also be bind to the assigned IP addresses and Private
interfaces by the users.
The users also have the option to add additional IP addresses to their servers which is
charged extra. They can manage their DNS. The port 25 (SMTP) is blocked by default by
GoGrid to prevent spamming emails and the users can unblock it whenever they want.
Firewall:
The users servers are protected by the GoGrids hardware firewall and it helps in
keeping the users data secure from malicious threats which helps in providing secure
server administrative access though VPN tunnels. The setup, maintenance and
management of the firewall is done by GoGrid and this ensures that hosted internet
environment can sustain sophisticated threats. These hardware firewalls are also
essential in helping the user to construct a PCI complaint environment.
The users can order a Fortinet Firewall which is extra chargeable and provides users with
additional options to secure their servers.
F5 Load Balancers:
The enablement of Load balancers in cloud was pioneered by GoGrid. It provides fully
integrated and redundant F5 Load balancers free of cost. This load balancer can be
provisioned from the customer portal or using APIs. This service is freely provided by
GoGrid and is very easy to setup.
The load balancer uses two options for load balancing, they are round robin and least
connect and provides three options for consistency which are none, SSL sticky and
source address. These options can be easily configured and changed at any time via the
APIs.
GoGrid Storage solution for Cloud:

GoGrid provides a storage solution that is fully scalable and reliable file level backup
service for Windows as well as Linux Servers that are running in the GoGrid cloud. These
servers can mount the storage volumes easily over the private network and it uses
common transfer protocols for communications and transfer of data to and from the
cloud storage devices. These storage solutions are very easy to add to the servers and
can be scaled at any time and the user is billed only for what they use, allowing the users
to manage their expenses.
GoGrid provides cloud storage of 10 GB free of cost for every user account which is
configured over each accounts private network.
GoGrid provides username and password to access the cloud storage allotment to every
cloud server. These credentials are automatically generated and presented at the
password management interface in the customer portal.
Content Delivery network:
GoGrid provides this service of content delivery network to accelerate the delivery of all
the web contents by deploying them over GoGrids global infrastructure. The end users
receive the desired content from the mirror which is closest to them and is known as
fastest-point-of-presence (PoP) independent of the location of the original content. This
service ensures faster page load time, with more reliable and efficient transactions of
the users web page, like better streaming of videos, and thus facilitates the end users to
spend more time on the users website. This CDN service can easily be added to the
users account through the customer portal and they get provisioned within 48 hours
and the users are charged according to the transfer and storage.
GoGrid has a number of partners that provide additional services and functionalities
along with GoGrid to the customers. The partners are also allowed to share or sell their
Server images under the name of Partner GoGrid Server Images (PGSI). These Server
images are GoGrid Server images with softwares provided by partners that are
preconfigured and preinstalled. Some of the PGSI are licensed and some of them are
free.
Then there is another types of Server Images which is community based. These server
images are public and can be used with GoGrids Image Sharing feature. The server
images of this type are known as Community GoGrid Server Image (CGSI) and are
available by the GoGrid user community.
Metering and Billing
When a user created a GoGrid account, the F5 Hardware Load Balancers are associated with
the account along with 10 GB cloud storage per month as well as unlimited inbound data
and 24/7 premium support. These services are free of cost with an account. The users have
to pay for:
The amount of RAM hours used by the users deployed servers for the number of hours
for which the servers are used.
Users dedicated servers.
Licenses of softwares (not OS) such as Microsoft SQL Server or Cloud Server Images
provided by partners.
The data transfer that is outbound.
Cloud storage usage if it exceeds 10 GB
Any additional services that are purchased by the users, such as firewalls, IP addresses,
etc.
GoGrid provides a billing widget which contains all the information about the users account.
This widgets information is updated hourly and contains the following information:
RAM Plan It displays the plan of RAM that the user have chosen from the available
plans like, Pay-As-You-Go, Corporate Cloud, Professional Cloud, Business Cloud, or
Enterprise Cloud). The default plan is the Pay-As-You-Go Plan.
RAM Allotment - The product of RAM and Hours depending upon the users Memory
Plan.
GB in Use - The total amount of RAM Hours that the user has currently deployed on grid.
GB Hours to Date The amount of RAM Hours that the user has used for the month.
Transfer Plan This displays the Transfer Plan that the user has chosen from the
available plans, like Pay-As-You-Go, Transfer 500 GB, Transfer 3.6 TB, Transfer 20 TB,
Transfer 57 TB). The default is the Pay-As-You-Go Plan.
Transfer Allotment - The amount in GBs of transfers that are allotted to the users
account. All transfer that is inbound is free of cost.
GB Transfer to Date The amount of GBs of transfer that the user have used for the
month.
iv. Rackspace
Rackspace is another solution for Infrastructure as a service which bills users on pay-as-you-
go basis. It is a web application which provides hosting as well as cloud services. Rackspace
provides its cloud based service which is categorized into 3 types. They are: Cloud Servers,
Cloud Files and Cloud Load balancers.
Lets look at the services provided by Rackspace in detail:
Cloud Servers:
The Rackspace cloud servers provide services for the users to create virtual servers really
fast and easy. These cloud servers are virtual machines which are abstracted from the
hardware using a software hypervisor. The hypervisor facilitates the servers to be
performs with reliability, scalability and also ensures security for each of the servers
provisioned by the users. The cloud servers can be launched very fast and they are
placed upon a running hardware. These servers can even be modified easily meaning,
they can be resized for more resources like CPU and memory.
The cloud severs are provisioned with some CPU and memory which is dependent upon
the size of the servers that the user requests for and whenever there is extra resources
available from the host hardware, the cloud servers provisioned on that hardware takes
advantage of the situation, i.e. they are given the resources. The cloud servers are also
given more resources as they need them up to the maximum limit. These extra
resources provided to the users servers are not chargeable by Rackspace.
The cloud servers can also be scaled up very easily, the users can scale the servers
without installing any additional applications over it for this service, but for doing so, the
cloud servers are taken offline for some minutes and the resources, like RAM, disk space,
CPU allotment are modified after which the server can be restarted.
These cloud servers can be accessed from anywhere at any time using any thin client
over the internet. The storage that these cloud servers are facilitated are RAID-10
supported which provides reliability and redundancy.
The cloud servers of types Linux are assigned 4 vCPUs for servers up to 15 GB and 8
vCPUs for servers up to 30 GB. The Windows types of cloud servers are assigned vCPUs
which vary according to the size of the server which is same as Linux servers. The cloud
servers also facilitate the provisioning of Database servers like MS SQL 2008 R2.
The cloud servers are provided with two different network interfaces, they are public
and private. All the data transfer through the private interfaces are free of cost and are
used for communications between the cloud servers of a user along with access to other
RackSpace services like Cloud Files. The cloud servers can have multiple public
interfaces. The servers can also have shared IP addresses which can be used for
providing high availability.
These servers are provisioned from pre-defined server images. These cloud servers can
be snapshotted at any time and this activity can be scheduled also.
Rackspace provides a web based console for accessing the services which can be used
for accessing the servers whenever there is a problem relating to booting or network.
Rackspace provides file system access to secure the files whenever a server fails. The
users can take advantage of hybrid cloud hosting solutions by having a dedicated servers
as well as cloud servers.
The users can provision a cloud server from the predefined templates as well as from the
snapshots that they have taken of their running servers. This task can be accomplished
using the Rackspace web console called control panel as well using APIs or Mobile
Applications by Rackspace. The users get to select the configurations of the servers that
they are provisioning like, the amount of RAM, vCPUs, etc. The users can access various
functions like status of the server getting provisioned, console of their running servers,
resizing, rebuilding the servers (it removes all the data and provisions a clean server),
etc.
Security:
Rackspace provides security features from its side to secure the users cloud servers, but
the user should also consider enabling the security features from own side on their
machines like proper configuration of firewall-configuring IPtables in Linux system, SSH
key generation in Linux Systems, as well as SSH permissions, etc. If the users machine
gets locked in any case of security breach or faulty SSH keys, they can use the Web based
control panel to unlock the system. The users can also create inbound as well as
outbound traffic control using their servers internal firewall.
Backups & Restore

Rackspace provides the users with facilities of backup and restoring their servers. The
backup can be done on a scheduled basis as well as on-demand basis. This service incurs
additional storage and bandwidth charges on cloud files to the users account because
all the backups and snapshots are stored in the cloud files.
The Rackspace cloud servers also have a rescue mode features which allows the users to
put their servers on rescue mode so that they can correct the configuration problems if
any or make a copy of the data. When any server is put into the rescue mode, the root
drive of that instance is set aside and a server with a new root drive is created from the
base image and the previous root drive is added to the server as an extra device. The
users can perform certain actions that they want on this device like, correcting the
problem that the user is facing, changing configurations, or move data over the network
to a new location, etc.
After the rescue image is completed, the users receive an email containing the password
and the users get 24 hours after which the server will revert back to the previous one.
fig.xxiv
Cloud Load Balancer:
Now, that we have seen the Cloud Server service of Rackspace, lets move on to another
service from Rackspace Cloud Load Balancer, Which is a very important service required
by web applications to load balance the incoming traffic request so that they meet the
customers requirement efficiently. It can also be configured to create high availability
application architecture so that if any of the server(s) is/are down, the application keeps
running on other identical server to process the users requests.
So, what is the load balancer service provided by Rackspace? It is a service from
Rackspace for mission critical web-based applications and workloads where HA or high
availability is an important solution. The load balancer has the task of distributing the
workloads to two or more servers, network links, and other resources as per the users
application design. This helps in maximizing the throughput, minimizes the response
time and also prevents overloading of any of the servers. Rackspace Cloud Load balancer
helps the users to very easily and rapidly load balance multiple numbers of cloud servers
or external servers which also helps in optimal resource utilization.
The users can simple add a load balancer to their accounts using the API or using the
web based console Control panel. While creating, users can also configure the load
balancers using the console or the API like name of the load balancer, protocols whose
port numbers are pre-defined in the table, create a custom protocol although all the
standard protocols with port numbers are pre-configured in the table, and
Virtual IP type:
This variable allows the users to set three types of values: Public, shared virtual IP or
Service Net:
Public IP type: by setting this VIP type, it would allow to load balance any two servers
with public IP addresses.
Shared Virtual IP: This option can be used by users to load balance multiple services
which may be running on different ports and are using the same Virtual IP address.
Service Net:
This option is the best among the three options, this allows the users to load balance
two cloud server as this service allows to load-balance the traffic to run on the
Rackspace Cloud Network, or Service Net. The two main advantages that are associated
while using this service, they are the rate limit is double of the rate limit of public
interface and all the traffic flowing between the cloud servers on the Service Net is free
of cost.
The most amazing feature of Rackspace Load Balancer is that it gives the user the ability
to select the algorithm that will be used for load-balancing. There are many algorithms
that the users can select from with proper explanation about the working of each
algorithm. The algorithms that are available to the users to select from are Random,
Round Robin, Weighted Round Robin, Least Connections, Weighted least connections.
The most common among these are Random, Round Robin or the least Connections. The
weighted algorithms are used when the servers are unequally in size or resources.
The Load balancer provisioned from Rackspace can be in different geographic locations
like Dallas, Texas or Chicago. The location must be chosen by keeping the backend nodes
that are to be load balanced and so the load balancer must be as closely located to them
as much possible.
The users are provided with the options to select the nodes which are to be load
balanced by the load balancer. These nodes can be internal or external, for an external
node, the IP address of the external node is to be provided and the port 80 should be set
for HTTP traffic. The load balancing service can be enabled or disabled through the
control panel on the external nodes.
There are few other additional features that are provided by the Cloud Load balancer
service of Rackspace.
Active health monitoring is one of them which along with the default passive health
monitoring helps in monitoring the health check for the backend servers. The active
health monitoring service determines if the application is healthy by using synthetic
transaction monitoring which inspects the HTTP response code and its body content.
Cloud Load balancer service also provides session persistence, this feature utilizes the
HTTP cookie if the user is using HTTP traffic and ensures that the requests are given to
the same node in the pool.
The Load balancer provides another additional service known as connection logging,
which simplifies the log management by providing Apache-style logging for all HTTP
based protocols or logs for all the connection and transfer to the users Cloud Files
account. The logs can also be sorted, aggregated and then delivered to the Cloud Files.
Connection throttling is another additional service provided by Cloud Load balancer

which imposes the limits defined by users on the maximum number of connections per
IP address that can be used to reduce the malicious or abusive traffic to the users
application or website.
Cloud Files:
The Cloud File service is Rackspace another service that it provides to users. The Cloud
Files as the name suggests is not a file system, and much more than that. It will not allow
the users to map or mount the virtual disk drives, which the users can do with other
types of storages like SAN or NAS. It is complete different form of storage; lets look what
Rackspace has to offer.
The Cloud Files system is like an object store similar to the Amazon S3 system. This Cloud
files system can be accessed by any user but they need their username and API access
for authentication, after which the user will have full read/write permissions on the
objects or files of that users account.
The data in the Cloud Files system is stored in a storage compartment known as
Container which is similar to the folder in Windows or a directory in UNIX. These
containers cannot be nested and hence which is the key point that differs the cloud files
to other files systems. A user can create unlimited number of containers.
The cloud files stores files as an object which is the basic storage entity and the objects
metadata represents the files the user stores in Cloud Files. Each object in the container
has location; name and metadata (optional) which comprises key-value pairs. There can
be unlimited number of objects within a container.
The users can perform a lot of operations on the objects and containers in the Cloud
Files like, creating-deleting containers, uploading-downloading objects, etc. These
operations can be done via the REST API.
The objects stored in the containers can be publicly accessible as of now.
There is yet another feature of Rackspace that provides access to the objects stored in
the Cloud Files with low latency. The users can publish their data so that it is served by
Akamais Content Distribution Network by publishing the container to the CDN. After the
container is published, all the files within it will be publicly accessible and doesnt
require authentication for read access. While uploading the content to the CDN-enabled
container, the users need to authenticate themselves using a valid authentication token.
The containers that are published will have a unique URL to access it. The objects within
a container can be accessed via the URL of the container combined with object names.
These objects can be openly distributed in the web pages, emails or any other
applications, i.e. they are made public. Whenever the URL for the object is accessed, a
copy of that object is fetched from the Cloud Files and cached in the Akamais Content
distribution network and any other request for access of that object from nearby
location is served from the Akamais CDN.
The use of CDN with Cloud files helps to distribute the users files across a global
network of edge servers which helps in increasing the speed at which the end users can
download or access the files. The CDN is responsible for copying the files to the edge
servers after they have been requested for first time from a given geographic location.
These files when cached on the edge servers will remain there for the specified TTL
(Time to live) for each of the individual files or until the edge purge request is sent to the
node.
The edge purge is used by the user in case the original content has been modified and to
prevent users from accessing the old content that has been cached at different edge
locations, there can be a maximum of 25 object purges in a day, per account which can
be extended by contacting the Rackspace support team.
There are some standard best practices that the users must follow while using Edge
Purge which are discussed as follows:
It is a good practice to have CDN Edge purge as the part of the workflow of the users
applications. The users should design their application which uses purge as a one-off
method for controlling the contents to be delivered to the end-users instead of keeping
it as the final step to uploading new contents.
The users should keep a good practice of sending the purge request with a TTL if the
contents of their application. This is done to remove the old contents from the edge
servers when the content expires and the new contents can be cached at the edge
locations so that the end-user do not get the old contents from the cached servers after
the original content has been updated. The purge request for any content takes 20
minutes to process on average and may also take hours so the users can set their TTL as
low as 15 minutes.
If the users initially set the TTL to be long and if the original contents were updated, the
user must explicitly remove the old contents from the edge servers using the purge tool.
If the users wipe out their whole application and deploy a new one, or if there are too
many purge requests, it may result in the high queue for updating the purge and thus
the purging process may slow down. So, in these cases the user might consider
versioning of the files instead of using identical file names for all the releases meaning
the design of the application must be such that the request should always fetch the new
files and the old new should automatically retire to the Cloud files. This enables the user
to launch their application at an exact time, rather than waiting to update the purge
content.
2. Platform as a Service:
As we move above the pyramid structure of the Cloud Computing Services, Platform as a
service comes next. This service is built upon the Infrastructure as a service, i.e. it utilizes
the IT infrastructure to build platforms that can be delivered as a service to the users. The
users can use these offerings as a platform to build their applications, etc. this prevents the
user from unnecessary buying the license of underlying hardware or the development
platform while it also provides the complete life cycle of developing and offering the
applications or services over the internet. There are various PaaS providers in the market
with many types of offerings and some integrated services as well which facilitates the
users applications with scalability, maintenance as well as versioning.
The PaaS offerings includes various offerings like, application designing , development,
testing, deploying the applications as well as hosting them along with team collaboration,
integration by web service and database integration, security, scalability, storage,
persistence, management of applications state, versions, instrumentation with community
facilitation. All these solutions are integrated to form Platform as a service which is delivered
to the users over the internet on pay-as-you-go model and the user is not concerned about
the underlying architecture.
The underlying features like OS can be changed frequently. It allows a globally distributed
team to work together as a team as they are working on one platform shared over the
internet. It also minimized the expenses on initial and ongoing maintenance of the hardware
as well as the platform layer, so that the focus and budget can be shifted to the
programming and development of the applications.
PaaS is the layer below SaaS in the pyramid structure of Cloud Service model which means
that the software distribution layer is built upon platform where we can deliver software as
a service to the customers over the internet.
Major PaaS providers:
i. Microsoft Windows Azure:
fig.xxv
[This image is a property of http://windows7.iyogi.com/news/windows-azure-cloud-computing/]
Microsoft Windows Azure is the perfect example of platform as a service which provides
platform on cloud that supports applications, data, and infrastructure in the cloud. It can be
categorized into four parts, they are:
Windows Azure: It is a windows environment that runs the applications and stores data
on computers and is located in Microsoft data centers around the globe.
SQL Azure: It is as relation data base services accessible over the internet in the cloud
and is based on MS-SQL Server.
Windows Azure AppFabric: It is a cloud based infrastructure that is provided as a service
for the applications that are running in the cloud or the users premises.
Windows Azure Market place: It I an online service which provides cloud based data and
applications for the users to purchase.
All of the above four components run in MS data centers around the globe and is provided
as a service to the users over the internet. The developers have been given the capability to
choose the data center where they want their applications to run and data to be stored.
Lets have a closer look into each of these parts, this will give us the idea what type of
services are provided and how can the users use these services for their applications.
Windows Azure:
Windows Azure is the platform upon which the SQL azure and Windows AppFabric is
built upon, and the applications and data is stored over these two components, i.e.
Windows Azure is the base upon which the other services run, though it sounds very
complex, the architecture of Windows Azure is quite simple. Lets take a deep dive into
the five components of Windows Azure:
Compute:
The foundation of the compute services that runs applications is a Windows Server
foundation. The users create application using the .NET framework where the
programming language can be C# or Visual Basic, even C++, Java and some other
languages are also supported. The development tools that the users can use are Visual
Studio with technologies like ASP.NET, Windows Communication Foundation or PHP.
The users applications that are built upon the Windows Azure compute service can be
divided into one or more roles. On execution the application there are two or more
instances of each role, where each instance is a VM.
Any application can use the following three roles:
Web Roles: This is primarily used to run Web-based applications with the IIS services
running. The applications can be created using the technologies and development tools
that were discussed above.
Worker roles: This role has been designed to run a variety of code and runs as a
simulation. This is suitable for applications like video processing, etc. The web role acts
as a frontend of the application while the hand tasks are processed in the Worker role.
VM roles: This run a Windows Server 2008 R2 image and is used for moving some on
premise Windows Server applications to Windows Azure.
When the applications are run on Windows Azure, the configuration information of the
application is also provided by the users which also tell the platform about the number
of instances to be run for each rule. Windows Azure fabric controller creates a VM for
each of these instances. These instances run the code for respective role in each VM.
The load balancing of the request is done across all the instances of each role.
The load balancer does not support sticky sessions so the role instances need doesnt
maintain he state of the request themselves. So, any client specific state should be
written to Windows Azure storage, stored in SQL Azure database or can be maintained in
some other way externally.
The developers have the capability to choose the size of the VM from a list which
includes configuration based on CPU and memory and the users can also increase or
decrease the number of instances for the roles, the Windows Azure fabric controller will
do the tasks like spins up and runs the machines for these instances or shut down the
machines as per the request.
The developers are also facilitated by number of Visual studio project templates that
they can use to create Windows Azure application. The SDK also includes a version of
Windows Azure environment (known as development fabric) that can be run on the
developers machine so that they can test their applications before going live. The
information of the consumption of resources like CPU, memory, incoming and outgoing
bandwidth and storage is also provided by Windows Azure.
Storage:
Storage is the next component of Windows Azure which allows storage of binary large
objects (blobs), provides queues to facilitate the communication between different
components of Windows Azure applications and also offers a small table which can be
queried using simple query language.
The Windows Azure storage fulfills all the types of requirement to store data that can be
storing data in form of blobs or in a more structures way though using blobs for storing
data is the simplest approach. A storage account has one or more containers and these
containers can have one or more blobs which can be as big as terabytes, so the large
blobs can be subdivided into blocks to make the transferring process easier. In case of
failure, the blocks after the most recent blocks can be resumed instead of sending the
entire blob again. These blobs also contain the metadata of all the files.
The blobs can be used through a Windows Azure drive which can be mounted on any
role instance. The underlying storage of this mounted drive is blob, so any read and
write operation on the file system data is stored persistently in the blob.
Windows azure also provides tables (not relational tables) that allow developers to work
with data that is more fine-grained and structured. This table doesnt have any kind of
schema and the data is contained in the form of set of entities with properties (with data
types like int, Bool, date, time, etc.). The table allows the usage of simple query
language, data as large as terabytes can be stored in them and can also be divided into
parts across many servers to increase the performance.
Queues are another service that is provided by Windows Azure in the storage category.
IT helps in communication between Web role instances and the worker role instances.
The Web role instances send messages into a queue describing the work that is to be
done to the Worker role instances. These messages are read by the Worker role
instances and they carry out the task specified and return the results via some other
queue to the web role which then displays the result on the frontend.
The data that is stored in the storage component of Windows Azure is replicated three
times which allows fault tolerance and provides consistency. The Windows azure storage
can be accessed by a Windows Azure application or by any other application running
anywhere using the REST APIs.
Fabric Controller:
There are a large number of VMs that run the Windows Azure. The fabric controller is
responsible for knitting the machines in a single data center so that they can work in as
cohesive role. The Windows Azure compute and storage services are built on top of the
processing power.
The developers dont have the capability to create or manage the VMs upon which the
Windows Azure applications run. Windows azure fabric controller silently creates the
needed VMs and then run the applications. The monitoring of all the running and
crashed VMs are also done by fabric controller and also starts new instance upon failure
of any. The patching and upgrading of any software and the OS is also the performed by
the fabric controller.
Content Delivery network:

The Windows Azure CDN helps the access of data (blobs) by the end-users fast by
caching the frequently accessed data to closer locations to the users. This helps in
improving the performance in situations like video streaming, etc. The CDN facilitates
the low latency access of data by making copies of a blob at locations that are closer to
the end users.
Connect:
Windows azure connect component helps in communicating with the applications

hosted on cloud easily as if they were inside the organizations own firewall. This helps in
accessing of on-premise data by the applications. The applications can interact over the
internet via HTTP, HTTPs or TCP. It also helps in connecting a specific role in an
application to a machine outside the cloud at the IP level. The users can run an
application on ASP.NET to Windows Azure on cloud and keep the database running on its
own premise by making proper configurations.
But this connection is not same as VPN connection which is soon to be provided by
Microsoft. The users can also domain-join a Windows Azure application with an on
premise Active Directory so that the on-premise users can use the cloud resources by a
single sign-on.
SQL Azure:
SQL azure is another of the Windows Azure service of PaaS that provides facilities to
store data on Cloud as a relational data. Lets take a look at different components of SQL
Azure which will make us understand how Microsoft provides this service.
SQL azure Database:

This is the component of SQL Azure that provides a Cloud based data base management
system. This component can be used by users to store relational data in Microsoft data
centers for on-premise and cloud applications. The users get billed only for the usage of
this component.
SQL Azure Reporting:

This component is a version of SQL server reporting service (SRSS) which runs on cloud.
This service is intended to be best supported when used with SQL Azure DB. It helps the
users to create and publish standard SRSS reports on the data that has been processed
in the cloud.
SQL Azure Data Sync:

This service allows users to synchronize data between SQL Azure DB hosted in cloud and
the SQL server DB hosted on-premise, meaning that this facilitates the synchronizing of
data across different SQL Azure DBs in the data centers.
SQL Azure is built on Microsoft SQL Server so developers can create indexes, views and
can also use it for defining triggers and any other service they use the SQL Server for. The
users can build applications to access the SQL Azure data using entity framework,
ADO.NET and other Windows data access interfaces. The applications that access SQL
Server locally will also work almost the same way with the data in SQL Azure. The SQL
Azure also facilitates the use of on-premise softwares such as Analysis service to work on
their cloud based data. The only difference is that now the service is available on Cloud
and the users dont need to bother about the maintenance, installing, monitoring disk
usage and servicing log files, etc. The customers can focus on working with their data
and can access the service using the common Windows Azure platform portal.
Windows Azure AppFabric:

The Windows Azure AppFabric helps in providing Cloud Based infrastructure services
and also addresses the most common challenges in building distributed applications.
There are various components of Windows Azure AppFabric that are built on Windows
Azure. Lets take a look into each of these components of AppFabric:
Service Bus:
The Service bus helps in exposing the services on the internet. It exposes the end points
in the cloud which can be used by the applications to access these services. The exposed
end point is a URL that enables the client to locate and access the service. Beside this,
the service bus also the NAT challenges and firewall configurations while also ensures no
extra ports are opened for exposing the applications to compromise security.
Access Control:
This component allows the customers to build digital identity of users in cloud. It
provides support for applications like Active Directory, Windows Live ID, Google
Accounts, Facebook and many others. It is single place to define the access control of a
user.
Caching:
This component helps in speeding the access of data by caching the frequently accessed
data to various locations so that every time applications need the data, they do not need
to query the data base. This helps in reducing the number of data base query and boosts
performance.
There is an extension of this service that is provided by Microsoft which is known as

Windows Server AppFabric. The services that are provided under this banner run on
Windows Server and also support on-premise applications.
Windows Azure Market Place:

Windows Azure Market place allows the customer to find and buy cloud applications and
cloud accessible data rather than relying on the datasets provided by the commercial
providers. There are two parts of Windows Azure Market Place, they are:
Data market:
It allows the customers to browse the offerings and purchase datasets that they find
useful for their applications. This datasets are provided by the content providers. These
data can be accessed through REST based APIs.
AppMarket:
As the name suggests, this part provides a way to expose the applications to potential
customers. The creators can provide their applications on the AppMarket for the
customers to purchase it.
Windows Azure fully functions as a PaaS by providing application platforms whether it is

on premise or in the cloud.
Windows Azure platform can be used in many different use cases like,
It can be used to create a Software-as-a-Service version of an existing on-premise

Windows application by the software vendors and helps them focusing of the
software building process rather than wasting time and resource on infrastructure
and platform management.
It can be used by enterprises to create a Windows based application for its
customers or employees as Windows Azure provides .NET framework. The
enterprises get rid of the responsibility and extra expenses on managing its own
services and can invest on developers to build .NET applications. Windows Azure also
handles spikes in usage of the applications.
It can be used by startups to create a new website, like a social networking site, etc.
Windows Azure facilitates the building of the application on cloud as this platform
supports wen-facing services and provides an interactive user interface. So the start-
ups rather than worrying about infrastructure can focus on creating code that
provides value to its customers.
ii. Heroku:
Heroku is another Cloud Platform as a Service example where customers dont have to
bother about the IT infrastructure at all; they can just start writing applications using the
programming language of their choice and deploy them which can be accessed over the
internet. The applications can be backed up with other services like SQL Databases, NoSQL
Database, Memcached, etc. The users can use the Heroku command line tool to manage
their services and deploy the applications using the Git revision control system. Everything is
eventually running on the Heroku infrastructure but it is all hidden from the users and the
other activities like OS, software patching, upgrading is also done by the Heroku
administrators.
Lets take a closer look at what Heroku has to offer and how. The high level architecture of
the Heroku platform is depicted in the figure below.
fig.xxvi
Deploying the applications using Heroku:
The customers can very easily deploy their applications using Heroku. The applications can
be built using any programming languages. There is no special requirement for deploying
the apps on Heroku, the users just need a plain Git Push and the deployment is instant.
There is also no need to be proficient in Git, but it is beneficial if you have the basics. Git is a
very powerful revision control system and is decentralized; it is the primary means by which
you can deploy the applications to Heroku.
Heroku provides a multi-tenant platform and application hosting environment. The

applications neednt be provided separate servers, slices, or clusters but the platform
improvements are taken care of. All the servers in the pool are hidden from the customers
and fully managed by Heroku; the customers are presented with a clean interface for
deployment of their applications. There is proper patching and upgrading of the servers
performed by Heroku itself.
Heroku also support continuous deployments. The users can redeploy their applications
from scratch. The customers are also allowed to create, test and stage their applications
before deploying it. Heroku uses an execution environment known as Dyno Manifold that
ensures all the parts of the users applications are updated and also takes care of the
routing.
Heroku follows a poka-yoke design philosophy which enable Role Based access control
allowing users to grant permissions to different other users at different levels. It also checks
the integrity during the Git push and helps in rollback controls.
Dyno:
Dyno is referred to a single process of any type that is running on the Heroku platform which
may include Web processes, worker processes and any other processes that is declared in
the app.
Features of Dynos:
The users can easily increase and decrease the number of dynos that is allocated to their
applications at any point of time without any provisioning of servers.
The Dynos uses a routing mesh that tracks the location of all the web dynos and helps in
routing HTTP traffic to them accordingly.
Heroku also takes care of monitoring the responsiveness of the dyno process. The dynos
that are misbehaving are taken down and replaced with new dynos.
Different dynos are distributed across a distributed execution environment which is
known as dyno manifold. So, different dynos running different amount of process are
distributed across different physical server location. This ensures that if a machine goes
down, the applications stay up. This can be achieved even with two dynos, such that If
one is down the other is up as they are isolated from each other.
All the dynos in the users application is completely isolated from each other in its own
sub virtualized container, this provides many benefits in terms of security, resources and
overall robustness.
The applications maximum concurrency is dependent upon the number of dynos that is
allocated to the application and this also results in request throughput. If a user adds
more dynos it will help in handling more concurrent HTTP requests and there will be
more parallel jobs that can be processed on workers.
Every dyno is allocated 512 MB of memory for operation. In case of memory leak, when the
dyno reaches the limit of 512 MB, some memory profiling tool like Oink, Heapy can be used
to track down the leak and fix them. And in case the memory size grows to three times 512
MB, the dyno manifold restarts the dyno.
Dyno manifold:
It is a vast execution environment upon which the processes of users applications are run. It
is giant, distributed, fault-tolerant environment that allows horizontal scaling when needed.
It gives the users complete and instantaneous control over their process formations. The
process maintenance is also handled by dyno manifold.
Whenever the users create a new release of their application, dyno manifold restarts all the
applications dynos and deploys the new code, changes the configuration variables, add-ons,
etc.
Heroku also provides daily cycling of dynos or whenever it detects a fault in the hardware
underneath. So, it moves dynos to a new physical location, and these processes are hidden
from users and are conducted regularly.
If the dyno crashes, this can happen at startup or during regular operation, the dyno
manifold is automatically attempts to restart it and this happens again, it is given a 10
minute cool down period after it is restarted again. This all processes can be done manually
also.
Each dyno that runs on Heroku platform including both in the process formation and the
one that is run as one-off-admin are provided isolated execution environment by dyno
manifold.
Variety of technologies are used to enforce strict dyno isolation by dyno manifold like LXC
for sub virtualized resources and process table isolation, chroot is used for file system
isolation. These technologies also ensure security and guarantee the resources such as CPU
and memory on a multi-tenant environment of Heroku.
Every dyno in the users application is given their own ephemeral file system that contains
fresh copy of deployed code. Dyno uses this file system during its life time as a scratch pad.
Each dyno is isolated from each other so, any file that is written by a dyno in its file system is
invisible to other dynos. Every file that is written on the file system id discarded at the
moment the dyno is restarted.
Connecting to Heroku:
Heroku allows users to instantly provision and easily integrate their application with third
party services which are provided in the catalog of third party add-on services. These
services include databases, caching, monitoring, performance management, email,
transcoding, searching, billing, etc.
Configuration Vars:
Heroku also allows users to store configuration items like credential to external sources like
S3, twitter in configuration variables and these variables are exposed to the users
applications as environment variables. These are per-deployment environment variable and
provide security as well as flexibility for using different end points for development, staging
and production.
Users can use their own custom services like MySQL which can be running on external
instances like Amazon EC2. This can be achieved by adding the credentials to the
configuration variables which will be presented as environment variables to the dynos.
Control surfaces:
There are many control surfaces that are provided by Heroku which helps the users in
managing their applications and their operations. These are available through command
line, REST APIs and Web Console.
The users can easily deploy their code, view them and manage with a complete audit
logging of all the changes and can also rollback to any version instantly.
The users are also allowed to easily ass, remove, upgrade and downgrade the resources
that are connected and this can be done at any time using add-ons and they can also
manage per-deploy configuration variables for external resources.
Heroku also provides Role Based Access Control for managing, sharing, deploying and
billing activities.
Heroku also allows each part of the users applications to scale independently, these
parts can be individually inspected.
It provides a very fine-grained control of DNS, custom domains, SSL and also helps in
error handling.
There is real time logging of customers applications with process status inspection and
there is full visibility into the operations that are performed in the applications.
Heroku has a component known as Herokus Logplex that provides extra-ordinary visibility
level into the applications operations. This is the aggregation point for all the logging
activities across the platform.
These logs can also be filtered by component or platform layer. The connected resources can
channel logs into log stream.
Scaling:
Heroku also allows scaling of the applications giving full control to users. The users can easily
spin-up new instances with infinite capacity. The scaling is independent for each component
of the application.
The users can define their applications parts with Procfile, and then they can easily scale
the dynos for each of the component independently. This process allows the applications to
scale without any re-architecting the application.
Stack:
Heroku uses a concept known as stack which is a complete deployment environment. It
includes base OS, language runtime and also associated libraries. Therefore, different stacks
support different runtime environments.
There are three types of stack that are available; they are Badious Bamboo, Argent Aspen
and Celadon Cedar. The users can use any of the stacks for their applications.
Process model used by Heroku:

fig.xxvii
Heroku uses process model which is similar to Unix process model which gives a powerful
abstraction to run server-side programs. This gives a unique way to divide our workloads
and scale up. The figure above depicts the workflow and lets look at it in a bit detail.
But there are differences between Unix process model and Web application process model,
like there is only a single entry point to a server daemon like mamcached but there are
multiple entry points for a Web application. So, each of these entry points can be regarded
as a process type. For example a basic Rails app has two process types, one is a Rack-
compatible web process like Webrick, Mongrel, or Thin and the other is a worker process
using a queueing library like Delayed Job or Resque. Heroku provides full support for
processing the users application in Unix process model with various other features.
Scheduling process:
Heroku provides features to schedule processes just like how cron jobs do in Unix and this
can be achieved by a number of different ways, they are:
Using Heroku scheduler: This is an add-on that lets users to execute any type of code
within their application at scheduled interval. This is a declarative approach for
scheduling. The command that is scheduled in Herokus scheduler is simple executed as
a one-off process at the specified time.
Users can also use a special approach to run the processes as singleton process. This
process will use the library to schedule the task programmatically.
The process model used by Heroku also allows for one-off process that handles the
administrative tasks like database migrations and console sessions. The processes set that
are run via Heroku are known as process formation, such as web=2 worker=4 clock=1.
All the processes in the process model sent their logs to STDOUT and the output stream
from your processes are displayed in the terminal. The output streams from the processes
running across dyno manifold are assembled together by Logplex which helps in easy
viewing of the logs.
After the users have pushed their code for the applications and scaled their dynos, they can
relax. Heroku handles the health of the application after this point. The users should also
check the dyno manifold to ensure that right numbers of dynos are running at all times so
that their applications can run properly.
iii. VMware Cloud Foundry:

Cloud Foundry is another example of Platform as a service which is provided as open source
from VMware. It has great advantages over other service providers due to its usage in multi-
cloud scenarios.
fig.xxviii
The developers dont have to put their energy into preserving the choice across OS and to
minimize hardware dependencies on some OS. VMware Cloud Foundry is different from
PaaS solutions because it doesnt force the developers to write their application to a specific
PaaS provider and the user also gets rid of the dependencies the PaaS providers impose like,
once deployed the application will stay on that cloud somewhere and it cannot be moved
without recording and dependency swaps.
So Cloud Foundry provides cloud flexibility to users who may want to shift to some other
cloud like from private to public or vice-versa, from one public cloud to other, etc. It gives
users the ability to make their applications Multi-Cloud by allowing them to write their
application only once. The users can deploy their applications to any Cloud Foundry
instance, which can be anywhere-public, private, etc. Cloud Foundry provides a Micro Cloud
Foundry which is Cloud Foundry in a VM which has the ability to take the same code using
programming languages like Java, Ruby, or any other and deploy that application without
any modification.
Lets know the different component of Cloud Foundry that helps achieve Multi-Cloud
Application Portability.
Droplet Execution Agents:
These agents operate as independent entities and carry out the request made by the Cloud
Controller. As the DEAs are independent it provides a place for the applications to run
without the application knowing where it is executing like the OS on which it is running, etc.
Service Gateways:
The service gateways provide a common and a uniform way of exposing services like
Databases, message queues, stores, etc. The applications that are running on DEAs use
these exposed services so it becomes more portable.
Environment Variables:
This is the last portion that makes the applications on Cloud Foundry portable. The
credentials for services are provided to the application runtimes in a standard way. This is
done by injecting a JSON document as an environment variable which contains the list of
bound services and their credentials to the applications. The developers can write the code
to leverage this by using a framework such as Spring 3.1 profiles or by parsing JSON
themselves. And then this application can be run on any instance of Cloud Foundry without
any modification done in the code.
Architecture:
Here we will discuss the various components of Cloud Foundry that helps to remove the OS
barrier from the Platform so that the applications can run in multiple environments without
any dependencies on the underlying hardware or Operating System.
fig.xxix
Client layer or Plugins:

The client layer comprises of many tolls, plugins or command line capabilities. The users can
use VMC which is VMware Command line and can be installed very easily through a gem.
The various development environments like Visual studio or Eclipse also have plugins, add-
ons and tools to provide the visual interactions which are helpful in development,
maintenance and other functionalities.
Core of Cloud Foundry: Controller

The Cloud Foundry architecture centers on the controller which forms the core of it. There
can be multiple controllers in it that can also horizontally scale based on the requirements.
The controller is comprised of many tools within the controller like rescuer and stager that
helps in deployment of the applications to specific areas of the infrastructure. There is a
component known as NATS which helps in horizontal scaling, self-healing functionality of the
controller. It continuously monitors the health of the controller and other components and
helps in self-healing. The controller utilizes Async Rails 3 with ruby and fibers plus event
machine.
The controller also implements the external APIs that is used by tools for loading/unloading
applications and for controlling their environment. The controller create bundles which is
used by app execution engines to run an application. The controller relies on external input
to perform operations like scaling the number of app execution engines that each
application uses.
The Cloud Controller is the brains of the Cloud Foundry solution that helps in orchestration.
It stores information about users, services, provisioned apps, and also maintains the state of
all the individual components. The CLI commands that is issued by any local machine talks to
the cloud controller. The applications like Rails application is designed in such a way that it
runs on top of Thin Web Server and uses Ruby fibers and Async DB drivers.
Application execution engine:

The application execution engine is also the part of the core that runs the users application.
This component is responsible for launching and managing the Rails, java and app servers of
other languages. This app engine can be launched on any suitable configured server and it
connects to other servers in the PaaS and runs the users applications. This app execution
engine can be configured to run as a single or multiple app per server.
The request router:

This component acts as the front door to the PaaS. This is responsible for accepting all the
HTTP requests for all the applications that are running on PaaS and then routes them to the
best application execution engine. The application execution engine then runs the
appropriate application code. The request router can be considered as the load balancer
which has the information of which application is running where. The request router needs
to know the hostnames that is used by each application and it keeps track of the app
execution engine that is available for each app. These routers are generally not scaled
frequently because the DNS entries point to them. So to keep the DNS stable, the App
engines are not scaled. It is a good practice to keep a regular load balancer that point to
routers; this makes it easy to scale without DNS changes.
Set of different services:

There are a set of services that provide data storage and other functions that the
applications use. These are actually device drivers and each of these services consists to two
parts, one is application implementing the service itself like MySQl, MongoDB, redis, etc,
and the other is the Cloud Foundry management layer which helps in establishing the
connections between the applications and the service itself. For example, in case of MySQL,
there is a separate logical database that is created for each application by this layer and this
layer manages the credentials like the access to a database by the application.
Health Manager: This component is responsible for keeping the applications alive and
ensures that if any application execution engine crashes, there is a proper restart of the
application on some other app execution engine.
The message bus helps in tieing each of the parts and helps all the servers to find each
other.
All the daemons like Ruby daemons have a familiar pattern which in loading, queries the
Cloud Controller and also exposes the local HTTP endpoint of the application which provides
health and information about the status of the application and the node. These services
communicate with each other using another Ruby powered service known as NATS.
Whenever a daemon boots, it connects tot eh NATS message bus and subsribes its services
like provisioning and heartbeat signals. The Cloud Foundry architecture allows the addition
and removal of new routers, DEA agents, service controllers and other components. All of
these services can be run on a single machine also or across a large cluster of servers within
a data center.
Cloud Foundry intialy was a service to deploy java Spring applications on Amazon Web
Services. Then it developed to an open source, multi language and multi framework PaaS
offering. It supprts mutliple programming languages like Java, Spring, Ruby, Scala and
Node.js. It can be run on local mahcine as well as varous types of cloud.
Cloud Foundry provide three dimenstions to the platform. They are discusses as follows:
Framework choice: Cloud Foundry supports Rails and Sinatra for Ruby, Spring framework for
Java, Node.js and JVM languages for Groovy, Grails and Scala along with Microsoft .NET
framework.
Application choice: There is a firm requirement for developing applications that can be run
on cloud like NoSQL databases, realtional databases, a relaible messaging system.Cloud
Foundry provides RabbitMQ for messaging , Mongo DB, Redis for NoSQL and PostgreSQL
and MySQL for relational databases.
Deployment choice: The applications that are built on Cloud Foundry can be deployed on
any system ranging from notebook PCs to Micro Cloud Foundry which is a complete version
of Cloud Foundry which runs in a virtual machine on the users system. It can also be
deployed on a private cloud or a public cloud like AWS.
Auto-Scaling Cloud Foundry:

Auto-scaling is a very important feature of running applications on cloud which helps in
processing the user requests fast and also takes care of the failover situations. Cloud
Foundry supports auto-scaling at two levels. The first lies at the infrastucture level, i.e. the
application execution engine, request routers, controllers and services. The second is at the
individual applciation level, this is expressed in the terms of number of application execution
engines that are running the applications, how many of the application execution engine are
accepting request from the end users and have applications loaded. Lets discuss this two
levels individually.
The first level of scaling i.e. sclaing at the infrastructure level is done by monitoring the laod
on variosu servers and then the operator launches new additional instance or terminates
the ideal one whatever depending upon the situation. It ensure that there is some number
of idle app execution engine that will accept the next application or can bear an application
that is in need of some more resources. This scaling can be done in any cloud scenarios by
creating new instances that will host the application execution engine.
The other level at which the scaling happens is the responsibility of the each applciations
owner. Cloud Foundry allows users to add external application monitoring and scaling
descision making tools and thus the users have the ability to customize their applications
scalability according to their policies.
VMware Cloud Foundry is an interesting solution for developers who want to create
applications which can be depolyed in multiple environments without changing the code of
their application. It also provides hosted service and are also available for those who want
to run their applications within their own company or datacenters i.e. in private cloud. The
only pre-requiste is to have Cloud Foundry environment set.
Cloud Foundry has the ability to provision and can run multiple platforms and frameworks
like Rails, Sinatra, Grails, node.js, etc. It can also provision and support multiple types of
supporting services like MySQL, Redis, RabbitMq. Th Cloud Foundry system is modular an
simple to extend.
iv. Google App Engine
fig.xxx
[This image is a property of google.com]
Another example of Platform as a service will be a solution provided by IT giant Google

known as Google App Engine. This service lets users to runt their web based applications on
infrastructure that is provided by Google. Google App engine provides a platform where
building applications is easy, can be maintained and can be scaled easily to ensure that the
performance of the application is maintained with increasing and decreasing number of
requests. The users just have to upload their prebuilt applications on the Google App Engine
and it is ready to serve the end users.
Google allows users to use their own domain name as well as it provides a DNS of its own
with appsot.com. The users can also define the accessibility of their applications, i.e. they
can be made public or can be restricted to be accessed by users of their own organizations.
The users can deploy their applications using Google App Engine and are charged only what
they use without any extra setup and recurring charges. Google measures the resources
(memory, storage, bandwidth, etc.) used by users applications in GB and are billed
accordingly. The users have the control over the maximum amount of resources their
applications use. This helps them to keep their applications within budget.
Google provides a free usage tier that includes 1 GB of storage, enough CPU and bandwidth
that can efficiently support any applications and can serve around 5 million page views per
month. The users just have to pay for only those resources they use above the free tier.
Features:
Google App Engine supports applications to run reliably even when there is heavy load and
can allows processing of large amount of data. Some of the features provided by Google App
Engine are:
It allows serving of dynamic web contents with full support to the common web
technologies in the market.
It gives persistent storage with querying functions along with sorting and
transactions.
It allows automatic scaling and load balancing of applications to provide
maximum uptime of the users applications.
It provides APIs for authenticating users and the users can also send emails using
the Google accounts.
The users can use the queuing service provided by Google to work outside the
scope of a web request.
The users can also schedule tasks to trigger events at a specified time and regular
intervals.
The users applications run in a secure environment and have limited access to
the underlying infrastructure and OS. The App engine distributes web requests
for the application to multiple servers and can also create or terminate instances
according to the need or the incoming traffic. The applications run in a sandbox
and this isolates the users applications to run in a secure, reliable environment
with the underlying infrastructure and OS hidden from it. The applications can
access the servers over the internet through the URL that is provided and by
email services and other servers connect to it via HTTP/HTTPS requests on
standard port numbers.
The applications are not allowed to write to the file system in any runtime
environment, but can read files that are uploaded by the applications code. For
using persistent data storage between requests, the applications must use App
Engine Data store, Memcached or other services.
The applications code must run with a web request, or a scheduled task, or a
queued task and must respond within 60 seconds otherwise it results in time
out. The request handler is not allowed to spawn a sub process or execute code
post response.
The applications can be written in several different programming languages to make it run
on Google App Engine. Users can use standard Java technologies which include java virtual
machine, java servlets or Java programming language; it also supports many other
programming languages that use a JVM-based interpreter or compiler like JavaScript or
Ruby. The App Engine also supports Python runtime environment and Go runtime
environments. The different runtime environments are built to ensure quick, secure running
of applications without any interference from other applications on the system.
Google Storage for users data:

The Google App Engine environment allows the users to store their applications specific
data in a wide range of options. They are:
App Engine Data store:

The Google App engine data store is a NoSQL schema-less data store that allows data to be
stored in the form of objects. It also provides a query engine and atomic transactions.
This service scales according to the amount of data just like a distributed web server which
grows with the amount of incoming traffic. The users have choice with two different types of
data storage which are differentiated by their availability and guarantee in consistency.
These options are:
High replication Data store (HRD): When the users opt for this type of data store, the data is
replicated across multiple Googles data centers around the world. The replication happens
using an algorithm known as Paxos algorithm. The replication of the data across multiple
data centers provide high level of availability for both operations, i.e. read and writes as
identical data is present at two locations.
Master/Slave Data Store: This option provides one data center to hold the users data as the
master copy and this master data are replicated asynchronously to all the slave data centers.
The read operations can be directed to the slave data centers whereas the write operations
are directed to the master data center. This option gives a small period of downtime in case
of data center issues, etc.
The App engine data store is object storage and doesnt provide relational database
functions. The data entities structure is provided and enforced by the applications code.
The updating of any entity in a data store occurs in a transaction which retires in a fixed
number of times if there are other processes trying to update the same entity
simultaneously. The users application is allowed to execute multiple data store operations
in one transaction. The transaction can either succeed or fail; in both cases it ensures the
data integrity. The transactions in the data store are implemented across its distributed
network by using entity groups. The transactions manipulate the entities with a single group
in which the entities are stored together providing efficient execution of transactions. The
entities are assigned to groups by the applications on their creation.
Google Cloud SQL:

Google Cloud SQL as the name suggests is a web service that allows users to create,
configure and use the relational database features in the applications along with the App
engine applications. This service is fully managed provided by Google which is maintained,
managed and administered by Google and is beneficial to users for focusing on their
applications and services.
This service provides all the capabilities of a MySQL data base so the users can easily move
their applications with data to the cloud. This allows high data portability and allows faster
time to market because users can easily and quickly use their existing database using
technologies like JDBC or DB-API in their App Engine applications. This service also provides
replication of data across multiple data center in different geographic locations to provide
high availability.
Google Cloud storage:

This is RESTful service provided by Google which allows storing and accessing of data in
Googles data centers via REST based APIs. This provides performance, scalability along with
security and sharing capabilities to the users data.
This service provides object storage with replication of users data across multiple data
centers and provides read-write data consistency. The objects stored can be as large as
terabytes and this service also allows uploads and downloads that can be resumed. It
provides domain specified bucket namespace.
This service provides OAuth 2.0 authentication which helps in easy, flexible authentication of
data access and sharing of data. It also provides group level access control.
Google App Engine Services:
There are a variety of services that are provided by Google App Engine which enables users
to perform common operations while managing their applications. These services are:
URL Fetch:
The users applications can access resources over the internet like Web Services or other
data by using App Engine URL fetch service. This service helps in retrieving resources on the
web by the use high speed infrastructure service that also retrieves web pages for all other
Google products.
Mail:
The users applications are allowed to send email messages using the App Engines mail
service, which also uses Googles infrastructure to send these email messages.
Memcache:
This is another of App Engine service that allows the users applications high performance
in-memory key value cache which can be accessed by multiple instances of the users
applications. This service is suitable for data that doesnt need to be persistent and
transactional features of the datastore, like temporary data, or copying data from datastore
to the temporary location like cache which enables high speed access.
Image Manipulation:
This service allows the users applications to manipulate images like resizing, cropping,
rotation, and flipping for images in JPEG or PNG format.
Scheduling Tasks and Tasks Queues:

Google App Engine allows applications to perform tasks that are external to responding to
web requests. These tasks can be performed on a schedule basis which the users can
configure, like daily or hourly. These scheduled tasks are also known as cron jobs which is
handled by the Cron service.
The task queuing service provided by Google App Engine is currently an experimental
feature. This service can be used by different runtime environments like Python, Java and Go
runtime.
Deployment Workflow:
The SDKs that are provided for different programming languages like Java, Python and Go
include web server application that emulates the services provided by App Engine on the
local machine. The SDKs also include all the APIs and libraries that are available on the App
Engine. The Web server also provides an emulation environment of the secure sandbox and
also includes the checks for the system resources access attempts that is disallowed in the
App Engine runtime environment. The users applications can be uploaded to the App
Engine using the tool that is provided in each SDKs after entering the username and
password of Googles account.
The users can upload the new version of their application when there is new major release
of the application and until the users switch to the new version, the old version continues to
serve the end-users.
Quotas and limits:

The users can use the App Engine for free while using it initially. The free tier usage includes
1 GB of storage and up to 5 million of page views per month. The users can enable billing
and set a maximum daily budget and allocate budget for each of the resources according to
the needs. The users will be billed for all the resources that he consumes above the free tier
limits. A user is allowed to register up to 10 applications per developer account.
The resources allocated to each of the application are within limits or quotas. This quota
is used to determine the amount of given resource the application can use during a calendar
day. The users can after some time adjust these quotas by purchasing additional resources.
The limits can be unrelated to the quotas for some features; this is done to protect the
stability of the system. For example, when there is a web request for an application, it is
supposed to issue a response within 60 seconds failing to which the process is terminated
and an error code is returned by the server. This timeout is dynamic and can be shortened
when request handler reaches its timeout frequently in order to conserve resources.
Custom Domains:
When the users create their application with Google App Engine, the applications are served
on the domain appspot.com, but the users have the ability to use custom domains along
with appspot.com. The users can also serve their applications by registering a new domain
or using an existing one with proper mapping. The applications can be served on all
subdomains in a given custom domain according to the users preference; they just need to
add a wildcard sub domain mapping.
v. Force.com
Force.com is another one of the great example of Platform as a service. This platform can be
used by developers to develop and deliver any type of business applications on cloud. It
covers all the features of cloud like On-Demand and hassle free usage of platforms. The
users neednt worry about the updating and management of the softwares they are working
on. It helps in building, sharing, and running business applications on cloud very easily and
securely over the internet. The whole platform is centered around a database which makes
it suitable to develop data centric applications. The platform as in any cloud service can be
accessed by various users at any point of time; this feature gives it the advantage for
creating collaborative applications which means that various users can share data as well as
services at any point of time. The main advantage of this feature over traditional
collaborative applications is that it can be accessed from anywhere and at any time via a thin
client unlike the former which is installed on a single system.
fig.xxxi
Technologies behind Force.com Platform

The platform is like all cloud services a multi-tenant architecture. It means that multiple
users can share the same physical server by the virtue of virtualization. Version of
application can that runs on the physical server can also be accessed by multiple users.
All the upgrades and the maintenance of the platform is managed automatically and for all
the users at once and the users can work on them hassle free. Of course the user gets rid of
expenses on the purchasing the whole stack of hardware as well as softwares and in turn get
the latest patched and pay by use platform as a service to directly start their work. The
virtualization and the multi-tenant architecture allow the applications to be of low cost
along with quick and easy deployment. The multi-tenant architecture enables to develop
components specific to the applications with affecting the working of core platform or data
that is stored by various other users using the platform.
A Metadata-Driven development model

The developers have an advantage of a metadata driven development model so that they
can make their applications more productive. Whenever an application on Force.com is
accessed by a user, the Force.com renders the apps metadata into the interface the user
experiences. Various components of the platform like tabs, forms and links, etc. (We will
discuss them later) are defined as metadata instead of defined as hard-coded in some
programming language.
This metadata-driven platform enables the application developers to develop their

applications at a much higher level of abstraction than they could have done using
programming languages like Java, C#, etc. The users get rid of worrying about the low
system details which is handled by the platform automatically. There are many advanced
features provided by the Force.com that the application developers can make use of.
The users can also easily make changes to the metadata using the interface.
Force.com also provides Metadata API to programmatically manage applications setup.

These API also help in modifying the XML files which control the users organizations
metadata. They also help in migrating the configuration changes between organizations. The
users can also create their own for managing organization and application metadata.
The metadata that are provided by the Force.com in simple words is same as defining HTML
tags when we create a web page which is then rendered by the browser whenever it is
displayed. In the same way as described by above, Force.com platform helps the user to use
metadata to build application and increase the overall productivity. Just like, we use
JavaScript or Flash to add functionality to HTML pages, the users are also allowed to use
more advanced functionality to their applications.
Web Services API

As discussed, Force.com is a metadata-driven development platform; the developers are
allowed to add much functionality to their application by the use of tools that are provided
by the Force.com platform. The users can also use the third party services to create more
customized application behaviors with the help of Web services API.
The APIs provided by Force.com platform is straightforward, powerful and an open way to
access data and capabilities of the applications that are running on the platform
programmatically. The programmers can use programming language like Java, PHP, C#, or
.NET to use and manipulate applications from any server location.
Apex
Force.com also introduced a programing language for cloud computing which is known as
Apex. The syntax of Apex is similar to Java which is most extensively used around the world.
This programing language is specially designed to help users to build business applications
that can be used to manage data and also process on Force.com platform. The language
provides a productive approach to help users to create logic and functionality so that they
just have to concentrate on the application, while Force.com handles the rest of the
management.
VisualForce
This is framework that the users need to create user interface for their applications. This is
suited for the tasks, the users, and devices the users application serves. It helps in creating
user interfaces to be built and delivered in cloud. The interfaces that are created using
VisualForce extends the standard Force.com platform and can also replace it. The
VisualForce markup is rendered into HTML; the tags can be used by designers alongside
standard HTML, javascript, Flash, or any other code which can be executed within an HTML
page on the Force.com platform. The users can also use VisualForce pages to combine data
from multiple objects of Force.com platform or can be easily used to blend data using web
services into the users applications.
SalesForce Mobile
Today people dont want to be more than a click away from data. The use of smart phones,
tablets, etc. has made this possible that users can access it on the go. Force.com allows
users to deliver their applications to mobile users. The SalesForce Mobile is also an
application in itself. The users can install it on their mobile devices and can make use of the
features of their devices. The users can use the intuitive interface which is specially designed
to be suitable on small screen of the mobile device. It also stores a small amount of data on
the device which enables the users to access the information offline as well and this data
can be synchronized when the user is online back again. The Administrators have full control
over what users can and cannot do with SalesForce Mobile. They have the capability to
specify which data is available for mobile access, they can also limit the amount of data that
the users can transfer. The SalesForce Mobile can be also be disabled if a device is lost or
stolen.
Sites
Force.com allows users to make their applications available to users who are not on
SalesForce.com. The developers can use APIs to integrate an external Web page or
application with SalesForce, or they can make use of the Sites which is a feature provided by
SalesForce.com. The Sites functionality provided by Force.com enables the developers to
build public websites that can be directly integrated with their SalesForce organization
which doesnt require the user to login. The developers are easily provided information that
is stored in their organization through the pages which match the design of companys
brand. These sites dont have any integration issue as they are also built and hosted on
Force.com. Data validation on the collected information is performed automatically as these
sites are built using VisualForce pages on the platform.
The AppExchange Directory

This feature provided by Force.com is actually a web directory. The applications that are
developed on Force.com are made available on SalesForce.com customers to browse, demo,
review, and install too. If the developers want to share their applications, they are allowed
to submit their listing on the AppExchange Directory.
Using Force.com
Using Force.com is simple enough. Lets have a look around the basic things that a
developer must know before using the application.
Tabs
Among the few elements that form the foundation of the Sales Automation application is tabs.
These tabs are used to segment the application into different parts. Each of the tab corresponds
to a type of an object, which can be an account, or contact. For example, users can click on the
Accounts tab and create a new record and also edit existing accounts, or they can also use a list
view so that can filter the lists of accounts using some criteria. This is extensively used in the
applications where the development revolves around creating tabs and defining the data and
the behaviors which support them.
Forms:
The Forms form the second key element which is displayed as a part of a tab. These forms
are key means of entering and viewing information in the system in any business
applications. These forms allow the users to view, edit any type of data that is associated
with that particular record on a tab. The users are allowed to define the information which is
to be appeared and organized in each of the form. An example of a form can be a contact
form which would be a contact form which would include fields such as first name, last
name, phone number, city, title, etc. The users can use these forms to enter information
such types of forms on Force.com platform are known as edit page and has a detailed page
which provides a read only view of that information.
Links:
The applications built on Force.com are delivered via a browser; they make use of links
extensively. These links are used to navigate to the related data. These links can be used to
traverse various pages that are related to each other and can also be extended to be used
within the application as well as out into the web.
3. Software as a Service:
Software as a service is the top layer in the pyramid structure of Cloud Services. It is the
software distribution layer which provides applications to the customers that are hosted by
vendors or any service providers. These softwares are made available to the customers over
the internet and the customers are charged on pay-by-use model.
The users get rid of the upfront cost of purchasing the expensive license of applications and
use them on demand basis with fairly low cost. This might the key reason why SaaS is
becoming a predominant delivery model in the market as the technologies below the SaaS
layer which supports the Web Services and Service oriented architecture are maturing. And
as the new development approaches like Ajax and broadband services are becoming
popular and are available to users, this help the users to access the services from around the
world.
There exist two possible delivery models for SaaS. They are:
Hosted application model: This model is similar to the application service provider where a
software provider hosts the software to be available to the customers over the internet.
Software on demand: In this model the provider gives the customers access to the
softwares over the network to a single copy of the software which is specifically designed for
SaaS distribution.
The SaaS offering can be categorized into two which differs in the type of applications that
are provided as the offering, they are:
Business Applications:
These are those applications that represent softwares which helps to accomplish the
business oriented tasks quickly and accurately. The global leaders in providing these kinds of
softwares as a service are Microsoft, Accenture, Electronic Data Systems, American
Software, etc. These providers are those with a large installed base or a very specific niche.
These markets are controlled by software giant SAP AG who are large in financial resources,
have name recognition and have a client base. Whereas for companies like Microsoft a lot of
time and resource will be required to re-train employees for using the new system when
they have been using the other version for years now.
Development Tools:
This is another broad based industry that provides development tools which consists of
software primarily used for building products and management. The companies in this
industry are generally focused towards a single product type. The major providers include
Cadence Design systems, Logility, etc.
Lets take a look at major SaaS providers in the market today whose solutions are widely
used today by customers:
Major SaaS providers

i. Microsoft office 365
Microsoft office 365 is the name which is given to the Microsoft services available on Cloud
which can be used by the users on demand basis instead of purchasing the expensive license
of each of the tools. The services that are included under this hood are Exchange,
Sharepoint, Office, Web Apps and Lync. These are various enterprise level applications which
are used by any kind of businesses. Below are some of the features that are provided by
Office 365.
Features:
The users can create a shared team site where they can create data libraries, tasks
assignation, scheduling calendars are other functions that can be performed.
The users can check others availability and anyone can schedule online meetings
with others.
The users can connect to each other instantly by instant messaging, email or video
calls.
The users are allowed to keep their files and user accounts secure, spam free emails
and scams.
One can create documents, worksheets, presentations, notebooks, etc, and can
share them.
The users have the advantage that they always work with the current updates of
Office 365 software as the updating and patching is performed by Microsoft at the
backend.
The users can create blogs and wikis for their teams as well as for public viewing.
Microsoft guarantees 99.9% uptime SLA which means that Office 365 will be
available 99.9 times out of 100 over the internet.
The Microsoft data centers are certified with SAS70 and ISO 27001.
It provides Geo-redundant, reliability and disaster recovery.
Microsoft also takes care of the failover scenarios by using multiple data centers
across many different geographic locations.
It is facilitated by up-to-date antivirus and anti-spam protection.
Easy to use interface with all the tools available to choose from.
Various tools that the users can use :

Microsoft Outlook: Users can use the Microsoft outlook to create, view, organize and send
email messages. It can be used add appointments to the calendar, create notes and adding
tasks.
Microsoft Sharepoint: It helps in organizing and managing a team effort, it provides a

platform for users to build their own site. It can be used to create document libraries,
communicate with team members, public facing site to share information with the world.
Microsoft Lync: This service can be used by users to communicate in real time, using instant
messaging and online meetings. It can also be used by users to share their desktops to other
over the internet.
Office Web Apps: This service provides users with the facility to use office 2010 files online,
these files can easily be accessed by users over the internet via any thin client like PC,
mobile phones, etc. It also provides the users to download, deploy and license Office 2010
professional plus with the pay-as-you-go option, that means the users can download the
software on their system and sync it with Office 365.
Office 365 is Microsoft services that the users can access over the internet. Microsoft
provides various services that users of different domains can use like business applications,
simple office applications, etc. The users are charged on the usage basis and he gets rid of
the upfront cost of purchasing the license of all these products, maintenance of each of the
services, and other overheads. The users always get to use the updated version of all the
services without even worrying about the patching and updating tasks.
The users need to create their own account before using the wonders behind the Office 365.
Users can log on to the Office 365 home page to sign up and create their account based for
any of the model like small business version or the enterprise version.
Small Business version: The small business model is suitable for organization which provides
service like creating a team site, sharing documents, working with emails and instant
messaging, hosting online meetings, and many more features. This includes access to the
Web Apps up to 50 user accounts, mailbox of size 25 GB, support for mobile devices, instant
messaging, presence technology, audio and video Online SharePoint.
Enterprise version: This version is designed for larger organizations with a lot of
sophisticated data and advance achieving features and capabilities like active directory is
also available. It includes almost all the features of Small business and over that it provides
Office Professional Desktop softwares. There are two different subscription options that are
available, they are: Business productivity Online Suite (BPOs) where customers have to pay
10$ per months and the other option is Office Professional Plus 2010 where customers have
to pay 24$ per months.
Office 365 for Education: This option provides students with the access to Office 365 and
includes services like office Web Apps, instant messaging, audio, video and team sites
including the latest version of Microsoft Live@edu which is an online community of many
schools. It costs 10$ for educators and is free for students.
The name selected by the user for the office 365 account is appended with
onmicrosoft.com. The URL of the public facing website that is part of the users account
also has sharepoint.com appended to it. The users should make note of these URLs which
will be used to access their resources later.
The various options that are available on the users home page are:
Start here: This feature is used by users to configure the settings that are involved in setting
up Office 365 for daily usage. This includes setting up their systems and some more basics of
Office 365. New users can be added to the account by the administrators.
Outlook: This is the shortcut for the Outlook Web application, which is the web version of
Office265.
Lync: This options contains he settings that is required to send instant messages, setting up
online meetings, share audio, video clips, etc.
Team Site: This is used by users to create a team site with Microsoft SharePoint. This can be
used by users to access their team site, for viewing documents that the users are sharing
with others or creating a new one like Document, Excel Worksheets, PowerPoint
presentation, etc.
Website: This contains the list of the links to the public website which can be easily modified
by users to share contents, pictures, etc. with the public.
Advantages of having applications on Cloud:

The cloud services main features include the users dont have to bother about the
underlying systems and they use the softwares and other services only when they need and
dont have to worry about what happens to them afterwards. It is like when the users need
resources to use applications, store data; enable teams to connect are presented to him as a
service. These services are then used by some other users somewhere else. This enables all
sized business to access their programs and services over the internet through a web based
service model. So, whenever the users need different services that are required to keep
their business or team running efficiently and effectively, the cloud is the best option.
Users have different options to set up their system in order to use Office 365. They can
download and install Lync, Microsoft Office, Outlook, etc. and start using them. They can
even set up their Mobile devices to use the features with POP and IMAP Email.
One of the main challenges of using online services is managing a team and having the team
work together. The team should be able to share a common space, share files, gather for
meetings, or throw new ideas, discuss over them, schedule meetings, etc. This capability is
provided to the users by using SharePoint Online. The users have the option to customize
their team site which includes adding all types of tools, web applications, media, etc. The
users can create document libraries to which all the team members have access to. The
members of the team can access the files they need in these libraries, add pages and project
related contents.
Security & Reliability:

Security in Cloud is the most important feature that has to be taken care failing to which the
businesss resources on the cloud are at risk. Microsoft provides security at multiple layers in
their service Office 365. It provides a 128-bit SSL/TSL encryption which ensures that all the
files will be unreadable by external sources other than the users that they belong to. In
Addition to this antivirus signatures are also continuously updated and it also provide
Forefront Online Protection for Exchange protects and filtering which helps in providing
security to the users contents.
Reliability is another important feature that is required for the organizations to work on
cloud. The services must be reliable so that the users can trust them. Office 365 provides
guaranteed access to Web Services for users to work reliably. Microsoft provides many data
centers all around the world to store users data, so even if one of the data center is down,
the users data is available from the other data centers. The data centers are isolated from
each other and have different network configurations, so are independent to failure of one
another.
Administering Tasks:
The administrator (s), there can be more than one in an organization, have various
capabilities like
Creating and managing the account.

Add new users and manage them in the site with proper permissions to each of
them.
Assign and administer different licenses the teammates in the organization use.
Helps the group to achieve their goal.
Designs, updates, and managed the SharePoint team site in the account.
They make sure that the team members have the required permissions to logon and
access Office 365 services.
They make sure that the services like email are working properly.
They provide access to the resources on the team site to the members.
They set up the Lync online which allows file transfer with audio and video
transmission and grants those features to the group.
They know how to get help, create service requests and continuously perform
system checks.
ii. SalesForce:
fig.xxxii
SalesForce is one of the best examples of Software as a service which is built over the
platform Force.com. The Services are provided to the user over the internet on the Go and
they get billed for the usage. There are a variety of services that are provided by
SalesForce.com like Sales cloud, Service cloud, Data Cloud, Collaboration cloud and custom
cloud.
Lets have a closer look into each of these services that SaleForce.com has to offer and how
it is provided and how can the users take maximum benefit from these services.
Force.com:
Force.com is actually a Platform as a Service model upon which various other services
provided by SalesForce.com are built upon. It is used by developers to build multi-tenant
applications that can be hosted in SalesForces servers and provided as a service. SalesForce
calls this service as Development as a service which is actually a synonym to platform as a
service.
Features that are provided by Force.com as a platform are:
Multi-tenant Kernel: Force.com provides a multi-tenant platform where multiple

users can host their businesses on same physical host. All the business that uses the
application dont have their own copy but all the business share a single copy and
have the capability to customize them according to their specific needs.
ISO 27001 certified security: Enterprise level security is the most important factor an
enterprise looks for. Force.com is hugely trusted by more than 100,000+ customers
as it provides ISO 27001 certified security practices which ensure that the resources
of an enterprise is safe and secure in the cloud.
Reliability: The applications that run on Force.com are backed with multiple data
centers with replication and backup which provide rescue in failover scenarios and
these data centers also provide disaster recovery facilities.
Scalability: Force.com provides scalability capabilities to the applications of
organizations. This allows the applications to scale automatically to the number of
instances which provides proper response to the incoming traffic without any delay
as per the need.
Real-time query optimizer: Force.com provides the functionality for fast access to
users data by using real time query optimizer.
Real-time transparent system status and updates: Force.com provides real-time

system performance checks to ensure that all the systems are working properly. This
also ensures availability of an application, security and real time updates of the OS
and the softwares that are provided as a service to the users.
Sales Cloud:
This is one of the services that is provided by SalesForce.com that is built upon the
Force.com platform. The application is provided as a software as a service to the customers
who can access them over the internet via any thin client that has internet connectivity. This
service enables representatives, managers and executives capabilities to easily connect to
their customers and helps them to get rid of the administrative tasks so that they can focus
on the sales part and maximize output. It helps them to close more number of deals faster,
connect with social customers easily and have the sales statistics and visibility. Lets have a
look at everything Sales Cloud has to offer.
Chatter: The Sales Cloud uses another tool known as Chatter which helps the users to
connect with the expertise of the entire organization, who can help them to find an answer
to any question and provide right information, helps in getting approvals of various kinds,
and thus enabling them to close more number of deals.
This service also provide regular updates on opportunities tracking opportunity

related data, contacts, accounts, milestones, decision makers, customer
communications and documents or any other information that may be helpful to the
company's sales process, are provided to the real time feeds from various sources.
The sales person or some other managers can communicate and collaborate with
customers in private groups which can be helpful in sharing information, answering
the customers questions, or finalizing deals.
This tool provides full customer profile along with account history to the sales
representatives. The users can manage the spending/expenses or performance of
their marketing campaigns on various channels, all through a single portal.
The tool also helps in automatic email reminders on schedule basis to various teams
so that they are up to date with the latest information.
The chatter tool allows people from various to create their profiles with detailed
information which can be useful to other people. It also allows people to follow
other people in the community and create a network which may be helpful in closing
deals.
People in the community can share their status updates with other people so that
their colleagues are up to date on everyones activity. Everyone is allowed to ask
questions and share their insights via these updates and also keep everyone looped
in. This helps in reducing the number of email messages.
People can share documents which are always available to them instantly and can be
searched quickly.
The platform on which chatter is built, Force.com provides a sophisticated sharing
model. The users are allowed to access the information only what they are allowed
to and do not have access to other information. The users are allowed to keep some
information private.
Integration with Mobile devices:

Sales Cloud provides access to its services through a mobile or any handheld devices, it
allows the user to integrate their mobile devices with Sales Cloud which can be used to log
calls, respond to leads, vital information accessibility which can be opportunities and
dashboards from anywhere at any time. This also makes team collaboration easy.
Data.com:
This service allows having endless supply of high-quality leads and accounting data inside
the sales applications. This provides many high-quality business contacts and profiles of
various companies in depth. This information can be used to reach decision makers rapidly
and also helps in planning.
Mail and calendars:

Sales Cloud can be easily integrated with any application like the mail servers the user is
using. For example if a user is using Outlook, Gmail, etc. these applications can easily be
integrated with Sales Cloud which helps them to get everything they need through a single
portal.
Approvals and Workflows: Sales Cloud provides a greater control over the routine
activities, helps in eliminating redundant tasks, automating approvals, etc. this gives the
business a big boost and helps in smooth and process oriented functioning of the
organization.
Partners: Sales Cloud allows users to collaborate with their partners easily as if they were
collaborating with their internal teams. Sales representatives can share sales information,
follow joint process with their partners. This helps in forming and managing a loyal
community of partners.
App Exchange: This is another service from Sales Cloud which provides a market place for
worlds leading cloud computing applications which also includes sales applications, social
enterprise tools, etc. which can be easily deployed in Sales Cloud. Many activities like
specialized sales compensation, contract management, data cleansing, and project
management can be controlled using tools.
Live Agent: This helps the users to respond to customers quickly and easily and also incurs
low cost overhead to the users.
Contact Center: This service helps the customers have a productive contact center and
happy service agents. The customers can create and track incoming cases from the sources
like traditional as well as social channels, allows them to see the customers profiles, helps in
automatically re-routing and escalation of cases along with integration with office
applications easily.
Service Cloud:
This service from SalesForce provides a call center like view which helps the companies to
build and track cases that are coming in from every channel. It then routes and escalates
accordingly. This gives the customers the ability to track their cases all around the day and
also includes a social networking plug-in which allows the customers to join in the
conversation related to their company in social networking sites. There are many other
services like analytic tools, email services, IMs, searching, etc. which are provided by Service
Cloud. This service delights the customers with faster, more responsive services through
every channel starting from contract center to customer social networks. The various
components of Service Cloud also includes Chatter, Social communities, Knowledge, contact
center, live agent, customer portal, Analytics, emailing, searching, contract and
entitlements, etc.
The other services provided by SalesForce include AppForce which provides a platform for
building applications or softwares easily and rapidly, SiteForce which allows users to build
websites easily that are amazing and with great ease, ISVForce which helps users to
distribute their applications and grow their businesses and Database.com which helps the
users to use Cloud based Database which is automatically trusted, secure and provides easy
management.
iii. WorkDay
fig.xxxiii
[This image is a property of Workday]
Workday is another great example of Software as a Service model of the pyramid structure
of the Cloud Service model. It provides on demand service for financial management and
human capital management. This service allows customers to use a web based ERP systems,
without any upfront cost for hardware which helps the customers to get rid of the extra
headache of buying, installing, maintenance like upgrading and patching like activities.
WorkDay provide a multi-tenancy environment which enables multiple customers to share
one physical instance with proper isolation configured at various levels which eliminates the
risk of security and access of users data by somebody else. As in the case of SaaS, the
provider handles all the version updates, same is the case with WorkDay. This is
advantageous over the customers who are using on-premise ERP software, because they are
forces to update and upgrade their HR and their financial management software which
includes tracking the release from the vendor, but in case of SaaS, all these services are
handled by the service provider without letting the customer know about these things.
WorkDay ensures that the customers are always served with the latest version of human
capital management, payroll and financial services, etc.
WorkDay technology:
Lets have a look at the Workdays technology which is hidden from the users who are using
the service. Workday ensures that are completely isolated from technology and they use the
service uninterruptedly in any case with all-time availability of their data. The architecture of
Workday provides on demand service delivery model which enables the delivery of services
faster and smoother. The technology foundation of Workday incorporates objects which
represent the real world entities like employees, benefits, budgets, organizations, etc. These
objects are utilized by Workday SaaS services and are loaded and maintained in-memory
that provides speed and efficiency of usage of the services. All the services are provided by
the use of web services which are standard for inter-system communication and help to
interact with other applications.
Workday is built using many components that help in solving problems and provides
efficient running of traditional ERP systems. Workday also facilitates growing, changing and
keeps on evolving along with users need.
Ease of usage:
Workday utilizes methods and concepts which is derived from many popular consumer
websites. Workday has a interactive user interface which helps the users at all levels to use it
with ease and helps them to access information, participate in business processes and also
collaborate across the enterprise. The users can access all the services from a user interface
which is web based and can be accessed from anywhere over the internet via any thin client
like PC, mobile, etc. It provides real time business insight to users when they need them.
Workday enables users to access vital information like business processes and information
over the internet via a mobile device on the go.
Analytics:
Workday enables user to access the actionable business analytics throughout the
application with no additional cost or complexity. This prevents the customers to invest in
expensive business intelligence systems. The users can easily take advantages of data that is
presented in reports and analytics which is simple to build, deploy and usage.
This service enables customers to have this insight from anywhere at any time over
the internet. It also provides alerts or notifications to the mobile devices.
The users can now make decisions that are fact based and benefit from the multi-
dimensional analysis and detailed information at transaction level.
The customers are no longer dependent on IT support.
And of course the customers get rid of upfront cost of infrastructure at their end.
Business Process Framework:

Workday helps the customers to get rid of expensive customization or workflow applications
by solving the traditional enterprise level applications. Workday provides a business process
framework that helps users to establish and leverage business processes to meet their
organizations requirements.
The users can configure, manage, and optimize business processes so that
consistency is maintained and it also addresses need of various organizations.
It helps users to deploy processes quickly by using catalog based pre-defined
business processes.
The users can easily reconfigure the business processes according to the change in
their needs.
Workday helps to establish control, visibility and compliance by providing monitoring
and audit of all the processes and transactions.
Global and local management:

Workday has a very adaptive and global framework which enables users to manage their
resources globally as well as locally.
The users can track their entire workforce present in the unified, global record
system.
The users can analyze and compare various parameters like revenues, costs, growth,
performance, and location efficiency, cost efficiency, and team efficiency.
The users can implement global business process which accommodates local
requirements.
The users are allowed to model their organizations, entities, locations, as well as cost
centers.
Workday support multi-entity, multiple languages, multiple currency and multiple
book needs for users global business and workforce.
Security:
Workday provides security for enterprises data and applications so that they can take
the advantage of SaaS. The data centers of Workday are ensures safeguarding of critical
data of organizations by applying proper network and application level security.
The users data is protected using world class security at various levels like physical,
network, application and data.
It facilitates users to give permissions to different users in their organization at
different levels.
3rd Party integration:

Workday enables their customers to integrate their application with Workday integration
cloud. The users do not need any on-premise middleware to do so.
The users can save time and expenses to build, deploy and manage integration to
and from Workday.
Workday enables both IT and business to integrate with tools to build and configure
custom integrations.
The users can leverage the ecosystem with packaged integration with connectors
that are built, supported and maintained by Workday.
Workday provides users with various kinds of applications that they can use. These
solutions are Human capital management, payroll solutions, Project and Work
management, spend management, financial management and integration cloud. The
users can use these complex enterprise applications which are not so easy to maintain
on-premise. The Cloud Based solution enables the customers to use these services on
demand basis and they get billed on pay-by-use basis.
iv. Google Apps:

Google provides SaaS solution under the name of Google Apps. There are a lot of services
that Google provides for users that can be used for business improvements and with very
ease. The solutions consist of three categories which are known as Google Apps free tier,
Google Apps for business and Google Apps for education, Google Apps for Government.
Google Apps- free tier:

These solutions are available to use for anyone with internet connectivity and is absolutely
free of cost. The number of users of the solutions under this category is restricted by 10 per
organization in the free tier and is unlimited in case of Apps for business.
The solutions are:
Gmail: This is an emailing service which is provided by Google for users. The users can send
mails, organize them, etc.
Google Calender: This service from Google allows users to organize their schedule and share
their events with their friends.
Google Sites: This service is used by users to create websites as well as groups wikis which
can be hosted with Googles domain or any other custom domain.
Google Docs: Google docs are a service where users can upload their online documents,
presentations and spreadsheets or create them. This is all provided free of cost. This service
is similar to the Microsoft Office solutions but they are available online and the users can
access them over the internet via any thin client. The docs can be shared with other users
and it also allows for permission granting to various users.
Google Apps for business:

This includes all the services from free tier and that too with no limit along with some other
services like:
Google App Market place:

The Google App Market place is a store front which fulfills users business needs. This
provides solutions like CRM, Accounting, or project management applications, the users can
discover, purchase and deploy these web based applications that can be integrated with
Google Apps.
The market place provides single sign-on that provides data synching capabilities with the
Apps and gadgets which is used to further extend the functionalities. Google provides a
single user interface which can be used by users and applications to manage them under a
single directory.
Archiving and e-discovery tools for Google Apps:

This service is used by organizations to prevent compliance and e-discovery risks. This is
achieved using email archiving and search tools which allow the organizations to respond
rapidly. These archiving and search tools can be purchased by users as an add-on product for
Google Apps.
The archiving and e-discovery which is powered by Postini, gives the users the ability to do
the following:
It allows the administrators to perform search operations on a centralized email

archive.
The users can set email retention periods (10 years for max) which comply with
corporate policies.
It helps in preserving emails.
The users can easily identify and export email messages which can be used for
further analysis and review.
The archiving and discovery tools are provided to users as an add-on for Google Apps.
Google Cloud Connect for Microsoft Office:

This service helps users to have multi-person collaborative editing to the Microsoft office
experience. The users are allowed to share, backup and edit the Microsoft Word,
PowerPoint and Excel documents with their co-workers at the same time.
The users can are allowed to edit the documents with no locking.
The URL that is assigned to each Microsoft file shares Google Docs URLs.
It provides revision history for MS office files that are stored in Google Docs.
The users can also edit these documents offline using the smart synchronizing which
synchronized the offline changes.
The users are not required to perform any upgrade or SharePoint deployment.
Chrome books for Business:

This provides a better user experience along with increased security and is easy to manage
and low cost than traditional computers.
The Chromebooks has the power to boot in about 8 seconds and is also optimized to
run web based applications such as Gmail and Google Docs. The users can use these
functionalities very quickly and it has full support for latest web standards.
The users cannot run user-installed software applications, because these may be
sources of viruses and malware. There are many security advancements like data
encryption, application sandboxing, Guest Mode and verified booting.
The Chromebooks are designed to receive automatic updates directly from Google
which includes the latest features which eliminates the requirement of any
additional software.
The administrators can easily push policies, extensions and applications using the
web bases console to a device or group of devices. The applications are safe even if
the device is lost or stolen because the data resides in the cloud.
By the use of Chromebooks the users can save a lot of expenses on hardware,
software licensing and expensive maintenance which includes manual upgrading of
software updates and data back-ups.
Google Apps for Government:

This service provides reliable, secure online applications on the go from anywhere. Google
Apps helps in reducing costs with their web based office applications which empower the
employees of the organizations to perform more functions and pay less. The services that
are included in this category are:
Gmail for government agency: It provides 25 GB storage, 99.9 % uptime SLA, with
enhanced security for email messages and can be integrated with MS outlook very
easily.
Google Calendar: It provides management of agendas, scheduling and share the
online calendars with others and also provides calendar synchronization with mobile
calendars.
Google Docs: The documents, spreadsheets and presentations are included in this
service which can be collaborated in real time without attachments.
Google Sites: It allows users to build secure, coding free web pages which can be
used for intranets and provides team managed sites.
Video Sharing: This service allows secure video sharing which is like the users own
private Youtube. This can be used by agencies to support training programs.
Google Apps provide series of benefits to users for using the services rather than individual
applications on their premises. Some of the benefits are highlighted as follows:
The web based messaging and the applications provided by Google doesnt require
any types of hardware or software with very minimum administration which helps
the users to save a lot of time and cost.
The Google Apps provides large amount of storage, each of the employee is given 25
GB of email storage to keep important messages and they can search them using
built-in Google search. The use of Gmail removes the overhead of management of
mail boxes and saves time which can be utilized in production.
There are several options for the users to access their information from anywhere
and anytime via any thin client over the internet. Google provides access via devices
like Blackberry, iPhone, Windows Mobile, Android free of cost.
Google provides 99.9% reliability guarantee which is made possible by replication, so
that the employees do not have to worry about the downtime. There is synchronous
replication for users data and activities in components like Gmail, Google Calendar,
Google Sites and Google Docs to the multiple data centers which ensures recovery
on failure.
The employees can be confident that their data is safe and secure with Google. The
information security team of Google and network security ensures that the users
data is safe and secure. Users also get many customizable security features with
Google Apps like custom spam, mail filtering tools (inbound and outbound), enforced
SSL connection for HTTPs access, etc.
The administrators are allowed to customize the Google Apps so that the
organization meets its technical, branding and business requirements. There are
various integration options which enable the users to connect Google Apps to their
existing IT infrastructure.
Google provides 24/7 customer support by phone for critical issues, email support
and self-service online support.
Security:
Google strictly believes in security first. Google has very strong networks of distributed
datacenters around the world and treats the data and intellectual property protection
on these servers at the top priority. It uses extensive resources which are dedicated for
maintaining the data security. There is a separate dedicated security team which ensures
proper security of the users resources. The security practices like controls, processes
and policies which is used for data protection in Googles system is ISAE 3402 type II
audit clear. Google maintains 99.9% SLA which is subject to terms and conditions which
allows the users to be confident that the employees will have access only to the data
which they are entitled to or have permissions for.
Google uses a two-step verification which add an additional layer of protection to users
Google Apps. But this feature is available only for Google Apps for business, education,
and Government but will soon be included in free version.
Google provides a secure and reliable platform which helps in protecting the users data.
Latest technologies and best practices in the industry is used for data center
management, along with network application and data integrity.
Google servers are custom built with only the software components that are necessary
and has a homogeneous architecture which enables rapid updating and changes in
configuration across the entire network. The users data is replicated in multiple data
centers which ensure data redundancy and high availability.
Google provides full support to users to deploy their applications on cloud. There are
development videos on their site which contains proper example of how customers have
deployed their applications as well as provides Webinar sessions which trains people to
deploy their applications on cloud. The organizations can easily manage their activities
by best practices suggested by change management best practices provided by Google.
Google provides different set of services provided for different size of business like Small
businesses (of up to 50 users), Medium businesses (of up to 400 users) as well as
Enterprise Businesses (for more than 400 users and complex IT environments.)

First Steps Cloud Computing

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

First Steps Cloud Computing

Uploaded by

Copyright:

Available Formats

Cloud Computing

Navin Sabharwal has over 13 years of experience in Information Technology and

He has led consulting engagements in the Cloud Computing Space and is an

Amazon Web Services, AWS, Amazon EC2, EC2, Amazon Elastic

VMware is a registered trademark or trademark of VMware, Inc. in the

Microsoft is a registered trademark of Microsoft Corporation in the

Salesforce, developerforce, visualforce, Dreamforce, Sforce, ISVForce,

Heroku described in this book is owned by SalesForce.com.

Google AppEngine, Google Apps is a registered trademark of Google Inc.

WorkDay is a registered trademark of WorkDay Incl.

II. History of virtualization:

Easier Manageability: Lesser hardware because of virtualization means easier manageability

Isolation & Security: Virtualization enables running multiple machines on a physical

Recovery: Virtualization also helps in restoring to a point in time snapshot or backup in a

IV. Types of virtualization:

Full virtualization is virtualization or simulation of complete hardware to allow virtual

Some to the benefits of software virtualization are:

It provides the capability to execute multiple versions of the same application.

The ability to test new applications in an isolated environment.

Coopvirt (cooperative virtualization) is somewhat a hybrid type of virtualization. By hybrid, it

Network virtualization is a methodology which enables the combination of available

Virtualization combines or divides computing resources to one or many compute

Discussed below are some of the common virtualization technologies.

Lets look at each of the components individually.

i. VMware ESX server:

ii. Storage- Data Store, VMFS & RDM:

One or more distributed port groups can be assigned to a vDistributed switch.

vMotion is an advanced technology which enables Applications to provide high

Lets discuss the step by step process on how vMotion works:

This enables the administrators to do an automatic movement of virtual machines and

VMware Distributed resource scheduling utilizes vMotion to distribute the virtual

vi. VMware High Availability:

VMware HA helps in simple alternative to clustering of application. It helps in quick

64-bit native hypervisor-based virtualization.

Hyper-V runs on a computer which must have some standard configurations.

Under Hyper-V hypervisor virtualization, there is a program which is known as a

ii. Hyper-V architecture:

Windows Hypervisor Infrastructure library: The parent partition hosting Windows

Virtualization service providers: It resides in the parent partition and it provides

APIC (Application programmable interrupt controller): The interrupts outputs are

iii. Hyper-V Dynamic memory configuration:

iv. Windows Live Migration:

The live migration takes place in a series of stages:

v. Hyper-V network configurations

The various types of virtual networks are:

The VLAN can be configured in two modes:

vi. Disk and Storage:

i. Xen Server architecture:

The above discussed components are depicted in the figure below:

ii. Host and Resource Pools:

The host must be licensed.

Virtual disk images:

VDIs are of four basic types. They are:

iv. XenServer Networking:

VI. Virtualize your environment:

Virtualization can be regarded as part of an overall trend in IT enterprise that includes

Before migrating applications from a physical environment to a virtual environment, there

Physical to virtual migration:

The Pre Migration exercise should create an inventory of the following:

VII. Managing a virtualized environment:

Along the other important factors to be considered while establishing a virtualize

Change in the role and the work of people.

Administration and the skills required

Setting up a virtual environment, an organization must consider storage virtualization.