1644 assignment 2 (pass)

1644 assignment 2 (pass) 1644 assignment 2 (pass) 1644 assignment 2 (pass) 1644 assignment 2 (pass) 1644 assignment 2 (pass) 1644 assignment 2 (pass) 1644 assignment 2 (pass) 1644 assignment 2 (pass) 1644 assignment 2 (pass) 1644 assignment 2 (pass) 1644 assignment 2 (pass) 1644 assignment 2 (pass) 1644 assignment 2 (pass) 1644 assignment 2 (pass) 1644 assignment 2 (pass) 1644 assignment 2 (pass) 1644 assignment 2 (pass) 1644 assignment 2 (pass) 1644 assignment 2 (pass) 1644 assignment 2 (pass) FPT Greenwich

ASSIGNMENT 2 BRIEFQualification BTEC Level 5 HND Diploma in Computing

Unit number Unit 9: Cloud Computing

Assignment title Cloud’s implementation and security threats

Academic Year 2021 – 2022

Unit Tutor Ho Hai Van

IV name and date Submission Format:

Format: A presentation in Power Point format(about 25 pages)

A security manual(in PDF format)

You must use font Calibri size 12, set number of the pages and use multiple line spacing at

1.3 Margins must be: left: 1.25 cm; right: 1 cm; top: 1 cm and bottom: 1 cm The reference

follows Harvard referencing system

Submission Students are compulsory to submit the assignment in due date and in a way requested by

the Tutors The form of submission will be a soft copy posted on http://cms.greenwich.edu.vn/

Note: The Assignment must be your own work, and not copied by or from another student or from

books etc If you use ideas, quotes or data (such as diagrams) from books, journals or other sources, you must reference your sources, using the Harvard style Make sure that you know how to reference properly,

and that understand the guidelines on plagiarism If you do not, you definitely get failed

Unit Learning Outcomes:

LO3 Develop Cloud Computing solutions using service provider’s frameworks and open source tools LO4 Analyse the technical challenges for cloud applications and assess their risks

Assignment Brief and Guidance:

Task 1

Base on the scenario and architecture design in the first assignment provide the implementation Because

of the time constraint of the assignment, the implementation just provides some demo functions of the scenario The implementation includes two parts:

• A presentation (about 25 pages) o which shows which functions are implemented

o How to config, deploy and test the services (Web application, Database Server, Source code management, server logs ) using service provider’s frameworks and open source tools

o Images for the built functions

• The source code for the built application

Task 2

The table of contents in your security manual (which should be 500–700 words) should be as follows:

1 Analysis of the most common problems of a cloud computing platform

2 Possible solutions to these problems

3 Analysis of the most common security issues in the cloud environment

4 Discussion on how to overcome these issues

5 Summary

Learning Outcomes and Assessment Criteria

Pass Merit Distinction

LO3 Develop Cloud Computing solutions using service provider’s

frameworks and open source tools

D2 Critically discuss how one can

P5 Configure a Cloud Computing

platform with a cloud service

provider’s framework.

P6 Implement a cloud platform

using open source tools.

M3 Discuss the issues and constraints

one can face during the development process.

overcome these issues and constraints.

LO4 Analyse the technical challenges for cloud applications and assess

their risks

P7 Analyse the most common

problems which arise in a Cloud

Computing platform and discuss

appropriate solutions to these

problems.

P8 Assess the most common

security issues in cloud

environments.

M4 Discuss how to overcome these

security issues when building a secure cloud platform.

D3 Critically discuss how an

organisation should protect their data when they migrate to a cloud solution.

❒ Summative Feedback: ❒ Resubmission Feedback:

Signature & Date:

Table of Contents

LO3 Develop Cloud Computing solutions using service provider’s frameworks and open source tools 7

P5 Configure a Cloud Computing platform with a cloud service provider’s framework & P6 Implement a cloud platform using open source tools 7 P7 Analyse the most common problems which arise in a Cloud Computing platform and discuss appropriate solutions to these problems 22

Problems with CSP (cloud service provider) 22

The lack of experience, distrust of transition and abilities Shortfall 22

In cloud billing, the lack of automation 23

Inability to comply with legal obligations 24

Inability to deliver and maintain a cloud solution under one umbrella with various brands 25

Inability to stand out from the rivalry 26

Problems with CSC (cloud service consumer) 26

Downtime 26

Security and privacy 27

Attack threat 28

Broad oversight and versatility 28

Lock-in Vendor 28

Concerns on expense 29

The lack of experience, distrust of transition and abilities Shortfall 29

The lack of cloud billing automation 30

Power to comply with regulatory enforcement 31

Inability to deliver and maintain a cloud solution under one umbrella with various brands 31

Inability to stand out from the rivalry 31

Problems with CSC (cloud service consumer) 32

Best practices for minimizing planned downtime in a cloud environment 32

Good practices for reducing risks to protection and privacy 33

Best practices to reduce cloud attacks to benefit you 33

P8 Assess the most common security issues in cloud environments 35

Multiple cloud computing service models 35

Some opportunities and hurdles when implementing cloud services 36

Advantages: 36

Obstacles: 37

Classification in cloud computing: 37

Safety, Cloud Storage Data Safety: 38

Development trend of cloud computing: 40

Completion 41

References 42

LO3 Develop Cloud Computing solutions using service provider’s frameworks and open source tools

P5 Configure a Cloud Computing platform with a cloud service provider’s framework

& P6 Implement a cloud platform using open source tools.

- First I’m create a folder to contain my project

I’m using git to get my code that I was post on github

After downloaded, all files are ready to go

- I was downloaded composer code for the project It will helping me to control my code

Copy env.example to a new env file that I will configuring env file to connect Heroku Cloud Services

Create a key for my database That key is require for configuring on Heroku

I created an app on heroku

Create Heroku database, define that postgres is database add-on for my application

Configure env file, using information form Heroku database

Add Variables for Configuration Database

Create database

Define that code is merged

I was commit it so nothing happened

I push code to Heroku services

I used command “open heroku” to open my project on heroku, you can see that my app crashed because Database is not configure yet

The last variable is “DB_CONNECTION” “pgsql” helping Heroku know that my app run on postgresql database

I reset it and now it runing

My app available in: https://morning-cove-15678.herokuapp.com/

P7 Analyse the most common problems which arise in a Cloud Computing platform and discuss appropriate solutions to these problems

Problems with CSP (cloud service provider)

The lack of experience, distrust of transition and abilities Shortfall

There are also internal processes and workflows involved with a cloud sector

Everything so many suppliers of services get their minds around They have

They know that they have immense infrastructure at their hands in the cloud, but not everyone knows what to sell or how to

advertise and sell a cloud service Because of this, they are grappling with problems such as is there any automated cloud-based technology available that lets organizations simplify their distribution processes or what is the best marketing automation platform for small and medium-sized companies?

In other examples, they do not have the requisite workforce skills or the staff are unable to adjust to the techno-commercial

mentality that any cloud organization requires Some still struggle with automation They don't understand how their overheads are raised by manual operations

In cloud billing, the lack of automation

Cloud infrastructure is a subscription model, allowing its consumers the option to scale services up or down, ensuring that CSPs need

to charge their end consumers on a pay-per-use basis There are also different ways to purchase on-demand, prepaid, dedicated space, and corporate arrangements for cloud services every month, and this trend is apparently going to intensify over time

The price of the cloud is very complicated, because unlike the billing process used in the conventional buy-sell model, it's billing Often, pricing models for SaaS, IaaS or PaaS differ greatly The need for an integrated invoicing tool for CSPs has spawned this

uncertainty There are, however, many third-party tools currently on the market to support service providers, but finding the best one can be challenging

Inability to comply with legal obligations

The Cloud is a thriving business, no wonder Cloud applications are now in demand with benefits such as scalability, accessibility, and convenience, and demand will certainly spiral in the future This has and would contribute to accelerated migration of and analysis

of more sensitive data It is also the sole duty of the CSP to safeguard consumer records

Security is also regarded as the shared responsibility of both the cloud for several occasions

The provider and the consumer The management of servers, infrastructure and networking is definitely the responsibility of the cloud service, but security is our responsibility

The user is definitely responsible for software , operating systems, identity and access control, and network traffic security So, cloud service, providers need to focus as feverishly on their security requirements as they are working to improve their technical capabilities

The blurred lines find it difficult to solve security concerns and issues in cloud computing, but identifying role-based user control and granting permissions at the ground level will definitely benefit both sides

Inability to deliver and maintain a cloud solution under one umbrella with various brands

This is one of the greatest problems of cloud computing The client now is an a deal in the driver's seat They are seeking to step away from yesterday's architecture to move to quickly configurable structures that are the solution to the problems they face in industry Customers are still searching for such CSPs who will provide them with a completely application-aware 'business-ready' IT service management cloud network and help them clear a stable road to sustained innovation Ironically, while an advantage, it is another obstacle for CSPs to develop the ability to construct and deliver the sort of multi-cloud services that their clients want

Today, CSPs still fall short of effectively combining multiple cloud technologies from different vendors and offering bundled solutions according to the needs of customers

Inability to stand out from the rivalry

There are numerous cloud applications available today in the cloud industry , providing consumers simple choices while creating a challenge for a cloud hosting provider

In this crowd, provider to distinguish and stand out CSPs need to present their goods in a special way, to market them, with the competition getting fierce

As per the figures below, the total amount of years a consumer spends with the main supplier is 3.2 So, you need to create a

longterm value-based relationship with the customer to keep the customer

Problems with CSC (cloud service consumer)

Security and privacy

Although cloud service providers adopt the latest security practices and industry certifications, the storage of data and essential external service files

It still brings up risks for suppliers Security and privacy, particularly when it comes to handling confidential data, must be discussed

in any discourse concerning data We do not ignore what happened at Code Space and the hacking of their AWS EC2 console,

leading to the deletion of data and the company's eventual shutdown Their dependency on cloud-based remote computing meant taking on the risks of outsourcing it all

Of necessity, maintaining and safeguarding the underlying hardware architecture of a deployment is required for every cloud service provider Your duties, though, lie in the area of user access control, and it is up to you to consider all the risk scenarios carefully

While recent credit card data attacks and user login passwords are still fresh on the public's minds, measures have been taken to ensure data protection The General Data Protection Rule (GDPR), which was recently implemented in the European Union to allow consumers greater power of their data, is one such example Nevertheless, you always have to be mindful of your tasks and obey best standards

Attack threat

Any part is online in cloud computing, which shows potential vulnerabilities From time to time, even the strongest teams experience extreme threats and data violations Since cloud infrastructure is designed as a public utility, before you learn to walk, it's simple to run After all, before issuing you an account, no one at a cloud provider tests your administration skills: all it takes to get started is normally a legitimate credit card

Broad oversight and versatility

As the service provider fully controls, operates and tracks the cloud assets, it passes limited power to the user Cloud users can find that they have less control over the functioning and execution of services within a cloud-hosted infrastructure to varying degrees (depending on the individual service) End-user licensing deal by a cloud provider

(EULA) and management policies can place limitations to what their implementations may do for clients Customers maintain

ownership of their software, records, and facilities, but their backend infrastructure may not have the same degree of control

Lock-in Vendor

A further potential downside in cloud storage is vendor lock-in Fast switching between cloud providers is a service that has not matured entirely yet, and it can be difficult for companies to move their services from one provider to another Differences between

provider systems will cause problems in switching from one cloud platform to another, which may be equal to added costs and nuances of setup Gaps or compromises made during migration may also expose the data to additional flaws in security and privacy

Concerns on expense

It can be viewed as costly to implement cloud solutions on a small scale only for short-term initiatives In terms of IT cost savings, however, the most critical cloud computing advantage is More simplicity and lower hardware costs can be offered by pay-as-you-go cloud providers, but the average price tag could end up being higher than you anticipated If you are confident of what would fit well for you, playing with a range of offerings is a smart idea Cost calculators made available by providers such as Amazon Web Services and the Google Cloud Portal can also be included

Possible answers to those questions

Problems with CSP (cloud service provider)

The lack of experience, distrust of transition and abilities Shortfall

Recognize the different interests, expectations and desires of all workers and take an educated approach to the transition of

employees' mindsets Build a

Appropriate self-planning as well as team transformation-discuss whether the transition is