Proposed Architectures For A Hybrid Cloud: Amazon Web Services (AWS)

Overview of Amazon Web Services (AWS)

Discuss about the Cloud Amazon Web Services.

Amazon Web Services (AWS). offers a broad set of global compute, storage, database, analytics, application, and deployment services that help organizations move faster, lower IT costs, and scale applications. Amazon Web Services (AWS) is provided by Amazon and provides a mix of infrastructure as a service (IaaS), platform as a service (PaaS) and packaged software as a service (SaaS) offerings.

AWS services include:

• Amazon Elastic Computer Cloud (EC2)
• Amazon Simple Storage Service (Amazon S3)
• Amazon CloudFront
• Amazon Relational Database Service (Amazon RDS)
• Amazon SimpleDB
• Amazon Simple Notification Service (Amazon SNS)
• Amazon Simple Queue Service (Amazon SQS)
• Amazon Virtual Private Cloud (Amazon VPC)

Compute

Instances are virtual servers found in an Amazon Elastic Compute Cloud (EC2) that assist to increase the capacity for computing. There are different instances with different sizes and capacity suited for a specific type of work and applications. These jobs include those that utilize a lot of memory and jobs that need acceleration. AWS has an automatic tool designed for increasing or decreasing the capacity so as to maintain good performance and the health of instances

Storage

Amazon Simple Storage Service (S3) provides scalable storage which can range up to 5GB for backup of data analysis and archive data. With S3, an enterprise can reduce cost by not accessing its storage tier frequently or use of long-term cold storage which is provided by Amazon glacier

Block-level storage volumes are provided by Amazon Elastic Block Store which ensures that there EC2 instances have data they can use. Managed cloud-based file storage is provided by Amazon Elastic File System.

Databases, data management

Amazon Relational Database Service can be used to manage the database services, which include Oracle, SQL Server, PostgreSQL, MySQL and a proprietary high-performance database called Amazon Aurora. NoSQL databases are also managed and offered by AWS through Amazon DynamoDB.

Business intelligence tasks are made easier for data analysts to perform by use of a data warehouse which is offered by Amazon Redshift.

Migration, hybrid cloud

Users can move applications, databases, servers and data onto its public cloud with ease through the tools provide by AWS. AWS has a Hub used for Migration which provides monitoring of locations and management of migrations to the cloud. The EC2 Systems helps Managers and the IT guys in configuration of on-premises servers and instances once in the cloud.

Networking

An administrator has control over a virtual network by using the Amazon Virtual Private Cloud (VPC). For extra protection, AWS automatically provides new resources within a VPC.

AWS has load balancing tools which enable the admins to balance network traffic. These include Application Load Balancer and Network Load Balance. Amazon Route 53 is a domain name that routes end users to applications is also provided by AWS.

Compute Services

Development tools and application services

Developers can make use of AWS command-line tools and SDKs for deployment and management of applications and services. Management of cloud services from a windows environment can be done by AWS Tools for PowerShell and testing and simulation of lambda functions is done through the AWS Serverless Application Model. The platforms and languages that are supported by AWS SDKs include Java, PHP, Python, Node.js, Ruby, C++, Android and iOS (Gai, Journal of Network and Computer Applications,, 2016).

Management, monitoring

Managing and tracking cloud resources configuration by an administrator is made easy via AWS Configuration and AWS Configuration Rules. These tools assist the IT team avoid to configure and deploy cloud resources in an effective and efficient manner.

AWS CloudFormation templates, AWS OpsWorks and Chef can be used by an administrator to automatically configure systems and infrastructure.

Security, governance

An administrator can manage and define user access to resources through the use of AWS identity and Access management tools. These tools provide cloud security. A user directory can also be created by an admin or the admin can link the directory to an existing one such as the Active Directory by Microsoft with the Amazon Web Directory Service. Such services help the organization in establishing and managing policies even multiple accounts.

Potential security risks are also automatically assessed and detected by tools the service provider has introduced or provided. An example is the  Amazon Inspector which analyzes and finds vulnerabilities in the environment that might have an impact in security and compliance.

Artificial intelligence

Artificial intelligence model development and delivery platforms is provided by AWS. The Amazon AI suite has tools such as Polly for text to speech translation, image and facial Recognition and analysis, Amazon Lex for voice and text chatbot technology. Smart apps can also be built by developers which rely on complex algorithms and machine learning.

Mobile development

Mobile app developers are provided with a wide range of tools and services such as SDKs and libraries. These collections of tools are offered by AWS Mobile Hub.

Management of user access to mobile apps can be done through the Amazon Cognito while sending of push notifications to end users and performing of analysis on how effective these communications are, is done by Amazon Pinpoint

Messages, notifications

Communication for users and applications can be done through the AWS messaging services. Sending storing and receiving communication between components of a distributed applications are managed by a Simple Queue Service in Amazon. This ensures that all the parts of the application work as required.

Storage Services

Sending of push messages and pub-sub messages to mobile devices and services are provided by Amazon Simple Notification Service (SNS). Receiving and sending of mails is provided a simple Email Service in Amazon

1. Cost is reduced. The entire cost of the hardware will be reduced as no computing resources will be needed in the organisation(Botta, 2016).  The will be depreciation and reduction of the monthly cost making the monthly review of system usage to be very much absent (Wei, 2014). The introduction of this cloud architecture will make the hardware’s used before to fade and much ensuring that the cost that was in maintaining the data will be used in paying the services provided by the AWS.
2. Scalability is enhanced. The flexibility and extensibility of the cloud computing has made it possible in transferring files and information from private clouds to public cloud networks for the purpose of testing all the latest applications.

The speed of the Service. This resources are said to be virtual in that they adopt the objectives of the business very easily. . There has been fast expansion of the speeds of bandwidth according to requirements (Buyya, 2013).

Lastly is the integration of the information in one platform (Chen, 2015). This has helped to deliver the easy access to all traditional databases of SQL. It has further given opportunities to analysis of limited requirements of the business.

Risk report for Hybrid Cloud and Microservices

RISK	DESCRIPTION	CONTROL
Security	Adopting a Hybrid Cloud brings about the issues concerning security of the data and information	Employ cryptographic protocols which include end-users to provide authentication to prevent attacks Have a VPN which is reliable. A proxy server that is good at its job Prevention of data interception by encrypting all transmissions using SSL/TLS Unencrypted traffic can be sent using a network tunnel such as Secure Shell
Loss of control	Changes occurs in the service providers side when cloud-based tools are used, meaning IT executives may not have a say since it is the job of the CIO to manage risks within the company	Automating risk management through automated business process validation (ABPV)
Poor data redundancy	Data redundancy is important in an organization such that in the event a damage occurs the data can be found on another center. Having copies of the data reduces the reduces the risk of losing all information in the business  (Hwang, 2013).	Implementation of data redundancy across various centers
Difficult to Find an Efficient Strategy	There’s very little guidance as to how to manage cloud services with a variety of providers, and this means that businesses must find ways to create an efficient cloud management strategy on their own. Each cloud provider can have a different infrastructure, making it necessary to figure out where the environment for applications is under-provisioned or has too much going on.	Provide Cloud application tools for interoperability so that it becomes easy for the clouds to communicate with each other
Poorly defined management strategies	Everyone in the business organization must know and understand the roles that he/she must do. These roles must be clearly defined in the policies so that the network of the business can run efficiently and not be easily compromised	The cloud administrator must ensure that there are tools and policies that govern computing storing and networking over various domains. Also there should be policies that govern how access to sensitive data is done.

 

Employ data encryption techniques.

This is to avoid people from outside to eavesdrop or attack the network to gain access to the information. E.g. Man-in-the-middle attack that impersonates endpoints and make it easier for the intruder to acquire the information. This can be achieved by Shielding transmissions with cryptographic protocols that include endpoint authentication, use of protocols such as Secure Shell (SSH) to send unencrypted traffic over a network and use of a reliable proxy server and VPN

Performing adequate security risk assessments.

This helps network administrators to determine how where and when an intrusion has occurred. It helps minimize unwanted access to the company’s data. This can be achieved through frequent rigorous risk prevention and assessment activities. Malicious activities should also be scanned using IDS/IPS systems (Jula, Expert Systems with Applications, 2014).

Good data redundancy methods

Failure to implement redundancy puts the hybrid cloud and the business at risk. Distributing data across all data centers reduces the damage that occurs when one data center fails. Implementing redundancy can be accomplished. This can be done by using multiple data centers from one cloud service provider.

Provision of authentication and identity methods

How to manage security is important when trying to combine public and private clouds in a hybrid cloud. Sharing of security controls between the business and the cloud service providers is a must.  This can be achieved through monitoring and verifying all access permissions and also synchronizing security of data by using an IP Multimedia Core Network Subsystem (IMS).

Strong security management

When the business employs security measures such as authentication of all activities, identification of all personell and authorization procedures for both their private and public cloud, the security of the data is strong. Data security synchronization and use of services that integrate well with the systems the business runs such as an Identity management system, promotes efficiency and also ensuring that there is a local storage for storing sensitive data.

Database and Data Management Services

Secure the API’s

APIs when left unprotected, they are prone to malicious attacks and expose sensitive information to the unauthorized person. API keys should be encrypted and dealt in the same way as code-signing keys. To avoid security lapses always ensure to authenticate a third party before releasing the keys to them.

Protection of Intellectual Property 

Protection of Intellectual property (IP) is important in a business organization. The security protocols put in place to protect IP my contain high levels of encryption. An assessment to determine vulnerability should be carried out frequently. Since automated systems are not fully adequate to classify IP and quantify the risks involved, a manual system should be employed. Classification of IP is important so that risks involved can easily be identified.

Ensuring the Service Level Agreements are well defined

The Service Level Agreement in a business should be well defined and also clearly spell out the security measures and the permissions that an organization has over its data when moving to the cloud. The agreement also should clearly spell out the rights the service provider has over the data of the business. It should also spell out what action the customer can take if the service is disrupted or there is a breach of their data. And finally, have the SLA reviewed by an attorney before signing.

Disgruntled or malicious employees

Not all employees in a company and insiders have good intentions for the business. Some can use sensitive data to distabalize the business activities. Therefore, the Content Security Policy (CSP) managers must put in place security measures to keep track of the network activities the employees engage themselves in to avoid malicious acts. They should limit access to the organizations critical resources and assets. Protocols should also be put in place to detect and react immediately to any malicious or suspicious activities in the network.

Denial of Service attacks

Weaknesses in shared resources such as CPU, RAM, and disk space or network bandwidth can cause attackers to render a cloud service inaccessible by issuing a DoS attack. Sending bad REST or SOAP requests from the business may cause a malicious person to perform a DoS attack by exploiting the vulnerability in the cloud service API. To prevent DoS attack traffic can be redirected to a mitigated device by the use of flow analytics tools. The tool must be scalable to ensure it handles the growing traffic it analyzes and gathers. One disadvantage of using these tools is that they not productive enough in tackling volumetric (DDoS) attacks.

Migration and Hybrid Cloud

For an effective business continuity plan, an organization must put into consideration the security required to put the data into the cloud. Some of the things to consider are the minimal time taken to recover the data and e-discovery access. The cloud service providers disaster recovery and business continuity plans should be reviewed to ensure that they align with those of the organization. Also, the organization should know how their service providers plans affect the continuity of operations and access to data (Pluzhnik, In Services (SERVICES),, 2014).

Business continuity plan should address issues that arise from compliance with laws and policies of any given country or organization. If the service provider stores the data in a different country then the business should comply with the laws of that company and also the international. For example, the Data Protection Act states that information of personal nature should be kept for a said period of time but have a backup on the cloud service provider unless they have a secure deletion process when reusing backup media

The business should consider having multiple ISP to ensure their Internet connection runs smoothly without any hinderance and ensure continuity of the business. Organization data need to be accessed on a 24hr basis, loss of internet could be disastrous to the company. Access to the cloud information should be there at all times.

For the business to continue its plans of actions designed to achieve its objectives, migration plans from one service provider to another are necessary in case a service provider increases its charges or the services provided do not align with the business long term objectives. To do this the business has to make a list of potential service providers whose policies align with that of the business. Also the business has to know the costs it will incur in process of moving the data and also training of staff. In doing this makes the business to have more control in the planning process.

Remote Server Administration Tools

There are a lot of requirements that are needed when remotely accessing the server administration tools which are in a remote place (microsoft, 2017). In this case we consider the windows 8 which is incorporating the windows 8 server manager with all the tools such as the management Console (snaps in), Cmdlets of the windows PowerShell and the suppliers involved (Lu, 2015). The tools that are included are such as the Command line tools (using CMD) used for controlling all the responsibilities and features that are used for running the window server of 2012. In some cases it may occur that some restriction may be put in place such that the instruments that need utilization in overseeing all the parts and components that it runs on which may be the Window Server 2008 R2 or the Window server 2008 itself. The requirements that are used in windows Server 2008 R2 and those of Windows server 2008 will perform the same controls as those of windows 2003 though in a more advance way.

Requirements of resource management

Networking Services

The second part of the requirements is understanding what is required in the management of resources remotely (Zhang, 2014).  In this case we may require the OnCommand cloud manager in utilizing the ways we can use in delivering the core point to manage all endpoint of the data fabric (Li, 2015). All of this done is on the cloud (Leymann, 2015). This has helped in replicating the information that surrounds the multiple clouds and the storage of hybrid. The OnCommand tool may further be managed on the expense of storage in the cloud.

SLA Management.

The movement in the cloud has a number of consequences that it encounters. Most of these changes are very imperative using the standards of SLA. In the past the IT teams who were undertaking the SLA had finished the control over all assets they owned and characterizing their SLAs with regards to the abilities their domain can dominate in situations when it is closed or even in the on-premises. The open cloud presentation in that it does the separation of conventional boundaries of all data in the data center. Nevertheless, since the hybrid cloud contains the on-premises and the different off-premises assets then it may need to cover up all its abilities in the atmosphere of the Information Technology.

In this case the AWS will be run in that we specifically use the SharePoint. The reason for the deployment of AWS over the Amazon Website Service is scaling, performing and making it’s to collaborate its platform very fast (Pluzhnik, Optimal control of applications for hybrid cloud services. In Services, 2014). The advantages of SharePoint in AWS cloud in that they are used in benefiting the clients and users of such services and must be considered in all ways. The key steps that are used from migrating the email instance from its current service to AWS cloud is as follows.

1. How scalable the SharePoint over the Amazon Website Service Cloud will be when we migrate. In this case we have to ask so many questions with regards to what we want in future with regards to storage and access. This is a very key point for any migration process and If the platform will not allow expansion or extensibility then it might be hard for a company to adapt to such services as it will not meet their requirements.
2. The second and very major step is the integrity of the data. As Regional gardens is very new in using the cloud computing platforms it is their mandate to do a research in the AWS SharePoint in where they will have to consider the privacy of the stored information and much more the confidentiality when it comes to accessing of the information.
3. Prices set for running the Current SharePoint workloads on the Amazon Website Service Cloud must be understood and considered in all ways before we migrate. The idea behind understanding the price will be because used for planning a budget and making decisions that are informed and decisive in all ways. With the help of Microsoft in using all current licenses, its integration with Amazon Website Service Cloud has helped in delivering its cloud computing services

The critical issues checked include:

When we check on the above key points we can deduct some critical issues that needs to be addressed when migrating the email instance to AWS SharePoint we have to perform a checklist that check the appropriate entries in the table on the routes that we access the KMS (Kalloniatis, 2013). The metadata was done as follows.

1. Comparison of the regulations of the groups set for AWS performance with those rules used in creating windows firewalls.
2. The version must be checked so that we understand the PV Driver used (Jula, A systematic literature review. Expert Systems with Applications, 2014)
3. To check if the registry keys of the specific real times universals has already been set and if they are done in a correct manner.
4. In cases where we utilize the many different NICs we will need to implement the default settings of the gateway.
5. We have do a checking on codes and do thorough checking on the mini dump file(Gai, Journal of Network and Computer Applications, 2016). 

Conclusion

In regional gardens the major objective is the use of cloud computing where they have made a decision. Their reluctant in transferring their information and all the workloads has adversely been affected by great fear and lack of security awareness packages that they may encounter if they migrate their services to the cloud (Hu, 2016). The idea is not only moving its services to the cloud but it is also picking the solid footing in the line of the business and this is the AWS hybrid cloud. The selection of AWS hybrid cloud has been successful in many ways venturing all the goals of Regional Gardens concentrating much on the privacy and the physical demands in existence. Nevertheless, there has been reported cases where there are some extraordinary hazards limiting the framework of AWS hybrid Cloud which have permitted the access in all open cloud which is capable remotely as it seen to be uncertain. (Grewal, 2013) Finally, is that the use of hybrid cloud has enabled many associations to use the capabilities of the cloud storage that’s are very much open to suppliers without necessary offloading their entire information to any person externally. This has helped in figuring out the assignments assigned due to its adaptability hence helping to keep all imperative parts inside the Regional Gardens Firewall.

References

Botta, A. D. (2016). A survey. Future Generation Computer Systems. Integration of cloud computing and internet of things, 56, 684-700.

Buyya, R. V. (2013). Mastering cloud computing: foundations and applications programming. Newnes.

Chen, M. Z. (2015). Cloud-based wireless network: Virtualized, reconfigurable, smart wireless network to enable 5G technologies. Mobile Networks and Applications, 20(6), 704-712.

Gai, K. Q. (2016). Journal of Network and Computer Applications. Dynamic energy-aware cloudlet-based mobile cloud computing model for green computing., 59, 46-54.

Gai, K. Q. (2016). Journal of Network and Computer Applications,. Dynamic energy-aware cloudlet-based mobile cloud computing model for green computing, 59, 46-54.

Grewal, R. K. (2013). A rule-based approach for effective resource provisioning in hybrid cloud environment. New Paradigms in Internet Computing (pp. 41-57). Berlin Heidelberg.: Springer.

Hu, F. H. (2016). Survey on software-defined network and openflow:. From concept to implementation. IEEE Communications Surveys & Tutorials,, 16(4), 2181-2206.

Hwang, K. D. (2013). Distributed and cloud computing: from parallel processing to the internet of things. kaufmann: Morgan.

Jula, A. S. (2014). A systematic literature review. Expert Systems with Applications. Cloud computing service composition, 41(8), 3809-3824.

Jula, A. S. (2014). Expert Systems with Applications. Cloud computing service composition: A systematic literature review, 41(8), 3809-3824.

Kalloniatis, C. M. (2013). omputer Standards & Interfaces. owards the design of secure and privacy-oriented information systems in the cloud: Identifying the major concepts., 36(4), 759-775.

Leymann, C. F. (2015). Springer. Cloud computing patterns. doi:10, 978-3.

Li, J. L. (2015). EEE Transactions on Parallel and Distributed Systems. A hybrid cloud approach for secure authorized deduplication., 26(5), 1206-1216.

Lu, P. S. (2015). Distributed online hybrid cloud management for profit-driven multimedia cloud computing. IEEE Transactions on Multimedia, 17(8), 1297-1308.

microsoft. (2017). Remote Server Administration Tools. LA: microsoft.

Pluzhnik, E. N. (2014). In Services (SERVICES),. Optimal control of applications for hybrid cloud services, 458-461.

Pluzhnik, E. N. (2014). Optimal control of applications for hybrid cloud services. In Services. IEEE World Congress on (pp. 458-461). New York: IEEE.

Wei, L. Z. (2014). Information Sciences. Security and privacy for storage and computation in cloud computing., 258, 371-386.

Zhang, H. J. (2014). IEEE Transactions on Network and Service Management. Proactive workload management in hybrid cloud computing., 11(1), 90-100.