BSc CSIT (TU) Science Cloud Computing (BSc CSIT, CSC465) Question Paper 2080 Nepal

Virtualization

Virtualization is the technology of creating a software-based (virtual) representation of physical computing resources such as servers, storage, networks and operating systems. A thin software layer called the hypervisor abstracts the underlying hardware and allows multiple isolated virtual machines (VMs), each with its own OS, to run simultaneously on a single physical machine.

Role of Virtualization in Cloud Computing

Virtualization is the foundation of cloud computing. Its key roles are:

• Resource pooling & multi-tenancy – a single physical server is partitioned into many VMs that serve different tenants.
• Elasticity / on-demand provisioning – VMs can be created, resized and destroyed in minutes, enabling rapid scaling.
• Server consolidation & higher utilization – many workloads run on fewer physical machines, cutting cost and power.
• Isolation & security – each VM is sandboxed, so a fault or breach in one tenant does not affect others.
• Hardware independence & portability – VMs (and snapshots) can be migrated (even live migration) between hosts for load balancing, maintenance and fault tolerance.

Types of Virtualization

Working of a Hypervisor

A hypervisor (Virtual Machine Monitor, VMM) allocates CPU, memory, storage and I/O to each VM and schedules them on the physical hardware.

Type 1 – Bare-metal hypervisor

• Runs directly on the physical hardware, with no host OS underneath.
• VMs sit on top of the hypervisor.
• High performance, strong isolation, low overhead — used in data centers.
• Examples: VMware ESXi, Microsoft Hyper-V, Xen, KVM.

Type 2 – Hosted hypervisor

• Runs as an application on top of a host operating system.
• The host OS mediates hardware access, adding overhead.
• Easy to install, suited to development/testing on desktops.
• Examples: Oracle VirtualBox, VMware Workstation/Player.

(Diagram in words: Type 1 → Hardware → Hypervisor → VMs. Type 2 → Hardware → Host OS → Hypervisor → VMs.)

Conclusion: Virtualization, delivered through Type 1 and Type 2 hypervisors, lets cloud providers pool, isolate and elastically allocate hardware, making cost-effective multi-tenant cloud services possible.

MapReduce Programming Model

MapReduce is a programming model (introduced by Google) for processing very large datasets in parallel across a cluster of commodity machines. Computation is expressed as two user-defined functions:

1. Map(key, value) → emits a set of intermediate (key, value) pairs.
2. Reduce(key, list-of-values) → aggregates all values for the same key into the final output.

Between the two phases the framework performs an automatic shuffle and sort, grouping all intermediate values by key.

Example: Word Count

Input: "the cat sat the mat"

Map:    (the,1) (cat,1) (sat,1) (the,1) (mat,1)
Shuffle/Sort: the -> [1,1], cat -> [1], sat -> [1], mat -> [1]
Reduce: (the,2) (cat,1) (sat,1) (mat,1)

The map tasks run in parallel on different data blocks; reduce tasks then combine results. The framework handles parallelization, data distribution, scheduling and fault tolerance transparently.

Hadoop Architecture

Apache Hadoop is an open-source framework that implements MapReduce and distributed storage for big data. Its core components are:

• HDFS – distributed storage layer.
• YARN (Yet Another Resource Negotiator) – cluster resource manager and job scheduler (ResourceManager + NodeManagers).
• MapReduce engine – the distributed processing layer.
• Hadoop Common – shared libraries/utilities.

Hadoop uses a master–slave architecture and moves computation to the data (data locality) to minimize network traffic.

Hadoop Distributed File System (HDFS)

HDFS stores huge files reliably across many nodes. Key elements:

• NameNode (master): stores metadata — the file-system namespace, directory tree and block-to-DataNode mapping. (A Secondary/Standby NameNode helps with checkpoints/HA.)
• DataNodes (slaves): store the actual data blocks (default 128 MB) and serve read/write requests.
• Block replication: each block is replicated (default factor 3) across different DataNodes/racks for fault tolerance.
• Write-once, read-many model; optimized for streaming access and large files, not low-latency random writes.
• Rack awareness & heartbeats: DataNodes send heartbeats; if one fails, the NameNode re-replicates its blocks from surviving replicas.

(Flow in words: Client → NameNode for metadata → reads/writes blocks directly from/to DataNodes; MapReduce tasks run on the DataNode that holds the relevant block.)

Conclusion: MapReduce provides a simple parallel programming abstraction, while Hadoop (HDFS + YARN + MapReduce) supplies fault-tolerant distributed storage and processing, making it a standard platform for big-data analytics in the cloud.

Security Issues and Challenges in Cloud Computing

Because data and applications are hosted on shared, third-party infrastructure accessed over the internet, the cloud introduces several security challenges:

• Loss of control / multi-tenancy: customers share hardware; weak isolation can lead to data leakage between tenants.
• Data breaches and data loss: sensitive data stored remotely is a target for attackers; accidental deletion or provider failure can cause loss.
• Insecure interfaces/APIs: poorly secured management APIs can be exploited.
• Account/credential hijacking and insider threats (malicious provider staff).
• Compliance, data location and legal jurisdiction (e.g., GDPR, data residency).
• DDoS attacks, vendor lock-in, and lack of transparency/auditability.

Data Security

Protecting data across its three states:

• Data at rest: stored data is protected with encryption (AES-256), secure key management, and access controls.
• Data in transit: protected using TLS/SSL/HTTPS and VPNs.
• Data in use: protected via isolation, tokenization, and emerging confidential-computing techniques.
• Additional measures: backups, replication, secure deletion, and data classification.

Identity and Access Management (IAM)

IAM ensures that only authorized users/services access cloud resources. Key mechanisms:

• Authentication – verifying identity (passwords, multi-factor authentication (MFA), biometrics).
• Authorization – Role-Based Access Control (RBAC) and the principle of least privilege.
• Single Sign-On (SSO) and federated identity (SAML, OAuth 2.0, OpenID Connect).
• Auditing/logging of access for accountability.

Techniques to Ensure Confidentiality and Integrity

• Confidentiality: symmetric/asymmetric encryption, key management (KMS/HSM), tokenization, access control and network isolation.
• Integrity: cryptographic hashing (SHA-256), Message Authentication Codes (HMAC), digital signatures, and checksums to detect tampering; versioning and replication to recover correct data.
• Supporting controls: firewalls, intrusion detection/prevention (IDS/IPS), security monitoring, and the shared-responsibility model dividing duties between provider and customer.

Conclusion: Cloud security requires a layered (defense-in-depth) approach combining encryption, strong IAM, integrity checks and continuous monitoring under a clear shared-responsibility model.

Elasticity is the ability of a cloud system to automatically provision and de-provision resources in real time to match the current workload, scaling out when demand rises and in when it falls, so the customer pays only for what is used.

Difference from scalability:

In short, scalability is the capability to grow, while elasticity is how dynamically and automatically resources are matched to demand at any moment.

Challenges in Migrating an Application to the Cloud

• Application compatibility / re-architecting: legacy/monolithic apps may need refactoring (re-platform or re-architect) to run on cloud services.
• Data migration: moving large data volumes is time-consuming and risky (downtime, integrity, bandwidth limits).
• Security and compliance: ensuring data protection, encryption and meeting regulations (data residency, GDPR) in the new environment.
• Downtime and business continuity: minimizing service interruption during cutover.
• Vendor lock-in: dependence on provider-specific APIs/services makes future migration hard.
• Cost estimation: predicting and controlling the pay-as-you-go cost can be difficult.
• Performance & latency changes, and integration with remaining on-premise systems.
• Skills gap: staff may lack cloud expertise.

Migration strategies (6 R's): Rehost (lift-and-shift), Replatform, Refactor, Repurchase, Retire, Retain.

Cloud Storage

Cloud storage is a service model in which data is stored on remote servers maintained by a cloud provider and accessed over the internet on demand, offering scalability, durability (via replication) and pay-per-use pricing without the user managing physical hardware.

Block Storage

• Data is stored in fixed-size blocks, each with an address but no metadata; the OS manages a file system on top.
• Offers high performance and low latency; behaves like a raw disk/volume attached to a VM.
• Best for databases, transactional systems and boot volumes. Example: Amazon EBS.

File Storage

• Data stored as files in a hierarchical directory structure (folders/paths) and accessed via protocols like NFS/SMB.
• Easy shared access for multiple clients.
• Best for shared file systems, home directories, content repositories. Example: Amazon EFS, Azure Files.

Object Storage

• Data stored as objects (data + rich metadata + unique ID) in a flat namespace, accessed via HTTP/REST APIs.
• Highly scalable and durable; not ideal for frequent in-place edits.
• Best for unstructured data, backups, media, big-data and archives. Example: Amazon S3.

Google App Engine (GAE) — a PaaS Offering

Google App Engine is a Platform-as-a-Service (PaaS) from Google Cloud that lets developers build and deploy web applications on Google's infrastructure without managing servers, OS or networking.

Key features:

• Fully managed platform: Google handles provisioning, patching, load balancing and scaling.
• Automatic scaling: instances are added/removed based on traffic; scales to zero when idle.
• Language support: Python, Java, Go, Node.js, PHP, Ruby (Standard and Flexible environments).
• Built-in services: integration with Datastore/Cloud SQL, Memcache, Cloud Storage, Task Queues and authentication.
• Pay-as-you-go billing based on instance hours/resources consumed.
• Sandbox environment (Standard) for security and portability.

Advantages: fast development and deployment, no infrastructure management, high availability, and elastic auto-scaling.

Limitation: less low-level control and potential vendor lock-in to Google APIs.

Architecture of a Cloud Data Center

A cloud data center is a large facility housing the compute, storage and networking infrastructure that delivers cloud services. Its layered architecture includes:

• Compute layer: racks of physical servers running hypervisors that host thousands of VMs/containers; resources are pooled and virtualized.
• Storage layer: large arrays providing block, file and object storage, with replication and RAID for durability (often SAN/NAS/distributed storage).
• Network layer: high-speed switches/routers arranged in topologies such as leaf-spine / fat-tree, virtual networks (SDN), load balancers and firewalls connecting servers internally and to the internet.
• Virtualization & management layer: hypervisors, orchestration and a cloud management platform (e.g., OpenStack) for provisioning, scheduling, monitoring and billing.
• Physical/support infrastructure: redundant power (UPS, generators), cooling (HVAC), and physical security to ensure high availability.

Design goals: scalability, fault tolerance (redundancy at every layer), energy efficiency and multi-tenancy. Multiple data centers across regions/availability zones provide geographic redundancy and disaster recovery.

(Diagram in words: Internet → Load balancers/firewalls → Leaf-spine network → Server racks (hypervisors/VMs) + Storage arrays, all sitting on power & cooling infrastructure, controlled by a management/orchestration layer.)

Multi-Tenancy

Multi-tenancy is an architecture in which a single instance of a software application (and its infrastructure) serves multiple customers (tenants), with each tenant's data and configuration logically isolated while sharing the same physical resources. It is a core principle of the SaaS model that enables resource pooling and cost efficiency.

Implementation Approaches

1. Separate databases – each tenant has its own DB (strong isolation, higher cost).
2. Shared database, separate schemas – one DB, a schema per tenant (balance of isolation and cost).
3. Shared database, shared schema – all tenants share tables, rows tagged with a TenantID (most efficient, hardest to isolate).

Implementation Issues in SaaS

• Data isolation & security: preventing one tenant from accessing another's data (correct TenantID filtering, encryption).
• Customization: supporting per-tenant configuration/UI without code forks.
• Performance & noisy-neighbor: one heavy tenant can degrade others; needs throttling/QoS.
• Scalability & resource allocation: fairly sharing CPU, memory and storage.
• Maintenance & upgrades: a single shared codebase upgrade affects all tenants simultaneously.
• Backup/recovery and SLA management per tenant.

Pay-As-You-Go Billing and Metering

Pay-as-you-go (PAYG) is a cloud pricing model in which customers are charged only for the resources they actually consume, with no upfront capital cost — converting CapEx into OpEx. This is enabled by the cloud's measured-service characteristic.

Metering is the continuous measurement and recording of resource usage by the provider. Typical metered units include:

• Compute: VM/instance-hours or per-second usage, vCPU and RAM.
• Storage: GB-months stored.
• Network: GB of data transferred (egress).
• Other: number of API requests, function invocations, IOPS.

How it works: monitoring agents meter each resource → usage data is aggregated per account → a rating/billing engine applies per-unit prices → the customer receives a usage-based bill.

Benefits: cost efficiency, no over-provisioning, low entry barrier, and transparency. Challenge: unpredictable/variable bills if usage is not monitored. (Providers also offer reserved/spot pricing as alternatives.)

Achieving Fault Tolerance and High Availability

Fault tolerance is the ability of a system to keep operating correctly even when components fail; high availability (HA) means the service stays accessible with minimal downtime (e.g., 99.99% uptime). They are achieved through:

• Redundancy: duplicate servers, storage, network paths and power so no single point of failure exists.
• Replication: copying data across multiple nodes and regions/availability zones so a failure does not lose data.
• Load balancing: distributing traffic across healthy instances and rerouting away from failed ones.
• Failover & clustering: automatic switch to a standby instance when the primary fails.
• Auto-scaling and health monitoring/heartbeats: detect failures and automatically replace unhealthy instances.
• Geographic distribution (multi-AZ / multi-region): survives data-center-level disasters; supports disaster recovery (backup, RTO/RPO).
• Checkpointing and live VM migration to move workloads off failing hosts.

Result: combining redundancy, replication, load balancing and automatic failover allows the cloud to mask failures and meet SLA uptime guarantees.

Containerization

Containerization is a lightweight, OS-level virtualization technique that packages an application together with its code, libraries, dependencies and configuration into a single portable unit called a container. Containers share the host operating system kernel but run in isolated user spaces, ensuring "build once, run anywhere" consistency. Docker is the most popular container engine and Kubernetes orchestrates containers at scale.

Containers vs Virtual Machines

Summary: Containers are faster, smaller and more portable because they share the host kernel, making them ideal for microservices and CI/CD; VMs provide stronger isolation and can run different operating systems but with greater overhead.