Amazon such as web servers, databases, CRM, etc.
Amazon Web Services (AWS)AWS is an Amazon company that provides it’s subscribers a full fledged virtual clusters of computers, available all the time, through the Internet. It provides on demand cloud computing platforms to individuals, companies and others. AWS’s version of virtual computers have most of the attributes of a real computer including hardware (CPU & GPU for processing, RAM memory, hard-disk/SSD storage), a choice of operating systems, networking, and pre-loaded application software such as web servers, databases, CRM, etc. In this experiment I created a free account with AWS Educate which allows me to use some of the AWS’s services for free. I created a linux and Windows instance (similar to virtual machine) using the AWS and performed a ssh to the linux instance and performed rdp to Windows instance. Creating the instance required me to follow certain steps but there are numerous guides available to perform these steps and also Amazon has a really good documentation to help with the steps.ObservationsPersonally, I feel AWS dashboard to be a bit messy and sometimes it’s hard to locate the options but that’s mostly because AWS has lots of different services for almost each and every task related to the server. There were few important points while setting up the instance – 1. Always download the key pair unless you are using the same key pair instance which is already present in your pc because amazon doesn’t give you option to download it again. It happened with me although I have worked with AWS before but I forgot to download the key pair instance and had to create a new instance. It’s technically easier to create a new instance if your instance didn’t contain anything rather than trying to generate the key pair instance. 2. Always terminate your instance if you not using it otherwise you will get charged, (though I observed from my previous experience with AWS that if you are an individual user using the free tier and you unknowingly cross your limit because you forgot to terminate your instance, customer care might be able to refund your money if they really think your case to be genuine).DockerDocker is a software technology that provides containers for automating the deployment of applications which can run on cloud or on premises. Containers are an abstraction at the app layer that packages code and dependencies together. Multiple containers can run on the same machine and share the OS kernel with other containers, each running as isolated processes in user space. Containers and virtual machines have similar resource isolation and allocation benefits, but function differently because containers virtualize the operating system instead of hardware. Containers are more portable and efficient. In this experiment I installed Docker on an existing Ubuntu system. I downloaded the Docker from the Docker repository and started the service. Once service was started I checked to make sure it was running by checking the status of Docker. I tried few basic commands on docker like info or just docker to learn other subcommands available to docker. I searched for the Ubuntu image and downloaded it to my system using the pull subcommand. After an image had downloaded, I ran a container using the downloaded image with the run subcommand. I ran several different commands like updating the package repository or installing nodejs. After playing with it for a while I saved the changes to a new Docker image instance using the commit command which is similar to git commit command. I didn’t push my changes to the docker repository but rather just saved it on my system. This was some of the basic functions which I tried with Docker in this experiment but there is still a whole lot to learn.ObservationsIn some ways docker reminded me of wireshark as running the docker command by default required root privileges or it had to be run by a user in the docker group, which was automatically created during the installation of Docker. It gives error if we try to run the docker command without prefixing it with sudo or without being in the docker group. Docker containers are run from Docker images. It pulls these images from the Docker Hub, a Docker registry managed by Docker, the company behind the Docker project. Anybody can build and host their Docker images on Docker Hub, so most applications and Linux distributions will run Docker containers with images that are hosted on Docker Hub. Once inside the container I had root privileges by default.SalesforceSalesforce is a cloud computing company. It has developed its own Customer Relationship Management (CRM) product which is used by different organizations around the world. Apex is used to customize applications such as Salesforce Automation and Service & Support, or build new custom applications based on particular business needs. Force.com Apex Code is a strongly-typed programming language that executes on the Force.com platform. Apex is used to add business logic to applications, to write database triggers, and to program controllers in the user interface layer. It has a tight integration with the database and query language, good web services support, and includes features such as futures and governors for execution in a multi-tenant environment. In this experiment I first created a Salesforce developer account and tried a simple program using Apex. I won’t go into the details of the program in this report but the language was very much similar to JAVA. The application was not deployed as deploying requires a paid account and I was using a free developer’s account.Learning and ObservationsApex is mostly used only in developing the salesforce applications. It provides the functionality to use SOAP API to perform data manipulation operations such as update(), delete() and insert(). Salesforce prebuilt applications provide powerful CRM functionality and in addition, Salesforce also provides the ability to customize the prebuilt applications to fit the organization. For example, an organization may have complex business processes that are unsupported by the existing CRM functionality. When this is the case, the Force.com platform includes a number of ways for advanced administrators and developers to implement custom functionality.Graduate WorkSecuring cloud based Virtual Machines:Generally, cloud based systems are considered to be more secure than the traditional IT systems which as a matter of fact is correct due to following reasons 1. Cloud providers have to complete a tremendous number of security certifications and compliance requirements, such as ISO 27001, ISO 27018, CSA STAR, FedRAMP, amongst others, to win enterprise customers as not organization will want to blindly store their data on someone else’s system which might not even be secure. 2. Cloud is built using the latest technology stack and is expected to be far less vulnerable to legacy vulnerabilities. As the cloud provider may be managing thousands of customer environments, they likely have a far larger security budget as the cost can be spread across their thousands of customers. This allows for the hiring of security specialist teams and the deployment of advanced technologies, which would not be possible for most on-premise providers. So with these reasons is it still necessary to provide additional security to cloud based VMs. It turns out that although the cloud might be secure but your VM might not be, as Microsoft points out different points to make your VM on cloud secure. 1. Update your VM’s with latest security patches as cloud provider can’t update your VMs for you. 2. Only the authorized users should have access to your VM’s. No matter how secure the cloud be but it can’t protect you against someone who has correct permissions to access your data. 3. If your VM runs critical applications then have a cloned VM ready at all times for the worst case scenario. 4. Encrypt your data stored in VMs, so even if your VM is compromised your data might still be secure. This point makes perfect sense from the perspective that an attacker has to pass through two security checkpoints to gain access to your company’s information, first get past the cloud based security to get access to your data and then decrypt your data to gain access to the information which might just be too costly for an attacker also to perform.Infrastructure as a Service (IaaS):Infrastructure as a Service provides the fundamental building block of computing resources, generally including multiple users on a single piece of hardware. The resources are available as a service and can be created, reconfigured, resized, and removed instantly as and when required by any task. The cost varies based on infrastructure selection.The IaaS model is a flexible cloud computing model and gives the organizations a complete control over their infrastructure. The model is suitable for startups and small companies, which do not wish to spend energy and time in procuring hardware and software.Software as a Service (SaaS): The most popular and known form of cloud service for consumers is Software as a Service. The SaaS products include Salesforce, Google Apps, NetFlix, WebEx, GotoMeeting, and DropBox. The software is hosted on a remote server and accessed through a web browser over internet. The people using the applications need not to worry about hardware, software updates, and patches. The applications are managed from a central location and any integration with the third-party application is done through APIs. SaaS model suits those applications where the demand rises in a great amount. For example, during tax filing season, taxation software has high demand. Similarly, hotel reservations see a high demand during holiday season. The SaaS model is for short term projects that require collaboration and for start-up businesses, which quickly want to launch the e-commerce sites without worrying about software updates.