1. What are the various available cloud service models?

IAAS - IaaS rents hardware/infrastructure as a service to enterprises - for example, memory, computing, servers. Organisations deploy their applications on Cloud Providers infrastructure.

SAAS - SaaS offers users software as a service that resides on the cloud. Software and applications are used on a subscription basis. Cloud providers are responsible for the maintenance and upgrade of the software. Communication with Applications happens over API calls advised by the Cloud provider—for example, Google Drive.

PAAS - PaaS provides enterprises with a platform where they could deploy their code and applications. PaaS packages the platform for development and testing along with data, storage, and computing capability.

2. What are the component layers found in Cloud architecture?

Cloud Controller (CLC) - CLC sits at the topmost layer and controls virtual resources like servers, networks, and storage.

Walrus - It acts as a storage controller for users and deals with virtual machine images and user data.

Cluster Controller - It controls the execution of all the virtual machines stored on the nodes.

Storage Controller - Storage controller handles storage in block form that is dynamically attached to virtual machines

The Node Controller - It controls the functionality of the hypervisor that controls VM activities. The hypervisor is a hardware-supported emulation technique that allows multiple OS to run on the same host OS. also called virtual machine manager.

3. What are some popular use cases for cloud computing?

• Cloud storage - Storage over the internet through a web interface turned out to be a boon. With the advent of cloud storage, customers could only pay for the storage they used. From Google Drive to more privately operated proprietary applications, cloud storage is everywhere.

• Big data analytics - Big data and Cloud technologies go hand in hand and essentially make systems faster, scalable, failsafe, high-performance, and cheaper.

• Test and Development - Cloud provides ready-to-use, customised, and fully set up resources. It offers the infrastructure for the testing and development of applications and services without the downside of installing and maintaining the on-premise resources, servers, and environment.

• Disaster Recovery - Data recovery is cheaper and faster in Cloud Computing technology. Since a cloud ideally stores the data on many different servers in different locations, the probability of complete data loss reduces.

• Data Backup - Data backup is more effortless and comes with security and availability of resources. Older backup strategies had loopholes with the physical disc getting corrupted or running out of stock.

4. What is On-Demand functionality?

Cloud consists of a shared pool of resources and systems. The resources lent to the customer can be changed on customers’ demand. On-Demand design saves customer’s overhead and provides easy scalability.

5. What are the platforms that use Cloud Computing?

• Map-reduce - Map-reduce enables users to use resizable Hadoop clusters within Amazon infrastructure. Amazon’s counterpart of this is called Amazon EMR ( Elastic Map-Reduce)

• Hadoop - Hadoop allows clustering of hardware to analyse large sets of data in parallel.

• Apache Spark - Apache Spark is an open-source analytics engine that computes and processes large datasets. The processing happens in memory for the sake of high performance. It provides parallel processing and fault tolerance by cluster management. Apache Spark forms the complete big data solution along with HDFS, Yarn, Map-Reduce.

6. What are the different modes of deployment available on the Cloud?

There are four modes, namely private cloud, public cloud, and hybrid cloud, community cloud.

Public - A public cloud is free to use for anyone. E.g. AWS Cloud Connect.

Private - Private cloud is the collection of resources that private organisations use for their own needs.

Community cloud - It allows multiple organisations in a group to access services and systems to share information and computing.

Hybrid cloud - Hybrid cloud is a mix of private and public clouds that can switch from one to another, depending on the conditions and requirements.

7. What is the difference between scalability and elasticity?

Scalability is the characteristic that allows resources to be increased/decreased, corresponding to the customer’s workload. Say, for example, the traffic starts to increase on the customer side, and the current resource allocation is falling short. We would need to scale up our product and get more resources from the cloud provider on-demand in such a case.

Elasticity refers to commissioning and decommissioning large amounts of resources dynamically depending on where the traffic is high or low. Elasticity comes in handy when in a shared cloud, two customers are competing for resources. One customer can forfeit some unused resources to the other customer who is falling short and requires resources.

8.What is a cloud VPN?

Cloud VPN helps companies transition their VPN services to the cloud. There are two types of VPN services that are available - Remote Access and Site to Site connection.

A VPN appliance is installed on-site in the company network in a Site-to-Site connection. This appliance connects to a virtual VPN endpoint in the cloud. The VPN results in a tunnel between the cloud and the enterprise. This connection doesn’t need the public IP address and acts similar to a physical connection.

Remote Access enables users to connect to machines located elsewhere globally. For example - VPNaaS.

In the connection logic, users install VPN software on their machines and connect to cloud VPN. The cloud VPN forwards the connection to the concerned SaaS application.

9.What are the prerequisites for moving to a cloud platform?

• Compliance issues

• Data storage types

• Reduction of downtime

• Business continuity

• Ensure availability and access

• Maintaining data integrity

• Fail-safe for loss of data

10.Give architectural details for VPC - Virtual Private Cloud?

VPC manages storage and compute resources for organisations by providing a layer of isolation and abstraction.

The architecture for VPC with public and private subnets is as follows : -

Creating a new VPC instance

A VPC comes by default with these components :

• Route table

• Network ACL

• Security Groups

An empty VPC with IPv4 CIDR address block.

Credits - Amazon Offical Doc on VPC.

The next step is to create two subsets, one public and the other private. We create an Internet Gateway and connect it to our VPC next. So the traffic that flows to the VPC has to pass through the internet gateway. Now we create a new EC2 instance and place it inside the subnet. Here is the final architecture diagram.

A VPC with public and private subnets. Credits- Amazon official Documentation

11.How is Data protection in S3 achieved?

Data can be encrypted in S3 using SSE-S3, SSE-C, SSE-KMS.

• SSE-S3 provides the solution S3 oversees Key management and protection using multiple layers of security.

• SSE-C lets S3 perform encryption and decryption of data and control the key used for encryption. Key management and storage are implementation-dependent and not provided by AWS.

• SSE-KMS uses the Amazon Key Management service to store the keys used in encryption. KMS also provides an additional layer of security by keeping master keys. Special permission is needed to be able to use the master key.

12.What are the differences between ELB, NLB, and ALB?

Application Load Balancer (ALB) - ALB allows routing based on port numbers. It can also route requests to Lambda, and it can direct requests to many ports on the target. Application Load Balancer supports only layer 7 - HTTP/2 and Web Sockets. It can return primary responses on its own so the server can be set free of replying to redundant requests. ALB find use in Microservices and application

Network Load Balancer (NLB) - Network Load Balancer supports Layer 4 that is TCP and UDP. It is faster and high-performance since it is lower in the OSI model. It uses static IPs and can also be assigned elastic IPs. An example would be real-time data streaming or video streaming.

Classic Load Balancer (CLB) or Elastic Load Balancer (ELB version1) - ELB is the oldest Load balancer and the only one which offers application-specific sticky session cookies. It works both on Layer 7 and Layer 4. ELB also supports EC2-Classic.

13.Explain the types of EC2 instances?

Memory-Optimized Instances - They provide fast performance for applications that process Bigdata in memory. Memory Optimised instance includes support for enhanced networking, up to 25gbps of Network Bandwidth. They come packaged with EBS installed and optimised.

Use cases are in-memory caches and open-source databases.

Compute Optimised Instances - Compute Optimised instances provide high-performance computing resources and fast batch-processing. They are used ideally for media transcoding, gaming servers, ad-server engines. Compute Optimised Instances use the AWS Nitro system, which combines dedicated hardware and lightweight hypervisors. Just like Memory-optimized, Compute Optimised Instances come with optimised EBS as well.

Accelerated Computing Instances - These Instances use co-processors and hardware accelerators to improve upon the performance. They get used in graphics processing, floating-point calculations, data pattern matching. Accelerated Computing Instances use extra hardware power to combat software limitations and latency. These also support the Elastic Fabric Adapter (EFA)

Storage Optimised Instances - Storage Optimised instances are ideal for workloads that need high sequential read and write. These instances use their local storage to store data.

Storage optimised instances provide low latency and high-speed random I/O operations. They get used in NoSQL databases like Redis, MongoDB, data warehousing.

General Purpose instances provide a mixture of computing, memory, and networking resources. General Purpose Instance find their use in applications that consume multiple resources in equal proportions, for example, web servers, code repositories.

14. What is CloudFormation's function?

CloudFormation helps in creating and maintaining an AWS infrastructure and stacks. Stacks are a collection of AWS services. And CloudFormation enables users in creating stacks quickly with minor overhead. One could ideally configure the AWS infrastructure through a text or JSON file in Cloud Formation.

15. How does AWS provide defence from Distributed Denial of Service (DDoS) attacks?

Amazon AWS provides Shields for security against attacks. AWS Shields uses two tiers of security- Standard and Advanced.

Standard AWS Shield, which comes by default with AWS, can be used as a first-measure security gate. It protects network and transport layers.

Subsequently, one can also subscribe to Shield Advanced for another layer of added security. The AWS Advanced Shield provides integration with AWS Web Application Firewall (WAF). AWS WAF provides custom rules to filter out traffic with threat signatures.

Web Application Firewall provides three main actions: allow all requests for a rule, block all requests, and count all requests for a new policy.

Advanced Shield also extends 24x7 support from AWS DDoS response team.