Paper Solution December 2011 A) Surveying role of Cloud ... Paper Solution.pdfCloud computing is...

Compiled By Bhushan Jadhav -9702868662

Paper Solution

December 2011

1 A) Explain surveying the role of cloud computing

Surveying role of Cloud Computing Cloud computing is Internet (‘‘cloud’’)-based development and use of computer technology (‘‘computing’’). It is a style of computing in which resources are provided ‘‘as a service’’ over the Internet to users who need not have knowledge of, expertise in, or Control over the technology infrastructure (‘‘in the cloud’’) that supports them. It enables small, medium, and large businesses to ❑ Get new products or services to market faster by minimizing time to deploy the fixed IT assets like servers, switches, and routers, and by eliminating related incremental capital investment in these assets. ❑ Conduct market tests quickly and constrain losses by failing fast if the market, product, or service doesn’t meet expectations. ❑ Defer long-term planning until results of initial market tests are known. ❑ Replace capital expenditures for unneeded capacity to accommodate periodic usage spikes, such as those that occur after announcing seasonal discounts or a new software version, with usage based monthly payments. It Consist of Application service providers (ASPs) and web hosting firms who rent server CPU cycles and storage space on an as-needed basis. In cloud computing Client device can be any diskless workstation, thin client, laptop, pc or net book while Application Service Providers Provide Services to the client over the internet. 1 B) Explain the development services and applications of cloud The concept of cloud services development encompasses several different types of development.

a) Software as a service Software as a service, or SaaS, is probably the most common type of cloud service development. With SaaS, a single application is delivered to thousands of users from the vendor’s servers. Customers don’t pay for owning the software; rather, they pay for using it. Users access an application via an API accessible over the web.This model deals with providing Software application delivery using cloud infrastructure to the user without any installation. It is delivered over the internet, thus eliminating the need to install and run the application on the users system. SaaS is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet. The popular


examples of Software as a service are Salesforce.com, GoogleApp, CRM, Yahoomail, hotmail etc.

b) Platform as a service In this variation of SaaS, the development environment is offered as a service. The developer uses the “building blocks” of the vendor’s development environment to create his own custom application It provide platform to run users applications like websites, web services without having to download or install it on users machine. it can be defined as a computing platform that allows the creation of web applications quickly and easily and without the complexity of buying and maintaining the software and infrastructure underneath it. The popular examples of Platform-as-a-services are GoogleApp engine, windows Azure, Amazon Web Services etc.

c) Infrastructure as a Service It offers Computing resources, Virtual Storage, data center, network resources as services. It can be defined as the use of servers, storage, Computing power and virtualization to enable utility like services for users. It offers virtual services via this mode, including the remote delivery of a full computer infrastructure. IaaS provides users with a web based service that can be used to create, destroy, and manage virtual machines and storage. The examples of Infrastructure-as-a-services are RackSpace, Google Cloud Storage, Vmware, Citrix Xen, Eucalyptus, Open Stack etc.

d) Web Services A web service is an application that operates over a network—typically, over the Internet. Most typically, a web service is an API that can be accessed over the Internet. The service is then executed on a remote system that hosts the requested services. This type of web API lets developers exploit shared functionality over the Internet, rather than deliver their own full-blown applications. The result is a customized web-based application where a large hunk of that application is delivered by a third party, thus easing development and bandwidth demands for the custom program. A good example of web services are the “mashups” created by users of the Google Maps API. With these custom apps, the data that feeds the map is provided by the developer, where the engine that creates the map itself is provided by Google. The developer doesn’t have to code or serve a map application; all he has to do is hook into Google’s web API. Applications of Cloud Computing

Cloud computing has been credited with increasing competitiveness through cost reduction, greater flexibility, elasticity and optimal resource utilization The Cloud Computing can be used in following Domains using *aas Deployment Services 1)Educational institutions 2)IT Industries 3)Insurance Companies 4)Railway Reservations etc. Cloud provides following Applications


1 C) Compare and contrast services provided by windows Azure cloud Windows Azure provides enterprise-oriented cloud computing services stated as follows

The three core services of Windows Azure are as follows: 1) Compute: The compute service offers scalable hosting of services on 64-bit Windows Server

2008 platform with Hyper-V support. The platform is virtualized and designed to scale dynamically based on demand.

2) Azure Storage Services, which provides scalable persistent storage of structured tables, arbitrary

blobs, and queues. These storage types support REST-based direct access through REST APIs.Windows Azure tables are not traditional relational database tables like SQL Server tables. Instead, they provide structured data storage capabilities. They have independent data model popularly known as the entity model. Tables are designed for storing terabytes of highly available data like user profiles in a high-volume ecommerce site. Windows Azure blobs are designed to store large sets of binary data like videos, images, and music in the cloud. The maximum allowable size per blob item is 50GB. Windows Azure queues are the asynchronous communication channels for connecting between services and applications not only in Windows Azure but also from on-premise applications. You can also use queues to communicate across multiple Windows Azure role instances.


3) Management: The management service supports automated infrastructure and service management

capabilities to Windows Azure cloud services. These capabilities include automatic commissioning of virtual machines and deploying services in them, as well as configuring switches, access routers, and load balancers for maintaining the user defined state of the service. The management services consist of a fabric controller responsible for maintaining the health of the service.

4) SQL Azure Services: SQL Azure Database implements Microsoft SQL Server in the cloud with features commonly offered by enterprise-scale relational database management systems. SQL Reporting and SQL Analysis services are expected as future data-related SQL Services. SQL Azure is the relational database in the Windows Azure platform. It provides core relational database management system (RDBMS) capabilities as a service, and it is built on the core SQL Server product code base.

5) .NET Services: Access Control, Service Bus, and Workflow services, as well as Server Bus Queues and Routers..NET Services is the middleware engine of Windows Azure platform providing access control service and service bus.

6) Windows Azure Software Development Kit (SDK), which implements the Azure Development fabric and Azure Storage Services on local development PCs.

7) Windows Azure Tools for Microsoft Visual Studio, which provide Visual Studio 2008 and 2010 project templates and other support for developing applications that run on the Windows Azure Development and Production fabrics

8) AppFabric has a service-oriented architecture and allows the creation of federated access control and distributed messaging across clouds and enterprises. It also provides capabilities for integrating applications and business processes not only between cloud services but also between cloud services and on-premise applications The two core services of AppFabricare as follows: Access Control: The access control component provides rules-driven, claims based access control for distributed applications Service bus: The service bus is a generic .NET Internet service bus. It is analogous to the Enterprise Service Bus (ESB) popularly seen in large enterprises.


9) Live services -: Microsoft Live Services is a collection of consumer centric applications and frameworks like Identity Management, Search, Geospatial, Communications, Storage, and Synchronization.

D) Enlist the different types of risk when moving to cloud service

The National Institute of Standards and Technology (NIST), formerly the National Bureau of Standards, defines IT-Related Risk as The net mission impact considering (1) the probability that a particular threat-source will exercise (accidentally trigger or intentionally exploit) a particular information system vulnerability and (2) the resulting impact if this should occur. IT-related risks arise from legal liability or mission loss due to:

1. Unauthorized (malicious or accidental) disclosure, modification, or destruction of information.

2. Unintentional errors and omissions. 3. IT disruptions due to natural or man-made disasters. 4. Failure to exercise due care and diligence in the implementation and operation of the IT

System.

Q2 A) Explain about auditing and regulatory standards when moving to the cloud service

Answer -:Several laws and regulations related to data security and privacy are currently in effect in the United States. These include the Gramm-Leach-Bliley (GLB) Act, Sarbanes-Oxley Act (SOX, also known as thePublic Company Accounting Reform and Investor Protection Act of 2002), Health Insurance Portability and Accountability Act (HIPAA), and the Foreign Corrupt Practices Act. Following are three of the most important federal regulatory compliance mandates and a critical private-sector standard that involve identity management, risk assessment, or both. Most organizations implement a plan that ensures the security, confidentiality (or privacy when the information involves personal identification of employees or consumers), and integrity of sensitive data. These plans usually are subject to periodic tests by independent security auditors to ensure compliance.(Explain 3 regularity standards in Short (GLB,SOX,HIPAA + Auditing Standards)

Gramm-Leach-Bliley Act The GLB Act defines non-public information as including a consumer’s name, address, telephone number, date of birth, social security number, and any other information that was derived from any sort of application or form wherein the consumer provided such information to a financial institution. The GLB Act considers at least the following types of institutions to be financial institutions: non-bank mortgage lenders, loan brokers, some financial or investment advisers, debt collectors, tax return preparers, banks, and real estate settlement service providers. The information security plan must include ❑ Developing, monitoring, and testing a program to secure the information


❑ Change the safeguards as needed with the changes in how information is collected, stored, and used

❑ Constructing a thorough [risk management] on each department handling the nonpublic information ❑ Denoting at least one employee to manage the safeguards Sarbanes-Oxley Act SOX, which applies only to publicly owned companies, was enacted by congress in response to a series of large corporate frauds, primarily those committed by Enron, WorldCom, and Tyco during the years2000 through 2004. SOX was intended to make corporate reporting more transparent. Its provisions aim to ❑ Reduce or eliminate conflicts of interest of independent financial auditors who also provide consulting services, as well as those of securities analysts who receive compensation from investment bankers ❑ Improve oversight by boards of directors’ audit committees of independent financial auditors

❑ Increase oversight by the Securities and Exchange Commission (SEC) by increasing its budget substantially ❑ Require accounting for employee stock option compensation as an operating expense A key tenet of SOX is data integrity. Moving financial transactions and associated data from the corporation’s premises to a cloud data center doesn’t necessarily increase risk. However, it does affect the flow of transactions and can influence the adequacy of internal control over financial reporting. Health Information Technology and HIPAA Federal privacy/security laws (HIPAA) are expanded to protect patient health information and HIPAA privacy and security laws would apply directly to business associates of covered entities. ARRA also prohibits the sale of a patient’s health information without the patient’s written authorization, except in limited circumstances involving research or public health activities, or ‘‘otherwise determined by the secretary in regulations to be similarly necessary and appropriate.’’ HIPAA’s Privacy Rule establishes regulations for the use and disclosure of Protected Health Information (PHI). PHI is any information held by a covered entity that concerns health status, provision of health care, or payment for health care that can be linked to an individual. PHI has been interpreted to include any part of an individual’s electronic medical record (EMR) or payment history, but HIPAA specifies 18 PHI identifiers in the following list. Covered entities include health plans, health-care clearinghouses, and health care providers who transmit any health information in electronic form in connection with a transaction. The 18 types of identifiers of PHI were, when this book was written, as follows: 1. Names. 2. All geographical subdivisions smaller than a state, including street address, city, county,


precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code, if according to the current publicly available data from the Bureau of the Census: (1) the geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and (2) the initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000. 3. Dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older. 4. Phone numbers. 5. Fax numbers. 6. Electronic mail addresses. 7. Social Security numbers. 8. Medical record numbers. 9. Health plan beneficiary numbers. 10. Account numbers. 11. Certificate/license numbers. 12. Vehicle identifiers and serial numbers, including license plate numbers. 13. Device identifiers and serial numbers. 14. Web Universal Resource Locators (URLs). 15. Internet Protocol (IP) address numbers. 16. Biometric identifiers, including finger and voice prints. 17. Full face photographic images and any comparable images. 18. Any other unique identifying number, characteristic, or code (note this does not mean the unique code assigned by the investigator to code the data). Auditing Conformance to Regulatory and Industry Standards An unreported violation of the HIPAA regulations for protecting PII in PHI or failure to encrypt all stored PII related to credit card transactions greatly increases risk of enforcement actions that could threaten the firm’s financial stability. Data center or network outages that interrupt access to cloud-based application, storage, or both for a substantial period of time could cause serious adverse financial affects. Management and independent auditors who vouch for the accuracy of financial statements share liability for misstatements. The firm’s current internal IT controls and procedures presumably meet the adequacy requirements of the SOX ‘‘internal control report’’ for on-premises applications and data. it’s not likely that management or independent auditors will have access to a cloud service provider’s facilities and operating personnel in order to make such an assessment of off-premises IT operations. Statement on Auditing Standards No. 70 (SAS 70)


The American Institute of Certified Public Accountants (ICPA) Statement on Auditing Standards No. 70: Service Organizations (SAS 70), ‘‘The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial Statement Audit,’’ requires independent financial auditors to consider information technology as part of overall internal control. SAS 70 Type I or II governs an examination of a service organization, such as a cloud services provider, that represents that the organization has been through an in-depth audit of its control objectives and activities with respect to the services provided. ❑ A Type I service auditor’s report includes the service auditor’s opinion on the fairness of the presentation of the service organization’s description of controls that had been placed in operation and the suitability of the design of the controls to achieve the specified control objectives. ❑ A Type II service auditor’s report includes the information contained in a Type I service auditor’s report and also includes the service auditor’s opinion on whether the specific controls were operating effectively during the period under review.

SOX representations as to the adequacy of internal controls are for a period of one year, so a Type II report is required. If you have sufficient leverage, you should request that the SAS 70 audit specify the extent of GLB, SOX, HIPAA, and PCI-DSS compliance and describe how the service firm has instituted control objectives to meet the SLAs it offers. The ISO/IEC 27001:2005 Standard

ISO/IEC 27001 (Information technology–Security techniques–Information Security Management Systems–Requirements) is an international standard for Information Security Management Sysems (ISMSs). An ISO/IEC 27001 compliant system will provide a systematic approach to ensuring the availability, confidentiality and integrity of corporate information. Using controls based on indentifying and combating the entire range of potential risks to the organization’s information assets. The standard draws on the expertise and knowledge of experienced information securitypractitioners in a wide range of significant organizations across more than 40 countries, to set out the best practice in information security. And is increasingly used by firms to demonstrate regulatory compliance and effective business risk management, as well as helping them to prepare and position themselves for all new and emerging regulations. An ISO/IEC 27001-certificated ISMS will ensure that you are in compliance with the whole range of information-related legislation, including (as applicable) HIPAA, GLBA, SB 1386 and other State breach laws, PIPEDA, FISMA, EU Safe Harbor regulations, and so on. Azure’s SAS 70 and ISO/IEC 27001:2005 Audits and Certification It was developed for ‘‘Securing Microsoft’s Cloud Infrastructure” to the Global Foundation Services.It defines ‘‘Independent, third-party validation of Microsoft’s cloud infrastructure” achieving both SAS 70 Type I and Type II attestations and ISO/IEC 27001:2005 certification.’’


B) Explain the windows Azure Platform architecture Answer -: The Windows Azure Platform is Microsoft’s Windows Platform as a Service (PaaS) offering that runs on servers and related network infrastructure located in Microsoft data centers and is connected to the public Internet. The platform consists of a highly scalable (elastic) cloud operating system, data storage fabric and related services delivered by physical or logical (virtualized) Windows Server 2008 instances. Primary uses for Azure are to ❑ Add web service capabilities to existing packaged applications ❑ Build, modify, and distribute applications to the Web with minimal on-premises resources ❑ Perform services, such as large-volume storage, batch processing, intense or high-volume Computations, and so on, off premises ❑ Create, test, debug, and distribute web services quickly and inexpensively ❑ Reduce costs and risks of building and extending on-premises resources ❑ Reduce the effort and costs of IT management

Windows Azure Functional Architecture


Windows Azure consists of three main services: Compute,Storage, and Management. The Compute service provides scalable hosting for IIS web applications and .NET background processes. The web application role is called the Web role, and the background process role is called the Worker role. The Worker role is analogous to Windows Services and is designed specifically for background processing. A Windows Azure cloud service comprises of a Web role and/or a Worker role and service definition of the service. The Storage service in Windows Azure supports three types of services: blobs, queues, and tables. these storage types support local as well as direct access through a REST API. The Management service offers the features offered by Windows Azure developer portal as REST API calls. So, you can manage your applications and storage in Windows Azure dynamically by calling the Service Management API over REST interface. The Components of Azure Described as follows

1) Windows Azure, the operating system which implements the Windows Azure Fabric’s production version in virtualized Windows Server 2008 clusters.

2) Azure Storage Services, which provides scalable persistent storage of structured tables, arbitrary blobs, and queues.

a) Azure Table Services Tables are structured tabular data stored in an Entity-Attribute-Value (EAV) data model; the maximum size of all attribute values of an entity is 1MB. Entities can be grouped into storage partitions, which are maintained in a single location. b) Azure Blob Services Blobs store binary data, such as images, XML documents, compressed (zipped or gzipped) files, and other content as an arbitrary array of bytes within a container that’s associated with a storage account. Blobs consist of unstructured file-based data stored in an array of.Only blob containers and their content are available for public access. c) Azure Queue Services Azure queues are messages up to 8KB in size that any client or application with access to the Storage account can access on a first-in, first-out basis. Queues contain an unlimited number of messages stored in tables for processing by global services (often Worker Cloud services); messages have a maximum size of 8KB. Messages usually are deleted after the process that reads them handles them 3)Azure Fabric-: it contains Fabric Controller which deploys projects, adds instances automatically to meet demand, manages project software upgrades, and handles server failures to maintain project availability. 4) The Development Fabric -:used to test and debug application locally. 1) SQL Services: SQL Azure Database implements Microsoft SQL Server in the cloud with features

commonly offered by enterprise-scale relational database management systems. SQL Reporting and SQL Analysis services are expected as future data-related SQL Services.


2) .NET Services: provides Access Control, Service Bus, and Workflow services, as well as Server Bus Queues and Routers.

5) Fabric Controller -: The Fabric Controller reads the service configuration information provided by the cloud service and accordingly spawns the server virtual machines required to deploy the cloud service. The deployment of cloud services and spawning of virtual instances of servers are transparent to the developer. The developer just sees the status of the cloud service deployment on the Windows Azure developer portal. Deployment, scalability, availability, upgrades, and hardware server configurations are managed by Windows Azure for the cloud service. Q 3 A) Explain the security issues in cloud service. How to bypass the barriers in cloud computing Answer -: Privacy and security are the two primary governance issues that IT managers face when attempting to reduce project budgets and improve scalability with PaaS, IaaS, SaaS, or any combination of cloud computing services. Security is the major concern cited by IT managers when they think about cloud deployments, followed by performance, availability, and the ability to integrate cloud services. The Cloud data needs to be secure for unauthorized access to confidential or sensitive business data when the are managed by third party provides. The Security of Cloud Applications Compromises because of following reasons 1. Unauthorized (malicious or accidental) disclosure, modification, or destruction of information. 2. Unintentional errors and omissions. 3. IT disruptions due to natural or man-made disasters. 4. Failure to exercise due care and diligence in the implementation and operation of the IT system. Cloud-computing vendors, such as Microsoft, must fully detail their security-related practices and incorporate guaranteed levels of data security, auditing, availability, and reliability in their service-level agreements (SLAs.) NIST has provided standards for ❑ Securing cloud architectures

❑ Securing cloud applications

❑ Enabling and performing forensics in the cloud

❑ Centralizing security monitoring in a cloud architecture

❑ Obtaining security from third-party cloud architectures through service-level agreements

❑ Security compliance frameworks and cloud computing (for example, HIPAA, FISMA, SOX).

Bypassing Barriers to Cloud Computing

The first step to an Azure development is convincing IT and top management that the cloud is a suitable hosting environment for an existing or new project. The initial objections probably will relate to entrusting a third party to provide application availability that’s better than your on-premises IT department delivers. Maintaining complete confidentiality of valuable business information while in


storage and in transit is a top concern in all management surveys of cloud-computing intentions. Although Microsoft only or Microsoft-mostly shops are accustomed to Windows lock-in, management undoubtedly will be interested in portability of applications between clouds of multiple providers.The Top 10 Obstacles to and Opportunities for Growth of Cloud Computing

To bypass the barrier its important to Maximize the Data Availability and Minimizing Security Risks. Availability is usually measured in nines; for example, four nines represents services being available 99.99% of the time. There are 43,200 minutes in a 30-day month, so achieving four nines availability would permit a maximum of 4.32 minutes (0.01% of 43,200) of scheduled or unscheduled downtime per month. Cloud-computing vendors ultimately must enter into service-level agreements (SLAs) that specify competitive application availability.So The SLA Should be provided to describe and Minimize the Obstacles in Cloud Computing. B) Explain how to create storage account with Azure storage services with APIs Answer-: Azure Storage Services consist of highly scalable and available persistent storage for the following three types of data: ❑ Tables are structured tabular data stored in an Entity-Attribute-Value (EAV) data model; the maximum size of all attribute values of an entity is 1MB. Entities can be grouped into storage partitions, which are maintained in a single location.


❑ Blobs consist of unstructured file-based data stored in an array of bytes; containers store sets of individual blobs up to 50GB in size in hierarchical groups, which emulate a directory structure. Only blob containers and their content are available for public access. ❑ Queues contain an unlimited number of messages stored in tables for processing by global services (often Worker Cloud services); messages have a maximum size of 8KB. Messages usually are deleted after the process that reads them handles them. To assure availability and reliability, all stored data consists of a master and two or more replicas stored on different Fault Domains. In Windows Azure a single Storage Account provides a separate URI for tables, blobs, and queues Creating Storage Accounts involves following Steps To create a Storage Account with a token, click the Account tab and its Manage My Tokens link to open the Tokens page, copy and paste the token GUID into the Resource Token ID text box, and click Claim Token to add a Compute Only bucket for the GUID to the Gated Entity’s Storage Accounts group (see Figure 4-1)

Figure 4-1: The Azure Developer Portal’s Tokens page with the initial Storage Account for a Hosted

Service token.

Clicking the Claim Token and Continue buttons opens the My Projects page. Click the Project Name link to open the project page and click the New Service link to open the Project | Create a new service component page with choices for Storage Account and Hosted Services (see Figure 4-2)


Figure 4-2: Clicking the Tokens Page’s Claim Token button with a token valid for the fi st Storage

Account leads to the Project page.

The Storage Account selection displays the number of Storage Accounts available (project(s) remaining) for the Hosted Service tokens you’ve redeemed. Click the Storage Account icon to open the Create a Project – Project Properties page. Type a unique Project Label and add a Project Description (see Figure 4-3.)

Figure 4-3: Assigning a unique Project Label to a new blob Storage Account in the Create a Project –

Project Properties page.


Click the Next button to open the Create a Project – Storage Account page, add a unique Service Name DNS prefix consisting of lowercase letters and numerals, and click the Check Availability button to ensure the prefix is globally unique for Storage Accounts within all Azure data centers). To keep data in the same data center as the related hosted service, mark the ‘‘Yes, this service is related...’’ and ‘‘Create a new Affinity Group’’ buttons, select from the list of available data centers (regions) and type a name for the region in the text box (see Figure 4-4.)

Figure 4-4: Assigning a globally unique prefi for a new blob Storage Account in the Create a Project – Storage Account page. Click Create to generate the new Storage Account and open the Service Name page, which displays an http://dns_prefix.data_type.core.windows.net endpoint for each of the three data types and displays Primary Access Key and Secondary Access Key values for the three endpoints (see Figure 4-5.)This is the last step of Creation of Storage Account in Windows Azure Cloud shown below


Figure 4-5: The last (Service Name) page in the process of creating a Storage Account

(In this question Draw Generalize diagram if possible)

Create an Additional Storage Account with a Hosted Service Token To create the second Storage Account for a Hosted Service, click the New Project link in the Development Portal’s left panel to open the Project–Create a New Service Component page, which contains links for new Storage Accounts (refer to Figure 4-2) and proceed with the steps shown in Figures 4-3 through 4-5. Using or Wrapping the Azure Storage Services’ REST APIs you can access Storage Accounts and their data with any popular computer language, such as PHP, Python, IronPython, Ruby, IronRuby, Java, C#, or Visual Basic, that’s capable of interacting with web resources by invoking HTTP’s GET, POST, PUT, and other standard methods. Azure Storage Services provides official Representational State Transfer (REST) APIs for the Storage Account and each storage type. REST methods create, retrieve, update, or delete resources that are identified by Uniform Resource Identifiers (URIs). Q 4 A) Explain about authentication, authorization and web role management in windows azure cloud Answer -: ASP.NET Membership Services in .NET 2.0 eliminate the need for developers to write and rewrite code to store and validate user credentials for web-based authentication and authorization. Membership providers default to SQL Server tables for storing user IDs, passwords, role membership, profiles, and session state. The Windows Azure SDK includes a sample AspProviders.dll class library and an AspProviderDemo.sln web application that demonstrate techniques for adding authentication and


authorization features to Windows Azure web applications without the need to use the .NET Access Control Service (ACS). The authentication and authorization of cloud services are managed by ASP.NET membership services, Access control Services and Windows Live ID. The method of securing access to a WebRole running on Windows Azure is to use an implementation of ASP.NET Membership Services that’s customized to accommodate the cloud-computing infrastructure. ASP.NET Membership Services enable ❑ Creating new users and passwords. ❑ Storing membership information (user names, passwords, and supporting data). By default Membership uses SQL Server but can accommodate Active Directory or an alternative data store. ❑ Changing and resetting passwords. ❑ Identifying authenticated users to applications. ❑ Specifying a custom membership provider, such as one designed for use with WebRoles running under the Development Fabric with locally stored or cloud-based data, or under the Azure Fabric with Azure Tables and Blobs. ASP.NET Login Controls The following ASP.NET login controls let you create a complete authentication system that requires little code: ❑ ChangePassword lets a user change her password by supplying the original password, and then creating and confirming the new password. ❑ CreateUserWizard control collects user name, password, password confirmation, e-mail alias, security question, and security answer information from new users. By default, the wizard adds the new user to the system. ❑ Login contains text boxes for entering the user name and password and a check box that enables users to store their identity using ASP.NET membership for automatic authentication the next time they start the service. ❑ LoginStatus displays a login link for unauthenticated users and a logout link for authenticated users. ❑ LoginName displays a user’s login name if the user has logged in using ASP.NET membership or aWindows account name withWindows authentication. ❑ LoginView lets you display different information to anonymous and logged-in users with the AnonymousTemplate or LoggedInTemplate, which you can customize. ❑ PasswordRecovery lets a user retrieve her password by sending a message to the e-mail address that she used when creating the account. You can integrate ASP.NET Membership Services with ASP.NET role management services for authorizing authenticated users.


The AspProviderDemo.sln web application offers a Default.aspx page with links to six membership related forms: Login.aspx, ChangePassword.aspx, CreateNewWizard.aspx, ManageRoles.aspx, MyProfile.aspx, and MySession.aspx. AspProviderDemo’s forms. Access Control Services (ACS) ‘‘provide an easy way to control web applications and services while integrating with standards-based identity providers, including enterprise directories and web identity systems such as Windows Live ID.’’ Service Bus Services rely on a claims-based identity model for user authentication and role-based access control. The advantage of ACS is that you can write a set of declarative rules that can transform incoming security claims into a claims-based, federated identity to minimize developer effort. ACS relies on well-known user account stores, such as Live ID, Active Directory, or other stores that support Atom, AtomPub, SOAP or WS-*, and HTTP protocols. Windows Live ID provides authentication and authorization of Azure CTP users. The Windows Azure Compute service is based on a role-based design. To implement a service in Windows Azure, you have to implement one or more roles supported by the service. The current version of Windows Azure supports two roles: Web and Worker.

A Web role is a web site or web service that can run in an IIS 7 environment. Most commonly, it will be an ASP.NET web application or a Windows Communications Foundation (WCF) service with HTTP and/or HTTPS endpoints.

Most Windows users have at least one WLID for logging in to Microsoft and other online services that require user authentication. The WLID service assigns the Application ID value and uses it to look up the Return URL for the Hosted Services project’s page and to generate a unique Personal User IDentifier (PUID) for the user and the site. The PUID can act as primary key for additional registration data provided by the user. The Secret Key value encrypts and signs the security token provided by the WLID service and corresponds to a password for the project. Implementing WLID authentication requires copying code from the WLID Web Authentication SDK 1.2 or later WebAuth sample web site project and, optionally, the LoginStatus control from the Windows Live Tools for Microsoft Visual Studio 2008 or later.

B) Explain the scalability performance of Azure tables Answer -: SQL Azure Database (SADB) offers most of the relational database management features of SQL Server 2008 Enterprise, but Azure Tables come to the fore when scalability is the criterion. The scalability and performance of Azure Tables are managed by following Constraints The Azure tables’ composite primary key, which consists of concatenated PartitionKey and RowKey property value strings, provides a unique entity ID, also called an object ID, to identify and sort entities within an Azure table. PartitionKey values identify table partitions for load balancing across storage nodes. Windows Azure stores entities with the same PartitionKey value in a single location, typically a virtual server node running on the Azure Fabric. Azure stores a master and at least two replica versions of each node in different failure domains. Entities in a table having the same PartitionKey value are said to be in a locality, which is the unit of consistency for Azure Tables. A locality has no partition


tolerance, so it’s possible, at least theoretically, to achieve consistency and availability for the entities in the locality. If a table contains multiple entities with the same PartitionKey value, unique RowKey values are required to provide a unique entity ID; otherwise, RowKey values can be empty strings or a value indicating the entity’s type or kind, such as Customer, Order, or OrderDetail. The flexible properties feature of Azure tables permits storing entities of different types in the same table. Following is the ranking of query performance with the $filter query operator (a lower number is faster): 1. Query by PartitionKey and RowKey values. 2. Query by PartitionKey and some other property value. 3. Query by RowKey only or any If you don’t include the PartitionKey value, the server-side query engine will scan all partitions for RowKey or other property value matches. PartitionKey values can be strings having a Length property value of 0KB to 32KB and cannot contain any of the following characters: ❑ Forward slash (/) ❑ Backslash (\) ❑ Number sign (#) ❑ Question mark (?) If you expect that your table could ultimately contain more entities than a single Azure node can reasonably be expected to hold, you should plan on assigning the PartitionKey value on an individual parent entity basis, such as by UserID, CustomerID, CreditCardID, OrderID, or ProductID. Assigning the same PartitionKey value to parent and child entities ensures that they are maintained in the same locality, which speeds processing.


Structure of Azure Table

Multiple child entities, such as OrderDetails, can occur for a single parent entity ID value (OrderID), so they require RowKey values to maintain uniqueness. The relational Order Details table has a composite primary key, which consists of OrderID + ProductID values Azure Tables don’t support entity associations (relationships), although ADO.NET Data Services and the AtomPub wire format support 1:n, 1:1, and n:1 associations with the $expand query option, which returns links to associated entities

Entity Group Transactions More recent table versions of Azure tables support Entity-Group Transactions (EGTs). EGTs support ACID transactions for create, update, and delete operations on batches of parent and child entities with the same PartitionKey value. Following are the requirements for EGTs from the Table Service API’s. ❑ All entities subject to operations as part of the transaction must have the same PartitionKey value. ❑ An entity can appear only once in the transaction, and only one operation may be performed against it. ❑ The transaction can include at most 100 entities, and its total payload may be no more than 4 MB in size. ❑ The Table Service doesn’t support linking operations in a change set. Q 5 A) Explain the need of virtualization and abstraction in windows azure cloud Answer -:


“Virtualization, in computing, is the creation of a virtual (rather than actual) version of something, such as a hardware platform, operating system, a storage device or network resources” Virtualization essentially means to create multiple, logical instances of software or hardware on a single physical hardware resource. This technique simulates the available hardware and gives every application running on top of it, the feel that it is the unique holder of the resource. Virtualization provides a means to manage resources efficiently because the mapping of virtual resources to physical resources can be both dynamic and facile. Virtualization assigns a logical name for a physical resource and then provides a pointer to that physical resource when a request is made. Virtualization is dynamic in that the mapping can be assigned based on rapidly changing conditions, and it is facile because changes to a mapping assignment can be nearly instantaneous. There are many ways of virtualizations like data, network, storage, application, server, desktop etc. The Virtualization is needed for Load Balancing,to get Better Response time,Consolidation and to Reduce the number of Physical Machine requirement.

Virtualization in Windows Azure using Microsoft Hyper v Hypervisor In Windows Azure the virtualization is accomplished using Hyper Hypervisor which allows to create

modify or destroy Virtual Machines. Virtual machine is a Virtual instance of OS which runs over Host VM.The objective of server virtualization is to maximize server utilization, which often is less than 50 percent in many of today’s data centers. Multitenancy enables improving performance per dollar and per watt by running multiple applications and services on a single physical server. The Hypervisor contains Virtual Machine Monitor which manages Guest and Host Vms.The host virtual machine (host VM) controls access to the hardware of the physical server and supports multiple guest VMs in a multitenanted environment. Guest VMs (tenants) access physical server resources through the host VM.

Following are descriptions of the components shown in Figure 3-5:

❑ Host partition, also called the parent partition, is dedicated to running the Host OS. In Hyper-V v1, the host partition is the root (boot) partition and there can be only one host partition.


❑ Host OS is a lightweight server operating system (Windows Server 2008 Core for Azure) controls access to the hardware of the underlying server, and provides a mechanism for other guest VMs (where our customers applications are deployed) to safely communicate with the outside world. ❑ Guest partitions, also called child partitions, are created and owned by the host OS and are dedicated to running guest OSes. ❑ Guest OS is a server operating system for applications and services (Windows Server 2008 Enterprise with IIS 7, .NET Fx 3.5, and other extensions for Azure). ❑ Services are custom-written (Azure) applications and services that run on the guest OS.

❑ Virtualization Stack (VSP, virtualization service provider) is a provider exposed by the virtualization stack that provides resources or services such as I/O to a child partition. ❑ Virtualization Stack (VSC, virtualization service client or consumer) is a software module that a guest loads to consume a resource or service. For I/O devices, the virtualization service client can be a device driver that the operating system kernel loads. ❑ VMBus is a shared-memory I/O bus that enables high-performance communication between VMs. ❑ NICs are physical network interface card(s).

❑ CPUs are physical central processing units, which have one or usually more B) Explain in detail the use of ASP.NET as a SDK in cloud computing Answer -: The Windows Azure Software Development Kit (SDK) provides a development Version of the cloud-based services, as well as the tools and APIs needed to develop, deploy, and manage scalable services in Windows Azure, including Visual Studio 2008 or 2010 templates for a standardized set of Azure applications. Windows Azure, SQL Azure, .NET Services, and Live Services all have separate software development kits (SDKs), but Visual Studio .NET and the .NET Framework are the common programming tools used for building applications for all the Windows Azure components. Windows Azure SDK and the Live Framework SDK have local development fabrics that emulate the cloud environment at a miniature scale. The Microsoft Azure SDK for .NET allows you to build applications that take advantage of scalable cloud computing resources. In Azure ASP.net is typically used to create User interface,role assignment and used to create application for Hosting environment.

ASP.NET as a SDK The ASP.net can be used to create web and Worker roles in Azure. Windows Azure, SQL Azure, .NET Services, and Live Services all have separate software development kits (SDKs), but Visual Studio .NET and the .NET Framework are the common programming tools used for Building applications for all the Windows Azure components. Windows Azure SDK and the Live Framework SDK have local development fabrics that emulate the cloud environment at a miniature scale. Downloading Windows Azure Tools for Visual Studio adds a Cloud Service template node to the


New Project dialog. Double-clicking the Cloud Service node opens the New Cloud Service Project dialog, which enables adding ASP.NET Web Roles, Worker Roles or CGI Web Roles to the project.

The solution’s Roles node contains items that point to each WebRole project, which provides the ASP.NET UI for the application, and each WorkerRole for computing operations that don’t require a UI or use the WebRole’s ASP.NET pages as its UI. Projects that use the WebRole template provide an ASP.NET Default.aspx web page as the starting point for a default cloud application UI. Q 6 A) How to upload table data, displaying the data from heterogeneous table in grid in azure cloud Answer -: The storage account provides an entry point to the Table service via the Table service endpoint URI. There are no methods at the Account level in the Table service hierarchy. The URI endpoint of a specific account is of the format http://<account name>.table.core.windows.net. The Table service defines three methods at the table level of the hierarchy: Create Table, Delete Table, and Query Tables. The table data can be accessed using their separate endpoints defined in ServiceConfiguration.cscfg file


Uploading Table Data Azure Tables support a restricted feature set of the .NET Client Library for ADO.NET Data Services to access data in Table Storage with queries composed with the LINQ to REST that return .NET collections. SQL Azure Database (SADB) also supports and Astoria interface. Astoria uses the Atom Syndication Format for table data retrieval and the Atom Publishing Protocol (AtomPub) for table insertions, updates, and deletions. AtomPub POST request message produced by the Windows Azure SDK’s sample StorageClient library’s classes in the TableStorage.cs file to add a row in an Azure Table: Azure Data Services use the HTTP POST method to insert entities into tables. The insert data Operation is shown below <?xml version="1.0" encoding="utf-8" standalone="yes"?> <entry> <content type="application/xml"> <m:properties> <d:CustomerID>BSBEV</d:CustomerID> <d:PartitionKey>2147472704</d:PartitionKey> <d:RowKey m:null="false" /> <d:ShipAddress>Fauntleroy Circus</d:ShipAddress> <d:ShipCity>London</d:ShipCity> <d:ShipCountry>UK</d:ShipCountry> </m:properties> </content> </entry> Azure Tables support a simplified version of the ADO.NET Data Services client API for create, retrieve, update, and delete (CRUD) operations by means of the ClientServices library. The create operation with the POST method returns a confirmation of the data inserted. It’s clear from the POST request and response messages that the vast majority of the bytes on the wire are the data overhead inherent in RESTful data operations with the AtomPub wire format. To upload TABLE data, follow these steps: 1. Run the application. 2. Enter your server name, username, password, database name. 3. USE the SQL Server Integration Services (SSIS) to upload the data.


SSIS is an Extract-Transform-Load (ETL) tool that comes with SQL Server editions. You can use SSIS to • Extract data from a structured or unstructured data source • Clean up the data or apply business rules to the data • Upload the clean data to the destination database tables Displaying Data from Heterogeneous Tables in Grids Consider 3 tables OrderTable which is Parent Table, DetailTable which is child table and OrderDetailTable is Heterogeneous. The ascending index on PartitionKey and RowKey causes parent and child entities in the OrderDetailTable to appear with child DetailType entities followed by their parent OrderType entity, as shown in Figure

Displaying Parent Entities As is the case for data uploads, downloading data from heterogeneous tables requires only a minor change to the LINQ to REST query to filter out unwanted entities So Orders DataGridView control is fill with the most recent OrderType entities from the OrderDetailTable or OrderTable. The OrderType filter operator for the query is as follows var orders = (from c in OrderDetailTable where c.RowKey == "OrderType" select c ) . Take (numberOfOrders);


Displaying 100 OrderType entities from the OrderTable is slightly faster (3.22 versus 3.47 seconds) than from the OrderTable table because the homogeneous table scan covers only 30 percent of the entities of the heterogeneous table.

Displaying Child Entities In this case, the filter is the inverse of that for OrderType entities.The query is as follows var details=(from d in OrderDetailTable where d.PartitionKey == currentRow.PartitionKey && d.RowKey != "OrderType" select d); (In this question just focus on theory and remember generalize query In parent it uses row key and in child uses partition key no need to remember queries as it is) 6 B) How to create and process queues and messages in azure cloud Answer -: Azure Queues provide reliable, asynchronous message delivery between components of a cloud-based service. Queues are the simplest of the three Azure data models. A single http://servicename.queue.core .windows.net service account supports an unlimited number of uniquely named queues. Also, a queue can contain an unlimited number of messages, each of which can hold up to 8MB of string or binary payload. Your application can assign an additional 8MB maximum of custom metadata to a queue in the form of name/value pairs. Individual messages don’t support custom metadata but have a maximum lifespan (time-to-live or TTL) of seven days. Like Azure Tables and Blobs, Queues offer a RESTful application programming interface (API) for enabling multiple platforms and programming languages to manipulate them when running on the Development and Azure Fabrics. Queues support both HTTP and HTTPS (secure HTTP with Transport Layer Security, TLS) protocols. Figure 8-1 illustrates a simple workflow with a single queue for offloading computing services to a pair of WorkerRoles from a cloud web application (WebRole) that processes web requests and an on-premises Windows client. The WebRole and client apps enqueue work request messages that either of the two WorkerRoles starts processing. As the two WorkerRoles complete their work, they add a new blob to the appropriate container or an entity to a table. The WebRole and client then process and display the new blob or entity.


Creating and Processing Azure Queues and Messages

The following classes are used for Processing Queues.

Methods are used to create and process the Queues Following are the three methods that issue HTTP/REST requests at the queue level: ❑ GetQueue() creates a queue with a specified storage account. ❑ DeleteQueue() deletes an instantiated queue object. ❑ SetProperties() adds or overwrites optional custom metadata for the specified queue instance ListQueues(). To list the queues for a specific storageaccount (oakleaf3 for this example), invoke the HTTP GET method with the storage URI. queue.DeleteQueue(): used to delete the queue queue.ApproximateCount():used to count no of messages in a queue queue.DeleteMessage(getMsg);used to delete message from queue


. (In this Question just remember the Queue level Methods and 2 Diagrams 1st one is Important) Q 7) Write short note on A) Service level agreement between user and cloud service provider Answer A service level agreement (SLA) is an agreement between the cloud service provider (CSP) and the customer. In the early days of cloud computing, all SLAs were negotiated between a client and the provider. Today with the advent of large utility-like cloud computing providers, most SLAs are standardized until a client becomes a large consumer of services. it is important to understand that an SLA can make or break a deal. A common misconception about SLAs is that they represent the availability of a service. An SLA not only covers the availability of a service, but also other objectives like customer expectations, performance measurements, reporting, quality standards, and relationship management. A successful business driver for cloud services is an SLA addressing the quality of service required by the customer. The key to acceptance of third-party security, auditing, and maintenance of customers’ data in the cloud is transparency. Cloud-computing vendors, such as Microsoft, must fully detail their security-related practices and incorporate guaranteed levels of data security, auditing, availability, and reliability in their service-level agreements (SLAs.)Cloud-computing vendors ultimately must enter into service-level agreements (SLAs) that specify competitive application availability For e.g Availability is usually measured in nines; for example, four nines represents services being available 99.99% of the time. There are 43,200 minutes in a 30-day month, so achieving four nines availability


would permit a maximum of 4.32 minutes (0.01% of 43,200) of scheduled or unscheduled downtime per month. So the SLA Should define the Scheduled or Unscheduled down time Microsoft announced their SLA would cover 99.95% uptime guarantee for two or more Azure service instances and 99.9% availability for storage services. Cloud-computing SLAs offer rebates or credits for downtime but don’t cover business interruption losses. SLAs usually specify these parameters: • Availability of the service (uptime) • Response times or latency • Reliability of the service components • Responsibilities of each party • Warranties If a vendor fails to meet the stated targets or minimums, it is punished by having to offer the client a credit or pay a penalty.

Cloud Service Provider The service providers are the companies that provide cloud services to the businesses and to the Consumers. These companies run the giant data centers hosting massively virtualized and redundant software and hardware systems. Service providers like Amazon with its EC2 service and Microsoft with its Windows Azure fall into the service providers category. These companies not only have expertise in data center management but also in scalable software management. The service providers may offer services directly to the businesses, consumers, or ISVs. The Cloud Service models describe the type of service that the service provider is offering. The best-known service models are Software as a Service, Platform as a Service, and Infrastructure as a Service—the SPI model. The service models build on one another and define what a vendor must manage and what the client's responsibility is.

Application Service Providers (ASP) ASPs gradually became known as Software as a Service (SaaS) providers. There are five generally accepted ASP market segments: ❑ Specialty ASPs usually deliver a single application, such as credit card or other payment processing, customer relationship management (CRM), human resources management system (HRMS), word processing, spreadsheet, database or timesheet services. Google Apps provide web-based email, calendar, word-processing, spreadsheet and presentation modules to business users for a fixed charge per user per year, while Salesforce.com rents CRM capabilities and Intuit provides its QuickBase RDBMS with per subscriber per month billing. ❑ Enterprise ASPs deliver a broad spectrum of specialty ASP solutions. For example, Microsoft rents Microsoft SharePoint Services, Microsoft Dynamics CRM Services, and Office Business Applications (OBAs), as well as Windows Live services online. ❑ Vertical-market ASPs deliver multiple software solutions for a specific customer category, such as medical or dental practice, insurance brokerage, church congregation, residential or commercial construction, or personal finance management. ❑ Local-market ASPs deliver geocoded marketing services to small service businesses, such as restaurants, pubs and bars, within a limited geographic region. ASPs usually charge fixed monthly fees per subscriber, which include software license fees. B) Enterprise service bus and naming service in Apps Fabric Service Bus Answer -:


Enterprise service bus “ESB is an enterprise architecture pattern that defines the connectivity, contracts, and communication of business objects across enterprise applications.” An ESB is not a physical bus in the sense of a network; rather, it is an architectural pattern comprised of a set of network services that manage transactions in a Service Oriented Architecture.It makes interoperability among Heterogeneous Environment using SOA.

Microsoft’s ESB formally called .NET Services’ Service Bus

Messages flow from client to component through the ESB, which manages these transactions, even though the location of the services comprising the ESB may vary widely. An ESB is necessary but not essential to a Service Oriented Architecture because typical business processes can span a vast number of messages and events, and distributed processing is an inherently unreliable method of transport. An ESB therefore plays the role of a transaction broker in SOA, ensuring that messages get to where they were supposed to go and are acted upon properly. The service bus performs the function of mediation: message translation, registration, routing, logging, auditing, and managing transactional integrity. Transactional integrity is similar to ACID in a database system—atomicity, consistency, isolation, and durability, the essence of which is that transactions succeed or they fail and are rolled back. Key benefits of ESB 1)Faster and Cheaper Accommodation of Existing System 2)Increases flexibility, easier to change as requirement varies 3)has standard 4)scalable 5)More configuration coding than integration coding


1)Single point failure if its down no communication takes place between client ans services 2)extra overhead and increases latency caused by message traversing in esb layer.

Naming Service in App fabric Service Bus The AppFabric Service Bus provides access control, naming, service registry, messaging, and connectivity services at Internet scale. It enables bidirectional communications between on-premises and cloud application through relay service capabilities. The relay service runs in the cloud, and interested parties register themselves with it to communicate with each other. The Service Bus determines the best connectivity method by either using outbound bidirectional sockets connections from the service to the Service Bus when a firewall is present, or establishing a direct connection between the client and the service when there is no firewall

The AppFabric Service Bus consists of four main services that can be used by different kinds of on-premises as well as cloud services: • Security • Naming service • Service registry • Messaging fabric

Naming Service The Naming service allows you to assign DNS-capable names to your service, which makes the service easily resolvable over the Internet. The Internet is based on the Domain Name System (DNS) where every resource on the Internet can be resolved using names. For example, in the URL www.microsoft.com, microsoft.com is the registered domain name for Microsoft’s web site. HTTP is the protocol used for accessing the web site. Similarly, http://msdn.microsoft.com is the registered domain name for MSDN


site. The msdn part of the URL is called a subdomain of microsoft.com, and microsoft.com itself is called a root domain. DNS follows a hierarchical structure where one root domain can consist of many subdomains to form a tree structure. The AppFabric Service Bus offers a DNS-compatible naming system for assigning unique Internet URIs to cloud as well as on-premises services. The AppFabric Service Bus defines a root domain name that can be resolved through the Internet DNS, but offers a service namespace-based naming hierarchy below the root. For example, in the Service Bus naming system, servicebus.windows.net is the root domain of the Service Bus. If you have ten service namespaces you want to register with the Service Bus, all ten service namespaces automatically receive URIs for cloud as well as on-premises services. If you name your namespaces solution1, solution2, …, solution10, then each solution has its own URI name: solution1.servicebus.windows.net solution2.servicebus.windows.net …. solution10.servicebus.windows.net Figure 8-7 shows an example hierarchical naming tree structure in the AppFabric Service Bus.

AppFabric Service Bus supports two URI schemes: http and sb. http is used for all HTTP-based communications between clients and services, whereas sb is used for all TCP-based communications between clients and services. [name] is the user-defined virtual name for a service or a hierarchical structure pointing to a service. You can create any hierarchical structure using the user-defined namespace. The AppFabric Service Bus internally resolves the actual location of the service endpoints at runtime. Thus, the AppFabric Service Bus allows you to create an infinitely deep hierarchical naming structure referencing endpoints of cloud as well as on-premises services. It also abstracts the DNS registration and resolution for your services and applications calling these services. C) HIPAA

Answer-: Health Information Technology and HIPAA ****


Federal privacy/security laws (HIPAA) are expanded to protect patient health information and HIPAA privacy and security laws would apply directly to business associates of covered entities. American Recovery and Reinvestment Act (ARRA) also prohibits the sale of a patient’s health information without the patient’s written authorization, except in limited circumstances involving research or public health activities, or ‘‘otherwise determined by the secretary in regulations to be similarly necessary and appropriate.’’ HIPAA’s Privacy Rule establishes regulations for the use and disclosure of Protected Health Information (PHI). PHI is any information held by a covered entity that concerns health status, provision of health care, or payment for health care that can be linked to an individual. PHI has been interpreted to include any part of an individual’s electronic medical record (EMR) or payment history, but HIPAA specifies 18 PHI identifiers in the following list. Covered entities include health plans, health-care clearinghouses, and health care providers who transmit any health information in electronic form in connection with a transaction covered by this subchapter

The 18 types of identifiers of PHI were, when this book was written, as follows:

1. Names.

2. All geographical subdivisions smaller than a state, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code, if according to the current publicly available data from the Bureau of the Census: (1) the geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and (2) the initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000.

3. Dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older.

4. Phone numbers.

5. Fax numbers.

6. Electronic mail addresses.

7. Social Security numbers.

8. Medical record numbers.

9. Health plan beneficiary numbers.

10. Account numbers.

11. Certificate/license numbers.

12. Vehicle identifiers and serial numbers, including license plate numbers.


13. Device identifiers and serial numbers.

14. Web Universal Resource Locators (URLs).

15. Internet Protocol (IP) address numbers.

16. Biometric identifiers, including finger and voice prints.

17. Full face photographic images and any comparable images.

18. Any other unique identifying number, characteristic, or code (note this does not mean the

unique code assigned by the investigator to code the data).

It’s clear from the length of the preceding list that a substantial amount of the data in the master header record of the EHR or EMR must be encrypted to conform to HIPPA requirements for making personally identifiable information anonymous.

Paper Solution of May 2011

Answer-: Cloud computing refers to applications and services that run on a distributed network using virtualized resources and accessed by common Internet protocols and networking standards. Cloud computing is an abstraction based on the notion of pooling physical resources and presenting them as a virtual resource. It is a new model for provisioning resources, for staging applications, and for platform-independent user access to services. Clouds can come in many different types, and the services and applications that run on clouds may or may not be delivered by a cloud service provider.

Designing of Private Cloud for College Before designing cloud two cloud models needs to be consider those are • Deployment models: This refers to the location and management of the cloud's infrastructure. They are Private cloud which is operational within the premises of organization is operated for the exclusive use of an organization, public which requires internet to access and manage cloud services which is managed by that organization or a third party and Hybrid which is combination of private and public cloud • Service models: This consists of the particular types of services that you can access on a cloud computing platform. There are Three Basic Service Models


• Infrastructure as a Service: IaaS provides servers,virtual machines, virtual storage, virtual infrastructure,operating system, and other hardware assets as resources that clients can provision. • Software as a Service: SaaS is a complete operating environment with applications, management, and the user interface which will be provided through web without installing them on own pc. • Platform as a Service: PaaS provides applications, services, development frameworks, web services, transactions, and control structures. The design of Private Cloud is based on Functional and Operational Architectures.it is proprietary cloud platform which lies within college premises managed and controlled by college administrator.so security will be very high. The functional Architecture describes the hardware and Software Components of College Cloud Architecture.

In Implementation each server is responsible for running Hypervisor and providing Virtual Environment to cloud Users with hosted Applications. The cloud architecture also consists of some fixed hardware assets like load balancers, switches, routers, and DNS servers that manage the work load distribution across multiple service instances. The Hardware Requirement of Each Server should be Intel Xeon or AMD V Quad core CPU with atleast 2TB Storage and minimum 32GB of RAM. The Hypervisor to be installed on Server can be Microsoft HyperV,Citrix Xen,Eucalyptus, OpenStack, VMware Exit etc.which will provide Virtualization infrastructure to College Cloud. The Services Provided by College Cloud are described by functional Architectureas follows


Functional Architecture of College Cloud The Services provided to students and teachers as follows 1)Iaas-:this module will provide Virtual desktops access,virtual storage access,Virtual Servers access to students teachers and Administrator of college 2) SaaS-: this module enable teachers and students to access all laboratory softwares on their computer without installing them on their own computers. The applications includes Oracle,matlab,scilab,autocad etc. 3)Platform as a service -:This module enable students and teachers to run their web applications through remote server.the web portal of teacher can be used to share the teaching Stuff to students the example include the moodle site. 4)File as a service-:This module enable students and teachers to upload and download their files from server.It lets users to store files of various data types in a highly scalable hierarchical file system and retrieve them over the Internet as various Multipurpose Internet Mail Extension (MIME) types. 5) Storage as a service-:This module will provide students and teachers a virtual storage where they can store their important data securely.It contain Virtual storage which provides more space than local hdd space and will be useful if HDD fulls. 6) Monitoring as a Service-:This module will be used by college network and system admin to monitor the network and cloud usage using various tools like Nagios,nessus etc. 7)Everything as a Service -:Rest all the facilities provided by cloud except mension above comes in to Everything as a service which may include hardware as aservice,Teaching learning as a service etc. (list features provided with advantages)

Infrastructure as a service

Software as a service

Platform as a service

File as a service

Monitoring as a Service

Storage as a service

Services Provided by College Cloud


The basic value proposition of cloud computing is to pay as you go, and to pay for what you use. This implies that an application can expand and contract on demand, across all its tiers (presentation layer, services, database, security…). This also implies that application components can grow independently from each other. So if you need more storage for your database, you should be able to grow that tier without affecting, reconfiguring or changing the other tiers. Basically, cloud applications behave like a sponge; when you add water to a sponge, it grows in size; in the application world, the more customers you add, the more it grows. The smallest elasticity unit of an IaaS provider and a Virtual Machine environment is a server (physical or virtual). While adding servers in a datacenter helps in achieving scale, it is hardly enough. The application has yet to use this hardware. If the process of adding computing resources is not transparent to the application, the application is not elastic. The key observation is that Cloud Computing ability to add or remove resources at a fine grain and with a lead time of minutes rather than weeks allows matching resources to workload much more closely. The elasticity in cloud means user can increase or decrease the resources under utilization like cpu,memory,storage on fly as per requirement without disturbing the running System.

Other sources

Difference between Normal Web Hosting and PaaS based web hosting 1)PaaS based Cloud hosting is setup on cluster of servers which ensures 100% uptime whereas Normal hosting plans like Shared, VPS are setup on a single physical server, so 100% uptime cannot be guaranteed on them. 2) PaaS based Cloud hosting offers many advantages over normal hosting. This is due to the number of servers that are being used for a single cluster. The architecture of Cloud hosting uses groups of high specification servers, network attached storage devices to reliably serve every web page, and image of a website. Under normal hosting this is not the case. 3) PaaS based cloud hosting provides 100% uptime and a feature to individually scale up and down, there resources like, CPU, RAM, and Bandwidth etc.while there is downtime exist in maintenance of Normal Webhosting and there is no option of scale up or down the server resources.. 4) Normal web hosting doesn’t require a virtualization solution while PaaS based hosting implements one or more virtualization Servers. 5) The PaaS based hosting is preferred over Normal hosting because of following advantages


-No dependence on hardware -Increased Reliability. -Infinite Scalability. -Infinite Performance. -Resource and Energy Efficiency

See question 2B of Last paper

See question 5A of Last paper


The data center’s physical servers run an advanced, custom version of Microsoft’s Hyper-V

hypervisor technology that virtualizes the physical instances to deliver a clustered runtime fabric, called the Azure Fabric Controller (FC), which handles application/service deployment, load balancing, OS/data replication, and resource management. The FC deploys projects, adds instances automatically to meet demand, manages project software upgrades, and handles server failures to maintain project availability. FC maintains a graph of the inventory of physical and virtual machines, load balancers, routers, and switches it manages in a Microsoft data center. The FC assigns each role to its own virtual machine; role instances run on the fabric’s nodes and channels connect roles. WebRole instances accept HTTP or HTTPS requests and respond with an ASP.NET, ASP.NET MVC, or Silverlight UI. WorkerRoles provide batch computing services in response to request messages received from WebRoles or .NET Services in Azure Queues

. Following are the primary FC responsibilities for maintaining service availability: ❑ The FC maintains a state machine for each node. ❑ A Role Instance Description determines a node’s goal state. ❑ Internal or external events cause nodes to move to a different state. ❑ The FC maintains a cache of last state of each node. ❑ Load balancers probe the nodes to determine that each is operable and reports failures to the FC. ❑ The FC Agent reconciles the cached and actual state in response to heartbeat events.


❑ If the actual and goal states differ, on heartbeat events the FC Agent attempts to move the node closer to its goal state. ❑ The FC detects when the node reaches its goal state. ❑ If a failed node goes offline, the FC attempts to recover it. ❑ If the FC can’t recover a failed node, it finds or creates a suitable replacement on other hardware and notifies other role instances of the configuration change.

See Question 2A last paper

cloud-based infrastructures are likely to exhibit better availability than most enterprise onpremises IT services. Availability is usually measured in nines; for example, four nines represents services being available 99.99% of the time. There are 43,200 minutes in a 30-day month, so achieving four nines availability would permit a maximum of 4.32 minutes (0.01% of 43,200) of scheduled or unscheduled downtime per month. It’s common for telecommunications systems and data centers to be designed to achieve five nines availability, which corresponds to less than 30 seconds downtime per month. Cloud-computing vendors ultimately must enter into service-level agreements (SLAs) that specify competitive application availability. Customers want five nines, but it appears that vendors might offer only three nines; for example, Microsoft announced inmid-July 2009 that its SLA would cover 99.95% uptime guarantee for two ormore Azure service instances and 99.9% availability for storage services. Similarly, Amazon Web Services warrants 99.95% uptime for EC2 and 99.9% for S3. + Other sources

è Azure Queues provide reliable, asynchronous message delivery between components of a

cloud-based service è Dispatching computing operations of WorkerRole projects to improve

service scalability is the most common use for Azure Queues à Queues support both HTTP and HTTPS (secure HTTP with Transport Layer Security, TLS) protocols. àThe Queue service is on providing a highly scalable and available asynchronous message communication system that’s accessible anywhere, anytime. The Queue service provides a REST API for applications to use the large-scale Queue service infrastructure è The Queue service supports an unlimited number of messages, but individual

messages in the Queue service can’t be more than 8KB in size. The event handlers used in queue are


Rest API for Queue A queue is a logical destination for sending messages. There can be any number of queues in an account in the Queue service. A queue stores messages and makes them available to applications via the REST API. Queues can have metadata in the form of name-value pairs up to 8KB in size per queue. The Queue service support only private access; that means you need to have account privileges in order to access queues in a Queue service. Messages are stored in queues. There is no limit to the number of messages that can be stored in a queue, but the size of each individual message can’t exceed 8KB. To communicate large object messages, you can put the large object in a blob and then send the URI of that object as a message to a queue. When you send a message, it can be in either text or binary format; but when you receive a message from the queue, it’s always in Base64-encoded format. A GUID MessageID assigned by the Queue service uniquely identifies a message in the queue. The REST API for the Queue service is available at the account, queue, and message levels. The REST API enables you to make HTTP calls to the Queue service and its resources. REST is an HTTP-based protocol that lets you specify the URI of the resource as well as the function you want to execute on the resource. Every REST call involves an HTTP request to the storage service and an HTTP response from the storage service.


An entity consists of a set of name-value pairs called properties. Properties are analogous to columns in a relational database table. An entity must have three mandatory properties: PartitionKey, RowKey, and Timestamp. PartitionKey and RowKey are of string data type, and Timestamp is a read-only DateTime property maintained by the system. The combination of PartitionKey and RowKey uniquely identifies an entity. You must design PartitionKey and RowKey as part of your table design exercise. The Table service organizes data into several storage nodes based on the entities’ PartitionKey property values. Entities with same PartitionKey are stored on a single storage node. A partition is a collection of entities with the same PartitionKey. A RowKey uniquely identifies an entity within a partition. The Table service provides a single index in which entity records are sorted first by PartitionKey and then by RowKey. All the entities in a single partition have the same PartitionKey, so you can safely assume that all the entities in a partition are lexically sorted by RowKey. Azure Tables use a schemaless Entity-Attribute-Value data model instead of the more common relational model because relational tables with fixed schema are notoriously difficult to scale to terabytes


or petabytes and restructure after growing to these sizes. All tables contain three system properties (attributes): PartitionKey, RowKey, and Timestamp. Partitions define the unit of table consistency; PartitionKey and RowKey values define the equivalent of a composite primary key for the table. Custom attributes are a property bag whose members can vary within the table.

If a table contains multiple entities with the same PartitionKey value, unique RowKey values are required to provide a unique entity ID; otherwise, RowKey values can be empty strings or a value indicating the entity’s type Following is the ranking of query performance with the $filter query operator (a lower number is faster): 1. Query by PartitionKey and RowKey values. 2. Query by PartitionKey and some other property value.


3. Query by RowKey only or any other property value.

àThe Windows Azure Table service provides structured storage in the cloud. tables contain entities, and entities have properties. The Table service is designed for massive scalability and availability, supporting billions of entities and terabytes of data. It’s designed to support high volume, but smaller structured objects.

A table is a container for storing data. Data is stored in tables as collection of entities. There can be any number of tables in an account in the Table service. A table stores entities and makes them available to applications via the REST API There is no limit on the number of tables and entities you can create in a Table service. There is also no limit on the size of the tables in your account. The Single Windows Azure storage account encompasses the Blob, Queue, and Table services which can be used to scale the Azure storage.

Microsoft .NET Access Control Service (ACS) is a cloud service that abstracts the orchestration of authentication and authorization for your application. ACS follows a claims-based architecture where users acquire their claims from ACS based on their identity and present the claims to the application. The application is configured to trust ACS and thus gives appropriate entry to users. In simple terms, ACS is a claims-transformation service in the cloud that relieves you of building a role-based authorization system within your application. A claim is any user or application attribute a service application expects


The primary function of ACS is to transform input claims into output claims. First, you configure ACS and the identity provider to trust each other. Then, you configure ACS and your service (a.k.a. relying party) to trust each other with a signing key. Next, you configure ACS with rules for mapping input claims to output claims that your application expects. In the real world, these tasks are done by system and/or security administrators. When an application wants to consume the web service, it sends the required claims to ACS in a request for a token. ACS transforms input claims into output claims based on the mapping rules you created while configuring ACS. Next, ACS issues a token with output claims to the consumer application. The consumer application sends the token in the request header to the web service. The web service validates the claims in the token and provides appropriate access to the end user.

à WS-Federation is the web services (WS-*) specification for federating identities from a variety of sources (domains) to simplify sharing services from secure web sites and SOAP-based services. A federation is a collection of realms (security domains) that have established relationships for securely sharing resources. A Resource Provider in one realm can provide authorized access to a resource it manages based on claims about a principal (such as identity or other distinguishing


attributes) that are asserted by an Identity Provider (or any Security Token Service) in another realm. A fundamental goal of WS-Federation is to simplify the development of federated services through cross-realm communication and management of Federation Services by re-using the WS-Trust Security Token Service model and protocol. WS-Federation is an Identity Federation specification. Web Services Security (WS-Security, WSS) is an extension to SOAP to apply security to Web services. WS-Security, WS-Trust, and WS-SecurityPolicy provide a basic model for federation between Identity Providers and Relying Parties. These specifications define mechanisms for codifying claims (assertions) about a requestor as security tokens which can be used to protect and authorize web services requests in accordance with policy. This enables high value scenarios where authorized access to resources managed in one realm can be provided to security principals whose identities and attributes are managed in other realms. WS-Federation includes mechanisms for brokering of identity, attribute discovery and retrieval, authentication and authorization claims between federation partners, and protecting the privacy of these claims across organizational boundaries. These mechanisms are defined as extensions to the Security Token Service (STS) model defined in WS-Trust. In addition WS-Federation defines a mapping of these mechanisms, and the WS-Trust token issuance messages, onto HTTP such that WS-Federation can be leveraged within Web browser environments. The intention is to provide a common infrastructure for performing Federated Identity operations for both web services and browser-based applications.

Read Question 7B of Dec 2011

Read Question 7B of Dec 2011

Answer-: Cloud computing is Internet (‘‘cloud’’)-based development and use of computer technology (‘‘computing’’). It is a style of computing in which resources are provided ‘‘as a service’’ over the Internet to users who need not have knowledge of, expertise in, or control over the technology infrastructure (‘‘in the cloud’’) that supports them.


Types of clouds Most people separate cloud computing into two distinct sets of models: • Deployment models: This refers to the location and management of the cloud's infrastructure. • Service models: This consists of the particular types of services that you can access on a cloud computing platform. A)Deployment Models The Cloud Computing is distinguishing in to three types

1) Private Cloud Private cloud is a way to implement cloud inside the organization using your own infrastructure built on your own hardware or software. It is used by the organizations internally and is for a single organization, anyone within the organization can access the data, services and web applications but users outside the organizations cannot access the cloud .

2) Public Cloud This type of cloud runs over internet. Here user can use services or resources which are hosted and managed outside the organization. So user must have internet to access this type of services. This type of clouds is available on Subscription or pay per use basis so it requires very less capital expenditure.

3) Hybrid Cloud


It is basically a Combination of both private and public cloud, where user gets Some services through internet while some are get through intranet which are implemented within the organization. 4) Community cloud

Community cloud shares infrastructure between several organizations from a specific community with common concerns whether managed internally or by a third-party and hosted internally or externally. B) Service models Cloud computing offer their services according to three fundamental Service models

e) Software as a service This model deals with providing Software application delivery using cloud infrastructure to the user without any installation. It is delivered over the internet, thus eliminating the need to install and run the application on the users system. SaaS is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet. The popular examples of Software as a service are Salesforce.com, GoogleApp, CRM, Yahoomail, hotmail etc.

f) Platform as a service It provide platform to run users applications like websites, web services without having to download or install it on users machine. it can be defined as a computing platform that allows the creation of web applications quickly and easily and without the complexity of buying and maintaining the software and infrastructure underneath it. The popular examples of Platform-as-a-services are GoogleApp engine, windows Azure, Amazon Web Services etc.

g) Infrastructure as a Service It offers Computing resources, Virtual Storage, data center, network resources as services. It can be defined as the use of servers, storage, Computing power and virtualization to enable utility like services for users. It offers virtual services via this mode, including the remote delivery of a full computer infrastructure. IaaS provides users with a web based


service that can be used to create, destroy, and manage virtual machines and storage. The examples of Infrastructure-as-a-services are RackSpace, Google Cloud Storage, Vmware, Citrix Xen, Eucalyptus, Open Stack etc.

— Service-Oriented Architecture (SOA) is an architectural style for building Enterprise

Solution based on Services. Applications built using an SOA style deliver functionality as services that can be used or reused when building applications or integrating within the enterprise or trading partners.

— SOA introduced Software as a Service and Microsoft’s Software+Services implementations, but Platform, Infrastructure, Computing, Storage, Communications, and Hardware as services also have their place in cloud computing’s attempt to provide Everything as a Service.

Basic SOA Architecture

In SOA Service Providers registers their services in service registry while Service Consumer calls Find service to locate the Service in service registry. After locating the service the consumer and provider calls bind to establish and execute the connection. Service Oriented Architecture (SOA) describes a standard method for requesting services from distributed components and managing the results. Because the clients requesting services, the components providing the services, the protocols used to deliver messages, and the Responses can vary widely, SOA provides the translation and management layer in an architecture that removes the barrier for a client obtaining desired services. With SOA, clients and components can be written in different languages and can use multiple messaging protocols and networking protocols to communicate with one another. SOA provides the standards that transport the messages and makes the infrastructure to support it possible. SOA provides access to reusable Web services over a TCP/IP network, which makes this an important topic to cloud computing going forward.

See last paper Question no 7


PAPER Solution May 2012

Q1) what is Cloud Computing? Explain its Architecture? Answer-: Cloud computing refers to applications and services that run on a distributed network using virtualized resources and accessed by common Internet protocols and networking standards. Cloud computing takes the technology, services, and applications that are similar to those on the Internet and turns them into a self-service utility.

cloud architectures are based on creation of large data centers with a management fabric defining clear abstraction between server hardware and operations systems. The management fabric automates the deployment of virtualized operating systems images on server hardware. In its simplest form, a typical cloud data center consists of a bank of server hardware and massive storage for storing fully functional operating system images. The management fabric manages the life cycle of the deployment by allocating and decommissioning hardware and operating system images as needed. As a user, when you deploy your service to the cloud, the management fabric provisions the hardware servers, deploys operating system image on those servers, and deploys your service to those servers. Once the service is deployed on the servers, it is ready to be consumed. The number of service instances is configured by the service


owner and would typically depend on the demand and high availability requirements of the service. As shown in Figure 1-7, the cloud architecture also consists of some fixed hardware assets like load balancers, switches, routers, and DNS servers that manage the work load distribution across multiple service instances. A typical cloud infrastructure like Windows Azure consists of several geographically dispersed data centers for providing geo-located services. Finally, the metering, billing and reporting components complement the infrastructure with the ability to measure and report the usage of the service per customer. 2)Write Short note on Windows Azure platform and explain its Components

Answer -: The Windows Azure platform supports development and deployment of different types of applications and services, not only in the cloud but also on-premise. It is a collection of building blocks of platform, middleware, enterprise, and consumer services for developers to build cloud services. It provides developers with a cloud operating system called Windows Azure, a cloud database called SQL Azure, infrastructure middleware component called .NET Services and a consumer services component called Live Services. Developers can either build services that span across all these components, or pick and choose the components as needed by the service architecture. The overall concept of Windows Azure platform is to offer developers the flexibility to plug in to the cloud environment as per the architectural requirements of the service.

The Windows Azure platform


The Windows Azure Platform consists of three main components – Windows Azure, SQL Azure, and .AppFabric.

1) The Windows Azure Operating System

Windows Azure is the underlying operating system for running your cloud services on the Windows Azure platform. It provides all the necessary features for hosting your services in the cloud. It provides a runtime environment that includes a web server, computational services, basic storage, queues, management services, and load-balancers. Windows Azure also provides developers with a local development fabric for building and testing services before they are deployed to Windows Azure in the cloud.

The three core services of Windows Azure are as follows:

Compute: The compute service offers scalable hosting of services on 64-bit Windows Server 2008 platform with Hyper-V support. The platform is virtualized and designed to scale dynamically based on demand.

Storage: There are three types of storage supported in Windows Azure: tables, blobs, and queues these storage types support REST-based direct access through REST APIs.

Management: The management service supports automated infrastructure and service management capabilities to Windows Azure cloud services.

2) SQL Azure Services: SQL Azure Database implements Microsoft SQL Server in the cloud with features commonly offered by enterprise-scale relational database management systems. SQL Reporting and SQL Analysis services are expected as future data-related SQL Services. SQL Azure is the relational database in the Windows Azure platform. It provides core relational database management system (RDBMS) capabilities as a service, and it is built on the core SQL Server product code base.


3) .NET Services: Access Control, Service Bus, and Workflow services, as well as Server Bus Queues and Routers..NET Services is the middleware engine of Windows Azure platform providing access control service and service bus.

4) Windows Azure Software Development Kit (SDK), which implements the Azure Development fabric and Azure Storage Services on local development PCs.

5) Windows Azure Tools for Microsoft Visual Studio, which provide Visual Studio 2008 and 2010 project templates and other support for developing applications that run on the Windows Azure Development and Production fabrics

6) AppFabric has a service-oriented architecture and allows the creation of federated access control and distributed messaging across clouds and enterprises. It also provides capabilities for integrating applications and business processes not only between cloud services but also between cloud services and on-premise applications The two core services of AppFabricare as follows:

7) Access Control: The access control component provides rules-driven, claims based access control for distributed applications Service bus: The service bus is a generic .NET Internet service bus. It is analogous to the Enterprise Service Bus (ESB) popularly seen in large enterprises.

8) Live services -: Microsoft Live Services is a collection of consumer centric applications and frameworks like Identity Management, Search, Geospatial, Communications, Storage, and Synchronization.

Q 2a) Explain Application fabric ACS.

Answer- Microsoft .NET Access Control Service (ACS) is a cloud service that abstracts the orchestration of authentication and authorization for your application. ACS follows a claims-based architecture where users acquire their claims from ACS based on their identity and present the claims to the application. The application is configured to trust ACS and thus gives


appropriate entry to users. In simple terms, ACS is a claims-transformation service in the cloud that relieves you of building a role-based authorization system within your application.

The Access Control Service (ACS) provides a flexible way of authentication and authorization in the cloud premises. The ACS extracts out the authentication and authorization code outside the application.A claim is any user or application attribute a service application expects. For example, you may have an application that expects e-mail address, phone number, password, and role attributes for an end user as claims for appropriate access control. You can configure your ACS project to provide these user claims to your application independent of the user’s authentication, identity, or provider. Figure 7-1illustrates a simple view of ACS.

The primary function of ACS is to transform input claims into output claims. First, you configure ACS and the identity provider to trust each other. Then, you configure ACS and your service (a.k.a. relying party) to trust each other with a signing key. Next, you configure ACS with rules for mapping input claims to output claims that your application expects. In the real world, these tasks are done by system and/or security administrators. When an application wants to consume the web service, it sends the required claims to ACS in a request for a token. ACS transforms input claims into output claims based on the mapping rules you created while configuring ACS. Next, ACS issues a token with output claims to the consumer application. The consumer application sends the token in the request header to the web service. The web service validates the claims in the token and provides appropriate access to the end user.

(please refer other paper soln for diagram)

Q2B) Explain Microsoft hyperv architecture with diagram? Ans-:please refer Question 5A of dec11


3a)Explain utility computing>with reference to it write obstacles and opportunities for growth of cloud computing? Answer-: Utility computing is the packaging of computing resources, such as computation, storage and services, as a metered service. This model has the advantage of a low or no initial cost to acquire computer resources; instead, computational resources are essentially rented. Utility computing is a service provisioning model in which a service provider makes computing resources and infrastructure management available to the customer as needed, and charges them for specific usage rather than a flat rate. Like other types of on-demand computing (such as grid computing), the utility model seeks to maximize the efficient use of resources and/or minimize associated costs.

Q3b) Explain Fabric Controllers Architecture. Ans-: The abstraction between the Windows Azure core services and the hardware is managed by Fabric Controller. Fabric Controller manages en-to-end automation of Windows Azure services, from hardware provisioning to maintaining service availability. Fabric Controller reads the configuration information of your services and adjusts the deployment profile accordingly.


The Fabric Controller reads the service configuration information provided by the cloud service and accordingly spawns the server virtual machines required to deploy the cloud service. The deployment of cloud services and spawning of virtual instances of servers are transparent to the developer. The developer just sees the status of the cloud service deployment on the Windows Azure developer portal. Once the cloud service is deployed, it is managed entirely by Windows Azure. You just have to specify the end state of the cloud service in its configuration file, and Windows Azure will provision the necessary hardware and software to achieve it. Deployment, scalability, availability, upgrades, and hardware server configurations are managed by Windows Azure for the cloud service. Q4A)Explain Windows Azure Storage Service Architecture Answer-: The Windows Azure Storage service allows users to store application data in the cloud and access it from anywhere, anytime. The open architecture of the Storage service lets you design your applications and services to store and retrieve data using REST APIs. Each storage type in the Storage service has an independent REST programming API. Figure 4-1 illustrates the Windows Azure storage service architecture


As shown in Figure 4-1, Windows Azure Storage types are scoped at the account level. This means that when you open a storage account, you get access to all the Windows Azure storage services. The Blob, Queue, and Table services all have REST API functions that let you interact with them. A blob account is a collection of containers. You can create any number of containers in an account. A container consists of number of blobs. A blob can be further composed of a series of blocks. A queue account is a collection of queues. An account can have any number of queues. A queue is composed of queue messages sent by the message sending applications. The table storage type supports access via REST as well as the ADO.NET Data Services API. You can create any number of tables in an account. A table consists of a set of entities that represent runtime objects or data. Entities are analogous to the rows of data in a relational database. They have properties, which are analogous to the database fields in a relational database table. The table storage type isn’t a relational database table; it follows the entity model Q4B) What Types of blobs?Explain BLOB Services architecture?


Types of Blobs There are 2 types of blobs Page blobs and Block Blobs

A) Page Blobs Page blobs were introduced in the 2009-09-19 version of the storage service API. They’re optimized for read/write access and provide you with the ability to copy a series of bytes into a blob. A page is represented by its start offset from the start of the blob. Writes to page blobs are immediately committed to the blob storage. You can store up to 1TB of data per page. Page blobs are ideal for applications requiring quick read/write access to binary data like images, videos, documents, and so on. The Windows Azure Storage Client API provides two operations on page blobs: Put Page and Get Page Regions.

B) Block Blobs

As listed in the blob limitations and constraints earlier, if a file is more than 64MB in size, it can’t be uploaded to the Blob service using the PUT blob function. You have to first break the blob file into contiguous blocks and then upload it in the form of smaller chunks of data called blocks. Each block can be a maximum of 4MB in size. After all the blocks are uploaded, they can be committed to a particular blob. after blocks are committed to a blob, you can only retrieve that complete blob. So, you can execute the GET operation only to the blob level. Uploading blocks and committing blocks to a blob are two separate operations. You can upload the blocks in any sequence, but the sequence in which you commit the list of blocks represents the readable blob. You may upload multiple blocks in parallel in any random sequence, but when you execute the commit operation, you must specify the correct list for the block sequence representing the readable blob. BLOB Services architecture The blob architecture consists of a four-level hierarchical structure: account, containers, blobs, blocks, and pages, as shown in Figure

1)Windows Azure Storage Account


The Windows Azure storage account encompasses the blob, queue, and table storage types. The URI scheme to access the Blob service via storage account is <http|https>://<account name>.blob.core.windows.net where <account name> is the unique name you created for your storage account. The <account name> must be globally unique. 2) Containers A container is a logical grouping for a set of blobs. Containers can have metadata in the form of namevalue pairs. They can be created as public or private: public containers are visible to all users (anonymous) for read-only purposes without authentication, and private containers are visible only to the account owner. Blob is the only storage type that supports public and private access; the queue and table storage types support only private access.

3) Blobs Blobs, which are the actual entities in the Blob service, are stored in containers. A blob name must be unique within the scope of a container. A blob can also have metadata in the form of name-value pairs. A blob name can’t be more than 1,024 characters long 4) Page Blobs They’re optimized for read/write access and provide you with the ability to copy a series of bytes into a blob. A page is represented by its start offset from the start of the blob. Writes to page blobs are immediately committed to the blob storage. 5) Block Blobs if a file is more than 64MB in size, it can’t be uploaded to the Blob service using the PUT blob function. You have to first break the blob file into contiguous blocks and then upload it in the form of smaller chunks of data called blocks. Each block can be a maximum of 4MB in size. After all the blocks are uploaded, they can be committed to a particular blob. 6) REST API The REST API for the Blob service is available at the account, container, and blob levels. The REST API enables you to make HTTP calls to the Blob service and its resources. REST is an HTTP-based protocol that lets you specify the URI of the resource as well as the function you want to execute on the resource. Every REST call involves an HTTP request to the storage service and an HTTP response from the storage service. Q5a) Explain Web and Worker role in detail Answer-: Roles are runnable components of an application; role instances run on the fabric’s nodes and channels connect roles. WebRole instances accept HTTP or HTTPS requests via Internet Information Services (IIS) 7 and respond with an ASP.NET, ASP.NET MVC, or Silverlight UI. WorkerRoles provide batch computing services in response to request messages received from WebRoles or .NET Services in Azure Queues. A Web role is a web site or web service that can run in an IIS 7 environment. Most commonly, it will be an ASP.NET web application or a Windows Communications Foundation (WCF) service with HTTP and/or HTTPS endpoints. The Worker role gives you the ability to run a continuous background process in the cloud. The Worker role can expose internal and external endpoints and also call external interfaces. A


Worker role can also communicate with the queue, blob, and table Windows Azure storage services.

A Worker role instance runs independently of the Web role instance, even though both of them may be part of the same service. A Worker role runs on a totally different virtual machine than the Web role in the same service. In some Windows Azure services, you may require communication between a Web role and a Worker role. Even though the Web and Worker role expose endpoints for communication among roles, the recommended mode of reliable communication is Windows Azure queues. Web and Worker roles both can access Windows Azure queues for communicating runtime messages. I will cover Windows Azure queues. A Worker role has no defined endpoints like a Web role because it is intended to be used as a background process. Web role can have only HTTP or HTTPS endpoints, but a Worker role can have an HTTP, HTTPS, or TCP endpoint. WorkerRoles can’t accept inbound connections from external networks so they must use Azure Queues to communicate with WebRoles or .NET Services. WorkerRoles can send outbound messages on the external network. Q5B) Explain APP fabric Service Bus Answer-: Microsoft’s AppFabric Service Bus is an Internet-scale Service Bus that offers scalable and highly available connection points for application communication. The AppFabric Service Bus is designed to provide connectivity, queuing, and routing capabilities not only for the cloud applications but also for on-premises applications. It also integrates with the Access Control Service (ACS) to provide secure relay and communications. Figure 8-4 illustrates the architecture of the AppFabric Service Bus.


The AppFabric Service Bus consists of four main services that can be used by different kinds of on-premises as well as cloud services: • Security • Naming service • Service registry • Messaging fabric 1) Security The AppFabric Service Bus offers two main options for securing the transport of messages from clients to services: • Access Control Service (ACS) integration-: Microsoft has integrated the AppFabric Service Bus with ACS to provide relay authentication and authorization. The message sender and message receiver have to pass security checks before connecting to the AppFabric Service Bus. Services (or receivers) must be authenticated either by ACS or an identity provider trusted by ACS before establishing a connection to the AppFabric Service Bus. • End-to-end Message security-: Message security refers to the security of the message that travels from the source through the AppFabric Service Bus to the destination.


2) Naming Service-: The Naming service allows you to assign DNS-capable names to your service, which makes the service easily resolvable over the Internet. The Internet is based on the Domain Name System (DNS) where every resource on the Internet can be resolved using names 3) Service Registry-: The AppFabric Service Bus provides a registration and discovery service for service endpoints called the service registry. The service endpoints can be in the cloud or on-premises. The service registry offers an Atom feed to your solution. You can register a service endpoint into the Atom Feed using either the Atom Publishing Protocol (APP)2 or WS-Transfer3 references. APP and WS-Transfer both support publishing, listing, and removing the service endpoints. The client application can then discover your service endpoint references by simply navigating Atom 1.0 feed of your solution. 4) Messaging Fabric-: The messaging fabric enables the relaying and communication of messages between clients and services. The messaging fabric makes it possible to expose your service endpoints into the cloud for onpremises as well as cloud deployed services. The messaging fabric also integrates with ACS to provide message level security. Q6A)What are limitations of Azure Queues?Explain Programming with Queue message operation? Answer-:

Queue Limitations and Constraints Even though the Queue service provides a scalable and highly available infrastructure for asynchronous message communications in the cloud, it has some limitations and constraints that are important to understand before diving deep into architecture and programming. The limitations of the Queue service are as follows: • The Queue service supports an unlimited number of messages, but individual messages in the Queue service can’t be more than 8KB in size. • The FIFO behavior of the messages sent to the Queue service isn’t guaranteed. • Messages can be received in any order. • The Queue service doesn’t offer guaranteed-once delivery. This means a message may be received more than once. • Messages sent to the Queue service can be in either text or binary format, but received messages are always in the Base64 encoded format. • The expiration time for messages stored in the Queue service is seven days. After seven days, the messages are garbage-collected. A queue is a logical destination for sending messages. There can be any number of queues in an account in the Queue service. A queue stores messages and makes them available to applications via the REST API. Queues can have metadata in the form of name-value pairs up to 8KB in size per queue.


Queue Operations.

Message Operations


Q7)Write short note on a) payment card industry-data security standards – PCIDSS Answer The Payment Card Industry (PCI) has a Data Security Standard (PCI-DSS) that’s administered by the PCI Security Standards Council (PCI-SSC), whose five founding members are American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. PCI-DSS v1.2 defines the Control Objectives and Requirements for Compliance for merchants that process, store. or transmit payment cardholder data shown in the following table:

The preceding requirements apply only to merchants who store a cardholder’s Primary Account Number, which usually is 16 digits in length. If the merchant uses a payment gateway organization, which eliminates the need for the merchant to process payment card transactions, the requirements don’t apply.

PCI’s Self-Assessment Questionnaire (SAQ)

The PCI provides merchants who aren’t required to undergo an onsite data security assessment by a Qualified Security Assessor (QSA) with Self-Assessment Questionnaire (SAQ), which is a validation tool that’s intended to assist merchants and service providers in self-evaluating their compliance with the PCI DSS.The Stores that use a secure payment gateway that’s recognized by the major payment-card firms to handle credit card transactions don’t process, store, or transmit any credit card information on the servers; nor do they have access to payment card ID numbers. Such merchants can use SAQ Validation Type 1 and SAQ version A, which only requires certification that

❑ Merchant does not store, process, or transmit any cardholder data on merchant premises but


relies entirely on third-party service provider(s) to handle these functions.

❑ The third party service provider(s) handling storage, processing, and/or transmission of

Cardholder data is confirmed to be PCI DSS compliant.

❑ Merchant does not store any cardholder data in electronic format.

The following table lists the five SAQ validation types, their descriptions, and the applicable SAQ version.

b)SQL Azure SQL Azure is Microsoft’s relational database service in the cloud. Any enterprise application, either cloud or on-premises, is incomplete without the support of a backend database. SQL Azure provides high availability to your databases out of the box. At any point in time, SQL Azure maintains three replicas of your databases in the cloud. If one replica fails, SQL Azure automatically creates a new one to maintain three replicas available at any point in time. SQL Azure is based on the Microsoft SQL Server relational database engine. SQL Server is Microsoft’s relational database, which is used by enterprises in their on-premises systems and also offered as a hosted service by database hosting providers. With the launch of SQL Azure, Microsoft aims to offer a cloud relational database as a service for on-premises and cloud applications.

SQL Azure Architecture SQL Azure is a scalable and highly available database utility service in the cloud. Like all other Windows Azure services, it runs in Microsoft data centers around the world. The data center infrastructure provides the SQL Azure service with load balancing, failover and replication capabilities. Figure 9-1 illustrates the high-level SQL Azure architecture.


Infrastructure Layer The infrastructure layer is the supporting layer providing administration of hardware and operating systems required by the services layer. Platform Layer The platform layer consists of the SQL Server instances and the SQL Azure fabric, and Management services. The SQL Server instances represent the deployed databases, their replicas, and the operating system instances that host the SQL Server instances. Services Layer The services layer comprises external (customer) facing machines and performs as a gateway to the platform layer Client Layer The client layer is the only layer that runs outside of the Microsoft data center. The client layer doesn’t include any SQL Azure–specific components; instead, it uses all the existing features of SQL Server client components like ADO.NET, ODBC, Visual Studio.NET, SQL Server Management Studio, ADO.NET Data Services, and so on.

All the Best

Paper Solution December 2011 A) Surveying role of Cloud ... Paper Solution.pdfCloud computing is...

Documents

Transcript of Paper Solution December 2011 A) Surveying role of Cloud ... Paper Solution.pdfCloud computing is...