Cloud Application Assessment Toolkit - IDRBT KUMAR_Cloud... · Cloud Application Assessment Toolkit...
Transcript of Cloud Application Assessment Toolkit - IDRBT KUMAR_Cloud... · Cloud Application Assessment Toolkit...
1
Cloud Application Assessment Toolkit
NAVEEN KUMAR
B.Tech (3rd Year)
INDIAN INSTITUTE OF TECHNOLOGY,ROPAR
EMAIL:
Project Guide
Dr. Shakti Mishra
Assistant Professor
IDRBT, Hyderabad
2
INSTITUTE OF DEVELOPMENT AND RESEARCH IN BANKING TECHNOLOGY (IDRBT) ROAD NO. 1, CASTLE HILLS, MASAB TANK,
HYDERABAD-500057
CERTIFICATE
This is to certify that Mr. Naveen Kumar, pursuing B.Tech course at Indian
Institute of Technology, Ropar in Computer Science and Engineering(CSE) has
undertaken a project as an intern at IDRBT, Hyderabad from May 13, 2013 to
July 13, 2013.
He was assigned the project “Cloud Application Assessment Toolkit” under my
guidance.
I wish him all the best for all his endeavours.
Dr. Shakti Mishra (Project Guide)
Assistant Professor IDRBT, Hyderabad
3
Acknowledgment
I express my deep sense of gratitude to my Guide Dr. Shakti Mishra, Assistant
Professor, IDRBT for giving me an opportunity to do this project in the Institute for
development and research in Banking Technology and providing all the support and
guidance needed which made me complete the project on time.
I am thankful to colleagues Bonani Hazarika and Anubhav Garg who took keen
interest in my project work and guided me all along till the completion of my project
work by providing me all the necessary information.
I am also thankful to IIT Ropar, for giving me this golden opportunity to work in a
high-end research institute like IDRBT.
Naveen Kumar B.Tech (3rd Year)
IIT - Ropar
4
Contents 1. Introduction..............................................................................................................................5
1.1. Cloud Computing Models............................................................................................6
1.2. Types of Cloud Computing environments...........................................................6
1.3. Cloud Computing Benefits..........................................................................................8
1.4. Cloud Computing Challenge......................................................................................9
2. Project Description...............................................................................................................10
2.1. Related Cloud Assessment Toolkit.............................................................................11
3. Cloud Application Assessment Toolkit: Description...............................................13
3.1. Business Value.................................................................................................................13
3.2. Technology Readiness.................................................................................................15
3.3. Operational Risk.............................................................................................................16
4. Implementation Details..................................................... .................................................17 4.1. Implementation Environment Details...................................................................17
4.2. Implementation Procedure......... ............................................................................17
5. Conclusion........................................................................................................................ . ......28
6. References.......................................................................................................................... ......29
5
Chapter 1
Introduction Cloud computing is the delivery of computing services over the Internet. Cloud services allow individuals and businesses to use software and hardware that are managed by third parties at remote locations. Examples of cloud services include online file storage, social networking sites, webmail, and online business applications. The cloud computing model allows access to information and computer resources from anywhere that a network connection is available. Cloud computing provides a shared pool of resources, including data storage, space, networks, computer processing power, and specialized corporate and user applications.
Figure 1 Conceptual view of cloud computing
6
1.1. Cloud Computing Models Cloud Providers offer services that can be grouped into three categories.
• Software as a Service (SaaS) In this model, a complete application is offered to the customer, as a service on demand. A single instance of the service runs on the cloud & multiple end users are serviced. On the customers‟ side, there is no need fo r upfront investment or software licenses, while for the provider, the costs are lowered, since only a single application needs to be hosted & maintained. Today SaaS is offered by companies such as Google, Sales force, Microsoft, Zoho , etc.
• Platform as a Service (Paas) Here, a layer of software or development environment is encapsulated & offered as a service, upon which other higher levels of service can be built. The customer has the freedom to build his own applications, which run on the provider’s infrastructure. To meet manageability and scalability requirements of the applications, PaaS providers offer a predefined combination of OS and application servers, such as LAMP platform (Linux, Apache, MySql and PHP), restricted J2EE, Ruby etc. Google’s App Engine, Force.com, etc are some of the popular PaaS examples.
• Infrastructure as a Service (Iaas) IaaS provides basic storage and computing capabilities as standardized services over the network. Servers, storage systems, networking equipment, data centre space etc. are pooled and made available to handle workloads. The customer would typically deploy his own software on the infrastructure. Some common examples are Amazon, GoGrid, 3 Tera, etc.
1.2. Types of Cloud Computing environments The cloud computing environment can consist of multiple types of clouds based on their deployment and usage
• Public Cloud A public cloud uses externally-owned resources from third-party service providers and is accessed through a subscription over the internet.
Advantages A public cloud offers the following advantages:
• Elasticity o Use what user need. o Turn off (and stop paying for) resources that are unused. o Add or change functionality without impacting existing functionality.
• High scalability o Access the public cloud’s limitless resources.
7
Disadvantages A public cloud offers the following disadvantages: • Lower degree of security, control, and technology
o Data is hosted off-site. Customers with sensitive data requirements might not be able to use the service
o Systems are hosted off-site. Although many safeguards and features help ensure that services keep running, control is limited with respect to what user can and cannot do with his systems.
• Highest long-term cost o A public cloud offering is the most expensive choice for handling a base
(predictable) workload. User is essentially renting the infrastructure fully.
• Private Cloud With a private cloud, data is stored on site at the company. In addition, although services and resources are delivered through a network, these services and resources are generally accessible only through a private company intranet.
Advantages A private cloud offers the following advantages: • Highest degree of security, control, and technology customization
o Data stored locally, systems run locally o Restrict access easily o Start and stop resources
• Capitalize on unused hardware o Virtualization allows pool resources to be adapted for changing Environments. o Savings can be gained by reducing the number of inactive hardware
Instances .
Disadvantages A private cloud offers the following disadvantages:
• Limited scalability o Can scale only within the capacity of internal hosted resources
• Inflexible pricing o Highest upfront cost o Resource use is less efficient if supply is greater than demand o Hardware must be purchased before meeting any demand
• Community Cloud
Infrastructure is shared by several organizations and supports a specific community that has shared concerns.
Advantages
A community cloud offers the following advantages: • The community cloud provides the advantages of the private cloud, without its
heavy costs. • Economies of scale are achieved, as multiple organizations partner together.
8
• It is similar to the public cloud, however, it provide complete control over which companies user share resources with.
Disadvantages • Multiple users and access points must remain under tight control.
• Hybrid Cloud
A hybrid cloud deployment is a cloud solution that is built on a base that uses a private cloud infrastructure backbone. It incorporates additional resources as needed from a public cloud infrastructure.
Advantages
A hybrid cloud offers the following advantages: • Base workload requirements are met with the highest degree of reliability • Ability to respond to increasing workloads by using additional public cloud
Resources • Ability to fall back on private cloud resources if public cloud resources are not
available • Additional layer of disaster recovery when applications and data are in both
the private and public cloud, allowing for failover
Disadvantages A hybrid cloud offers the following disadvantages:
• An increased complexity in application programming due to the need to create interfaces and automation scripts for both private and public cloud infrastructure, and then integrating them in a seamless manner
• Data communication between the private and public cloud infrastructure will not be optimal due to geographical discrepancies
1.3. Cloud Computing Benefits
Enterprises would need to align their applications, so as to exploit the architecture models that Cloud Computing offers. Some of the typical benefits are listed below:
• Reduced Cost
The billing model is pay as per usage; the infrastructure is not purchased thus lowering maintenance. Initial expense and recurring expenses are much lower than traditional computing.
• Increased Storage
With the massive Infrastructure that is offered by Cloud providers today, storage & maintenance of large volumes of data is a reality. Sudden workload spikes are also managed effectively & efficiently, since the cloud can scale dynamically.
9
• Flexibility Cloud computing stresses on getting applications to market very quickly, by using the most appropriate building blocks necessary for deployment.
1.4. Cloud Computing Challenges
• Security and Privacy The fact that the valuable enterprise data will reside outside the corporate firewall raises serious concerns. Hacking and various attacks to cloud infrastructure would affect multiple clients even if only one site is attacked. These risks can be mitigated by using security applications, encrypted file systems, data loss software, and buying security hardware to track unusual behaviour across servers
• Service Delivery and Billing
It is difficult to assess the costs involved due to the on-demand nature of the services. Budgeting and assessment of the cost will be very difficult unless the provider has some good and comparable benchmarks to offer. The service-level agreements (SLAs) of the provider are not adequate to guarantee the availability and scalability. Businesses will be reluctant to switch to cloud without a strong service quality guarantee.
• Regulatory and Compliance Restrictions
In some of the European countries, Government regulations do not allow customer's personal information and other sensitive information to be physically located outside the state or country. In order to meet such requirements, cloud providers need to setup a data centre or a storage site exclusively within the country to comply with regulations. Having such an infrastructure may not always be feasible and is a big challenge for cloud providers.
10
Chapter 2
Project Description Cloud Application Assessment Toolkit is an agent less, automated, multi-product planning and assessment tool for banks. The toolkit provides assessment report on whether a given application is suitable to be included in cloud. Not every application can be hosted on cloud platform.
The toolkit measures the suitability of application on following three parameters:-
• Business Value : It determines whether the cloud hosted application would make any business impact or not
• Technological Readiness : It verifies that the application has been coded/ programmed for elasticity or not, or whether technology used in developing the application is robust or not
• Operational Risk: It identifies the risks associated with application.
The tool takes all three parameters into consideration before giving out the results. A result is generated in the form of radar chart where each application performance is compared with already set benchmarks. The tool also allows user to download the report for application, although it can be generalized to test any application for cloud environment, the tool has been designed to assess the banks application for IDRBT Community Cloud.
11
2.1 Related Cloud Assessment Toolkit
There are many toolkits available for the use of different purposes, some of them are given below:
• Microsoft Assessment and Planning (MAP) Toolkit for Microsoft Private Cloud Fast Track is an agent less inventory, assessment, and reporting tool that can securely assess IT environments for various platform migrations—including Windows 8, Windows 7, Office 2010 and Office 365, Windows Server 2012 and Windows 2008 R2, SQL Server 2012, Hyper-V, Microsoft Private Cloud Fast Track, and Windows Azure.
Figure 2 Microsoft Assessment and Planning (MAP) Toolkit
13
Chapter 3
Cloud Application Assessment Toolkit: Description
Cloud Application Assessment Toolkit is implemented in php, html, Mysql and Javascript. It is an interactive, easy-to-use survey that consists of some questions. The questions are designed to obtain information about Bank IT infrastructure and the requirement for the application.
Cloud Application Assessment Toolkit considers three parameters to measure the suitability of application. These factors are as follow:
• Business Value • Technology Readiness • Operational Risk
Each of these parameter contains sub-factors in which user is required to give information related to them. Toolkit will give some score to each option which the user chooses, then it will add all the score of sub-factors which the user chooses, to calculate the above parameters. The Toolkit will compare the value of each parameter which its benchmark values. The user then analyse the suitability of application to be hosted on cloud by seeing the results.
The above parameters and sub-factors are described in details as follows:
3.1. Business Value
S.No Sub Factors Description Options Score 1. Cloud Platform Which type of service is required
by application. Since IDRBT cloud provides IaaS, So if app also want IaaS then more score is given to it
• IaaS • PaaS • SaaS
Iaas : 9 Pass : 6 SaaS : 3
2. Virtualization Environment
How much percentage of virtualization is needed by application. If it required more virtualization then more score is given. Since cloud needs virtualization.
• 0 – 25 • 26 – 50 • 51 – 75 • 75 -100
0 – 25 : 2 26 – 50 : 4 51 – 75 : 6 75 -100 : 9
14
3 Benefits from Cloud Platform
User will like to select what type of benefits he will gain by using Cloud platform.
• Flexibility • Large storage
volume • Disaster
recovery • Data centre
pressure • Standardization
No score is given to any option
4 Public/External World Facing
Application is design for internal use or external. If it is design for internal use than more score is given to it
• Yes • No
Yes : 1 No : 9
5. Application Development and Maintenance Environment
In which phase the application is gone through before using it.
• Dev+Test+UAT • Dev + Test • Dev + UAT • Test + UAT • UAT
Dev+Test+UAT: 9 Test+ UAT: 8 Dev + Test : 6 UAT : 7 Dev + UAT: 5
6 Project Management Methodology
If the application is develop by following any methodology then toolkit will give more score to it
• Yes • No
Yes : 9 No : 1
7. Alternate Device support
Which devices support the application. If there is no alternate device then score is more
• Smart Phone • Tablets Pc’s • Other Device • None
None : 9
8 Elasticity Expectation
How much percentage of elasticity is handle by application. If it handle more elasticity then toolkit gives more score to it because elasticity is one of the characteristic of cloud
• 0 – 25 • 26 – 50 • 51 – 75 • 75 -100
0 – 25 : 2 26 – 50 : 4 51 – 75 : 6 75 -100 : 9
9 Application Contact
To whom IDBRT will make contact if there is any problem occur in application
Mr/Mrs…Bank's contact
No score
15
3.2 Technology Readiness
S. No Sub factors Description Options Score
1. Application Criticality
If the application is more critical means that it cannot withstand large number of users at a same time. Low score is given if criticality is high
• High • Medium • Low
High : 1 Medium :5 Low : 9
2 Application purpose
Application is made for online transaction or for Data warehouse (DWH) purpose. Toolkit gives less score for online transaction because of security issues
• OLTP • Structured /
Unstructured (DWH)
• Social Media Tool
OLTP : 1 DWH : 5 Social Media tool: 2
3. Application Platform
For what type of platform application is made. If it is web based , then more score will be given to it
• Web Based • Client Server • Compute
Intensive
Web Based : 9 Client Server : 5 Compute Intensive:1
4 Application Stack
Types of platform or software require to develop application
• Java • Microsoft • Vendor • Others
No score
5 Application Database
Database used by application • Oracle • SQL Server • Sybase • Others
No score
6 Application generated Emails
Tool gives less score if application generates Emails because of complexity involve
• Yes • No
Yes : 4
No : 9
7 TCO (Total Cost)
TCO = Capital Expenditure + Operational Expenditure +
Overhead
Rs........ No score
8 Maintenance Window (between hrs)
It is time designated in advance during which preventive maintenance that could cause disruption of service may be performed
......... minutes No score
16
3.3 Operational Risk
S.No Sub factors Description Options Score
1. Security threats, vulnerabilities, issues
If there is history of security threats, vulnerabilities or any issues in application then tool gives less score to it
• Very Often • Sometimes • Rarely • Never
Never : 8
2. Encryption of data in place
If application store encrypted data then tool gives less score to it because of complexity
• Yes • No
Yes : 1 No : 6
3. Sensitivity of the data
If the data is public then it is more sensitive than if it is restricted
• Public • Internal Use • Confidential • Restricted
Public : 9 Internal Use: 7 Confidential : 5 Restricted : 4
4. Identity Management
Methods used by application for authentication , if authenticated method is less secure than there is a chances of risk
• Active Directory based/SSO
• User Id/Password
• PKI enabled • Biometrics
Active Directory based : 9 User Id/Password : 7 PKI enabled : 5 Biometric :2
5. Firewalls and perimeter security
If there firewalls and other securities perimeter than application is more secure.
• Yes • No
Yes : 9 No : 1
6. Plan exists for patching, updating and securing
If there exists a plan for patching, updating and securing (including anti-virus) in application ,then more score is given
• Yes • No
Yes : 9 No : 1
7. Business Continuity plan
It identifies an organization's exposure to internal and external threats and synthesizes hard and soft assets to provide effective prevention and recovery for the organization, if it is implemented then more score it given
• Yes • No
Yes : 9 No : 1
8. Hardware/OS/Application Monitoring Tools
It package the collected data into simplified charts and graphs from which administrators can easily determine priority actions to take. If it exists then toolkit gives more score to it
• Yes • No
Yes : 9 No : 1
9 System Images existence
If it exists then more score is given • Yes • No
Yes : 9 No : 1
17
Chapter 4
Implementation Details 4.1 Implementation Environment Details
The toolkit is being implemented using following web - designing language and tools: • php • Javascript • phpMyadmin • Html5 • CSS
4.2 Implementation Procedure
Figure 4. Flow Diagram of Toolkit Implementation
18
User can use the toolkit by following these steps
Step 1 File Name : register.php
The user first creates his account on toolkit by registering himself. User has to give Bank’s name, Application Name, his First Name, Last Name, Email Address, Password, RePassword.
Buttons :
• register : After filling the information the User click on register button to create his account.
• Cancel : By clicking on Cancel button, User will go to Sign In page
Link: • Sign In : User can go to Sign In page by clicking on Sign In link
Figure 5. Register Page
Step 2 File Name : 1Cloud.php
Users can Sign Up by entering his Email-address in username and password in password field .After Sign In user will go to home page of toolkit
Button : • SignIn : After entering the Username and password, User click on SignIn button to
go to home page • Register : User can go to register page and make his account
19
Figure 6. Sign Up Page
Step 3 File Name : home.php
This page give the brief introduction about the cloud assessment toolkit.
Link : • Start Assessment: User can go to general page after clicking it.
Figure 7. Home Page
20
Step 4 File Name : general.php
The user is required to give the information about the IT infrastructure which he want from cloud service provider
Button • NEXT: By clicking NEXT button all the information of this page is stored in
database and user will go to business page.
Figure 8. General IT Infrastructure Page
Step 5 File Name : bussiness.php
The user will give answer of some question related to its application requirement. Button:
• NEXT: By clicking NEXT button all the information of this page is stored in database to calculate the business value and user will go to technology page.
21
Figure 9. Business Page
Step 6 File Name : technology.php
The user will give answer of some question related to its application requirement. Button:
• NEXT: By clicking NEXT button all the information of this page is stored in database to calculate the technology readiness and user will go to operation page.
22
Figure 10. Technology Page
Step 7 File Name : operation.php
The user will give answer of some question related to its application requirement. Button:
• NEXT: By clicking NEXT button all the information of this page is stored in database to calculate the business value and user will go to technology page.
23
Figure 11. Operational Risk Page
Step 8 File Name : output.php
In this page the user can see his assessment i.e. business value, technology readiness and operational risk value along with the benchmark value.
Link:
• Download Your Application Assessment: By clicking it user can download the assessment report .The report consist of assessment value and radar chart. User can compare these values with benchmark values
24
Figure 12. Output Page
Step 9 File Name : myassessment.php
User can see Sub Factors of each of the parameter he chooses while assessing application
Button: • Submit: User can enter the same name which he enter in the customer name
field in general page and select the categories which he wanted to see. After clicking on submit a table will be displayed showing the options he choose
25
Figure 13. My assessment Page
Step 10 File Name : myinformation.php
User can see account information i.e. Bank’ name, Application Name, Email id, First name and Last Name which he enter at the time of registrations.
26
Figure 14. Information Page
Step 11 File Name : signout.php
User can Sign Out from the toolkit .
Link : • Sign In: User can go to Sign up page after clicking this link.
Figure 15. Sign Out Page
27
Assessment Report
User can download assessment report from output page. The report contains the radar chart
Figure 16. Radar Chart
28
5. Conclusion
Cloud Computing is an emerging technology. The benefits derived from this new trend are flexibility, elasticity, agility, cost reduction; hassle free operations are enough to leverage this technology for the BFST sector. To test the applications of BFSI sector whether these are suitable for Cloud or not, we have developed and designed Cloud Application Assessment Toolkit.
Bank’s can use this Toolkit to measure the suitability of application to be hosted on IDRBT cloud. The toolkit has been designed to measure the suitability of application by considering the three parameters i.e. business value, technology readiness and operational risk. A result is generated in the form of radar chart where each application performance is compared with already set benchmarks. The tool also allows user to download the report for application, although it can be generalized to test any application for cloud environment.
29
6. References
[1] http://blog.appcore.com/blog/bid/167543/Types-of-Cloud-Computing-Private-Public-and-Hybrid-Clouds
[2]http://www.solarwinds.com/it-management-glossary/what-are-application-monitoring-tools.aspx
[3] http://www.pcmag.com/encyclopedia/term/37932/application-stack
[4] http://en.wikipedia.org/wiki/Maintenance_window
[5] http://www.dummies.com/how-to/content/cloud-computing-models.html
[6] http://en.wikipedia.org/wiki/Maintenance_window
[7] http://www.dummies.com/how-to/content/cloud-computing-models.html
[8] http://technet.microsoft.com/en-us/solutionaccelerators/hh324976.aspx
[9] http://www.cloudassessmenttool.com/
[10] http://cloudassessment.cloudapp.net/Account/Welcome?ReturnUrl=%2f