1

Cloud Application Assessment Toolkit

NAVEEN KUMAR

B.Tech (3rd Year)

INDIAN INSTITUTE OF TECHNOLOGY,ROPAR

EMAIL:

naveenkm@iitrpr.ac.in

Project Guide

Dr. Shakti Mishra

Assistant Professor

IDRBT, Hyderabad

2

INSTITUTE OF DEVELOPMENT AND RESEARCH IN BANKING TECHNOLOGY (IDRBT) ROAD NO. 1, CASTLE HILLS, MASAB TANK,

HYDERABAD-500057

CERTIFICATE

This is to certify that Mr. Naveen Kumar, pursuing B.Tech course at Indian

Institute of Technology, Ropar in Computer Science and Engineering(CSE) has

undertaken a project as an intern at IDRBT, Hyderabad from May 13, 2013 to

July 13, 2013.

He was assigned the project “Cloud Application Assessment Toolkit” under my

guidance.

I wish him all the best for all his endeavours.

Dr. Shakti Mishra (Project Guide)

Assistant Professor IDRBT, Hyderabad

3

Acknowledgment

I express my deep sense of gratitude to my Guide Dr. Shakti Mishra, Assistant

Professor, IDRBT for giving me an opportunity to do this project in the Institute for

development and research in Banking Technology and providing all the support and

guidance needed which made me complete the project on time.

I am thankful to colleagues Bonani Hazarika and Anubhav Garg who took keen

interest in my project work and guided me all along till the completion of my project

work by providing me all the necessary information.

I am also thankful to IIT Ropar, for giving me this golden opportunity to work in a

high-end research institute like IDRBT.

Naveen Kumar B.Tech (3rd Year)

IIT - Ropar

4

Contents 1. Introduction..............................................................................................................................5

1.1. Cloud Computing Models............................................................................................6

1.2. Types of Cloud Computing environments...........................................................6

1.3. Cloud Computing Benefits..........................................................................................8

1.4. Cloud Computing Challenge......................................................................................9

2. Project Description...............................................................................................................10

2.1. Related Cloud Assessment Toolkit.............................................................................11

3. Cloud Application Assessment Toolkit: Description...............................................13

3.1. Business Value.................................................................................................................13

3.2. Technology Readiness.................................................................................................15

3.3. Operational Risk.............................................................................................................16

4. Implementation Details..................................................... .................................................17 4.1. Implementation Environment Details...................................................................17

4.2. Implementation Procedure......... ............................................................................17

5. Conclusion........................................................................................................................ . ......28

6. References.......................................................................................................................... ......29

5

Chapter 1

Introduction Cloud computing is the delivery of computing services over the Internet. Cloud services allow individuals and businesses to use software and hardware that are managed by third parties at remote locations. Examples of cloud services include online file storage, social networking sites, webmail, and online business applications. The cloud computing model allows access to information and computer resources from anywhere that a network connection is available. Cloud computing provides a shared pool of resources, including data storage, space, networks, computer processing power, and specialized corporate and user applications.

Figure 1 Conceptual view of cloud computing

6

1.1. Cloud Computing Models Cloud Providers offer services that can be grouped into three categories.

• Software as a Service (SaaS) In this model, a complete application is offered to the customer, as a service on demand. A single instance of the service runs on the cloud & multiple end users are serviced. On the customers‟ side, there is no need fo r upfront investment or software licenses, while for the provider, the costs are lowered, since only a single application needs to be hosted & maintained. Today SaaS is offered by companies such as Google, Sales force, Microsoft, Zoho , etc.

• Platform as a Service (Paas) Here, a layer of software or development environment is encapsulated & offered as a service, upon which other higher levels of service can be built. The customer has the freedom to build his own applications, which run on the provider’s infrastructure. To meet manageability and scalability requirements of the applications, PaaS providers offer a predefined combination of OS and application servers, such as LAMP platform (Linux, Apache, MySql and PHP), restricted J2EE, Ruby etc. Google’s App Engine, Force.com, etc are some of the popular PaaS examples.

• Infrastructure as a Service (Iaas) IaaS provides basic storage and computing capabilities as standardized services over the network. Servers, storage systems, networking equipment, data centre space etc. are pooled and made available to handle workloads. The customer would typically deploy his own software on the infrastructure. Some common examples are Amazon, GoGrid, 3 Tera, etc.

1.2. Types of Cloud Computing environments The cloud computing environment can consist of multiple types of clouds based on their deployment and usage

• Public Cloud A public cloud uses externally-owned resources from third-party service providers and is accessed through a subscription over the internet.

Advantages A public cloud offers the following advantages:

• Elasticity o Use what user need. o Turn off (and stop paying for) resources that are unused. o Add or change functionality without impacting existing functionality.

• High scalability o Access the public cloud’s limitless resources.

7

Disadvantages A public cloud offers the following disadvantages: • Lower degree of security, control, and technology

o Data is hosted off-site. Customers with sensitive data requirements might not be able to use the service

o Systems are hosted off-site. Although many safeguards and features help ensure that services keep running, control is limited with respect to what user can and cannot do with his systems.

• Highest long-term cost o A public cloud offering is the most expensive choice for handling a base

(predictable) workload. User is essentially renting the infrastructure fully.

• Private Cloud With a private cloud, data is stored on site at the company. In addition, although services and resources are delivered through a network, these services and resources are generally accessible only through a private company intranet.

Advantages A private cloud offers the following advantages: • Highest degree of security, control, and technology customization

o Data stored locally, systems run locally o Restrict access easily o Start and stop resources

• Capitalize on unused hardware o Virtualization allows pool resources to be adapted for changing Environments. o Savings can be gained by reducing the number of inactive hardware

Instances .

Disadvantages A private cloud offers the following disadvantages:

• Limited scalability o Can scale only within the capacity of internal hosted resources

• Inflexible pricing o Highest upfront cost o Resource use is less efficient if supply is greater than demand o Hardware must be purchased before meeting any demand

• Community Cloud

Infrastructure is shared by several organizations and supports a specific community that has shared concerns.

Advantages

A community cloud offers the following advantages: • The community cloud provides the advantages of the private cloud, without its

heavy costs. • Economies of scale are achieved, as multiple organizations partner together.

8

• It is similar to the public cloud, however, it provide complete control over which companies user share resources with.

Disadvantages • Multiple users and access points must remain under tight control.

• Hybrid Cloud

A hybrid cloud deployment is a cloud solution that is built on a base that uses a private cloud infrastructure backbone. It incorporates additional resources as needed from a public cloud infrastructure.

Advantages

A hybrid cloud offers the following advantages: • Base workload requirements are met with the highest degree of reliability • Ability to respond to increasing workloads by using additional public cloud

Resources • Ability to fall back on private cloud resources if public cloud resources are not

available • Additional layer of disaster recovery when applications and data are in both

the private and public cloud, allowing for failover

Disadvantages A hybrid cloud offers the following disadvantages:

• An increased complexity in application programming due to the need to create interfaces and automation scripts for both private and public cloud infrastructure, and then integrating them in a seamless manner

• Data communication between the private and public cloud infrastructure will not be optimal due to geographical discrepancies

1.3. Cloud Computing Benefits

Enterprises would need to align their applications, so as to exploit the architecture models that Cloud Computing offers. Some of the typical benefits are listed below:

• Reduced Cost

The billing model is pay as per usage; the infrastructure is not purchased thus lowering maintenance. Initial expense and recurring expenses are much lower than traditional computing.

• Increased Storage

With the massive Infrastructure that is offered by Cloud providers today, storage & maintenance of large volumes of data is a reality. Sudden workload spikes are also managed effectively & efficiently, since the cloud can scale dynamically.

9

• Flexibility Cloud computing stresses on getting applications to market very quickly, by using the most appropriate building blocks necessary for deployment.

1.4. Cloud Computing Challenges

• Security and Privacy The fact that the valuable enterprise data will reside outside the corporate firewall raises serious concerns. Hacking and various attacks to cloud infrastructure would affect multiple clients even if only one site is attacked. These risks can be mitigated by using security applications, encrypted file systems, data loss software, and buying security hardware to track unusual behaviour across servers

• Service Delivery and Billing

It is difficult to assess the costs involved due to the on-demand nature of the services. Budgeting and assessment of the cost will be very difficult unless the provider has some good and comparable benchmarks to offer. The service-level agreements (SLAs) of the provider are not adequate to guarantee the availability and scalability. Businesses will be reluctant to switch to cloud without a strong service quality guarantee.

• Regulatory and Compliance Restrictions

In some of the European countries, Government regulations do not allow customer's personal information and other sensitive information to be physically located outside the state or country. In order to meet such requirements, cloud providers need to setup a data centre or a storage site exclusively within the country to comply with regulations. Having such an infrastructure may not always be feasible and is a big challenge for cloud providers.

10

Chapter 2

Project Description Cloud Application Assessment Toolkit is an agent less, automated, multi-product planning and assessment tool for banks. The toolkit provides assessment report on whether a given application is suitable to be included in cloud. Not every application can be hosted on cloud platform.

The toolkit measures the suitability of application on following three parameters:-

• Business Value : It determines whether the cloud hosted application would make any business impact or not

• Technological Readiness : It verifies that the application has been coded/ programmed for elasticity or not, or whether technology used in developing the application is robust or not

• Operational Risk: It identifies the risks associated with application.

The tool takes all three parameters into consideration before giving out the results. A result is generated in the form of radar chart where each application performance is compared with already set benchmarks. The tool also allows user to download the report for application, although it can be generalized to test any application for cloud environment, the tool has been designed to assess the banks application for IDRBT Community Cloud.

11

2.1 Related Cloud Assessment Toolkit

There are many toolkits available for the use of different purposes, some of them are given below:

• Microsoft Assessment and Planning (MAP) Toolkit for Microsoft Private Cloud Fast Track is an agent less inventory, assessment, and reporting tool that can securely assess IT environments for various platform migrations—including Windows 8, Windows 7, Office 2010 and Office 365, Windows Server 2012 and Windows 2008 R2, SQL Server 2012, Hyper-V, Microsoft Private Cloud Fast Track, and Windows Azure.

Figure 2 Microsoft Assessment and Planning (MAP) Toolkit

12

• VMware vCloud Architecture Toolkit (vCAT)

Figure 3 VMware VCloud Architecture Toolkit

13

Chapter 3

Cloud Application Assessment Toolkit: Description

Cloud Application Assessment Toolkit is implemented in php, html, Mysql and Javascript. It is an interactive, easy-to-use survey that consists of some questions. The questions are designed to obtain information about Bank IT infrastructure and the requirement for the application.

Cloud Application Assessment Toolkit considers three parameters to measure the suitability of application. These factors are as follow:

• Business Value • Technology Readiness • Operational Risk

Each of these parameter contains sub-factors in which user is required to give information related to them. Toolkit will give some score to each option which the user chooses, then it will add all the score of sub-factors which the user chooses, to calculate the above parameters. The Toolkit will compare the value of each parameter which its benchmark values. The user then analyse the suitability of application to be hosted on cloud by seeing the results.

The above parameters and sub-factors are described in details as follows:

3.1. Business Value

S.No Sub Factors Description Options Score 1. Cloud Platform Which type of service is required

by application. Since IDRBT cloud provides IaaS, So if app also want IaaS then more score is given to it

• IaaS • PaaS • SaaS

Iaas : 9 Pass : 6 SaaS : 3

2. Virtualization Environment

How much percentage of virtualization is needed by application. If it required more virtualization then more score is given. Since cloud needs virtualization.

• 0 – 25 • 26 – 50 • 51 – 75 • 75 -100

0 – 25 : 2 26 – 50 : 4 51 – 75 : 6 75 -100 : 9

14

3 Benefits from Cloud Platform

User will like to select what type of benefits he will gain by using Cloud platform.

• Flexibility • Large storage

volume • Disaster

recovery • Data centre

pressure • Standardization

No score is given to any option

4 Public/External World Facing

Application is design for internal use or external. If it is design for internal use than more score is given to it

• Yes • No

Yes : 1 No : 9

5. Application Development and Maintenance Environment

In which phase the application is gone through before using it.

• Dev+Test+UAT • Dev + Test • Dev + UAT • Test + UAT • UAT

Dev+Test+UAT: 9 Test+ UAT: 8 Dev + Test : 6 UAT : 7 Dev + UAT: 5

6 Project Management Methodology

If the application is develop by following any methodology then toolkit will give more score to it

• Yes • No

Yes : 9 No : 1

7. Alternate Device support

Which devices support the application. If there is no alternate device then score is more

• Smart Phone • Tablets Pc’s • Other Device • None

None : 9

8 Elasticity Expectation

How much percentage of elasticity is handle by application. If it handle more elasticity then toolkit gives more score to it because elasticity is one of the characteristic of cloud

• 0 – 25 • 26 – 50 • 51 – 75 • 75 -100

0 – 25 : 2 26 – 50 : 4 51 – 75 : 6 75 -100 : 9

9 Application Contact

To whom IDBRT will make contact if there is any problem occur in application

Mr/Mrs…Bank's contact

No score

15

3.2 Technology Readiness

S. No Sub factors Description Options Score

1. Application Criticality

If the application is more critical means that it cannot withstand large number of users at a same time. Low score is given if criticality is high

• High • Medium • Low

High : 1 Medium :5 Low : 9

2 Application purpose

Application is made for online transaction or for Data warehouse (DWH) purpose. Toolkit gives less score for online transaction because of security issues

• OLTP • Structured /

Unstructured (DWH)

• Social Media Tool

OLTP : 1 DWH : 5 Social Media tool: 2

3. Application Platform

For what type of platform application is made. If it is web based , then more score will be given to it

• Web Based • Client Server • Compute

Intensive

Web Based : 9 Client Server : 5 Compute Intensive:1

4 Application Stack

Types of platform or software require to develop application

• Java • Microsoft • Vendor • Others

No score

5 Application Database

Database used by application • Oracle • SQL Server • Sybase • Others

No score

6 Application generated Emails

Tool gives less score if application generates Emails because of complexity involve

• Yes • No

Yes : 4

No : 9

7 TCO (Total Cost)

TCO = Capital Expenditure + Operational Expenditure +

Overhead

Rs........ No score

8 Maintenance Window (between hrs)

It is time designated in advance during which preventive maintenance that could cause disruption of service may be performed

......... minutes No score

16

3.3 Operational Risk

S.No Sub factors Description Options Score

1. Security threats, vulnerabilities, issues

If there is history of security threats, vulnerabilities or any issues in application then tool gives less score to it

• Very Often • Sometimes • Rarely • Never

Never : 8

2. Encryption of data in place

If application store encrypted data then tool gives less score to it because of complexity

• Yes • No

Yes : 1 No : 6

3. Sensitivity of the data

If the data is public then it is more sensitive than if it is restricted

• Public • Internal Use • Confidential • Restricted

Public : 9 Internal Use: 7 Confidential : 5 Restricted : 4

4. Identity Management

Methods used by application for authentication , if authenticated method is less secure than there is a chances of risk

• Active Directory based/SSO

• User Id/Password

• PKI enabled • Biometrics

Active Directory based : 9 User Id/Password : 7 PKI enabled : 5 Biometric :2

5. Firewalls and perimeter security

If there firewalls and other securities perimeter than application is more secure.

• Yes • No

Yes : 9 No : 1

6. Plan exists for patching, updating and securing

If there exists a plan for patching, updating and securing (including anti-virus) in application ,then more score is given

• Yes • No

Yes : 9 No : 1

7. Business Continuity plan

It identifies an organization's exposure to internal and external threats and synthesizes hard and soft assets to provide effective prevention and recovery for the organization, if it is implemented then more score it given

• Yes • No

Yes : 9 No : 1

8. Hardware/OS/Application Monitoring Tools

It package the collected data into simplified charts and graphs from which administrators can easily determine priority actions to take. If it exists then toolkit gives more score to it

• Yes • No

Yes : 9 No : 1

9 System Images existence

If it exists then more score is given • Yes • No

Yes : 9 No : 1

17

Chapter 4

Implementation Details 4.1 Implementation Environment Details

The toolkit is being implemented using following web - designing language and tools: • php • Javascript • phpMyadmin • Html5 • CSS

4.2 Implementation Procedure

Figure 4. Flow Diagram of Toolkit Implementation

18

User can use the toolkit by following these steps

Step 1 File Name : register.php

The user first creates his account on toolkit by registering himself. User has to give Bank’s name, Application Name, his First Name, Last Name, Email Address, Password, RePassword.

Buttons :

• register : After filling the information the User click on register button to create his account.

• Cancel : By clicking on Cancel button, User will go to Sign In page

Link: • Sign In : User can go to Sign In page by clicking on Sign In link

Figure 5. Register Page

Step 2 File Name : 1Cloud.php

Users can Sign Up by entering his Email-address in username and password in password field .After Sign In user will go to home page of toolkit

Button : • SignIn : After entering the Username and password, User click on SignIn button to

go to home page • Register : User can go to register page and make his account

19

Figure 6. Sign Up Page

Step 3 File Name : home.php

This page give the brief introduction about the cloud assessment toolkit.

Link : • Start Assessment: User can go to general page after clicking it.

Figure 7. Home Page

20

Step 4 File Name : general.php

The user is required to give the information about the IT infrastructure which he want from cloud service provider

Button • NEXT: By clicking NEXT button all the information of this page is stored in

database and user will go to business page.

Figure 8. General IT Infrastructure Page

Step 5 File Name : bussiness.php

The user will give answer of some question related to its application requirement. Button:

• NEXT: By clicking NEXT button all the information of this page is stored in database to calculate the business value and user will go to technology page.

21

Figure 9. Business Page

Step 6 File Name : technology.php

The user will give answer of some question related to its application requirement. Button:

• NEXT: By clicking NEXT button all the information of this page is stored in database to calculate the technology readiness and user will go to operation page.

22

Figure 10. Technology Page

Step 7 File Name : operation.php

The user will give answer of some question related to its application requirement. Button:

• NEXT: By clicking NEXT button all the information of this page is stored in database to calculate the business value and user will go to technology page.

23

Figure 11. Operational Risk Page

Step 8 File Name : output.php

In this page the user can see his assessment i.e. business value, technology readiness and operational risk value along with the benchmark value.

Link:

• Download Your Application Assessment: By clicking it user can download the assessment report .The report consist of assessment value and radar chart. User can compare these values with benchmark values

24

Figure 12. Output Page

Step 9 File Name : myassessment.php

User can see Sub Factors of each of the parameter he chooses while assessing application

Button: • Submit: User can enter the same name which he enter in the customer name

field in general page and select the categories which he wanted to see. After clicking on submit a table will be displayed showing the options he choose

25

Figure 13. My assessment Page

Step 10 File Name : myinformation.php

User can see account information i.e. Bank’ name, Application Name, Email id, First name and Last Name which he enter at the time of registrations.

26

Figure 14. Information Page

Step 11 File Name : signout.php

User can Sign Out from the toolkit .

Link : • Sign In: User can go to Sign up page after clicking this link.

Figure 15. Sign Out Page

27

Assessment Report

User can download assessment report from output page. The report contains the radar chart

Figure 16. Radar Chart

28

5. Conclusion

Cloud Computing is an emerging technology. The benefits derived from this new trend are flexibility, elasticity, agility, cost reduction; hassle free operations are enough to leverage this technology for the BFST sector. To test the applications of BFSI sector whether these are suitable for Cloud or not, we have developed and designed Cloud Application Assessment Toolkit.

Bank’s can use this Toolkit to measure the suitability of application to be hosted on IDRBT cloud. The toolkit has been designed to measure the suitability of application by considering the three parameters i.e. business value, technology readiness and operational risk. A result is generated in the form of radar chart where each application performance is compared with already set benchmarks. The tool also allows user to download the report for application, although it can be generalized to test any application for cloud environment.

29

6. References

[1] http://blog.appcore.com/blog/bid/167543/Types-of-Cloud-Computing-Private-Public-and-Hybrid-Clouds

[2]http://www.solarwinds.com/it-management-glossary/what-are-application-monitoring-tools.aspx

[3] http://www.pcmag.com/encyclopedia/term/37932/application-stack

[4] http://en.wikipedia.org/wiki/Maintenance_window

[5] http://www.dummies.com/how-to/content/cloud-computing-models.html

[6] http://en.wikipedia.org/wiki/Maintenance_window

[7] http://www.dummies.com/how-to/content/cloud-computing-models.html

[8] http://technet.microsoft.com/en-us/solutionaccelerators/hh324976.aspx

[9] http://www.cloudassessmenttool.com/

[10] http://cloudassessment.cloudapp.net/Account/Welcome?ReturnUrl=%2f