Hybrid Cloud Computing for Smiths Security: Benefits, Risks, and Controls

Verified

Added on 2023/06/03

AI Summary

This report recommends to Smiths Security to adopt the hybrid cloud technology because of the numerous benefits that the business will gain by implementing this technology. It discusses the various cloud architecture that can be used and their benefits, risks associated with hybrid cloud strategies, information security controls that the company can adopt to secure Hybrid cloud, recommend the various elements that should be included in the business continuity plan, discuss the various requirements that should be considered when conducting resource management, remote server administration, and SLA management, and the various steps that should be taken when migrating the services to the Amazon AWS hybrid cloud.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: HYBRID CLOUD COMPUTING
Hybrid Cloud Computing
Student Name
Institutional Affiliation

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

HYBRID CLOUD COMPUTING
Executive Summary
Smiths Security is a security firm that is located in Australia that deals with fire
monitoring services, armored vehicles, alarm monitoring, and security guards. The Smiths
Security Ltd is considering that data center in Sydney should be retained for sensitive data
and critical systems. The company’s concern for the need to consolidate monitoring centers
into one location is the issue of business continuity plan, disaster recover, and backup
strategies. This research recommends to Smith Security to adopt the hybrid cloud
technology because of the numerous benefits that the business will gain by implementing
this technology.
This report seeks to discuss the various cloud architecture that can be used and their
benefits, risks associated with hybrid cloud strategies, information security controls that the
company can adopt to secure Hybrid cloud, recommend the various elements that should
be included in the business continuity plan, discuss the various requirements that should be
considered when conducting resource management, remote server administration, and SLA
management, and the various steps that should be taken when migrating the services to the
Amazon AWS hybrid cloud
2

HYBRID CLOUD COMPUTING
Table of Contents
Executive Summary....................................................................................................................2
Introduction...............................................................................................................................4
Question 1a: Cloud Architectures..............................................................................................4
Workload Distribution Architecture......................................................................................5
Reason for deploying this architecture..............................................................................5
Resource Pooling Architecture..............................................................................................5
Reason for deploying this architecture..............................................................................5
Dynamic Scalability Architecture...........................................................................................6
Reason for deploying this architecture..............................................................................6
Question 1b: Benefits of Implementing these Architectures....................................................6
Question 2: Risks of Hybrid Cloud Strategy...............................................................................7
Question 3: Information Security Controls and Steps for Hybrid Clouds................................14
Question 4: Business Continuity Plan......................................................................................16
Question 5: Requirement Analysis...........................................................................................18
Remote Server Administration............................................................................................18
Resource Management........................................................................................................18
SLA Management.................................................................................................................19
Question no 6: Migration Steps...............................................................................................19
Question no 6 B: Critical Issues Associated with Migration....................................................21
Conclusion................................................................................................................................21
References................................................................................................................................22
3

HYBRID CLOUD COMPUTING
Introduction
Smiths Security is a firm located in Australia that deals with security businesses such
as fire monitoring services, armored vehicles, alarm monitoring, and security guards. The
head office is located in Sydney and has data center across all the major cities in Australia
such as Brisbane, Perth, Melbourne, Adelaide, and Sydney). Sydney office houses the main
data center. At every site there is 2 business application servers, one lotus notes email
server, one windows server 2003 running IIS web servers, one SQL server 2003, one active
directory domain controller, and windows server 2003 print server. Smith Security has not
updated its infrastructure for a very long time and only upgrading the server hardware and
the operating system won’t be of help according to Company IT management team. As such,
the team has recommended that all or some of the IT infrastructure be moved to the cloud.
However, they suggest hat the business application servers should not be moved.
The Smiths Security Ltd is considering that data center in Sydney should be retained
for sensitive data and critical systems. The company’s concern for the need to consolidate
monitoring centers into one location is the issue of business continuity plan, disaster
recover, and backup strategies. Additionally, they are planning to adopt the use of thin
clients to replace the normal staff computers and migrate SQL and web infrastructure to the
cloud in order to enhance availability and flexibility. This report seeks to discuss the various
cloud architecture that can be used and their benefits, risks associated with hybrid cloud
strategies, information security controls that the company can adopt to secure Hybrid cloud,
recommend the various elements that should be included in the business continuity plan,
discuss the various requirements that should be considered when conducting resource
management, remote server administration, and SLA management, and the various steps
that should be taken when migrating the services to the Amazon AWS hybrid cloud.
Question 1a: Cloud Architectures
In order to meet the various strategies, set out by the board, Smiths Security can
adopt the following cloud architecture:
4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

HYBRID CLOUD COMPUTING
Workload Distribution Architecture
This architecture is used to minimize underutilization and over utilization of the
information technology resources to a level which relies on run time logic and load
balancing algorithms sophistication (Erl, Mahmood, & Puttini, 2013).
Reason for deploying this architecture
The reason why this architecture is recommended is because it can be employed in
information technology resources that have workload distribution that is normally done in
to support cloud storage devices, distributed file servers, and cloud services (Halpert, 2013).
This architecture supports audit monitor which is very essential in run time workload
distribution and determining whether the information technology resources that processes
data meets the regulatory and legal requirements. Secondly. It supports monitoring the
cloud usage by tracking processing of data and run time workload (Margaret, 2018). Thirdly,
it supports replication of resources that can be used to generate virtualized IT resources
new instances to respond to the demands of distribution of run time workload. Another
reason why this architecture should be adopted is because it supports clustering of
resources in active mode to ensure that there is load balancing in the various cluster nodes.
Resource Pooling Architecture
This architecture depends utilization of one or more pools of resources where similar
information technology resources are put into one group and is maintained by a single
system that make sure that they are always synchronized. Since cloud providers can create
many pools for their applications or consumers, they tend to become more complex and as
such the need to have an architecture that will be able to address these complexities
(Norman, 2016). In order to enable the company to organize different requirements of
resource pooling, it is essential that a hierarchical structure be developed to create parent,
child, and nested pools.
Reason for deploying this architecture
This architecture enables creation of multiple instances that can be used to offer in-
memory pool of information technology resources that are “live”. Additionally, mechanisms
such as logical network perimeter, cloud usage, hypervisor, audit monitor, pay-per-use,
resources management, remoted administration system, resource replication, and resource
5

HYBRID CLOUD COMPUTING
management makes it very essential in hybrid cloud environment that Smiths Security
wants to adopt (Buyya, Vecchiola & Selvi, 2013).
Dynamic Scalability Architecture
This architecture depends on predefined scaling conditions that prompts information
technology resources to be allocated dynamically from resource pools. Allocating resources
dynamically facilitates variable utilization which is set out by the fluctuating demands
because the resources that are not being used are reclaimed efficiently without the need of
interacting manually (Hwang, Dongarra & Fox, 2013). This architecture ensures that
resources are loaded to the workload processing by automated scaling listener which has
been setup with workload thresholds.
Reason for deploying this architecture
One of the major reasons of adopting this architecture is the ability to provide the
logic for dictating the number of additional resources that should be provided dynamically.
Other crucial mechanisms that this architecture support include dynamic vertical and
horizontal scaling and dynamic resource relocation.
Question 1b: Benefits of Implementing
these Architectures
The three architectures will greatly benefit Smiths Security in various ways. The
ability of this architecture to manage resources, dynamically allocate them and scale to
meet business needs is of essence. Another benefit is cost where Smiths security will be
paying much less money because they only pay for what they have used (Rittinghouse &
Ransome, 2016). Additionally, no hardware computing architecture have to be procured and
monthly system review is removed. Secondly, these architectures have the best disaster
recovery techniques such that in case of any failures in the system it will use the shortest
time possible to recover to normalcy. Performance and speed offered by these architectures
are very high because of the ability to virtualize resources which could easily adopt the
company needs and objectives (Stokes, 2014).
These architecture supports dynamic flexibility and scalability which will allow Smiths
Security to move the new applications to the public cloud from private cloud for the
6

HYBRID CLOUD COMPUTING
purposes of testing. The ability to easily integrate with other system will allow the company
to access the data centres in different sites and provided the company with new
opportunities such as analytics that are not limited to business requirements.
Question 2: Risks of Hybrid Cloud Strategy
Hybrid Cloud risks Risk controls
Lack of encryption: transmissions of
networks are open to MitM (Man-in-the-
Middle) and eavesdropping attacks that
prevent shared authentication by
mimicking endpoints. Smiths Security
must encrypt data and communications
to prevent security intrusions.
 Protect transmissions from unplanned
intrusions with encrypted protocols
that encompass endpoint validation
 Apply a dependable VPN
 Utilize a dependable proxy server
 Use SS/TLS to encrypt all transmissions
to prevent interference of data off the
wire and control server validation
 Apply SSH (secure shell) network
tunnel protocol to transmit decrypted
traffic over a network
Insufficient evaluation of security risk:
failing to conduct a comprehensive risk
profiles of systems and IT infrastructure
hinders network administrators from
identifying where and how an attack has
happened or when it occurred (Sahmim
& Gharsellaoui, 2017). It becomes
challenging to prevent future breaches.
 Risk assessment and prevention must
be established
 Any malicious traffic should be scanned
using the IPS/IDS systems
 Activate log monitoring and constantly
update the current software
 A comprehensive approach is the best
method to manage network
organization security using a
dependable SIEM system. As such, all
Smiths Security data can be easily
trended and viewed.
Poor compliance: regarding compliance,
hybrid clouds need proper attention.
 The private cloud and the public cloud
provider must be integrated (Agrawal
7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

HYBRID CLOUD COMPUTING
Both the Smiths Security private cloud
and the public cloud provider must abide
by compliance guideline. Demonstrating
and maintaining compliance is
challenging with hybrid cloud since data
shifts to and fro.
& Tripathi, 2018). Make sure that the
two clouds are in compliance and also
show compliance as they function
jointly.
 The industry standards for information
security should be met by the two
clouds when managing confidential
information.
Weak security management: managers
of Smiths Security may become
uncontrollable when they fail to apply
identity management, authentication,
and authorization processes for both
their public and private cloud. Smiths
Security should integrate their cloud
security protocols.
 Controls for both clouds should be
replicated
 Security data should be synchronized
or an identity management service
used that co-function with the systems
the company run in either cloud
 Manage on-premise data storage for
confidential information not suitable
for the public cloud
Poor data redundancy: a lack of
redundancy will place Smiths Security
and a hybrid IT cloud at risk. It is
particularly true if the company does not
have repetitious copies of data
appropriately shared across all data
centers. Sharing information in such a
manner reduces the damage that
happens when one data center is
disrupted.
Achieve redundancy. It can be implemented in
three ways:
 By using many data centers from a
single cloud provider
 From a hybrid cloud
 From multiple public cloud providers
Failure to identify and authenticate:
security management is important when
coordinating private and public clouds in
a hybrid environment. The staff of
Smiths Security and the cloud provider
 Be attentive
 Verify and monitor all access
permissions
 Use an IMS (IP Multimedia core
Network Subsystem) to synchronize
8

HYBRID CLOUD COMPUTING
should mutually share cyber-security. data security
Unshielded APIs: when unshielded, API
endpoints reveal confidential
information to malicious intrusions that
manipulate authorization or
authentication key or token to exploit
personal data and information. Such
vulnerability is of specific interest in
Smiths Security mobility management
and bring your own device (BYOD)
transmissions over unsafe connections.
 APIs must be managed in similar way
as code-signing and encryption keys.
 Keys should be handled safely by third-
party developers
 Before handing over API keys, always
validate a third-party to avoid a breach
in security
DOS (denial-of-service) attacks: attackers
make a mobile or cloud business
inaccessible by releasing a DoS attack.
Disruption of network service occurs in
the virtual environment via an internal
vulnerability in shared resources such as
RAM, CPU, and network bandwidth or
disk space (Chen, Zhang, Hu, Taleb &
Sheng, 2015).
DOS attacks on APIs of cloud management are
usually brought by transmitting bad REST or
SOAP request from the business
 Flow analytics can avoid denial of
service attacks by diverting traffic to a
counteracting device and responding
to attacks

The tools of flow analytics must be
adaptable for the amount of traffic it
analyzes and gathers
Distributed DOS attacks: the application
layer or volumetric attacks are emerging
and even more dangerous than DOS (Sill,
2015). The attacks have increased and
are maliciously spread from many
sources and created at a central
location. By the time these incursions
are identified, websites are perceived
useless and network traffic is usually
 A robust implementation of a
distributed DOS (DDoS) mitigation
strategy that constantly processes all
outgoing and incoming traffic can assist
in preventing DDoS attacks (Froberg,
2013). The strategy should be able to
scale, act and perform instantly when
there are multiple attacks
9

HYBRID CLOUD COMPUTING
blocked.
Poor Intellectual Property (IP)
protection: extra protection should be
given to IP. Highest security and
encryption protocols should be
established. IP must be classified and
identified to verify possible security
risks. Appropriate encryption and
vulnerability assessment are required.
 Fully automated systems are
insufficient in quantifying risks and
classifying IP. These activities must be
carried out manually. Risks connected
to IP can only be determined after
classifying data
 Smiths Security should be aware of the
source of their threats. They should
create a comprehensive threat model
and adhere to it
 Generate an authorization matrix
 Harden all elements of open source to
prevent attacks
 Carry out detailed audits of a third-
party
 Ensure network infrastructure is
protected.
Lack of data ownership: cloud venders
should be examined thoroughly for
security controls when managing data.
Once the deployment of cloud is done,
Smiths Security may lose the power to
manage their data set. Smiths Security
managers should assess the available
security levels in the cloud to avoid
surprises.
 Verification of security and data
ownership must be done. Fend off
vendors who cannot offer acceptable
ownership expectations
 Ask the vendor to define everything in
a well-designed SLA (service Level
Agreement) that address a hybrid IT
business. Get a clear understanding of
who accesses information, what the
vendor does with access logistics or
logs, and the geographic or jurisdiction
10

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

HYBRID CLOUD COMPUTING
area of all kept data.
Lack of communication with cloud
vender: Smiths Security should first get
written details and estimate of service to
be carried out in the implementation of
their hybrid cloud. They should acquire
SLAs that clarifies responsibilities and
expectations.
 Regarding security, a client should
clearly inform the cloud vendor the
security requirements required. By
doing so, disasters and surprises will be
eliminated.
 Detailed questions should be asked.
Avoid service providers who cannot
offer comprehensive answers on how
they protect and define multi-tenant
boundaries, ensure PCI compliance,
FISMA and auditing
SLAs that are defined poorly: when
migrating to the cloud, clients lose the
power to manage their data set and are
obliged to depend on service providers
to protect data when in the public sector
(Yousif, 2016).
 Security measures must be defined
properly and protections and access
permissions clarified in the SLA. The
same should be done to requirements
and expectations of the cloud service
vendor(Jula, Sundararajan & Othman,
2014).
 Relevant service expectations must be
well-defined in the SLA so the client
has alternative if data is altered or
service interrupted.
 An attorney should review the
agreement before it is signed.
Leakage of data: insufficient security
protocols from the cloud vendor can
jeopardize data which can be destroyed,
corrupted or improperly accessed. It is
particularly true in worker-drive
 Smiths Security should not assume that
the vendor has handled data leakage
issue unless it is in writing. Preventing
loss of data is essential.
 Since the Smiths Security owns client
11

HYBRID CLOUD COMPUTING
environments of BYOD data, it is the responsibility of the
customer to ensure security
 Security measures should be able to
address security breaches,
infrastructure malfunctions and
software errors.
Management strategies that are poorly
defined: smooth management of hybrid
cloud is only achieved when everyone is
aware of what should be done. Tasks
must be clearly defined with
management procedures and policies
(Choi, Choi & Kim, 2013). A network can
be disrupted is such guidelines are
assumed. A comprehensive approach
must be established to manage the
whole infrastructure.
 Management strategies and tools
should be consistent for networking,
computing and storing resources over
several domains. It is the work of the
hybrid cloud administrator to ensure
the template is developed
 Policies of cloud management must
define standards of controlling
installation and configuration. Access
control for restricted applications or
confidential information and reporting
and management of budget should be
established.
 Smiths Security should be aware of the
kind of cross-channel tools to be
applied to handle hybrid cloud
 Access controls, encryption and user
management should be strictly defined
 Policies of access control that define
how restricted applications or
confidential information is accessed in
private and public clouds should be
prepared
 Configuration management tools
should be used in resource
12

HYBRID CLOUD COMPUTING
provisioning to automate processes of
building image and minimize
misconfiguration errors (Katyal &
Mishra, 2014).
Poorly developed cross-channel tools:
Smiths Security should learn how handle
tasks across many domains. Many
administrators become tensed when
they are unable to multi-task. Poorly
executed or defined cross-channel
management in hybrid cloud are major
drawbacks that must be prevented.
Determine whether suite of tools or
specialized tools are enough to handle the
business. Smiths Security should determine if
they need:
 Tools of cloud application movement
for interoperability. They should
ensure they have cloud monitoring
tools that incorporates virtualized
environments
 Cloud automation tools to maintain
security and access required for VM
movement and dynamic cloud
provisioning (Gai, Qiu, Zhao, Tao &
Zong, 2016).
Malicious or disgruntled employees: not
all insiders and workers are trustworthy.
Some employees may utilize confidential
or client data to interfere with corporate
operations.
 The CSP (content security policy) of
Smiths Security should have detailed
security measures that can trace
worker’s network operations to avoid
such kind of malicious attacks
 Develop an employee threat program
with well-defined strategies
 Always validate. Stop every attempt of
unpermitted access
 Restrict access to vital issues of the
company
 Establish instant response protocols
that react and detect any malicious or
13

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

HYBRID CLOUD COMPUTING
suspicious network operation. It should
encompass remote locking, immediate
log off or session resets.
Question 3: Information Security Controls
and Steps for Hybrid Clouds
Much of information security is concentrated on maintaining information inside the
network and ensuring that outsiders are kept outside the network border. The following are
some of the information security controls and steps for securing hybrid clouds for Smiths
Security:
Efficient Access and Identity Management Controls
Proper management of credentials is critical to achieving protection and control over
data. Smiths Security should search for a solution that permits just one sign-in, permitting
credentials to be moved between internal resources and cloud. When there are fewer
credentials to be controlled, there are also fewer opportunities to present more privileges
than needed. Besides, use roles or groups to determine the authorization required for every
job function, and deploy a process to regularly examine the privileges of the user to ensure
they do not keep unrequired and old privileges after they migrate to a new position
(Mahalakshmi & Suseendran, 2016).
Encrypt Everything in All Place
Encrypting everything in all places may not be fully possible. However, Smiths
Security should encrypt regularly. Securing data while in transit should be done at all times.
Smiths Security should use safe connections (TLS/SSl) and direct or VPNs connections to
cloud vendors to acquire extra protection. In aaddition, they should ensure data is encoded
at rest, and by any means, ensure that they manage the keys and not their cloud vendor.
Secure APIs
The cloud runs on application programming interfaces (APIs) that permits application
to access services on various servers. Smiths Security should ensure that APIs are secured
against unpermitted access, and when it comes to encryption, they should ensure that
protection of credentials is done properly (Kalloniatis et al., 2014).
14

HYBRID CLOUD COMPUTING
Gather and Utilize Security Logs
Each cloud vendor has logs that shows the activities in the cloud. The most excellent
way for Smiths Security to utilize those logs in a hybrid cloud environment is to secure data
into the same SIEM (security information and event management) tool they use to assess
their internal logs. The SIEM tool will the assist Smiths Security in identifying environmental
risk and threats hidden from their private or public cloud instances.
Take the Responsibility of Managing the Cloud
Any time applications and data are separated, division of responsibility occurs as
well. When it happens in public cloud, it leads to overdependence on the security of the
cloud vendor. It is essential that Smiths Security avoid generating security silos when their
internal team possess tools to manage security in the public cloud. They need to bring new
tools and offer training to allow their team to easily manage the whole system.
Select an Open Security Framework
Interrelationship among cloud services and regular upgrade to the emerging
technology is a sign of the public cloud (Toosi, Calheiros & Buyya, 2014). It can be a difficult
hybrid implementation area since the private cloud element might slow down delivering less
agility than the public cloud component. That is a security problem. To solve that issue,
Smiths Security should use an open security framework that can ensure that security is
more integrated with advances of technology (Hu, Hao & Bao, 2014). Smiths Security should
utilize an open security framework that permits easy adoption of new cloud services that
rapidly handles changing user wants and business needs.
Consider Security Containers
Smiths Security should develop their cloud environment correctly. They should
develop in containers. They should design security in a way that allows apps to move from
private to public cloud environment. Since more security can be guaranteed in a private
cloud, they should first run apps in a private cloud. Then if they need to save expenses or
scale, and their risk assessment justifies it, migrate it to the public cloud.
Restrict Cloud Console Access
With Amazon web services (AWS) in the public cloud or virtualized VMware private
cloud, administration consoles become a strong control point where confidential data
running in systems can be moved, duplicated or deleted (Ratten, 2012). Smiths Security
should restrict access to these cloud consoles and confine them with a lot of security. IT
15

HYBRID CLOUD COMPUTING
administrators and privileged users who control the cloud environments should be given
limited controls. These consoles should have limited access and activities should be
monitored to detect suspicious use instantly. By doing so, it will assist in protecting against
suspicious insiders or implicated privileged account access.
Question 4: Business Continuity Plan
Business continuity plan (BCP) entails coming up with some potential risks that could
negatively affect the company and defining them to find out on the potential impact that
they will have on the business processes, and devising ways to mitigate and counteract such
risks and progressively reviewing them to ensure that they are updated (Gsoedl, 2018).
There are no strategies for stopping attacks, but it it’s the responsibility of the business to
implement and adopt measures that could help prevent them from happening. The fact that
Smiths Security is considering moving to hybrid cloud computing, it is important that they
identify and define potential risks associated with hybrid cloud computing (Thomas, 2015).
The major function of a business continuity plan is to allow the business to withstand
any disasters and attacks and be able to continue with normal business operations even if
the attack occurs (Zack, 2016). The company need to determine the critical business
functions, resources, services, and products that ensure that normalcy is restored. In BCP, it
is also crucial to state out the relationships among the critical function and its dependencies
on the company stakeholders for example, suppliers. More emphasis should be on the
business because once the company has employed these strategies it can then proceed to
determine the network, computing, and other information technology resources that is
needed to ensure that critical operations are maintained (ESDS, 2018).
Cloud computing is able to support business continuity plan implementation but it is
important to have more focus on the resiliency and responsiveness of the business
applications. Application resilience is the ability of the application to use data replication to
recover fast from failures (Bradford, 2018). Responsiveness of the IT infrastructure should
also be implemented to enable it have the capacity to reduce the effect it will have to the
company when a disaster occurs. Therefore, the key to attaining business continuity for the
Smiths Security are resiliency and responsiveness which massively contributed to having and
effective BCP.
16

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

HYBRID CLOUD COMPUTING
Moreover, it is necessary to have comprehensive disaster recovery strategies. The
disaster recover plan facilitates BCP. DR plan provides a hierarchy of activities that should be
carried out in order to recover from a disaster which include crisis communication and
management and emergency response (Burgess, 2014).
The senior executive and the board at Smiths Security are the determinants of
business continuity and disaster recovery plans success. The management should show
commitment to ensure that apart from risk management other activities laid out in the DRP
and BCP are implemented and reviewed regularly (Theamegroup, 2018). Backup strategies
should also be included in the BCP that there is real time backup of the critical resources
such as data. In order to have a stable and reliable BCP and DRP, it is important that all the
weaknesses and vulnerabilities associated with hybrid cloud computing has been assessed
(Giffin, 2015). This allows company to devise the best strategies to manage the weaknesses
and for future planning.
The cloud only provides a virtual way to store the data and applications to allow 24-7
availability of data and other resources. The following are some of the factors that should be
considered when developing a business continuity plan: user authentication, data security,
regulatory standards, how data is stored and transferred, and backup intervals. However, it
is important to mention that cloud computing provides a reliable and stable backup and
disaster recovery plans (Techopedia, 2018). As such it is necessary that when developing
business continuity plans and disaster recovery strategies it is important to consider all the
aspects (including strengths and weaknesses) so as to have a comprehensive plan.
Question 5: Requirement Analysis
Remote Server Administration
It is becoming significantly easy to manage server remotely. Smiths Security Ltd
system administrators can use any of these tools to troubleshoot, monitor server traffic,
address security concerns, restart servers, and escalate help desk tickets (Bigelow, 2017).
IBM director remote deployment manager can be used to automate the deployment
of processes such as updating BIOS, initial installation of the operating system, and disposal
of worn out systems (Brunelli, 2017). This tool supports Linux, Windows, and VMware ESX
server. Additionally, it can support non-IBM hardware devices as long as they meet the
industry standards including Wake on LAN (WOL) and Pre-Boot-Execution (PXE).
17

HYBRID CLOUD COMPUTING
Another remote administration tool that can be used by Smiths Security is the integrated
Dell Remote Access Controllers which enables anytime, anywhere remote troubleshooting,
server upgrades, monitoring, remediation, and management.
Another remote server administration tool I the integrated Dell remote access
controllers which enables Smiths Security to monitor, troubleshoot, manage, remediate,
and upgrade server at anytime, anywhere independent of the status of the operating
system. This tool utilizes industry standards remote access functions to deliver system
failure notification and facilitate powerful management properties.
Resource Management
There are several strategies that can be used to manage resources in the cloud. They
include pre-copy approach for scheduling, linear scheduling strategy, Just-in-time resource
allocation, match making and scheduling, and Miyakodori. But linear, match making
scheduling, and pre-copy approaches will best fit Smiths Security requirements
(Nzanywayingoma & Yang, 2017).
In linear scheduling resources are allocated based on the utilization of memory, CPU,
and the overall throughput. The cloud environment maintains these resources for every
client to maximize the utilization of the resources and services (Suresh & Varatharajan,
2017). This strategy creates huge waiting time in order to schedule tasks and resources to
increase response time.
Pre-copy scheduling approach uses pre-copy migration to ensure that he source VM
continuous processing clients’ request while the VM state is iteratively moved to the
background iteratively. The source VM is suspended when enough of the state has been
transferred to prevent any further memory writes. This ensures that resources are utilized
efficiently.
Match making and scheduling is a resource management technique that ensures
that each slave node is given an opportunity to hold local processes before any external
processes are assigned to them. This approach uses find a match algorithm that fits the
client requests.
SLA Management
Service Level Agreements (SLA) management is getting more crucial as business
continue to move their applications, data, and systems to the cloud (Kulkarni, 2018). This
18

HYBRID CLOUD COMPUTING
also applies to Smiths Security to ensure that the cloud vendors have met all the business
level standards and offer their clients with a clearly stated expectation (Rouse, 2016). Smiths
Security should ensure that the SLA offered to them by the cloud provider are measurable
and specific in every aspect. This will guarantee quality of service (Trappler, 2018).
Question no 6: Migration Steps
Migrating to Amazon AWS workspace requires that several steps be taken in order to
have a successful migration process to DaaS. The steps include:
Establishing and defining the role of the migration-architect-before starting the
migration process it is important that Smiths Security establish a migration architect to lead
the process (Forbes, 2018). The architect ensures that all the all the aspects of migrations
have been planned and completed, design data migration strategies, determining the
refactoring needed to migrate successfully, identifying migration priorities, and defining the
requirements of the cloud solution. Migration architect is a critical resource for the
successful migration process because of the technical plans and many decisions that have to
be made (Atchison, Peterson, Casey & Nijhawan, 2018).
Secondly, it is important to know the level of cloud integration chosen; either deep
cloud integration or shallow cloud integration. Application modification is possible during
migration in deep cloud integration which enables the business to take advantage of the
cloud provider capabilities such as the serverless computing capabilities offered by AWS. For
shallow integration limited or no changes are allowed during the migration process.
Therefore, Knowing the level of cloud integration is very important.
Thirdly, it is important to know the choice of cloud vendor, either multi-cloud or
single cloud. Since this is a hybrid cloud, the company will be transferring data between
public and private clouds. This will help the company to optimize it resources in Amazon
AWS easily and the IT team will only be required to learn one cloud API and take advantage
of all the other things considered when choosing a cloud provider (Bozicevic, 2018).
The fourth step is to establish the cloud key performance indicators (KPIs) which are
used to measure how a service or application is doing against the set expectations. Smiths
Security may have laid out the KPIs but it is important to assess if they are the right one for
the resources being migrated (Freedman, 2015). The best cloud migration KPIs enables the
19

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

HYBRID CLOUD COMPUTING
company to see the progress of the migration process showing both invisible and visible
problems that may be affecting the services.
Another important step that should be taken during migration is establishing
performance baselines to measure the pre-migration and post-migration performance of
the resources and applications. This will help the company to know when the migration
process has completed and give post-migration validation performance enhancements that
Smiths Security anticipates (Palmer, 2018).
In addition, it is necessary to prioritize the components that need to be migrated.
This involves the decisions of either migrating all the resources at once or component by
component. To achieve this, it is essential to determine the links between the different
applications and services to identify the resources that are dependent on each other. This
will facilitate migrating components that are related at the same time and migrating
independent components one by one or all at the same time. This ensures that the services
with few dependencies are moved first to decrease the complexities in the migration
process.
Moreover, it is important to carry out any necessary refactoring to ensure that all
the necessary enhancements are done on the services and applications before migrating
them so as to improve efficiency and effectiveness in the cloud. Migrating data to the cloud
can be a very challenging task. As such it is essential that a data-migration plan so as to
ensure that the migration process has been done systematically in order to have a
successful migration. Never abstract the essence and complexities associated with data
migration process.
Finally, decide if you want to migrate the services a little at a time or all at once and
switch over to production (actual migration process). It is also important to review
application resource allocation (YITSOL, 2018).
Question no 6 B: Critical Issues Associated
with Migration
Some of the critical issues and points that may occur during migration steps include:
Downtime- during migration service or service outages which may severely affect the
services and applications being migrated. Even the slightest downtime can have a huge
20

HYBRID CLOUD COMPUTING
impact which may result to dire loses (Masoud, 2017). Creating a temporary backup
environment during migration could be a possible solution.
Data security and protection could be another critical issue that may arise during
migration of services to the Amazon AWS because the major backbone that will be used is
internet (Mudrakola, 2016). Internet is required to facilitate smooth migration process.
However, the internet is faced with numerous cyberattacks and data breaches which often
hinders migration process and thus the extra cautions should be taken during migration.
Company data is vulnerable when being moved from on-premise servers to the cloud
environment because neither cloud or company network security can secure the data
completely from cyber-attacks (Roberto, 2018).
This are the two major critical issues that may affect every step during migration
process to the Amazon AWS cloud.
Conclusion
By adopting the hybrid cloud computing Smiths security will benefit greatly through
centralized management of resources, agility, cost effectiveness, centralized controls, and
scalability. Since the cloud provider will be responsible for managing the IT infrastructure,
Smith Security will be relieved of the maintenance charges and personnel. Additionally,
hybrid cloud computing has better backup and disaster recovery strategies which is very
essential to Smiths. As such, it is recommended that Smiths Security adopts the hybrid cloud
computing.
References
Agrawal, A., & Tripathi, S. (2018). Integration of Internet of Things and Cloud
Computing. SSRN Electronic Journal. doi: 10.2139/ssrn.3166084
Atchison, L., Peterson, R., Casey, K., & Nijhawan, C. (2018). Cloud Migration Checklist: 10
Steps You Need to Follow. Retrieved from
https://blog.newrelic.com/engineering/cloud-migration-checklist/
21

HYBRID CLOUD COMPUTING
Bigelow, S. (2017). Choosing remote server administration tools. Retrieved from
https://searchitoperations.techtarget.com/tip/Choosing-remote-server-administration-
tools
Bozicevic, V. (2018). Cloud Migration: 3 Basic Steps for a Successful Migration Process -
GlobalDots Blog. Retrieved from https://www.globaldots.com/cloud-migration-
process/
Bradford, C. (2018). 5 Ways the Hybrid Cloud Improves Disaster Recovery | StorageCraft.
Retrieved from https://blog.storagecraft.com/5-ways-hybrid-cloud-improves-disaster-
recovery/
Brunelli, M. (2017). Remote server administration tools: Manage your data center from a
distance. Retrieved from https://searchitoperations.techtarget.com/tip/Remote-server-
administration-tools-Manage-your-data-center-from-a-distance
Burgess, S. (2014). Business Resiliency and the Hybrid Cloud | EMC. Retrieved from
https://infocus.dellemc.com/scott_burgess/business-resiliency-hybrid-cloud/
Buyya, R., Vecchiola, C., & Selvi, S. T. (2013). Mastering cloud computing: foundations and
applications programming. Newnes.
Chen, M., Zhang, Y., Hu, L., Taleb, T., & Sheng, Z. (2015). Cloud-based Wireless Network:
Virtualized, Reconfigurable, Smart Wireless Network to Enable 5G Technologies. Mobile
Networks And Applications, 20(6), 704-712. doi: 10.1007/s11036-015-0590-7
Choi, C., Choi, J., & Kim, P. (2013). Ontology-based access control model for security policy
reasoning in cloud computing. The Journal Of Supercomputing, 67(3), 711-722. doi:
10.1007/s11227-013-0980-1
Erl, T., Mahmood, Z., & Puttini, R. (2013). Cloud computing. Upper Saddle River, NJ:
ServiceTech Press.
ESDS, E. (2018). BCP (Business Continuity Planning). Retrieved from
https://www.esds.co.in/blog/and-cloud-computing/#sthash.evYh6Lxi.R9z4PvBd.dpbs
22

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

HYBRID CLOUD COMPUTING
Forbes, F., (2018). Retrieved from
https://www.forbes.com/sites/forbestechcouncil/2017/06/05/13-biggest-challenges-
when-moving-your-business-to-the-cloud/#380072d59b0e
Freedman, R. (2015). Cloud computing migration issues: What you need to know. Retrieved
from https://www.techrepublic.com/blog/it-consultant/cloud-computing-migration-
issues-what-you-need-to-know/
Froberg, S. (2013). Distributed and cloud computing from parallel processing to the internet
of things by Kai Hwang, Geoffry C. Fox, and Jack J. Dongarra. ACM SIGSOFT Software
Engineering Notes, 38(2), 34. doi: 10.1145/2439976.2439991
Gai, K., Qiu, M., Zhao, H., Tao, L., & Zong, Z. (2016). Dynamic energy-aware cloudlet-based
mobile cloud computing model for green computing. Journal Of Network And Computer
Applications, 59, 46-54. doi: 10.1016/j.jnca.2015.05.016
Giffin, R. (2015). What You Need to Know: Cloud Computing and Business Continuity -
Avalution. Retrieved from https://avalution.com/what-you-need-to-know-cloud-
computing-and-business-continuity/
Gsoedl, J. (2018). Disaster recovery in the cloud explained. Retrieved from
https://searchdisasterrecovery.techtarget.com/feature/Disaster-recovery-in-the-cloud-
explained
Halpert, B. (2013). Auditing cloud computing. Hoboken, N.J.: Wiley.
Hu, F., Hao, Q., & Bao, K. (2014). A Survey on Software-Defined Network and OpenFlow:
From Concept to Implementation. IEEE Communications Surveys & Tutorials, 16(4),
2181-2206. doi: 10.1109/comst.2014.2326417
Hwang, K., Dongarra, J., & Fox, G. C. (2013). Distributed and cloud computing: from parallel
processing to the internet of things. Morgan Kaufmann.
Jula, A., Sundararajan, E., & Othman, Z. (2014). Cloud computing service composition: A
systematic literature review. Expert Systems With Applications, 41(8), 3809-3824. doi:
10.1016/j.eswa.2013.12.017
23

HYBRID CLOUD COMPUTING
Kalloniatis, C., Mouratidis, H., Vassilis, M., Islam, S., Gritzalis, S., & Kavakli, E. (2014).
Towards the design of secure and privacy-oriented information systems in the cloud:
Identifying the major concepts. Computer Standards & Interfaces, 36(4), 759-775. doi:
10.1016/j.csi.2013.12.010
Katyal, M., & Mishra, A. (2014). Application of Selective Algorithm for Effective Resource
Provisioning in Cloud Computing Environment. International Journal On Cloud
Computing: Services And Architecture, 4(1), 1-10. doi: 10.5121/ijccsa.2014.4101
Kulkarni, M. (2018). 6 cloud SLA monitoring tips for better service delivery. Retrieved from
https://www.computerweekly.com/tip/6-cloud-SLA-monitoring-tips-for-better-service-
delivery
Mahalakshmi, B., & Suseendran, G. (2016). Effectuation of Secure Authorized Deduplication
in Hybrid Cloud. Indian Journal Of Science And Technology, 9(25). doi:
10.17485/ijst/2016/v9i25/87990
Margaret, R. (2018). Cloud Bursting Solutions. Retrieved from
https://f5.com/solutions/enterprise/reference-architectures/cloud-bursting
Masoud, F. (2017). Top 5 Cloud Migration Challenges for Enterprises – How to Solve.
Retrieved from https://www.infinera.com/top-five-cloud-migration-challenges-
enterprises-solve/
Mudrakola, S. (2016). Cloud data migration: Common issues and problems you must avoid.
Retrieved from http://techgenix.com/cloud-data-migration/
Norman, S. (2016). Auditing Cloud Computing - A Security and Privacy Guide by Ben Halpert -
[PDF Document]. Retrieved from https://vdocuments.mx/documents/auditing-cloud-
computing-a-security-and-privacy-guide-by-ben-halpert.html
Nzanywayingoma, F., & Yang, Y. (2017). Efficient resource management techniques in cloud
computing environment: a review and discussion. International Journal Of Computers
And Applications, 1-18. doi: 10.1080/1206212x.2017.1416558
Palmer, S. (2018). Cloud Migration Checklist: Step by Step Guide - DevTeam.Space. Retrieved
from https://www.devteam.space/blog/cloud-migration-checklist-step-by-step-guide/
24

HYBRID CLOUD COMPUTING
Ratten, V. (2012). Cloud Computing Services. International Journal Of Cloud Applications
And Computing, 2(2), 48-58. doi: 10.4018/ijcac.2012040105
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation,
management, and security. CRC press.
Roberto, M. (2018). The key challenges of migrating databases to the cloud: Planning and
performance. Retrieved from
https://www.cloudcomputing-news.net/news/2018/apr/17/key-challenges-migrating-
databases-cloud-planning-and-performance/
Rouse, M. (2016). What is cloud SLA (cloud service-level agreement)? - Definition from
WhatIs.com. Retrieved from https://searchstorage.techtarget.com/definition/cloud-
storage-SLA
Sahmim, S., & Gharsellaoui, H. (2017). Privacy and Security in Internet-based Computing:
Cloud Computing, Internet of Things, Cloud of Things: a review. Procedia Computer
Science, 112, 1516-1522. doi: 10.1016/j.procs.2017.08.050
Sill, A. (2015). Emerging Standards and Organizational Patterns in Cloud Computing. IEEE
Cloud Computing, 2(4), 72-76. doi: 10.1109/mcc.2015.76
Stokes, J. (2014). Will the cloud have its own Deepwater Horizon disaster?. Retrieved from
http://arstechnica.com/business/inside-the-cloud/2010/06/will-the-cloud-will-have-its-
own-deepwater-horizon-disaster.ars
Suresh, A., & Varatharajan, R. (2017). Competent resource provisioning and distribution
techniques for cloud computing environment. Cluster Computing. doi: 10.1007/s10586-
017-1293-6
Techopedia, T. (2018). What is Cloud Backup? Retrieved from
https://www.techopedia.com/definition/13587/cloud-backup
Theamegroup, G. (2018). How the Cloud Will Change Backup and Disaster Recovery.
Retrieved from https://www.theamegroup.com/cloud-will-change-backup-disaster-
recovery-plan/
25

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

HYBRID CLOUD COMPUTING
Thomas, O. (2015). Cloud Backup and Disaster Recovery Challenges. Retrieved from
https://www.veeam.com/wp-cloud-backup-disaster-recovery-challenges.html
Toosi, A., Calheiros, R., & Buyya, R. (2014). Interconnected Cloud Computing
Environments. ACM Computing Surveys, 47(1), 1-47. doi: 10.1145/2593512
Trappler, J. (2018). Service Level Agreements in the Cloud: Who cares?. Retrieved from
https://www.wired.com/insights/2011/12/service-level-agreements-in-the-cloud-who-
cares/
YITSOL, Y. (2018). Step by Step Guide to Cloud Migration: The Definitive Guide (2018).
Retrieved from https://www.yitsol.com/step-by-step-guide-to-cloud-migration/
Yousif, M. (2016). Migrating Applications to the Cloud. IEEE Cloud Computing, 3(2), 4-5. doi:
10.1109/mcc.2016.42
Zack, W. (2016). Retrieved from http://knol.google.com/k/what-possible-computer-
disasters-can-be-associated-with-cloud-computing
26