Last Updated on
You can download the solution to the following question for free.
For further assistance in Information Technology Assignment help, please check our offerings in IT solutions. Our subject-matter-experts provide online assignment help to IT students from across the world and deliver plagiarism free solution with free Turnitin report with every solution.
(AssignmentEssayHelp do not recommend anyone to use this sample as their own work.)
IT Assignment Question on Mobile Systems, Virtualization and Clouds
There are two (2) parts to the third assignment. For part A (80%) need to write a single report not more than 20 pages in the body. For part B (20%) you need to present the report in Power Point with voice overlay of the report to the management.
Report , Part A (80%): Mobile Systems, Virtualization and Clouds
Our organization, after implementing mobile services the process of moving to the final cloud solution has discovered that a lot of the expected benefits have not been achieved. While the staff agrees and can see how the new, untethered access to business data and services can help in their day to day activities. The overhead of using the services due to the authentication has resulted in poor acceptance of the system by the employees.
The security mechanism was imposed to limit the likelihood of having long term connections running from external connections. The limitations were put in place to minimize the load on the connection servers and also limit the possibility of an unauthorized external entity not being identified early by the intrusion detection systems. The organization has a large number of external business entities who regularly connect to the organization resources as part of cooperative business processes.
After discussion with the system users a number of issues were discovered. Firstly, the system was designed so that the security management was pushed onto the mobile devices, making the use of the service disruptive to the users. The accessing of different services while using mobile devices required a separate login in to each service. Not only that, but prolonged inactivity would shut down the connection to the mobile device requiring a two step process to re-establish a connection to the device then reconnection to the service. Also it was discovered that while the system is supposed to support roaming in reality only certain services were accessible from different part of the organisation while utilising wireless devices.
The planned eventual move to the recommended cloud services has also been put on hold due to the current reports in the media of the Transport Layer vulnerability. The general consensus amongst the board of managers is that the cloud solutions may not be suitable or secure enough for their business requirements. As a result the idea of creating our own private cloud storage solution with virtualised servers to minimise the hardware requirements and management might be a better and a more secure solution.
The organisation grew up at a fairly fast rate and has moved through a number of IT solutions over the years. All the solution have been home grown and designed in house to meet the know challenges. As a result the solutions tended to be only short lived forcing a redesign in a shorter period than originally planned. For the next major redesign (the planed private cloud and virtual servers) the organisation is considering going through a tender process in the hopes of designing system that is better able to meet the future needs.
You have been tasked with writing a report to explain and explore the following technology and services:
a) There is evidently a problem with the current design in that the use of the wireless devices is more burdensome then it needs be and the access limitations the employees are experiencing. Describe the possible design problems and discuss possible solutions to make the current design more productive to the organisation?
b) Research and describe Transport Layer Security (TLS) and how it operates to provide secure communications. Report your findings in the operations of TLS and its impact if we were to move to a private cloud as suggested. Are we as an organization going to be able to make ourselves more secure and better able to protect from unauthorized access.
c) Building a private cloud storage and virtual service type solutions sounds like a solution that provides the best of both world. Research and report on the advantages and disadvantages in building our own cloud and virtualised service type solutions. Make a recommendation with justifications as to how they should proceed (private or public type of solution)
d) Up to now the organizations IT department has been able to meet the challenges of designing and implementing the necessary communication networks for the organization. However with the new design (private or public cloud) the IT department is venturing into areas where they lack experience. As possible solution the idea of tendering the build through Request for Proposal process has been raised. You have been asked to do brief analyses of the Request for Proposal process and highlight the benefits and the pitfalls of the process. The management is especially interested in what they need to get right in order to have the best guarantee if success.
IT Solution for Mobile Systems, Virtualization and Clouds
CURRENT DESIGN PROBLEM
Recently, there has been a global shift on the networking modules and its paradigm. The new adopted model is wireless architecture and is being globally accepted because of its robustness, cost effectiveness and its inherent property of accepting significant characteristic of both wired infrastructure and ad-hoc networking paradigm under its domain.
In this report, we will discuss in detail, the initial stage wireless design problems and their viable solutions.After the migration to the proposed wireless architecture, lot of UAT testing has been done. Though the results are favorable for most of the cases, certain problems are also identified. This wireless architecture that was proposed to the management is illustrated in the below figure.
Theoretically, this architecture is a complete enterprise solution, but the after deploying it to the organization level few intermittent issues have been identified. Few of the key issues identified are:
- The overhead of using the services due to the authentication has resulted in poor acceptance of the system by the employees.
- The system was designed so that the security management was pushed onto the mobile devices, making the use of the service disruptive to the users.
- The accessing of different services while using mobile devices required a separate login into each service. Not only that, but prolonged inactivity would shut down the connection to the mobile device requiring a two-step process to re-establish a connection to the device then reconnection to the service.
- It was discovered that while the system is supposed to support roaming in reality only certain services were accessible from different part of the organization while utilizing wireless devices.
To resolve these challenges, we have referred to a research methodology in this report.The below listed table shows, few major problems as per their frequent occurrence in wireless design and their root cause analysis is shown, based on which a mitigation plan for each corresponding problem is suggested.
A probable solution to this issue is using a high power level and higher bandwidth capacity for transmission of signals so that successful reception at the receiver can be achieved. But using this has another challenge. A high interference and MAC layer collision occurs at high power transmission and also causes other unintended hitches at the receiver's side.
For long, this problem has been a dead end for the researchers, dwelling into wireless networks. The new methodology has an answer to this.This power control problem has been recently sorted by a group of researchers designing special protocols for link scheduling, routing and power distribution and control and most importantly channel radio assignment. In this, a strategy that is devised for determining the topology control and power control mechanisms is through underlying physical layer topology in network connectivity, where in the reception rate and traffic between the nodes depends on routing strategy and quality of the link. This link characteristic is important in ensuring various wireless attributes like stability, quality of service and reliability in routing protocol and routing metric design.
Hence the key concern of management can now be eliminated using these power protocols. Cisco as a major cloud vendor and wireless architect for almost all major companies can be contacted for the design up-gradation. They use the protocol to tackle energy conservation, topology control mechanisms, and power control in wireless architecture using transmission power levels with a better overall throughput of nodes such that the traffic demands are satisfied. Such mechanism increases the achievable network capacity,which in turn reduces interference.
The second issue that the organization is facing and management has a shared concern is on overhead of using the services due to authentication that has resulted in poor acceptance of the system by the employees. This inherent problem wireless deployment can be sorted using Link scheduling strategies. This strategy increases spatial reuse (concurrent transmissions on more than one links). Hence using this technique of intelligent scheduling, a condition is achieved in which interfering links are scheduled in parallel and also estimates transmission conflicts between links of these routing paths. This in turn provides a conflict-free feasible transmission schedule and the issue of overhead of using the services due to authentication is eliminated. The interference model combines collision detection/avoidance, medium access and transmission scheduling techniques to mitigate interference effects in the frequency domain of interfering links.
The third management concern which states system designed for security management was pushed onto the mobile devices making the use of the service disruptive to the users can be finally resolved.
The vendors of wireless network are coming out with improvement in link layer and physical layer techniques that can accommodate potential integrated networks like delay tolerant networks with mechanical backhaul (data ferried by buses, trains etc.), sensor network, vehicular networks and WiMAX based infrastructure networks. These are addressing the needs of such practical application where efficient MAC design, network security and scalability with incremental expansion of the network are needed. New technologies in wireless mesh networks appear to have unprecedented growth in both commercial development and research. (Debmalya Panigrahi 2011)Hence, the only thing, current organization need to do is upscale the present architecture with some latest sensors and controlling mechanism.
SECTION A: CONCLUSION
On a concluding note, this report showcases impressive amount of research effort on design of wireless multi-hop networks and their advantages based on robustness, ease of setup/maintenance, simplicity, and self-organizing nature. Though in the starting stage, there might be few hiccups while deploying wireless architecture, but once the full-fledged architecture is deployed, advantages like heterogeneity, protocols and joint design, affordable community driven infrastructure, opportunity for using off-the-shelf hardware interfaces and increasing open-source software development can be realized. The future of all the network greatly merging into wireless deployment.
SECTION B: TLS SECURITY
Research &Describe Transport Layer Security (TLS)
This section will explain the functionality and working of transport layer security. This will also explain the implementation of transport layer on a private cloud environment as our organization is looking forward to migrate to the cloud environment. In the wake of the recent cyber-attacks, where the new vulnerabilities like Open SSL are identified which compromises the TLS security is also discussed here.Transport layer security is an advanced version of the previous web security form known as Secure Socket Layer or SSL. TLS is a handshake protocol which is primarily used for maintaining and creating encrypted sessions to ensure privacy between applications over the internet, curtailing the possibility of eavesdropping and message tampering. The advantages of TLS/SSL can be lumped together to create secure environment over client server architecture, emailing and web browsing. This enhances the organizational security by creating secure sessions with RC4 or RSA encryption algorithms and is a good example of public key encryption. Though off late, there are certain incidents reported on the RC4 weakness and vulnerabilities which has been discussed in detail, but the advantage of using this in organization level is quite large (Qualys Security 2013).The history of TLS/SSL security is distinctive as Netscape was the primer organization to develop and introduce the concept of secure socket layer for internet browser and web browser. (Vahab Pournaghshband 2011).A common way to find out either your website is using this internet security is by checking the HTTP (hypertext transfer protocol), which should be ideally HTTPS. The below figure illustrates the same.
Certain organization are complied and regulated under Payment Card Industry (PCI) Data Security Standard (DSS) and Health Insurance Portability and Accountability Act (HIPPA) of American act. The organization deals with critical client related data like Non Personal Public Data to Personally Identifiable Data (NPPI) like credit card details, Health related details. As per the federal laws, any such company who deals with such information needs to complied with TLS security standard. Thus, to garner the understanding of such important protocol before implementing it in the organization level is quite crucial. The below figure illustrate the workability of the TLS protocol.(Techsoup 2013)
The work-flow of the TLS protocol is as follow:
1. The TLS client initiates by sending a 'Client Hello' message and establish the connection.
2. The 'TLS SERVER' receives the request and as a standard process to reply the 'Hello' message, it sends five responses. These are 'Hello Server'; 'Sends Server Certificate', 'Initiates a Server Key Exchange', 'Request for Certificate', 'Finally Server Hello Done'.
3. The TLS client or the initiating device receives this and respond to it accordingly. Thus the Client responds with following message, 'Client Certificate shared', 'Client Key Exchange request', 'Certificate Verify protocol', 'Cipher Spec change' and finally 'Finished' to state end of handshaking.
4. Thus, in the final stage the TLS server, send the requisites like 'Client Certificate', 'Client Key Exchange', 'Certificate Verify', 'Cipher Spec Change 'and Finished.
As it is explained by the eminent researchers, and security experts that, ensuring 100% or cent percent security is a completely wrong statement or simply a myth. Certainly there are shortcomings in the TLS security version as well. The recently reported new says, the RC4 algorithm supported in TLS version has been broken and security is compromised. The known way through which the weakness can be exploited has been devised and a sophisticated attack is launched to compromise the security. The target of the attack was on the CBC suites or codes that were used in the TLS version 1.0. and are known as Beast attacks. Through these vulnerabilities millions and billions of the keys are said to be compromised. Every day a new problem can be noticed in the web security arena, the very recent one is the Open SSL 1.0 vulnerability called Heart Bleed virus. Sometime due to misconfiguration or lack of hardening leads to such vulnerabilities, just like in the case of Lucky 13 attack that compromised a huge number of keys. Session cookies are also important so as to harden session management, to support reliable rotation of cookies. These vulnerabilities tends to extract the stored password in the cookies and can launch Denial of Service attacks (DOS) and cookie poisoning. Checking certain attributes like: 1) certificate is from a trusted party; 2) Valid certificate 3) certificate bears a relationship with the site from which it’s coming. There are commercial certification bodies like VeriSign, Go Daddy, Geo trust and so far and so forth. (How Stuffworks 2011)
The Heart-bleed vulnerability is marked as CVE-2014-0160 which compromise the security to provide the attacker access privilege, to read 64kb of memory for every attach. This is generally associated with poorly written codes to steal passwords, private keys of X.509 certificates.(TechTarget 2012)
SECTION C: BUILDINGAVIRTUAL SERVICETYPE for PRIVATE CLOUD STORAGE SOLUTIONS
As the management of the organization has realized that, virtual services when clubbed together with private cloud systems, a win-win situation can be achieved and will provide the best possible solution for the organization. Thus, to explore and research on the pitfalls and advancementsof building our own enterprise cloud and virtualized service solutions, we have referred to international journals on Virtualization and Private cloud solution to garner the understanding on the pros and cons of this technology.
To begin with, we will be referring to SANS security journal on 'Virtualization and Private Cloud Security' number SEC579. This research work from SAANs focuses on rapidly evolving server virtualization technologies and devised a suitable approach for saving cost and easy deployment methodology for virtualized system. One great achievement that is being highlighted in the current virtualization workflow is easy and flexible business continuity and disaster recovery. This provides the system administrators with greater controls over multiple systems that too in a single automation point. Nevertheless, the security feature that are incorporated here are 'Role based access control mechanism', 'Audit logging and Fault logging as per the ISO 27001 global information security practices' for larger infrastructure.(SANS Security 2012)
However the virtualization and virtual services has their own pitfalls and disadvantages. With each new day, a potential threat, exploits and vulnerability is being identified. One more potential problem that security and network administrator are observing is, since the technologies is new and advert, there are a lot of configuration options that has to be understood. These are added complexity that has to be tackled and managed tactfully. Often careful planning is needed to ensure that storage and backup services are carefully configured with administrative permissions, access control and virtualization server security hardening.
PRIVATE CLOUDAND VIRTUAL SERVICE TYPE
A common misconception about virtualization and private cloud is that, non-technical staffs often take the benefaction of calling the two as one single entity. But the real fact is, virtualization is a sub set of the larger domain called cloud, be it Private or Public. The cycle of virtualization starts with limited resource virtualized computing. This is then clamped up with key attributes like, 'Self-Service, Elasticity, Resource pooling and finally analytics' to attain a greater status of private cloud under Infrastructure or Network as a Services. This has been illustrated in the subsequent figure.
To gain a clearer picture of the distinctive difference between the Private cloud and Virtualization, a snapshot extract has been taken from the research work one of the virtualization expert 'Andrew Boring.' To get the inclusive tag of Private cloud, there are five requirements that have to be fulfilled first by the underlying layer of the virtualization.This has been discussed in details in the next section where a snapshot is illustrated.(Andrew Boring 2013)
SECTION D: REQUESTFOR PROPOSAL PROCESSAND HIGHLIGHT THE BENEFITSAND PITFALLS
As most of the companies are looking forward for cloud solution, for a permanent and more suitable solution to their organization, one prominent form of cloud which is highly demanding is Private cloud. This structure has the benefits like no multi-tenancy problems (multiple parities sharing same infrastructure in cloud space) which can lead to security flaws with contractual obligations and pricing issues like pay-as-you go. The cloud services can be categorized as three prominent utopias for any organization. These three are shown in the below figure as PaaS (Platform as a Service), SaaS (Software as a Service), and IaaS (Infrastructure as a Service essentially called as Communication as a Service).
Cloud services should provide a value addition to the user. In the Network as a Service, which is our model under consideration, the hardware and software component are taken care of. It's like an end to end solution, wherein the company, its sub branches and all COLO locations will be covered under one umbrella. This will reduce the initial development and implementation cost, bulk licensing cost along with hardware equipment purchases, easy transition to upcoming technology with greater scalability and flexibility to avoid unwanted IT management hassles for maintenance. Thus a top down approach embarked with value visibility to end user is shown in the below figure. For organizations like ours IaaS is the one stop solution.
As the discussion progress to Private cloud model, we are enthuse to chalk out the difference between the Private and Public cloud before moving to the next section i.e. RFP. The Public cloud model is mostly deployed in startup companies where the implementation cost budget is low so third party is involved in providing the IT resources in data centers and end customers are only connected via internet or private connection network. Thus the customers do not have any idea or visibility of the underlining IT infrastructure deployed for their company. (OSGi Alliance 2011)
Contrary to this, when an enterprise decides to have the same public cloud infrastructure implemented within its own data centers using virtualization technologies and have extended scalable networks, it is simply a demonstration of Private Cloud. We are in consideration of Private Cloud Architecture.
As a possible solution, the idea of tendering for the build through Request for Proposal (RFP) process has been raised by the management. Thus a careful analysis of the Request for Proposal process is needed to showcase the management with pinpoint highlights on the benefits and the pitfalls of this process.
In the below section, we will provide evidence to prove the benefits of having a rigorous RFP mechanism for shortlisting the vendors. This report will establish the importance of RFP and few pitfalls as well.
An RFP is an important step to begin with. This will primarily focus on the three key concerns of vendor Lock-In or surety on long term viability of the vendor. These are (a) Infrastructure interoperability; (b) Data Portability and (c) Application Portability.
The RFP will explicitly capture the Data Portability clause which mandates control and ownership of data access should be negotiated. Ideally the customer control the logical access to the databases and application in case of intermittency issues and some disastrous situation, the vendor has to provide assistance to extract and transfer data. All these contractual clauses need to be documented during the RFP is signed and approved by the management, while the tendering is granted.
The RFP from vendors will also help the management in one of the following ways.
1. The favored vendor will be the one who uses API for enhancement and open standard based components.
2. Uses licensed third party standard visualization layers (Microsoft VMware) to grabble support and licensing agreement. Use of freeware can proof fatal as a breach of contract.
3. Another advantage of vendor RFP is, the management can look compare and track the services offered. The vendor that provides the provision to its customers good porting tools for efficient portability functionality is the preferred one.
4. Also, vendor's contract should have obligation plan for post term migration assistance.
5. The management can conduct due diligence of the suitable vendors in the security and financial aspects.
For the purpose of this report, we have identified and referred to some standard RFP for cloud vendors. The below figure illustrates the requirements and consideration to be made while selecting the Private cloud vendor RFPs. This illustrated RFP is from Gaylord Texan Dellas.
As stated in the figure, RFPs should be properly scrutinized to obtain the best deal. So there are a lot of tricks and tweaks present in the draft version of the RFP formulated by the vendor. Anything longer than one year of term should be scrutinized and management must check and negotiate on hidden early termination charges. Another off beat feature to be included in the RFP and contractual agreement is the SLA's for different activities. These SLAs should have metrics and management tool uptime records and system uptime and availability records along with service desk performance SLAs and inclusive of data backup success rates. Below two figures illustrates the SLA best practices and IPR issues.(Marc Lindsey 2010)
(Some parts of the solution has been blurred due to privacy protection policy)