On the application deployment of public cloud

Mastering the design features of a variety of applications can help us determine whether it is suitable for cloud computing, and cloud computing provides a highly flexible architecture that allows easy creation, undo, configuration changes, extensions, and contractions as needed. But not all applications are specifically designed for cloud mode.

Next we focus on the public cloud, which national Cato of Standards and Marvell defines as: The cloud architecture is open to the general public or to a large industry group, and the cloud service is sold through an organization.

migrating applications or deploying them directly into the cloud is a sensible business practice, but only if it ensures success. Before entering the cloud, examining each application as follows can help us to judge:

◇ Flexible Authorization

◇ Concurrent Design

◇ Moderate Client Connection bandwidth requirements

◇ Network based on IP protocol

◇ Safety Application

The driving force for most companies and organizations to invest in cloud architectures is the desire to save costs or provide dynamic scalability. If you want to ensure successful deployment or migration, the following five areas of application features are critical:

I. Authorization

Many times, each application is made up of several different components, most of which require independent authorization support. Review each licensing protocol to determine whether or not it affects the deployment of the cloud.

For example, suppose the application is authorized according to the number of CPUs, and when the cloud deployment mode is run and a new instance is needed to support more resources, simply extend the appropriate authorization. You need to make sure that each authorization has an impact on scalability.

Ii. process requirements and memory lockout issues

If dynamic scalability is the most critical factor in your choice of cloud, the application needs to support parallel operations at the beginning of the design. Assuming that the application is designed to take multiple threads into account, and that it supports splitting the process into smaller chunks, it can be well applied to the cloud architecture.

Conversely, if the application is designed to be a single process model, it will be difficult to benefit from the distributed computing advantages of the cloud.

In addition, the application of how to handle sessions and locks can also have an impact on deployment and migration behavior. If the application uses a central locking or session mechanism, including memory based locking and sessions, it is likely that the cloud's dynamic expansion advantage will not be exploited. Because the locking mechanism is limited to a single system, it is directly in conflict with the working mechanism of cloud computing.

Iii. Bandwidth Requirements

When a user accesses a public cloud over the Internet, bandwidth is an important limiting factor compared to a private cloud. Given this limitation, you can only use applications that are not very large for client bandwidth requirements.

Assuming that your application requires frequent exchange of data between the client and the server through Microsoft's File sharing function, the user will feel a noticeable delay because the data flow between the two is already far beyond the bandwidth of the client's network connection. It should be noted that this is not due to the connection bandwidth limitations of the cloud vendor internal server to the server, as they typically employ more powerful server connectivity within the cloud.

Iv. Connection Agreements

It is also important to consider that the cloud is based on IP protocol, so applications must also be based on IP protocol communication. Although there are many protocols that can run on top of IP, TCP is still preferred.

V. Data security

The application also needs to protect data security in the process of storage, operation and transmission. There are three key points:

◇ the data in the transmission process should be protected at the application or transport level. You will find that most applications choose to be protected at the transport layer, and SSL (Secure Sockets Layer)/tls (by Layer Security) protocol is frequently used.

◇ static data should be protected for application. Applications need to provide a secure way to protect data stored in the cloud. The static data encryption function is the best choice at this time.

◇ server to server connections are often forgotten because they are already in the data center. You need to ensure that the data is secure from the server to the server, from the cloud instance to the cloud instance, including the connection between the client and the server.

Keep in mind that before considering the cloud, it is important to examine several key aspects of the application in design. These factors determine whether the application is suitable for cloud mode.

Attached：

Protecting data in the cloud

Data in the cloud may be stored in the following locations:

◇ Local Storage-for example, data for engine virtual machines. Data is bound to the location and state of the virtual machine.

◇ Persistent data storage-for example, Amazon EBS or S3 or Azure SQL data is stored independently of the location and state of the virtual machine.

◇ transmission on the line.

Meet data protection requirements in the following ways

◇ file system and shared access Control list: This provides a degree of limited protection to data by means of access control mechanisms. However, there is no way to protect malicious access by the cloud vendor's internal staff.

◇ mixed public cloud and private cloud architecture for encryption: This is primarily used to protect malicious access to employees within the cloud vendor.

◇ Transport Layer Encryption: This method can be used to transmit and transfer highly confidential information.