Shivajirao S Jondhale College of Engineering, Dombivli (E)

Department of Computer Engineering

Department of Computer Engineering

VISION

To impart quality technical education in the department of Computer Engineering for

creating competent and ethically strong engineers with capabilities of accepting new
challenges.

MISSION

 Our efforts are dedicated to impart quality technical education to prepare

engineering graduates who excel in programming skills.
 Our strength is to serve society by producing globally competent professionals.
 Our endeavor is to provide all possible support to build strong teaching environment
to provide quality education in Computer Engineering.

PROGRAM EDUCATIONAL OBJECTIVES (PEOS)

 To prepare learners with a sound foundation in the mathematical, scientific and

Engineering fundamentals
 To develop among learners ability to formulate, analyze and solve engineering
problems in real life
 To encourage, motivate and prepare learners to inculcate professional and ethical
attitude for lifelong learning
 To prepare learner to become generalist engineers and for pursuing higher studies

PROGRAM SPECIFIC OUTCOMES (PSOs)

 Ability to use software methodology and various software tools for developing
system programs, high quality web apps and solutions to complex real world
problems.
 Ability to identify and use suitable data structure and analyze the various algorithm
for given problem from different domains
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

CSL605: Cloud Computing Lab

Semester – VI

LAB OBJECTIVES:

1. To make students familiar with key concepts of virtualization.

2. To make students familiar with various deployment models of cloud such as private,
public, hybrid and community so that they star using and adopting appropriate type
of cloud for their application..
3. To make students familiar with various service models such as IaaS, SaaS, PaaS,
Security as a Service (SECaaS) and Database as a Service.
4. To make students familiar with security and privacy issues in cloud computing and
how to address them.

LAB OUTCOME:
At the end of the course, the students will be able to

1. Implement different types of virtualization techniques.

2. Analyze various cloud computing service models and implement them to solve the
given problems.
3. Design and develop real world web applications and deploy them on commercial
cloud(s).
4. Explain major security issues in the cloud and mechanisms to address them.
5. Explore various commercially available cloud services and recommend the
appropriate one for the given application.
6. Implement the concept of containerization.
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

CSL605: Cloud Computing Lab

Semester – VI
List of experiment

Sr. No. Title of the Experiment Page

No.
1 Introduction and overview of cloud computing. 1
2 To study and implement Hosted Virtualization using 15
VirtualBox & KVM.
3 To study and Implement Bare-metal Virtualization 23
using Xen, HyperV or VMware Esxi.
4 To study and Implement Infrastructure as a Service 37
using AWS/Microsoft Azure.
5 To study and Implement Platform as a Service using 47
AWS Elastic Beanstalk/ Microsoft Azure App Service.
6 To study and Implement Storage as a Service using 53
Own Cloud/ AWS S3, Glaciers/ Azure Storage.
7 To study and Implement Database as a Service on 59
SQL/NOSQL databases like AWS RDS, AZURE SQL/
MongoDB Lab/ Firebase.
8 To study and Implement Security as a Service on 69
AWS/Azure.
9 To study and implement Identity and Access 71
Management (IAM) practices on AWS/Azure Cloud.
10 To study and Implement Containerization using 78
Docker.
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

CSL605: Cloud Computing Lab

Semester – VI
Experiments to LO Mapping

Expt Title Prior References LO

No. (Subtopic Name) Concept (From Syllabus) Mapping
(Chapter
Name/Conce
pt)
1 Introduction and Computer Barrie Sosinsky, “Cloud LO2
overview of cloud Networks Computing Bible”, Wiley
computing. publishing.

2 Hosted Virtualization Hosted Barrie Sosinsky, “Cloud LO1

using VirtualBox & Virtualization Computing Bible”, Wiley
KVM. publishing.
3 Bare-metal Bare-metal Barrie Sosinsky, “Cloud LO1
Virtualization using Xen, Virtualization Computing Bible”, Wiley
HyperV orVMware Esxi. publishing.
4 Infrastructure as a Infrastructure John Paul Mueller, “AWS for LO2
Service using as a Service Admins for Developers”, John
AWS/Microsoft Azure. Wiley & Sons, Inc.

5 Platform as a Service Platform as a John Paul Mueller, “AWS for LO2

using AWS Elastic Service Admins for Developers”, John
Beanstalk. Wiley & Sons, Inc.
6 Storage as a Service Storage as a John Paul Mueller, “AWS for LO2
using Own Cloud/ AWS Service Admins for Developers”, John
S3, Glaciers Wiley & Sons, Inc.
7 Database as a Service on Database as a Michael Collier, Robin LO5
SQL/NOSQL databases Service Shahan, “Fundamentals of
like AWS RDS, AZURE Azure, Microsoft Azure
SQL/ MongoDB Lab.
Essentials”, Microsoft Press.

8 Security as a Service on Security as a John Paul Mueller, “AWS for LO4

AWS/Azure. Service Admins for Developers”, John
Wiley & Sons, Inc.
9 Identity and Access Identity and John Paul Mueller, “AWS for LO3
Management (IAM) Access Admins for Developers”, John
practices on AWS/Azure Management Wiley & Sons, Inc.
10 Containerization using Containerizati Ken Cochrane, Chelladhurai, LO6
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Docker. on NeependraKhare , “Docker

Cookbook - Second

Edition”, Packt publication

 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Experiment No - 01

Aim -
To study NIST model of cloud computing.

Objective -

Understand deployment models, service models and advantages of cloud

computing.

Purpose and Scope –

Cloud computing is an evolving paradigm. The NIST definition characterizes

important aspects of cloud computing and is intended to serve as a means for broad
comparisons of cloud services and deployment strategies, and to provide a baseline
for discussion from what is cloud computing to how to best use cloud computing.
The service and deployment models defined form a simple taxonomy that is not
intended to prescribe or constrain any particular method of deployment, service
delivery, or business operation.

Theory -

The NIST Model

The National Institute of Standards and Technology (NIST) is an agency
under the scope of US Department of Commerce which is responsible for
expounding & defining standards in Science and Technology. The Computer
Security Division of NISD has provided a formal definition of Cloud computing.
The US government is a major consumer of computer technology and also one of the
major cloud computing network users. According to the NIST working definition of
cloud, deployment model is one of the two categories of model illustrated by NIST.
The NIST model doesn't require cloud technology to use virtualization to share
resources. Cloud support multi-tenancy; multi-tenancy is the concept of sharing of

CC Lab/ VI (‘C’Scheme) 1
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

resources among two or more clients. The latest NIST model of cloud computing
requires virtualization and utilizes the concept of multi-tenancy.

The NIST Definition of Cloud Computing

Cloud computing is a model for enabling ubiquitous, convenient, on-demand

network access to a shared pool of configurable computing resources (e.g., networks,
servers, storage, applications, and services) that can be rapidly provisioned and
released with minimal management effort or service provider interaction. This cloud
model is composed of five essential characteristics, three service models, and four
deployment models.

Essential Characteristics:

 On-demand self-service: A consumer can unilaterally provision computing

capabilities, such as server time and network storage, as needed
automatically without requiring human interaction with each service provider.
 Broad network access: Capabilities are available over the network and
accessed through standard mechanisms that promote use by heterogeneous
thin or thick client platforms (e.g., mobile phones, tablets, laptops, and
workstations).
 Resource pooling: The provider’s computing resources are pooled to serve
multiple consumers using a multi-tenant model, with different physical and
virtual resources dynamically assigned and reassigned according to consumer
demand. There is a sense of location independence in that the customer
generally has no control or knowledge over the exact location of the provided
resources but may be able to specify location at a higher level of abstraction
(e.g., country, state, or datacenter). Examples of resources include storage,
processing, memory, and network bandwidth.
 Rapid elasticity: Capabilities can be elastically provisioned and released, in
some cases automatically, to scale rapidly outward and inward commensurate
CC Lab/ VI (‘C’Scheme) 2
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

with demand. To the consumer, the capabilities available for provisioning

often appear to be unlimited and can be appropriated in any quantity at any
time.
 Measured service: Cloud systems automatically control and optimize
resource use by leveraging a metering capability1 at some level of abstraction
appropriate to the type of service (e.g., storage, processing, bandwidth, and
active user accounts). Resource usage can be monitored, controlled, and
reported, providing transparency for both the provider and consumer of the
utilized service.

Deployment Models:

A cloud deployment models represent a specific type of cloud environment

that are distinguished by ownership, size, and access. NIST offers guidance via their
definitions of each of the four deployment cloud models (Private, Community,
Public, and Hybrid). Although a one-size-fits all cloud solution does not exist, each
model offers to fill a specific niche for a client based on its inherent features and
abilities. In the following prompts, well aim to make sense of NISTs technical
definitions of these deployment models to help you better understand which
solutions fits the needs of your firm best.

1. Private cloud:
The cloud infrastructure is provisioned for exclusive use by a single
organization comprising multiple consumers (e.g., business units). It may be
owned, managed, and operated by the organization, a third party, or some
combination of them, and it may exist on or off premises.
Private Cloud also termed as 'Internal Cloud'; which allows the accessibility
of systems and services within a specific boundary or organization. The cloud
platform is implemented in a cloud-based secure environment that is guarded by
advanced firewalls under the surveillance of the IT department that belongs to a
CC Lab/ VI (‘C’Scheme) 3
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

particular organization. Private clouds permit only authorized users, providing

the organizations greater control over data and its security. Business
organizations that have dynamic, critical, secured, management demand based
requirement should adopt Private Cloud.

The advantages of using a private cloud are:

1. Highly private and secured: Private cloud resource sharing is highly

secured.
2. Control Oriented: Private clouds provide more control over its resources
than public cloud as it can be accessed within the organization's boundary.

The Private cloud has the following disadvantages:

1. Poor scalability: Private type of clouds is scaled within internal limited

hosted resources.
2. Costly: As it provides secured and more features, so it's more expensive than
a public cloud.
3. Pricing: is inflexible; i.e., purchasing new hardware for up-gradation is more
costly.
4. Restriction: It can be accessed locally within an organization and is difficult
to expose globally.

2. Community cloud:
The cloud infrastructure is provisioned for exclusive use by a specific
community of consumers from organizations that have shared concerns (e.g.,
mission, security requirements, policy, and compliance considerations). It may be
owned, managed, and operated by one or more of the organizations in the
community, a third party, or some combination of them, and it may exist on or
off premises.

CC Lab/ VI (‘C’Scheme) 4
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Community Cloud is another type of cloud computing in which the setup of

the cloud is shared manually among different organizations that belong to the
same community or area. Example of such a community is where
organizations/firms are there along with the financial institutions/banks. A multi-
tenant setup developed using cloud among different organizations that belong to
a particular community or group having similar computing concern.
For joint business organizations, ventures, research organizations and tenders
community cloud is the appropriate solution. Selection of the right type of cloud
hosting is essential in this case. Thus, community-based cloud users need to
know and analyze the business demand first.

3. Public cloud:
The cloud infrastructure is provisioned for open use by the general public. It
may be owned, managed, and operated by a business, academic, or government
organization, or some combination of them. It exists on the premises of the cloud
provider.
Public Cloud is a type of cloud hosting that allows the accessibility of
systems & its services to its clients/users easily. Some of the examples of those
companies which provide public cloud facilities are IBM, Google, Amazon,
Microsoft, etc. This cloud service is open for use. This type of cloud computing
is a true specimen of cloud hosting where the service providers render services to
various clients. From the technical point of view, there is the least difference
between private clouds and public clouds along with the structural design. Only
the security level depends based on the service providers and the type of cloud
clients use. Public cloud is better suited for business purposes for managing the
load. This type of cloud is economical due to the decrease in capital overheads.

The advantages of the Public cloud are:

CC Lab/ VI (‘C’Scheme) 5
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

1. Flexible
2. Reliable
3. High Scalable
4. Low cost
5. Place independence

This type also holds some disadvantages such as:

1. Less Secured
2. Poor Customizable

4. Hybrid cloud:
The cloud infrastructure is a composition of two or more distinct cloud
infrastructures (private, community, or public) that remain unique entities, but
are bound together by standardized or proprietary technology that enables data
and application portability (e.g., cloud bursting for load balancing between
clouds).
Hybrid Cloud is another cloud computing type, which is integrated, i.e., it
can be a combination of two or more cloud servers, i.e., private, public or
community combined as one architecture, but remain individual entities. Non-
critical tasks such as development and test workloads can be done using public
cloud whereas critical tasks that are sensitive such as organization data handling
are done using a private cloud. Benefits of both deployment models, as well as a
community deployment model, are possible in a hybrid cloud hosting. It can
cross isolation and overcome boundaries by the provider; hence, it cannot be
simply categorized into any of the three deployments - public, private or
community cloud.

CC Lab/ VI (‘C’Scheme) 6
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Advantages of Hybrid Cloud Computing are:

[Link]
[Link]
[Link] Effective
[Link] Scalable

Disadvantages of Hybrid Cloud are:

[Link] networking problem

[Link]'s security Compliance

Service Models:

NIST defines three service models for cloud computing:

1. Infrastructure as a Service (IaaS)

2. Platform as a Service (PaaS)

3. Software as a Service (SaaS)

Figure 1 Cloud Service Models

CC Lab/ VI (‘C’Scheme) 7
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

The basic thing that separates these three service models is “who’s responsible
for what?”. As you can see in Figure 1, the further “up” the stack you go, the greater
the responsibility assumed by the cloud service provider.

One thing to notice here is that, in all cases, the Cloud Provider is responsible for
the physical infrastructure (which will likely include a hypervisor to support the
creation of virtual machines), and the Cloud Consumer is responsible for application
configuration, personalization, and data. You’ll also notice in the diagram that, from
the Cloud Provider perspective, SaaS “sits on” PaaS which sits on IaaS. I want to
note that this is certainly a viable configuration (i.e. a PaaS Cloud Provider could
deploy their PaaS capability onto their own – or someone else’s – IaaS infrastructure
& SaaS can run on PaaS), but it’s not the way it has to be. In fact, that’s not usually
the optimal way to run PaaS or SaaS. The reason for that is because an IaaS
infrastructure is optimized to run a wide range of generic workloads. If you know in
advance what the characteristics of your workload are (which, if you’re deploying
PaaS or SaaS, you have a pretty good idea), you can tune your infrastructure to best
meet the demands of that workload. For example, if you were offering a SaaS
logging service, you would want to optimize your storage infrastructure for
streaming writes, whereas if you were offering a database as a part of your PaaS
offering, you would want to optimize your storage based on the I/O patterns specific
to the database system you were using. In any event, simply understand that the
models can but don’t have to be stacked on top of one another. Another way to
conceptualize the three models is to look at the likely consumers of each. They really
are targeted at very different users!

1. Software as a Service (SaaS): The capability provided to the consumer is to use

the provider’s applications running on a cloud infrastructure . The applications
are accessible from various client devices through either a thin client interface,
such as a web browser (e.g., web-based email), or a program interface. The
consumer does not manage or control the underlying cloud infrastructure
CC Lab/ VI (‘C’Scheme) 8
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

including network, servers, operating systems, storage, or even individual

application capabilities, with the possible exception of limited userspecific
application configuration settings.
The Cloud Provider is responsible for everything up through the application
and the Cloud Consumer is responsible for the application configuration,
personalization, and application data. SaaS is the “holy grail” of cloud computing
because it allows the business consumer to focus on the application, which is
where their business processes and everything that makes them unique lives. It
also allows the Cloud Provider to focus on the infrastructure and compete with
other Cloud Providers based on price and performance.
2. Platform as a Service (PaaS): The capability provided to the consumer is to
deploy onto the cloud infrastructure consumer-created or acquired applications
created using programming languages, libraries, services, and tools supported by
the provider. The consumer does not manage or control the underlying cloud
infrastructure including network, servers, operating systems, or storage, but has
control over the deployed applications and possibly configuration settings for the
application-hosting environment.
With PaaS, the target audience is either the application developer or the
application hoster. Platform as a Service implies that the Cloud Provider is
responsible for everything up to the application environment. This includes
middleware (such as JBOSS, Spring, STRUTS, the .Net framework) and all the
app developer has to do is start writing code – the hoster simply installs the app
and turns around and offers it to his customers as PaaS. Since the Cloud Provider
manages all the underlying components, the developer doesn’t have to worry
about whether everything is configured correctly – it was built using the same
automated system the other instances in the cloud were built with.
3. Infrastructure as a Service (IaaS): The capability provided to the consumer is
to provision processing, storage, networks, and other fundamental computing

CC Lab/ VI (‘C’Scheme) 9
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

resources where the consumer is able to deploy and run arbitrary software, which
can include operating systems and applications. The consumer does not manage
or control the underlying cloud infrastructure but has control over operating
systems, storage, and deployed applications; and possibly limited control of
select networking components (e.g., host firewalls).
The typical consumer for an IaaS offering is a system administrator. If you
refer back to Figure 1, you’ll see that this makes sense. With IaaS, the consumer
is responsible for the operating system and everything above it. This is very
much the way that many data centers operate in a “traditional” IT shop, with the
“data center” team providing ping, power, and pipe to the system administrator.
This is also one of the reasons that I view IaaS pretty much as a better way of
doing what we’ve been doing for the last 20 years!

The target consumer for each service model, along with the Cloud Provider
responsibilities is summarized in

SERVICE MODEL PROVIDER TARGET

RESPONSIBILITY CONSUMER
IaaS Physical Infrastructure Hypervisor System
Administrator
PaaS Physical Infrastructure Application Developer /
Hypervisor Hoster
Operating System
Middleware / Dev Stack
SaaS Physical Infrastructure Application
Hypervisor Administrator / End
Operating System User
Middleware Application
Table 1: Target Consumer by Service Model

That pretty much wraps up the NIST view of the three different service models.
And now, just when you begin to think you’re getting a handle on all this, Gartner
has to go throw a wrench in the works. Apparently, they aren’t content with the

CC Lab/ VI (‘C’Scheme) 10
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

NIST definitions, so they came up with the following “additions” to the IaaS
category:

 Self-managed IaaS, for cost-effective agile replacement of traditional data center

infrastructure.
 Lightly managed IaaS, for customers who wish to primarily self-manage but
want the provider to be responsible for routine operations tasks.
 Complex managed hosting, for customers who want to outsource operational
responsibility for the infrastructure underlying Web content and applications.

Advantages of Cloud Computing

Cloud Computing is an emerging technology that almost every company is being
switched to from its on-premise technologies. Whether it is public, private, or hybrid,
Cloud Computing has become an essential factor for companies to rise up to the
competition. Let us find out why the cloud is so much preferred over the on-premise
technologies.

CC Lab/ VI (‘C’Scheme) 11
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Cost efficiency: The biggest reason behind companies shifting to Cloud Computing
is that it takes considerably lesser cost than any on-premise technology. Now,
companies need not store data in disks anymore as the cloud offers enormous storage
space, saving money and resources.
High speed: Cloud Computing lets us deploy the service quickly in fewer clicks.
This quick deployment lets us get the resources required for our system within
minutes.
Excellent accessibility: Storing information in the cloud allows us to access it
anywhere and anytime regardless of the machine making it a highly accessible and
flexible technology of the present times.
Back-up and restore data: Once data is stored in the cloud, it is easier to get its
back-up and recovery, which is quite a time-consuming process in on-premise
technology.
Manageability: Cloud Computing eliminates the need for IT infrastructure updates
and maintenance since the service provider ensures timely, guaranteed, and seamless
delivery of our services and also takes care of all the maintenance and management
of our IT services according to the service-level agreement (SLA).
Sporadic batch processing: Cloud Computing lets us add or subtract resources and
services according to our needs. So, if the workload is not 24/7, we need not worry
about the resources and services getting wasted and we won’t end up stuck with
unused services.
Strategic edge: Cloud Computing provides a company with a competitive edge over
its competitors when it comes to accessing the latest and mission-critical applications
that it needs without having to invest its time and money on their installations. It lets
the company focus on keeping up with the business competition by offering access to
the most trending and in-demand applications and doing all the manual work of
installing and maintaining the applications for the comapny.
Disadvantages of Cloud Computing
Every technology has both positive and negative aspects that are highly important to
be discussed before implementing it. The aforementioned points highlight the
benefits of using cloud technology and the following discussion will outline the
potential cons of Cloud Computing.
Vulnerability to attacks: Storing data in the cloud may pose serious challenges of
information theft since in the cloud every data of a company is online. Security
breach is something that even the best organizations have suffered from and it’s a
CC Lab/ VI (‘C’Scheme) 12
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

potential risk in the cloud as well. Although advanced security measures are
deployed on the cloud, still storing confidential data in the cloud can be a risky affair.

Network connectivity dependency: Cloud Computing is entirely dependent on the

Internet. This direct tie-up with the Internet means that a company needs to have
reliable and consistent Internet service as well as a fast connection and bandwidth to
reap the benefits of Cloud Computing.
Downtime: Downtime is considered as one of the biggest potential downsides of
using Cloud Computing. The cloud providers may sometimes face technical outages
that can happen due to various reasons, such as loss of power, low Internet
connectivity, data centers going out of service for maintenance, etc. This can lead to
a temporary downtime in the cloud service.
Vendor lock-in: When in need to migrate from one cloud platform to another, a
company might face some serious challenges because of the differences between
vendor platforms. Hosting and running the applications of the current cloud platform
on some other platform may cause support issues, configuration complexities, and
additional expenses. The company data might also be left vulnerable to security
attacks due to compromises that might have been made during migrations.
CC Lab/ VI (‘C’Scheme) 13
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Limited control: Cloud customers may face limited control over their deployments.
Cloud services run on remote servers that are completely owned and managed by
service providers, which makes it hard for the companies to have the level of control
that they would want over their back-end infrastructure.

Conclusion-

The NIST definition lists five essential characteristics of cloud computing:

on-demand self-service, broad network access, resource pooling, rapid elasticity or
expansion, and measured service. It also lists three "service models" (software,
platform and infrastructure), and four "deployment models" (private, community,
public and hybrid) that together categorize ways to deliver cloud services. The
definition is intended to serve as a means for broad comparisons of cloud services
and deployment strategies, and to provide a baseline for discussion from what is
cloud computing to how to best use cloud computing.

Books:

1. Enterprise Cloud Computibng by Gautam Shroff, Cambridge,2010

2. Cloud Security by Ronald Krutz and Russell Dean Vines, Wuiley-India, 2010
3. Getting Started with OwnCloud by Aditya Patawar, Packet Publishing Ltd, 2013

References:

1. [Link]
2. [Link]
3. [Link]
computing/#The_NIST_Model
4. [Link]
5. [Link]
published

CC Lab/ VI (‘C’Scheme) 14
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Experiment No - 02
Aim: To study and implement Hosted Virtualization using VirtualBox& KVM.
Objective: To know the concept of Virtualization along with their types, structures
and mechanisms. This experiment should have demonstration of creating and
running Virtual machines inside hosted hypervisors like VirtualBox and KVM with
their comparison based onvarious virtualization parameters.
Steps:
Hosted Virtualization on Oracle Virtual Box Hypervisor
Step 1: Download Oracle Virtual box from
[Link]

Step 2: Install it in Windows, Once the installation has done open it.

CC Lab/ VI (‘C’Scheme) 15
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Step 3:-:Create Virtual Machine by clicking on New

Step 4-: Specify RAM Size, HDD Size, and Network Configuration and Finish the
wizard

CC Lab/ VI (‘C’Scheme) 16
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Step 5. To Select the media for installation Click on start and browse for iso file

Step 6: Complete the Installation and use it.

CC Lab/ VI (‘C’Scheme) 17
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Step 7: To Connect OS to the network change network Mode to Bridge Adapter

Hosted Virtualization on KVM Hypervisor

The Steps to Create and run Virtual machines in KVM are as follows
1) Check whether CPU has hardware virtualization support.
KVM only works if your CPU has hardware virtualization
support – either Intel VT-x orAMD-
V. To determine whether your CPU includes these features, run
the following command:#sudo grep -c "svm\|vmx"
/proc/cpuinfo

CC Lab/ VI (‘C’Scheme) 18
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

2) Install KVM and supporting packages.

Virt-Manager is a graphical application for managing your virtual
[Link] can use thekvm
command directly, but libvirt and Virt-
Manager simplify the process.#sudo apt-get
install qemu-kvm libvirt-bin bridge-utils
virt-manager

3) Create User.
Only the root user and users in the libvirtd group have
permission to use KVM virtualmachines.
Run the following command to add your user account to the libvirtd group: #sudo
adduser tsec
#sudo adduser tsec libvirtd
After running this command, log out and log back in as tsec

CC Lab/ VI (‘C’Scheme) 19
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

1)Check whether everything is working correctly.

Run following command after logging back in as tsec and you should see an empty
list of virtual
machines.
This indicates that everything is working correctly. #virsh -c qemu:///system list

2)Open Virtual Machine Manager application and Create Virtual Machine #virt-
manager

CC Lab/ VI (‘C’Scheme) 20
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

3)Create and run Virtual Machines

CC Lab/ VI (‘C’Scheme) 21
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Conclusion: Thus, in this experiment we have created and ran virtual machines on
hosted hypervisor Oracle VirtualBox and KVM and we can see expected results.

CC Lab/ VI (‘C’Scheme) 22
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Experiment No:03
Aim: To study and Implement Bare-metal Virtualization using Xen server.
Objective: To understand the functionality of Bare-metal hypervisors and their
relevance in cloud computing platforms. This experiment should have
demonstration of install, configure and manage Bare Metal hypervisor along with
instructions to create and run virtual machines inside it. It should also emphasize on
accessing VMs in different environments along with additional services provided by
them like Load balancing, Auto-Scaling, Security etc.
Theory:
Step 1: Install Xen Server
Step i-: Insert Bootable Xen Server CD into CDROM and Step ii-: press F2 to
see the advanced options, Make first boot device as a CDROM from BIOS
otherwise press Enter to start installation

Step iii -: Select Keyboard Layout Step iv -:Press Enter to load Device Drivers

CC Lab/ VI (‘C’Scheme) 23
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Step v -:Press Enter to Accept End user license Agreement Step vi -:Select
Appropriate
disk on which you want to install Xen server

CC Lab/ VI (‘C’Scheme) 24
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Step vii -:Select Appropriate installation Media Step viii -:Select Additional
Packages for installation

Step ix-: Specify Root password Step x -: Specify IP Address to a

XenServer

CC Lab/ VI (‘C’Scheme) 25
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Step xi-:Select Time Zone Step xii-:Specify NTP Servers address or use manual
time entry then start installation

Once installation is done you will see the final screen shown below.

Xen Server Final Screenshot

Step 2: Connect Xen Server to Xen Center

Firstly, download the xen center a management utily from xen server by opening the
xen severs IP address as a URL on browser. Once Xen center is downloaded, install
[Link] Xen center from start menu of Windows.

CC Lab/ VI (‘C’Scheme) 26
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Here’s how XenCenter looks like (see screenshot below) before any hosts, resource
pools, and so on, are added to it. To connect to the XenServer host you configured
earlier, click Add a server.

Enter the IP address I asked you to take note of earlier. Also enter the password you
assigned for your root account. Click Add.

CC Lab/ VI (‘C’Scheme) 27
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

One of the first things you want to make sure as you’re adding a new XenServer to
XenCenter is to save and restore the server connection state on startup. Check the
box that will do just that.

Once you do that, you will be allowed to configure a master password for all the
XenServers you’ll be associating with this XenCenter. Click the Require a master
password checkbox if that’s what you want to do, and then enter your desired master
password in the fields provided.

After you click OK, you’ll be brought back to the main screen, where you’ll see
your XenServer already added to XenCenter.

CC Lab/ VI (‘C’Scheme) 28
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Step-:3 Create Storage Repository and Installing VM

Now Before Creating VM we have to Create Storage Repository first which is
nothing but shared directory on Xen Center which holds all iso files and which is
required to install Operating system
on Xen Server its steps are as [Link] click on Xenserver icon on xen center
and click on New SR

Now Select Windows CIFS library

CC Lab/ VI (‘C’Scheme) 29
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Specify Storage Repository Name

Now specify path of shared folder at client side which holds all iso files of os or VM
which we are going to install on Xen Server.

CC Lab/ VI (‘C’Scheme) 30
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

At the end Click on finish to create SR.

To check all iso files click on CIFS library and select storage this will show you all
iso files.

Installation of UBUNTU Server on Xen Server

Step 1 -: Right click on Xenserver icon on xen center and select New VM

CC Lab/ VI (‘C’Scheme) 31
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Now select an Operating System to be install here select Ubuntu Lucid Lynx and
click on next

Now specify Instance Name as ubuntu server

Select iso file of Ubuntu server 10.10 to be install

CC Lab/ VI (‘C’Scheme) 32
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Now select hardware for vm i.e. no. of cpu’s and memory

Select local storage

Select network

CC Lab/ VI (‘C’Scheme) 33
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

And click on finish

Now go to Console tab to install ubuntu and follow installation Steps.

The Xen orchestra provides web based functionality of Xen [Link] provides
access to all the VMs with their lifecycle management which are installed over Xen
Server shown in figure

CC Lab/ VI (‘C’Scheme) 34
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Xen Orchestra (XOA) Portal

The Windows XP image running on Xen Orchestra over Google chrome web
browser is shown in following screenshot

Windows XP running on Xen orchestra (XOA)

Conclusion:
Thus, we have understood, studied and Implemented Bare-metal Virtualization
using Xen.

CC Lab/ VI (‘C’Scheme) 35
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Experiment No:04
Aim: To study and Implement Infrastructure as a Service using AWS/Microsoft
Azure.
Objective: To demonstrate the steps to create and run virtual machines inside public
cloud platform. This experiment should emphasize on creating and running
Linux/Windows Virtual machine inside Amazon EC2 or Microsoft Azure Compute
and accessing them using RDP or VNC tools.
Theory:
Implementation:
1)To demonstrate and implement IAAS service using AWS (Use [Link] (Free tier
eligible) (instance only).

CC Lab/ VI (‘C’Scheme) 36
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

CC Lab/ VI (‘C’Scheme) 37
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

CC Lab/ VI (‘C’Scheme) 38
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

CC Lab/ VI (‘C’Scheme) 39
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

CC Lab/ VI (‘C’Scheme) 40
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

CC Lab/ VI (‘C’Scheme) 41
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

CC Lab/ VI (‘C’Scheme) 42
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

CC Lab/ VI (‘C’Scheme) 43
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

CC Lab/ VI (‘C’Scheme) 44
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

CC Lab/ VI (‘C’Scheme) 45
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Conclusion:
Thus, in this practical we have studied and implemented Infrastructure as a Service
using AWS/Microsoft Azure.

CC Lab/ VI (‘C’Scheme) 46
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Experiment No:05
Aim: To study and Implement Platform as a Service using AWS Elastic Beanstalk/
Microsoft Azure App Service.
Objective: To demonstrate the steps to deploy Web applications or Web services
written in different languages on AWS Elastic Beanstalk/ Microsoft Azure App
Service.
Implementation:

CC Lab/ VI (‘C’Scheme) 47
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

CC Lab/ VI (‘C’Scheme) 48
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Open Netbeans and create maven project

CC Lab/ VI (‘C’Scheme) 49
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Conclusion:
Thus, in this practical we have studied and implemented Infrastructure as a Platform
(PaaS) using AWS Beanstalk.

Experiment No:06
Aim: To study and Implement Storage as a Service using Own Cloud/ AWS S3,
Glaciers/ Azure Storage.
Objective: To understand the concept of Cloud storage and to demonstrate the
different types of storages like object storage, block level storages etc. supported by
Cloud Platforms like Own Cloud/ AWS S3, Glaciers/ Azure Storage.
A)To implement Storage as a service using S3

CC Lab/ VI (‘C’Scheme) 50
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

CC Lab/ VI (‘C’Scheme) 51
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Conclusion: Thus, in this practical we have studied and implemented

Infrastructure as a Platform (PaaS)using AWS Beanstalk.

CC Lab/ VI (‘C’Scheme) 52
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Experiment No:06
Aim: To study and Implement Storage as a Service using Own Cloud/ AWS S3,
Glaciers/Azure Storage.
Objective: To understand the concept of Cloud storage and to demonstrate the
different typesof storages like object storage, block level storages etc. supported by
Cloud Platforms like Own Cloud/ AWS S3, Glaciers/ Azure Storage.
A) To implement Storage as a service using S3

CC Lab/ VI (‘C’Scheme) 53
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

CC Lab/ VI (‘C’Scheme) 54
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

CC Lab/ VI (‘C’Scheme) 55
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

B) S3 Glaciers

CC Lab/ VI (‘C’Scheme) 56
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

CC Lab/ VI (‘C’Scheme) 57
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Conclusion: Thus we have studied and Implemented Storage as a Service using

Own Cloud/AWS S3, Glaciers/ Azure Storage.

CC Lab/ VI (‘C’Scheme) 58
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Experiment No:07
Aim: To study and Implement Database as a Service on SQL/NOSQL databases
likeAWS RDS, AZURE SQL/ MongoDB Lab/ Firebase.
Objective: To know the concept of Database as a Service running on cloud and to
demonstratethe CRUD operations on different SQL and NOSQL databases running
on cloud like AWS RDS, AZURE SQL/ Mongo Lab/ Firebase.

A) Creating AWS RDS database instance :

[Link] in to the AWS Management Console and open the Amazon RDS console at
[Link]
[Link] the upper-right corner of the Amazon RDS console, choose the AWS Region in
which you want to create the DB instance.
[Link] the navigation pane, choose Databases.
[Link] Create database and make sure that Easy create is chosen.

[Link] Engine type, choose Microsoft SQL Server.

[Link] DB instance size, choose Free tier.
[Link] DB instance identifier, enter sample-instance, or leave the default name.
[Link] Master username, enter a name for the master user, or leave the default name.
9. To use an automatically generated master password for the DB instance, select
the Auto generate a password box.
To enter your master password, clear the Auto generate a password box, and then
enter the same password in Master password and Confirm password.
CC Lab/ VI (‘C’Scheme) 59
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

The Create database page should look similar to the following image.

CC Lab/ VI (‘C’Scheme) 60
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

10.(Optional) Expand View default settings for Easy create.

The following are important considerations for changing the default settings :
In some cases, you might want your DB instance to use a specific virtual private
cloud (VPC) based on the Amazon VPC service. Or you might require a specific
subnet group or security group. If so, use Standard create to specify these resources.
You might have created these resources when you set up for Amazon RDS. For
more information, see Provide access to your DB instance in your VPC by creating
a security group.
If you want to be able to access the DB instance from a client outside of its VPC;
use Standard create to set Public access to Yes.
If the DB instance should be private, leave Public access set to No.
[Link] Create database.
If you chose to use an automatically generated password, the View credential details
button appears on the Databases page.

CC Lab/ VI (‘C’Scheme) 61
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

To view the master user name and password for the DB instance, choose View
credential details

To connect to the DB instance as the master user, use the user name and password
that appear. 12. For Databases, choose the name of the new Microsoft SQL Server
DB instance.
On the RDS console, the details for the new DB instance appear. The DB instance
has a status of Creating until the DB instance is ready to use. When the state
changes to Available, you can connect to the DB instance. Depending on the DB
instance class and the amount of storage, it can take up to 20 minutes before the new
instance is available.
To connect to the DB instance as the master user, use the user name and password
that appear.
[Link] Databases, choose the name of the new Microsoft SQL Server DB instance.
On the RDS console, the details for the new DB instance appear. The DB instance
has a status of Creating until the DB instance is ready to use. When the state
changes to Available, you can connect
to the DB instance. Depending on the DB instance class and the amount of storage,
it can take up to 20
minutes before the new instance is available.

CC Lab/ VI (‘C’Scheme) 62
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

B)Connecting to your sample SQL Server DB instance :

In the following procedure, you connect to your sample DB instance by using
Microsoft SQL Server Management Studio (SSMS).
Before you begin, your database should have a status of Available. If it has a status
of Creating or Backing-up, wait until it shows Available. The status updates
without requiring you to refresh the page. This process can take up to 20 minutes.
Also, make sure that you have SSMS installed. You can also connect to RDS for
SQL Server by using a different tool, such as an add-in for your development
environment or some other database tool. However, this tutorial only covers using
SSMS. To download a standalone version of this SSMS, see Download SQL Server
Management Studio (SSMS) in the Microsoft documentation.

To connect to a DB instance using SSMS

[Link] sure that your DB instance is associated with a security group that provides
access to it. For more information, see Provide access to your DB instance in your
VPC by creating a security group. If you didn't specify the appropriate security
group when you created the DB instance, you can modify the DB instance to change
its security group. For more information, see Modifying an Amazon RDS DB
instance.
CC Lab/ VI (‘C’Scheme) 63
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

[Link] the DNS name and port number for your DB instance.
a. Open the RDS console, and then choose Databases to display a list of your
DB instances.

b. Hover your mouse cursor over the name sample-instance, which is blue.
When you do this, the mouse cursor changes into a selection icon (for example, a
pointing hand). Also, the DB instance name becomes underlined. Click on the DB
instance name to choose it. The screen changes to display the information for the
DB instance you choose.
c. On the Connectivity tab, which opens by default, copy the endpoint. The
Endpoint looks something like this: [Link]-east-
[Link]. Also, note the port [Link] default port for SQL Server
is 1433. If yours is different, write it down.

CC Lab/ VI (‘C’Scheme) 64
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

[Link] SQL Server Management Studio.

The Connect to Server dialog box appears.

[Link] the following information for your sample DB instance:

a. For Server type, choose Database Engine.
b. For Server name, enter the DNS name, followed by a comma and the port
number (the default port is 1433).
For example, your server name should look like the following.

c. For Authentication, choose SQL Server Authentication.

d. For Login, enter the username that you chose to use for your sample DB instance.
This is also known as
the master user name.
e. For Password, enter the password that you chose earlier for your sample DB
instance. This is also known
as the master user password.
[Link] Connect.
After a few moments, SSMS connects to your DB instance.
For more information about connecting to a Microsoft SQL Server DB instance, see
Connecting to a DB instance running the Microsoft SQL Server database engine.
For information on connection issues, see Can't connect to Amazon RDS DB
instance.

C)Exploring your sample SQL Server DB instance

In this procedure, you continue the previous procedure and explore your sample DB
instance by using
Microsoft SQL Server Management Studio (SSMS).

CC Lab/ VI (‘C’Scheme) 65
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

To explore a DB instance using SSMS

[Link] SQL Server DB instance comes with SQL Server's standard built-in system
databases (master, model, msdb, and tempdb). To explore the system databases, do
the following:
a. In SSMS, on the View menu, choose Object Explorer.
b. Expand your DB instance, expand Databases, and then expand System
Databases as shown.

[Link] SQL Server DB instance also comes with a database named rdsadmin.
Amazon RDS uses this database to store the objects that it uses to manage your
database. The rdsadmin database also includes stored procedures that you can run to
perform advanced tasks.
[Link] creating your own databases and running queries against your DB instance
and databases as usual.
To run a test query against your sample DB instance, do the following :
a. In SSMS, on the File menu point to New and then choose Query with
Current Connection.
b. Enter the following SQL query.

CC Lab/ VI (‘C’Scheme) 66
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

c. Run the query. SSMS returns the SQL Server version of your Amazon RDS
DB instance.

D)Deleting your sample DB instance

After you are done exploring the sample DB instance that you created, you should
delete the DB instance so that you are no longer charged for it.
To delete a DB instance
1. Sign in to the AWS Management Console and open the Amazon RDS
console at [Link]
2. In the navigation pane, choose Databases.
3. Choose the button next to sample-instance, or whatever you named your
sample DB instance.
4. From Actions, choose Delete.
[Link] you see a message that says This database has deletion protection option
enabled, follow these
steps:
a. Choose Modify.
b. On the Deletion protection card (near the bottom of the page), clear the box
next to Enable deletion protection. Then choose Continue.
c. On the Scheduling of modifications card, choose Apply immediately. Then
choose Modify DB Instance

CC Lab/ VI (‘C’Scheme) 67
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

d. Try again to delete the instance by choosing Delete from the Actions menu.
6. Clear the box for Create final snapshot. Because this isn't a production
database, you don't need to save
a copy of it.
7. Verify that you selected the correct database to delete. The name "sample-
instance" displays in the title
of the screen : Delete sample-instance instance?
If you don't recognize the name of your sample instance in the title, choose Cancel
and start over.
8. To confirm that you want to permanently delete the database that is displayed
in the title of this screen,
do the following :
Select the box to confirm : I acknowledge that upon instance deletion, automated
backups, including system snapshots and point-in-time recovery, will no longer
be available.
Enter "delete me" into the box To confirm deletion, type delete me into the field.
Choose Delete. This action can't be undone.
The database shows a status of Deleting until deletion is complete.

Conclusion:
Thus, we have successfully studied and implemented Database as a Service on SQL
databases like AWS RDS.

CC Lab/ VI (‘C’Scheme) 68
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Experiment No:08
Aim: To study and Implement Security as a Service on AWS/Azure
Objective: To understand the Security practices available in public cloud platforms
and to demonstrate various Threat detection, Data protection and Infrastructure
protection services in AWS and Azure.
Theory:
Implementation

Express Route

Application Gateway

CC Lab/ VI (‘C’Scheme) 69
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Conclusion:
Thus, in this practical we have studied and Implement Security as a Service on
AWS/Azure.

CC Lab/ VI (‘C’Scheme) 70
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Experiment No:09
Aim: To study and implement Identity and Access Management (IAM) practices on
AWS/Azure cloud.
Objective: To understand the working of Identity and Access Management IAM in
cloud computing and to demonstrate the case study based on Identity and Access
Management (IAM) on AWS/Azure cloud platform.
Implementation:
Create a user from AWS Management Console
Editor's note: AWS uses the names AWS Management Console and AWS Console
interchangeably.
To create a user in AWS, we fill out a form and receive an access ID and secret key.
At this step, we create a user named cli-user with full access permissions and
programmatical access. This user is how we will manage other users later.

Open the IAM console of the AWS Console in a browser window.

[Link] in. Sign in as a root user. Provide username and password when prompted.

Figure 1. Sign into the AWS IAM console as a root user.

[Link] the Users menu. Navigate to the Users screen. You'll find it in the IAM
dashboard, under the Identity and Access Management (IAM) drop-down menu on
the left side of the screen. Click on Users.
CC Lab/ VI (‘C’Scheme) 71
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Figure 2. Locate the Users button from the drop-down menu.

[Link] a user. Click on Add User to navigate to a user detail form. Provide all details,
such as the username and access type. In this tutorial, we use the name cli-user, and
check the Programmatic access box under Access type. This option gives the user
access to AWS development tools, such as the command line interface used later in
this tutorial. Click on
Next: Permissions to continue.

Figure 3. Create a user with programmatic access to AWS development tools.

CC Lab/ VI (‘C’Scheme) 72
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

[Link] the user permissions. Click Attach existing policies directly and then filter the
policies by keyword: IAM. For this user, select IAMFullAccess from the list of
available policies.
The IAMFullAccess policy enables this user to create and manage user permissions
in AWS. Later in the tutorial, this user will perform AWS IAM operations.

Figure 4. Attach the IAMFullAccess policy to the user.

[Link] the user setup. For this tutorial, we will skip the tags section of user
creation and go to the review page. Check the details of the username, AWS access
type and permissions. Then, click Create user.

Figure 5. Create the user after verifying the name, access type and permissions are
correct.
CC Lab/ VI (‘C’Scheme) 73
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

[Link] this point in the tutorial, the user cli-user exists, with the chosen policies
applied to the account. AWS provides this user an access key ID and secret access
key. Download or copy these keys to a secure place to use later in this tutorial.

Figure 6. The AWS IAM user is ready and AWS assigned it an access key ID and
secret access key.
Set up AWS user credentials in the CLI
This tutorial uses the open source AWS CLI tool, available through the cloud
provider. With minimal setup, AWS CLI enables an admin to use their favorite shell
or CLI to interact with
AWS services. You can choose any Linux distribution or shell. This tutorial demonstrates a
Bash shell running on an Ubuntu Linux distribution.

1.

CC Lab/ VI (‘C’Scheme) 74
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

[Link] screenshot shows the AWS CLI install process.

Once the setup runs, verify the installation by checking the version:
aws –version
1. Configure the user with the keys. Run the aws configure command in the shell
to quickly set up the access key ID and secret access key obtained from AWS when
you created the new user in the IAM console.

Figure 8. Input the keys associated with the user you created in the IAM console.
This step saves your credentials in a local file at path: ~/.aws/credentials and region
and output format configs at path: ~/.aws/config file.
Now that cli-user with programmatic access is set up, we can use that account to
create other users and give them policy-based access through AWS CLI. The next
two sections walk through these steps.
CC Lab/ VI (‘C’Scheme) 75
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Create a user and assign permissions

To create a user using IAM, run the aws iam create-user command in AWS CLI
with a username:
aws iam create-user --user-name prateek
It creates a new user and shows the user details in the bash console.

[Link] command creates a user with the name Prateek and shows details, such as the
creation date and user ID.
Suppose this user needs to manage EC2 services. To grant this new user EC2 admin
rights, start by listing which EC2 policies we can grant. Use the command:
aws iam list-policies | grep EC2FullAccess
Identify the appropriate policy for the user's access level. In this case, it is
AmazonEC2FullAccess. Pass the Amazon Resource Name (ARN) to the following
command in --policy-arn parameter:
aws iam attach-user-policy --user-name
prateek --policy-arn
"arn:aws:iam::aws:policy/AmazonEC2FullAccess"

CC Lab/ VI (‘C’Scheme) 76
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

[Link] screenshot shows both the policy selection and request to attach it to the user.
 Check user details and list user permissions
Once you create the user and attach the appropriate user policy to them, verify that
AWS assigned the appropriate policy by checking the user details.
To check the list of IAM users, run:
aws iam list-users
The following command tells AWS to list all attached policies for a user account:
aws iam list-attached-user-policies --user-name prateek

Figure 11. The screenshot shows the list of AWS IAM users -- cli-user and Prateek -
- and the policies attached to the specific user prateek from this tutorial example.

Conclusion: Thus, we have studied Identity and Access Management (IAM)

practices on AWS /Azure.

CC Lab/ VI (‘C’Scheme) 77
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Experiment No:10
Aim: To study and Implement Containerization using Docker.
Objective: To know the basic differences between Virtual machine and Container.
It involves demonstration of creating, finding, building, installing, and running
Linux/Windows application containers inside local machine or cloud platform.
Implementation:

 Sign up to Docker Hub.

CC Lab/ VI (‘C’Scheme) 78
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

A)CREATING FIRST REPOSITORY:

Click Repository on the Docker Hub welcome page:

Name it <your-username>/my-private-repo.

CC Lab/ VI (‘C’Scheme) 79
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Set the visibility to private:

B)DOWNLOAD AND INSTALL DOCKER DESKTOP FOR WINDOWS OR

DOCKER ENGINE FOR LINUX

CC Lab/ VI (‘C’Scheme) 80
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Search [Link]

C)EXPLORE OFFICIAL AND PUBLISHER IMAGES:

Click on Explore tab to see official and publisher images.

CC Lab/ VI (‘C’Scheme) 81
 Shivajirao S Jondhale College of Engineering, Dombivli (E)
Department of Computer Engineering

Here you see various images based on various categories. And also on various
operating [Link] can be used to ship, publish and deploy various images on
various systems.

D)DOCKER TAB
Here you can click on the docker tab which you can see next to containers.

CC Lab/ VI (‘C’Scheme) 82