IAAS and PAAS are the basic architecture of implementing cloud computing. These are the basic ways that how cloud computing is going to use in the business and how they perform better results. IAAS stands for infrastructure as a service and PAAS stands for the platform as a service. PaaS act as solution attack that can manage the need of developers by offers a more comprehensive approach to the cost effective application deployment. PaaS offers all the solutions related to the deployment of applications, testing, creation and design according to team's customer web services, integration of data base, version control, connectivity and software configuration management. PaaS provides without having to own, the necessary software framework and hardware architecture according to applications into service and keep up all the requirements and manage the resources effectively. In the high data security environment, these type of services is very effective and helpful to maintain the data security of organizations and it also determines that over the internet, how much the hardware and software tools are available. For developing the software and applications developers used the PaaS. It also offers a unique platform that offers to develop customized and unique software on the platform. (Apprenda, 2020)

IaaS stands for infrastructure as a service. it provides more effective operations and working in a better way. With the use of the internet, it provides lots of data storage and hardware, networking, and equipment of operations in such a case the user cannot handle the purchase cost and location. Computing resource provider is major responsible for housing all the devices and maintaining the hardware running according to new requirements. The client also uses the services belong to hardware and its services and manage all the issues in the most convenient way. It also offers the client to take the opportunity for work according to new requirements without any load or burden. Pay-as-you-go storage, virtualization and networking are such services that offer by IaaS businesses. DSI can avoid investing in expensive on-site resources when the IaaS provides users cloud-based alternatives to on premise infrastructure. It is costly and labour-intensive to maintain on-premise IT infrastructure. To maintain the hardware and everything up to date and in working condition, it normally needs a significant initial investment in physical hardware. The solutions of IaaS can be replaced at any time without any loss or damage and it is considering highly scalable and flexible. (Hou, 2020)

Possible OSDS architecture:

            OSDS architecture is very crucial for DSI because for public and private cloud infrastructure it is very important to develop a strong platform. A customize set of requirements and uniqueness is part of every application. When the developer designs the personal custom system architecture in the cloud, the system of architecture provides real world examples and these can be used as base reference architecture. After understand the architecture of the system the develop can bring any change, modify and customize according to requirement of the project. while developing the architecture different elements has to consider that include its complexity, cost, security, cloud portability, and speed. (FLEXERA, 2020)

Technology is going to change day by day and cloud computing is one of the best way to consider the requirement of scalable services in its field and emerging technologies through storing data. Computing is going to perform in four different directions that include utility computing, grid computing, virtualization of software and hardware components and service oriented architecture. Between all the consumer of cloud service, clients and open source communities has basic concern to share the information. at different level the sharing of resources can be performed like business cloud, application cloud, software cloud and infrastructure. It giving the great potential to the business as it has to consider all the types of cloud and sharing with effective budget management and resource management. internet is use as metaphor for the cloud computing because it didn’t need any additional knowledge for connecting the computer systems. By having computational technologies, the cloud computing is a kind of on-demand IT service model which demands virtualization and distributed systems. (HCLtech, 2020)

              Following are the characteristics that cloud computing architecture has to present which include; instantaneous sharing of resources like hardware, software and data base, abstracted resources, management of program, demanding service like Service on Demand, flexible and scalable, and simultaneous provisioning. Two major segments are part of the cloud computing that include front end and back end. As the cloud architecture is consisting of these two elements then it must be determining that how the complex resources sharing problems through architecture. Front end is considering as the meeting with web applications and by using protocols and ports, utilization of applications interface foe interaction and accessing between database and users. Cloud itself explains the back end. By providing the cloud computing services it utilizes lot of resources. It includes virtual machines, security and data storage as necessities of the cloud. Because of in-built security of protocol, traffic control and mechanism, all the applications are working according to back end in the premises of cloud and secure. To establish the successful communication with each other, these protocols are the mediators in the cloud computing. It will provide goof project management if it give more focus on server management, hypervisor, network, server and storage f the cloud infrastructure with all the abilities. Without providing the compete load on the operating system, it helps in creating a lot in micro services and effectively perform for sharing and resource management for the cloud computing. (EDUCBA, 2019)

2.         Should the Board consider the use of a Cloud Edge solution for the OSDS? What advantages and disadvantages would the Edge give to the OSDS? (20 marks)
OSDS on the edge:

The OSDS needs to be transparent on how secure the data of its clients is to gain their trust. The company must present a detailed account of how the data obtained from its clients is handled or even whether a third party is entrusted with this data and it should describe its level of compliance with set international security standards. This can be done by presenting an information governance model that documents the OSDS’s security standards which it strictly adheres to in a bid to ensure the security of data obtained as defined in its role as a cloud computing service provider.

The clients need to establish what relevant data is to be submitted to OSDS. This is done independently without establishing a consensus with OSDS as the cloud service provider since the data at hand is defined as business data and it belongs to the clients. OSDS only provides the cloud service and is in no way the owner of the data. The establishment of what data can be moved to the cloud is done when the client conducts an internal review with other stakeholders within his organization to both identify and confirm the data that can be moved to the cloud (LUMETTA, 2018).

Using the cloud edge for this OSDS will bring the following advantages and disadvantages:

Advantages:  The following are the key advantages of using cloud edge for OSDS,

1)      It would allow the development of data in the internal maintenance systems

2)      It would support in moving important organizational data to a secure storage place “cloud edge”

3)      It would cost relatively lower than other available solutions to the OSDS.

4)      Service oriented dynamic deployment is possible.

Disadvantages: A few disadvantages of OSDS are presented below:

1)      The cloud edge use for OSDS may require some additional time and efforts of the DSI team.

2)      While moving to the cloud edge many new software applications would be required by the current software architecture of OSDS which may increase the overall cost for the use of cloud edge.

3)      Use of cloud edge for OSDS will also cause downtime which is a major disadvantage.

3.      The OSDS software architecture uses a monolithic approach to design, while a move to use the Edge will require many applications and web services to be redesigned as microservices.

In this section the comprehensive analysis is performed in this section for both monolithic and microservices architecture as well as these differences are made on the basis of benefits and disadvantages.

Software architecture approaches:

Monolith architecture is that kind of architecture in which coding is somehow used to evaluate the whole system and it is the best for making the aspects clear and cornices. Microservices architecture is that kind of services that works under and app to work properly. Threat modelling is an organized way to recognize, evaluate and address the security risk related to an application. Incorporating the threat shows in the SDLC expands the security at an initial phase of building up an application. Threat modelling procedure can be formed into three stages: Application Decomposition, Threats & ranks determination & deciding about the mitigation as well as countermeasures. The fundamental target of threat modelling is limiting risk & related effects. All things considered, in numerous association, the security of an application is regularly tended to after the deployment. Over 70% of security, vulnerabilities do exist at the application layer and not at the framework or system layer (Wittmer, 2020).  

The key difference between monolithic and microservice architectures to the DSI Board is presented below in the table.

The advantages and disadvantages of both styles of software architecture are presented below:

Monolithic Architecture: The following are the advantages are disadvantages for the monolithic software architecture style for DSI (Wittmer, 2020).

1)      Advantages: This style of software architecture has fewer cross-cutting concerns such as rate limiting and logging.

2)      This style of software architecture has a performance advantage because of faster IPC

3)      The less operational overhead and simple deployment are also key advantages of Monolithic software architecture.

1)      Disadvantages: The monolithic architecture of the software will be relatively difficult to understand for the IT expert teams as it relates to several complex functions and dependencies.

Microservices Architecture: The advantages are disadvantages for the use of microservices software architecture style for DSI are enlisted below (LUMETTA, 2018):

1)      Advantages: The decoupled services of microservices architecture software style can create easiness for the users to reconfigure and recompose it for additional services during the application process.

2)      Another key advantage of this kind of software architecture is better organization as it relates to a very specific job and tasks only.

3)      In a parallel development, there will be fewer chances of mistakes.

1)      Disadvantages: The major disadvantage of this architecture style is the higher cost of operational overhead as this kind of software architecture can be deployed only on their own specific type of virtual machines (LUMETTA, 2018).

Software architecture evaluation: Monolithic Architecture includes the number of cross-cutting concerns, like logging, security features such as audit trails and Dos Protection. It is easy to link up components to those cross-cutting concerns when everything is connected by the same app. Less functioning overhead: Only one Application is needed to set up logging, monitoring, testing for, as there is only one application. For Deployment, it is generally less complex. As in Monolithic, architectural change approaches with a learning curve, which could disrupt some feathers. It also has some advantages on performance since shared-memory is faster than inter-process communication (IPC). At the point, threat modelling should happen when the design is set up. Be that as it may, not all situations are perfect. Regardless of whenever security person ends up the threat model performance, comprehend that the cost of settling issues by and large increments advance along in the OSDS. The prior you're ready to distinguish potential attacks & squash those vulnerabilities, the additional time & cost-productive those goals will be. Keep in mind, it's smarter to fabricate security in that it is to jolt security on. Be that as it may, once more, not all situations are perfect and not all applications experience a threat modelling appraisal amid their improvement (Appther.Com, 2020).

While threat modelling should happen as ahead of schedule as could reasonably be expected, it's as yet an extremely valuable action regardless of how much closer an application is to the phase of deployment. While an application may have achieved its development cycle, but still threat modelling can pick inside the support cycle. Threat modelling in a system offers perspective into potential defects. A careful evaluation advises your association about the present design level security position of an application. In this manner, through threat modelling, an estimate is calculated to make a decision about putting further in that system.

Moreover, Threat modelling is a part of security risk examination, and it is normally directed by applying a particular approach to finding and modelling the threats. The three fundamental ways to deal with threat modelling are software-centric, attacker-centric & asset-centric. The fundamental focal points of applying threat modelling in each of the OSDS phases are security requirements & testing, the secure design and secure release of the application after an occurrence. The extent of the threat modelling is to survey from the attacker's point of view of the architecture to decide whether the security controls set up are adequate to lessen the potential effect of attacks that are targeting on the application and its data.

4.      Your recommended approach for delivery and deployment of the OSDS, including the reasoning for your recommendation (20 marks). 

OSDS recommendations: Kubernetes is an open-source system which automates the deployment. It also handles the automatic scaling of the web services. All the web services are in their own containers which are somewhat based on Docker containers. The fact that makes Kubernetes unique and one of the leading technologies is the automatic deployment and able to scale at planet level. Plus, Kubernetes can be run from anywhere like on-premises or even in the public cloud infra-structure. Kubernetes also provides load balancing which means we can assign a single DNS name to a set of nodes (podes in Kubernetes) and Kubernetes will load balance the requests across these pods. Kubernetes also provides storage orchestration which means that it will automatically mount storage system from local storage or any public cloud provider. One of the best things about Kubernetes is its self- healing ability. It automatically replaces and reschedules containers in case they die and automatically kills containers in case they don’t respond to health checks. In addition to being a very good vertically scalable system, Kubernets also provides horizontal scaling. All of the above mentioned features of Kubernetes make it one of the best deployment and delivery system which we can use for OSDS.

References of OSDS architecture evaluation

Apprenda. (2020). IaaS vs PaaS: Software Platforms & Infrastructures-as-a-Service. Retrieved from https://apprenda.com/library/cloud/iaas-vs-paas-software-platforms-infrastructuresasaservice/

Appther.Com. (2020). Difference between Monolithic and Microservices Architecture. Retrieved from https://appther.com/blog/difference-between-monolithic-and-microservices-architecture/

EDUCBA. (2019). Cloud Computing Architecture . Retrieved from https://www.educba.com/cloud-computing-architecture/

FLEXERA. (2020). Cloud Computing System Architecture Diagrams. Retrieved from https://docs.rightscale.com/cm/designers_guide/cm-cloud-computing-system-architecture-diagrams.html

HCLtech. (2020). CLOUD ARCHITECTURE. Retrieved from https://www.hcltech.com/technology-qa/what-is-cloud-architecture

Hou, T. (2020). IaaS vs PaaS vs SaaS Enter the Ecommerce Vernacular: What You Need to Know, Examples & More. Retrieved from https://www.bigcommerce.com/blog/saas-vs-paas-vs-iaas/#executive-summary-summing-up-saas-vs-paas-vs-iaas

Kharenko, A. (2015, October 9). Monolithic vs. Microservices Architecture. Retrieved from https://articles.microservices.com/monolithic-vs-microservices-architecture-5c4848858f59

LUMETTA, J. (2018, May 10). MONOLITH VS MICROSERVICES: WHICH IS THE BEST OPTION FOR YOU? Retrieved from https://www.webdesignerdepot.com/2018/05/monolith-vs-microservices-which-is-the-best-option-for-you/

techolution.com. (2019, June 14). Grasping Software Architecture: Monolithic vs Microservices. Retrieved from https://techolution.com/monolithic-vs-microservices/

Wittmer, P. (2020, March 12). Monolithic vs Microservices Architecture. Retrieved from https://www.tiempodev.com/blog/monolithic-vs-microservices-architecture/