Cloud architecture for holiday search
CP2422 case study group presentation
This assignment is a group project in which you get to help a company transition to the cloud. Legacy systems need adapting to cloud paradigms, security needs to be considered, and a disaster recovery strategy is needed. You will get the opportunity to design an architecture, estimate its costs, ensure compliance and try to anticipate/mitigate potential problems.
The work will be submitted as a group presentation, with Q&A, in the subject’s final tutorial session. There will also be two tutorial sessions allocated for students to work on the assignment, although additional time is expected to be put in outside of these.
Subject Learning Outcomes
“SLO2: Discuss and apply industry knowledge and best practices into specific case studies” is the main focus of this assignment, although it may also contribute to other SLOs.
Prerequisites
You will be using free online tools, teamwork and your own research to complete this assignment, so there are no technical prerequisites. You won’t need to deploy any cloud resources to complete this assignment.
Groups will be assigned by the lecturer.
Structure
The assignment is presented as a case study that groups of up to five students will work together on. The case study describes a holiday booking company, its existing IT architecture and its challenges, along with the desired outcomes it has from making the transition to cloud. You are then expected to work on four things:
1. Re-defining their architecture for cloud and estimating costs.
2. Addressing security concerns using cloud tools and best practices.
3. Ensure compliance with prevailing regulations regarding personal data and payment processing.
4. Consider resilience through disaster recovery and other availability-preserving measures.
Your work will be documented in a slideshow presentation, which you then present to the class and lecturer, then you will be questioned on it and expected to defend your decisions.
Submission
It’s mandatory for all group members to be in attendance for their group presentation Q&A, although who and how many members actually present is at the group’s discretion. The group must also submit a digital copy of the presentation slides before the presentation session, via the assignment section on LearnJCU. Pre-recorded presentations are required and must be submitted as an mp4 file, along with a copy of your slide deck in PDF format. DO NOT ZIP THESE FILES.
Each group will have 15 minutes for their presentation. There is no slide/page limit on the presentation, but only content that is successfully covered in the presentation will be considered for marking, so be mindful of the time limit.
A five-minute question and answer (Q&A) session follows the presentation, in which the lecturer will ask questions and the group must answer in defense of their work.
Marking
Marks will be allocated based on the grading rubric, holistically, meaning all three parts are taken into consideration together when determining the mark. The defense of the submission, through the group’s answers to questions from the lecturer, will also contribute to the final mark.
It is expected that each group member plays an equal role in the work. While people’s roles and contributions may be different, the effort should be similar. Marks will not be peer assessed or adjusted per individual, unless any formal concerns are raised about uneven contributions to the work.
Ethics
Please remember not to copy directly from other groups, past or present. If you use external sources, you must indicate clearly what they are and where you have used them. While good research will help you achieve a good mark, it is essential that you document your sources properly. See the student handbook for more details of JCU's ethics guidelines. Be particularly mindful of JCU’s guidelines on the use of Artificial Intelligence.
The specifics of assignments are updated from term-to-term. Be advised that if you include context from an earlier version of the assignment that is no longer relevant, it will be considered academic misconduct and your team risks receiving zero marks or further proceedings.
Support
If you are having problems completing the assignment, there are various ways to get help:
• Work closely with your group and share your problems with each other.
• Ask in a lecture or tutorial session.
• Send the lecturer an e-mail or a message via LearnJCU.
• Schedule a consultation with the lecturer.
• Use the conversations feature which is enabled for this assignment.
People who ask more questions tend to achieve higher marks, so don't be afraid to use any and all of the above options!
Case study
Situation
• You are a consultant for book.lah, a Singapore holiday booking site that helps users find rooms in hotels around the world.
• You are tasked with helping the organization modernize its ICT infrastructure.
• Somehow, book.lah has managed for years with simple co-located infrastructure that connects to various hotel chains in order to find rooms and prices for customers.
• Different chains have different systems for handling availability and pricing, so book.lah maintains multiple ways for interfacing with these external systems.
• Book.lah stores its customer data as well, allow customers to setup searches, alerts, and quickly book & pay for rooms.
• The booked hotel later settles the bill with book.lah, so book.lah is an intermediary handler of the money.
Legacy Architecture
A single diagram is provided to explain the architecture of the current setup (Figure 1). The key details are:
• The book.lah service is a monolith, meaning a single web-application handles everything,
from collecting availability data, to servicing customer search requests, through to handling customer and later hotelier payments.
• Two servers are co-located in a datacenter, with one acting as a standby stand-by and
backup. If the active server encounters an issue, a load balancer directs traffic to the stand- by, which is then promoted to the active role. The failed server must be restored and re-synced with the new active server before it can enter its new role as stand-by.
Figure 1: The architecture of the current co-located book.lah system
On occasion, book.lah has encountered problems with this setup, and as post-COVID travel demand has surged, they have become concerned with sustainability of their businesses, as well as their competitiveness compared to other, larger services providing similar features. Some of these problems include:
• Integrating with new hotel groups requires adding new capabilities to the monolith, which is slow to do, expensive to test, and disruptive to deploy as it requires restarting the whole application. It is essentially infeasible to cater to individual independent hotels unless they already use a well-defined interface that is already implemented.
• While one active server is generally adequate for site performance, there is a noticeable
drop when scheduled activities happen, such as payment processing to hotels and periodic updates to room availability and prices. This can adversely affect end-user experience.
• The reliability of the servers has been good, but they are approaching 5 years old and so more likely to fail, and are near the limit of traffic that they can handle.
• In a single incident, the active server encountered an error during a software update, leading to the standby server taking over. However, it took several days to restore the failed server into a useful state, leaving book.lah at significant risk of a second issue taking them offline.
• The Chief Information Officer has expressed concern at the lack of separation between
customer data and hotelier data, as well as the lack of a proper backup plan, which currently just assumes that data is stored in duplicate on both servers.
At the behest of the CIO, and with the blessing of the CEO, you have been engaged to see if the impending replacement of the ageing servers can be used as an opportunity to embrace the cloud, and realise additional benefits that may make the business more competitive and resilient.
Instructions
There are four equal parts to this work. Your group will collect a lot of information and ideas, but must refine this down into concise, well-visualised slides, while still referencing your sources.
Part 1 : Adoption journey [25%]
Choose a cloud adoption framework [1] to follow and then explain how it can help the company adopt the cloud. Explain in a single slide how the key pillars/principles/etc of the chosen framework can be applied to the company.
Part 2 : Service selection [25%]
Identify the cloud components needed to implement book.lah’s system in the cloud.
• First, be general. Specify the type of service (compute, database, security, etc) and the service model that is used for is (IaaS, PaaS, SaaS).
• Then, provide a table of equivalent products for three or more cloud providers, for each of the
services you have decided to include in the new implementation. One of the providers should be the creator of the adoption framework you followed.
• Finally, using the same provider who produced your adoption framework, draw a cloud
architecture diagram usingdiagrams.net(or another of your preference) that includes all of these services. Highlight security features and design choices that support any of the three aspects of CIA. Explain how the architecture differs from Figure 2.
• Provide sizing/quantity specifications for the services, and cost projections using your cloud provider’s cost estimation tool.
Part 3: Compliance [25%]
Based on the architecture from part two, visualise where the boundaries of responsibility are, between book.lah and their cloud service provider, for each of the services in your proposed architecture.
Show how the CSP can comply any relevant regulations, such as PDPA regarding customer data and payment processing, referencing appropriate vendor and regulator documentation. Highlight areas that book.lah must continue to adhere to themselves.
Part 4: Disaster recovery [25%]
Supported by your architecture diagram any information available from the CSP, explain how your design is resilient to failure. It is recommended to examine each individual component of the architecture and ask, “what happens if this piece fails?”, then see if the CSP provides a solution or if you must deal with it yourself.
Secondly, define a step-by-step process for dealing with a catastrophe in the cloud. Choose one of:
• A prolonged outage of the cloud provider in the company’s home region of Singapore.
• A successful ransomware on one or more critical application’s data sets.
• A configuration update resulting in a critical database going offline.
Briefly explain how you would respond to it, plausible RTO/RPOs, (Recovery Time/Point Objectives) and what architectural choices you made that may help make this response easier.
Notes
• Use the IEEE style. of referencing [2].
• Include relevant references at the footnote on each slide, as well as a complete references list as a final slide.
• Remember that you have 15 minutes for your video plus 5 minutes of questions. Be sure to rehearse before your recording, and be prepared to answer questions.
• Avoid walls of text in your presentation. The assignment instructions have asked for diagrams
and tables in places. There are lots of other places where graphs, figures and other visuals will be very useful too. Be creative!
• For best marks, distribute work fairly, consult with each other, ask the lecturer questions, and consult the marking rubric (available in LearnJCU).
• The three marking criteria will be evaluated in turn for each of the parts of the assignment. Note that this includes the slide content, your presentation performance, and any Q&A.
• For the presentation video, remember: less is more. Do not cram content in or artificially speed up the video. It will make your presentation less comprehensible and harm your overall mark.
References
[1] V. Shreenivos and S. Kerrison, Lectures on Cloud and Data Center Security: Cloud Adoption Journey, James Cook University, 2021.
[2] James Cook University, “IEEE Style. Guide,” [Online]. Available: https://libguides.jcu.edu.au/IEEE. [Accessed July 2023].