This talks explains why there should be a European Cloud and how to build it. Sharing, the foundation of every Cloud leads to the question why not share IaaS and PaaS globally? Looking at latest security news in conjunction with having a look at Safe Harbour and Patriot Act leads to the question where to draw the line between security and freedom. Building a European cloud helps to allow European customers to draw their own line. OpenStack and Cloud Foundry are suitable open source technologies to build such a cloud.
10. Any transfer of personal data
of EU citizen to a non-EU
state with a lower data
privacy level compared to EU
standards is prohibited.
- Directive 95/46/EC
Mittwoch, 16. Oktober 13
12. • is a EU directive
• regulates the processing of personal
data within the European Union
Mittwoch, 16. Oktober 13
13. U.S. - EU Safe Harbor
Mittwoch, 16. Oktober 13
14. • Self(!)-certification process
• = swear to the United States
Department of Commerce to comply to
EU privacy laws
Mittwoch, 16. Oktober 13
15. A memo from the
EU commision:
Mittwoch, 16. Oktober 13
16. "The Safe Harbour agreement may not
be so safe after all."
European Commission
MEMO/13/710 19/07/2013
http://rh.gd/1hBKIrf
Mittwoch, 16. Oktober 13
18. "Uniting (and) Strengthening America
(by) Providing Appropriate Tools
Required (to) Intercept (and) Obstruct
Terrorism Act of 2001."
Mittwoch, 16. Oktober 13
19. • United States federal law
• Significantly enhanced and broadened
federal government powers in the realm
of
• Electronic Surveillance
• Anti-money laundering
• Border Security, ...
Mittwoch, 16. Oktober 13
20. 10 Titles of the Patriot Act
Mittwoch, 16. Oktober 13
21. • Title I: Enhancing domestic security against terrorism
• Title II: Surveillance procedures
• Title III: Anti-money-laundering to prevent terrorism
• Title IV: Border security
• Title V: Removing obstacles to investigating terrorism
• Title VI: Victims and families of victims of terrorism
• Title VII: Increased information sharing for critical infrastructure
protection
• Title VIII: Terrorism criminal law
• Title IX: Improved Intelligence
• Title X: Miscellaneous
Mittwoch, 16. Oktober 13
28. "This experience has taught me one
very important lesson: without
congressional action or a strong
judicial precedent, I would strongly
recommend against anyone trusting
their private data to a company with
physical ties to the United States".
- Ladar Levison, Lavabit.com
Mittwoch, 16. Oktober 13
29. • It's not about having data on European
servers
• It's not about having a European
company
Mittwoch, 16. Oktober 13
30. It‘s about
staying completely off any
US provider and don‘t tie
to the US in person or with
your company.
Mittwoch, 16. Oktober 13
60. API request
Router
Router
Droplet request
DEA
DEA
DEA
DEA
DEA
Router
Cloud Controller
Droplet change
notifications
Request droplet
start/stop
Droplet heartbeat &
exit messages
Router
Health Manager
Get desired states
Droplet / Service metadata
Cloud
Controller
Database
Consume a service
Service
Services
Services
(e.g. MySQL)
Services
(e.g. MySQL)
(e.g. MySQL)
(e.g. MySQL)
Mittwoch, 16. Oktober 13
61. Cloud Controller
API request
Router
Router
Droplet request
DEA
DEA
DEA
DEA
DEA
Router
Cloud Controller
Droplet change
notifications
Request droplet
start/stop
• Offers the CF API endpoint
• System authority for issuing
commands
Droplet heartbeat &
exit messages
Router
Health Manager
Get desired states
Droplet / Service metadata
Cloud
Controller
Database
• Start apps
• Create service
• Binding services
Consume a service
Service
Services
Services
(e.g. MySQL)
Services
(e.g. MySQL)
(e.g. MySQL)
(e.g. MySQL)
Mittwoch, 16. Oktober 13
62. DEA
API request
Router
Router
Droplet request
DEA
DEA
DEA
DEA
DEA
Router
Cloud Controller
Droplet change
notifications
Request droplet
start/stop
Droplet heartbeat &
exit messages
Router
Health Manager
Get desired states
Droplet / Service metadata
Cloud
Controller
Database
Consume a service
Service
Services
Services
(e.g. MySQL)
Services
(e.g. MySQL)
(e.g. MySQL)
(e.g. MySQL)
Mittwoch, 16. Oktober 13
• droplet = dea.staging(app_code)
• Staging = executing buildpacks
• Warden
• Starts and runs droplets
63. Health Manager
API request
Router
Router
Droplet request
DEA
DEA
DEA
DEA
DEA
Router
Cloud Controller
Droplet change
notifications
Request droplet
start/stop
Droplet heartbeat &
exit messages
• compares desired system state
Router
Health Manager
with actual system state
Get desired states
Droplet / Service metadata
Cloud
Controller
Database
Consume a service
Service
Services
Services
(e.g. MySQL)
Services
(e.g. MySQL)
(e.g. MySQL)
(e.g. MySQL)
Mittwoch, 16. Oktober 13
• sends advice to CC
• CC acts
64. Router
API request
Router
Router
Droplet request
DEA
DEA
DEA
DEA
DEA
Router
Cloud Controller
Droplet change
notifications
Request droplet
start/stop
Droplet heartbeat &
exit messages
Get desired states
Droplet / Service metadata
Consume a service
Service
Services
Services
(e.g. MySQL)
Services
(e.g. MySQL)
(e.g. MySQL)
(e.g. MySQL)
Mittwoch, 16. Oktober 13
app instances are
• routes incoming requests to
Router
Health Manager
Cloud
Controller
Database
• knows on which DEAs your
the right DEAs
65. Services
API request
Router
Router
Droplet request
DEA
DEA
DEA
DEA
DEA
Router
Cloud Controller
Droplet change
notifications
Request droplet
start/stop
Droplet heartbeat &
exit messages
Router
Health Manager
Get desired states
Droplet / Service metadata
Cloud
Controller
Database
Consume a service
Service
Services
Services
(e.g. MySQL)
Services
(e.g. MySQL)
(e.g. MySQL)
(e.g. MySQL)
Mittwoch, 16. Oktober 13
• Create service = provision
• Bind = create credentials
• Apps bind to services
• Credentials as ENV variables
70. Code
require "fileutils"
require "find"
require "fog"
class Blobstore
def initialize(connection_config, directory_key, cdn=nil, root_dir=nil)
@root_dir = root_dir
@connection_config = connection_config
@directory_key = directory_key
@cdn = cdn
end
def local?
@connection_config[:provider].downcase == "local"
end
def exists?(key)
!file(key).nil?
end
def download_from_blobstore(source_key, destination_path)
FileUtils.mkdir_p(File.dirname(destination_path))
File.open(destination_path, "w") do |file|
(@cdn || files).get(partitioned_key(source_key)) do |*chunk|
file.write(chunk[0])
end
end
end
def cp_r_to_blobstore(source_dir)
Find.find(source_dir).each do |path|
next unless File.file?(path)
sha1 = Digest::SHA1.file(path).hexdigest
next if exists?(sha1)
cp_to_blobstore(path, sha1)
end
end
def cp_to_blobstore(source_path, destination_key)
File.open(source_path) do |file|
Mittwoch, 16. Oktober 13