Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Virtualization and cloud computing

2 118 vues

Publié le

General discussions
Why cloud?
The terminology: relating virtualization and cloud
Types of Virtualization and Cloud deployment model
Decisive factors in migration
Hands-on cloud deployment
Cloud for banks

Publié dans : Internet
  • Identifiez-vous pour voir les commentaires

Virtualization and cloud computing

  1. 1. Virtualization & Cloud Computing A new window to the computing zone Presented by: iTech River Consultancy Services www.itechriver.com dcg@itechriver.com
  2. 2. Agenda • General discussions • Why cloud? • The terminology: relating virtualization and cloud • Types of Virtualization and Cloud deployment model • Decisive factors in migration • Hands-on cloud deployment • Cloud for banks
  3. 3. Cloud for the Mango Man • What is cloud? Network Data Storage Processing
  4. 4. Cloud for the Mango Man Hey, this thing connects via cloud! Lets call it cloud computing
  5. 5. Cloud for the Mango Man Hey, this thing connects via cloud! Lets call it cloud computing
  6. 6. Cloud for the Mango Man Hey, this thing connects via cloud! Lets call it cloud computing
  7. 7. Cloud for the Mango Man Hey, this thing connects via cloud! Lets call it cloud computing
  8. 8. Cloud for the dumb
  9. 9. Cloud for the geeks • NIST definition: Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction
  10. 10. Cloud for the business
  11. 11. Cloud for the business
  12. 12. Cloud as it evolved
  13. 13. Why cloud? • Resource allocation and optimization • Cost efficiency: CapEx to OpEx • All things being equal, OpEx should be more expensive than CapEx • Choosing one option over another is a trade-off • Friction affects the OpEx vs CapEx evaluation • Automation leads to lower transaction cost • Security • Consolidation and ease of management • Scalability • Elasticity
  14. 14. Virtualization and Cloud • Virtualization • Meaning: virtualize compute, storage, network, application etc. • Application: from testing to production • Cloud computing: building the empire above virtualization • Need for new technology • Consolidation • Orchestration • Metering • Cost optimization • Elasticity • The hype, the myth, the reality
  15. 15. Types of Virtualization • Server Virtualization • Desktop Virtualization • Application Virtualization • Network Virtualization • Storage Virtualization
  16. 16. Server Virtualization • Create virtual machines with desired configuration on top of a physical bare metal box • Hypervisor acts as a broker between hardware and virtual machines • May or may not need a host OS • Elasticity and resource optimization are prime motives • Applications need resources, not servers • Wide implementation: fun, experiment, research, enterprise
  17. 17. Server Virtualization • Full virtualization vs Para-virtualization Hardware Layer Hypervisor Mgmt Console VM VM Linux VM Win 2k VM Hardware Layer Hypervisor Mgmt Console VM VM Host Operating System Linux VM Win 2k VM
  18. 18. Server Virtualization • Hypervisor vs Docker Hardware Layer Host OS Hypervisor App A App B Bins / Libs Guest OS Bins / Libs Guest OS Hardware Layer Host OS Docker Engine App A App B Bins / Libs Bins / Libs
  19. 19. Desktop Virtualization (VDI/DaaS) • Virtualize desktops in a client server model • Use of thin clients instead of thick clients • Centralized resource pooling • Centralized management of resources and policies • Easy and quick migrations • Data security
  20. 20. Application Virtualization • Application sits only as a stub at user end • Encapsulated and sandboxed from OS • Allow apps to run in non-suitable environment • Run incompatible applications side-by-side, at the same time • Simplified OS level migrations • Improved security by isolating apps from OS • Portability of apps from one machine to other • SaaS is an enhanced derivation
  21. 21. Application Virtualization
  22. 22. Application Virtualization + Server Virtualization
  23. 23. Network Virtualization
  24. 24. Network Virtualization • Network provisioning and expansion is complex today • Migrate to Software Defined Networks • Decoupling control plane from data plane • Build centralized set of rules (firewalls, load balancers etc.) • Acceptance of open interfaces instead of locking into proprietary solutions • External virtualization combines several networking units into virtual unit • Internal virtualization provides network functionality to software containers • Implementations: AKARI, FIRE etc.
  25. 25. Vertically integrated Closed, proprietary Slow innovation Small industry Specialized Operating System Specialized Hardware AppAppAppAppAppAppAppAppAppAppApp Specialized Applications Horizontal Open interfaces Rapid innovation Huge industry Microprocessor Open Interface Mainframe era
  26. 26. Million of lines of source code Thousands of RFCs per code block Billions of gates Bloated Power Hungry • Vertically integrated, complex, closed, proprietary • Networking industry with “mainframe” mindset Custom Hardware OS Routing, management, mobility management, access control, VPNs… Feature Feature Networking today
  27. 27. SDN Vertically integrated Closed, proprietary Slow innovation AppAppAppAppAppAppAppAppAppAppApp Horizontal Open interfaces Rapid innovation Control Plane Control Plane Control Plane or or Open Interface Specialized Control Plane Specialized Hardware Specialized Features Merchant Switching Chips Open Interface
  28. 28. Storage Virtualization • Block virtualization: abstraction of logical storage from physical storage • More flexibility for SA in managing storage • Address space remapping with multi layer remapping (LUNs out of LUNs) • Metadata optimization: tradeoff between granularity and addressable capacity, solved by three layers of virtualization • In built replication via synchronous and asynchronous mirroring • Pooling and scaling remains transparent to application layer • Host based, storage based and network based • Benefits: • Non-disruptive data migration (transparent mapping to host, depend on granularity) • Improved utilization (avoid over-buying and over-provisioning) • Fewer points of management (monolithic storage with central management)
  29. 29. Cloud based storage • Cloud storage is an important service of cloud computing, which allows users to move their data from local computing systems to the Cloud. • Examples: • Amazon Simple Storage Service (S3) • DropBox • Rackspace Cloud etc.
  30. 30. Challenges in Cloud Computing • Security • Privacy • Performance • Availability • Compliance • Long-Term viability • Interoperability • Legal Issues • Open Standard
  31. 31. Security Issues • Data Storage Security and Privacy • Virtualization Security • Infrastructure Security • Network Security • Host Security • Governance, Regularity and Compliance • More…
  32. 32. Three pillars of Security • Confidentiality • Maintain confidentiality of sensitive data • Encryption • Integrity • Is the data stored at provider’s premises without tampering? • Metadata generation • Availability • Data should be available even if hardware failure occurs in the cloud • Data replication
  33. 33. Cloud security audit model Storage Servers Internet Data Flow Challenge Users Cloud Service Provider(CSP) Third Party Auditor(TPA) Response
  34. 34. Cloud security verification pk, metadata User CSPTPA (d)MetadataGen (b)Encryption (a)Keygen (c)Replication TPA stores the metadata TPA stores public key file CSP stores file
  35. 35. Cloud Deployment and Service Model Rapid Elasticity On Demand Self Service Measured Service Resource Pooling Broad Network Access Platform as a Service (PaaS) Software as a Service (SaaS) Private Cloud Hybrid Cloud Deployment Models Service Models Infrastructure as a Service (IaaS) Characteristics of Cloud Public Cloud Community Cloud
  36. 36. Migrating to Cloud: When, Why and Why Not • Good for applications which need to scale up or scale out only for a small span of time • Less initial capital investment • Best suited for low budget projects • Facilitates centralized management • Best optimization and utilization of resources • Metered usage: switch from CapEx to OpEx • OpEx is not always the cheapest • Legal concerns and issues
  37. 37. Cloud Computing for Banks? •Workflow based compute and storage requisition process •Management layer for Banks to track the usage On Demand Self Service •Provision for requesting scaling down the infrastructure for optimal usage •Standardize OS, Database and patching Measured Service •Can be accessed through INFINET/MPLS or Leased line •Options for Internet facing applications Broad Network Access •Usage of scalable environment for banking sector •Reduces people, HVAC and Real estate requirements. Also, the future hardware/software refresh overheads Resource Pooling •Automated Vertical and Horizontal scaling to meet future requirements to handle cyclical requirementsRapid Elasticity
  38. 38. IDRBT Banking Community Cloud • Based on Meghdoot stack, developed from Eucalyptus by CDAC-Chennai • Presently supports x86 architecture only • Offers services of IaaS, plans to migrate to SaaS as well • First banking community cloud in the world • Non-customer facing and less critical apps can be migrated • No major unplanned downtime so far • IBM z series machines, multi tenant QoS enabled MPLS network
  39. 39. IDRBT Banking Community Cloud: Use Cases • DR Site for an existing production environment • Dev, Test and Training environment • Existing applications requiring hardware refresh • Separation of Database and application layer • Common Tools as Software Testing, Code Review tools, etc • Email Service • Learning Management and other intranet systems
  40. 40. IDRBT Banking Community Cloud: Security • Access to Server room: 3 level access controls (Biometric, PIN & Access card) to enter into server room • Hardware: Kept in lock and key in the data center with access controls Password protected Cloud machines access is IP based • Cloud Stack: Virtual Machine access is through PKI (recommend to have a maximum of 3 administrators per VM), PKI to be issued by IDRBTCA* • Network: IPSec / GRE tunnel Network Firewalls Virtual Machines are in designated VLAN of the bank and even Cloud administrators cannot access it • Identity Management: Strong User ID and password Single Sign-on/ Active Directory / LDAP integration to access applications • Anti-virus: on VM Server level anti-virus (symantec Endpoint Protection) • Operating System security: VM Updates/patches at Cloud stack
  41. 41. Questions?