Cloud Computing is the trend of the day. Owing to various benefits, organizations are moving towards cloud applications and services. To cope up with the changing market scenario, knowledge on cloud computing has become a necessity. A cloud computing certification is a globally acknowledge credential that validates one’s knowledge on cloud applications and services. Simplilearn brings to you online cloud computing training program that lets you prepare for the Cloud Computing foundation exam at your pace and from your own place. This presentation on Cloud Computing covers all the basic cloud topics. This is prepared by our highly qualified and certified trainers. Each slide covers important topics like types of cloud services, applications and advantages of cloud implementation in industries. Get an understanding of Cloud Computing topics through these slides. Also get better training insights from the cited examples and practice questions. Improve your knowledge on Cloud Computing with Simplilearn and make us a part of your success story.
2. Agenda
• Introduction
• History of Cloud computing
• Foundational Elements of Cloud Computing
• Principles of Cloud Computing
• Cloud Computing Security
• Secure Cloud Migration Paths
• Using the Cloud
• Implementing and Supporting the Cloud
• Managing Cloud Computing
• Evaluation of Cloud Computing
• Cloud Computing Case Studies and Security Models
4. Course objectives
• Fundamental concepts of the cloud computing platform:
– Deployment
– Architecture
– Design
• What made cloud possible
• Pro’s and cons, benefits and risks
• Standards and best practices
5. What you will learn?
After completing this course, you will be able to:
•Identify essential elements
•Describe the pros and cons
•Understand the business case for going to the cloud
•Describe how to build a cloud network
•Understand virtualization architecture
•Describe security and privacy issues
•Understand federation and presence
•Describe cloud computing standards and best practices
•Describe how mobile devices can be used in the cloud
7. The NIST Cloud Definition Framework
Hybrid Clouds
Deployment
Models Private Community
Public Cloud
Cloud Cloud
Service Software as a Platform as a Infrastructure as a
Models Service (SaaS) Service (PaaS) Service (IaaS)
On Demand Self-Service
Essential
Broad Network Access Rapid Elasticity
Characteristics
Resource Pooling Measured Service
Massive Scale Resilient Computing
Common Homogeneity Geographic Distribution
Characteristics Virtualization Service Orientation
Low Cost Software Advanced Security
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com
7
8. History of Cloud Computing
Objective:
•Exploring the history of shared computing and the technological,
economic, organizational enablers for Cloud Computing
•To learn about how technologies evolved from cluster , grid and
virtualization into cloud computing
•To learn about datacenter architectures of grid, utility and
virtual machines
8
9. History of Cloud computing
In principle, there were
Cluster Computing
for load balancing
Grid computing
many computers in a network solve a single problem
Utility computing
packaging of computing resources, such as computation, storage
and services, as a metered service
Virtualization
decouple software and hardware
12. EXAMPLES
• Amazon
• Elastic Compute Cloud (EC2)
• Simple Storage Service (S3)
• Google’s App Engine
• Microsoft
• Windows Azure
• Microsoft SQL Services
• Microsoft .NET Services
• Live Services
• Microsoft SharePoint Services and Microsoft Dynamics CRM
Services
12
13. Example 1: Amazon Cloud
• Amazon cloud components
• Elastic Compute Cloud (EC2)
• Simple Storage Service (S3)
• SimpleDB
• New Features
• Availability zones
• Place applications in multiple locations for failovers
• Elastic IP addresses
• Static IP addresses that can be dynamically remapped to point to
different instances (not a DNS change)
13
14. Amazon Cloud Users:
New York Times and Nasdaq (4/08)
• Both companies used Amazon’s cloud offering
• New York Times
– Didn’t coordinate with Amazon, used a credit card!
– Used EC2 and S3 to convert 15 million scanned news articles to PDF (4TB data)
– Took 100 Linux computers 24 hours (would have taken months on NYT
computers
– “It was cheap experimentation, and the learning curve isn't steep.” – Derrick
Gottfrid, Nasdaq
• Nasdaq
– Uses S3 to deliver historic stock and fund information
– Millions of files showing price changes of entities over 10 minute segments
– “The expenses of keeping all that data online *in Nasdaq servers+ was too high.” –
Claude Courbois, Nasdaq VP
– Created lightweight Adobe AIR application to let users view data
14
15. Example 2: IBM-Google Cloud
• “Google and IBM plan to roll out a worldwide network of servers for a cloud
computing infrastructure” – Infoworld
• Initiatives for universities
• Architecture
– Open source
• Linux hosts
• Xen virtualization (virtual machine monitor)
• Apache Hadoop (file system)
– “open-source software for reliable, scalable, distributed computing”
– IBM Tivoli Provisioning Manager
15
16. Example 3: Microsoft Azure Services
Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das
16
17. Windows Azure Applications,
Storage and Roles
n m
LB
Web Role Worker Role
Cloud Storage (blob, table, queue)
Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das
17
18. Grid Computing
• Distributed parallel processing across a network
• Key concept: “the ability to negotiate resource-sharing arrangements”
• Characteristics of grid computing
– Coordinates independent resources
– Uses open standards and interfaces
– Quality of service
– Allows for heterogeneity of computers
– Distribution across large geographical boundaries
– Loose coupling of computers
18
21. Utility computing
•Originally, time-sharing access to mainframe (1960’s)
•“Rediscovered” in late 1990’s as alternative to building and running your
own datacenter – build large datacenter and rent access to customers
Sun, IBM, HP, Intel, and many others built datacenters and rented
access to servers
•1990’s usage model:
Long legal negotiations with strong service guarantees
Long-term contracts (monthly/yearly)
Approx. $1/hour pricing per physical computer
•Overall, this model was not commercially viable!
22. Utility Computing
• “Computing may someday be organized as a public utility” - John
McCarthy, MIT Centennial in 1961
• Huge computational and storage capabilities available from utilities
• Metered billing (pay for what you use)
• Simple to use interface to access the capability (e.g., plugging into an
outlet)
22
23. Virtualization
• Creation of a virtual (rather than actual) version of something, such as
a hardware platform, operating system, a storage device or network
resources.
o Abstraction layer that decouples computation from physical
resource
• Motivations
o Resource sharing with security and isolation
Similar to multi-user/multi-programming
o Ease of management
Virtual machines (bits) vs.. physical resources (hardware)
E.g.: start/stop, clone, migrate, suspend an entire virtual
machine
As flour is to a cookie, virtualization is to a cloud
23
24. Cloud Enabling Technology: Virtualization
Traditional and Virtualized stack
App App App
App App App OS OS OS
Operating System Hypervisor
Hardware Hardware
Traditional Stack Virtualized Stack
25. Many Types of Virtualization
• Full virtualization
• Hardware-assisted virtualization (IBM S/370, Intel VT, or AMD-V)
• Para-virtualization
• Operating System virtualization
26. Modern OS Virtualization
• Hardware-assisted virtualization is a key technological enabler for Cloud
Computing
– Provides complete isolation on commodity (low-cost) platforms
– Enables multiplexing of many users onto single server
• Key contribution is minimal performance overhead (few percent) versus
non-virtualized
– However, high I/O applications incur many VM traps (high CPU
overhead), limiting scalability and efficiency
• Challenge: true performance isolation for multiple applications
– Many dimensions! (more in research discussion)
27. Enterprise Software Revolution
Software as a Service (SaaS)
• SaaS is hosting applications on the Internet as a service (both
consumer and enterprise)
• Jon Williams, CTO of Kaplan Test Prep on SaaS
– “I love the fact that I don't need to deal with
servers, staging, version maintenance, security, performance”
• Eric Knorr with Computerworld says that “*there is an+ increasing
desperation on the part of IT to minimize application deployment and
maintenance hassles”
27
28. Three Features of
Mature SaaS Applications
• Scalable
– Handle growing amounts of work in a graceful manner
• Multi-tenancy
– One application instance may be serving hundreds of companies
– Opposite of multi-instance where each customer is provisioned their
own server running one instance
• Metadata driven configurability
– Instead of customizing the application for a customer (requiring code
changes), one allows the user to configure the application through
metadata
28 28
30. Examples of Companies offering SaaS
There are dozens of companies offering SaaS.
•Intuit QuickBooks
•conventional application for tracking business accounting. With the
addition of QuickBooks online, accounting has moved to the cloud.
•Google Apps
•suite of applications that includes Gmail webmail services, Google
Calendar shared calendaring, Google Talk instant messaging and Voice
over IP
31. QUESTIONS
1. What is cloud computing?
2. What are the differences between grid, virtualization and
cloud computing.
31
32. Foundational Elements of Cloud Computing
Objective: To learn about the Technological enablers and Economic
enablers of cloud computing
32
33. Foundational Elements
of Cloud Computing
Primary Technologies Other Technologies
• Virtualization • Autonomic Systems
• Grid technology • Web application frameworks
• Service Oriented Architectures • Service Level Agreements
• Distributed Computing
• Broadband Networks
• Browser as a platform
• Free and Open Source Software
33
34. Service Level Agreements (SLAs)
• Contract between customers and service providers of the level of service to
be provided
• Contains performance metrics (e.g., uptime, throughput, response time)
• Problem management details
• Documented security capabilities
• Contains penalties for non-performance
34
35. Autonomic System Computing
• Complex computing systems that manage themselves
• Decreased need for human administrators to perform lower level tasks
• Autonomic properties: Purposeful, Automatic, Adaptive, Aware
• IBM’s 4 properties: self-healing, self-configuration, self-optimization, and
self-protection
IT labor costs are 18 times that of equipment costs.
The number of computers is growing at 38% each year.
35
36. Platform Virtualization
• Host operating system provides an abstraction layer for running virtual
guest OSs
• Key is the “hypervisor” or “virtual machine monitor”
– Enables guest OSs to run in isolation of other OSs
– Run multiple types of OSs
• Increases utilization of physical servers
• Enables portability of virtual servers between physical servers
• Increases security of physical host server
36
37. Web Services
• Web Services
– Self-describing and stateless modules that perform discrete units of
work and are available over the network
– “Web service providers offer APIs that enable developers to exploit
functionality over the Internet, rather than delivering full-blown
applications.” – Info world
– Standards based interfaces (WS-I Basic Profile)
• e.g., SOAP, WSDL, WS-Security
• Enabling state: WS-Transaction, Choreography
– Many loosely coupled interacting modules form a single logical system
(e.g., legos)
37 37
38. Service Oriented Architectures
• Service Oriented Architectures
– Model for using web services
• service requestors, service registry, service providers
– Use of web services to compose complex, customizable, distributed
applications
– Encapsulate legacy applications
– Organize stove piped applications into collective integrated services
– Interoperability and extensibility
38
39. Web application frameworks
• Coding frameworks for enabling dynamic web sites
– Streamline web and DB related programming operations (e.g., web services
support)
– Creation of Web 2.0 applications
• Supported by most major software languages
• Example capabilities
– Separation of business logic from the user interface (e.g., Model-view-
controller architecture)
– Authentication, Authorization, and Role Based Access Control (RBAC)
– Unified APIs for SQL DB interactions
– Session management
– URL mapping
• Wikipedia maintains a list of web application frameworks
39
40. Free and Open Source Software
• External ‘mega-clouds’ must focus on using their massive scale to reduce
costs
• Usually use free software
– Proven adequate for cloud deployments
– Open source
– Owned by provider
• Need to keep per server cost low
– Simple commodity hardware
• Handle failures in software
40
42. Cost of Traditional Data Centers
• 11.8 million servers in data centers
• Servers are used at only 15% of their capacity
• 800 billion dollars spent yearly on purchasing and maintaining enterprise
software
• 80% of enterprise software expenditure is on installation and maintenance
of software
• Data centers typically consume up to 100 times more per square foot than a
typical office building
• Average power consumption per server quadrupled from 2001 to 2006.
• Number of servers doubled from 2001 to 2006
42
43. Energy Conservation and Data Centers
• Standard 9000 square foot costs $21.3 million to build with $1 million in
electricity costs/year
• Data centers consume 1.5% of our Nation’s electricity (EPA)
– .6% worldwide in 2000 and 1% in 2005
• Green technologies can reduce energy costs by 50%
• IT produces 2% of global carbon dioxide emissions
43
44. Cloud Economics
• Estimates vary widely on possible cost savings
• “If you move your data Centre to a cloud provider, it will cost a tenth of the
cost.” – Brian Gammage, Gartner Fellow
• Use of cloud applications can reduce costs from 50% to 90% - CTO of
Washington D.C.
• IT resource subscription pilot saw 28% cost savings - Alchemy Plus cloud
(backing from Microsoft)
• Preferred Hotel
– Traditional: $210k server refresh and $10k/month
– Cloud: $10k implementation and $16k/month
44
48. Cloud Computing: Examples
• Examples
– webmail, web based office tools
– customer relation management tools (CRM), backup
services
– drop box, slide share, Wikispaces, social media
– online games
49. What is Cloud Computing
“Clouds are a large pool of easily usable and accessible virtualized resources
(such as hardware, development platforms and/or services).
These resources can be dynamically reconfigured to adjust to a variable load
(scale), allowing also for an optimum resource utilization.
This pool of resources is typically exploited by a pay-per-use model in which
guarantees are offered by the Infrastructure Provider by means of customized
SLAs.”
(ACM, Association of Computing Machinery)
50. Key notions in Cloud Computing
• Service based
• Uses internet technologies
• Scalable and elastic
• Shared
• Metered by use
• Virtualized resources
“Cloud computing is not a product you buy. It’s not a SKU. It’s not
a technology. It’s an IT delivery model.”
(Mike Martin, Director of Cloud Computing for Logicalis)
51. Virtualization
It does not matter where hardware, applications
or data is located in the cloud, as long as we can
access and use it.
52. Key Features of Virtualization
• Flexibility
• Deployability
• Elasticity
• Centralization of resources
• Memory and processor requirements
• Failover capabilities
• Features continue to emerge
53. The Cloud and Collaboration
• Reach extender
– to suppliers and customers
• Communication enabler, enhancing communication with:
– suppliers
– customers
– employees
• Employee enabler
– less travel time
– virtual office access
– just-in-time access
57. Standalone Mainframes
Benefits Limitations
• Dedicated Hardware for • Limited memory
single tasks • Limited storage
• Multitasking and time- • Expensive
sharing • Difficult deployment
• Early virtualization and
multi-processing
58. Communication Systems
Two forms Uses
• Dedicated leased line • Time sharing services
• Dial-up • Multitasking operating
systems
• Dumb tubes
• Communication controllers
• Remote terminal access
• Remote Job Entry
59. Minicomputers
• Smaller
• Less expensive
• Multi-user
• Mulri-tasking
• Proprietary and
‘standard’ operating
systems (UNIX)
• Expanded
communication
(including LANs)
61. Microcomputers
• Even smaller
• Single user
• Rudimentary operating
system
• Limited memory and
storage
62. Internet
• Initial goals
– Reliable communication
• Even in the event of partial equipment or network failure
– Connectivity
• With different types of computer and operating systems
– Cooperative effort
• Not a monopoly
• International, world-wide network
65. Internet Vision
“As of now, computer networks are still in their infancy. But as they
grow up and become more sophisticated, we will probably see the
spread of computer utilities which, like present electric and telephone
utilities, will service individual homes and offices across the country’’
Leonard Kleinrock, 1969
66. Managed Services Provider Model
to Cloud Computing and SaaS
Early managed networks Evolution
• Frame Relay • High-speed
• ATM • High-bandwidth internet
• Proprietary protocols • Standard protocols
• Standard services
67. What’s Next in Cloud Computing?
• The cloud may never mature
• Thin client based access
• General purpose applications in the cloud
71. Single Purpose Architectures Migrate to
Multipurpose Architectures
Single-purpose Multipurpose
• Mainframe • Any application on any
• General applications server
• Time-sharing • Interface to large storage
• Airline reservations • Interface to large
computers
74. Communication-as-a-Service
• Offsite communications
service provider
• Voice over IP
• Instant messaging
• Video teleconferencing
75. Software-as-a-Service
• Software hosted offsite • Little or no change to
• As-is software package application
• Vendor has high • User has little flexibility
knowledgeable level • User locked into
• Mash-up or plug-in vendor
• External software used
with internal
applications (hybrid
cloud)
81. The Hypervisor
• AKA: Virtual Machine Monitor (VMM)
• The foundation of virtualization
• Interfaces with hardware
– Replace the operating system
– Intercept system calls
– Operate with the operating system
– Hardware isolation
– Multi-environment protection
82. Virtualization as the ‘Operating System’
Application Application Application
Programs Programs Programs
Guest Operating Guest Operating Guest Operating
System System System
Hypervisor
Virtual Operating Environment
Hardware
Type 1 Hypervisors are seen as the principle operating system.
83. Virtualization with a Host Operating System
Application Application Application
Programs Programs Programs
Guest Operating Guest Operating Guest Operating
System System System
Hypervisor
Virtualization Layer
Host Operating System
Hardware
84. Data Center Architecture for Cloud
• Communications capacity
• Public Internet
• Private Intranet & Private Cloud
• Routing to the
datacenter
• Moving data within
the local datacenter
• Bandwidth
• Security
87. Cloud Computing Benefits
• Reduced Costs
• Increased storage
• Highly automated
• Flexibility
• More mobility
• Allows IT to shift focus
• Going Green
• Keeping things up to date
88. Cloud Computing Limitations
• Security
– Is data adequately protected?
– Is it hacker proofed?
• Data location and privacy
– Where is it stored?
– Regulatory concerns
• Internet dependency
– Bandwidth and latency
• Availability and service levels
– SLA requirements
• Enterprise application migration
89. Exercises – Quiz
1. Which of the following is not a cloud deployment model?
a) Private
b) Protected
c) Public
d) Hybrid
e) Community
2. Which of the following is not an essential characteristic of
cloud computing?
a) Free
b) Scalable
c) Virtualized
d) On demand
e) Metered
90. Exercises – Quiz
3. Which of the following is not a cloud architecture?
a) IaaS
b) PaaS
c) HaaS
d) SaaS
4. Which of the following is a benefit of using cloud computing?
a) Security
b) Availability
c) Compliance
d) Bandwidth guarantees
e) Reduced costs
91. Exercises – Quiz
5. In this model, formerly known as hardware as a service
(HaaS), an organization outsources business components such
as servers, storage and networking equipment. What is it?
a) Infrastructure as a Service (IaaS)
b) Platform-as-a-Service (PaaS)
c) Software-as-a-Service (SaaS)
d) None of the above
6. Infrastructure as a Service (IaaS) provides:
a) Servers
b) Storage
c) Network equipment
d) All the above
92. Exercises – Quiz
7. What is Cloud Computing replacing?
a) Corporate data centers
b) Expensive personal computer hardware
c) Expensive software upgrades
d) All of the above
8. The hypervisor is also know as
a) Virtual Machine Monitor
b) Middleware
c) Both of the above
d) None of the above
9. The "Cloud" in cloud computing represents what?
a) Wireless
b) Hard drives
c) People
d) Internet
95. Cloud Security Challenges
• Data dispersal and international privacy laws
• EU Data Protection Directive and U.S. Safe Harbor program
• Exposure of data to foreign government and data subpoenas
• Data retention issues
• Need for isolation management
• Multi-tenancy
• Logging challenges
• Data ownership issues
• Quality of service guarantees
• Dependence on secure hypervisors
95
96. Cloud Security Challenges ..
• Attraction to hackers (high value target)
• Security of virtual OSs in the cloud
• Possibility for massive outages
• Encryption needs for cloud computing
• Encrypting access to the cloud resource control interface
• Encrypting administrative access to OS instances
• Encrypting access to applications
• Encrypting application data at rest
• Public cloud vs. internal cloud security
• Lack of public SaaS version control
97. Cloud Security Advantages
• Data Fragmentation and Dispersal
• Dedicated Security Team
• Greater Investment in Security Infrastructure
• Fault Tolerance and Reliability
• Greater Resiliency
• Hypervisor Protection Against Network Attacks
• Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds)
97
98. Cloud Security Advantages..
• Simplification of Compliance Analysis
• Data Held by Unbiased Party (cloud vendor assertion)
• Low-Cost Disaster Recovery and Data Storage Solutions
• On-Demand Security Controls
• Real-Time Detection of System Tampering
• Rapid Re-Constitution of Services
• Advanced Honeynet Capabilities
98
103. Examples of cloud advantage
• Social networking systems will evolve into collaborative management
systems.
• Homesourcing becomes mainstream.
• Corporate processes become decentralized.
• Smart phones evolve with cloud apps
• access to wireless broadband.
• productivity apps over the cloud for corporate use.
104. The Business Case for Going to the Cloud -
Examples
•Eli Lilly and Company is one company that has moved to Amazon EC2 as
part of their IT operations.
105. Secure Migration Paths
for Cloud Computing
Objective:
The reasons ‘Why’ migration to cloud is a good idea
and ‘How’ to implement secure Cloud Migration
105
106. Balancing Threat Exposure and Cost
Effectiveness
• Private clouds may have less threat exposure than community clouds
which have less threat exposure than public clouds.
• Massive public clouds may be more cost effective than large community
clouds which may be more cost effective than small private clouds.
106
107. Cloud Migration and Cloud Security
Architectures
• Clouds typically have a single security architecture but have many
customers with different demands
– Clouds should attempt to provide configurable security mechanisms
• Organizations have more control over the security architecture of private
clouds followed by community and then public
– This doesn’t say anything about actual security
• Higher sensitivity data is likely to be processed on clouds where
organizations have control over the security model
107
108. Migration Paths for Cloud Adoption
• Use public clouds
• Develop private clouds
– Build a private cloud
– Procure an outsourced private cloud
– Migrate data centers to be private clouds (fully virtualized)
• Build or procure community clouds
– Organization wide SaaS
– PaaS and IaaS
– Disaster recovery for private clouds
• Use hybrid-cloud technology
– Workload portability between clouds
108
109. Migration standards
Cloud Standards Mission: Provide guidance to industry and government
for the creation and management of relevant cloud computing standards
allowing all parties to gain the maximum value from cloud computing
110. NIST and Standards
• NIST wants to promote cloud standards:
– We want to propose roadmaps for needed standards
– We want to act as catalysts to help industry formulate their own
standards
• Opportunities for service, software, and hardware providers
– We want to promote government and industry adoption of cloud
standards
110
11
111. Goal of NIST Cloud Standards Effort
• Fungible clouds
– (mutual substitution of services)
– Data and customer application portability
– Common interfaces, semantics, programming models
– Federated security services
– Vendors compete on effective implementations
• Enable and foster value add on services
– Advanced technology
– Vendors compete on innovative capabilities
111
112. A Model for Standardization
and Proprietary Implementation
• Advanced features
Proprietary Value
Add Functionality
• Core features
Standardized Core
Cloud Capabilities
112
113. Proposed Result
• Cloud customers knowingly choose the correct mix for their organization of
– standard portable features
– proprietary advanced capabilities
113
114. A proposal: A NIST Cloud
Standards Roadmap
• We need to define minimal standards
– Enable secure cloud integration, application portability, and data
portability
– Avoid over specification that will inhibit innovation
– Separately addresses different cloud models
114
11
115. Towards the Creation of a Roadmap (I)
• Thoughts on standards:
– Usually more service lock-in as you move up the SPI stack (IaaS->PaaS->SaaS)
– IaaS is a natural transition point from traditional enterprise datacenters
• Base service is typically computation, storage, and networking
– The virtual machine is the best focal point for fungibility
– Security and data privacy concerns are the two critical barriers to adopting
cloud computing
115
116. Towards the Creation of a Roadmap (II)
• Result:
– Focus on an overall IaaS standards roadmap as a first major deliverable
– Research PaaS and SaaS roadmaps as we move forward
– Provide visibility, encourage collaboration in addressing these standards
as soon as possible
– Identify common needs for security and data privacy standards across
IaaS, PaaS, SaaS
116
117. A Roadmap for IaaS
• Needed standards
– VM image distribution (e.g., DMTF OVF)
– VM provisioning and control (e.g., EC2 API)
– Inter-cloud VM exchange (e.g., ??)
– Persistent storage (e.g., Azure Storage, S3, EBS, GFS, Atmos)
– VM SLAs (e.g., ??) – machine readable
• uptime, resource guarantees, storage redundancy
– Secure VM configuration (e.g., SCAP)
117
118. A Roadmap for PaaS and SaaS
• More difficult due to proprietary nature
• A future focus for NIST
• Standards for PaaS could specify
– Supported programming languages
– APIs for cloud services
• Standards for SaaS could specify
– SaaS-specific authentication / authorization
– Formats for data import and export (e.g., XML schemas)
– Separate standards may be needed for each application space
118
119. Security and Data Privacy Across
IaaS, PaaS, SaaS
• Many existing standards
• Identity and Access Management (IAM)
– IdM federation (SAML, WS-Federation, Liberty ID-FF)
– Strong authentication standards (HOTP, OCRA, TOTP)
– Entitlement management (XACML)
• Data Encryption (at-rest, in-flight), Key Management
– PKI, PKCS, KEYPROV (CT-KIP, DSKPP), EKMI
• Records and Information Management (ISO 15489)
• E-discovery (EDRM)
119
126. Cloud Access Architecture
• Client software for emulation
• Networking protocol with security features
• Server software to intercept and interpret client requests
• Keyboard access
• Mouse access
• Peripheral device support
– Sound
– Printing
– Others
127. Thin Clients
• What makes them thin?
• Network connectivity (wired and wireless)
• No moving parts (possibly a fan)
• Keyboard, monitor, and USB connections
• Sound card
• Embedded terminal services client
– RDP, VNC, etc.
• Green features: Small footprint
– Low heat; Low power consumption
(starting at 6 Watt)
– Low disk space
131. Collaboration Applications for Mobile platforms
• Text messaging
• iPhone applications
• BlackBerry applications
• Android applications
132. Text Messaging
• Universal communication path, two forms:
– SMS
– MMS
• Communicate:
– Phone to phone
– Computer to phone
• Hidden costs:
– Loss of productivity
– Loss of security
– Loss of safety
133. Basic Mobile Application Issues
• Limited landscape
• Security
– Data security on the phone
– Phone access protection
– Eavesdropping or shoulder surfing
– Must have application enforced encryption
– WAP gap
• Similar but not always equal
• Usefulness vs. fun to have
134. Location Independence
• Don’t care where it is, as long as we can get to it
• Depends on
– Network
– Security
– Vendor or internal IT
– Application meeting needs
• Location independence promotes
an environment that is
– Flexible
– Fail-save
– Fail-soft
135. Exercises – Quiz
1. Example of Web application is
a) Google mail
b) Twitter
c) Skype
d) All the above
2. Platform as a service is
a) Google App engine
b) Salesforce CRM
c) Rackspace servers
d) Google mail
3. Which of these companies is not a leader in cloud computing?
a) Google
b) Amazon
c) Blackboard
d) Microsoft
136. Exercises – Quiz
4. Which is not a major cloud computing platform?
a) Google 101
b) IBM Deep blue
c) Microsoft Azure
d) Amazon EC2
5. Which one of these is not a key notion in cloud computing?
a) Free
b) Service based
c) Scalable
d) shared
e) Virtualized resources
6. Which of these is not a major type of cloud computing usage?
a) Hardware as a Service
b) Platform as a Service
c) Software as a Service
d) Infrastructure as a Service
137. Exercises – Quiz
7. An Internet connection is necessary for cloud computing interaction.
a) True
b) False
8. Mobile platforms are supporting
a) Iphone applications
b) Blackberry applications
c) Android applications
d) All the above
9. What enables Thin Clients to work?
a) Network connectivity
b) Keyboard
c) USB connections
d) All the above
138. Exercises – Quiz
10. Location independence promotes an environment that is
a) Flexible
b) Fail-save
c) Fail-soft
d) All the above
143. Confidentiality, Integrity and Availability
• Confidentiality
– No unauthorized access
– Privacy and data protection
– Encryption
– Physical security
• Integrity
– Information is accurate and authentic
• Availability
– When needed, where needed by authorized users
– 5 nines standard: 99.999%
144. Authentication, Authorization and Accountability
• Authentication
– Authorized user?
– Prove identity with something you
• Know (password)
• Have (RSA token device)
• Are (fingerprint or retina scan)
• Authorization
– What can an authorized person do?
• Accountability
– Audit access and applications
– Review logs periodically
145. Virus Infections on Virtualized Environments
Virus infections on
• Type 1 virtualized
environment
• Type 2 virtualized
environment
• Client Operating System
146. Virus Infections on Type 1 Virtualized Environments
• Viruses invade below the hypervisor layer
• Viruses intercept and react with hypervisor request to hardware
Application Application Application
Programs Programs Programs
Guest Operating Guest Operating Guest Operating
System System System
Hypervisor
Virtual Operating Environment
Virus
Hardware
147. Virus Infections on Type 2 Virtualized Environments
• Viruses infect host OS below the hypervisor layer
• Viruses intercept an react with hypervisor requests to hardware
Application Application Application
Programs Programs Programs
Guest Operating Guest Operating Guest Operating
System System System
Hypervisor
Virtualization Layer
Virus
Host Operating System
Hardware
148. Client Operating System Virus Infections
• Viruses infect Guest OS
• Need Antivirus software
on each guest
• Benefits:
– Guests are separated
from each other
– No impact to hypervisor
– No impact to host OS
151. Cloud-based Identity Management
• Federation Management
• Using multi-system identity information for a ‘global’, single-sign-
on environment
• Based on trust relationships
• Often standards-based
– Ensure compliance
– Allows interoperability
152. Federation: Example
One federated or trusted login is
sufficient for all three parties in
this example: each trust the
other to identify the user.
153. Federation: Implementation
• Information card components:
– Subject is identity holder
– Digital identities are issued for subject by identity providers
– Relying parties accept identity
– Similar to a personal digital credit card
• Using a PKI and Digital Certificate
• Microsoft CardSpace
– More flexible than username and password
– Consistent user experience
• OpenID
– Emerging
154. Federation Levels
• Permissive: no verification
• Verified: DNS and domain keys verified
– Not encrypted
– DNS poison
• Encrypted: TLS and digital certificates
– Certificates may be self-signed
– Weak identity verification
• Trusted: TLS and digital certificates from root CA
– Encrypted
– Strong authentication
155. Presence in the Cloud
• Individual presence: Foundation for Information Management
– Are you here?
– Are you logged in?
– Are you busy?
• Hardware services
– Hardware type
– Hardware feature
• Location: GPS
• Pub-Sub: Publish and Subscribe
– Facebook has friends and fans
– IM has buddies
156. Leveraging Presence
• Subscribe from anywhere
• Publish from anywhere
• Wide range of options
• Many development possibilities
159. The Future of Presence
• Continual development
• Location Centric Cloud Services
– Access based on where you are
– Service depending on where you are
• Using standards for full integration
160. The interrelation of Identity, Presence and Location
• Digital Identity
– Traits
– Attributes
– Preferences
• Digital identity, presence and location determine available
services and capabilities
162. Claim-based Solutions
• Method to introduce a
claim to a resource
• Recall previous
information on a claim
• Extended to include
multiple point of truth
– Active Directory controller
for a domain is single point
of truth for a domain
– Federated identity is
multiple points of truth
• Hotel
• Airline
• Rental Car
164. Compliance-as-a-Service
• Regulatory compliance
• Difficult to establish audit compliance in third-party contracts
• New service possibilities:
– Multi-regulation compliance verification
– Continuous audit
– Threat intelligence
165. Privacy
• Confidentiality of personal information is paramount
• Must comply with laws and regulations
– HIPAA
– GLBA
– EU, Canadian, Australian, … privacy statutes/acts
• Clouds are international in nature, making privacy issues difficult
166. Personal Identifiable Information (PII)
• Forms of identification
• Contact information
• Financial information
• Health care information
• Online activity
• Occupational information
• Demographic information
167. Privacy Related Issues
• Notice: The user is given a privacy notice
• Choice: The user can choose which information to enter
• Consent: The use accept terms and conditions
The user should be informed about:
– Use: What is the intended use of information?
– Access: Who will have access?
– Retention: How long is the information stored?
– Disposal: When and how will the information be disposed?
– Security: How is security provided?
168. International Privacy
• European Union
– EU Data Protection Directive (1998)
– EU Internet Privacy Law (DIRECTIVE 2002/58/EC, 2002)
– Laws an privacy standards of the member states
• Japan
– Personal Information Protection Law
– Law for Protection of Computer Processed Data Held by
Administrative Organs (1988)
• Canada
– Privacy Act (1983)
– PIPEDA (Bill C-6)
169. Safeguards
• Effective Access Control and Audit
– Single Sign On (SSO)
– Strong authentication
– Audit log
• Secure Storage
– Encryption
– Integrity
• Secure Network Infrastructure
– Encryption protocols
– Integrity protocols
170. Exercises – Quiz
1. Which of these should a company consider before implementing cloud computing
technology?
a) Employee satisfaction
b) Potential cost reduction
c) Information sensitivity
d) All of the above
2. What is the most important drawback of cloud computing?
a) Compliance
b) Regulation
c) Security
d) Availability
3. The CIA triangle is made up of
a) Correctness, Integrity and Availability
b) Confidentiality, Integrity and Availability
c) Confidentiality, Infrastructure and Availability
d) Confidentiality, Integrity and Authentication
171. Exercises – Quiz
4. The CIA triangle is implemented using
a) Encryption
b) Access control lists
c) Auditing
d) All the above
5. Which of the following is true about viruses
a) Viruses invade below the hypervisor layer
b) Viruses intercept and react with hypervisor request to hardware
c) Viruses infect Guest OS
d) All the above
6. Federation is implemented using
a) PKI and Digital certificate
b) Biometric login
c) Username and password
d) None of the above
172. Exercises – Quiz
7. Which of the following is not a federation level?
a) Verified
b) Signed
c) Encrypted
d) Trusted
8. Which of the following is not an Identity Management Solutions
a) Claim-based solutions
b) Presence as a Service
c) Identity-as-a-Service (IDaaS)
d) Compliance-as-a-Service (CaaS)
9. Which of the following standards is not used for handling security and compliance
a) FISMA
b) HIPAA
c) X.800 standard
d) SAS 70 Audits
173. Exercises – Quiz
10. Cloud computing has the following advantage over in-house computing
a) Requires little or no capital investment
b) No need to deploy backup and disaster recovery
c) Does not require IT staff to attend to servers, applications etc.
d) All the above
180. Message Base
• Assures consistency and portability between components
• Uses messaging protocols
– Object Oriented: SOAP, JSON, REST
– Support Websites: HTTP and HTML
– E-mail: SMTP, POP3, IMAP
• Requires middleware for message protocol conversion
181. Communications Capacity
• Requires plenty of bandwidth
– Difficult to measure without detailed analysis
• Measuring network utilization:
– Transaction-based
– Process-based
– Application-based
182. Private Intranet and Private Cloud
• Under control of the own organization
– Your own infrastructure
– Engineered to your needs
• Cost factors
– Hardware
– Circuits
– Global reach
– Engineering
– On going support
– Outages
• Internal Security
183. Routing to the Data Center
• Sufficient routing hardware
• Sufficient circuits
• High bandwidth
• Low latency
• Advanced routing processes such as MPLS
• Quality of Service
• Data vs. Voice
184. Moving Data within the Local Data Center
• High-speed internal circuits
• VLAN for traffic isolation and security
• Campus area networks
• Wide area Ethernet
• Wireless
• Internal security
185. Storage Capacity
• Exactly how much do you need?
• How much can you afford?
• What features do you need?
– Speed vs. capacity
– Green is great
– Lower cost options
• SAS
• SATA
• Virtual (networked) disk
186. Network Attached Storage
• Disk storage used to store file-based records such as:
– Documents
– Pictures
– Scanned images
• Server software simplified
• Disk access and security
• Multiple access methods:
– CIFS (Windows)
– NFS (Unix)
187. Multi-site
• Multiple sites assists with disaster recovery and avoidance
– Multiple access routes
– Streamline user pathways
188. Monitoring
• Monitoring disk usage and performance
• Build baseline and trend analysis
• Expand as needed
• Consider physical plant requirements
– Electrical
• UPS
• Generator
– HVAC
– Floor space
189. Server Software Environments
That Support Cloud Computing
• Server capacity
• Virtualization
• Clustering and High Availability (HA)
• Expansion
• Server functions
190. Server Capacity
• Services being provided
– Applications
– Processes
• Speed and features
– Processors: SMP vs. Cores
– Memory
– Local disk and Network disk
• Vendor support
192. Open Source Software in Data Centers
• Cost reduction vs. reliability
• Not necessarily for free
– Free based support
– Hidden costs
• Server software
– Apache
– Jetty
– Zend
• Databases
– MySQL
– postgresSQL
193. Establishing a Baseline for Cloud Performance
• Connection speed
• Datastore (delete and read times)
• Deployment latency
• Lag time
194. Connection Speed
• If the network is fast, the cloud succeeds
• Bandwidth: Measure of network throughput
– bps/Bps: bits/Bytes per second
– Rating: network capacity or throughput?
– 54Mbps wireless is really 22 Mbps
• Latency: Delay
– Firewalls, routers, servers
– Congestion factors
195. Public Internet
• Using the public internet can be risky:
– Target of DDOS
– Recent attacks show vulnerabilities
– No way to regulate bandwidth consumption
– Now way to regulate bandwidth availability
– Criticality vs. cost
– External security
196. Data Protection and Partitioning
Brewer Nash Fibre Channel
Security Model Security
• Information barriers • Zoning
• Eliminating conflict of • LUN Masking
interest
Protection across operating systems and virtual servers
199. Virtual Private Network
• Remote access gives participant full network use
• Tunnel mode
– Transparent connection, clients not aware of tunnel
– All traffic encrypted
• Transport mode
– Requires use of VPN client software
– IP addresses not encrypted
• Security risks in both modes
200. Content Management Systems
• Collaboration tool
• Allows large number of people to share stored data
• Controls access to data, based on user roles
• Aids in easy storage and retrieval of data
• Reduces repetitive duplicate input
• Improves the ease of report writing
• Improves communication between users
203. Backup and Recovery
Backup Recovery
• Short term and • Frequent planned
archival storage exercises
• Compliance • Master the process!
• May use replication
locations
207. Standards and Best Practices
Information Management
– COBIT, ISO/IEC 38500
– BiSL
Service Management
– ITIL
– ISO/IEC 20000
Security Management
– ISO/IEC 27001
Application Management
– ASL
Technical Standards
– IEEE, OSI, ISO/IEC
208. The Case for Standards
Common
ground
Multiple
General
Standards providers and
accepted
provide multiple
practices
applications
Portability
209. Using Industry and International Standards
• Standards assist in
– Portability
– Uniformity
• Standards organizations are not standard
– IEEE and others for physical networks
– ISO and IETF for logical networking
– Consortia and others for applications and middleware
– ISO and others for management and security
• Commonality of standards regardless of source
210. Open Cloud Consortium
• Supports the development of standards and interoperability
frameworks
• Develops cloud computing benchmarks
• Supports open source reference implementations
• Manages cloud computing test beds
• Manages infrastructure to support scientific research
211. Web-based Enterprise Management
• WBEM is a set technologies
– Unifying management of computing environments
• Core set of standards
– CIM, CIM-XML, CIM Query Language
– SLP and URI mapping
• Extensible
– Facilitating the development of reusable and platform-neutral
tools and applications
212. Web Services Management
• WS-MAN specification promotes interoperability between
applications and resources
• Features:
– Discover managed devices
– Get and put information from and to managed devices
– Create and delete dynamic settings and values
– Enumerate contents
– Subscribe to generated log records
– Execute management processes
213. Distributed Management Taskforce
• Facilitates a collaborative effort within the IT industry to
develop, validate and promote standards for systems
management
• 4000 active participants from 43 countries
• 160 member companies and organizations
214. Storage Management Initiative Specification ( SMI-S)
• Solves the problem of managing standardized Storage Area
Networks (SANs)
• Allows a Web-based enterprise management system to bridge
the gap among the various vendors and provide a consistent
management capability regardless of hardware source
215. System Management Architecture
for System Hardware
• An application suite that consolidates several aspects of data
center management
• CLP provides standardized server management in the data
center
• Provides standard-based Web server management, regardless
of
– Machine state
– Operating system state
– Server system topology
– Access method
216. Standards for Application Developers
Content
formatting
Scripting
Protocols languages
standards
and
languages
217. Standards for Security in the Cloud
• Privacy regulations
– HIPAA
– GLBA
– International Privacy
• Security protocols
• International laws:
www.informationshield.com/intprivacylaws.html
•US Federal and state privacy laws and regulations:
www.informationshield.com/usprivacylaws.html
218. Health Assurance Portability and Accountability
• HIPAA
• Privacy Rule
– Allows disclosure of personal health
information when required
– Protects personal health information
– Gives patients rights
• Security Rule
– Allows implementation of the privacy Rule
– Specifies safeguards to assure CIA of
patient information
– Provides administrative, technical and
physical security controls
219. Financial Services Modernization Act
• GLBA, also known as the Financial Services Modernization Act
of 1999
• Financial Privacy Rule
– Governs information collection and disclosure
– Applies to financial and non-financial entities
• Safeguard Rule
– Receivers of financial information must protect it
– Design, implement and maintain standards
• Pre-texting protection
– Protects against deceptive information gathering practices
220. Payment Card Industry
• Goal of managing the confidential payment card information
– Debit
– Credit
– Prepaid
– E-purse
– ATM and POS
– Associated businesses
• Issue:
How to secure PCI-based information?
228. Should Your Company Invest in Cloud Computing?
Does it do what we want or need? Can we adjust?
• Provide services we need
• Appropriate applications available
Can we accept? Is the move justified?
• Decision makers vs. users • Economic value
• Operational value
229. Business Benefits of Cloud Computing
• Operational
– Efficiency in: servers, workers, power,
disaster recovery, training
– Flexibility
• Economic
– Save money
– Reduce overhead
– Become ‘green’
• Staffing
– Reduce or redeploy staff
231. More Operational Benefits
• Optimum use of staff
• Centralization and management of systems and desktops
• Archiving of systems simplified
• Disaster recovery simplified and manageable across sides
232. Deliver What You Want Quicker
• Can the cloud provide your users the resource being utilized in
the cloud faster than if the resource was hosted locally at your
company?
• What do we give up?
• What do we gain?
• Is your organization willing to compromise?
233. Economical Benefits
• Hardware:
– Buying less or less complex equipment
• Budget:
– Pay as you go
– Improved budget control
– Buy what you need when you need it
• Time-to-market
– Quicker deployment using standardized products
234. More Economical Benefits
• Little or no software installation or maintenance
• Shorter deployment time
• Worldwide availability
• SLA adherence
• Upgrades
• Make life easier on your IT staff
• More money
235. Meeting Short-term Needs
Are you going to the cloud permanent or for a short term goal?
Example
• Need to develop major software package
• Need to access to additional development hardware
• Budget restrictions exclude buying hardware
• Cloud PaaS solution is ideal:
– Acquire
– Use
– Loose
236. Staffing Benefits
• Optimum use of staff
• People fewer or better deployed
• Accomplishment
• Less stress in operational environment
• Make life easier on your IT staff
237. Cloud Implementations impact
• Power savings • Service
• Floor space savings • Wiser investment
• Network infrastructure • Security
• Maintenance reductions • Quick delivery
• Software licensing • Reduced capital expense
• Time to value • Meeting shot-term needs
• Trial period
238. Power Savings
• Reduce overall power requirements
– Limited servers and data platforms
– Simpler desktop platforms
• HVAC reduction
– Server farm
– Storage farm
– Workspace cooling and heating
• Simpler UPS and Generator needs
• Offset by cloud provider cost increase
– Virtualization and shared storage
239. Floor Space Savings
• Smaller overall footprint in the enterprise
• Displace to Cloud provider
• Reduced lease and rental costs
• Less maintenance
• Less cleaning costs
240. Maintenance Reductions
• Reduction of maintenance costs:
– Hardware
– Software
– Facility
• New maintenance costs
– Uploaded and downloaded data
– Update software if PaaS environment
241. Software Licensing
• Depending on implementation, a reduction in the number of
licenses required
• Requires analysis of demand for software
• Per seat vs. per user
244. Wiser Investment
• Is the cloud investment smarter than in-house?
• Cost factors
• Performance factors
• Management factors
• Satisfaction factors
• Can the cloud be defended?
• Who are the stakeholders?
245. Network Infrastructure Changes
• Need high bandwidth Internet connections
• Internal infrastructure may be simplified
• Less complexity in switching and routing network
246. Reduced Capital Expense
• Reduce inventory
• Reduce taxes (some jurisdictions)
• Cost of money over time
• Recurring costs handled differently than
capital expenditures for tax and budgeting
purposes
247. Vendor Access and Support
• Does the provider support my needs?
• Is the vendor easy to work with?
• What is the vendor’s remote monitoring and management
strategy?
• Can the vendor provide references?
• Is it easy to access and update the data?
• Can you use the vendor’s dataflow processes?
248. Time to Value
• How long does it take to get value from the cloud
implementation?
OR
• How soon can I start using it to make money?
• If you need ten new servers online tomorrow, consider:
– What does it take to do it in-house
– What does it take to provision them in the cloud?
249. Trial Period
• Make sure you get a ‘try it, then buy it’ clause
• Do not commit until you are sure it works the way you want
• Especially true if you are using a new software package or new
service you have not seen before!
250. Service: what you get for the money
• What services are provided?
– Installation
– Conversion
• Are the SLA terms reasonable?
• What are the penalties?
• What type of support is provided?
• Do you have alternative or backup plan?
• Do you fully understand the offering and the expected outcome?
251. Security
• All in-house security requirements must be present in the cloud
• Regulatory and statutory requirements
• Industry accepted practices
• Privacy
• Eliminate data leakage
• Understand the internal server structures
– One tier
– Two tier
– Three tier
252. Evaluating Cloud Implementations Summary
• Power savings • Service
• Floor space savings • Wiser investment
• Network infrastructure • Security
• Maintenance • Delivers what you want
• Software licensing quicker
• Time to value • Reduced capital
• Trial period expense
• Meeting short-term
needs
254. Google Cloud User:
City of Washington D.C.
• Vivek Kundra, CTO for the District (now OMB e-gov administrator)
• Migrating 38,000 employees to Google Apps
• Replace office software
– Gmail
– Google Docs (word processing and spreadsheets)
– Google video for business
– Google sites (intranet sites and wikis)
254
255. Case Study: Facebook’s Use of Open
Source and Commodity Hardware (8/08)
• Jonathan Heiliger, Facebook's vice president of technical operations
• 80 million users + 250,000 new users per day
• 50,000 transactions per second, 10,000+ servers
• Built on open source software
– Web and App tier: Apache, PHP, AJAX
– Middleware tier: Memcached (Open source caching)
– Data tier: MySQL (Open source DB)
255
256. Case Study:
Salesforce.com in Government
• 5,000+ Public Sector and Nonprofit Customers use Salesforce Cloud
Computing Solutions
• President Obama’s Citizen’s Briefing Book Based on Salesforce.com Ideas
application
– Concept to Live in Three Weeks
– 134,077 Registered Users
– 1.4 M Votes
– 52,015 Ideas
– Peak traffic of 149 hits per second
• US Census Bureau Uses Salesforce.com Cloud Application
– Project implemented in under 12 weeks
– 2,500+ partnership agents use Salesforce.com for 2010 decennial census
– Allows projects to scale from 200 to 2,000 users overnight to meet peak
periods with no capital expenditure 256
257. Case Study:
Salesforce.com in Government
• New Jersey Transit Wins InfoWorld 100 Award for its Cloud Computing
Project
– Use Salesforce.com to run their call center, incident
management, complaint tracking, and service portal
– 600% More Inquiries Handled
– 0 New Agents Required
– 36% Improved Response Time
• U.S. Army uses Salesforce CRM for Cloud-based Recruiting
– U.S. Army needed a new tool to track potential recruits who visited its
Army Experience Center.
– Use Salesforce.com to track all core recruitment functions and allows the
Army to save time and resources.
257
Notes de l'éditeur
Cloud diagram idea inspired by Maria Spinola 8-31-09
Cloud computing is becoming one of the next industry buzz words. It joins the ranks of terms including: grid computing, utility computing, virtualization, clustering, etc. Cloud computing overlaps some of the concepts of distributed, grid and utility computing, however it does have its own meaning if contextually used correctly. The conceptual overlap is partly due to technology changes, usages and implementations over the years. Things changed radically when the Internet came along. Just a few years ago desktop computers had 20M B hard drives and people relied on floppy disks for storage. The first generation of computers had no desktop computers, and computing involved cardboard punch cards fed into a hopper. Another evolution is upon us once again, as there have been several since the dawn of the information age. We are entering the type of radical shakeup that only comes around once every 20 to 30 years: a disruptive shift in the underlying computing platform-of-choice. Remember when we moved from host computers to PCs?
Grid computingThe application of several computers to a single problem at the same time – usually to a scientific or technical problem that requires a great number of computer processing cycles or access to large amounts of data.Utility ComputingUtility computing is the packaging of computing resources, such as computation and storage, as a metered service similar to a traditional public utility (such as electricity, water, natural gas, or telephone network). This system has the advantage of a low or no initial cost to acquire hardware; instead, computational resources are essentially rented. Customers with very large computations or a sudden peak in demand can also avoid the delays that would result from physically acquiring and assembling a large number of computers(traced back to a john mccarthy, 1961 quotation)
Trends in usage of the terms from Google searches shows Cloud Computing is a relatively new term introduced in the past year. There has also been a decline in general interest of Grid, Utility and Distributed computing.Likely they will be around in usage for quit a while to come. But Cloud computing has become the new buzz word driven largely by marketing and service offerings from big corporate players like Google, IBM and Amazon.
Software as a ServiceSoftware as a Service (SaaS, typically pronounced 'sass') is a model of software deployment whereby a provider licenses an application to customers for use as a service on demand
MicrosoftMicrosoft’s cloud computing solution is called Windows Azure, an operating system that allows organizations to run Windows applications and store files and data using Microsoft’s datacenters. It’s also offering its Azure Services Platform, which are services that allow developers to establish user identities, manage workflows, synchronize data, and perform other functions as they build software programs on Microsoft’s online computing platform.Key components of Azure Services Platform include
• Windows Azure Provides service hosting and management and low-level scalable storage, computation, and networking.• Microsoft SQL Services Provides database services and reporting.• Microsoft .NET Services Provides service-based implementations of .NETFramework concepts such as workflow.• Live Services Used to share, store, and synchronize documents, photos, and files across PCs, phones, PC applications, and web sites.• Microsoft SharePoint Services and Microsoft Dynamics CRM Services Used for business content, collaboration, and solution development in the cloud.
Grid computing (or the use of a computational grid) is applying the resources of many computers in a network to a single problem at the same time - usually to a scientific or technical problem that requires a great number of computer processing cycles or access to large amounts of data.
Utility computing is the packaging of computing resources, such as computation, storage and services, as a metered service similar to a traditional public utility (such as electricity, water, natural gas, or telephone network). This model has the advantage of a low or no initial cost to acquire computer resources; instead, computational resources are essentially rented - turning what was previously a need to purchase products (hardware, software and network bandwidth) into a service.
Virtual machines (VMs)Key enabling virtualization technologyInitial developments in the early 70sSharing of mainframe computers by multiple legacy O/SsDumb terminals and Thin clients“Renaissance” when x86 platforms were virtualizedVMware; Xen, KVM, VirtualBox, Hyper-V, …
Full virtualizationSensitive instructions (discovered statically or dynamically at run-time) are replaced by binary translation or trapped by hardware into VMM for SW emulationAny OS software can run in the VMExamples: IBM’s CP/CMS, Oracle (Sun) VirtualBox, VMware WorkstationHardware-assisted virtualization (IBM S/370, Intel VT, or AMD-V)CPU traps sensitive instructions – runs unmodified guest OSExamples: VMware Workstation, Linux Xen, Linux KVM, Microsoft Hyper-VPara-virtualizationPresents SW interface to virtual machines similar to but not identical to that of the underlying HW, requiring guest operating systems to be adaptedExamples: early versions of XenOperating System virtualizationOperating system kernel allows for multiple isolated user-space instances, instead of just oneInstances look and feel like a real serverExamples: Solaris Zones, QEMU, BSD Jails, OpenVZ
Virtualization is the creation of a virtual (rather than actual) version of something, such as a hardware platform, operating system, a storage device or network resources.What is the difference between clouds and the “Grid” hype of the 1990s? My pat answer is “Virtualization”. Virtualization is the secret sauce of a cloud.
Source: Williams and computer world quotes, Software as a service: The next big thing, Eric Knorr 23/03/06, http://www.computerworld.com.au/index.php/id;889026646;fp;4;fpid;1398720840
Source: Scalable definition, André B. Bondi, 'Characteristics of scalability and their impact on performance', Proceedings of the 2nd international workshop on Software and performance, Ottawa, Ontario, Canada, 2000, ISBN 1-58113-195-X, pages 195 - 203Source: Three attributes for SaaS, Architecture Strategies for Catching the Long Tail, Frederick Chong and Gianpaolo CarraroMicrosoft Corporation April 2006, http://msdn.microsoft.com/en-us/library/aa479069.aspx
Source: Architecture Strategies for Catching the Long Tail, Frederick Chong and Gianpaolo CarraroMicrosoft Corporation April 2006, http://msdn.microsoft.com/en-us/library/aa479069.aspx
Intuit QuickBooks Online (www.qboe.com) gives small business owners the ability to access their financial data whether they are at work, home, or on the road. Intuit Inc. says the offering also gives users a high level of security because data is stored on firewall-protected servers and protected via automatic data backups. There is also no need to hassle with technology—software upgrades are included at no extra charge.Google Apps, launched as a free service in August 2006, is available for US$50 per user account now and is a suite of applications that includes Gmail webmail services, Google Calendar shared calendaring, Google Talk instant messaging and Voice over IP, and the Start Page feature for creating a customizable homepage on a specific domain. More than 100,000 small businesses and hundreds of universities use the service.
“[Cloud computing] relies on separating your applications from the underlying infrastructure” - Steve Herrod, CTO at VMware
Security is incredibly important in today's environment. Cyber-attackersand other types of black hat folk want to infiltrate your network, often forpersonal gain, and the losses every year due to cyber-attack are enormous.We take great measures to protect our data and our networks withfirewalls, anti-virus and anti-malware software, physical protections such aslocked data centers, and sophisticated authentication and authorizationtechniques.Any good IT security manager is paranoid, and the belief that "everybodyis out to get me" is one that serves the IT security mission well. "Trust noone" is the watchword. The poor IT security manager is as a result oftenresented by end users, who must comply with regular password changes,policy items that may be annoying or inconvenient, and procedures thatmay make access more difficult. And the payoff isn't always obvious, sincethe most ideal outcome for the security manager is that "nothinghappens."
Some key issues: trust, multi-tenancy, encryption, complianceClouds are massively complex systems and can be reduced to simple primitives that are replicated thousands of times and common functional unitsCloud security is a tractable problem -There are both advantages and challenges It is only by looking at what happens to other people, and statistics relatedto loss and frequency of attack, that we realize that the security investmentis a good one.
General Security ChallengesTrusting vendor’s security modelCustomer inability to respond to audit findingsObtaining support for investigationsIndirect administrator accountabilityProprietary implementations can’t be examinedLoss of physical control
Example: The 2008 CSI Computer Crime and Security Survey showsthat there is an average reported annual cost of nearly half a million dollarsfor financial fraud, $350,000 for dealing with "bot" computers in thenetwork; and an overall average annual loss of just under $300,000.
General Security AdvantagesShifting public data to a external cloud reduces the exposure of the internal sensitive dataCloud homogeneity makes security auditing/testing simplerClouds enable automated security managementRedundancy / Disaster Recovery
It's interesting to note though, that the security issue has its own cloud basedsolution that is growing in popularity. Security is increasingly delivered as a managed service by a third party provider, a factor that gives weight to the relevance of cloud computing and "as a service" offerings in respect to the security question.There are several obvious reasons why security is being delivered, quite successfully, on an outsourced basis through the cloud. Like many othertypes of services that are delivered over the cloud, security is a specializedfield. Many smaller companies especially lack the high-end expertise required to run security in-house, and having access to the best security experts in the business from a third-party provider will afford those companies better security, more expertise and knowledge, and access to higher-end security applications and equipment than they could provide on their own.
Provisioning ServiceAdvantagesRapid reconstitution of services Enables availabilityProvision in multiple data centers / multiple instancesAdvanced honey net capabilitiesChallengesImpact of compromising the provisioning serviceData Storage ServicesAdvantagesData fragmentation and dispersalAutomated replicationProvision of data zones (e.g., by country)Encryption at rest and in transitAutomated data retentionChallengesIsolation management / data multi-tenancyStorage controllerSingle point of failure / compromise?Exposure of data to foreign governments
Cloud Processing InfrastructureAdvantagesAbility to secure masters and push out secure imagesChallengesApplication multi-tenancyReliance on hypervisorsProcess isolation / Application sandboxesCloud Support ServicesAdvantagesOn demand security controls (e.g., authentication, logging, firewalls…)ChallengesAdditional risk when integrated with customer applicationsNeeds certification and accreditation as a separate applicationCode updatesCloud Network and Perimeter SecurityAdvantagesDistributed denial of service protectionVLAN capabilitiesPerimeter security (IDS, firewall, authentication)ChallengesVirtual zoning with application mobility
What happens when data and applications are put into the cloud? Do welose control over the security precautions? What happens to security?Those are fair questions that must be addressed. The word "cloud" impliesby its very nature that the exact physical location of data and applicationsmay not even be known. The abstraction provided by the virtualizationtechnology used by cloud providers makes physical location even harder topin down.
The most immediate advantages of the cloud is the lack of an up-front capital investment, and freeing the internal IT staff to attend to more pressing concerns. But beyond that, there are advantages that relate directly to security. A cloud computing service provider will typically offer a service level guarantee to protect against data loss, outage, failure, and cyber attack. Typically, this SLA is backed up by specific terms that lay out performance levels, as well as penalties that the provider may be liable forif those levels are not met.
Social networking systems: Today, real work is still being done with spreadsheets and emails. This need more than social networking. The need is for interactive management systems with real reports.Homesourcing: Because applications and data no longer need to reside on the computer in front of us, the physical office is quickly becoming redundant and this brings incredible efficiency gains andcost savings to companies. Corporate processes: Larger companies take advantage of the decentralization made possibleby cloud computing. This leads to a greater level of outsourcing, whichin turns triggers the need for more smaller companies to fill the needfor those outsourced services.Smart phones like the iPhone and BlackBerry continue to gainfunctionality and power, and their reach extends further with easierAccess to wireless broadband: This makes smart phones moreattractive as an actual working machine, and a tool for accessing
Eli Lilly and Company is one company that has moved to Amazon EC2 as part of their IT operations. As a part of Lilly’s efforts to find new and improved methods to support research, Lilly began using Amazon Web Services (AWS). Amazon EC2 has given us the ability to easily spin up tailored computing environments that can quickly and cost-effectively process tremendous amounts of research data. This has helped in maximizing our results relative to IT spend.
Doesn’t strong security controls mean that I can adopt the most cost effective approach?There are many benefits that explain why to migrate to cloudsCost savings, power savings, green savings, increased agility in software deploymentCloud security issues may drive and define how we adopt and deploy cloud computing solutions
Most clouds will require very strong security controlsAll models of cloud may be used for differing tradeoffs between threat exposure and efficiencyThere is no one “cloud”. There are many models and architectures.How does one choose?
Possible Effects of Cloud ComputingSmall enterprises use public SaaS and public clouds and minimize growth of data centersLarge enterprise data centers may evolve to act as private cloudsLarge enterprises may use hybrid cloud infrastructure software to leverage both internal and public cloudsPublic clouds may adopt standards in order to run workloads from competing hybrid cloud infrastructures