Professional Documents
Culture Documents
Agenda
Introduction History of Cloud computing Foundational Elements of Cloud Computing Principles of Cloud Computing Cloud Computing Security Secure Cloud Migration Paths Using the Cloud Implementing and Supporting the Cloud Managing Cloud Computing Evaluation of Cloud Computing Cloud Computing Case Studies and Security Models
1. Introduction
Course objectives
Fundamental concepts of the cloud computing platform: Deployment Architecture Design What made cloud possible Pros and cons, benefits and risks Standards and best practices
Overview
Resource Pooling
Massive Scale
Measured Service
Resilient Computing Geographic Distribution
Common Characteristics
Homogeneity
Virtualization
Low Cost Software
Service Orientation
Advanced Security
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com
Objective: Exploring the history of shared computing and the technological, economic, organizational enablers for Cloud Computing To learn about how technologies evolved from cluster , grid and virtualization into cloud computing To learn about datacenter architectures of grid, utility and virtual machines
Grid computing
many computers in a network solve a single problem
Utility computing
packaging of computing resources, such as computation, storage and services, as a metered service
Virtualization
decouple software and hardware
Trends
* distributed computing * grid computing * utility computing * cloud computing
* distributed computing
* grid computing
* utility computing
* cloud computing
10
EXAMPLES
Amazon Elastic Compute Cloud (EC2) Simple Storage Service (S3) Googles App Engine Microsoft Windows Azure Microsoft SQL Services Microsoft .NET Services Live Services Microsoft SharePoint Services and Microsoft Dynamics CRM Services
12
13
15
16
m
Worker Role
Web Role
Grid Computing
Distributed parallel processing across a network Key concept: the ability to negotiate resource-sharing arrangements Characteristics of grid computing Coordinates independent resources Uses open standards and interfaces Quality of service Allows for heterogeneity of computers Distribution across large geographical boundaries Loose coupling of computers
18
Grid Computing
20
Utility computing
Originally, time-sharing access to mainframe (1960s) Rediscovered in late 1990s as alternative to building and running your own datacenter build large datacenter and rent access to customers Sun, IBM, HP, Intel, and many others built datacenters and rented access to servers 1990s usage model: Long legal negotiations with strong service guarantees Long-term contracts (monthly/yearly) Approx. $1/hour pricing per physical computer Overall, this model was not commercially viable!
Utility Computing
Computing may someday be organized as a public utility - John McCarthy, MIT Centennial in 1961 Huge computational and storage capabilities available from utilities Metered billing (pay for what you use) Simple to use interface to access the capability (e.g., plugging into an outlet)
22
Virtualization
Creation of a virtual (rather than actual) version of something, such as a hardware platform, operating system, a storage device or network resources. o Abstraction layer that decouples computation from physical resource Motivations o Resource sharing with security and isolation Similar to multi-user/multi-programming o Ease of management Virtual machines (bits) vs.. physical resources (hardware) E.g.: start/stop, clone, migrate, suspend an entire virtual machine As flour is to a cookie, virtualization is to a cloud
23
Traditional Stack
Virtualized Stack
Modern OS Virtualization
Hardware-assisted virtualization is a key technological enabler for Cloud Computing Provides complete isolation on commodity (low-cost) platforms Enables multiplexing of many users onto single server Key contribution is minimal performance overhead (few percent) versus non-virtualized However, high I/O applications incur many VM traps (high CPU overhead), limiting scalability and efficiency Challenge: true performance isolation for multiple applications Many dimensions! (more in research discussion)
27
28
28
29
29
QUESTIONS
1. 2.
What is cloud computing? What are the differences between grid, virtualization and cloud computing.
31
32
33
34
IT labor costs are 18 times that of equipment costs. The number of computers is growing at 38% each year.
35
Platform Virtualization
Host operating system provides an abstraction layer for running virtual guest OSs Key is the hypervisor or virtual machine monitor Enables guest OSs to run in isolation of other OSs Run multiple types of OSs Increases utilization of physical servers Enables portability of virtual servers between physical servers Increases security of physical host server
36
Web Services
Web Services Self-describing and stateless modules that perform discrete units of work and are available over the network Web service providers offer APIs that enable developers to exploit functionality over the Internet, rather than delivering full-blown applications. Info world Standards based interfaces (WS-I Basic Profile) e.g., SOAP, WSDL, WS-Security Enabling state: WS-Transaction, Choreography Many loosely coupled interacting modules form a single logical system (e.g., legos)
37
37
Service Oriented Architectures Model for using web services service requestors, service registry, service providers Use of web services to compose complex, customizable, distributed applications Encapsulate legacy applications Organize stove piped applications into collective integrated services Interoperability and extensibility
38
39
40
41
42
43
Cloud Economics
Estimates vary widely on possible cost savings If you move your data Centre to a cloud provider, it will cost a tenth of the cost. Brian Gammage, Gartner Fellow Use of cloud applications can reduce costs from 50% to 90% - CTO of Washington D.C. IT resource subscription pilot saw 28% cost savings - Alchemy Plus cloud (backing from Microsoft) Preferred Hotel Traditional: $210k server refresh and $10k/month Cloud: $10k implementation and $16k/month
44
2.1
Overview
47
Clouds are a large pool of easily usable and accessible virtualized resources
(such as hardware, development platforms and/or services). These resources can be dynamically reconfigured to adjust to a variable load (scale), allowing also for an optimum resource utilization. This pool of resources is typically exploited by a pay-per-use model in which guarantees are offered by the Infrastructure Provider by means of customized SLAs.
(ACM, Association of Computing Machinery)
Cloud computing is not a product you buy. Its not a SKU. Its not a technology. Its an IT delivery model. (Mike Martin, Director of Cloud Computing for Logicalis)
Virtualization
It does not matter where hardware, applications or data is located in the cloud, as long as we can access and use it.
2.2
Overview
Standalone Mainframes
Benefits Dedicated Hardware for single tasks Multitasking and timesharing Early virtualization and multi-processing Limitations Limited memory Limited storage Expensive Difficult deployment
Communication Systems
Two forms Dedicated leased line Dial-up Uses Time sharing services Multitasking operating systems Dumb tubes Communication controllers Remote terminal access Remote Job Entry
Minicomputers
Smaller Less expensive Multi-user Mulri-tasking Proprietary and standard operating systems (UNIX) Expanded communication (including LANs)
Microcomputers
Even smaller Single user Rudimentary operating system Limited memory and storage
Internet
Initial goals Reliable communication
Even in the event of partial equipment or network failure
Connectivity
With different types of computer and operating systems
Cooperative effort
Not a monopoly
Virtualization
Virtualization is not a new concept Around since the 1970s in mainframe environments
The Cloud
Internet Vision
As of now, computer networks are still in their infancy. But as they grow up and become more sophisticated, we will probably see the spread of computer utilities which, like present electric and telephone utilities, will service individual homes and offices across the country Leonard Kleinrock, 1969
2.3
Overview
Service-Oriented Architectures
Single service functions Services loosely coupled Services can be used by different applications
Cloud Services
Cloud service offerings: CaaS (Communication-as-a-Service) SaaS (Software-as-a-Service) PaaS (Platform-as-a-Service) IaaS (Infrastructure-as-a Service) MaaS (Monitoring-as-a-Service)
Communication-as-a-Service
Offsite communications service provider Voice over IP Instant messaging Video teleconferencing
Software-as-a-Service
Software hosted offsite As-is software package Vendor has high knowledgeable level Mash-up or plug-in External software used with internal applications (hybrid cloud)
Little or no change to application User has little flexibility User locked into vendor
Platform-as-a-Service
Remote application development Remote application support Portability among vendors Lower cost of development
Infrastructure-as-a-Service
Hardware service providers (HaaS) Rent what you need Servers Network equipment (Virtual) CPU availability Storage Hosting companies
Monitoring-as-a-Service
External monitoring services Servers Disk utilization Applications Networking Specialized skill set
Tiered Architecture
The Hypervisor
AKA: Virtual Machine Monitor (VMM) The foundation of virtualization Interfaces with hardware Replace the operating system Intercept system calls Operate with the operating system Hardware isolation Multi-environment protection
Application Programs
Guest Operating System
Application Programs
Guest Operating System
Application Programs
Guest Operating System
Application Programs
Guest Operating System
Application Programs
Guest Operating System
Application Programs
Guest Operating System
2.4
Overview
Exercises Quiz
1. Which of the following is not a cloud deployment model? a) Private b) Protected c) Public d) Hybrid e) Community 2. Which of the following is not an essential characteristic of cloud computing? a) Free b) Scalable c) Virtualized d) On demand e) Metered
Exercises Quiz
3. Which of the following is not a cloud architecture? a) IaaS b) PaaS c) HaaS d) SaaS 4. Which of the following is a benefit of using cloud computing? a) Security b) Availability c) Compliance d) Bandwidth guarantees e) Reduced costs
Exercises Quiz
5. In this model, formerly known as hardware as a service (HaaS), an organization outsources business components such as servers, storage and networking equipment. What is it? a) Infrastructure as a Service (IaaS) b) Platform-as-a-Service (PaaS) c) Software-as-a-Service (SaaS) d) None of the above 6. Infrastructure as a Service (IaaS) provides: a) Servers b) Storage c) Network equipment d) All the above
Exercises Quiz
7. What is Cloud Computing replacing? a) Corporate data centers b) Expensive personal computer hardware c) Expensive software upgrades d) All of the above 8. The hypervisor is also know as a) Virtual Machine Monitor b) Middleware c) Both of the above d) None of the above 9. The "Cloud" in cloud computing represents what? a) Wireless b) Hard drives c) People d) Internet
93
94
95
97
98
100
Additional Issues
Issues with moving PII and sensitive data to the cloud Privacy impact assessments Using SLAs to obtain cloud security Suggested requirements for cloud SLAs Issues with cloud forensics Contingency planning and disaster recovery for cloud implementations Handling compliance FISMA HIPAA SOX PCI SAS 70 Audits
101
Comparisons
105
106
107
108
Migration standards
Cloud Standards Mission: Provide guidance to industry and government for the creation and management of relevant cloud computing standards allowing all parties to gain the maximum value from cloud computing
NIST wants to promote cloud standards: We want to propose roadmaps for needed standards We want to act as catalysts to help industry formulate their own standards Opportunities for service, software, and hardware providers We want to promote government and industry adoption of cloud standards
110 11
111
Core features
112
Proposed Result
Cloud customers knowingly choose the correct mix for their organization of standard portable features proprietary advanced capabilities
113
114 11
115
116
Needed standards VM image distribution (e.g., DMTF OVF) VM provisioning and control (e.g., EC2 API) Inter-cloud VM exchange (e.g., ??) Persistent storage (e.g., Azure Storage, S3, EBS, GFS, Atmos) VM SLAs (e.g., ??) machine readable uptime, resource guarantees, storage redundancy Secure VM configuration (e.g., SCAP)
117
118
119
Overview
3.1
Overview
Web Browsers
Web Applications
Applications Google Gmail Yahoo Mail Twitter Zimbra Salesforce Dropbox Skype Issues Security Interoperability Bandwidth Latency Design
Thin Clients
What makes them thin? Network connectivity (wired and wireless) No moving parts (possibly a fan) Keyboard, monitor, and USB connections Sound card Embedded terminal services client RDP, VNC, etc. Green features: Small footprint Low heat; Low power consumption (starting at 6 Watt) Low disk space
3.2
Overview
Smartphones
BlackBerry applications
Android applications
Text Messaging
Universal communication path, two forms: SMS MMS Communicate: Phone to phone Computer to phone Hidden costs: Loss of productivity Loss of security Loss of safety
Location Independence
Dont care where it is, as long as we can get to it
Depends on Network Security Vendor or internal IT Application meeting needs Location independence promotes an environment that is Flexible Fail-save Fail-soft
Exercises Quiz
1. Example of Web application is a) Google mail b) Twitter c) Skype d) All the above 2. Platform as a service is a) Google App engine b) Salesforce CRM c) Rackspace servers d) Google mail 3. Which of these companies is not a leader in cloud computing? a) Google b) Amazon c) Blackboard d) Microsoft
Exercises Quiz
4. Which is not a major cloud computing platform? a) Google 101 b) IBM Deep blue c) Microsoft Azure d) Amazon EC2 5. Which one of these is not a key notion in cloud computing? a) Free b) Service based c) Scalable d) shared e) Virtualized resources 6. Which of these is not a major type of cloud computing usage? a) Hardware as a Service b) Platform as a Service c) Software as a Service d) Infrastructure as a Service
Exercises Quiz
7. An Internet connection is necessary for cloud computing interaction. a) True b) False 8. Mobile platforms are supporting a) Iphone applications b) Blackberry applications c) Android applications d) All the above 9. What enables Thin Clients to work? a) Network connectivity b) Keyboard c) USB connections d) All the above
Exercises Quiz
10. Location independence promotes an environment that is a) Flexible b) Fail-save c) Fail-soft d) All the above
Overview
4.1
Overview
Authorization What can an authorized person do? Accountability Audit access and applications Review logs periodically
Application Programs
Guest Operating System
Application Programs
Guest Operating System
Application Programs
Guest Operating System
Application Programs
Guest Operating System
Application Programs
Guest Operating System
4.2
IDENTITY MANAGEMENT
Overview
Federation: Example
One federated or trusted login is sufficient for all three parties in this example: each trust the other to identify the user.
Federation: Implementation
Information card components: Subject is identity holder Digital identities are issued for subject by identity providers Relying parties accept identity Similar to a personal digital credit card Using a PKI and Digital Certificate Microsoft CardSpace More flexible than username and password Consistent user experience OpenID Emerging
Federation Levels
Permissive: no verification Verified: DNS and domain keys verified Not encrypted DNS poison Encrypted: TLS and digital certificates Certificates may be self-signed Weak identity verification Trusted: TLS and digital certificates from root CA Encrypted Strong authentication
Leveraging Presence
Subscribe from anywhere
Publish from anywhere
Presence Protocols
IMPS Cell phones SIP Subscribe Notify SIMPLE Messaging XMPP XML based
Presence Enabled
Instant Messaging (IM)
Soft Phone
Hard Phone
Web page logins
Digital identity, presence and location determine available services and capabilities
Compliance-as-a-Service (CaaS)
Claim-based Solutions
Method to introduce a claim to a resource Recall previous information on a claim Extended to include multiple point of truth
Active Directory controller for a domain is single point of truth for a domain Federated identity is multiple points of truth
Hotel Airline Rental Car
Identity-as-a-Service
Provider based identity services
SSO for web
Strong authentication
Across boundary federation Audit and compliance
Compliance-as-a-Service
Regulatory compliance
Difficult to establish audit compliance in third-party contracts
New service possibilities: Multi-regulation compliance verification Continuous audit Threat intelligence
Privacy
Confidentiality of personal information is paramount
Must comply with laws and regulations HIPAA GLBA EU, Canadian, Australian, privacy statutes/acts Clouds are international in nature, making privacy issues difficult
International Privacy
European Union EU Data Protection Directive (1998) EU Internet Privacy Law (DIRECTIVE 2002/58/EC, 2002) Laws an privacy standards of the member states
Japan Personal Information Protection Law Law for Protection of Computer Processed Data Held by Administrative Organs (1988) Canada Privacy Act (1983) PIPEDA (Bill C-6)
Safeguards
Effective Access Control and Audit Single Sign On (SSO) Strong authentication Audit log
Secure Storage Encryption Integrity Secure Network Infrastructure Encryption protocols Integrity protocols
Exercises Quiz
1. Which of these should a company consider before implementing cloud computing technology? a) Employee satisfaction b) Potential cost reduction c) Information sensitivity d) All of the above 2. What is the most important drawback of cloud computing? a) Compliance b) Regulation c) Security d) Availability 3. The CIA triangle is made up of a) Correctness, Integrity and Availability b) Confidentiality, Integrity and Availability c) Confidentiality, Infrastructure and Availability d) Confidentiality, Integrity and Authentication
Exercises Quiz
4. The CIA triangle is implemented using a) Encryption b) Access control lists c) Auditing d) All the above 5. Which of the following is true about viruses a) Viruses invade below the hypervisor layer b) Viruses intercept and react with hypervisor request to hardware c) Viruses infect Guest OS d) All the above 6. Federation is implemented using a) PKI and Digital certificate b) Biometric login c) Username and password d) None of the above
Exercises Quiz
7. Which of the following is not a federation level? a) Verified b) Signed c) Encrypted d) Trusted 8. Which of the following is not an Identity Management Solutions a) Claim-based solutions b) Presence as a Service c) Identity-as-a-Service (IDaaS) d) Compliance-as-a-Service (CaaS) 9. Which of the following standards is not used for handling security and compliance a) FISMA b) HIPAA c) X.800 standard d) SAS 70 Audits
Exercises Quiz
10. Cloud computing has the following advantage over in-house computing a) Requires little or no capital investment b) No need to deploy backup and disaster recovery c) Does not require IT staff to attend to servers, applications etc. d) All the above
Overview
5.1
Overview
Independent Components
Message Base
Assures consistency and portability between components Uses messaging protocols Object Oriented: SOAP, JSON, REST Support Websites: HTTP and HTML E-mail: SMTP, POP3, IMAP Requires middleware for message protocol conversion
Communications Capacity
Requires plenty of bandwidth Difficult to measure without detailed analysis
Measuring network utilization: Transaction-based Process-based Application-based
Internal Security
Storage Capacity
Exactly how much do you need? How much can you afford? What features do you need? Speed vs. capacity Green is great Lower cost options
SAS SATA Virtual (networked) disk
Multi-site
Multiple sites assists with disaster recovery and avoidance Multiple access routes Streamline user pathways
Monitoring
Monitoring disk usage and performance Build baseline and trend analysis Expand as needed Consider physical plant requirements Electrical
UPS Generator
Server Capacity
Services being provided Applications Processes Speed and features Processors: SMP vs. Cores Memory Local disk and Network disk Vendor support
Cloud Applications
Connection Speed
If the network is fast, the cloud succeeds
Bandwidth: Measure of network throughput bps/Bps: bits/Bytes per second Rating: network capacity or throughput? 54Mbps wireless is really 22 Mbps Latency: Delay Firewalls, routers, servers Congestion factors
Public Internet
Using the public internet can be risky: Target of DDOS Recent attacks show vulnerabilities No way to regulate bandwidth consumption Now way to regulate bandwidth availability Criticality vs. cost External security
5.2
Overview
Scripting Languages
HTML
XML
JSON
5.3
Overview
Common ground
Standards
provide
Portability
Protocols
Scripting languages
Security Protocols
SSH SSL and TLS
IPSec
VPN
OpenID
Single credential system The goal Simplify multiple website logins Adopters Yahoo Google AOL OpenID Federation
Overview
6.1
Overview
Can we adjust?
Can we accept?
Operational Benefits
Incremental investment Storage availability Automation Flexibility Increased mobility
Economical Benefits
Hardware: Buying less or less complex equipment Budget: Pay as you go Improved budget control Buy what you need when you need it Time-to-market Quicker deployment using standardized products
Staffing Benefits
Optimum use of staff People fewer or better deployed Accomplishment Less stress in operational environment Make life easier on your IT staff
Power Savings
Reduce overall power requirements Limited servers and data platforms Simpler desktop platforms HVAC reduction Server farm Storage farm Workspace cooling and heating Simpler UPS and Generator needs Offset by cloud provider cost increase Virtualization and shared storage
Maintenance Reductions
Reduction of maintenance costs: Hardware Software Facility
New maintenance costs Uploaded and downloaded data Update software if PaaS environment
Software Licensing
Depending on implementation, a reduction in the number of licenses required
Requires analysis of demand for software Per seat vs. per user
6.2
EVALUATING IMPLEMENTATIONS
Overview
Wiser Investment
Is the cloud investment smarter than in-house?
Cost factors Performance factors Management factors Satisfaction factors Can the cloud be defended? Who are the stakeholders?
Time to Value
How long does it take to get value from the cloud implementation?
OR How soon can I start using it to make money? If you need ten new servers online tomorrow, consider: What does it take to do it in-house What does it take to provision them in the cloud?
Trial Period
Make sure you get a try it, then buy it clause
Do not commit until you are sure it works the way you want
Especially true if you are using a new software package or new service you have not seen before!
Security
All in-house security requirements must be present in the cloud Regulatory and statutory requirements
Industry accepted practices Privacy Eliminate data leakage Understand the internal server structures One tier Two tier Three tier
Power savings Floor space savings Network infrastructure Maintenance Software licensing Time to value Trial period
Service Wiser investment Security Delivers what you want quicker Reduced capital expense Meeting short-term needs
253
254
Case Study: Facebooks Use of Open Source and Commodity Hardware (8/08)
Jonathan Heiliger, Facebook's vice president of technical operations 80 million users + 250,000 new users per day 50,000 transactions per second, 10,000+ servers Built on open source software Web and App tier: Apache, PHP, AJAX Middleware tier: Memcached (Open source caching) Data tier: MySQL (Open source DB)
255