Source: http://www.free-pictures-photos.

com/

P. NELSON VINOD KUMAR, M. Tech(IT), MBA(HRM), MIE, ..
EXECUTIVE ENGINEER / ELECTRICAL
TTPS / TUTICORIN - 4
What is Cloud Computing?
What role it has in TTPS ?
Dont get frustrated (take a deep breath)
This is bleeding edge technology
Those W$*#T@F! moments
Be patient
This is the second first time Im teaching this course
Be flexible
There will be unanticipated issues along the way
Be constructive
Tell me how I can make everyones experience better
Cloud Computing Zen
If youre not genuinely interested in the topic
If youre not ready to do a lot of planning
If youre not open to thinking about computing in new ways
If you cant cope with uncertainly, unpredictability, poor
documentation, and immature software
If you cant put in the time
This course is not for you
Otherwise, this will be a richly rewarding course!
Anxious ! ! !
What is it ?
Cloud Computing

An User Connects to the cloud via the Inter / Intra-network
Does computing tasks, or
Runs applications, or
Stores Data


Therefore Cloud computing in general can be portrayed as a synonym
for distributed computing over a network



The Average Cloud user


In common usage, the term "the cloud" is
essentially a metaphor for the Internet



Do you Use the Cloud?
Dropbox is a free service that lets you bring your photos, docs, and videos anywhere and
share them easily.

Box simplifies online file storage, replaces FTP and connects teams in online workspaces.

Amazon Cloud Drive is a web storage application from Amazon

"NOOK is a brand of e-readers developed by American book retailer Barnes & Noble

The Kindle is a series of e-book readers designed and marketed by Amazon.com.

Google Play, formerly the Android Market, is a digital distribution platform for applications
for the Android operating system

Twitter is an online social networking and micro-blogging service that enables users to send
and read short 140-character text messages, called "tweets".

Facebook helps you connect and share with the people in your life.

icloud Store contacts, calendars, photos, music, books, apps and more in the cloud and
access them on all your devices

Flickr is an image hosting and video hosting website, and web services suite

Pandora is free, personalized radio that plays music you'll love. Discover new music and
enjoy old favorites

.So on and So forth







Software as a Service (SaaS) is a software
distribution model in which applications are
hosted by a vendor or service provider and
made available to customers over a network,
typically the Internet.
Principal Type of Cloud service
An Internet connection
An account - Created with a user name and a password
Agree to Terms
The Cloud Requires
So what is the cloud?
Computing and software resources that are
delivered on demand, as service.

It is smarter to rent than to buy..
From ground
to cloud
The Back Story
Computers have internal or hard drive storage(C: Drive)
CPU has a drive for storing programs, documents,
pictures, videos, presentations, etc
Computer Storage
Standard Computer Tower
or Central Processing Unit
(CPU)
Inside the Computer
Content is stored on THAT computer
To use content must return to THAT computer
Cannot access this content from another device or
computer
Internal Storage
Purchase programs
Load to the computer
Each computer would need the program loaded and
stored on the internal drive

Programs
External Storage
External Hard Drive
CD/DVD Thumb Drive
SD Card
Micro SD Card
Allows your content to become mobile
Save to the storage device
Take device to any compatible computer
Open and use content
Multiple work stations talk to one unit that stores
information and data.
Data is not saved to the C: drive, but to a network drive
Can retrieve the data stored to the network from any of the
connected workstations.
Networked Storage
When you do a save as on your computer, you choose
where to save the material.
Saving documents
Internal Storage
External Storage
Network
Create an Account User
name and password
Content lives with the
account in the cloud
Log onto any computer
with Wi-Fi to find your
content
Cloud Storage
Download a cloud based app to a computer you own
The app lives on your Computer
Save files to the app
When connected to the Internet it will sync with the cloud
The Cloud can be accessed from any Internet connection
Downloads for storage
Do save as to save a file to your computer and the cloud
The syncing folders makes data retrieval easier
Box and DropBox require this download to work
Save file as
Log-in to the online storage account
Click upload a file
Find the file on hard drive, network, or external storage
Upload to cloud storage


Upload Documents
5 GB
5 GB
2 GB
7 GB
Software and
applications
More than Storage
Google Docs
SkyDrive
Box
Document Creation


Download required?
Creation is happening in the cloud
Saving is going to the cloud
To retrieve files, must return to the cloud
Internet is required
What are we comfortable with patrons using?
Implications
Internet capable Devices
Saving Large Files
Multiple file types Photos, videos, presentations, docs
Back-up of stored files
File Sharing
Access from devices
Nothing to forget (thumb drive, cd)
Project collaboration

Benefits
File Sharing
Photo editing software
Online banking apps
Social media apps
Communication


Other Software services
WorldCat
MSC
Ebsco
Discover It

Library Specific Services
Other Cloud Services

Platform as a Service (PaaS) is a way to rent
hardware, operating systems, storage and
network capacity over the Internet. The service
delivery model allows the customer to rent
virtualized servers and associated services
for running existing applications or
developing and testing new ones.

Other types of service
Infrastructure as a Service (IaaS) is a provision
model in which an organization outsources the
equipment used to support operations,
including storage, hardware, servers and
networking components. The service provider
owns the equipment and is responsible for
housing, running and maintaining it. The client
typically pays on a per-use basis.

Other types of service
The NEW Cloud Pyramid

Software as a Service-End Users

Just run it for me!

also known as On-demand Service.

is an application that can be accessed from anywhere on the world as long as
you can have an computer with an Internet Connection.

We can access this cloud hosted application without any additional hardware
or software.

E.g. : G-mail, Yahoo mail, Hotmail etc..,

Also they can provide security features such as SSL encryption, a
cryptographic protocol.

The iSchool
University of Maryland
Application provided by Cloud Computing
Google Cloud

Platform as a Service (PaaS)-Application
Developers

Give us nice API (Application Programming Interface) and
take care of the implementation.

In the PaaS model, cloud providers deliver a computing
platform and/or solution stack typically including operating
system, programming language execution environment,
database, and web server.

is a platform for developers to write and create their own
SaaS i.e. applications.

which means rapid development at low cost.

E.g.: Salesforce.com, Windows Azure etc.

Infrastructure as a Service (IaaS)-
Network Architect


also known as hardware as a service.

is a computing power that you can rent for a limited period of
time.

allows existing applications to be run on a cloud suppliers
hardware.

cloud providers offer computers as physical or more often as
virtual machines raw (block) storage, firewalls, load balancers,
and networks

Cloud Architecture

Modes of Clouds
Public Cloud
Computing infrastructure is hosted by cloud vendor at the vendors premises.
and can be shared by various organizations.
E.g. : Amazon, Google, Microsoft, Sales force

Private Cloud
The computing infrastructure is dedicated to a particular organization and
not shared with other organizations.
more expensive and more secure when compare to public cloud.
E.g. : HP data center, IBM, Sun, Oracle, 3tera

Hybrid Cloud
Organizations may host critical applications on private clouds.
where as relatively less security concerns on public cloud.
usage of both public and private together is called hybrid cloud.

Cloud Operating Systems

Eye OS
Amoeba OS
Glide OS
Start force
myGoya
CorneliOS
Lucid Desktop
Cloudo, Ghost, Zimdesk, Start force etc.,


The iSchool
University of Maryland

The iSchool
University of Maryland

The iSchool
University of Maryland

The iSchool
University of Maryland

The iSchool
University of Maryland

The iSchool
University of Maryland

Some other Applications are:

Audio Player
Ever note Viewer
Video Player
Media Player
Flash Player
Google Document Viewer
Messenger
Sticky Note
Web Browser Lite

Distributed vs. Grid vs. Cloud

Rent based on usage
only
Rent Servers & Hosting
costs whether used or
not
Buy Servers & Colo
costs whether used or
not
Pricing model
High - virtualized Low Low Green
No contracts, usage
based, no upfront costs
Costly, sometimes
month/year contracts,
no CapEx
High CapEx Cost
Instant, Flexible, Pay-
per-usage
Slower, somewhat
flexible, Costly
Slowest, Rigid & Costly Scalability
Minutes Days to Weeks Weeks to Months Time
Cloud Grid Distributed
The iSchool
University of Maryland
Is Cloud Computing reduces E-Waste?.

Green IT Cloud Computing

Cloud Computing is Eco-Friendly.

We can reduce E-waste by using Cloud
Computing i.e. by Infrastructure as a Service
(IaaS).

Cloud Computing Helps to Accelerate Green IT

Can reduce Global Warming too..

Facebook DateCenter
Google Server
Disadvantages of Cloud Computing


Cloud computing is impossible if you cannot connect to the
Internet.

Since you use the Internet to connect to both your applications
and documents, if you do not have an Internet connection you
cannot access anything, even your own documents.

A dead Internet connection means no work and in areas where
Internet connections are few or inherently unreliable, this could
be a deal-breaker.

When you are offline, cloud computing simply does not work.

Commercial Clouds
Architectural Overview Of
Cloud Computing
Introduction
High performance networks and
advanced development of internet is the
basis for cloud computing .

Cloud computing has started taking
shape incorporating virtualization and
on demand deployment and internet
delivery of services.
Cloud is a pool of virtualized computer
resources networked, which can:

Host a variety of workloads.
Batch-style back-end jobs.
Interactive user-facing applications.
Workloads can be deployed and scaled out
quickly through the rapid provisioning of virtual
machines or physical machines.
Support redundant, self recovering, highly
scalable programming models that allow
workloads to recover from many unavoidable
hardware / software failures.
Monitor resource use in real time to enable
rebalancing of allocations when needed.
Introduction
Conventional
Manually Provisioned
Dedicated Hardware
Fixed Capacity
Pay for Capacity
Capital & Operational
Expenses

Cloud
Self-provisioned
Shared Hardware
Elastic Capacity
Pay for Use
Operational
Expenses`
Conventional Computing
vs.
Cloud Computing
Five Key Cloud Attributes:

1. Shared / pooled resources
2. Broad network access
3. On-demand self-service
4. Scalable and elastic
5. Metered by use
Shared / Pooled Resources:

Resources are drawn from a common pool
Common resources build economies of scale
Common infrastructure runs at high efficiency
Broad Network Access:

Open standards and APIs
Almost always IP, HTTP, and REST
Available from anywhere with an internet
connection
On-Demand Self-Service:

Completely automated
Users abstracted from the implementation
Near real-time delivery (seconds or minutes)
Services accessed through a self-serve
web interface

Scalable and Elastic:

Resources dynamically-allocated between
users
Additional resources dynamically-released
when needed
Fully automated
Metered by Use:

Services are metered, like a utility
Users pay only for services used
Services can be cancelled at any time
Architecture Overview
Architectural Layers of Cloud Computing
In the cloud computing stack, there are three
basic layers
that together create cloud environment. They
are:

1.Infrastructure as a Service(IaaS)
2.Platform as a Service (PaaS)
3.Software as a Service (SaaS)
SaaS
PaaS
IaaS
SaaS
PaaS
IaaS
Amazon Google Microsoft Salesforce
Service Delivery Model Examples
Products and companies shown for illustrative purposes only and
should not be construed as an endorsement
Framework of cloud computing
Virtualized resources
Computer Networking
Storage
Image Metadata
Image
Virtualized images
Software kernel (OS. VM Manager)
Hardware
Application
Platform
Infrastructure
Basic middleware
(database services , application server )
Developments tools
Services and built in functionality
Virtual infrastructure management and
Cloud Computing
For building the cloud environment a variety of
requirements must be met to provide a uniform
and homogeneous view of the virtualized
resources.

Virtual Infrastructure Management is the key
component to build the cloud environment which
does the dynamic orchestration of virtual
machines on a pool of physical resources.
Virtual infrastructure management provide
primitives to schedule and manage VMs across
multiple physical hosts.

Cloud management provide remote and
secure interface for creating controlling and
monitoring virtualized resources on IaaS.
Virtual infrastructure management
and Cloud Computing
View of Cloud Deployment
Cloud
Application

Client
Infrastructure
Application
PaaS
V
i
r
t
u
a
l
i
z
e
d


A
p
p
l
i
c
a
t
i
o
n

Platform
Service
IaaS
Infrastructure
Storage
SaaS
Software as a Service
It is a Deployment/Delivery model
Hosted and managed by vendor
Delivered across the internet

It is a Business Model : usage-based
pricing(vs. perpetual license model of on
premise software).Examples:
Per user per month
Per transaction
Per GB of storage per month


Software as a Service
Architectural
Multi-tenancy
Scalability
Security
Performance
Functional
Provisioning
Billing
Metering
Monitoring
MULTI-TENANCY
Multi-tenancy is an architectural pattern
A single instance of the software is run on the
service providers infrastructure
Multiple tenants access the same instance.
In contrast to the multi-user model, multi-
tenancy requires customizing the single
instance according to the multi-faceted
requirements of many tenants.
A Multi-tenants application lets customers (tenants)
share the same hardware resources, by offering them
one shared application and database instance ,while
allowing them to configure the application to fit there
needs as if it runs on dedicated environment.

These definition focus on what we believe to be the
key aspects of multi tenancy:
1.The ability of the application to share hardware
resources.
2.The offering of a high degree of configurability of
the software.
3.The architectural approach in which the tenants
make use of a single application and database
instance.
Multi-tenants Deployment Modes
for Application Server
Tenant A
Fully isolated Application server
Each tenant accesses an application
server running on a dedicated
servers.
Virtualized Application Server
Each tenant accesses a dedicated
application running on a separate
virtual machine.
Shared Virtual Server
Each tenant accesses a dedicated
application server running on a
shared virtual machine.
Shared Application Server
The tenant shared the application
server and access application
resources through separate session
or threads.
Tenant B
Application
Server
Application
server
Virtual
machine
Virtual
machine
Application
server
Tenant A
Tenant B
Virtual
machine
Tenant A
Tenant B
Session thread
Session Thread
Application
Server
Tenant A
Tenant B
Application
server
Multi-tenants Deployment Modes in Data Centers
Fully isolated data center
The tenants do not share any
data center resources

Virtualized servers
The tenants share the same
host but access different
databases running on
separate virtual machines
Shared Server
The tenants share the same
server (Hostname or IP) but
access different databases
Shared Database
The tenants share the same
server and database (shared
or different ports) but access
different schema(tables)
Shared Schema
The tenants share the same
server, database and schema
(tables). The irrespective data
is segregated by key and
rows.





Tenant A
Tenant B




Tenant A
Tenant B




Tenant A
Tenant B
Virtual
Machine
Database
Virtual
Machine
Database




Tenant A
Tenant B




Tenant A
Tenant B
Conceptual framework of Software as a Service
Presentation
Menu and
Navigation
User
Controls
Display and
Rendering
Reporting
Security
Identity and
federation
Authentication and
Single Sign on
Authorization and
Role-based
Access Control
Entitlement
Encryption
Regularity
Controls
Operation
Monitoring and
Altering
Backup and Restore
Provisioning
Configuration and
Customization
Performance and
Availability
Metering and
Indicators
Infrastructure
Database Storage Computer

Networking and
Communication
s
Application
Engine
User Profile
Notification
and
Subscription
Metadata
Execution
Engine
Metadata
Services
Messaging
Workflow
Execution
Handling
Orchestration
Data
Synchronization
Migrating to Cloud Environment
The Software can be redeployed in cloud
environment as Software as a Service
(SaaS). The main sections of the
software can be mapped to the SaaS
architecture.
Payroll Processing in Cloud Computing
Many State Government departments are
utilizing standardized set up of payroll
packages which are deployed at user locations
and it is amounting huge investment on
procurement of hardware and software and
maintenance for various locations of the
organization.
Payroll Software Installed at more
than 300 locations
User Software Module
Standalone Loaded on PC
Drawbacks
Drawbacks :

Software Maintenance problems.
Individual Hardware is required.
Often Data Loss occurs.
Migrating the payroll package, to cloud
environment can be worked out without
changing business logic.
IN CLOUD
User-1
Software
Module
User-2
User-3
Single Instance
Multi-tenancy
Architectural Overview for Multi-tenancy
Client
Authentication
Authentication
Module
Ticket Server
Session Ticket
Tenant Token
+ Create Ticket()
Tenant
Auth
Data
Tenant
Config
Data
Layout Component
Configuration Component
File I/O Component
Workflow Component
Database
Query Adjuster Load Balancer Record Initializer
Database Pool
Data Data Data
Single-tenant
business logic
Q
u
e
r
y

D
a
t
a

Create Ticket()
H
T
T
P

R
e
q
u
e
s
t

Configuration
Provisioning for new tenants
For Separate server model new machine is to
be installed.
For separate database model create a database
start it on a server.
For separate schema and shared schema
models
scripts / stored procedure could create new
schema in one of the existing databases.
Background of the Application


The existing application, which is implemented in state
government departments, is having the following main
sections:

Data admin
Master data entry
Month process
Token no. entry
Reports
Back up to system

The existing package is deployed in the user premises
and found difficult in regular software maintenance
and overhead costs for the infrastructure
requirements.



The application is ideally suited to deploy in cloud environment
with following features:

The application can be taken up as a single instance and multi-
tenant model

Configurability option in the software is required to be
provided.
Configurability in SaaS enables the flexibility to access the
software by many tenants with the option of configuring each
tenant for their application needs.

The software will have configurability for the following :

1.User interface.
2.Workflow.
3.Data.
4.Access control.

User requirements / Use cases Type of environment in cloud Impact
Payroll processing IaaS (VM)
Cloud storage and
SaaS
1. Processing time will be reduced.
2. Hardware requirements will be
reduced.
3. Number of users can be
increased with scalability.
4. Maintenance cost will be
reduced.
Project Management PaaS and Cloud storage 1. Processing time can be reduced.
2. Project execution time and cost
can be reduced.
3. Efficient way of utilization of skill
sets and manpower can be
attained.
e-Governance & Office automation IaaS
Cloud storage
SaaS
1. Hardware cost can be reduced.
2. CPU processing time can be
reduced.
3. Accountability can be
maintained.
4. Maintainance cost can be
reduced.
5. Reduces energy consumption.
e-Learning Cloud storage
IaaS
PaaS
SaaS
1. Hardware cost can be reduced.
2. CPU processing time can be
reduced.
3. Accountability can be
maintained.
4. Maintainance cost can be
reduced.
SaaS Applications
SOA and Cloud Computing
In cloud environment we adopt the bundling of resources
into layers of
Saas
Paas
Iaas
And furthur add a layer for business process management
with the concept of service oriented architecture(SOA).
SOA is a base for furthur building of cloud environment for
composite application with work flow concepts.
What is Cloud Computing
Providing
IT
resources
as a
Service
Defining the Cloud
On demand usage of compute and storage
5 principal characteristics (abstraction, sharing, SOA,
elasticity, consumption/allocation)
3 delivery models
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)
4 deployment models: Public, Private, Hybrid,
Community
S-P-I Model
IaaS
Infrastructure as a Service
You build
security in
You RFP
security in
PaaS
Platform as a Service
SaaS
Software as a
Service
SaaS - Software as a Service

What is SaaS

The sole requirement for SaaS is a computer with a browser, quite basic.
SaaS is a recurring subscription based model delivered to the customer on
demand Pay as you use.
SaaS - Software as a Service
PaaS - Platform as a Service
What is PaaS

The PaaS provider will deliver the platform on the web, and in most cases
you can consume the platform using your browser. There is no need to
download any software
This middle layer of cloud is consumed mainly by developers or tech
savvy individuals.


PaaS - Platform as a Service
A PaaS typically includes the development environment, programming
languages, compilers, testing tools and deployment mechanism.

In some cases, like Google Apps Engine (GAE), the developers may
download development environment and use them locally in the
developers infrastructure, or the developer may access tools in the
providers infrastructure through a browser.
IaaS - Infrastructure as a
Service
What is IaaS

The System Administrators are the subscriber of this service.

Usage fees are calculated per CPU hour, data GB stored per hour,
network bandwidth consumed, network infrastructure used per hour,
value added services used, e.g., monitoring, auto-scaling etc.
IaaS - Infrastructure as a
Service
In Simple..........
Service Models
Host
Build
Consume
Deployment Models
Virtualization is a modernization catalyst and unlocks cloud computing.
Gartner
Private Cloud
Public Cloud
Hybrid Cloud
1. Web-scale problems
2. Large data centers
3. Different models of computing
4. Highly-interactive Web applications

What is Cloud Computing?
Characteristics:
Definitely data-intensive
May also be processing intensive
Examples:
Crawling, indexing, searching, mining the Web
Post-genomics life sciences research
Other scientific data (physics, astronomers, etc.)
Sensor networks
Web 2.0 applications


1. Web-Scale Problems
Wayback Machine has 2 PB + 20 TB/month (2006)
Google processes 20 PB a day (2008)
all words ever spoken by human beings ~ 5 EB
NOAA has ~1 PB climate data (2007)
CERNs LHC will generate 15 PB a year (2008)

How much data?
640K ought to be
enough for anybody.
Maximilien Brice, CERN
Maximilien Brice, CERN
s/inspiration/data/g;
Theres nothing like more data!
(Banko and Brill, ACL 2001)
(Brants et al., EMNLP 2007)
Answering factoid questions
Pattern matching on the Web
Works amazingly well

Learning relations
Start with seed instances
Search for patterns on the Web
Using patterns to find more instances
What to do with more data?
Who shot Abraham Lincoln? X shot Abraham Lincoln
Birthday-of(Mozart, 1756)
Birthday-of(Einstein, 1879)
Wolfgang Amadeus Mozart (1756 - 1791)
Einstein was born in 1879
PERSON (DATE
PERSON was born in DATE
(Brill et al., TREC 2001; Lin, ACM TOIS 2007)
(Agichtein and Gravano, DL 2000; Ravichandran and Hovy, ACL 2002; )
Web-scale problems? Throw more machines at it!
Clear trend: centralization of computing resources in large
data centers
Necessary ingredients: fiber, juice, and space
What do Oregon, Iceland, and abandoned mines have in
common?
Important Issues:
Redundancy
Efficiency
Utilization
Management
2. Large Data Centers
Source: Harpers (Feb, 2008)
Maximilien Brice, CERN
Key Technology: Virtualization
Hardware
Operating System
App App App
Traditional Stack
Hardware
OS
App App App
Hypervisor
OS OS
Virtualized Stack

Utility computing
Why buy machines when you can rent cycles?
Examples: Amazons EC2, GoGrid, AppNexus
Platform as a Service (PaaS)
Give me nice API and take care of the implementation
Example: Google App Engine
Software as a Service (SaaS)
Just run it for me!
Example: Gmail
3. Different Computing Models
Why do it yourself if you can pay someone to do it for you?
A mistake on top of a hack built on sand held together by
duct tape?
What is the nature of software applications?
From the desktop to the browser
SaaS == Web-based applications
Examples: Google Maps, Facebook
How do we deliver highly-interactive Web-based
applications?
AJAX (asynchronous JavaScript and XML)
For better, or for worse
4. Web Applications
MapReduce: the back-end of cloud computing
Batch-oriented processing of large datasets
Ajax: the front-end of cloud computing
Highly-interactive Web-based applications
Computing in the clouds
Amazons EC2/S3 as an example of utility computing
What is the course about?
Elastic Compute Cloud (EC2)
Rent computing resources by the hour
Basic unit of accounting = instance-hour
Additional costs for bandwidth
Simple Storage Service (S3)
Persistent storage
Charge by the GB/month
Additional costs for bandwidth
Youll be using EC2/S3 for course assignments!
Amazon Web Services
Dont hold your breath:
Biocomputing
Nanocomputing
Quantum computing

It all boils down to
Divide-and-conquer
Throwing more hardware at the problem


Web-Scale Problems?
Simple to understand a lifetime to master
Divide and Conquer
Work
w
1
w
2
w
3
r
1
r
2
r
3
Result
worker worker worker
Partition
Combine
Different threads in the same core
Different cores in the same CPU
Different CPUs in a multi-processor system
Different machines in a distributed system
Different Workers
Commodity vs. exotic hardware
Number of machines vs. processor vs. cores
Bandwidth of memory vs. disk vs. network
Different programming models

Choices, Choices, Choices
Flynns Taxonomy
Instructions
Single (SI) Multiple (MI)
D
a
t
a

M
u
l
t
i
p
l
e

(
M
D
)

SISD
Single-threaded
process
MISD
Pipeline
architecture
SIMD
Vector Processing
MIMD
Multi-threaded
Programming
S
i
n
g
l
e

(
S
D
)

SISD
D

D

D

D

D

D

D

Processor
Instructions
SIMD
D
0
Processor
Instructions
D
0
D
0
D
0
D
0
D
0
D
1
D
2
D
3
D
4

D
n
D
1
D
2
D
3
D
4

D
n
D
1
D
2
D
3
D
4

D
n
D
1
D
2
D
3
D
4

D
n
D
1
D
2
D
3
D
4

D
n
D
1
D
2
D
3
D
4

D
n
D
1
D
2
D
3
D
4

D
n
D
0
MIMD
D

D

D

D

D

D

D

Processor
Instructions
D

D

D

D

D

D

D

Processor
Instructions
Memory Typology: Shared
Memory

Processor
Processor Processor
Processor
Memory Typology: Distributed
Memory

Processor Memory

Processor
Memory

Processor Memory

Processor
Network
Memory Typology: Hybrid
Memory

Processor
Network
Processor
Memory

Processor
Processor
Memory

Processor
Processor
Memory

Processor
Processor
How do we assign work units to workers?
What if we have more work units than workers?
What if workers need to share partial results?
How do we aggregate partial results?
How do we know all the workers have finished?
What if workers die?
Parallelization Problems
What is the common theme of all of these problems?
Parallelization problems arise from:
Communication between workers
Access to shared resources (e.g., data)
Thus, we need a synchronization system!
This is tricky:
Finding bugs is hard
Solving bugs is even harder
General Theme?
Difficult because
(Often) dont know the order in which workers run
(Often) dont know where the workers are running
(Often) dont know when workers interrupt each other
Thus, we need:
Semaphores (lock, unlock)
Conditional variables (wait, notify, broadcast)
Barriers
Still, lots of problems:
Deadlock, livelock, race conditions, ...
Moral of the story: be careful!
Even trickier if the workers are on different machines
Managing Multiple Workers
Parallel computing has been around for decades
Here are some design patterns
Patterns for Parallelism
Master/Slaves
slaves
master
Producer/Consumer Flow
C P
P
P
C
C
C P
P
P
C
C
Work Queues
C P
P
P
C
C
shared queue
W W W W W
Top Threats to Cloud Computing
Threat #1: Abuse and Nefarious Use of Cloud Computing
Threat #2: Insecure Interfaces and APIs
Threat #3: Malicious Insiders
Threat #4: Shared Technology Issues
Threat #5: Data Loss or Leakage
Threat #6: Account or Service Hijacking
Threat #7: Unknown Risk Profile
Top Threats to Cloud Computing
Threat #1: Abuse and Nefarious Use of Cloud Computing
(IaaS,PaaS)
The easiness of registering for IaaS solutions and the
relative anonymity they offer attracts many a cyber
criminal. IaaS offerings have been known to host botnets
and/or their command and control centers, downloads for
exploits, Trojans, etc. There is a myriad of ways in which
in-the-cloud capabilities can be misused - possible future
uses include launching dynamic attack points, CAPTCHA
solving farms, password and key cracking and more. To
remediate this, IaaS providers should toughen up the
weakest links: the registration process and the monitoring
of customer network traffic.
140
Top Threats to Cloud Computing
Threat #2: Insecure Interfaces and APIs(IaaS,PaaS,SaaS)

Cloud Computing providers expose a set of software interfaces
or APIs that customers use to manage and interact with cloud
services. Provisioning, management, orchestration, and
monitoring are all performed using these interfaces. The
security and availability of general cloud services is dependent
upon the security of these basic APIs. From authentication and
access control to encryption and activity monitoring, these
interfaces must be designed to protect against both accidental
and malicious attempts to circumvent policy. Furthermore,
organizations and third parties often build upon these interfaces
to offer value-added services to their customers. This
introduces the complexity of the new layered API; it also
increases risk, as organizations may be required to relinquish
their credentials to third parties in order to enable their agency
141
Top Threats to Cloud Computing
Threat #3: Malicious Insiders(IaaS,PaaS,SaaS)

The threat of a malicious insider is well-known to most
organizations. This threat is amplified for consumers of cloud
services by the convergence of IT services and customers
under a single management domain, combined with a general
lack of transparency into provider process and procedure. For
example, a provider may not reveal how it grants employees
access to physical and virtual assets, how it monitors these
employees, or how it analyzes and reports on policy
compliance.To complicate matters, there is often little or no
visibility into the hiring standards and practices for cloud
employees. This kind of situation clearly creates an attractive
opportunity for an adversary ranging from the hobbyist
hacker, to organized crime, to corporate espionage, or even
nation-state sponsored intrusion.
142
Top Threats to Cloud Computing
Threat #4: Shared Technology Issues(IaaS)
IaaS vendors deliver their services in a scalable way by sharing
infrastructure. Often, the underlying components that make up
this infrastructure (e.g., CPU caches, GPUs, etc.) were not
designed to offer strong isolation properties for a multi-tenant
architecture. To address this gap, a virtualization hypervisor
mediates access between guest operating systems and the
physical compute resources. Still, even hypervisors have
exhibited flaws that have enabled guest operating systems to
gain inappropriate levels of control or influence on the
underlying platform. A defence in depth strategy is
recommended, and should include compute, storage, and
network security enforcement and monitoring. Strong
compartmentalization should be employed to ensure that
individual customers do not impact the operations of other
tenants running on the same cloud provider. Customers should
not have access to any other tenants actual or residual data,
network traffic, etc.

143
Top Threats to Cloud Computing
Threat #5: Data Loss or Leakage(IaaS,PaaS,SaaS)

There are many ways to compromise data. Deletion or
alteration of records without a backup of the original
content is an obvious example. Unlinking a record from a
larger context may render it unrecoverable, as can storage
on unreliable media. Loss of an encoding key may result
in effective destruction. Finally, unauthorized parties must
be prevented from gaining access to sensitive data.The
threat of data compromise increases in the cloud, due to
the number of and interactions between risks and
challenges which are either unique to cloud, or more
dangerous because of the architecturalor operational
characteristics of the cloud environment

144
Top Threats to Cloud Computing
Threat #6: Account or Service Hijacking(IaaS,PaaS,SaaS)

Account or service hijacking is not new. Attack methods
such as phishing, fraud, and exploitation of software
vulnerabilities still achieve results. Credentials and
passwords are often reused, which mplifies the impact of
such attacks. Cloud solutions add a new threat to the
landscape. If an attacker gains access to your credentials,
they can eavesdrop on your activities and transactions,
manipulate data, return falsified information, and redirect
your clients to illegitimate sites. Your account or service
instances may become a new base for the attacker. From
here, they may leverage the power of your reputation to
launch subsequent attacks.

145
Top Threats to Cloud Computing
Threat #7: Unknown Risk Profile(IaaS,PaaS,SaaS)
One of the tenets of Cloud Computing is the reduction of
hardware and software ownership and maintenance to allow
companies to focus on their core business strengths. This has
clear financial and operational benefits, which must be weighed
carefully against the contradictory security concerns
complicated by the fact that cloud deployments are driven by
anticipated benefits, by groups who may lose track of the
security ramifications. Versions of software, code updates,
security practices, vulnerability profiles, intrusion attempts, and
security design, are all important factors for estimating your
companys security posture. Information about who is sharing
your infrastructure may be pertinent, in addition to network
intrusion logs, redirection attempts and/or successes, and other
logs.Security by obscurity may be low effort, but it can result in
unknown exposures. It may also impair the in-depth analysis
required highly controlled or regulated operational areas

146
Why the Cloud?
Can be less expensive compared to buying software and
hardware
Can be used from any computer or device with an Internet
connection
The device does not need as large of an internal storage
system
Compatible with most computers and operating systems
Updates occur across the service



advantages
Security Issues
Terms of Service
Privacy Policies

Disadvantages
Cloud Security


A Comprehensive Overview of
Secure Cloud Computing
Outline

What is Cloud Computing
Cloud Computing Infrastructure Security
Cloud Storage and Data Security
Identity Management in the Cloud
Security Management in the Cloud
Privacy
Audit and Compliance
Cloud Service Providers
Security as a Service
Impact of Cloud Computing
Directions

What is Cloud Computing?

Definition
SPI Framework
Traditional Software Model
Cloud Services Delivery Model
Deployment Model
Key Drivers
Impact
Governance
Barriers

Definition of Cloud Computing

Multitenancy - shared resources
Massive scalability
Elasticity
Pay as you go
Self provisioning of resources
SPI Framework

Software as a Service (SAAS), Platform as a Service
(PaaS), Infrastructure as a Service (IaaS)
Several Technologies work together
Cloud access devices
Browsers and thin clients
High speed broad band access
Data centers and Server farms
Storage devices
Virtualization technologies
APIs


Traditional Software Model

Large upfront licensing costs
Annual support costs
Depends on number of users
Not based on usage
Organization is responsible for hardware
Security is a consideration
Customized applications
Cloud Services Delivery Model

SaaS
Rents software on a subscription basis
Service includes software, hardware and support
Users access the service through authorized device
Suitable for a company to outsource hosting of apps
PaaS
Vendor offers development environment to application
developers
Provide develops toolkits, building blocks, payment hooks
IaaS
Processing power and storage service
Hypervisor is at this level
Deployment Models

Public Clouds
Hosted, operated and managed by third party vendor
Security and day to day management by the vendor
Private Clouds
Networks, infrastructures, data centers owned by the
organization
Hybrid Clouds
Sensitive applications in a private cloud and non sensitive
applications in a public cloud

Key Drivers

Small investment and low ongoing costs
Economies of scale
Open standards
Sustainability
Impact

How are the following communities Impacted by the
Cloud?
Individual Customers
Individual Businesses
Start-ups
Small and Medium sized businesses
Large businesses
Governance

Five layers of governance for IT are Network, Storage
Server, Services and Apps
For on premise hosting, organization has control over
Storage, Server, Services and Apps; Vendor and
organization have share control over networks
For SaaS model all layers are controlled by the vendor
For the IaaS model, Apps are controlled by the
organization, Services controlled by both while the
network, storage and server controlled by the vendor
For PaaS, Apps and Services are controlled by both
while servers, storage and network controlled by the
vendor
Barriers

Security
Privacy
Connectivity and Open access
Reliability
Interoperability
Independence from CSP (cloud service provider)
Economic value
IR governance
Changes in IT organization
Political issues
Cloud Computing Infrastructure
Security

Infrastructure Security at the Network Level
Infrastructure Security at the Host Level
Infrastructure Security at the Application Level
Note: We will examine IaaS, PaaS and SaaS Security
issues at Network, Host and Application Levels


Security at the Network Level

Ensuring data confidentiality and integrity of the
organizations data in transit to and from the public cloud
provider
Ensuring proper access control (Authentication,
Authorization, Auditing) to resources in the public cloud
Ensuring availability of the Internet facing resources of
the public cloud used by the organization
Replacing the established network zones and tiers with
domains
How can you mitigate the risk factors?
Security at the Host Level

Host security at PaaS and SaaS Level
Both the PaaS and SaaS hide the host operating system from
end users
Host security responsibilities in SaaS and PaaS are transferred
to CSP
Host security at IaaS Level
Virtualization software security
Hypervisor security
Threats: Blue Pill attack on the hypervisor
Customer guest OS or virtual server security
Attacks to the guest OS: e.g., stealing keys used
to access and manage the hosts

Security at the Application Level

Usually its the responsibility of both the CSP and the
customer
Application security at the SaaS level
SaaS Providers are responsible for providing application
security
Application security at the PaaS level
Security of the PaaS Platform
Security of the customer applications deployed on a PaaS
platform
Application security at the IaaS Level
Customer applications treated a black box
IaaS is not responsible for application level security

Cloud Storage and Data Security

Aspects of Data Security
Data Security Mitigation
Provider Data and its Security

Aspects of Data Security

Security for
Data in transit
Data at rest
Processing of data including multitenancy
Data Lineage
Data Provenance
Data remnance
Solutions include encryption, identity management,
sanitation



Data Security Mitigation

Even through data in transit is encrypted, use of the
data in the cloud will require decryption.
That is, cloud will have unencrypted data
Mitigation
Sensitive data cannot be stored in a public cloud
Homomorphic encryption may be a solution in the future

Provider Data and its Security

What data does the provider collect e.g., metadata,
and how can this data be secured?
Data security issues
Access control, Key management for encrypting
Confidentiality, Integrity and Availability are objectives of
data security in the cloud

Identity and Access Management
(IAM) in the Cloud
Trust boundaries and IAM
Why IAM?
IAM challenges
IAM definitions
IAM architecture and practice
Getting ready for the cloud
Relevant IAM standards and protocols for cloud services
IAM practices in the cloud
Cloud authorization management
Cloud Service provider IAM practice
Trust Boundaries and IAM
In a traditional environment, trust boundary is within the control
of the organization
This includes the governance of the networks, servers,
services, and applications
In a cloud environment, the trust boundary is dynamic and
moves within the control of the service provider as well ass
organizations
Identity federation is an emerging industry best practice for
dealing with dynamic and loosely coupled trust relationships in
the collaboration model of an organization
Core of the architecture is the directory service which is the
repository for the identity, credentials and user attributes
Why IAM

Improves operational efficiency and regulatory
compliance management
IAM enables organizations to achieve access cont6rol
and operational security
Cloud use cases that need IAM
Organization employees accessing SaaS se4rvidce using
identity federation
IT admin access CSP management console to provision
resources and access foe users using a corporate identity
Developers creating accounts for partner users in PaaS
End uses access storage service in a cloud
Applications residing in a cloud serviced provider access
storage from another cloud service

IAM Challenges

Provisioning resources to users rapidly to accommodate
their changing roles
Handle turnover in an organization
Disparate dictionaries, identities, access rights
Need standards and protocols that address the IAM
challenges
IAM Definitions

Authentication
Verifying the identity of a user, system or service
Authorization
Privileges that a user or system or service has after being
authenticated (e.g., access control)
Auditing
Exam what the user, system or service has carried out
Check for compliance
IAM Practice
IAM process consists of the following:
User management (for managing identity life cycles),
Authentication management,
Authorization management,
Access management,
Data management and provisioning,
Monitoring and auditing
Provisioning,
Credential and attribute management,
Entitlement management,
Compliance management,
Identity federation management,
Centralization of authentication and authorization,
Getting Ready for the Cloud

Organization using a cloud must plan for user account
provisioning
How can a user be authenticated in a cloud
Organization can use cloud based solutions from a
vendor for IAM (e.g., Symplified)
Identity Management as a Service
Industry standards for federated identity management
SAML, WS-Federation, Liberty Alliance
Relevant IAM Standards, Protocols for
Cloud

IAM Standards and Specifications for Organizations
SAML
SPML
XACML
OAuth (Open Authentication) cloud service X accessing data
in cloud service Y without disclosing credentials
IAM Standards and Specifications for Consumers
OpenID
Information Cards
Open Authenticate (OATH)
Open Authentication API (OpenAuth)

IAM Practices in the Cloud

Cloud Identity Administration
Life cycle management of user identities in the cloud
Federated Identity (SSO)
Enterprise an enterprise Identity provider within an Organization
perimeter
Cloud-based Identity provider
Cloud Authorization Management

XACML is the preferred model for authorization
RBAC is being explored
Dual roles: Administrator and User
IAM support for compliance management
Cloud Service Provider and IAM
Practice

What is the responsibility of the CSP and the
responsibility of the organization/enterprise?
Enterprise IAM requirements
Provisioning of cloud service accounts to users
Provisioning of cloud services for service to service integration
SSO support for users based on federation standards
Support for international and regulatory policy requirements
User activity monitoring
How can enterprises expand their IAM requirements to
SaaS, PaaS and IaaS
Security Management in the Cloud

Security Management Standards
Security Management in the Cloud
Availability Management
Access Control
Security Vulnerability, Patch and Configuration
Management

Security Management Standards

Security Manage3ment has to be carried out in the
cloud
Standards include ITIL (Information Technology
Infrastructure Library) and ISO 27001/27002
What are the policies, procedures, processes and work
instruction for managing security
Security Management in the Cloud

Availability Management (ITIL)
Access Control (ISIO, ITIL)
Vulnerability Management (ISO, IEC)
Patch Management (ITIL)
Configuration Management (ITIL)
Incident Response (ISO/IEC)
System use and Access Monitoring
Availability Management

SaaS availability
Customer responsibility: Customer must understand SLA and
communication methods
SaaS health monitoring
PaaS availability
Customer responsibility
PaaS health monitoring
IaaS availability
Customer responsibility
IaaS health monitoring
Access Control Management in the
Cloud

Who should have access and why
How is a resources accessed
How is the access monitored
Impact of access control of SaaS, PaaS and IaaS
Security Vulnerability, Patch and
Configuration (VPC) Management

How can security vulnerability, patch and configuration
management for an organization be extended to a cloud
environment
What is the impact of VPS on SaaS, PaaS and IaaS
Privacy

Privacy and Data Life Cycle
Key Privacy Concerns in the Cloud
Who is Responsible for Privacy
Privacy Risk Management and Compliance ion the
Cloud
Legal and Regulatory Requirements
Privacy and Data Life Cycle

Privacy: Accountability of organizations to data subjects
as well as the transparency to an organizations practice
around personal information
Data Life Cycle
Generation, Use, Transfer, Transformation, Storage, Archival,
Destruction
Need policies
Privacy Concerns in the Cloud

Access
Compliance
Storage
Retention
Destruction
Audit and Monitoring
Privacy Breaches

Who is Responsible for Privacy

Organization that collected the information in the first
place the owner organization
What is the role of the CSP?
Organizations can transfer liability but not accountability
Risk assessment and mitigation throughout the data
lifecycle
Knowledge about legal obligations
Privacy Risk Management and
Compliance

Collection Limitation Principle
Use Limitation Principle
Security Principle
Retention and Destruction Principle
Transfer Principle
Accountab9lity Principle
Legal and Regulatory Requirements

US Regulations
Federal Rules of Civil Procedure
US Patriot Act
Electronic Communications Privacy Act
FISMA
GLBA
HIPAA
HITECH Act
International regulations
EU Directive
APEC Privacy Framework
Audit and Compliance

Internal Policy Compliance
Governance, Risk and Compliance (GRC)
Control Objectives
Regulatory/External Compliance
Cloud Security Alliance
Auditing for Compliance
Audit and Compliance

Defines Strategy
Define Requirements (provide services to clients)
Defines Architecture (that is architect and structure
services to meet requirements)
Define Policies
Defines process and procedures
Ongoing operations
Ongoing monitoring
Continuous improvement

Governance, Risk and Compliance

Risk assessment
Key controls (to address the risks and compliance
requirements)
Monitoring
Reporting
Continuous improvement
Risk assessment new IT projects and systems

Control Objectives
Security Policy
Organization of information security
Asset management
Human resources security
Physical and environmental security
Communications and operations management
Access control
Information systems acquisition, development and
maintenance
Information Security incident management
Compliance
Key Management
Regulatory/External Compliance

Sarbanes-Oxley Act
PCI DSS
HIPAA
COBIT
What is the impact of Cloud computing on the above
regulations?
Cloud Security Alliance (CSA)

Create and apply best practices to securing the cloud
Objectives include
Promote common level of understanding between consumers
and providers
Promote independent research into best practices
Launch awareness and educational programs
Create consensus
White Paper produced by CSA consist of 15 domains
Architecture, Risk management, Legal, Lifecycle management,
applications security, storage, virtualization, - - - -
Auditing for Compliance

Internal and External Audits
Audit Framework
SAS 70
SysTrust
WebTrust
ISO 27001 certification
Relevance to Cloud
Cloud Service Providers

Amazon Web Services (IaaS)
Google (SaaS, PaaS)
Microsoft Azure (SaaS, IaaS)
Proofpoint (SaaS, IaaS)
RightScale (SaaS)
Slaeforce.com (SaaS, PaaS)
Sun Open Cloud Platform
Workday (SaaS)


Security as a Service

Email Filtering
Web Content Filtering
Vulnerability Management
Identity Management
Impact of Cloud Computing

Benefits
Low cost solution
Responsiveness flexibility
IT Expense marches Transaction volume
Business users are in direct control of technology decisions
Line between home computing applications and enterprise
applications will blur
Threats
Vested interest of cloud providers
Less control over the use of technologies
Perceived risk of using cloud computing
Portability and Lock-in to Proprietary systems for CSPs
Lack of integration and componentization

Directions

Analysts predict that cloud computing will be a huge
growth area
Cloud growth will be much higher than traditional IT
growth
Will likely revolutionize IT
Need to examine how traditional solutions for IAM,
Governance, Risk Assessment etc will work for Cloud
Technologies will be enhanced (IaaS, PaaS, SaaS)
Security will continue o be a major concern


The iSchool
University of Maryland
Queries?..

Any Queries feel free to mail me:
nelcynth@gmail.com
Or ring me @ 9443152137