Cloud Computing

Definition
Cloud computing is a pay-per-use model for enabling
available, convenient, on-demand network access to a
shared pool of configurable computing resources (e.g.,
networks, servers, storage, applications, services) that
can be rapidly provisioned and released with minimal
management effort or service provider interaction. This
cloud model promotes availability.

What is cloud computing?

I dont understand what we would do differently in

the light of Cloud Computing other than change the
wordings of some of our ads
Larry Ellision, Oracles CEO

I have not heard two people say the same thing

about it [cloud]. There are multiple definitions out
there of the cloud
Andy Isherwood, HPs Vice President of European Software Sales

Its stupidity. Its worse than stupidity: its a

marketing hype campaign.
Richard Stallman, Free Software Foundation founder
3

Business attributes

Access resources from cloud of available computing

resources

Is always available and scales automatically to meet demand

Is pay per use: Based on resources consumed

Enables full customer self-service

Note: Can be provided by 3rd party (e.g. Amazon) or on own network for v.
large organisations (a.k.a private cloud)

Acquire resources on demand

Release resources when no longer needed

Turns capital investment/fixed cost into operating costs/variable costs

Reduced cost take advantage of economies of scale across users of cloud

Technology attributes

Access computing resources via Internet protocols from

any computer

Reduced system administration overhead: automated provisioning

Increased/matched reliability and security

Acquire resources on demand

Increased utilisation through sharing of resources through virtualisation

or multi-tenancy

To minimise the cost to the provider, clouds rely on a large number of

commodity processors. These are cheaper to purchase and consumer
less power per unit of processing when compared to high power
processors

No longer design deployment environment to meet maximum load

The NIST Cloud Definition Framework

Deployment
Models
Service
Models
Essential
Characteristics

Common
Characteristics

Hybrid
Clouds
Private
Cloud
Software as a
Service (SaaS)

Community
Cloud

Public
Cloud

Platform as a
Service (PaaS)

Infrastructure as
a Service (IaaS)

On Demand Self-Service
Broad Network Access

Rapid Elasticity

Resource Pooling

Measured Service

Massive Scale

Resilient Computing

Homogeneity
Virtualization

Geographic Distribution

Low Cost Software

Advanced Security

Service Orientation
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com

The NIST Cloud Definition Framework

OS Virtualisation leads directly to resilient computing,

rapid elasticity and advanced security

In case of VM based cloud, facilitates measured service as

hypervisor tracks usage

Multi-tenancy provides rapid elasticity

Essential
Characteristics

Common
Characteristics

On Demand Self-Service
Broad Network Access

Rapid Elasticity

Resource Pooling

Measured Service

Massive Scale

Resilient Computing

Homogeneity
Virtualization

Geographic Distribution

Low Cost Software

Advanced Security

Service Orientation
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com

The NIST Cloud Definition Framework

A number of other attributes rely on the scale of

investment undertaken by cloud providers

Early cloud promoters (e.g. Amazon & Google) had to build

massive scale for their main businesses

Use of open source software and commodity hardware

reduces overall cost to cloud provider

Essential
Characteristics

Common
Characteristics

On Demand Self-Service
Broad Network Access

Rapid Elasticity

Resource Pooling

Measured Service

Massive Scale

Resilient Computing

Homogeneity
Virtualization

Geographic Distribution

Low Cost Software

Advanced Security

Service Orientation
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com

4 Cloud Deployment Models

Private cloud

Cloud infrastructure is operated solely for an organization. It may

be managed by the organization or a third party and may exist on
premise or off premise
Typically only large organisations

Public cloud

Cloud infrastructure is made available to the 3rd parties but is

owned by an organization selling cloud services
Cloud services designed to be generic and suitable to all
customers
E.g. Amazon, Google, Microsoft, BM etc

4 Cloud Deployment Models

Community cloud

Cloud infrastructure is shared by several organizations and supports

a specific community that has shared concerns (e.g., mission,
security requirements, policy, and compliance considerations)
May be managed by the organizations or a third party and may exist
on premise or off premise

Hybrid cloud

composition of two or more clouds that remain unique and separate

entities but are bound together by standardized or proprietary
technology that enables data and application portability
Cloud bursting is the term used to describe the process where an
organisation extend from a private to public cloud

10

Client access architecture

Client access via browser of Web Services

Independent of type of cloud computing

Clients

Access via
Browser
Or
web-service
(SOAP or REST)

Platform

VM

App 1

App 1

App
server
DB

App Server
Database
OS
Server
Storage
Network

Or

OS
Network
Storage

11

Datastore as a service

Service model architecture

Platform As A Service (PaaS)

Infrastructure As A Service (IaaS)

Four main service model architectures

Software As A Service (SaaS)

Datastore as a service is not always included although currently

the most popular use of cloud

Significant differences in the technical and commercial

architectures

12

Datastore as a service

Service model architecture:

Datastorage as a servce

Platform As A Service (PaaS)

Infrastructure As A Service (IaaS)

Functional: Data storage interfaces can be used by any of the other

types or accessed directly

Software As A Service (SaaS)

Examples of direct usage: Amazons really simple storage

Commercial: Charged on basis of amount of storage used

13

Characteristics of cloud
datastore

Cloud based datastore is massively distributed and scalable

This implies that the chance of system failure across a large number
of nodes is high

Therefore, cloud datastore must cope with node failure

Cloud datastores are typically non-relational

Utilises large number of commodity servers (a.k.a. nodes)

Distribution across a large number of nodes not a good fit to the

relational model of databases. Relational databases support joins
which are hard to implement in a massively distributed way

To address requirement for relational database capabilities

Either provide relational interfaces to non-relational infrastructure

Allow relational databases to run on a small number of nodes as part of14
the virtualisation

Characteristics of cloud
datastore

Cloud datastores are optimised for large scale data search

E.g. Googles MapReduce (and hadoop an open source

implementation) which divide the processing into multiple blocks (Map)
and then process each block on one or more nodes (reduce)

Cloud datastores are also appropriate to business intelligence

applications which require column based processing

E.g. Summing sales in a particular region

In contrast, relational databases are efficient for record/row level
read/write

15

Datastore as a service

Service model architecture:

IaaS

Platform As A Service (PaaS)

Infrastructure As A Service (IaaS)

Functional: Virtual server instances available for provisioning

Software As A Service (SaaS)

Examples: Amazons EC2,

Commercial: Charged on basis of number /scale of instances as

well as usage profile

16

Example: Amazon EC2

Amazon provides a range of

general purpose support
services accessible via VMs
Examples of these services
include

Simple Queue Service: Limited

messaging system for
communications between VMs
S3: Cloud storage service

17

Example: Amazon EC2

Other examples of these services (cont)

SimpleDB: Non-relational database

Elastic MapReduce: large scale search and text processing
infrastructure
Flexible payment service: enabling website payments
Mechanical Turk: outsourcing marketplace

18

Amazon EC2 options and

pricing
Aws.amazon.com/ec2

19

Datastore as a service

Service model architecture:

PaaS

Platform As A Service (PaaS)

Infrastructure As A Service (IaaS)

Functional: Application development and deployment environment

Software As A Service (SaaS)

Provides programming APIs as well as underlying infrastructure

Commercial: Metering and billing based on application usage

typically CPU consumption/datastore consumption
20

Example: Google AppEngine

Platform uses multiple tenancy on the

single infrastructure

Provides general purpose support

services

Benefit of charging only on usage and not on

number of instance (as with IaaS)

Includes infrastructure services such as

database
Also includes application level interfaces such
as video conferencing

Provides both server and client side APIs

to develop Google AppEngine applications

Provides a platform which is proprietary

21

Example: Microsoft Azure Services

Access to the Microsoft platform as a cloud based

platform

Provides a platform which is proprietary

Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das

22

Datastore as a service

Service model architecture:

SaaS

Platform As A Service (PaaS)

Infrastructure As A Service (IaaS)

Functional: End user interaction with the Applications function

Software As A Service (SaaS)

Allows for customisation of UI and workflows

Often uses mult-tenancy databases

Commercial: typically billing based on number of users

23

Example: Salesforce.com

Provides complete application accessible from

the cloud

Software can be configured to support

customer specific requirements

Infrastructure is hidden from the user

Supports customisation through configuration driven

language
Scope for customisation is limited

Uses multi-tenancy architecture

Essential a platform for a specific class of application

Configuration results in a change to both UI and
underlying database schema for that customer
24

Examples of configuration

UI actions (such as entering an email address) can have customised scripts

associated with them which perform workflow or validation logic

Workflow defines the sequence of steps through the UI screens

Validation logic enforces rules about information entered based on customer
specific standards or context specific restraints (i.e. What can be entered given
the current workflow)

These may not effect the database schema definition and therefore can be
deployed only to that customers UI
25

Examples of configuration

UI definitions (or associated workflows) may also require

modifications/extensions to the database schema

Through multi-tenancy/multi-schema approach, the metadata defining

the schemas specific to that customer is modified without impacting on
the baseschema or the other customers deployed schemas

26

Different types of SaaS

Type 1: Ad-Hoc/Custom
Type 2: Configurable
Type 3: Configurable, MultiTenant-Efficient
Type 4: Scalable,
Configurable, Multi-TenantEfficient

Source: Microsoft MSDN Architecture Center

27
27

Different types of SaaS

Type 1: Ad-Hoc/Custom

Each customer (or tenant) has

there own instance of the
application which can be
customised on an individual basis
Level 1 SaaS is equivalent to
application hosting

28
28

Different types of SaaS

Type 2: Configurable

A single application base is

customised for each
customer/tenant
Customisation is deployed within
each instance of the application
Deployment of upgrades across the
instance will require roll-out to each
instance

29
29

Different types of SaaS

Type 3: Configurable, MultiTenant-Efficient

A single application base and

instance is customised for each
customer/tenant
Customisation is deployed at runtime within each instance of the
application
Single instance is more resource
efficient than multiple instances
Deployment of upgrades made to a
single instance

30
30

Different types of SaaS

Type 4: Scalable,
Configurable, Multi-TenantEfficient

Uses a tenant load balancer to

balance load between multiple
instances

Similar to a hypervisor

Should provide superior scalability

and efficiency
Requires deployment of upgrades
to made to multiple instances

31
31

Conclusions: Understanding the

different service model architectures

Different levels of abstraction

OS: Amazon EC2
Application development framework : Google AppEngine
Applicaton customisation: Salesforce

Similar to languages
Higher level abstractions can be built on top of lower ones

Lower-level,
More flexibility,
More management
Scalability through configuration

Higher-level,
Less flexibility,
Less management
Automatically scalable

32

EC2

IAAS

Azure

AppEngine

PAAS

Salesforce.com

SAAS

Cloud and security

33

General Security Challenges

Security/data control is the most often cited issue with

migration to the cloud

Issues include:
Trusting vendors security model
Customer inability to respond to audit findings
(dependent on service provider to modify service)
Obtaining support for investigations
Indirect administrator accountability
Proprietary implementations cant be examined
Loss of physical control
34

Cloud Security Challenges Part 1

Data dispersal and international privacy laws

EU Data Protection Directive and U.S. Safe Harbor program

Exposure of data to foreign government and data subpoenas
Data retention issues
Mostly addressed by cloud vendor providing geographic specific
services

Clear data ownership

Quality of service guarantees

Reliability of cloud service providers service in the context of

enterprise level quality of service commitments (typically with
required recovery times in seconds or minutes)
Potential for massive outages
35

Cloud Security Challenges Part 2

Dependence on secure hypervisors (for IaaS) or Multi-tenancy
(in both PaaS and SaaS)

Attraction to hackers (high value target)

Security of virtual OSs in the cloud

Encryption needs for cloud computing

Encrypting access to the cloud resource control interface

Encrypting administrative access to OS instances
Encrypting access to applications
Encrypting application data at rest

Lack of public PaaS/SaaS version control

Changes to the service may occur with out explicit agreement from the
customer unlike tightly controlled lifecycle management within an
enterprise
36