Professional Documents
Culture Documents
Ebook Cloud Computing Fundamentals
Ebook Cloud Computing Fundamentals
Ebook Cloud Computing Fundamentals
Agenda
Introduction
1. Principles of Cloud Computing
2. Implementing and Managing Cloud Computing
3. Using the Cloud
4. Security and Compliance
5. Evaluation of Cloud Computing
Introduction
Course objectives
Contents
1.1
10
Definitions
cloud computing, method of running application software and
storing related data in central computer systems and providing
customers or other users access to them through the Internet.
Five Characteristics
On-demand self-service
Resource pooling (multi-tenancy)
Rapid elasticity (flexibility, scalability)
Measured service (pay-per-use)
Broad network access ( "any time, any place, any device)
IT becomes an utility
There was a time when every household, town, farm or village had its own
water well. Today, shared public utilities give us access to clean water by
simply turning on the tap; cloud computing works in a similar fashion. Just
like water from the tap in your kitchen, cloud computing services can be
turned on or off quickly as needed. Like at the water company, there is a
team of dedicated professionals making sure the service provided is safe,
secure and available on a 24/7 basis. When the tap isn't on, not only are
you saving water, but you aren't paying for resources you don't currently
need.
Vivek Kundra
Public Cloud
delivery of off-site services over the internet
Sharing of resources; multi-tenancy means a lower level of
security and privacy
Aimed at a wide audience
Compelling services like email and social media
Enables social networking and collaboration
Community Cloud
A type of shared private cloud
delivers services to a specific group of organizations and/or
individuals that share a common goal
easy sharing of data, platforms and applications
Sharing of capital expenditure for otherwise (too) expensive
facilities
24/7 access and support
shared service and support contracts
economics of scale
Examples: regional or national educational or research institutes,
community centers, etc.
Hybrid Cloud
a mix of the above models; combining several private and public
Cloud solutions from several providers into one (virtual) IT
infrastructure
choosing specific services for either Private or Public Cloud
suitability is balancing:
security
privacy
compliance versus price
SaaS
Key characteristics:
software hosted offsite
software on demand
software package
no modification of the software
plug-in software: external software used with internal
applications (hybrid cloud)
vendor with advanced technical knowledge
user entangled with vendor
Examples: CRM, ERP, Billing and invoicing, Web Hosting, Etc.
PaaS
Key characteristics:
Mostly used for remote application development
Remote application support
Platform may have special features
Low development costs
Variants
Environment for software development
Hosting environment for applications
Online storage
IaaS
The background of IaaS can be found in the merger between IT
and Telecom infrastructure and services in the past decade
Key characteristics:
Dynamic scaling
Desktop virtualization
Policy-based services
Examples of IaaS are hosting services supporting e-commerce,
web hosting services that include broadband connections and
storage.
Questions:
What are the deployment models in a cloud?
1.2
Historic timeline
Contributing factors to the existence of the Cloud
The development of the Internet
The move from Mainframe computing to the present day
myriad of personal devices with connection to the Internet.
The development of computer networks
Time-line
Mainframe computers and terminals
Decentralized mini computers with terminals
Micro computers (PC) connected to a LAN with terminal
emulation
Client-server architecture
Any device connected to the internet
Minicomputers
Easier to purchase
Smaller
Cheaper
First specialized, later
multi-tasking
Development of LAN
From Microcomputer to PC
Uses
Dedicated terminal
Access to time sharing
services
Special services on
intelligent devices:
Terminal server (remote
access)
Batch processing (job entry)
Virtualization
Not NEW!
Exists since the 1970s in mainframe environments
Virtualization
Concept of the cloud: virtualized operating environment & thin
clients; Web-based delivery
Virtualization is the solution for integration of:
Internet
Storage
Processing power
Key Features are:
Multiplies the use of high performance computers
Puts extra/excess capacity to use
Multi tenancy
Full Virtualization
Paravirtualization
Full Virtualization
Complete simulation of underlying hardware.
Full virtualization requires that every salient feature of the
hardware be reflected into one of several virtual machines
including the full instruction set, input/output operations,
interrupts, memory access, and whatever other elements are
used by the software that runs on the bare machine, and that is
intended to run in a virtual machine.
Operating system unaware of its virtualized status. Thinks itself
as an physical machine.
Paravirtualization
Paravirtualization is a virtualization technique that presents a
software interface to virtual machines that is similar but not
identical to that of the underlying hardware.
The intent of the modified interface is to reduce the portion of
the guest's execution time spent performing operations which
are substantially more difficult to run in a virtual environment
compared to a non-virtualized environment. The
paravirtualization provides specially defined 'hooks' to allow the
guest(s) and host to request and acknowledge these tasks,
which would otherwise be executed in the virtual domain (where
execution performance is worse).
Managed Services
Advantages:
Accessibility everywhere
Shift of focus from IT to core business
No need for highly trained IT staff
Key Issues:
Performance
Compliance
Contingency
Questions
What is Virtualization?
Types of Virtualization?
Some system calls bypass the hypervisor and gain direct access
to hardware, what type is virtualization is this?
Virtualizations is an integral part of Cloud.
True or False?
Technologies
Grid Computing
Multiple computers across various domains involved in
solving a single problem. Example SETI
Utility Computing
Packaging of computing resources, such as processing,
storage and services as a metered service
Cluster Computing
Load balancing
Virtualization
Decoupling hardware and software.
Cloud Evolution
Examples Contd.
Microsoft
Windows Azure
Microsoft SQL Services
Microsoft .NET Services
Live Services
Microsoft Sharepoint
Microsoft Office 365
SkyDrive Pro
Big Data
Microsoft has been doing Big Data long before it was megatrend in the market: At Bing we analyze over 100 petabytes of
data to deliver high quality search results. More broadly,
Microsoft provides a range of solutions to help customers
address big data challenges. Our family of data warehouse
solutions from Microsoft SQL Server 2008 R2, SQL Server
Fast Track Data Warehouse, Business Data Warehouse and
SQL Server 2008 R2 Parallel Data Warehouse offer a robust
and scalable platform for storing and analyzing data in a
traditional data warehouse. Parallel Data Warehouse (PDW)
offers customers: Enterprise-class performance that handles
massive volumes to over 600 TB. We also provide LINQ to HPC
(High Performance Computing) a distributed runtime and a
programming model for technical computing.
Big Data
Examples contd.
Salesforce:
Salesforce.com is the enterprise cloud computing company that
is leading the shift to the Social Enterprise.
Their cloud platform and apps especially their CRM (Customer
Relationship Management) solutions are widely popular across
the world specially in America.
Sales Cloud
Sales Cloud further offers services like: (and many more)
Chatter Connect with people in your company to get the info
you need in real time so you can focus on selling.
Accounts and contacts Everything you need to know about your
customers and prospectsall in one place.
Data.com Reach the right people, zero in on targets, and plan
territories with highly accurate account and contact data.
Analytics and forecasting Easily view and share business
insights in real time to keep your numbers on track and your
forecast accurate
Service Cloud
With the Service Cloud you can meet customers wherever they
are -- including social networks such as Facebook and Twitter.
Your agents also benefit from employee social networks that
help them work together like never before. And because you get
all the features a social contact center needs, your customers
experience amazing service on any channel.
Grid Computing
Grid computing is a term referring to the federation of computer
resources from multiple administrative domains to reach a
common goal. The grid can be thought of as a distributed
system with non-interactive workloads that involve a large
number of files.
Key Concept: Resource sharing.
Multiple computers across multiple domains assigned to
complete one processor intensive task.
Utility Computing
Utility computing is the packaging of computing resources, such
as computation, storage and services, as a metered service. This
model has the advantage of a low or no initial cost to acquire
computer resources; instead, computational resources are
essentially rented.
Originally, time-sharing access to mainframe (1960s)
Rediscovered in late 1990s as alternative to building and running your
own datacenter build large datacenter and rent access to customers
Sun, IBM, HP, Intel, and many others built datacenters and rented
access to servers
1990s usage model:
Long legal negotiations with strong service guarantees
Long-term contracts (monthly/yearly)
Approx. $1/hour pricing per physical computer
Overall, this model was not commercially viable!
Utility Computing
Computing may someday be organized as a public utility - John
McCarthy, MIT Centennial in 1961
Huge computational and storage capabilities available from utilities
Metered billing (pay for what you use)
Simple to use interface to access the capability (e.g., plugging into an
outlet)
61
Virtualization
What is Virtualization
Virtualization is the creation of a virtual (rather than actual)
version of something, such as an operating system, a server, a
storage device or network resources
Virtualization is a technique for hiding the physical of
computing resources to simplify the way in which other systems,
applications, or end users interact with those resources.
Virtualization lets a single physical resource (such as a server,
an operating system, an application, or storage device) appear
as multiple logical resources
or
Making multiple physical resources (such as storage devices or
servers) appear as a single logical resource
What is Virtualization
Virtualization is a technology that transforms hardware into
software.
Virtualization allows you to run multiple operating systems as
virtual machines on a single computer
Copy of an O.S is installed into each virtual machine.
Virtualization is not
Simulation
Emulation
Todays IT Challenges
What this Equates to Today:
Continued Server
Power, space and cooling costs represent one of the largest IT
budget line items
One-application-per-server approach leads to complexity and
high costs of equipment and administration
SQL
Application Servers
File
DNS
Domain
Virtual Hardware
Virtualization Basics
System without
Virtualization Software
System with
Virtualization Software
App
App
App
App
App
App
OS
OS
OS
Operating System
Hypervisor
Hardware
Hardware
Traditional Stack
Virtualized Stack
Virtualization Basics
Before Virtualization:
Single OS image per machine
Software and hardware tightly coupled
Running multiple applications on same machine often creates
conflict
Underutilized resources
Inflexible and costly infrastructure
Virtualization Basics
After Virtualization:
Hardware-independence of operating system and applications
Virtual machines can be provisioned to any system
Can manage OS and application as a single unit by encapsulating
them into virtual machines
The Hypervisor
AKA: Virtual Machine Monitor (VMM)
The foundation of virtualization
Interfaces with hardware
Replace the operating system
Intercept system calls
Operate with the operating system
Hardware isolation
Multi-environment protection
Questions
Resource pooling of multiple computers to process one task is
an example of _________ computing.
1.4
CLOUD COMPUTING
ARCHITECTURES
Multipurpose Architecture
Key Characteristics
Virtualization
Multi-tiered
Interoperable layers
Open standards
Application
Programs
Application
Programs
Application
Programs
Guest Operating
System
Guest Operating
System
Guest Operating
System
Hypervisor
Virtual Operating Environment
Hardware
Application
Programs
Application
Programs
Guest Operating
System
Guest Operating
System
Guest Operating
System
Hypervisor
Virtualization Layer
Host Operating System
Hardware
Tiered Architecture
2011).
Key element (&issue) is Security
Security needs to be ensured at all levels of the infrastructure
Examples:
Salesforce.com: a SaaS-based CRM application for various
businesses using common framework and multi tenancy
model
Microsoft Dynamics CRM Online offering
Multi-Tenancy IaaS/PaaS offerings from Amazon or IBM or
Microsoft Azure
Service-Oriented Architectures
Service-Oriented Architecture (SOA)
an architectural style that supports service orientation.
Service orientation
a way of thinking in terms of services and service-based
development and the outcomes of services.
Service
Is a logical representation of a repeatable business activity
that has a specified outcome (e.g., check customer credit;
provide weather data, consolidate drilling reports)
is self-contained
may be composed of other services
a black box to consumers of the service
Questions
A Hypervisor sitting directly on top of the hardware layer is
called ______?
What is SOA?
1.5
Plus or Minus
Service Level Agreement
Do the clauses support your business?
If so it is a plus!
(customer responsibility; it takes two to tango!)
2.1
Issues:
Provider responsibility:
Security of data
Privacy of data
2.2
THE PRINCIPLES OF
MANAGING CLOUD SERVICES
IT Governance
The following elements need to be in place:
Good Service Level Management
Different requirements for the different Cloud models
Reporting system
Clear SLAs with SMART performance criteria
Consisting of
Information
System
Support
Purpose
Quality
specifications
People
Processes
Technology
Partners
To manage
information
Changes,
system
restoration in
case of failure
Maintenance
To ensure
performance
according to the
agreed
requirements
Availability
Capacity
Performance
Security
Scalability
Adjustability
Portability
Process
Relationship processes
Control processes
Configuration Management
Change Management
Resolution processes
Incident Management
Problem Management
Release and Deployment Management
Release process
And its staff need to be familiar with the processes and adhere
to the procedures and instructions!
Questions
What are the main components of a local cloud environment?
- Internet browser
- Internet connection
- Provider, IP-address
The Internet
The Internet is a global system of interconnected computer
networks that use the standard Internet protocol suite (TCP/IP) to
serve billions of users worldwide (Wikipedia)
Uses the standard IP Suite.
Extended version of the LAN.
Email (professional)
Webmail
Office suites
E-Business
Online Storage
Collaboration
Video conferencing
Questions
Thin clients are thin because?
3.2
3.3
4.1
Mitigation:
Authentication, audit, etc.
Operations procedures, operational
security practices, etc.
Design for security, etc.
Staff vetting, etc.
Validation of credentials, active
monitoring of traffic, etc.
Good SLAs and audit
Strong authentication, active
monitoring, etc.
Source: http://www.csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt
144
at slide 17
See http://www.engadget.com/2009/10/10/t-mobile-we-probably-lost-all-your-sidekick-data/
However, see also: Microsoft Confirms Data Recovery for Sidekick Users
http://www.microsoft.com/Presspass/press/2009/oct09/10-15sidekick.mspx
Hypervisor Virus
Along with the Cloudburst exploit users are also worried about
viruses affecting their systems.
If using a bare metal installation of either Hyper-V or Vmware is
still secure but if one is using a host OS based hypervisor then
security is compromised.
Not all regular viruses will infect the hypervisor layer but since
cloud is a attraction for hackers they will develop more viruses
sooner or later.
Hypervisor Viruses
Again is your VMs are inter networked and shared folders
enabled this can spread regular viruses over the network as
well.
Most virus companies are coming up with antivirus programs
that work well with virtualized environments to help stop this
threat.
Crisis Malware
Symantec researchers revealed that the Crisis malware is not
limited to attacking Mac machines, but has the ability to infect
devices running Windows and Windows Mobile, as well as
VMware virtual machines.
Unlike the majority of other malware that terminates itself when
it detects a VMware virtual machine image on the compromised
computer in order to avoid being analyzed, this one mounts the
image and then copies itself onto the image by using a VMware
Player tool.
Blue Pill
Blue Pill
Blue Pill
Questions
Confidentiality, Integrity and __________?
What is Cloudburst?
4.2
Authentication
Non-Cloud authentication
Simple authentication using user-id and password
Active directory authentication
Using your active directory account credentials
Uses Kerberos protocol (no transmission of readable data)
Triple-A Authentication
Authentication
Triple identification, what/who you
Know (password)
Have (token/smart card)
Are (fingerprint or retina scan)
Authorization
leveled
Accountability
periodic logs & audit data
International Privacy/Compliance
USA: the Privacy Act 1974, federal laws HIPAA & GLBA and
Safe harbor
Japan: Personal Information Protection Law and Law for
Protection of Computer Processed Data Held by Administrative
Organs (1988)
Canada: PIPEDA (Personal Information Protection and
Electronic Data Act 2008) and Privacy Act (1983)
EU: Laws and privacy standards of the member countries, EU
Internet Privacy Law (DIRECTIVE 2002/58/EC, 2002) and EU
Data Protection Directive (1998)
Safeguards
Effective Access Control and Audit
Single Sign On (SSO)
Strong authentication: password & biometric
measure
Review on audit logs
Secure Cloud Storage
Encryption
Integrity by mechanisms as hashing
Secure Network Infrastructure
Encryption protocols against leakage
Integrity protocols (digital signatures) against modification
Consult a lawyer, specialized in international legislation
Know where (which country) your data is
Questions
Triple-A stands for?
What is PII?
5.0
Business drivers
Flexibility
Time to market (TTM)
Costs
TCO
Capex vs. Opex
TCAO
Service Level Agreements (SLA)
Performance, Security, Availability, Scalability,
Architecture
Integration (PaaS), migration
Green(er) computing
5.1
Legal Issues
Law
Compliance
Copyright
Data Portability
S2(1)(w)
"Intermediary" with respect to any particular
electronic records, means any person who on behalf of
another person receives, stores or transmits that record or
provides any service with respect to that record and
includes telecom service providers, network service
providers, internet service providers, web hosting service
providers, search engines, online payment sites, onlineauction sites, online market places and cyber cafes;
You are utilizing a shared disk model and we cannot RISK the
chance your third party may interfere with other clients using the
same platform.
Escape Routes
no liability for services that consist of the storage of electronic
information under the condition that the provider has No knowledge or
awareness of illegal nature.
..and removes or blocks illegal data when it does
gain knowledge or become aware of illegal nature
Liability protection does not prevent so-called
injunctions, which can be as costly and timeconsuming
5.2
5.3
EVALUATING
IMPLEMENTATIONS
Service
Wiser investment
Security
Compliance
Faster delivery of what
you want
Less capital expense
Short-term needs
5.4
CASE STUDIES
NASA
Following extensive research, NASA/JPL launched a new Web
site called BeAMartian that is designed to attract citizenscientists to Mars exploration activities. The site was built using
a variety of technologies, including the cloud-based Windows
Azure platform, Silverlight, a cross-platform Web browser plug-in
that delivers rich content and interactivity, and Windows Azure
Marketplace DataMarket, a service that lets developers and
organizations create and consume applications and content on
the Azure platform. The site is can be viewed using the most
popular Web browsers, including Internet Explorer, Firefox, and
Safari.
NASA
NASA
Although the tools for retrieving the data from the Planetary Data
System are largely geared for scientists and other experts, the
BeAMartian site makes it much easier for the general public to
work with the Mars data. To do this, Microsoft and NASA
working with Mondo Robot, a Colorado-based design firm, and
the Arizona State University Mars Space Flight Facility
developed a way for citizens to participate in science using
casual game-like experiences. For example, Mapping Mars
lets citizen scientists perform map stitching activities in which
they align images from different orbiters, but with the same geocoordinates, to build a more accurate global map of the planet
than can be achieved by computers alone.
NASA
The BeAMartian site has successfully demonstrated how Web
technology can help an organization engage with a large,
dispersed group of users to view graphically rich content and
participate in activities that involve massive amounts of data.
The site has helped NASA/JPL raise awareness of its Marsrelated missions and research activities. It has also helped
NASA/JPL engage with a large international audience and, in
the process, promote its goal of generating excitement around
the technical skills needed for future space exploration,
particularly the STEM disciplines. Additionally, the site is helping
NASA/JPL fulfill its obligations to make its data more accessible
to the general public while assisting NASA/JPL scientists in their
work.
ISV Builds Innovative Mobile App for Lawyers 25 Percent Faster with Cloud Solution
LexisNexis
LexisNexis Solution
LexisNexis Solution
LexisNexis executives considered a number of factors in making
the decision to adopt Windows Azure over other alternatives.
We quickly realized that, with Windows Azure, we could gain
the on-demand scalability we needed in a much more costeffective way than if we attempted to build out our own multitier
infrastructure, says Paransky. Plus, the Microsoft solution
offers much more than just redundant hardware; it provides a
complete set of familiar tools to manage the entire development
lifecycle. And it gave us the chance to work directly with the
people who know the technology best to make sure we got our
application to market as fast as possible.
Mahindra Satyam
Mahindra Satyam, a leading global IT services provider, can
implement business intelligence (BI) solutions faster and more
affordably with its iDecisions framework. The company
implemented the iDecisionsbased BI solution by taking
advantage of Microsoft SQL Server 2012 built-in features, such
as enhanced analytics and reporting capabilities and support for
cloud-based implementations. As a result, the company can
significantly cut deployment time and costs and improve the
end-user experience.
Mahindra Satyam
As an early adopter of Microsoft SQL Server 2012 Enterprise
data management software, Mahindra Satyam believed that
Microsoft had the right platform for its BI solutions. Ramesh
Kumar Koona, Assistant Vice President at Mahindra Satyam,
says, We liked the integrated nature of the Microsoft tool
stackwhen you buy SQL Server 2012, you get everything you
need bundled in one license.
Mahindra Satyam
When Mahindra Satyam began exploring SQL Server products,
it was already looking forward to implementing its BI solutions in
the cloud with the Windows Azure platform and services and
products such as Windows Azure and Microsoft SQL Azure.
Some customers could go directly to the cloud to build new
infrastructure and take advantage of cloud-based scalability,
while others might choose a hybrid cloud solution. One of the
things we liked about SQL Server 2012 is that its a cloud-ready
version, says Koona. We could deploy our BI solutions onpremises and later migrate the same solution to the Windows
Azure platform.