Cloud Computing Foundation

An Introduction to Could Computing Training by Simplilearn

Agenda
Introduction History of Cloud computing Foundational Elements of Cloud Computing Principles of Cloud Computing Cloud Computing Security Secure Cloud Migration Paths Using the Cloud Implementing and Supporting the Cloud Managing Cloud Computing Evaluation of Cloud Computing Cloud Computing Case Studies and Security Models

1. Introduction

Course objectives
Fundamental concepts of the cloud computing platform: Deployment Architecture Design What made cloud possible Pros and cons, benefits and risks Standards and best practices

What you will learn?

After completing this course, you will be able to: Identify essential elements Describe the pros and cons Understand the business case for going to the cloud Describe how to build a cloud network Understand virtualization architecture Describe security and privacy issues Understand federation and presence Describe cloud computing standards and best practices Describe how mobile devices can be used in the cloud

Overview

The NIST Cloud Definition Framework

Hybrid Clouds
Deployment Models Service Models Essential Characteristics Private Cloud Software as a Service (SaaS) Community Cloud Platform as a Service (PaaS) On Demand Self-Service Broad Network Access Rapid Elasticity Public Cloud Infrastructure as a Service (IaaS)

Resource Pooling
Massive Scale

Measured Service
Resilient Computing Geographic Distribution

Common Characteristics

Homogeneity

Virtualization
Low Cost Software

Service Orientation
Advanced Security
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com

History of Cloud Computing

Objective: Exploring the history of shared computing and the technological, economic, organizational enablers for Cloud Computing To learn about how technologies evolved from cluster , grid and virtualization into cloud computing To learn about datacenter architectures of grid, utility and virtual machines

History of Cloud computing

In principle, there were
Cluster Computing
for load balancing

Grid computing
many computers in a network solve a single problem

Utility computing
packaging of computing resources, such as computation, storage and services, as a metered service

Virtualization
decouple software and hardware

Trends
* distributed computing * grid computing * utility computing * cloud computing

* distributed computing

* grid computing

* utility computing

* cloud computing

10

EXAMPLES
Amazon Elastic Compute Cloud (EC2) Simple Storage Service (S3) Googles App Engine Microsoft Windows Azure Microsoft SQL Services Microsoft .NET Services Live Services Microsoft SharePoint Services and Microsoft Dynamics CRM Services
12

Example 1: Amazon Cloud

Amazon cloud components Elastic Compute Cloud (EC2) Simple Storage Service (S3) SimpleDB New Features Availability zones Place applications in multiple locations for failovers Elastic IP addresses Static IP addresses that can be dynamically remapped to point to different instances (not a DNS change)

13

Amazon Cloud Users: New York Times and Nasdaq (4/08)

Both companies used Amazons cloud offering New York Times Didnt coordinate with Amazon, used a credit card! Used EC2 and S3 to convert 15 million scanned news articles to PDF (4TB data) Took 100 Linux computers 24 hours (would have taken months on NYT computers It was cheap experimentation, and the learning curve isn't steep. Derrick Gottfrid, Nasdaq Nasdaq Uses S3 to deliver historic stock and fund information Millions of files showing price changes of entities over 10 minute segments The expenses of keeping all that data online *in Nasdaq servers+ was too high. Claude Courbois, Nasdaq VP Created lightweight Adobe AIR application to let users view data
14

Example 2: IBM-Google Cloud

Google and IBM plan to roll out a worldwide network of servers for a cloud computing infrastructure Infoworld Initiatives for universities Architecture Open source Linux hosts Xen virtualization (virtual machine monitor) Apache Hadoop (file system) open-source software for reliable, scalable, distributed computing IBM Tivoli Provisioning Manager

15

Example 3: Microsoft Azure Services

Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das

16

Windows Azure Applications, Storage and Roles

n
LB

m
Worker Role

Web Role

Cloud Storage (blob, table, queue)

Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das

17

Grid Computing
Distributed parallel processing across a network Key concept: the ability to negotiate resource-sharing arrangements Characteristics of grid computing Coordinates independent resources Uses open standards and interfaces Quality of service Allows for heterogeneity of computers Distribution across large geographical boundaries Loose coupling of computers

18

Grid Computing

20

Utility computing

Originally, time-sharing access to mainframe (1960s) Rediscovered in late 1990s as alternative to building and running your own datacenter build large datacenter and rent access to customers Sun, IBM, HP, Intel, and many others built datacenters and rented access to servers 1990s usage model: Long legal negotiations with strong service guarantees Long-term contracts (monthly/yearly) Approx. $1/hour pricing per physical computer Overall, this model was not commercially viable!

Utility Computing
Computing may someday be organized as a public utility - John McCarthy, MIT Centennial in 1961 Huge computational and storage capabilities available from utilities Metered billing (pay for what you use) Simple to use interface to access the capability (e.g., plugging into an outlet)

22

Virtualization

Creation of a virtual (rather than actual) version of something, such as a hardware platform, operating system, a storage device or network resources. o Abstraction layer that decouples computation from physical resource Motivations o Resource sharing with security and isolation Similar to multi-user/multi-programming o Ease of management Virtual machines (bits) vs.. physical resources (hardware) E.g.: start/stop, clone, migrate, suspend an entire virtual machine As flour is to a cookie, virtualization is to a cloud

23

Cloud Enabling Technology: Virtualization

Traditional and Virtualized stack

App App App App OS App OS Hypervisor Hardware App OS

Operating System Hardware

Traditional Stack

Virtualized Stack

Many Types of Virtualization

Full virtualization Hardware-assisted virtualization (IBM S/370, Intel VT, or AMD-V) Para-virtualization Operating System virtualization

Modern OS Virtualization
Hardware-assisted virtualization is a key technological enabler for Cloud Computing Provides complete isolation on commodity (low-cost) platforms Enables multiplexing of many users onto single server Key contribution is minimal performance overhead (few percent) versus non-virtualized However, high I/O applications incur many VM traps (high CPU overhead), limiting scalability and efficiency Challenge: true performance isolation for multiple applications Many dimensions! (more in research discussion)

Enterprise Software Revolution

Software as a Service (SaaS)

SaaS is hosting applications on the Internet as a service (both consumer and enterprise) Jon Williams, CTO of Kaplan Test Prep on SaaS I love the fact that I don't need to deal with servers, staging, version maintenance, security, performance Eric Knorr with Computerworld says that *there is an+ increasing desperation on the part of IT to minimize application deployment and maintenance hassles

27

Three Features of Mature SaaS Applications

Scalable Handle growing amounts of work in a graceful manner Multi-tenancy One application instance may be serving hundreds of companies Opposite of multi-instance where each customer is provisioned their own server running one instance Metadata driven configurability Instead of customizing the application for a customer (requiring code changes), one allows the user to configure the application through metadata

28

28

SaaS Maturity Levels

Level 1: Ad-Hoc/Custom Level 2: Configurable Level 3: Configurable, Multi-Tenant-Efficient Level 4: Scalable, Configurable, MultiTenant-Efficient

Source: Microsoft MSDN Architecture Center

29

29

Examples of Companies offering SaaS

There are dozens of companies offering SaaS. Intuit QuickBooks conventional application for tracking business accounting. With the addition of QuickBooks online, accounting has moved to the cloud. Google Apps suite of applications that includes Gmail webmail services, Google Calendar shared calendaring, Google Talk instant messaging and Voice over IP

QUESTIONS

1. 2.

What is cloud computing? What are the differences between grid, virtualization and cloud computing.

31

Foundational Elements of Cloud Computing

Objective: To learn about the Technological enablers and Economic enablers of cloud computing

32

Foundational Elements of Cloud Computing

Primary Technologies Virtualization Grid technology Service Oriented Architectures Distributed Computing Broadband Networks Browser as a platform Free and Open Source Software Other Technologies Autonomic Systems Web application frameworks Service Level Agreements

33

Service Level Agreements (SLAs)

Contract between customers and service providers of the level of service to be provided Contains performance metrics (e.g., uptime, throughput, response time) Problem management details Documented security capabilities Contains penalties for non-performance

34

Autonomic System Computing

Complex computing systems that manage themselves Decreased need for human administrators to perform lower level tasks Autonomic properties: Purposeful, Automatic, Adaptive, Aware IBMs 4 properties: self-healing, self-configuration, self-optimization, and self-protection

IT labor costs are 18 times that of equipment costs. The number of computers is growing at 38% each year.
35

Platform Virtualization
Host operating system provides an abstraction layer for running virtual guest OSs Key is the hypervisor or virtual machine monitor Enables guest OSs to run in isolation of other OSs Run multiple types of OSs Increases utilization of physical servers Enables portability of virtual servers between physical servers Increases security of physical host server

36

Web Services

Web Services Self-describing and stateless modules that perform discrete units of work and are available over the network Web service providers offer APIs that enable developers to exploit functionality over the Internet, rather than delivering full-blown applications. Info world Standards based interfaces (WS-I Basic Profile) e.g., SOAP, WSDL, WS-Security Enabling state: WS-Transaction, Choreography Many loosely coupled interacting modules form a single logical system (e.g., legos)
37

37

Service Oriented Architectures

Service Oriented Architectures Model for using web services service requestors, service registry, service providers Use of web services to compose complex, customizable, distributed applications Encapsulate legacy applications Organize stove piped applications into collective integrated services Interoperability and extensibility

38

Web application frameworks

Coding frameworks for enabling dynamic web sites Streamline web and DB related programming operations (e.g., web services support) Creation of Web 2.0 applications Supported by most major software languages Example capabilities Separation of business logic from the user interface (e.g., Model-viewcontroller architecture) Authentication, Authorization, and Role Based Access Control (RBAC) Unified APIs for SQL DB interactions Session management URL mapping Wikipedia maintains a list of web application frameworks

39

Free and Open Source Software

External mega-clouds must focus on using their massive scale to reduce costs Usually use free software Proven adequate for cloud deployments Open source Owned by provider Need to keep per server cost low Simple commodity hardware Handle failures in software

40

Public Statistics on Cloud Economics

41

Cost of Traditional Data Centers

11.8 million servers in data centers Servers are used at only 15% of their capacity 800 billion dollars spent yearly on purchasing and maintaining enterprise software 80% of enterprise software expenditure is on installation and maintenance of software Data centers typically consume up to 100 times more per square foot than a typical office building Average power consumption per server quadrupled from 2001 to 2006. Number of servers doubled from 2001 to 2006

42

Energy Conservation and Data Centers

Standard 9000 square foot costs $21.3 million to build with $1 million in electricity costs/year Data centers consume 1.5% of our Nations electricity (EPA) .6% worldwide in 2000 and 1% in 2005 Green technologies can reduce energy costs by 50% IT produces 2% of global carbon dioxide emissions

43

Cloud Economics

Estimates vary widely on possible cost savings If you move your data Centre to a cloud provider, it will cost a tenth of the cost. Brian Gammage, Gartner Fellow Use of cloud applications can reduce costs from 50% to 90% - CTO of Washington D.C. IT resource subscription pilot saw 28% cost savings - Alchemy Plus cloud (backing from Microsoft) Preferred Hotel Traditional: $210k server refresh and $10k/month Cloud: $10k implementation and $16k/month

44

2. Principles of Cloud Computing

2.1

THE CONCEPT OF CLOUD COMPUTING

Overview

47

Cloud Computing: Examples

Examples webmail, web based office tools customer relation management tools (CRM), backup services drop box, slide share, Wikispaces, social media online games

What is Cloud Computing

Clouds are a large pool of easily usable and accessible virtualized resources

(such as hardware, development platforms and/or services). These resources can be dynamically reconfigured to adjust to a variable load (scale), allowing also for an optimum resource utilization. This pool of resources is typically exploited by a pay-per-use model in which guarantees are offered by the Infrastructure Provider by means of customized SLAs.
(ACM, Association of Computing Machinery)

Key notions in Cloud Computing

Service based Uses internet technologies Scalable and elastic Shared Metered by use Virtualized resources

Cloud computing is not a product you buy. Its not a SKU. Its not a technology. Its an IT delivery model. (Mike Martin, Director of Cloud Computing for Logicalis)

Virtualization

It does not matter where hardware, applications or data is located in the cloud, as long as we can access and use it.

Key Features of Virtualization

Flexibility Deployability Elasticity Centralization of resources Memory and processor requirements
Failover capabilities Features continue to emerge

The Cloud and Collaboration

Reach extender to suppliers and customers
Communication enabler, enhancing communication with: suppliers customers employees Employee enabler less travel time virtual office access just-in-time access

Public, Private and Hybrid Clouds

2.2

THE EVOLUTION OF CLOUD COMPUTING

Overview

Standalone Mainframes
Benefits Dedicated Hardware for single tasks Multitasking and timesharing Early virtualization and multi-processing Limitations Limited memory Limited storage Expensive Difficult deployment

Communication Systems
Two forms Dedicated leased line Dial-up Uses Time sharing services Multitasking operating systems Dumb tubes Communication controllers Remote terminal access Remote Job Entry

Minicomputers

Smaller Less expensive Multi-user Mulri-tasking Proprietary and standard operating systems (UNIX) Expanded communication (including LANs)

Local Area Networking

Microcomputers

Even smaller Single user Rudimentary operating system Limited memory and storage

Internet
Initial goals Reliable communication
Even in the event of partial equipment or network failure

Connectivity
With different types of computer and operating systems

Cooperative effort
Not a monopoly

International, world-wide network

Virtualization
Virtualization is not a new concept Around since the 1970s in mainframe environments

Example: 1972 IBM VM/370

The Cloud

Internet Vision

As of now, computer networks are still in their infancy. But as they grow up and become more sophisticated, we will probably see the spread of computer utilities which, like present electric and telephone utilities, will service individual homes and offices across the country Leonard Kleinrock, 1969

Managed Services Provider Model to Cloud Computing and SaaS

Early managed networks Frame Relay ATM Proprietary protocols Evolution High-speed High-bandwidth internet Standard protocols Standard services

Whats Next in Cloud Computing?

The cloud may never mature
Thin client based access

General purpose applications in the cloud

2.3

CLOUD COMPUTING ARCHITECTURES

Overview

Cloud Computing Architecture

Single Purpose Architectures Migrate to Multipurpose Architectures

Single-purpose Mainframe General applications Time-sharing Airline reservations Multipurpose Any application on any server Interface to large storage Interface to large computers

Service-Oriented Architectures
Single service functions Services loosely coupled Services can be used by different applications

Cloud Services
Cloud service offerings: CaaS (Communication-as-a-Service) SaaS (Software-as-a-Service) PaaS (Platform-as-a-Service) IaaS (Infrastructure-as-a Service) MaaS (Monitoring-as-a-Service)

Communication-as-a-Service

Offsite communications service provider Voice over IP Instant messaging Video teleconferencing

Software-as-a-Service

Software hosted offsite As-is software package Vendor has high knowledgeable level Mash-up or plug-in External software used with internal applications (hybrid cloud)

Little or no change to application User has little flexibility User locked into vendor

Platform-as-a-Service

Remote application development Remote application support Portability among vendors Lower cost of development

Infrastructure-as-a-Service

Hardware service providers (HaaS) Rent what you need Servers Network equipment (Virtual) CPU availability Storage Hosting companies

Monitoring-as-a-Service

External monitoring services Servers Disk utilization Applications Networking Specialized skill set

Tiered Architecture

Server Virtualization Architectures

The Hypervisor Virtualization as the Operating System Virtualization with a host Operating System

The Hypervisor
AKA: Virtual Machine Monitor (VMM) The foundation of virtualization Interfaces with hardware Replace the operating system Intercept system calls Operate with the operating system Hardware isolation Multi-environment protection

Virtualization as the Operating System

Application Programs
Guest Operating System

Application Programs
Guest Operating System

Application Programs
Guest Operating System

Hypervisor Virtual Operating Environment Hardware

Type 1 Hypervisors are seen as the principle operating system.

Virtualization with a Host Operating System

Application Programs
Guest Operating System

Application Programs
Guest Operating System

Application Programs
Guest Operating System

Hypervisor Virtualization Layer Host Operating System Hardware

Data Center Architecture for Cloud

Communications capacity
Public Internet Private Intranet & Private Cloud Routing to the datacenter Moving data within the local datacenter Bandwidth Security

2.4

BENEFITS AND LIMITATIONS OF CLOUD COMPUTING

Overview

Cloud Computing Benefits

Reduced Costs Increased storage Highly automated Flexibility More mobility Allows IT to shift focus Going Green Keeping things up to date

Cloud Computing Limitations

Security Is data adequately protected? Is it hacker proofed? Data location and privacy Where is it stored? Regulatory concerns Internet dependency Bandwidth and latency Availability and service levels SLA requirements Enterprise application migration

Exercises Quiz
1. Which of the following is not a cloud deployment model? a) Private b) Protected c) Public d) Hybrid e) Community 2. Which of the following is not an essential characteristic of cloud computing? a) Free b) Scalable c) Virtualized d) On demand e) Metered

Exercises Quiz
3. Which of the following is not a cloud architecture? a) IaaS b) PaaS c) HaaS d) SaaS 4. Which of the following is a benefit of using cloud computing? a) Security b) Availability c) Compliance d) Bandwidth guarantees e) Reduced costs

Exercises Quiz
5. In this model, formerly known as hardware as a service (HaaS), an organization outsources business components such as servers, storage and networking equipment. What is it? a) Infrastructure as a Service (IaaS) b) Platform-as-a-Service (PaaS) c) Software-as-a-Service (SaaS) d) None of the above 6. Infrastructure as a Service (IaaS) provides: a) Servers b) Storage c) Network equipment d) All the above

Exercises Quiz
7. What is Cloud Computing replacing? a) Corporate data centers b) Expensive personal computer hardware c) Expensive software upgrades d) All of the above 8. The hypervisor is also know as a) Virtual Machine Monitor b) Middleware c) Both of the above d) None of the above 9. The "Cloud" in cloud computing represents what? a) Wireless b) Hard drives c) People d) Internet

Cloud Computing Security

Objective : to learn about the security risks and advantages of the cloud

93

Security is the Major Issue

94

Cloud Security Challenges

Data dispersal and international privacy laws EU Data Protection Directive and U.S. Safe Harbor program Exposure of data to foreign government and data subpoenas Data retention issues Need for isolation management Multi-tenancy Logging challenges Data ownership issues Quality of service guarantees Dependence on secure hypervisors

95

Cloud Security Challenges ..

Attraction to hackers (high value target) Security of virtual OSs in the cloud Possibility for massive outages Encryption needs for cloud computing Encrypting access to the cloud resource control interface Encrypting administrative access to OS instances Encrypting access to applications Encrypting application data at rest Public cloud vs. internal cloud security Lack of public SaaS version control

Cloud Security Advantages

Data Fragmentation and Dispersal Dedicated Security Team Greater Investment in Security Infrastructure Fault Tolerance and Reliability Greater Resiliency Hypervisor Protection Against Network Attacks Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds)

97

Cloud Security Advantages..

Simplification of Compliance Analysis Data Held by Unbiased Party (cloud vendor assertion) Low-Cost Disaster Recovery and Data Storage Solutions On-Demand Security Controls Real-Time Detection of System Tampering Rapid Re-Constitution of Services Advanced Honeynet Capabilities

98

Security Relevant Cloud Components

Cloud Provisioning Services Cloud Data Storage Services

Security Relevant Cloud Components..

Cloud Processing Infrastructure Cloud Support Services Cloud Network and Perimeter Security

Elastic Elements: Storage, Processing, and Virtual Networks

100

Additional Issues
Issues with moving PII and sensitive data to the cloud Privacy impact assessments Using SLAs to obtain cloud security Suggested requirements for cloud SLAs Issues with cloud forensics Contingency planning and disaster recovery for cloud implementations Handling compliance FISMA HIPAA SOX PCI SAS 70 Audits

101

Comparisons

Examples of cloud advantage

Social networking systems will evolve into collaborative management systems. Homesourcing becomes mainstream. Corporate processes become decentralized. Smart phones evolve with cloud apps access to wireless broadband. productivity apps over the cloud for corporate use.

The Business Case for Going to the Cloud Examples

Eli Lilly and Company is one company that has moved to Amazon EC2 as part of their IT operations.

Secure Migration Paths for Cloud Computing

Objective: The reasons Why migration to cloud is a good idea and How to implement secure Cloud Migration

105

Balancing Threat Exposure and Cost Effectiveness

Private clouds may have less threat exposure than community clouds which have less threat exposure than public clouds. Massive public clouds may be more cost effective than large community clouds which may be more cost effective than small private clouds.

106

Cloud Migration and Cloud Security Architectures

Clouds typically have a single security architecture but have many customers with different demands Clouds should attempt to provide configurable security mechanisms Organizations have more control over the security architecture of private clouds followed by community and then public This doesnt say anything about actual security Higher sensitivity data is likely to be processed on clouds where organizations have control over the security model

107

Migration Paths for Cloud Adoption

Use public clouds Develop private clouds Build a private cloud Procure an outsourced private cloud Migrate data centers to be private clouds (fully virtualized) Build or procure community clouds Organization wide SaaS PaaS and IaaS Disaster recovery for private clouds Use hybrid-cloud technology Workload portability between clouds

108

Migration standards
Cloud Standards Mission: Provide guidance to industry and government for the creation and management of relevant cloud computing standards allowing all parties to gain the maximum value from cloud computing

NIST and Standards

NIST wants to promote cloud standards: We want to propose roadmaps for needed standards We want to act as catalysts to help industry formulate their own standards Opportunities for service, software, and hardware providers We want to promote government and industry adoption of cloud standards

110 11

Goal of NIST Cloud Standards Effort

Fungible clouds (mutual substitution of services) Data and customer application portability Common interfaces, semantics, programming models Federated security services Vendors compete on effective implementations Enable and foster value add on services Advanced technology Vendors compete on innovative capabilities

111

A Model for Standardization and Proprietary Implementation

Advanced features

Proprietary Value Add Functionality

Core features

Standardized Core Cloud Capabilities

112

Proposed Result

Cloud customers knowingly choose the correct mix for their organization of standard portable features proprietary advanced capabilities

113

A proposal: A NIST Cloud Standards Roadmap

We need to define minimal standards Enable secure cloud integration, application portability, and data portability Avoid over specification that will inhibit innovation Separately addresses different cloud models

114 11

Towards the Creation of a Roadmap (I)

Thoughts on standards: Usually more service lock-in as you move up the SPI stack (IaaS->PaaS->SaaS) IaaS is a natural transition point from traditional enterprise datacenters Base service is typically computation, storage, and networking The virtual machine is the best focal point for fungibility Security and data privacy concerns are the two critical barriers to adopting cloud computing

115

Towards the Creation of a Roadmap (II)

Result: Focus on an overall IaaS standards roadmap as a first major deliverable Research PaaS and SaaS roadmaps as we move forward Provide visibility, encourage collaboration in addressing these standards as soon as possible Identify common needs for security and data privacy standards across IaaS, PaaS, SaaS

116

A Roadmap for IaaS

Needed standards VM image distribution (e.g., DMTF OVF) VM provisioning and control (e.g., EC2 API) Inter-cloud VM exchange (e.g., ??) Persistent storage (e.g., Azure Storage, S3, EBS, GFS, Atmos) VM SLAs (e.g., ??) machine readable uptime, resource guarantees, storage redundancy Secure VM configuration (e.g., SCAP)

117

A Roadmap for PaaS and SaaS

More difficult due to proprietary nature A future focus for NIST
Standards for PaaS could specify Supported programming languages APIs for cloud services Standards for SaaS could specify SaaS-specific authentication / authorization Formats for data import and export (e.g., XML schemas) Separate standards may be needed for each application space

118

Security and Data Privacy Across IaaS, PaaS, SaaS

Many existing standards Identity and Access Management (IAM) IdM federation (SAML, WS-Federation, Liberty ID-FF) Strong authentication standards (HOTP, OCRA, TOTP) Entitlement management (XACML) Data Encryption (at-rest, in-flight), Key Management PKI, PKCS, KEYPROV (CT-KIP, DSKPP), EKMI Records and Information Management (ISO 15489) E-discovery (EDRM)

119

3. Using the Cloud

Overview

3.1

ACCESSING THE CLOUD

Overview

Web Browsers

Web Applications
Applications Google Gmail Yahoo Mail Twitter Zimbra Salesforce Dropbox Skype Issues Security Interoperability Bandwidth Latency Design

Cloud Access Architecture

Client software for emulation Networking protocol with security features Server software to intercept and interpret client requests Keyboard access Mouse access Peripheral device support Sound Printing Others

Thin Clients
What makes them thin? Network connectivity (wired and wireless) No moving parts (possibly a fan) Keyboard, monitor, and USB connections Sound card Embedded terminal services client RDP, VNC, etc. Green features: Small footprint Low heat; Low power consumption (starting at 6 Watt) Low disk space

3.2

MOBILITY IN THE CLOUD

Overview

Smartphones

Collaboration Applications for Mobile platforms

Text messaging
iPhone applications

BlackBerry applications
Android applications

Text Messaging
Universal communication path, two forms: SMS MMS Communicate: Phone to phone Computer to phone Hidden costs: Loss of productivity Loss of security Loss of safety

Basic Mobile Application Issues

Limited landscape
Security Data security on the phone Phone access protection Eavesdropping or shoulder surfing Must have application enforced encryption WAP gap Similar but not always equal Usefulness vs. fun to have

Location Independence
Dont care where it is, as long as we can get to it
Depends on Network Security Vendor or internal IT Application meeting needs Location independence promotes an environment that is Flexible Fail-save Fail-soft

Exercises Quiz
1. Example of Web application is a) Google mail b) Twitter c) Skype d) All the above 2. Platform as a service is a) Google App engine b) Salesforce CRM c) Rackspace servers d) Google mail 3. Which of these companies is not a leader in cloud computing? a) Google b) Amazon c) Blackboard d) Microsoft

Exercises Quiz
4. Which is not a major cloud computing platform? a) Google 101 b) IBM Deep blue c) Microsoft Azure d) Amazon EC2 5. Which one of these is not a key notion in cloud computing? a) Free b) Service based c) Scalable d) shared e) Virtualized resources 6. Which of these is not a major type of cloud computing usage? a) Hardware as a Service b) Platform as a Service c) Software as a Service d) Infrastructure as a Service

Exercises Quiz
7. An Internet connection is necessary for cloud computing interaction. a) True b) False 8. Mobile platforms are supporting a) Iphone applications b) Blackberry applications c) Android applications d) All the above 9. What enables Thin Clients to work? a) Network connectivity b) Keyboard c) USB connections d) All the above

Exercises Quiz
10. Location independence promotes an environment that is a) Flexible b) Fail-save c) Fail-soft d) All the above

4. Security and Identity Management

Overview

4.1

SECURITY AND THE CLOUD

Overview

Confidentiality, Integrity and Availability

Confidentiality No unauthorized access Privacy and data protection Encryption Physical security Integrity Information is accurate and authentic Availability When needed, where needed by authorized users 5 nines standard: 99.999%

Authentication, Authorization and Accountability

Authentication Authorized user? Prove identity with something you
Know (password) Have (RSA token device) Are (fingerprint or retina scan)

Authorization What can an authorized person do? Accountability Audit access and applications Review logs periodically

Virus Infections on Virtualized Environments

Virus infections on Type 1 virtualized environment Type 2 virtualized environment Client Operating System

Virus Infections on Type 1 Virtualized Environments

Viruses invade below the hypervisor layer Viruses intercept and react with hypervisor request to hardware

Application Programs
Guest Operating System

Application Programs
Guest Operating System

Application Programs
Guest Operating System

Hypervisor Virtual Operating Environment Virus Hardware

Virus Infections on Type 2 Virtualized Environments

Viruses infect host OS below the hypervisor layer Viruses intercept an react with hypervisor requests to hardware
Application Programs
Guest Operating System

Application Programs
Guest Operating System

Application Programs
Guest Operating System

Hypervisor Virtualization Layer Virus Host Operating System Hardware

Client Operating System Virus Infections

Viruses infect Guest OS
Need Antivirus software on each guest Benefits: Guests are separated from each other No impact to hypervisor No impact to host OS

4.2

IDENTITY MANAGEMENT

Overview

Cloud-based Identity Management

Federation Management Using multi-system identity information for a global, single-signon environment Based on trust relationships Often standards-based Ensure compliance Allows interoperability

Federation: Example

One federated or trusted login is sufficient for all three parties in this example: each trust the other to identify the user.

Federation: Implementation
Information card components: Subject is identity holder Digital identities are issued for subject by identity providers Relying parties accept identity Similar to a personal digital credit card Using a PKI and Digital Certificate Microsoft CardSpace More flexible than username and password Consistent user experience OpenID Emerging

Federation Levels
Permissive: no verification Verified: DNS and domain keys verified Not encrypted DNS poison Encrypted: TLS and digital certificates Certificates may be self-signed Weak identity verification Trusted: TLS and digital certificates from root CA Encrypted Strong authentication

Presence in the Cloud

Individual presence: Foundation for Information Management Are you here? Are you logged in? Are you busy? Hardware services Hardware type Hardware feature Location: GPS Pub-Sub: Publish and Subscribe Facebook has friends and fans IM has buddies

Leveraging Presence
Subscribe from anywhere
Publish from anywhere

Wide range of options

Many development possibilities

Presence Protocols
IMPS Cell phones SIP Subscribe Notify SIMPLE Messaging XMPP XML based

Presence Enabled
Instant Messaging (IM)
Soft Phone

Hard Phone
Web page logins

The Future of Presence

Continual development
Location Centric Cloud Services Access based on where you are Service depending on where you are Using standards for full integration

The interrelation of Identity, Presence and Location

Digital Identity Traits Attributes Preferences

Digital identity, presence and location determine available services and capabilities

Identity Management Solutions

Claim-based solutions
Identity-as-a-Service (IDaaS)

Compliance-as-a-Service (CaaS)

Claim-based Solutions
Method to introduce a claim to a resource Recall previous information on a claim Extended to include multiple point of truth

Active Directory controller for a domain is single point of truth for a domain Federated identity is multiple points of truth
Hotel Airline Rental Car

Identity-as-a-Service
Provider based identity services
SSO for web

Strong authentication
Across boundary federation Audit and compliance

Compliance-as-a-Service
Regulatory compliance
Difficult to establish audit compliance in third-party contracts

New service possibilities: Multi-regulation compliance verification Continuous audit Threat intelligence

Privacy
Confidentiality of personal information is paramount
Must comply with laws and regulations HIPAA GLBA EU, Canadian, Australian, privacy statutes/acts Clouds are international in nature, making privacy issues difficult

Personal Identifiable Information (PII)

Forms of identification Contact information Financial information Health care information Online activity Occupational information Demographic information

Privacy Related Issues

Notice: The user is given a privacy notice Choice: The user can choose which information to enter Consent: The use accept terms and conditions The user should be informed about: Use: What is the intended use of information? Access: Who will have access? Retention: How long is the information stored? Disposal: When and how will the information be disposed? Security: How is security provided?

International Privacy
European Union EU Data Protection Directive (1998) EU Internet Privacy Law (DIRECTIVE 2002/58/EC, 2002) Laws an privacy standards of the member states
Japan Personal Information Protection Law Law for Protection of Computer Processed Data Held by Administrative Organs (1988) Canada Privacy Act (1983) PIPEDA (Bill C-6)

Safeguards
Effective Access Control and Audit Single Sign On (SSO) Strong authentication Audit log
Secure Storage Encryption Integrity Secure Network Infrastructure Encryption protocols Integrity protocols

Exercises Quiz
1. Which of these should a company consider before implementing cloud computing technology? a) Employee satisfaction b) Potential cost reduction c) Information sensitivity d) All of the above 2. What is the most important drawback of cloud computing? a) Compliance b) Regulation c) Security d) Availability 3. The CIA triangle is made up of a) Correctness, Integrity and Availability b) Confidentiality, Integrity and Availability c) Confidentiality, Infrastructure and Availability d) Confidentiality, Integrity and Authentication

Exercises Quiz
4. The CIA triangle is implemented using a) Encryption b) Access control lists c) Auditing d) All the above 5. Which of the following is true about viruses a) Viruses invade below the hypervisor layer b) Viruses intercept and react with hypervisor request to hardware c) Viruses infect Guest OS d) All the above 6. Federation is implemented using a) PKI and Digital certificate b) Biometric login c) Username and password d) None of the above

Exercises Quiz
7. Which of the following is not a federation level? a) Verified b) Signed c) Encrypted d) Trusted 8. Which of the following is not an Identity Management Solutions a) Claim-based solutions b) Presence as a Service c) Identity-as-a-Service (IDaaS) d) Compliance-as-a-Service (CaaS) 9. Which of the following standards is not used for handling security and compliance a) FISMA b) HIPAA c) X.800 standard d) SAS 70 Audits

Exercises Quiz
10. Cloud computing has the following advantage over in-house computing a) Requires little or no capital investment b) No need to deploy backup and disaster recovery c) Does not require IT staff to attend to servers, applications etc. d) All the above

5. Implementing and Managing Cloud Computing

Overview

5.1

BUILDING LOCAL CLOUD NETWORKS

Overview

Local Database Center-based Cloud

Standards based Independent components Message based Location independence Seamless replication across sites Seamless disaster recovery across sites

Independent Components

Message Base
Assures consistency and portability between components Uses messaging protocols Object Oriented: SOAP, JSON, REST Support Websites: HTTP and HTML E-mail: SMTP, POP3, IMAP Requires middleware for message protocol conversion

Communications Capacity
Requires plenty of bandwidth Difficult to measure without detailed analysis
Measuring network utilization: Transaction-based Process-based Application-based

Private Intranet and Private Cloud

Under control of the own organization Your own infrastructure Engineered to your needs
Cost factors Hardware Circuits Global reach Engineering On going support Outages

Internal Security

Routing to the Data Center

Sufficient routing hardware Sufficient circuits High bandwidth Low latency Advanced routing processes such as MPLS Quality of Service Data vs. Voice

Moving Data within the Local Data Center

High-speed internal circuits VLAN for traffic isolation and security Campus area networks Wide area Ethernet Wireless Internal security

Storage Capacity
Exactly how much do you need? How much can you afford? What features do you need? Speed vs. capacity Green is great Lower cost options
SAS SATA Virtual (networked) disk

Network Attached Storage

Disk storage used to store file-based records such as: Documents Pictures Scanned images Server software simplified Disk access and security Multiple access methods: CIFS (Windows) NFS (Unix)

Multi-site
Multiple sites assists with disaster recovery and avoidance Multiple access routes Streamline user pathways

Monitoring
Monitoring disk usage and performance Build baseline and trend analysis Expand as needed Consider physical plant requirements Electrical
UPS Generator

HVAC Floor space

Server Software Environments That Support Cloud Computing

Server capacity Virtualization Clustering and High Availability (HA) Expansion Server functions

Server Capacity
Services being provided Applications Processes Speed and features Processors: SMP vs. Cores Memory Local disk and Network disk Vendor support

Cloud Applications

Open Source Software in Data Centers

Cost reduction vs. reliability Not necessarily for free Free based support Hidden costs Server software Apache Jetty Zend Databases MySQL postgresSQL

Establishing a Baseline for Cloud Performance

Connection speed Datastore (delete and read times) Deployment latency Lag time

Connection Speed
If the network is fast, the cloud succeeds
Bandwidth: Measure of network throughput bps/Bps: bits/Bytes per second Rating: network capacity or throughput? 54Mbps wireless is really 22 Mbps Latency: Delay Firewalls, routers, servers Congestion factors

Public Internet
Using the public internet can be risky: Target of DDOS Recent attacks show vulnerabilities No way to regulate bandwidth consumption Now way to regulate bandwidth availability Criticality vs. cost External security

Data Protection and Partitioning

Brewer Nash Security Model Information barriers Eliminating conflict of interest

Fibre Channel Security Zoning LUN Masking

Protection across operating systems and virtual servers

5.2

SUPPORTING THE USE OF CLOUD COMPUTING

Overview

Virtual Private Network

Remote access gives participant full network use Tunnel mode Transparent connection, clients not aware of tunnel All traffic encrypted Transport mode Requires use of VPN client software IP addresses not encrypted Security risks in both modes

Content Management Systems

Collaboration tool Allows large number of people to share stored data Controls access to data, based on user roles Aids in easy storage and retrieval of data Reduces repetitive duplicate input Improves the ease of report writing Improves communication between users

Scripting Languages

Content Formatting Languages

HTML

XML

JSON

Backup and Recovery

Backup Short term and archival storage Compliance May use replication locations Recovery Frequent planned exercises Master the process!

Disaster Recovery Solutions

Methods Multi-site locations Long distance clustering Specialized software and dedicated pipes Coverage Solutions Failover Fail-safe Fail-soft

5.3

STANDARDS IN CLOUD COMPUTING

Overview

Standards and Best Practices

Information Management COBIT, ISO/IEC 38500 BiSL Service Management ITIL ISO/IEC 20000 Security Management ISO/IEC 27001 Application Management ASL Technical Standards IEEE, OSI, ISO/IEC

The Case for Standards

Common ground

General accepted practices

Standards
provide

Multiple providers and multiple applications

Portability

Using Industry and International Standards

Standards assist in Portability Uniformity Standards organizations are not standard IEEE and others for physical networks ISO and IETF for logical networking Consortia and others for applications and middleware ISO and others for management and security Commonality of standards regardless of source

Open Cloud Consortium

Supports the development of standards and interoperability frameworks Develops cloud computing benchmarks Supports open source reference implementations Manages cloud computing test beds Manages infrastructure to support scientific research

Web-based Enterprise Management

WBEM is a set technologies Unifying management of computing environments
Core set of standards CIM, CIM-XML, CIM Query Language SLP and URI mapping Extensible Facilitating the development of reusable and platform-neutral tools and applications

Web Services Management

WS-MAN specification promotes interoperability between applications and resources Features: Discover managed devices Get and put information from and to managed devices Create and delete dynamic settings and values Enumerate contents Subscribe to generated log records Execute management processes

Distributed Management Taskforce

Facilitates a collaborative effort within the IT industry to develop, validate and promote standards for systems management 4000 active participants from 43 countries 160 member companies and organizations

Storage Management Initiative Specification ( SMI-S)

Solves the problem of managing standardized Storage Area Networks (SANs)
Allows a Web-based enterprise management system to bridge the gap among the various vendors and provide a consistent management capability regardless of hardware source

System Management Architecture for System Hardware

An application suite that consolidates several aspects of data center management CLP provides standardized server management in the data center Provides standard-based Web server management, regardless of Machine state Operating system state Server system topology Access method

Standards for Application Developers

Protocols

Scripting languages

Content formatting standards and languages

Standards for Security in the Cloud

Privacy regulations HIPAA GLBA International Privacy Security protocols
International laws:

www.informationshield.com/intprivacylaws.html US Federal and state privacy laws and regulations: www.informationshield.com/usprivacylaws.html

Health Assurance Portability and Accountability

HIPAA Privacy Rule Allows disclosure of personal health information when required Protects personal health information Gives patients rights Security Rule Allows implementation of the privacy Rule Specifies safeguards to assure CIA of patient information Provides administrative, technical and physical security controls

Financial Services Modernization Act

GLBA, also known as the Financial Services Modernization Act of 1999 Financial Privacy Rule Governs information collection and disclosure Applies to financial and non-financial entities Safeguard Rule Receivers of financial information must protect it Design, implement and maintain standards Pre-texting protection Protects against deceptive information gathering practices

Payment Card Industry

Goal of managing the confidential payment card information Debit Credit Prepaid E-purse ATM and POS Associated businesses Issue: How to secure PCI-based information?

Security Protocols
SSH SSL and TLS

IPSec

VPN

OpenID Kerberos PCI

Internet Protocol Security

Data encryption in two modes Tunnel Transport ESP performs Authentication Encryption

OpenID
Single credential system The goal Simplify multiple website logins Adopters Yahoo Google AOL OpenID Federation

6. Evaluation of Cloud Computing

Overview

6.1

THE BUSINESS CASE

Overview

Should Your Company Invest in Cloud Computing?

Does it do what we want or need?
Provide services we need Appropriate applications available

Can we adjust?

Can we accept?

Is the move justified?

Economic value Operational value

Decision makers vs. users

Business Benefits of Cloud Computing

Operational Efficiency in: servers, workers, power, disaster recovery, training Flexibility Economic Save money Reduce overhead Become green Staffing Reduce or redeploy staff

Operational Benefits
Incremental investment Storage availability Automation Flexibility Increased mobility

More Operational Benefits

Optimum use of staff Centralization and management of systems and desktops Archiving of systems simplified Disaster recovery simplified and manageable across sides

Deliver What You Want Quicker

Can the cloud provide your users the resource being utilized in the cloud faster than if the resource was hosted locally at your company? What do we give up?
What do we gain?

Is your organization willing to compromise?

Economical Benefits
Hardware: Buying less or less complex equipment Budget: Pay as you go Improved budget control Buy what you need when you need it Time-to-market Quicker deployment using standardized products

More Economical Benefits

Little or no software installation or maintenance Shorter deployment time Worldwide availability SLA adherence Upgrades Make life easier on your IT staff More money

Meeting Short-term Needs

Are you going to the cloud permanent or for a short term goal?
Example
Need to develop major software package Need to access to additional development hardware Budget restrictions exclude buying hardware Cloud PaaS solution is ideal: Acquire Use Loose

Staffing Benefits
Optimum use of staff People fewer or better deployed Accomplishment Less stress in operational environment Make life easier on your IT staff

Cloud Implementations impact

Power savings Floor space savings Network infrastructure Maintenance reductions Software licensing Time to value Trial period Service Wiser investment Security Quick delivery Reduced capital expense Meeting shot-term needs

Power Savings
Reduce overall power requirements Limited servers and data platforms Simpler desktop platforms HVAC reduction Server farm Storage farm Workspace cooling and heating Simpler UPS and Generator needs Offset by cloud provider cost increase Virtualization and shared storage

Floor Space Savings

Smaller overall footprint in the enterprise Displace to Cloud provider Reduced lease and rental costs Less maintenance Less cleaning costs

Maintenance Reductions
Reduction of maintenance costs: Hardware Software Facility

New maintenance costs Uploaded and downloaded data Update software if PaaS environment

Software Licensing
Depending on implementation, a reduction in the number of licenses required
Requires analysis of demand for software Per seat vs. per user

6.2

EVALUATING IMPLEMENTATIONS

Overview

Wiser Investment
Is the cloud investment smarter than in-house?
Cost factors Performance factors Management factors Satisfaction factors Can the cloud be defended? Who are the stakeholders?

Network Infrastructure Changes

Need high bandwidth Internet connections
Internal infrastructure may be simplified

Less complexity in switching and routing network

Reduced Capital Expense

Reduce inventory
Reduce taxes (some jurisdictions)

Cost of money over time

Recurring costs handled differently than capital expenditures for tax and budgeting purposes

Vendor Access and Support

Does the provider support my needs? Is the vendor easy to work with? What is the vendors remote monitoring and management strategy? Can the vendor provide references? Is it easy to access and update the data? Can you use the vendors dataflow processes?

Time to Value
How long does it take to get value from the cloud implementation?
OR How soon can I start using it to make money? If you need ten new servers online tomorrow, consider: What does it take to do it in-house What does it take to provision them in the cloud?

Trial Period
Make sure you get a try it, then buy it clause
Do not commit until you are sure it works the way you want

Especially true if you are using a new software package or new service you have not seen before!

Service: what you get for the money

What services are provided? Installation Conversion Are the SLA terms reasonable? What are the penalties?
What type of support is provided? Do you have alternative or backup plan?

Do you fully understand the offering and the expected outcome?

Security
All in-house security requirements must be present in the cloud Regulatory and statutory requirements
Industry accepted practices Privacy Eliminate data leakage Understand the internal server structures One tier Two tier Three tier

Evaluating Cloud Implementations Summary

Power savings Floor space savings Network infrastructure Maintenance Software licensing Time to value Trial period

Service Wiser investment Security Delivers what you want quicker Reduced capital expense Meeting short-term needs

Cloud Computing examples for migration

253

Google Cloud User: City of Washington D.C.

Vivek Kundra, CTO for the District (now OMB e-gov administrator) Migrating 38,000 employees to Google Apps Replace office software Gmail Google Docs (word processing and spreadsheets) Google video for business Google sites (intranet sites and wikis)

254

Case Study: Facebooks Use of Open Source and Commodity Hardware (8/08)
Jonathan Heiliger, Facebook's vice president of technical operations 80 million users + 250,000 new users per day 50,000 transactions per second, 10,000+ servers Built on open source software Web and App tier: Apache, PHP, AJAX Middleware tier: Memcached (Open source caching) Data tier: MySQL (Open source DB)

255

Case Study: Salesforce.com in Government

5,000+ Public Sector and Nonprofit Customers use Salesforce Cloud Computing Solutions President Obamas Citizens Briefing Book Based on Salesforce.com Ideas application Concept to Live in Three Weeks 134,077 Registered Users 1.4 M Votes 52,015 Ideas Peak traffic of 149 hits per second US Census Bureau Uses Salesforce.com Cloud Application Project implemented in under 12 weeks 2,500+ partnership agents use Salesforce.com for 2010 decennial census Allows projects to scale from 200 to 2,000 users overnight to meet peak periods with no capital expenditure 256

Case Study: Salesforce.com in Government

New Jersey Transit Wins InfoWorld 100 Award for its Cloud Computing Project Use Salesforce.com to run their call center, incident management, complaint tracking, and service portal 600% More Inquiries Handled 0 New Agents Required 36% Improved Response Time U.S. Army uses Salesforce CRM for Cloud-based Recruiting U.S. Army needed a new tool to track potential recruits who visited its Army Experience Center. Use Salesforce.com to track all core recruitment functions and allows the Army to save time and resources.
257