Cloud Computing 101

Syed Azeem
February 28, 2013

Welcome!
The purpose of this learning session is to raise awareness about Cloud Computing Information gained from this session will be valuable in understanding business technology trends that re already affecting and will continue to affect all of us It is important to know about this topic because the Federal government, including DHS, is making a big push towards Cloud Computing initiatives Well try to keep this as interactive as possible, so please stop me when you have a question, or have something interesting to share
2

Agenda

Cloud Computing
What is it, and why should I care?

Value & Benefits Implications for DHS and the Federal government
3

Agenda (continued)

More Cloud Computing

Definitions, Models, Examples What does it mean to be in the cloud
Video & Demonstration
4

A little bit of perspective and history

BACKGROUND

Source: The Singularity is Near (Ray Kurzweil)

Source: Hewlett Packard Federal Practice (Rick Fleming)

Perceptions, views, opinions and myths

LETS GET STARTED

10

Most Americans Confused By Cloud Computing According to National Survey

11

12

13

14

15

16

Survey Highlights
95% of those who think theyre not using the cloud, actually are 22% pretended to know how the cloud works 40% believe accessing work information at home in their birthday suit would be an advantage After being provided with the definition of the cloud, 68% recognized its economic benefits
17

Overcoming confusion, gaining empowerment and professional development

This knowledge will set you apart from most
Youll know what the cloud is, how it works and what benefits it may provide your organization At the next job interview, social gathering, professional event or get together with friends, you wont have to fake it

Confusion because it an abstract concept and is not very intuitively understood, but can be easily grasped through gaining knowledge!
18

Cloud isnt really the best term, so dont take it literally We are describing something abstract
19

Ancient story about blind men and an elephant

20

Ancient story about blind men and an elephant

21

What is it all about?

CLOUD COMPUTING

What is Cloud Computing?

A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.

23

Source: The NIST Definition of Cloud Computing

Cloud Computing defined in English

The traditional and legacy IT model of separate IT infrastructures for each system, both within Federal government and industry, must evolve
To meet the growing customer demands within a budget-constrained environment

A new service-based pattern of distributing computing power, not a new technology in itself
It is supported by various technologies such as virtualization, serviceoriented architecture (SOA) and the Internet.

End user has much more control than he/she used to over a powerful, remote server owned by somebody else
That control can extend up to the point where he/she achieves programmatic control over the server, if desired

The heart of cloud computing is gaining that control while engaging in one of the lowest-cost forms of computing
24

Source: DHS CIO; InformationWeek

Why is traditional IT on its way out?

Not well positioned to reduce time to market for new services or provide transparency for operational expenses Introduces higher risk due to up-front capital expenditures Customized applications hosted in traditional data center environments cannot scale fast enough to support urgent demand in real-time Potential security vulnerabilities are harder and costlier to fix
25

Source: DHS CIO, Richard Spires (Congressional Testimony; October 2011)

Video: Federal CIO Council (cio.gov)

26

Source: http://cio.gov/cloud-computing-explained/

Sample uses of Cloud Computing

Websites and web services DHS.gov, TSA.gov, FEMA.gov, Ready.gov Amazon.com, Google.com Mobile services Google Mobile App engine Business & Productivity Applications Microsoft Office 365, Google Apps Quicken Online, SalesForce.com
Database & Storage Google Cloud storage, Google Cloud SQL (mySQL) Amazon Simple Storage Service (Amazon S3) Microsoft SQL Database/Reporting (Windows Azure) Scientific Uses Medical research (NIH) Space Missions (NASA Jet Propulsion Lab)

Traditional IT architecture

28

Traditional IT

SharePoint Server

Exchange Server (Email)

Project Server

Oracle Financials

29

Human Capital System

Contracts Management System

Exchange Email Service

SharePoint Service

Project Service

Oracle Financials Service Contracts Management Service

Human Capital Service

30

31

Source: Wikipedia

Total Cost Of Ownership (TCO)

Gartner: total cost of ownership (TCO) is a comprehensive assessment of IT (or other) costs across enterprise boundaries over time For IT, it includes
hardware and software acquisition management and support Communications end-user expenses opportunity cost of downtime, training and other productivity losses.

32

Considering TCO for IT

33

Another View: Cost Elements for IT

34

Benefit: Reduced Costs

Ability to scale up and down Maximum Utilization
Server loads approaching 100%

Pay for only what you use

35

36

37

Cloud computing suitability based on usage patterns

Patterns Benefiting Most from Cloud Deployment

38

Source: ELEKS R&D

Cloud computing suitability based on usage patterns

Will Not Benefit from Utilization Efficiencies of Cloud, but Potential to Still Enjoy other Cloud Benefits

39

Source: ELEKS R&D

Benefit: Agility
With traditional IT model, time to market is usually years, if not many months Cloud computing provides agility by:
Enabling significantly faster product launch cycles Allows agencies to adapt and react to changes with unprecedented speed Agencies can focus on their core mission with IT as an enabler and force multiplier
40

Benefit: Innovation
Cloud computing is spurring innovation within the private sector and Federal government DHS is a key player in Federal cloud computing initiatives If not for the cloud, many solutions would not be possible today due to the resources required (time, money and people) were usually owned by large governments or corporations The game has changed; Its a different paradigm; total shift in how IT serves business operations
41

Benefit: Sustainability & Green Government

White House

EPA

GSA
42

Why is the cloud more energy efficient?

43

Source: sustainablevirtualdesign.wordpress.com

Knowledge Check #1
Cloud Computing = think of a SERVICE
Its not a product Its not a system in the traditional sense
We are not buying hardware or software licenses

Its not a network, its not pipes, or real clouds, or furry animals! If you are unsure whether something is or is not based in the cloud, just see if it possesses the characteristics
44

Behind the scenes

HOW CLOUD COMPUTING WORKS

Cloud model is composed of

5 essential characteristics 3 service delivery models 4 deployment models

46

Source: The NIST Definition of Cloud Computing

5 Cloud computing characteristics

1. 2. 3. 4. 5. On-demand self-service Broad network access Resource pooling Rapid elasticity Measured service

47

Source: The NIST Definition of Cloud Computing

Cloud computing is defined by 5 characteristics

48

Sources: NIST; Forrester; A.T. Kearny analysis

49

Source: business2community.com

3 Cloud service delivery models

Infrastructure as a Service (IaaS)
System administrator
Provisions processing, storage, networks, and other fundamental computing resources Able to deploy and run arbitrary software, which can include operating systems and applications

Platform as a Service (PaaS)

Software developer:
Deploys custom or acquired applications Has control over the deployed applications and possibly configuration settings for the applicationhosting environment Does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage

Software as a Service (SaaS)

End-user:
Accesses and works on applications Able to configure application-specific settings Does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage

50

Source: The NIST Definition of Cloud Computing

3 Cloud service delivery models (by roles)

51

Level of control and responsibility by cloud service delivery models

52

Risk-based view of Control/Responsibility in Cloud service delivery models

53

Source: Enterprise Risk Management for Cloud Computing (COSO/Crowe Horwath LLP)

Knowledge Check #2: Identify cloud service delivery model

Service Example Web applications such as: MyTSA, Gmail, Hotmail, Facebook, Google Maps, Bing, Yahoo! A Pentium Xeon processor, with 16 gigabyte RAM, 2 terabyte hard disk, connected to a fiber-optic network connection. A custom DHS online application and its data stored in a database. Full control of all IT resources including, servers, storage, networking, operating system, data and applications.
54

Cloud Delivery Model SaaS

IaaS

PaaS

Traditional IT

Commercial PaaS offerings

There are quite a few cloud service platforms available, but some of the most notable ones are
Windows Azure Cloud Services Amazon Elastic Compute Cloud (Amazon EC2) Google Cloud Platform

Purchasing cloud services from these platforms, is like online shopping Pick the right mix of options for your needs, and start using immediately
No more spending weeks or months, for hardware to arrive, then spending time and effort installing software and configuring everything
55

4 Cloud deployment models

Private Cloud
Operated solely for an organization May be managed by the organization or a 3rd party (cloud service provider) and may exist on premise or off premise

Community Cloud
Same as private cloud, except; Shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). may be managed by the organizations or a third party cloud service provider May exist on premise or off premise
56

Source: NIST; DHS CIO

4 Cloud deployment models (continued)

Public Cloud
Made available to the general public (or a large industry group) Owned by a cloud service provider (usually commercial)

Hybrid Cloud
Composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for loadbalancing between clouds)
57

Source: NIST; DHS CIO

Challenge/Risk: Security
Myth: Cloud computing is not secure!
Security is probably the most discussed topic about the cloud, especially for enterprise IT Organizations want to leverage cloud benefits, but worried about their data which sometimes is their biggest asset Security risks in the cloud are pretty much the same as in your own datacenter Serious efforts to secure systems is necessary regardless of the fact if its in the cloud or on premises Cloud providers continuously improve their security which probably means that your data center actually might be less secured Obviously, private cloud should be used for information requiring increased protection and public information is best suited for public cloud

58

Source: ELEKS R&D

Cloud Security: Federal Government

FedRAMP Program
Provides a common security risk model that supplies a consistent baseline for cloudbased services, including security accreditation (C&A) designed to vet providers and services for reuse across government Applies to both private and public cloud offerings Agencies can award contracts to already vetted providers Latest update: First few ATOs to providers authorized; more to follow
59

Availability and Reliability

Myth: Cloud servers can be often down!
Reliability can be an issue without redundancy Easily solved by purchasing optional geographical redundancy Amazon recommends to use it in case you want to deliver reliable service.
Easy to build reliable application hosted in the cloud Not a vendor problem if people don't do it SLA is still 99.95% or close

Same issue with traditional data center, if it goes down, its unavailable.
Imagine some failure happening in your data-center With cloud you have a mirror setup Hard to do have the same within your own data-center (unless you build two of them)
60

Source: ELEKS R&D

Performance
Myth: Cloud computing is slower than traditional servers
Cloud providers use hardware virtualization which means that for most operations they have the same performance as bare metal appliances
Caveat: I/O latency is higher, but it matters only for high performance computing apps, not for most regular business software Caveat: Some legacy apps could be slower after migration to the cloud
Relatively easy to get good enough performance in the cloud if you think about it from the very beginning; its a matter of system architecture
61

Virtualization is a key enabler of cloud computing

62

More details on Virtualization

Masking of server resources, including the number and identity of individual physical servers, processors, and operating systems, from server users Server administrator uses a software application to divide one physical server into multiple isolated virtual environments
Commonly known as virtual machines or virtual private servers Sometimes also called as guests, instances, containers or emulations

Virtualization is one of the few enabling technologies for cloud computing, not cloud computing itself!
Cloud computing is a model encompassing the 5 characteristics

63

What are Virtual Machines?

An abstract computer within a physical computer The point is to have multiple virtual machines within a physical server to gain efficiencies and other benefits
64

65

Source: Gartner

66

Source: Novell; IDC; Gartner

Closer to home

CLOUD COMPUTING WITHIN DHS

DHS Private Cloud

DHS has an aggressive commitment towards adapting and embracing cloud computing DHS is pursuing 9 current and planned private cloud services Private cloud for sensitive but unclassified information Public cloud for non-sensitive information

68

DHS Private Cloud (continued)

"Given DHS's mission, we believe a robust private cloud solution will always be needed for DHS's most sensitive applications and data
- DHS CIO, Richard Spires October, 2011
69

DHS Cloud Services Categorization

70

DHS Private Cloud

Email as a Service (EaaS):
Provides a single, enterprise-wide email and calendar infrastructure that is efficient, secure, and less expensive than maintaining, staffing, and managing multiple environments Provides a unified, dependable service that is governed by the Departments high security standards, including vulnerability analysis, routine vulnerability scanning, patching, and audit support Users are authenticated against either their Component-specific Active Directory (AD) domain or their Enterprise Authentication Service (AppAuth) unit for secure, single sign-on access (SSO) Components can apply appropriate identity and password policies in their AD. EaaS is a redundant service and removes risk of single points of failure
71

Latest update: More than 100,000 users in production

DHS Private Cloud (continued)

SharePoint as a Service (SHPTaaS):
Provides a secure Microsoft SharePoint Server hosted environment, including tools and services to help DHS users manage information, effectively collaborate, and enhance personal productivity Users are able to easily create and manage collaboration, intranet publishing, and basic and custom team and project focused site collections Provides the Departments daily operational needs and supports surge capabilities during national emergencies Latest update: 33,000 users on service; HQ, USCIS, CBP completing contract
72

DHS Private Cloud (continued)

Development and Test as a Service (DTaaS):
Provides a secure development, test, and pre-production environment that mirrors the production environment, while reducing reserve capacity by sharing infrastructure assets Not only provides a simple path to transition from project development to implementation, but also accelerates delivery Offers state-of-the-art processes and applications that optimize hardware and software usage Shortens time to market, delivers cost savings, and is offered under both private and public cloud deployment models Latest update: HQs, TSA, USCIS in operation; rolling to more components

73

DHS Private Cloud (continued)

Production as a Service (PRDaaS)*:
Provides customers with uniform, cost-effective operating systems with a security authorization process Pre-provisioned infrastructure maximizes the effectiveness of best-of-breed software and hardware Provides rapid provisioning of a secure virtual operating environment that furnishes robust hosting services for applications and services, including operating systems, network, and storage consistent with new industry standards and Department-approved technology Servers are provisioned in less than a week. This service is offered under both private and public cloud deployment models Latest update: pilots in progress for HQ applications; seed money in place for most components
* Basically IaaS with a different name
74

DHS Private Cloud (continued)

WorkPlace as a Service (WPaaS):
Provides users with secure virtual access to desktop operating systems and applications anywhere in the world Virtual computing replaces traditional desktops and laptops to provide secure access to the DHS information and applications on almost any computer, anywhere including mobile devices Latest update: Current pilots with HQ, FLETC and USCIS
75

DHS Private Cloud (continued)

Project Server as a Service (PSaaS):
An online project management software that offers a single-stop website to consolidate projects and gives Components visibility into all requirements Provides integration with Microsoft SharePoint 2010 and resource maximization capabilities Latest update: HQ, USCIS, CBP, USCG are in live production
76

DHS Private Cloud (continued)

Authentication as a Service (AuthaaS):
Application Developers and Application Owners can enable SSO functionality for customers through the use of Authentication as a Service (AUTHaaS) Delivers 2-factor authentication and SSO capabilities to the end user community at no charge Latest update: Implementing ADFS 2.0 for internal and external requirements; implementing Kerberos, a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography; more than 100 applications; ISAs for HQs and ICE in coordination; ESSA in works
77

DHS Private Cloud (continued)

Case and Relationship Management as a Service (CRMaaS):
Allows users to manage customer relationships on many levels Information regarding interactions with customers is available throughout the organization, and enables users to make informed decisions and facilitates customer follow-up Data concerning interactions with customers is centralized and the information needed for customer service made readily available Users can make real-time updates Latest updates: 5 customers are in live production
78

DHS Private Cloud (continued)

Business Intelligence as a Service (BIaaS):
Initial capability was piloted from March 2011 through FY12 DHS will leverage this offering to enhance transparency into departmental programming and expenditures By the end of FY12, we expect the department will have visibility to information sources across the investment lifecycle, including IT, financial, human resources, asset management, and other information sources Based on the successful pilot and maturing offerings in service, the department will look to move to a full Business Intelligence as a Service offering in FY13 Latest update: Managed Service available across CXOs; ICE, CHCO looking to leverage service; in production supporting USM, most components
79

DHS Public Cloud

Enterprise Content Delivery as a Service (ECDaaS):
Ensure its public-facing websites are always available (even during surges and emergencies) Used extensively by the private sector, DHS adopted ECDaaS to protect against denial of service attacks, help manage surge requirements, and significantly reduce hosting costs Proved invaluable during the July 4, 2009, denial of service attack on multiple federal Web sites Latest update: Operational and rolling to more components; new contract awarded for service and 70% of DHS public facing websites using service
80

DHS Public Cloud (Continued)

Web Content Management as a Service (WCMaaS)*:
Leverage open source software hosted in the public cloud and consolidate all public facing DHS Web sites Based on the Drupal Content Management System, an industry leading open source technology, this solution provides new and innovative capabilities, delivering improved citizen-centric capabilities while ensuring the adoption of solid Content Management System (CMS) services that support timely Web maintenance as well as increased capabilities for accurate content updates Provides an integrated platform, multiple environments (staging and production), and a solution stack for content management and hosting for public-facing websites Latest update: DHS.gov, TSA.gov, FEMA.gov, Ready.gov operational; six other sites committed to migrate.
81

* Also known as Web Content Management as a Service

Federal Cloud Computing Strategy

Further Reading:
Link
Also check out: 25 Point Implementation Plan To Reform Federal Information Technology Management
Link
82

DHS Cloud Strategic Plan 2012-2016

Further Reading:
Link
Also check out DHS IT Services Catalog site
Link

83

Thank you!
syed.azeem@tsa.dhs.gov 703-635-3558