Cloud & Securityand opensource

Bae KwonHan <darjeeling@gmail.com>

Q : What is Cloud?

• Data Sync Service on the cloud

• Commercial Cloud Service

• Cloud Service Implementation with open source or closed source

• Any Cloud Service use instead of legacy infrastructure

• http://en.wikipedia.org/wiki/Cloud_computing

• Infrastructure as a Service

• Platform as a Service

• Service as a Service

• Backend as a Service

• Blah as a Service

COST

SURPLUS

Automation

IaaS

• Packaging VM with network

• Multitenancy

• Volume Service

• Object Store Service

• AAA

• Network Security Manager ( ACL )

• API / CLI / GUI

Security on IaaS

• network Isolation!!

• VM access

• VM host

• ACL

• IaaS Manager

IaaS safe?

• VM data?

• VM memory access?

• volume data?

• DDOS?

• think about a service

• multi service distribution

AWS security support

• VPC ( Virtual Private Cloud )

• S3 Encryption

• AWS Identity and Access Management

• AWS Security Group

CommercialIaaS Implementation• Amazon AWS EC2

• MS Azure Virtual Machines

• Google CE

• HP Cloud

• Joyent

• Rackspace Cloud

• cafe24?

• KT uCloud Biz

• SKT tCloud Biz

• Hostway?

• VMWARE Product

OpenSourceIaaS Implementation

• Openstack

• Cloudstack

• Eucalyptus

• others

http://ken.pepple.info/openstack/2012/09/25/

openstack-folsom-architecture/

PaaS

• Packaging Process with database on IaaS

• runtime, middleware, os

• Multitenancy

• AAA

• ACL on Process

• API / CLI / GUI

Security on PaaS

• API

• Process Isolation

• Database Isolation

• PaaS Manager

CommercialPlatform as a Service• Heroku

• Google App Engine

• Engine Yard

• Openshift

• Windows Azure

• vmware CloudFoundry

• appfog

• appcera

OpensourcePlatform as a Service

• VMWARE CloudFoundry

• Redhat OpenShift

Security on PaaS

• DDOS

• Manager Problem

• Application Problem

SaaS

• Packaging Service on Infrastructure

Security on SaaS

• API

• SaaS Manager

• connection hook

SaaS Implementation

• Google Apps

• iCloud

• SalesForce

• others?

PlusBaremetal as a Serviceor Metal as a Service

• automate installing os

• use out of band management

• IPMI

• dell Drac

• KVM over IP

• HP ILO

• IBM Remote Supervisor Adapter

MAAS Implementation

• opensource

• ubuntu juju

• every hardware vender sells MAAS

Chain of aaS

• MaaS

• IaaS

• PaaS

• SaaS

Cloud Service User

• Cost

• you should know what/how you are doing

• you should know what/how they are doing

• focus on application programming

• focus on management console

• focus on AAA

OpenSource

why open source?

everything is open source

open source• openstack

• openvswich

• cloudfoundry

• openshift

• opensource VM implementation

• KVM ( Kernel-based Virtual Machine )

• XEN

• LXC

• OpenVZ

• QEMU

• VirtualBOX

OpenStack• Infrastructure as a Service

• started by rackspace cloud and NASA since 2010

• Compute ( nova )

• Object Storage ( Swift )

• Image Service ( Glance )

• Identity Service ( Keystone )

• Dashboard ( Horizon )

• Networking ( Quantum )

• Block Storage ( Cinder )

• Metering ( Ceilometer - Beta )

• Basic Cloud Ochestration ( Heat - Beta - PaaS )

openvswitch

• http://openvswitch.org/

• security : vlan isolation, traffic filtering

• QoS : traffic queuing, traffic shaping

• monitoring : NetFlow, sFlow, SPAN, RSPAN

• automated control

DevOps?

what we should know?

• What is cloud

• Every component of cloud service

• Every boundary of cloud component

• how application works

Q & A