Introduction au Cloud computing

Cloud ComputingCloud ComputingTransversale du 22/3/2013Transversale du 22/3/2013

Cloud ComputingCloud ComputingTransversale du 22/3/2013Transversale du 22/3/2013

Jean-Noël Colin

[email protected] Folon

[email protected]

mailto:[email protected]

mailto:[email protected]

Definition “A style of computing where scalable and elastic IT-related capabilities are provided “as-a-service” using internet technologies to multiple external customers.” (Gartner)

“Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” (National Institute of Standards and Technology)

3© 2009 IDC

Cloud Services Definition - updatedCloud Services Definition - updated

Consumer and Business products, services and solutions delivered and consumed in real-time over the Internet

Cloud Services

Public - open to a largely unrestricted universe of potential users; designed for a market, not a single enterprise

Private - designed for, and access restricted to, a single enterprise (or extended enterprise); an internal shared resource, not a commercial offering; IT Org is the “vendor” of the shared/std service to its users

DeploymentModels

[Note: large gray zones between these

two broad categories]

Shared, standard service – built for a market (public), not a single customer Solution-packaged – a “turnkey” offering, integrates required resources Self-service – admin, provisioning; may require some “on-boarding” support Elastic scaling – dynamic and fine-grained Use-based pricing – supported by service metering Accessible via the Internet/IP – ubiquitous (authorized) network access Standard UI technologies – browsers, RIA clients and underlying technologies Published service interface/API – e.g., web services APIs

Key Attributes

Five key characteristics, explained by the Gartner (Plummer, et al., 2009) and the National Institute of Standards and Technologies (Mell, et al., 2009):¢ • A service-oriented technology, where consumer concerns are abstracted

from provider concerns, and that is ready-to-use SERVICE BASED;¢ • Services scale on-demand to add or remove resources as needed RAPID

ELASTICITY AND SCALABILITY;¢ • Services share a pool of resources to build economies of scale SHARED

RESOURCES;¢ • Services are tracked with usage metrics to enable the “pay-as-you-go

model” PAY PER USE;¢ • Services are delivered through use of Web identifiers, standards, formats

and protocols and with an identical access UBIQUITOUS NETWORK ACCESS;

Cloud Computing in France – A model that will transform companies, Thesis by Cedric Mora, http://www.slideshare.net/cedricmora/cloud-computing-in-france

3 types of services


Software as a service (SAAS) The service provided makes use of the provider’s

applications accessible through a client interface, such as a web browser (ex: Gmail).

The consumer doesn’t manage or control the infrastructure, the network, the servers, the operating system, the storage and cannot add specific development (even if there are limited user specific application configuration settings).

Offers: Billing, Financials, Legal, Sales, Desktop productivity, Human Resources, Content Management, Backup & Recovery, CRM (Customer Relationship Management), Document Management, Collaboration Tools, Social Networks.


Platform as a service (PAAS)

The service provided consists in the deployment of consumercreated applications on the provider’s infrastructure and the use of programming languages and tools supported by the platform (ex: Java or Python available on Google App Engine).

The consumer doesn’t manage or control the infrastructure, the network, the servers, the operating system and the storage but he has control over the deployed applications, and occasionally application hosting environment configurations.

Offers: General purpose, Business intelligence, Integration, Development & Testing, Database.


Platform as a Service (PaaS)

Now you don’t need to invest millions of $$$ to get that development foundation ready for your developers.

The PaaS provider will deliver the platform on the web, and in most of the cases you can consume the platform using your browser, i.e. no need to download any software.

It has definitely empowered small & mid-size companies or even an individual developer to launch their own SaaS leveraging the power of these platform providers, without any initial investment.

PaaS Examples

Google App Engine and Windows Azure are examples of Cloud OS. OrangesScape & Wolf PaaS are cloud middleware.

http://www.techno-pulse.com/

INFRASTRUCTURE AS A SERVICE (IAAS)

The service provided gives the possibility to rent resources, such as processing, storage or bandwidth, and allows the consumer to deploy and run anysoftware (operating systems and/or applications).

The consumer doesn’t manage and control the infrastructure but he controls the operating system, the storage, the deployed applications, and occasionally networking components (firewall, load balancing).

Some providers offer to manage the application if the latter is not too specific and is compatible with the perimeter of their offer.

o Offers: Storage, Compute, Services Management.


Different type of cloud

•Public clouds•External private clouds•Private clouds•Hybrid clouds•Community clouds

Public clouds


Infrastructures are shared with a “Pay-as-you-go” model. This off-premise virtualized infrastructure is easily accessible and can be managed through a portal of the provider. The provider can make economies of scale: the homogeneous infrastructures are shared with all the consumers and managed and updated by the Cloud provider.Consumer can choose the infrastructure they need, and choose all the security elements and the uptime (SLA).

External private cloud We are also seeing an increase number of External

Private Clouds offerings (off-premises): This provides a way for companies to create a logically

separated set of virtual machines, a secure VPN connection to their own networks (Virtual Private Network is a secure tunnel through the Internet from a corporate network to provider’s servers).

It also enables the use of existing security and management policies.


Private clouds

Internal pool of resources inside the Date Centers of a company. Internal Private Clouds are sometimes seen as a simple

evolution of the classic Information System of an organization but have some characteristics of Public Clouds (they use the virtualization and dynamic provisioning).

Private Clouds are companies who only want to use services that are hosted in-house and do not want to share their infrastructure.

This type of Cloud respect the standard process and security policy of the company but doesn’t not offer as much benefits and flexibility to the CIO: he always have to invest in the hardware and software.

Hybrid cloud

Combination of different clouds (for example Public and Private Clouds) that allow for transitive information exchange and possibly application compatibility and portability across disparate Cloud service offerings and providers utilizing standard or proprietary methodologies regardless of ownership or location.


COMMUNITY CLOUD

Infrastructures, shared by several organizations, support a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations).

The US Government and NASA created a community cloud for all US government agencies.

This type of cloud combines two worlds: Public Cloud (different entities sharing their infrastructure) and Private Cloud (specific organizations use their own Data Centers and know with whom they share their infrastructure).


Impact on the organization

Impact on the organizationStrategy: What are the impacts on the strategy when it goes from controlling an infrastructure to controlling a process? What new strategies are possible now?

• Systems: What happen to the processes of the IT department? (ITIL, Build versus Run, contract management)

• Structure: How can the IT department be aligned with the business strategy? Does a company need a new organization? What happens to the CIO and the decision making?

• Shared values: Can an organization be still working in silos? A key element will be developed in the corporation culture

• Style: Does the managers have to behave differently?

• Staff: What happens to the actual employees? New jobs created?

• Skills: What skills does the employees need in this new model?

18

InfoSafe 2012-2013

Cloud Computing

• Le système d’information, un modèle en couches

Analyste

Architecte

Testeur

ProjectManager

Utilisateur

Infrastructure (matériel/réseau)

Système d'exploitation

Logiciel de service

Application

Données

19

InfoSafe 2012-2013

Cloud Computing

• Gestion du système d’information★ Recourir à des services externes

‣ Manque de compétences internes‣ Maîtrise des coûts‣ Manque de flexibilité interne

★ Outsourcing‣ Sous-traiter une activité à un partenaire

- Développement- Gestion SI- …

★ On-demand computing/Utility computing

20

InfoSafe 2012-2013

Cloud Computing

• Modèles de gestion IT★ IT Interne

‣ Entièreté du SI est sous la gestion directe de l’organisation

- Équipement, logiciel, hébergement, personnel

★ Colocation‣ Entièreté du SI est sous la gestion directe de

l’organisation, MAIS hébergement confié à un partenaire★ Managed services

‣ Couches hautes du SI sous la gestion directe de l’organisation, MAIS infrastructure (évt. Logiciel système) et hébergement confiés à un partenaire

★ Cloud Computing‣ Idem managed services, mais en incluant des

mécanismes de flexibilité, virtualisation, automatisation…

21

InfoSafe 2012-2013

Cloud Computing

• Modèles de gestion – coûts ★ CAPEX: Capital expenses – investissements★ OPEX: Operational Expenses

22

InfoSafe 2012-2013

Cloud Computing

• Définition★ « Environnement dans lequel les services d’infrastructure

(calcul, stockage…) et applicatifs sont fournis au travers d’Internet et accédés via un navigateur. » (Information Systems, Stair & Reynolds, Cengage, 2012)

• Principes★ Pool de ressources★ Virtualisation★ Elasticité★ Automatisation★ Per-usage business model

23

InfoSafe 2012-2013

Cloud Computing

• Résultat d’un processus d’évolution★ Evolution du paradigme

‣ Du mainframe au C/S au Web au Grid au Cloud★ Evolution du matériel

‣ Performances accrues (CPU, stockage, réseau)‣ Baisse du coût‣ Partage, mutualisation

★ Evolution du logiciel‣ Accès à distance‣ Virtualisation‣ SOA, approche ‘composants’ du logiciel

24

InfoSafe 2012-2013

Virtualisation

25

InfoSafe 2012-2013

Virtualisation

• Avantages★ Flexibilité

‣ Provisioning rapide (comparé à des machines physiques)‣ Ajustement des ressources

★ Sécurité‣ Isolation‣ DRP

★ Reporting★ Facturation

‣ Pay-per-usage

• Hyperviseurs★ VMWare, MS HyperV, KVM, Xen, IBM…

26

InfoSafe 2012-2013

Cloud Provider

Business

IT

Cloud Computing

Infrastructure

Système d’exploitation

Logiciels de service

Applications

27

InfoSafe 2012-2013

Cloud Computing

28

InfoSafe 2012-2013

Cloud Computing

Platform IaaS Paas Saas

SalesForce.com (http://www.salesforce.com/)

Amazon Elastic Compute Cloud (http://aws.amazon.com/ec2/)

Google App Engine (http://cloud.google.com/appengine/)

DropBox (https://www.dropbox.com/)

Microsoft Dynamics Online (http://crm.dynamics.com/)

WorkXpress (http://www.workxpress.com/)

Office 365 Online (http://office365.microsoft.com)

Google Docs (http://docs.google.com)

http://cloud.google.com/appengine/

https://www.dropbox.com/

http://crm.dynamics.com/

http://www.workxpress.com/

29

InfoSafe 2012-2013

Cloud Computing

Platform IaaS Paas Saas

SalesForce.com (http://www.salesforce.com/) ✔

Amazon Elastic Compute Cloud (http://aws.amazon.com/ec2/) ✔

Google App Engine (http://cloud.google.com/appengine/) ✔

DropBox (https://www.dropbox.com/) ✔

Microsoft Dynamics Online (http://crm.dynamics.com/) ✔

WorkXpress (http://www.workxpress.com/) ✔

Office 365 Online (http://office365.microsoft.com) ✔

Google Docs (http://docs.google.com) ✔

http://cloud.google.com/appengine/

https://www.dropbox.com/

30

InfoSafe 2012-2013

Cloud Computing

Avantages Inconvénients

Intérêt économiqueModèle ‘pay as you go’CAPEX ➟ OPEX

One size fits all?

Flexibilité/Agilité Perte de maîtrise/contrôle

Sécurité (as a Service) Sécurité et protection des données

Efficacité/RentabilitéCoût de migration vers un modèle Cloud (adaptation, transfert de données)

Complexité contractuelle (SLA)

Dépendance vis-à-vis de tiers

Mécanisme de sortie?

31

InfoSafe 2012-2013

Cloud Computing

• Sécurité★ Aujourd’hui, premier frein à l’adoption du Cloud (IDC Study,

2009)★ Lié au partage des ressources★ Impératifs légaux et réglementaires

‣ Auditabilité: SOX, HIPAA‣ Accès par les autorités: USA Patriot Act‣ Localisation des données: EU Directive

★ Des solutions techniques existent‣ VPN, VLAN, DB Chiffrées…

Source: Wikipedia

Risques et opportunités du Cloud


Domaines critiques à étudier pour la gouvernance

Choc culturel - Résistance au changement Gestion des risques de l’entreprise Problèmes légaux

Fuites de données Accès aux données par les organismes gouvernementaux Protection de la vie privée

Mise en conformité et audit Gestion du cycle de vie de l’information

Création, identification, stockage, utilisation, partage, archivage et destruction

Définition des responsabilités

Portabilité et interopérabilité

106

Gouvernance et Sécurité dans le Cloud Computing : Avantages et Défis. Yves LE ROUX

Domaines critiques à étudier pour la sécurité

Plan de continuité et de reprise d’activités Opérations du ou des centre(s) informatique(s) Réponse, notifications et traitement des incidents Sécurité des applications Chiffrement et gestion des clés Identités et contrôle d’accès Technologie de virtualisation

107


Les avantages du Cloud Computing du point de vue sécurité & gouvernance (1/2)

Possibilité de mettre les données publiques dans un Cloud et de mieux protéger les données sensibles

Fragmentation et dispersion des données Equipe de sécurité dédiée Plus grand investissement dans l’infrastructure de

sécurité Tolérance aux fautes et fiabilité améliorées Meilleure réaction aux attaques

108


Les avantages du Cloud Computing du point de vue sécurité & gouvernance (2/2)

Réduction possible des activités de mise en conformité et d’audit Statement on Auditing Standards No. 70: Service Organizations Automated Audit, Assertion, Assessment, and Assurance API (A6)

Données détenues par un tiers impartial Solutions de stockage et de récupération de données à

moindre coût Contrôles de sécurité à la demande Détection en temps réel des falsifications du système

(System Tampering) Reconstitution rapide des services Possibilité accrue de créer des réseaux leurres (honeynet)

La capture d’une machine virtuelle ne compromet pas l’hôte

109


Les défis du Cloud Computing du point de vue sécurité & gouvernance (1/4)

Confiance dans le modèle de sécurité du fournisseur souvent opaque

Réponse par le client aux recommandations des audits Aide aux enquêtes après incidents Responsabilité des administrateurs appartenant au

fournisseur Perte du contrôle physique Gestion de l’isolement des machines virtuelles Présence de multi-location (multi-tenancy) Gestion des versions de logiciels

110



Protection des données personnelles Traitement dans l’E.E.E. ou la Suisse, le Canada, l’Argentine,

Guernesey, Jersey, Man et le Safe Harbour (US) Règles internes d’entreprise / Corporate Binding rule Clauses contractuelles types Autorisation de transfert

Droit d’accès des organismes gouvernementaux Patriot Act, Regulation of Investigatory Powers Act,

LOPPSI, etc.

Conservation légale des documents et leur production Garantie de la qualité de service

111



Attirance des hackers Possibilité d’une panne massive Intégration avec l’informatique interne Besoins de chiffrement

Problèmes légaux (import, export, utilisation) Accès chiffré à l’interface de contrôle du Cloud Accès chiffré aux applications Chiffrement des données stockées

Permanence / rémanence des données Agrégation et inférence des données



Sécurisation des OS virtuels dans le Cloud Dépendance de la sécurité des hyperviseurs Gestion des identités dans le Cloud

Provisioning / déprovisioning Authentification Fédération Gestion des profils utilisateurs et des autorisations d’accès


Sources & credits Some material adapted from

slides by Christophe Bisciglia, Aaron Kimball, & Sierra Michels-Slettvet, Google Distributed Computing Seminar, 2007

Jimmy Lin, The iSchool, University of Maryland B.Singh, www.technopulse.com http://www.andyharjanto.com Gouvernance et sécurité dans le Cloud Computing : avantages et

défis, Yves LE ROUX, CISSP CISM, Principal Consultant; [email protected] Cloud Computing in France – A model that will transform

companies, Thesis by Cedric Mora, http://www.slideshare.net/cedricmora/cloud-computing-in-france

Education

Introduction au Cloud computing