Introduction to Cloud Computing

Introduction to Cloud Computing

Tom EberlePETAG Affinity GroupJune 21, 2012

What is it anyway?

Overview

• Introduction• Cloud Technologies

– Web Applications– Clustering– Terminal Services– Application Servers– Virtualization– Hypervisors

• Service Models• Deployment Models• Cloud Security• Final Thoughts

What is Cloud Computing?

Larry Ellison, Founder of Oracle

“..we've redefined cloud computing to include everything that we already do.. I don't understand what we would do differently in the light of cloud“ – Oracle OpenWorld, 2009


Richard Stallman, Founder of GNU

“It's stupidity. It's worse than stupidity: it's a marketing hype campaign“ - The Guardian Newspaper, 2008


Bruce Schneier, Security Expert, Author“Cloud computing is nothing new.. It's the

modern version of the timesharing model from the 1960s, which was eventually killed by the rise of the personal computer. “ - Schneier on Security Blog, 2009



- Siri Says“Services that provide common business

applications online, which are accessed from a Web browser, while the software and data are stored on the servers; a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the internet”

Introduction

• What Comprises Cloud Computing?

* NIST Visual Model of Cloud Computing

Broadband Network Access

Rapid ElasticityMeasured Services

On-Demand Self-Services

Resource Pooling

Software as a Service (SasS)

Platform as a Service (PasS)

Infrastructure as a Service (IasS)

Public Private Hybrid Community

EssentialCharacteristics

Service Models

DeploymentModels


Why Adopt Cloud Computing?

• Scalability - Organizations have access to a large amount of resources that scale based on user demand

• Elasticity - Organization’s can request, use, and release as many resources as needed based on changing needs

• Virtualization - Each user has a single view of the available resources, independently of how they are arranged in terms of physical devices

• Lower Infrastructure Costs - The pay-per-use model allows an organization to only pay for the resources they need with basically no investment in the physical resources available in the cloud. There are no infrastructure maintenance or upgrade costs

Why Adopt Cloud Computing?

• Availability - Organizations have the ability for the user to access data and applications from around the globe

• Collaboration - Organizations are starting to see the cloud as a way to work simultaneously on common data and information

• Risk Reduction - Organizations can use the cloud to test ideas and concepts before making major investments in technology

• Reliability - In order to support SLAs (service-level agreements), cloud providers have reliability mechanisms that are much more robust than those that could be cost-effectively provided by a single organization

Cloud Technology

Web Applications

• Simplest form of cloud computing• Applications created in standard web

programming languages (HTML, javascript, XML, PHP, etc)

• Apps reside somewhere on a server (Google Docs, Quickbooks On-line, etc)

• Accessed via your PC’s web browser• If your PC fails, you can access data from

another PC

Clustering

• Cluster of computers (i.e. multiple different servers)– Different server hardware– Possibly different OS (depending on app)

• Generally Used as Database Servers (MySQL, Microsoft Active Directory)

• Benefits– Replication: Servers maintains same data– Load balancing between servers in the cluster– Fault tolerance: cluster responds w/traffic routing

Clustering Example

OSMySQL

OS

OS OS

MySQL

MySQL MySQL

Terminal Services

• Based off of old Mainframe and Dumb Terminal Architecture

• Now You Use Terminal Services Servers and Thin Clients

• Thin Clients can be Hardware Devices or Software installed on a computer

• All processing happens on Terminal Services Server

• Thin Client simply gets a "Window" into the server sharing the same OS and applications of the server

• Benefits

– Application & data is stored on the server

– Data can be accessible by other thin clients

– Maintenance

TS Server Example

Application Servers

• Uses Terminal Services but instead of providing a full Environment it only delivers a specific Application.

• Benefits– Applications distributed to thin clients– Data stored on server (shared)– Maintenance

Virtualization

• What is it?– Separation of OS from hardware– Ability to EASILY move OS (including Apps &

Settings) to new physical hardware– Accomplished with virtualization software

• Client Installed Virtualization• Hypervisors

Client Installed Virtualization

PC Hardware

Operating System (Windows/Linux/Mac)

Client Virtualization Software (VirtualBox)

Instance 1

Windows 7

Instance 2

Linux

Instance 3

Windows 2008

Server

Hypervisors

• More powerful than client installed virtualization software

• Provides high reliability for critical services (e.g. MS Exchange server)

• Two Part Solution: Hypervisor & Management Software

• Hypervisor is installed on the physical server hardware– It’s like a thin OS– Only provides rudimentary connection info (IP address,

computer name, etc) for the management software– Supports installation of OS’s when installing computer

instances

Hypervisors

• Management Software is installed on an admin computer

• Purpose: Configure each Virtual Machine, or Instance and provide fault tolerance.– Connects to the Hypervisor installed on the server(s)– Allows creation the virtual computer instances on the

server• Create virtual disk partitions, allocate memory, Install OS• Instances can be copy/paste to any other server on network

running compatible hypervisors

– On-the-fly reconfiguration when hardware fails

Hypervisor

Server Hardware

Hypervisor (VMWare ESXi)

ComputerInstance 1

Windows 7

PC Hardware

Management Software

(VMWare vSphere)

100 G1 G

RAM

ComputerInstance 2

Linux

200 G10 GRAM

ComputerInstance 3

WindowsServer 2008

100 G5 G

RAM

Hypervisor Fault Tolerance

PC Hardware

Management Software

(VMWare Sphere)

Server Hardware 1


ComputerInstance 1

ComputerInstance 2

ComputerInstance 3

Server Hardware 2


ComputerInstance 1

ComputerInstance 2

ComputerInstance 3

Server Hardware 3


ComputerInstance 1

ComputerInstance 2

ComputerInstance 3

Server Hardware 4


ComputerInstance 1

ComputerInstance 2

ComputerInstance 3

ComputerInstance 4

ComputerInstance 4

ComputerInstance 4

Hypervisors

• Most Hypervisor Software: Free and/or OpenSource– VMware, Citrix

• Most Management Software: Free (Lite version), Paid (Fault Tolerance and other features)

Service Models

Service Models

• Everything as a Service: XasS• Most Common: SPI

– Software as a Service: SasS– Platform as a Service: PasS– Infrastructure as a Service: SasS

• Other models– Storage as a Service: SasS– Communications as a Service: CasS– Network as a Service: NasS– Monitoring as a Service: MasS

Infrastructure as a Service (IasS)

• What you gain: Computer/ Server

• Consumer: SysAdmins

• Examples– Rackspace.com– Go Grid– Amazon Web Services (AWS)

NetworkingNetworking

StorageStorage

ServersServers

VirtualizationVirtualization

O/S

Middleware

Runtime

Data

Applications

Vendor M

anage

You

Man

age

Platform as a Service (PasS)

• What you gain: Application/ Framework

• Consumer: App Developers

• Examples– Force.com– Google App Engine– Microsoft Azure


StorageStorage

ServersServers


O/SO/S

MiddlewareMiddleware

RuntimeRuntime

Data

Applications

Vendor M

anage

You

Man

age

Software as a Service (SasS)

• What you gain: Business Functionality

• Consumer: End Users• Examples

– Google Docs/Gmail– FreshBooks– SalesForce– BaseCamp


StorageStorage

ServersServers


O/SO/S

MiddlewareMiddleware

RuntimeRuntime

DataData

ApplicationsApplications

Vendor M

anage

Cloud Deployment Models



• Public Cloud– Infrastructure made available to general public or

large industry group– Owned by the organization selling the service

• Private Cloud– Infrastructure operated solely for a single

organization– May be managed by the organization or a third

party– May be located on-premise or off-premise


• Community Cloud– Infrastructure is shared by several organizations and

supports a specific community that has shared concerns (e.g. mission, security requirements, policy, compliance, etc.)

– May be managed by the organizations or a third party– May be located on-premise or off-premise

• Hybrid Cloud– Infrastructure is a composition of two or more clouds– Remain unique entities but bound together by

standardized or proprietary technology that enable data and application portability


Infrastructure Managed By

Infrastructure Owned By

Infrastructure Located

Accessible and Consumed By

Public Third Party Provider Third Party Provider Off-Premise Untrusted

Private/Community

Organization

OR

Third Party Provider

Organization

OR

Third Party Provider

On-Premise

Off-Premise

Trusted

Hybrid Both Organization &Third Party Provider

Both Organization &Third Party Provider

Both On-Premise &Off-Premise

Trusted &Untrusted

Cloud Security

• John Chambers, CEO Cisco Systems - “[Cloud Computing] is a security nightmare and it can't be handled in traditional ways.“ – Keynote Address, 2009 RSA Security Conference

Cloud Security

• No list of security controls can cover all cloud deployments

• Organizations should adopt a risk-based approach about moving to the cloud

• Use Cloud Security Alliance (CSA) quick method for evaluating tolerance in moving an asset to the cloud

Cloud Security

• Identify Each Asset for Cloud Deployment– Data– Application/Functions/Processes

• Data and applications don’t need to reside in the same location

Cloud Security

• Evaluate the Asset – How would we be harmed if the asset became widely

public or widely distributed?– How would we be harmed if an employee of our

cloud provider accessed the asset?– How would we be harmed if the process or function

were manipulated by an outsider?– How would we be harmed if the process or function

failed to provide expected results?– How would we be harmed if the information/data were

unexpectedly changed?– How would we be harmed if the asset were

unavailable for a peroid of time?

Cloud Security

• Map the Asset to Potential Cloud Deployment Models– Public– Private, internal/on-premises– Private, external (including dedicated or shared

infrastructure)– Community; taking into account the hosting

location, and identification of other community members

– Hybrid; have in mind at least a rough architecture of where components, functions, and data will reside.

Cloud Security

• Evaluate Potential Cloud Service Models and Providers– Focus on the degree of control you’ll have

• SasS: Software as a Service• PasS: Platform as a Service• IasS: Infrastructure as a Service

• Map Out the Potential Data Flow– Map out data flow between your organization,

cloud services, and any customer/other nodes– Understand whether, and how, data can move in

and out of the cloud– Identify risk exposure points

Risk Management Approaches

IIasS

Infrastructure

PPasS

Platform

SSasS

Software

Security Participation by End User Organization

SasS

PasS & SasS

IasS, PasS, & SasS

Co

nsu

mer

Sec

uri

ty R

esp

on

sib

ilit

y

Mo

reL

ess

Cloud Security

• Security Conclusions– You should understand the importance of

what your considering moving into the cloud– Risk tolerance for each asset– Which combinations of deployment and

service models are acceptable– You should have a good idea of potential

exposure points for sensitive information and operations

Barriers to Cloud Adoption

• Security - The key concern is data privacy: organizations do not have control of or know where their data is being stored

• Interoperability - A universal set of standards and/or interfaces has not yet been defined, resulting in a significant risk of vendor lock-in

• Resource Control - The amount of control that the organization has over the cloud environment varies greatly

• Latency - All access to the cloud is done via the internet, introducing latency into every communication between the user and the environment

• Platform or Language Constraints - Some cloud environments provide support for specific platforms and languages only

• Legal Issues - There are concerns in the cloud computing community over jurisdiction, data protection, fair information practices, and international data transfer

Final Thoughts

• Cloud Computing is in essence an economic model– It is a different way to acquire and manage IT

resources • There are multiple cloud providers—the

cloud is real– Currently most cloud consumers are small

enterprises– Large enterprises are exploring private clouds– The number of providers will most probably grow

as people start seeing greater savings and improvements to reduce adoption barriers

Final Thoughts

• Cloud Computing adoption requires cost/benefit/risk analysis to determine – What resources to move to the cloud (if any) – What situations warrant use of cloud resources,

even for one-time situations – Implementation of private clouds vs. usage of

public clouds – What risks are associated with using resources

on the cloud – What risks are associated to providing resources

in the cloud

Final Thoughts

• Decisions from a cloud consumer perspective depend on– Required control level– Required security level– Compatibility with local infrastructure

• Decisions from a cloud provider perspective depend on– Market/user characteristics– Established SLAs– Available technology

Thank You

Tom [email protected]/in/teberleTwitter.com/teberle

References

• Cloud Security Alliance Guide.v3.0• “Introduction to Cloud Computing” – Everyman IT• “Introduction to Security and Privacy in Cloud

Computing”, Ragib Hanson , Johns Hopkins University, 1/25/2010

• “Architectural Implications of Cloud Computing”, Grace A. Lewis, Software Engineering Institute, 2011

• “Introduction to Cloud Computing”, Wikipedia

• “Cloud Computing”, Wikipedia