Upload
tom-eberle
View
1.007
Download
2
Embed Size (px)
DESCRIPTION
Cloud computing introduced with emphasis on the underlying technology explaining that more than virtualization is involved. Topics covered include: Cloud Technologies, Web Applications, Clustering, Terminal Services, Application Servers, Virtualization, Hypervisors, Service Models, Deployment Models, and Cloud Security.
Citation preview
Introduction to Cloud Computing
Tom EberlePETAG Affinity GroupJune 21, 2012
What is it anyway?
Overview
• Introduction• Cloud Technologies
– Web Applications– Clustering– Terminal Services– Application Servers– Virtualization– Hypervisors
• Service Models• Deployment Models• Cloud Security• Final Thoughts
What is Cloud Computing?
Larry Ellison, Founder of Oracle
“..we've redefined cloud computing to include everything that we already do.. I don't understand what we would do differently in the light of cloud“ – Oracle OpenWorld, 2009
What is Cloud Computing?
Richard Stallman, Founder of GNU
“It's stupidity. It's worse than stupidity: it's a marketing hype campaign“ - The Guardian Newspaper, 2008
What is Cloud Computing?
Bruce Schneier, Security Expert, Author“Cloud computing is nothing new.. It's the
modern version of the timesharing model from the 1960s, which was eventually killed by the rise of the personal computer. “ - Schneier on Security Blog, 2009
What is Cloud Computing?
What is Cloud Computing?
- Siri Says“Services that provide common business
applications online, which are accessed from a Web browser, while the software and data are stored on the servers; a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the internet”
Introduction
• What Comprises Cloud Computing?
* NIST Visual Model of Cloud Computing
Broadband Network Access
Rapid ElasticityMeasured Services
On-Demand Self-Services
Resource Pooling
Software as a Service (SasS)
Platform as a Service (PasS)
Infrastructure as a Service (IasS)
Public Private Hybrid Community
EssentialCharacteristics
Service Models
DeploymentModels
What is Cloud Computing?
Why Adopt Cloud Computing?
• Scalability - Organizations have access to a large amount of resources that scale based on user demand
• Elasticity - Organization’s can request, use, and release as many resources as needed based on changing needs
• Virtualization - Each user has a single view of the available resources, independently of how they are arranged in terms of physical devices
• Lower Infrastructure Costs - The pay-per-use model allows an organization to only pay for the resources they need with basically no investment in the physical resources available in the cloud. There are no infrastructure maintenance or upgrade costs
Why Adopt Cloud Computing?
• Availability - Organizations have the ability for the user to access data and applications from around the globe
• Collaboration - Organizations are starting to see the cloud as a way to work simultaneously on common data and information
• Risk Reduction - Organizations can use the cloud to test ideas and concepts before making major investments in technology
• Reliability - In order to support SLAs (service-level agreements), cloud providers have reliability mechanisms that are much more robust than those that could be cost-effectively provided by a single organization
Cloud Technology
Web Applications
• Simplest form of cloud computing• Applications created in standard web
programming languages (HTML, javascript, XML, PHP, etc)
• Apps reside somewhere on a server (Google Docs, Quickbooks On-line, etc)
• Accessed via your PC’s web browser• If your PC fails, you can access data from
another PC
Clustering
• Cluster of computers (i.e. multiple different servers)– Different server hardware– Possibly different OS (depending on app)
• Generally Used as Database Servers (MySQL, Microsoft Active Directory)
• Benefits– Replication: Servers maintains same data– Load balancing between servers in the cluster– Fault tolerance: cluster responds w/traffic routing
Clustering Example
OSMySQL
OS
OS OS
MySQL
MySQL MySQL
Terminal Services
• Based off of old Mainframe and Dumb Terminal Architecture
• Now You Use Terminal Services Servers and Thin Clients
• Thin Clients can be Hardware Devices or Software installed on a computer
• All processing happens on Terminal Services Server
• Thin Client simply gets a "Window" into the server sharing the same OS and applications of the server
• Benefits
– Application & data is stored on the server
– Data can be accessible by other thin clients
– Maintenance
TS Server Example
Application Servers
• Uses Terminal Services but instead of providing a full Environment it only delivers a specific Application.
• Benefits– Applications distributed to thin clients– Data stored on server (shared)– Maintenance
Virtualization
• What is it?– Separation of OS from hardware– Ability to EASILY move OS (including Apps &
Settings) to new physical hardware– Accomplished with virtualization software
• Client Installed Virtualization• Hypervisors
Client Installed Virtualization
PC Hardware
Operating System (Windows/Linux/Mac)
Client Virtualization Software (VirtualBox)
Instance 1
Windows 7
Instance 2
Linux
Instance 3
Windows 2008
Server
Hypervisors
• More powerful than client installed virtualization software
• Provides high reliability for critical services (e.g. MS Exchange server)
• Two Part Solution: Hypervisor & Management Software
• Hypervisor is installed on the physical server hardware– It’s like a thin OS– Only provides rudimentary connection info (IP address,
computer name, etc) for the management software– Supports installation of OS’s when installing computer
instances
Hypervisors
• Management Software is installed on an admin computer
• Purpose: Configure each Virtual Machine, or Instance and provide fault tolerance.– Connects to the Hypervisor installed on the server(s)– Allows creation the virtual computer instances on the
server• Create virtual disk partitions, allocate memory, Install OS• Instances can be copy/paste to any other server on network
running compatible hypervisors
– On-the-fly reconfiguration when hardware fails
Hypervisor
Server Hardware
Hypervisor (VMWare ESXi)
ComputerInstance 1
Windows 7
PC Hardware
Management Software
(VMWare vSphere)
100 G1 G
RAM
ComputerInstance 2
Linux
200 G10 GRAM
ComputerInstance 3
WindowsServer 2008
100 G5 G
RAM
Hypervisor Fault Tolerance
PC Hardware
Management Software
(VMWare Sphere)
Server Hardware 1
Hypervisor (VMWare ESXi)
ComputerInstance 1
ComputerInstance 2
ComputerInstance 3
Server Hardware 2
Hypervisor (VMWare ESXi)
ComputerInstance 1
ComputerInstance 2
ComputerInstance 3
Server Hardware 3
Hypervisor (VMWare ESXi)
ComputerInstance 1
ComputerInstance 2
ComputerInstance 3
Server Hardware 4
Hypervisor (VMWare ESXi)
ComputerInstance 1
ComputerInstance 2
ComputerInstance 3
ComputerInstance 4
ComputerInstance 4
ComputerInstance 4
Hypervisors
• Most Hypervisor Software: Free and/or OpenSource– VMware, Citrix
• Most Management Software: Free (Lite version), Paid (Fault Tolerance and other features)
Service Models
Service Models
• Everything as a Service: XasS• Most Common: SPI
– Software as a Service: SasS– Platform as a Service: PasS– Infrastructure as a Service: SasS
• Other models– Storage as a Service: SasS– Communications as a Service: CasS– Network as a Service: NasS– Monitoring as a Service: MasS
Infrastructure as a Service (IasS)
• What you gain: Computer/ Server
• Consumer: SysAdmins
• Examples– Rackspace.com– Go Grid– Amazon Web Services (AWS)
NetworkingNetworking
StorageStorage
ServersServers
VirtualizationVirtualization
O/S
Middleware
Runtime
Data
Applications
Vendor M
anage
You
Man
age
Platform as a Service (PasS)
• What you gain: Application/ Framework
• Consumer: App Developers
• Examples– Force.com– Google App Engine– Microsoft Azure
NetworkingNetworking
StorageStorage
ServersServers
VirtualizationVirtualization
O/SO/S
MiddlewareMiddleware
RuntimeRuntime
Data
Applications
Vendor M
anage
You
Man
age
Software as a Service (SasS)
• What you gain: Business Functionality
• Consumer: End Users• Examples
– Google Docs/Gmail– FreshBooks– SalesForce– BaseCamp
NetworkingNetworking
StorageStorage
ServersServers
VirtualizationVirtualization
O/SO/S
MiddlewareMiddleware
RuntimeRuntime
DataData
ApplicationsApplications
Vendor M
anage
Cloud Deployment Models
Cloud Deployment Models
Cloud Deployment Models
• Public Cloud– Infrastructure made available to general public or
large industry group– Owned by the organization selling the service
• Private Cloud– Infrastructure operated solely for a single
organization– May be managed by the organization or a third
party– May be located on-premise or off-premise
Cloud Deployment Models
• Community Cloud– Infrastructure is shared by several organizations and
supports a specific community that has shared concerns (e.g. mission, security requirements, policy, compliance, etc.)
– May be managed by the organizations or a third party– May be located on-premise or off-premise
• Hybrid Cloud– Infrastructure is a composition of two or more clouds– Remain unique entities but bound together by
standardized or proprietary technology that enable data and application portability
Cloud Deployment Models
Infrastructure Managed By
Infrastructure Owned By
Infrastructure Located
Accessible and Consumed By
Public Third Party Provider Third Party Provider Off-Premise Untrusted
Private/Community
Organization
OR
Third Party Provider
Organization
OR
Third Party Provider
On-Premise
Off-Premise
Trusted
Hybrid Both Organization &Third Party Provider
Both Organization &Third Party Provider
Both On-Premise &Off-Premise
Trusted &Untrusted
Cloud Security
• John Chambers, CEO Cisco Systems - “[Cloud Computing] is a security nightmare and it can't be handled in traditional ways.“ – Keynote Address, 2009 RSA Security Conference
Cloud Security
• No list of security controls can cover all cloud deployments
• Organizations should adopt a risk-based approach about moving to the cloud
• Use Cloud Security Alliance (CSA) quick method for evaluating tolerance in moving an asset to the cloud
Cloud Security
• Identify Each Asset for Cloud Deployment– Data– Application/Functions/Processes
• Data and applications don’t need to reside in the same location
Cloud Security
• Evaluate the Asset – How would we be harmed if the asset became widely
public or widely distributed?– How would we be harmed if an employee of our
cloud provider accessed the asset?– How would we be harmed if the process or function
were manipulated by an outsider?– How would we be harmed if the process or function
failed to provide expected results?– How would we be harmed if the information/data were
unexpectedly changed?– How would we be harmed if the asset were
unavailable for a peroid of time?
Cloud Security
• Map the Asset to Potential Cloud Deployment Models– Public– Private, internal/on-premises– Private, external (including dedicated or shared
infrastructure)– Community; taking into account the hosting
location, and identification of other community members
– Hybrid; have in mind at least a rough architecture of where components, functions, and data will reside.
Cloud Security
• Evaluate Potential Cloud Service Models and Providers– Focus on the degree of control you’ll have
• SasS: Software as a Service• PasS: Platform as a Service• IasS: Infrastructure as a Service
• Map Out the Potential Data Flow– Map out data flow between your organization,
cloud services, and any customer/other nodes– Understand whether, and how, data can move in
and out of the cloud– Identify risk exposure points
Risk Management Approaches
IIasS
Infrastructure
PPasS
Platform
SSasS
Software
Security Participation by End User Organization
SasS
PasS & SasS
IasS, PasS, & SasS
Co
nsu
mer
Sec
uri
ty R
esp
on
sib
ilit
y
Mo
reL
ess
Cloud Security
• Security Conclusions– You should understand the importance of
what your considering moving into the cloud– Risk tolerance for each asset– Which combinations of deployment and
service models are acceptable– You should have a good idea of potential
exposure points for sensitive information and operations
Barriers to Cloud Adoption
• Security - The key concern is data privacy: organizations do not have control of or know where their data is being stored
• Interoperability - A universal set of standards and/or interfaces has not yet been defined, resulting in a significant risk of vendor lock-in
• Resource Control - The amount of control that the organization has over the cloud environment varies greatly
• Latency - All access to the cloud is done via the internet, introducing latency into every communication between the user and the environment
• Platform or Language Constraints - Some cloud environments provide support for specific platforms and languages only
• Legal Issues - There are concerns in the cloud computing community over jurisdiction, data protection, fair information practices, and international data transfer
Final Thoughts
• Cloud Computing is in essence an economic model– It is a different way to acquire and manage IT
resources • There are multiple cloud providers—the
cloud is real– Currently most cloud consumers are small
enterprises– Large enterprises are exploring private clouds– The number of providers will most probably grow
as people start seeing greater savings and improvements to reduce adoption barriers
Final Thoughts
• Cloud Computing adoption requires cost/benefit/risk analysis to determine – What resources to move to the cloud (if any) – What situations warrant use of cloud resources,
even for one-time situations – Implementation of private clouds vs. usage of
public clouds – What risks are associated with using resources
on the cloud – What risks are associated to providing resources
in the cloud
Final Thoughts
• Decisions from a cloud consumer perspective depend on– Required control level– Required security level– Compatibility with local infrastructure
• Decisions from a cloud provider perspective depend on– Market/user characteristics– Established SLAs– Available technology
Thank You
Tom [email protected]/in/teberleTwitter.com/teberle
References
• Cloud Security Alliance Guide.v3.0• “Introduction to Cloud Computing” – Everyman IT• “Introduction to Security and Privacy in Cloud
Computing”, Ragib Hanson , Johns Hopkins University, 1/25/2010
• “Architectural Implications of Cloud Computing”, Grace A. Lewis, Software Engineering Institute, 2011
• “Introduction to Cloud Computing”, Wikipedia
• “Cloud Computing”, Wikipedia