Virtualization &
Cloud Computing
A new window to the computing zone
Presented by: iTech River Consultancy Services
www.itechriver.com
dcg@itechriver.com

Agenda
• General discussions
• Why cloud?
• The terminology: relating virtualization and cloud
• Types of Virtualization and Cloud deployment model
• Decisive factors in migration
• Hands-on cloud deployment
• Cloud for banks

Cloud for the Mango Man
• What is cloud?
Network Data
Storage Processing

Cloud for the Mango Man
Hey, this thing connects via cloud!
Lets call it cloud computing

Cloud for the Mango Man
Hey, this thing connects via cloud!
Lets call it cloud computing

Cloud for the Mango Man
Hey, this thing connects via cloud!
Lets call it cloud computing

Cloud for the Mango Man
Hey, this thing connects via cloud!
Lets call it cloud computing

Cloud for the dumb

Cloud for the geeks
• NIST definition:
Cloud computing is a model for enabling convenient, on-demand network
access to a shared pool of configurable computing resources (e.g., networks,
servers, storage, applications, and services) that can be rapidly provisioned
and released with minimal management effort or service provider interaction

Cloud for the business

Cloud for the business

Cloud as it evolved

Why cloud?
• Resource allocation and optimization
• Cost efficiency: CapEx to OpEx
• All things being equal, OpEx should be more expensive than CapEx
• Choosing one option over another is a trade-off
• Friction affects the OpEx vs CapEx evaluation
• Automation leads to lower transaction cost
• Security
• Consolidation and ease of management
• Scalability
• Elasticity

Virtualization and Cloud
• Virtualization
• Meaning: virtualize compute, storage, network, application etc.
• Application: from testing to production
• Cloud computing: building the empire above virtualization
• Need for new technology
• Consolidation
• Orchestration
• Metering
• Cost optimization
• Elasticity
• The hype, the myth, the reality

Types of Virtualization
• Server Virtualization
• Desktop Virtualization
• Application Virtualization
• Network Virtualization
• Storage Virtualization

Server Virtualization
• Create virtual machines with desired configuration on top of a physical bare
metal box
• Hypervisor acts as a broker between hardware and virtual machines
• May or may not need a host OS
• Elasticity and resource optimization are prime motives
• Applications need resources, not servers
• Wide implementation: fun, experiment, research, enterprise

Server Virtualization
• Full virtualization vs Para-virtualization
Hardware Layer
Hypervisor
Mgmt
Console
VM VM
Linux
VM
Win
2k
VM
Hardware Layer
Hypervisor
Mgmt
Console
VM VM
Host Operating System
Linux
VM
Win
2k
VM

Server Virtualization
• Hypervisor vs Docker
Hardware Layer
Host OS
Hypervisor
App A App B
Bins / Libs
Guest OS
Bins / Libs
Guest OS
Hardware Layer
Host OS
Docker Engine
App A App B
Bins / Libs Bins / Libs

Desktop Virtualization (VDI/DaaS)
• Virtualize desktops in a client server model
• Use of thin clients instead of thick clients
• Centralized resource pooling
• Centralized management of resources and policies
• Easy and quick migrations
• Data security

Application Virtualization
• Application sits only as a stub at user end
• Encapsulated and sandboxed from OS
• Allow apps to run in non-suitable environment
• Run incompatible applications side-by-side, at the same time
• Simplified OS level migrations
• Improved security by isolating apps from OS
• Portability of apps from one machine to other
• SaaS is an enhanced derivation

Application Virtualization

Application Virtualization + Server Virtualization

Network Virtualization

Network Virtualization
• Network provisioning and expansion is complex today
• Migrate to Software Defined Networks
• Decoupling control plane from data plane
• Build centralized set of rules (firewalls, load balancers etc.)
• Acceptance of open interfaces instead of locking into proprietary solutions
• External virtualization combines several networking units into virtual unit
• Internal virtualization provides network functionality to software containers
• Implementations: AKARI, FIRE etc.

Vertically integrated
Closed, proprietary
Slow innovation
Small industry
Specialized
Operating
System
Specialized
Hardware
AppAppAppAppAppAppAppAppAppAppApp
Specialized
Applications
Horizontal
Open interfaces
Rapid innovation
Huge industry
Microprocessor
Open Interface
Mainframe era

Million of
lines
of source
code
Thousands of RFCs per code block
Billions of
gates
Bloated Power Hungry
• Vertically integrated, complex, closed, proprietary
• Networking industry with “mainframe” mindset
Custom Hardware
OS
Routing, management, mobility
management,
access control, VPNs…
Feature Feature
Networking today

SDN
Vertically integrated
Closed, proprietary
Slow innovation
AppAppAppAppAppAppAppAppAppAppApp
Horizontal
Open interfaces
Rapid innovation
Control
Plane
Control
Plane
Control
Plane or or
Open Interface
Specialized
Control
Plane
Specialized
Hardware
Specialized
Features
Merchant
Switching Chips
Open Interface

Storage Virtualization
• Block virtualization: abstraction of logical storage from physical storage
• More flexibility for SA in managing storage
• Address space remapping with multi layer remapping (LUNs out of LUNs)
• Metadata optimization: tradeoff between granularity and addressable capacity, solved by
three layers of virtualization
• In built replication via synchronous and asynchronous mirroring
• Pooling and scaling remains transparent to application layer
• Host based, storage based and network based
• Benefits:
• Non-disruptive data migration (transparent mapping to host, depend on granularity)
• Improved utilization (avoid over-buying and over-provisioning)
• Fewer points of management (monolithic storage with central management)

Cloud based storage
• Cloud storage is an important service of cloud computing, which allows users to
move their data from local computing systems to the Cloud.
• Examples:
• Amazon Simple Storage Service (S3)
• DropBox
• Rackspace Cloud etc.

Challenges in Cloud Computing
• Security
• Privacy
• Performance
• Availability
• Compliance
• Long-Term viability
• Interoperability
• Legal Issues
• Open Standard

Security Issues
• Data Storage Security and Privacy
• Virtualization Security
• Infrastructure Security
• Network Security
• Host Security
• Governance, Regularity and Compliance
• More…

Three pillars of Security
• Confidentiality
• Maintain confidentiality of sensitive data
• Encryption
• Integrity
• Is the data stored at provider’s premises without tampering?
• Metadata generation
• Availability
• Data should be available even if hardware failure occurs in the cloud
• Data replication

Cloud security audit model
Storage
Servers
Internet
Data Flow
Challenge
Users Cloud Service Provider(CSP)
Third Party Auditor(TPA)
Response

Cloud security verification
pk, metadata
User CSPTPA
(d)MetadataGen
(b)Encryption
(a)Keygen
(c)Replication
TPA stores the
metadata
TPA stores public key
file
CSP stores file

Cloud Deployment and Service Model
Rapid Elasticity
On Demand Self Service
Measured Service
Resource Pooling Broad Network Access
Platform as a Service
(PaaS)
Software as a Service
(SaaS)
Private Cloud
Hybrid Cloud
Deployment
Models
Service
Models
Infrastructure as a
Service (IaaS)
Characteristics of
Cloud
Public Cloud
Community Cloud

Migrating to Cloud: When, Why and Why Not
• Good for applications which need to scale up or scale out only for a small
span of time
• Less initial capital investment
• Best suited for low budget projects
• Facilitates centralized management
• Best optimization and utilization of resources
• Metered usage: switch from CapEx to OpEx
• OpEx is not always the cheapest
• Legal concerns and issues

Cloud Computing for Banks?
•Workflow based compute and storage requisition process
•Management layer for Banks to track the usage
On Demand Self
Service
•Provision for requesting scaling down the infrastructure for
optimal usage
•Standardize OS, Database and patching
Measured Service
•Can be accessed through INFINET/MPLS or Leased line
•Options for Internet facing applications
Broad Network
Access
•Usage of scalable environment for banking sector
•Reduces people, HVAC and Real estate requirements. Also, the
future hardware/software refresh overheads
Resource Pooling
•Automated Vertical and Horizontal scaling to meet future
requirements to handle cyclical requirementsRapid Elasticity

IDRBT Banking Community Cloud
• Based on Meghdoot stack, developed from Eucalyptus by CDAC-Chennai
• Presently supports x86 architecture only
• Offers services of IaaS, plans to migrate to SaaS as well
• First banking community cloud in the world
• Non-customer facing and less critical apps can be migrated
• No major unplanned downtime so far
• IBM z series machines, multi tenant QoS enabled MPLS network

IDRBT Banking Community Cloud: Use Cases
• DR Site for an existing production environment
• Dev, Test and Training environment
• Existing applications requiring hardware refresh
• Separation of Database and application layer
• Common Tools as Software Testing, Code Review tools, etc
• Email Service
• Learning Management and other intranet systems

IDRBT Banking Community Cloud: Security
• Access to Server room: 3 level access controls (Biometric, PIN & Access card)
to enter into server room
• Hardware: Kept in lock and key in the data center with access controls
Password protected Cloud machines access is IP based
• Cloud Stack: Virtual Machine access is through PKI (recommend to have a
maximum of 3 administrators per VM), PKI to be issued by IDRBTCA*
• Network: IPSec / GRE tunnel Network Firewalls Virtual Machines are in
designated VLAN of the bank and even Cloud administrators cannot access it
• Identity Management: Strong User ID and password Single Sign-on/ Active
Directory / LDAP integration to access applications
• Anti-virus: on VM Server level anti-virus (symantec Endpoint Protection)
• Operating System security: VM Updates/patches at Cloud stack

Questions?