Cloud computing introduced with emphasis on the underlying technology explaining that more than virtualization is involved. Topics covered include: Cloud Technologies, Web Applications, Clustering, Terminal Services, Application Servers, Virtualization, Hypervisors, Service Models, Deployment Models, and Cloud Security.
3. What is Cloud Computing?
Larry Ellison, Founder of Oracle
“..we've redefined cloud computing to
include everything that we already
do.. I don't understand what we
would do differently in the light of
cloud“ – Oracle OpenWorld, 2009
4. What is Cloud Computing?
Richard Stallman, Founder of GNU
“It's stupidity. It's worse than stupidity:
it's a marketing hype campaign“
- The Guardian Newspaper, 2008
5. What is Cloud Computing?
Bruce Schneier, Security Expert, Author
“Cloud computing is nothing new.. It's the
modern version of the timesharing
model from the 1960s, which was
eventually killed by the rise of the
personal computer. “
- Schneier on Security Blog, 2009
7. What is Cloud Computing?
- Siri Says
“Services that provide common business
applications online, which are accessed
from a Web browser, while the software
and data are stored on the servers; a
style of computing in which dynamically
scalable and often virtualized resources
are provided as a service over the
internet”
8. Introduction
• What Comprises Cloud Computing?
Broadband Measured On-Demand
Rapid Elasticity
Network Access Services Self-Services
Essential
Characteristics
Resource Pooling
Software as a Platform as a Infrastructure as Service
Service (SasS) Service (PasS) a Service (IasS) Models
Public Private Hybrid Community Deployment
Models
* NIST Visual Model of Cloud Computing
10. Why Adopt Cloud Computing?
• Scalability - Organizations have access to a large amount of
resources that scale based on user demand
• Elasticity - Organization’s can request, use, and release as
many resources as needed based on changing needs
• Virtualization - Each user has a single view of the available
resources, independently of how they are arranged in terms of
physical devices
• Lower Infrastructure Costs - The pay-per-use model allows
an organization to only pay for the resources they need with
basically no investment in the physical resources available in
the cloud. There are no infrastructure maintenance or
upgrade costs
11. Why Adopt Cloud Computing?
• Availability - Organizations have the ability for the user to
access data and applications from around the globe
• Collaboration - Organizations are starting to see the cloud as
a way to work simultaneously on common data and
information
• Risk Reduction - Organizations can use the cloud to test
ideas and concepts before making major investments in
technology
• Reliability - In order to support SLAs (service-level
agreements), cloud providers have reliability mechanisms that
are much more robust than those that could be cost-
effectively provided by a single organization
13. Web Applications
• Simplest form of cloud computing
• Applications created in standard web
programming languages (HTML, javascript,
XML, PHP, etc)
• Apps reside somewhere on a server (Google
Docs, Quickbooks On-line, etc)
• Accessed via your PC’s web browser
• If your PC fails, you can access data from
another PC
14. Clustering
• Cluster of computers (i.e. multiple different
servers)
– Different server hardware
– Possibly different OS (depending on app)
• Generally Used as Database Servers
(MySQL, Microsoft Active Directory)
• Benefits
– Replication: Servers maintains same data
– Load balancing between servers in the cluster
– Fault tolerance: cluster responds w/traffic routing
16. Terminal Services
• Based off of old Mainframe and Dumb Terminal Architecture
• Now You Use Terminal Services Servers and Thin Clients
• Thin Clients can be Hardware Devices or Software installed
on a computer
• All processing happens on Terminal Services Server
• Thin Client simply gets a "Window" into the server sharing the
same OS and applications of the server
• Benefits
– Application & data is stored on the server
– Data can be accessible by other thin clients
– Maintenance
18. Application Servers
• Uses Terminal Services but instead of
providing a full Environment it only
delivers a specific Application.
• Benefits
– Applications distributed to thin clients
– Data stored on server (shared)
– Maintenance
19. Virtualization
• What is it?
– Separation of OS from hardware
– Ability to EASILY move OS (including Apps &
Settings) to new physical hardware
– Accomplished with virtualization software
• Client Installed Virtualization
• Hypervisors
20. Client Installed Virtualization
Instance 1 Instance 2 Instance 3
Windows 7 Linux Windows
2008
Server
Client Virtualization Software (VirtualBox)
Operating System (Windows/Linux/Mac)
PC Hardware
21. Hypervisors
• More powerful than client installed virtualization
software
• Provides high reliability for critical services (e.g. MS
Exchange server)
• Two Part Solution: Hypervisor & Management
Software
• Hypervisor is installed on the physical server
hardware
– It’s like a thin OS
– Only provides rudimentary connection info (IP address,
computer name, etc) for the management software
– Supports installation of OS’s when installing computer
instances
22. Hypervisors
• Management Software is installed on an admin
computer
• Purpose: Configure each Virtual Machine, or
Instance and provide fault tolerance.
– Connects to the Hypervisor installed on the server(s)
– Allows creation the virtual computer instances on the
server
• Create virtual disk partitions, allocate memory, Install OS
• Instances can be copy/paste to any other server on network
running compatible hypervisors
– On-the-fly reconfiguration when hardware fails
23. Hypervisor
Computer Computer Computer
Instance 1 Instance 2 Instance 3
Windows
Windows 7 Linux
Server 2008
Management
1G 10 G 5G Software
100 G RAM 200 G RAM 100 G RAM
(VMWare
vSphere)
Hypervisor (VMWare ESXi)
PC
Server Hardware Hardware
27. Service Models
• Everything as a Service: XasS
• Most Common: SPI
– Software as a Service: SasS
– Platform as a Service: PasS
– Infrastructure as a Service: SasS
• Other models
– Storage as a Service: SasS
– Communications as a Service: CasS
– Network as a Service: NasS
– Monitoring as a Service: MasS
28. Infrastructure as a Service (IasS)
Applications
Data
You Manage
• What you gain: Computer/
Runtime
Server
Middleware
• Consumer: SysAdmins
O/S
• Examples
Vendor Manage
Virtualization
– Rackspace.com
Servers
– Go Grid
Storage
– Amazon Web Services (AWS)
Networking
29. Platform as a Service (PasS)
Applications
You Manage
Data
• What you gain: Application/
Runtime
Framework
Middleware
• Consumer: App Developers
O/S
• Examples
Vendor Manage
Virtualization
– Force.com
Servers
– Google App Engine
Storage
– Microsoft Azure
Networking
30. Software as a Service (SasS)
Applications
Data
• What you gain: Business
Runtime Functionality
Vendor Manage
Middleware • Consumer: End Users
O/S • Examples
Virtualization – Google Docs/Gmail
– FreshBooks
Servers
– SalesForce
Storage
– BaseCamp
Networking
33. Cloud Deployment Models
• Public Cloud
– Infrastructure made available to general public or
large industry group
– Owned by the organization selling the service
• Private Cloud
– Infrastructure operated solely for a single
organization
– May be managed by the organization or a third
party
– May be located on-premise or off-premise
34. Cloud Deployment Models
• Community Cloud
– Infrastructure is shared by several organizations and
supports a specific community that has shared
concerns (e.g. mission, security requirements, policy,
compliance, etc.)
– May be managed by the organizations or a third party
– May be located on-premise or off-premise
• Hybrid Cloud
– Infrastructure is a composition of two or more clouds
– Remain unique entities but bound together by
standardized or proprietary technology that enable
data and application portability
35. Cloud Deployment Models
Infrastructure Infrastructure Infrastructure Accessible and
Managed By Owned By Located Consumed By
Public Third Party Provider Third Party Provider Off-Premise Untrusted
Organization Organization On-Premise
Private/
Community OR OR Trusted
Third Party Provider Third Party Provider Off-Premise
Hybrid Both Organization & Both Organization & Both On-Premise & Trusted &
Third Party Provider Third Party Provider Off-Premise Untrusted
36. Cloud Security
• John Chambers, CEO Cisco
Systems - “[Cloud Computing] is a
security nightmare and it can't be
handled in traditional ways.“ –
Keynote Address, 2009 RSA
Security Conference
37. Cloud Security
• No list of security controls can cover all
cloud deployments
• Organizations should adopt a risk-based
approach about moving to the cloud
• Use Cloud Security Alliance (CSA) quick
method for evaluating tolerance in moving
an asset to the cloud
38. Cloud Security
• Identify Each Asset for Cloud
Deployment
– Data
– Application/Functions/Processes
• Data and applications don’t need to reside
in the same location
39. Cloud Security
• Evaluate the Asset
– How would we be harmed if the asset became widely
public or widely distributed?
– How would we be harmed if an employee of our
cloud provider accessed the asset?
– How would we be harmed if the process or function
were manipulated by an outsider?
– How would we be harmed if the process or function
failed to provide expected results?
– How would we be harmed if the information/data were
unexpectedly changed?
– How would we be harmed if the asset were
unavailable for a peroid of time?
40. Cloud Security
• Map the Asset to Potential Cloud
Deployment Models
– Public
– Private, internal/on-premises
– Private, external (including dedicated or shared
infrastructure)
– Community; taking into account the hosting
location, and identification of other community
members
– Hybrid; have in mind at least a rough architecture
of where components, functions, and data will
reside.
41. Cloud Security
• Evaluate Potential Cloud Service Models
and Providers
– Focus on the degree of control you’ll have
• SasS: Software as a Service
• PasS: Platform as a Service
• IasS: Infrastructure as a Service
• Map Out the Potential Data Flow
– Map out data flow between your organization,
cloud services, and any customer/other nodes
– Understand whether, and how, data can move in
and out of the cloud
– Identify risk exposure points
42. Risk Management Approaches
Consumer Security Responsibility
Less
Security Participation by
End User Organization
S
SasS SasS
Software PasS & SasS
P
IasS, PasS, & SasS
PasS
Platform
I
More
IasS
Infrastructure
43. Cloud Security
• Security Conclusions
– You should understand the importance of
what your considering moving into the cloud
– Risk tolerance for each asset
– Which combinations of deployment and
service models are acceptable
– You should have a good idea of potential
exposure points for sensitive information and
operations
44. Barriers to Cloud Adoption
• Security - The key concern is data privacy: organizations do not have
control of or know where their data is being stored
• Interoperability - A universal set of standards and/or interfaces has not
yet been defined, resulting in a significant risk of vendor lock-in
• Resource Control - The amount of control that the organization has
over the cloud environment varies greatly
• Latency - All access to the cloud is done via the internet, introducing
latency into every communication between the user and the
environment
• Platform or Language Constraints - Some cloud environments
provide support for specific platforms and languages only
• Legal Issues - There are concerns in the cloud computing community
over jurisdiction, data protection, fair information practices, and
international data transfer
45. Final Thoughts
• Cloud Computing is in essence an
economic model
– It is a different way to acquire and manage IT
resources
• There are multiple cloud providers—the
cloud is real
– Currently most cloud consumers are small
enterprises
– Large enterprises are exploring private clouds
– The number of providers will most probably grow
as people start seeing greater savings and
improvements to reduce adoption barriers
46. Final Thoughts
• Cloud Computing adoption requires cost/
benefit/risk analysis to determine
– What resources to move to the cloud (if any)
– What situations warrant use of cloud resources,
even for one-time situations
– Implementation of private clouds vs. usage of
public clouds
– What risks are associated with using resources
on the cloud
– What risks are associated to providing resources
in the cloud
47. Final Thoughts
• Decisions from a cloud consumer
perspective depend on
– Required control level
– Required security level
– Compatibility with local infrastructure
• Decisions from a cloud provider
perspective depend on
– Market/user characteristics
– Established SLAs
– Available technology
48. Thank You
Tom Eberle
Tom.Eberle@Comcast.net
LinkedIn.com/in/teberle
Twitter.com/teberle
49. References
• Cloud Security Alliance Guide.v3.0
• “Introduction to Cloud Computing” – Everyman IT
• “Introduction to Security and Privacy in Cloud
Computing”, Ragib Hanson , Johns Hopkins University,
1/25/2010
• “Architectural Implications of Cloud Computing”, Grace
A. Lewis, Software Engineering Institute, 2011
• “Introduction to Cloud Computing”, Wikipedia
• “Cloud Computing”, Wikipedia
Notas do Editor
This class introduces students to the world of Cloud Computing and explains that Cloud Computing is more then Virtualization.
For those concerned about the security of sensitive data, Amazon moved to create “GovCloud,” a cluster of data centers only available to government agencies and contractors
For those concerned about the security of sensitive data, Amazon moved to create “GovCloud,” a cluster of data centers only available to government agencies and contractors
For those concerned about the security of sensitive data, Amazon moved to create “GovCloud,” a cluster of data centers only available to government agencies and contractors
Are Created in Web Programming Languages Generally Use Databases to Store Data
Are Generally Used for Database Servers (MySQL, Microsoft Active Directory) Load is balanced between servers in a cluster. If one server fails the cluster responds by not sending traffic to it. Servers maintain the same data by using replication
Based off of old Mainframe and Dumb Terminal Architecture Now You Use Terminal Services Servers and Thin Clients Thin Clients can be Hardware Devices or Software installed on a computer All processing happens on Terminal Services Server and the Thin Client simply gets a "Window" into the server. Example: http://www.ncomputing.com/
Uses Terminal Services but instead of providing a full Environment it only delivers a specific Application.
Uses Desktop Clients Software or Hypervisors to allow you to install multiple Operating Systems on to one physical server.
Example: Mac Computer VMWare Fusion Install Windows 7 Windows 7 runs in a window on the Mac Desktop
i. Hypervisor is installed on the physical hardware to support the Operating Systems, and Management Software is used to configure each Virtual Machine, or Instance. ii. VMWare uses ESXi as the Hypervisor and vSphere for the Management Software
i. Hypervisor is installed on the physical hardware to support the Operating Systems, and Management Software is used to configure each Virtual Machine, or Instance. ii. VMWare uses ESXi as the Hypervisor and vSphere for the Management Software
Management Software Installed on another computer VMware vSphere
Management Software Installed on another computer VMware vSphere
i. Hypervisor is installed on the physical hardware to support the Operating Systems, and Management Software is used to configure each Virtual Machine, or Instance. ii. VMWare uses ESXi as the Hypervisor and vSphere for the Management Software
The Public Cloud is Cloud Computing used from Online Vendors Private Clouds are environments on business/organization property that use Cloud Technologies.
The Public Cloud is Cloud Computing used from Online Vendors Private Clouds are environments on business/organization property that use Cloud Technologies.
For those concerned about the security of sensitive data, Amazon moved to create “GovCloud,” a cluster of data centers only available to government agencies and contractors
For those concerned about the security of sensitive data, Amazon moved to create “GovCloud,” a cluster of data centers only available to government agencies and contractors
Security... Most Small Business Security is poor. Security for most small to medium sized business will be better when systems are hosted in the cloud Local and Internet Bandwidth becomes more important with Cloud Computing. Even on the LAN you may end using all of your bandwidth.
Security... Most Small Business Security is poor. Security for most small to medium sized business will be better when systems are hosted in the cloud Local and Internet Bandwidth becomes more important with Cloud Computing. Even on the LAN you may end using all of your bandwidth.
Security... Most Small Business Security is poor. Security for most small to medium sized business will be better when systems are hosted in the cloud Local and Internet Bandwidth becomes more important with Cloud Computing. Even on the LAN you may end using all of your bandwidth.