Introduction to cloud computing - National Grid Service (NGS)

chirpskulkInternet and Web Development

Nov 3, 2013 (3 years and 7 months ago)

66 views

Day 3

2

An Introduction to Cloud

Dr David Wallom,

Associate Director
-

Innovation (Oxford e
-
Research Centre)

Technical Director (UK NGS)


Thanks to NIST Clouds Introduction

Outline


What is Cloud…?


Using Cloud (technically)


Using cloud (non
-
technical)


Nationally available resources

What is cloud?

A Working Definition of Cloud Computing


Cloud computing is a model for enabling convenient, on
-
demand
network access to a shared pool of configurable computing resources
(e.g., networks, servers, storage, applications, and services) that can
be rapidly provisioned and released with minimal management effort
or service provider interaction.


This cloud model promotes availability and is composed of five
essential
characteristics,

three
service models
, and four
deployment models
.

5

Walloms

Def
:

If

a

user

speaks

to

a

person

to

get

access

to

resources,

its

virtualisation,


if

the

user

gets

access

through

a

computational

interface,

expanding

and

contracting

their

available

resources

at

will

it

s

a

Cloud!

Courtesy of NIST

5 Essential Cloud Characteristics


On
-
demand
self
-
service


High performance
network
access (not necessarily
JANet

quality though)


Resource
pooling
Location independence


Rapid
elasticity/service scalability


Measured
service/usage is accounted for

6

Courtesy of NIST

Service Models of Cloud Computing: SaaS, PaaS, IaaS


SaaS: Software as a Service

>

Google Apps, Force.com, Facebook, Microsoft
Office Live;

deployed

use

S
aaS

provider

8

Microsoft Azure Services




Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das

Service Models of Cloud Computing: SaaS, PaaS, IaaS


SaaS: Software as a Service

>

Google Apps, Force.com,
Facebook, Microsoft
Office
Live;


PaaS: Platform as a Service


>

Google App Engine, Azure Platform, Oracle
Fusion;

use

Applicatio
n

package

deployed

PaaS

provider

.NET

PHP

Python

Ruby

Visual Studio and Eclipse



Web Standards + Industry Standards



Azure


Services Platform

Microsoft Azure

Service Models of Cloud Computing: SaaS, PaaS, IaaS


SaaS: Software as a Service

>

Google Apps, Force.com,
Facebook, Microsoft
Office
Live;


PaaS: Platform as a Service


>

Google App Engine, Azure Platform;


IaaS: Infrastructure as a Service


>

Amazon Web Services, NGS Cloud,
Eduserv

use

OS

image

instantiated

I
aaS

provider

Amazon AWS


Amazon
AWS

Elastic
Compute
Cluster
(EC2)

SimpleDB

Simple
Storage
Service (S3)

Simple
Queue
Servcie

(SQS)

CloudFront

4 Deployment Models


Private cloud


enterprise owned or
leased,
e.g

operated by your institutional Information Services


Community cloud


shared infrastructure for specific
community, e.g. provided only to UK Universities, e.g.
Eduserv

(
Swindon
)


Public cloud


Sold to the public, mega
-
scale
infrastructure, e.g. Amazon


Hybrid cloud


composition of two or more
clouds, e.g. what it says on the tin!


Courtesy of NIST

Common Cloud Characteristics


Cloud computing often leverages:


Massive
scale (one research projects scaling)


Homogeneity


Virtualization


Resilient computing


Low cost software


Geographic distribution


Service orientation


Advanced security technologies

Courtesy of NIST

The NIST Cloud Definition Framework

15

Community

Cloud

Private
Cloud

Public Cloud

Hybrid Clouds

Deployment

Models

Service

Models

Essential

Characteristics

Common

Characteristics

Software as a
Service (
SaaS
)

Platform as a
Service (
PaaS
)

Infrastructure as a
Service (
IaaS
)

Resource Pooling

High
Perf

Network Access

Rapid Elasticity

Measured Service

On Demand Self
-
Service

Low Cost Software

Virtualization

Service Orientation

Advanced Security

Homogeneity

Massive Scale

Resilient Computing

Geographic Distribution

Based upon original chart created by Alex Dowbor
-

http://ornot.wordpress.com

Usage Models of Cloud


Globally

distributed;


different resources/cost;


different applications;


non standardised: different AAA and UI.

Private/Public Multiple Clouds

Users

NGS cloud

Amazon cloud

Eduserv

cloud

EGI cloud

Azure cloud

Mediated Private/Public Multiple Clouds

Management

Interface

NGS cloud

Amazon cloud

Eduserv

cloud

EGI cloud

Users


Automation;


load balancing;


costs reduction;


usability.


Federation of Local and
Global

resources


Elasticity managed

by local cloud not user


different resources/cost;


different applications;


non standardised: different AAA but single UI through private provider

Hybrid Multiple Clouds

Users

Institutional cloud

Amazon cloud

Eduserv

cloud

EGI cloud

NGS cloud

Migration Paths for
Cloud
Adoption


Use public clouds


Develop private clouds


Build a private cloud


Procure an outsourced private cloud


Migrate data centers to be private clouds (fully virtualized)


Build or procure community clouds


Organization wide
SaaS


PaaS

and
IaaS


Disaster recovery for private clouds


Use hybrid
-
cloud technology


Workload portability between clouds


Using an IaaS

Users
retains (full) control
on:


operating system:


create, modify or use existing OS
images;


VM instantiation and management (start, stop, #
VMs);


networking:


elastic IP, virtual firewalls, isolation (security
groups);


data:


create
and manage EBS
devices;


snapshotting.


Great
flexibility vs. extra
effort

Cloud Infrastructure for Research

Centralisation
Vs

Federation


Centralisation
: one large, dedicated datacentre that serves
the national HEI demand


Federation
: heterogeneous set of local infrastructures are
coordinated nationally in order to satisfy the HEI demand

Criteria for evaluation


Funding


Scalability


Flexibility


Maintenance


Support


Accountability


Obsolescence


Competitiveness


Security

Client Tools

HybridFox

RightScale

Gems
RightAws

Command Line Interface

Cloud
Computing Security

Security is the Major Issue


Analyzing Cloud Security


Some key issues:


trust, multi
-
tenancy, encryption,
compliance


Cloud
security is a tractable problem


There are both advantages and challenges



General Security Advantages


Shifting public data to a external cloud reduces the exposure of the internal sensitive
data


Cloud homogeneity makes security auditing/testing simpler


Clouds enable automated security management


Redundancy / Disaster Recovery

Cloud Security
Advantages


Data Fragmentation and Dispersal


Dedicated Security Team


Greater Investment in Security Infrastructure


Fault Tolerance and Reliability


Greater Resiliency


Hypervisor Protection Against Network Attacks


Possible Reduction of C&A Activities (Access to Pre
-
Accredited Clouds
)


Simplification of Compliance Analysis


Data Held by Unbiased Party (cloud vendor assertion)


Low
-
Cost Disaster Recovery and Data Storage Solutions


On
-
Demand Security Controls


Real
-
Time Detection of System Tampering


Rapid Re
-
Constitution of Services


Advanced
Honeynet

Capabilities

General Security Challenges


Trusting
someone else's

security model


Customer inability to respond to audit findings


Limitations in obtaining
support for investigations


Indirect administrator
accountability


Proprietary implementations
can

t
be examined


Loss of physical control


Cloud Security
Challenges


Data dispersal and international privacy laws


EU Data Protection Directive and U.S. Safe Harbor program


Exposure of data to foreign government and data subpoenas


Data retention issues


Need for isolation management


Multi
-
tenancy


Logging challenges


Data ownership issues


Quality of service
guarantees


Dependence on secure hypervisors


Attraction to hackers (high value target)


Security of virtual OSs in the cloud


Possibility for massive outages


Encryption needs for cloud computing


Encrypting access to the cloud resource control interface


Encrypting administrative access to OS instances


Encrypting access to applications


Encrypting application data at rest


Public cloud
vs

internal cloud security


Lack of public
SaaS

version
control

An example of using cloud in
research

Strategic Plan for Helix Nebula


Set
up a
cloud computing infrastructure
for
European Research Area


Identify
and adopt
policies
for trust, security
and privacy on a European
-
level


Create
a light
-
weight
governance
structure
involving all stakeholders


Define
a short and medium term
funding
scheme


Pilot phase goals


Through
the pilot phase we expect to explore/push a series of
perceived barriers to Cloud adoption:


Security
: Unknown or low compliance and security standards


Reliability
: Availability of service for business critical tasks


Data
privacy: Moving sensitive data to the Cloud


Scalability
/Elasticity: Will the Cloud scale
-
up to our needs


Network
performance: Data transfer bottleneck;
QoS



Integration
: Hybrid systems with in
-
house/legacy systems


Vendor
lock
-
in: Dependency on vendors once data & applications
have been transferred to the Cloud


Legal
concerns: Such as who has legal liability


Transparency
: Clarity of conditions, terms and pricing


Cloud Resources
Available


Private Cloud


Matteo

Turilli
, Steve Thorn & Richard Tarrant



Community Cloud


Matt Johnson



Public Cloud


John Donnelly, Ryan
Shuttleworth