Welcome to the Basic Training Material • These slides contain basic presentation material to prepare students for the EXIN Cloud Computing Foundation examination • The slides may be used in a Foundation training and as a basis for an accredited training • A good training will always require extra examples, elaborating subjects of special interest to the audience and a good time schedule, including break-out sessions • The order in which the Foundation subjects are presented, follow the order of the exam requirements, which is not necessarily the order in a good training course 2
AgendaIntroduction1. Principles of Cloud Computing2. Implementing and Managing Cloud Computing3. Using the Cloud4. Security and Compliance5. Evaluation of Cloud Computing
Definitions cloud computing, method of running application software andstoring related data in central computer systems and providingcustomers or other users access to them through the Internet . Encyclopaedia Britannica (eb.com, 2012) Cloud computing is a model for enabling ubiquitous, convenient,on-demand network access to a shared pool of configurablecomputing resources (e.g., networks, servers, storage,applications, and services) that can be rapidly provisioned andreleased with minimal management effort or service providerinteraction. NIST Special Publication 800-145 (September 2011) This definition of the American National Institute of Standards and Technology will form the basis for this presentation.
1.1.1 Five Characteristics• On-demand self-service• Resource pooling (multi-tenancy)• Rapid elasticity (flexibility, scalability)• Measured service (pay-per-use)• Broad network access ( "any time, any place, any device )
IT becomes an utilityThere was a time when every household, town, farm or village had its ownwater well. Today, shared public utilities give us access to clean water bysimply turning on the tap; cloud computing works in a similar fashion. Justlike water from the tap in your kitchen, cloud computing services can beturned on or off quickly as needed. Like at the water company, there is ateam of dedicated professionals making sure the service provided is safe,secure and available on a 24/7 basis. When the tap isnt on, not only areyou saving water, but you arent paying for resources you dont currentlyneed. Vivek Kundra Federal CIO, United States Government.
Cloud Computing: Some examples• For everyone: ‒ facebook, twitter (social media) ‒ wiki s ‒ online games ‒ hotmail (webmail) ‒ dropbox• For business: ‒ CRM ‒ backup services ‒ ERP ‒ Financial ‒ Etc
1.1.2 Four Deployment models Public, Private, Community and Hybrid Clouds
Private Cloud: just another name for a data center?• resides on a private network that runs on (part of) a data center that is exclusively used by one organization.• owned, managed and run by either the organization itself, a third party or a combination of the two• support the organization s business objectives in an economic sound way• high security (compliance with legislation and regulations)
Public Cloud• delivery of off-site services over the internet• Sharing of resources; multi-tenancy means a lower level of security and privacy• Aimed at a wide audience• Compelling services like email and social media• Enables social networking and collaboration
Community Cloud• A type of shared private cloud• delivers services to a specific group of organizations and/or individuals that share a common goal• easy sharing of data, platforms and applications• Sharing of capital expenditure for otherwise (too) expensive facilities• 24/7 access and support• shared service and support contracts• economics of scaleExamples: regional or national educational or research institutes,community centers, etc.
Hybrid Cloud• a mix of the above models; combining several private and public Cloud solutions from several providers into one (virtual) IT infrastructure• choosing specific services for either Private or Public Cloud suitability is balancing: ‒ security ‒ privacy ‒ compliance versus price
1.1.3 Cloud Service Models• Software as a Service (SaaS) ‒ The key benefits are that the customer does not need to worry about the development and management of applications.• Platform as a Service (PaaS) ‒ Not owning a computer platform, but being able to use it on demand can save costs in ownership, management and maintenance• Infrastructure as a Service (IaaS) ‒ Rental of physical or virtual hardware like storage, servers or internet connectivity.
SaaS• Key characteristics: ‒ software hosted offsite ‒ software on demand ‒ software package ‒ no modification of the software ‒ plug-in software: external software used with internal applications (hybrid cloud) ‒ vendor with advanced technical knowledge ‒ user entangled with vendor• Examples: CRM, ERP, Billing and invoicing, Web Hosting, Etc.
PaaS• Key characteristics: ‒ Mostly used for remote application development ‒ Remote application support ‒ Platform may have special features ‒ Low development costs• Variants ‒ Environment for software development ‒ Hosting environment for applications ‒ Online storage
IaaS• The background of IaaS can be found in the merger between IT and Telecom infrastructure and services in the past decade• Key characteristics: ‒ Dynamic scaling ‒ Desktop virtualization ‒ Policy-based services• Examples of IaaS are hosting services supporting e-commerce, web hosting services that include broadband connections and storage.
1.2.1 Historic timeline• Contributing factors to the existence of the Cloud ‒ The development of the Internet ‒ The move from Mainframe computing to the present day myriad of personal devices with connection to the Internet. ‒ The development of computer networks• Time-line ‒ Mainframe computers and terminals ‒ Decentralized mini computers with terminals ‒ Micro computers (PC) connected to a LAN with terminal emulation ‒ Client-server architecture ‒ Any device connected to the internet
Minicomputers • Easier to purchase • Smaller • Cheaper • First specialized, later multi-tasking • Development of LAN
From Microcomputer to PC • Smaller, smaller, smaller • Single user > multi user • Limited memory and storage > limitless • Elementary operating system > multi OS
1.2.2 Network and ServersService forms Uses• Dial-up with modem • Dedicated terminal• Dedicated leased-line • Access to time sharing services • Special services on intelligent devices: ‒ Terminal server (remote access) ‒ Batch processing (job entry)
1.2.3 The role of the Internet• Initial vision: Intergalactic Computer Network (Licklider, 1963)• ARPANET (Advanced Research Projects Agency Network, owned by the US Department of Defense, 1998)• One protocol: the TCP/IP protocol (1983)• One global and public network• Internet services: www, ftp, smtp, http,
1.2.4 VirtualizationNot NEW!• Exists since the 1970s in mainframe environments Example: 1972 IBM VM/370
Virtualization• Concept of the cloud: virtualized operating environment & thin clients; Web-based delivery• Virtualization is the solution for integration of: ‒ Internet ‒ Storage ‒ Processing power• Key Features are: ‒ Multiplies the use of high performance computers ‒ Puts extra/excess capacity to use ‒ Multi tenancy
Six types of virtualization• Access virtualization (access from any device)• Application virtualization (platform and operating system independent)• Processing virtualization (one system becomes many)• Network virtualization (enables artificial views of the network)• Storage virtualization (enables sharing, concealing, etc.)
Server Virtualization Architectures• Virtualization as the Operating System• Virtualization with a host Operating System
Virtualization as the Operating System Application Application Application Programs Programs Programs Guest Operating Guest Operating Guest Operating System System System Hypervisor Virtual Operating Environment Hardware In this type of virtualization the hypervisor is the separating layer between guest operating systems and the hardware.
Virtualization with a Host Operating System Application Application Application Programs Programs Programs Guest Operating Guest Operating Guest Operating System System System Hypervisor Virtualization Layer Host Operating System Hardware• In this type of virtualization a host operating system is used as the first tier of access control.
Multi -tenancy Architecture• Rationale: ‒ a large number of users, basically multi tenants, makes the cloud platform most efficient in terms of usability of the application and Do More With Less Resources. (Rajan 2011).• Key element (&issue) is Security ‒ Security needs to be ensured at all levels of the infrastructure• Examples: ‒ Salesforce.com: a SaaS-based CRM application for various businesses using common framework and multi tenancy model ‒ Microsoft Dynamics CRM Online offering ‒ Multi-Tenancy IaaS/PaaS offerings from Amazon or IBM or Microsoft Azure
1.3.2 Service-Oriented Architectures• Service-Oriented Architecture (SOA) ‒ an architectural style that supports service orientation.• Service orientation ‒ a way of thinking in terms of services and service-based development and the outcomes of services.• Service ‒ Is a logical representation of a repeatable business activity that has a specified outcome (e.g., check customer credit; provide weather data, consolidate drilling reports) ‒ is self-contained ‒ may be composed of other services ‒ a black box to consumers of the service Source: Cloud working group, The Open Group.
Cloud and SOA• Question: (Paul Krill) ‒ Can we build a datacenter infrastructure on SOA principles?• Answer: (Gerry Cuomo) ‒ Yes, and thats the cloud, so its a service-oriented infrastructure, Its taking that architectural principle of SOA and applying it to an infrastructure. The cloud-SOA connection (Krill, 2009)• A service-oriented architecture is basically a collection of services that communicate with each other.• Connecting these services in many cases involves Web services using XML No Cloud without SOA!
Service Oriented Architecture Criteria• In order to implement SOA, the architecture must meet the following criteria: ‒ Services that are able to communicate with each other ‒ A well understood interface ‒ A message-oriented communication process
1.4.1 Main benefits of Cloud computing• Reduced Cost (the pay-per-use, economics of scale)• Automated (updates, security patches, backups, )• On demand (Flexibility + Scalability = Elasticity)• More Mobility (accessible from any web enabled device)• Shared Resources (multi-tenancy)• Back to core business• More for less
1.4.2 Cloud Computing Limitations• Internet access (no internet = no Cloud)• Security (how do you know?)• Privacy (what legislation or regulations?)• Vendor lock-in (application migration may be impossible)Plus or Minus• Service Level Agreement ‒ Do the clauses support your business? ‒ If so it is a plus! (customer responsibility; it takes two to tango!)
Why own a local Cloud environment• Private intranet becomes a private Cloud ‒ Investment in existing infrastructure ‒ Integration of legacy applications• Controlled by the own organization ‒ Complete control ‒ Internal Security
2.1.1 Main Components and their interconnection
Main hardware componentsBaseline examples:• Local Area Network (LAN) ‒ Switches, routers etc.• Blade server array (on which can run) ‒ Database servers, application servers, web servers, etc.• User workstations ‒ This client, PC, mobile devices• Storage ‒ Storage Area Network (SAN) ‒ Network Attached Storage (NAS)• Load balancer
Main software componentsBaseline examples:• Virtualization software• Cloud based application software ‒ CRM, ERP, Financial, etc.• Database software• Middleware• Operating systems ‒ Proprietory or Open Source
Architectural considerations (general)• Standard building blocks ‒ Protocols ‒ Vendor independent ‒ Location independent• Security and Service Continuity ‒ Multiple sites ‒ Backup mechanisms ‒ Data storage replication ‒ High security components like firewalls, a DMZ and internet security software
Architectural considerations: Connectionrequirements• Speed• Capacity• Availability (access at any time, from any place and from any device)• Secure inter-/intranet based access ‒ VPN
2.1.2 Virtual Private Network access• The key benefits of using a VPN are: ‒ Remote secure connectivity ‒ Cheaper than private or rented connections ‒ More mobility for employees• Architectural considerations ‒ IP-tunneling ‒ TCP/IP protocol ‒ Security ‒ Encryption ‒ Authentication (AAA)
2.1.3 Risks of connecting a local Cloud Network tothe Public Internet• Are companies really willing to risk having all their information, data, privacy, and software handled in a virtual cloud̶a place where theyre most susceptible to hack attacks and cyber invasions? source:www.secpoint.com• Issues: ‒ Provider responsibility: • Security of data • Privacy of data ‒ The customer s responsibility: • Check for compliance (legislation, regulations, International standards) • With who do I share the Cloud?
Data Protection and Partitioning • Wall between data from different clients • Zoning • Hidden storage Protection across operating systems and virtual servers
2.2.1 IT Service Management Principles in a CloudEnvironmentOutsourcing to the Cloud means that the provider needs to be in control of the complete supply chain.Key areas of control:• IT-governance; the customer needs to remain in control over his/her business processes• Business-IT alignment; the customer needs to make sure that the Cloud IT processes support his/het business in the short and long term
IT GovernanceThe following elements need to be in place: ‒ Good Service Level Management • Different requirements for the different Cloud models • Reporting system • Clear SLA s with SMART performance criteria ‒ Proper audit standards and internal audit mechanisms • Provider: ‒ ISO/IEC 20000:2011 (Service Management) ‒ ISO/IEC 27001, 2 (Information Security) • Customer: ‒ Cobit®4.1 or ISO/IEC 38500:2008 (corporate governance of IT)
2.2.2 Managing Service Levels in a CloudEnvironmentISO/IEC 20000:2011 quality specificationsComponent Consisting of Purpose Quality specificationsInformation • People To manage • AvailabilitySystem • Processes information • Capacity • Technology • Performance • Partners • Security • Scalability • Adjustability • PortabilitySupport • Changes, To ensure system performance restoration in according to the case of failure agreed • Maintenance requirements
ISO/IEC 20000:2011 Processes• The provider needs to conform to the process requirements Process group Process Service delivery processes − Service Level Management − Service Reporting − Service Continuity and Availability Management − Budgeting and Accounting for Services − Capacity Management − Information Security Management Relationship processes − Business Relationship Management − Supplier Management − Control processes − Configuration Management − Change Management − Resolution processes − Incident Management − Problem Management Release process − Release and Deployment Management• And its staff need to be familiar with the processes and adhere to the procedures and instructions!
Questions to ask from the Cloud provider• How are audits performed?• Where are the servers located, and which legislation applies to the data?• What are the provisions when a service changes or ends (service life cycle and end of life)?• What are the provisions if we want to migrate to another provider (contract life cycle and end of life)?
3.1.1 Accessing Web applications through a WebBrowser• Basic ingredients: - any web enabled device - PC, laptop, tablet, smart phone, thin client - Internet browser - Internet connection - Provider, IP-address - Cloud based application - SaaS solution• Mind you no Internet = no Cloud!
3.1.2 Cloud Web Access ArchitectureBasic ingredients:• Standard protocols (for each ISO-OSI layer)• Web enabled device ‒ PC ‒ Laptop ‒ Tablet ‒ Smart phone ‒ And (revival of the computer terminal) Thin Client• Internet access
The Internet The Internet is a global system of interconnected computernetworks that use the standard Internet protocol suite (TCP/IP) toserve billions of users worldwide (Wikipedia)
Understanding open standards for the Cloud: theOSI model• Copyright & source: http://www.lrgnetworks.com
Examples of standard protocols• HTTP• VT• RTSE• API-sockets• TCP and IP• SSL• Ethernet,• IEEE 802.3,• 10BASE-T
3.1.3 The use of a thin Client• A simple network enabled computer ‒ No moving parts like a hard disk or DVD drive ‒ Boots from the network• Benefits: ‒ Lower costs; initial price and running costs ‒ Simple; no moving parts ‒ Better for the environment; they produce less heat and need less cooling, sometimes not even a fan ‒ Heightened security; booting from the network with controlled access, no local data, etc. ‒ Less chance of user errors
Categories of Web applications for everyone• Google Gmail• Yahoo Mail• Twitter• Zimbra• Salesforce• Dropbox• Skype• ..•
Categories of Web applications for business• Customer Relationship • Email (professional) Management (CRM) • Webmail• Enterprise Resource • Office suites Planning (ERP) • E-Business• HR solutions • Online Storage• IT Service Management • Collaboration• Finance & accounting • Video conferencing• Web design and management
3.1.4 Overview of the use of Mobile Devices inaccessing the Cloud
Mobile web enabled devices• Tablet• Smart phonePlatforms:• Apple iPhone• Google Android• Blackberry• Windows phone+ interoperability between different cellphone networks- no/low interoperability between platforms
Typical solutions for mobile devices• Text messaging• E-mail• Apps ‒ Navigation ‒ Streaming radio ‒ TV ‒ Internet browser ‒ And . Anything you can imagine (or not)
3.2HOW CLOUD COMPUTINGCAN SUPPORT BUSINESSPROCESSES
3.2.1 Impact of Cloud Computing on primarybusiness processesPrimary processes are Purchasing, Sales, Manufacturing, Advertising and MarketingContribution of public or hybrid cloud computing for example:• Purchasing and Manufacturing - Collaboration with suppliers: Exchange and sharing platforms• Sales, Advertising and Marketing ‒ Interaction with potential customers and the market: social media ‒ Communication with customers: social media ‒ Registration of customer contacts: CRM
3.2.2 Role of standard applications in collaboration• Social Media (also for business use!) ‒ LinkedIN, Facebook, Twitter• Email/Webmail ‒ Google Gmail, Yahoo Mail• Videoconferencing ‒ Skype• File sharing ‒ Dropbox• Sales and CRM ‒ Salesforce
Application Example: Content Management Systems• Large numbers of people contribute and share stored data• Controlled access to data, based upon user roles• Easy storage and retrieval of data• Reduction of repetitive duplicate input• Easier report writing & communication between users: previous versions are accessible• Access is location independent
3.3.1 Impact on Relationship Vendor Customer• The relationship between provider and customer changes ‒ Customer intimacy: running the customer s business ‒ Running the whole supply chain• Requirement to demonstrate performance and compliance ‒ New and clear SLA s ‒ Audit trail ‒ Compliance to legislation, regulations and international audit standards
3.3.2 Benefits and Risks of providing Cloud basedServicesBenefits: business opportunities- New lease of life for old data centers (IaaS)- Better use of resources because of multi-tenancy- Economics of scale- Quickly develop and run applications in the same environment (PaaS)Risks: challenges- Compliance - Standards, legislation and regulations- Performance - Availability, capacity, flexibility, scalability- Security- Privacy
Is the Cloud safe?Researchers find "massive" security flaws in cloud architecturesAmazon Web Services vulnerabilities were found and fixed, others are likelysusceptible. By Tim Greene, Network World (October 26, 2011) . This will not happen to us !....Recent Breaches Spur New Thinking On Cloud SecurityCloud providers might be attractive targets for attackers, but liability cant beoutsourced, experts say. By Robert Lemos, www.darkreading.com (May 02, 2011) . Or can it happen to us?....
4.1.1 Security risks in the Cloud• Data loss/leakage• Shared technology vulnerabilities• Insecure application interfaces• Malicious insiders• Abuse and nefarious use of Cloud computing• Unknown risk profile and account• Account, service and traffic hijackingCopyright & Source: Cloud Security Alliance (CSA), paper: Cloud Security Alliance Top Threats toCloud Computing Version 1.0 (2010)
4.1.2 Measures mitigating Security RisksRisk: Mitigation:• Data loss/leakage • Authentication, audit, etc.• Shared technology • Operations procedures, operational vulnerabilities security practices, etc.• Insecure application interfaces • Design for security, etc.• Malicious insiders • Staff vetting, etc.• Abuse and nefarious use of • Validation of credentials, active Cloud computing monitoring of traffic, etc.• Unknown risk profile and • Good SLAs and audit account• Account, service and traffic • Strong authentication, active hijacking monitoring, etc.Copyright & Source: Cloud Security Alliance(CSA), paper: Cloud Security Alliance TopThreats to Cloud Computing Version 1.0 (2010)
4.2.1 Authentication• Non-Cloud authentication ‒ Simple authentication using user-id and password ‒ Active directory authentication • Using your active directory account credentials • Uses Kerberos protocol (no transmission of readable data)• Authentication in the Cloud ‒ Active directory authentication (Vmware plays the role of the domain controller and/or security server) ‒ LDAP (Lightweight Directory Access Protocol) or Kerberos
Triple-A Authentication• Authentication ‒ Triple identification, what/who you • Know (password) • Have (token/smart card) • Are (fingerprint or retina scan)• Authorization ‒ leveled• Accountability ‒ periodic logs & audit data
4.2.2. Main aspects of Identity Management• Typical characteristics of an Identity Management system are: ‒ Role management; IT implementation of a business role. ‒ Role hierarchy; a representation of an organization chart. ‒ Separation of duties. ‒ Group management; permissions are not given to people but to roles. ‒ Self-service functions. ‒ Password synchronization. ‒ Digital Identity; presence and location determine available services and capabilities.
Single Sign On (SSO) for web services• Problem: Security infrastructure in the Cloud is distributed• Solution: Single Sign On (SSO) ‒ All distributed elements consolidated on a SSO-server ‒ Credentials are offered by AD-account, token or smart card ‒ Uses SOAP protocol
4.2.3. Privacy, compliance issues and safeguards inCloud computing• Issues: ‒ Handling of Personal Identifiable Information (PII) ‒ Compliance to international privacy legislation and regulations• Safeguards ‒ Effective Access Control and Audit ‒ Secure Cloud Storage ‒ Secure Network Infrastructure
Personal Identifiable Information (PII)• Forms of identification: SSN, passport, fingerprints• Occupational: job title, company name• Financial: bank numbers, credit records• Health care: insurance, genetic• Online activity: log-ins• Demographic: ethnicity• Contact: phone, e-mail
International Privacy/Compliance• USA: the Privacy Act 1974, federal laws HIPAA & GLBA and Safe harbor• Japan: Personal Information Protection Law and Law for Protection of Computer Processed Data Held by Administrative Organs (1988)• Canada: PIPEDA (Personal Information Protection and Electronic Data Act 2008) and Privacy Act (1983)• EU: Laws and privacy standards of the member countries, EU Internet Privacy Law (DIRECTIVE 2002/58/EC, 2002) and EU Data Protection Directive (1998)
Safeguards• Effective Access Control and Audit ‒ Single Sign On (SSO) ‒ Strong authentication: password & biometric measure ‒ Review on audit logs• Secure Cloud Storage ‒ Encryption ‒ Integrity by mechanisms as hashing• Secure Network Infrastructure ‒ Encryption protocols against leakage ‒ Integrity protocols (digital signatures) against modification• Consult a lawyer, specialized in international legislation ‒ Know where (which country) your data is
Business drivers• Flexibility• Time to market (TTM)• Costs ‒ TCO ‒ Capex vs. Opex ‒ TCAO• Service Level Agreements (SLA) ‒ Performance, Security, Availability, Scalability,• Architecture ‒ Integration (PaaS), migration• Green(er) computing
Compelling feature: quicker time-to-marketBut• Can the cloud provide the resources faster than when hosted locally in your company?• What do we give up?• What do we gain?• Is your organization willing to compromise?• Are the organization, employees, IT staff, other interested parties willing to make the change without delay?
TCO and all that stuffStatement: going the Cloud way lowers your TCO of IT• Is this true or are you just redistributing costs? ‒ Capital costs are lowered significantly, but are replaced by subscriptions, pay-per-use, expensive support contracts, etc. (Capex becomes Opex)• We need to compare what we are paying now to the Cloud scenario ‒ Not only as a snap-shot, bu also as a long term video
Example: Total cost of application ownership(TCAO)• Server costs• Storage costs• Network costs• Backup and archive costs• Disaster recovery costs• Data center infrastructure costs• Platform costs• Software maintenance costs (package software)• Software maintenance costs (in-house software)• Help desk support costs• Operational support personnel costs• Infrastructure software costs•
5.1.2 Operational and staffing benefits• Operational benefits (examples): ‒ Managed services ‒ Self-service (unmanaged services) ‒ instant server deployment ‒ software licensing without impact on Capex ‒ uptimes are guaranteed ‒ Backups as a service (always off-site)• Staffing benefits (examples): ‒ Less IT staff (less wages to be paid) ‒ Lower recruitment, HR and training costs ‒ Lower employee benefits
Overview of Evaluating Cloud ComputingImplementations
5.2.1 The evaluation of performance factors,management requirements and satisfaction factorsTypical questions to be asked are:• How long does it take to resolve incidents and problems?• How good is the security of the Cloud data center?• How does system performance (i.e. connection and transaction speeds) compare to your own data center and private network?Advice: It makes sense to do a comparative study of severalproviders before you sign a contract.
Evaluating Cloud Implementations• Power savings • Service• Floor space savings • Wiser investment• Network infrastructure • Security• Maintenance • Compliance• Software licensing • Faster delivery of what• Time to value you want• Trial period • Less capital expense • Short-term needs
Performance, Requirements and SatisfactionTry before you buy!• Demand a trial period• Do not commit until you are certain it works the way you want, especially when considering a completely new software package or completely new service!
5.2.2 Evaluation of service providers and services:what you get for the moneyYou need a Governance framework!• Performance ‒ monthly technical performance reports ‒ exception reports ‒ quarterly management reviews.• Compliance ‒ Third party statements for: • SAS70, ISAE3402 • ISO/IEC 20000, 27001, 9001, etc.
EXIN Cloud Computing Foundation exam• Number of questions: 40• Type of questions: Multiple choice• Tool: web based or paper based• Pass rate: 65%• Pass mark: 26• Duration: 1 hour• Open book: no• Sample exam: www.exin.com