2. June 21, 2017 www.snipe.co.in 2
Cloud ComputingCloud Computing
3. June 21, 2017 www.snipe.co.in 3
Agenda
Agenda :
• What is Cloud?
• What is Cloud Computing?
• History of cloud Computing.
• Introduction to Cloud computing.
• Cloud Computing Cycle.
• Types of Cloud Computing .
• Cloud Architecture.
• Managing Cloud Services.
4. June 21, 2017 www.snipe.co.in 4
• Cloud Service Models.
• Cloud Computing Characteristics.
• Opportunities and challenges of Cloud Computing.
• Virtualization.
• Application of Cloud Computing.
• Issues in cloud Computing.
• Cloud Computing Business Challenges.
•Technologies Used in Cloud computing
•Future of Cloud Computing.
5. June 21, 2017 www.snipe.co.in 5
• Security in Cloud computing.
•Advantages of Cloud Computing
• Disadvantages of Cloud Computing.
• Demonstration of Application.
6. June 21, 2017 www.snipe.co.in 6
‘Cloud' is an elastic execution environment of resources involving
multiple stakeholders and providing a metered service at multiple
granularities for a specified level of quality (of service).
What is Cloud ?
TERMINOLOGY
• The cloud is the next stage in the evolution of the Internet. It
provides the means through which everything
— from computing power to business processes to personal
collaboration
— is delivered to you as a service wherever and whenever you
need it.
8. June 21, 2017 www.snipe.co.in 8
What is Cloud Computing?
Cloud Computing is a general term used to describe a new class of
network based computing that takes place over the Internet,
Cloud computing is the use of computing resources (hardware and
software) that are delivered as a service over a network
Cloud computing is a step on from Utility Computing
- A collection/group of integrated and networked hardware,
software and Internet infrastructure (called a platform).
-Using the Internet for communication and transport provides
hardware, software and networking services to clients.
9. June 21, 2017 www.snipe.co.in 9
“Cloud” is the aggregation of Servers, Low end computers and storage
hosting the program and data.
• Accessed via Internet anywhere from world
What is Cloud Computing?
What is Cloud Computing?
10. June 21, 2017 www.snipe.co.in 10
• A style of computing where massively scalable IT-enabled
capabilities are provided "as a service" over the network
What is Cloud Computing?
So exactly what Cloud Computing is?
Business Model
Usage Based
Access Model
Network
Technical Model
Dynamic
11. June 21, 2017 www.snipe.co.in 11
Line of Business Executive “A buyer centric view of technology
where applications are available,
through purchase, rental or even
development, wherever and whenever.”
What is Cloud Computing?
Cloud Computing from different viewpoint
“An approach to consume technology in a
pay-as-you-go model where consumers
only pay for what they use.”
CFO
CIO
“A comprehensive virtualization model
for technology from infrastructure
through application delivery .”
12. June 21, 2017 www.snipe.co.in 12
History of cloud Computing
13. June 21, 2017 www.snipe.co.in 13
History of cloud Computing
•1960 - John McCarthy opined that "computation may someday be
organized as a public utility"
•Early 1990s – The term “cloud” comes into commercial use referring to
large networks and the advancement of the Internet.
•1999 – Salesforce.com is established, providing an “on demand” SaaS
(Software as a Service).
•2001 – IBM details the SaaS concept in their “Autonomic Computing
Manifesto”
14. June 21, 2017 www.snipe.co.in 14
History of cloud Computing
•2005 – Amazon provides access to their excess capacity on a utility
computing and storage basis
•2007 – Google, IBM, various Universities embark on a large scale cloud
computing research project
•2008 – Gartner says cloud computing will “shape the relationship among
consumers of IT services, those who use IT services and those who sell
them”
15. June 21, 2017 www.snipe.co.in 15
History of cloud Computing
Evolution of Cloud Computing
Grid Computing
Utility Computing
SaaS Computing
Cloud Computing
Solving large
problems with
Parallel
computing
Made
mainstream
By Global
Alliance
Offering
computing
resources as a
metered
service
Introduced in
late 1990s
Network-based
subscriptions
to applications
Gained momentum
in 2001
Next-Generation
Internet computing
Next-Generation
Data Centers
16. June 21, 2017 www.snipe.co.in 16
Cloud Computing
ArChiteCture
17. June 21, 2017 www.snipe.co.in 17
• Cloud Architecture.
• Deployment Types
• Service Models
• Cloud computing characteristics.
• Opportunities and challenges of cloud computing.
19. June 21, 2017 www.snipe.co.in 19
Cloud Architecture
• Essential Characteristics
• Cloud Service Modules
– SAAS(Software as a Service)
– PAAS(Platform as a service)
– IAAS(Infrastructure as a Service)
• Cloud Deployment Types
– Public
– Private
– Hybrid
(Continued…)
Cloud Deployment Types:
20. June 21, 2017 www.snipe.co.in 20
Essential Characteristics
On-Demand Self-service:
A consumer can unilaterally provision computing capabilities
such as server time and network storage as needed
automatically, without requiring human interaction with a
service provider.
Broad Network Access:
Capabilities are available over the network and accessed
through standard mechanisms that promote use by
heterogeneous thin or thick client platforms (e.g., mobile
phones, laptops, and PDAs) as well as other traditional or
cloud based software services
Resource Pooling:
The provider’s computing resources are pooled to serve
multiple consumers using a multi-tenant model, with
different physical and virtual resources dynamically assigned
and reassigned according to consumer demand.
(Continued……)Cloud Architecture
21. June 21, 2017 www.snipe.co.in 21
Rapid elasticity:
• Cloud services can be rapidly and elastically provisioned, in
some cases Automatically, to quickly scale out and rapidly
released to quickly scaling .
• To the consumer the capabilities available for provisioning
often appear to be unlimited and can be purchased in any
quantity at any time .
Cloud Architecture
22. June 21, 2017 www.snipe.co.in 22
Measured Service:
• Cloud computing resource usage can be measured, controlled,
and reported providing transparency for boot provider and
consumer of The utilized service.
• Use meter in capability which enables to control and optimize
resource use .
• It services such as n/w security management, data center
hosting or even departmental billing can now be easily delivered
as a contractual service.
Cloud Architecture
23. June 21, 2017 www.snipe.co.in 23
Cloud Service Models
•Software as a Service:
– Leverages the Cloud in software architecture
– Eliminates the need to install and run the application on the
customer's own computer
Ex: Salesforce.com
• Infrastructure as a Service:
–The user can benefit from networking infrastructure facilities,
data storage and computing services.
Ex: Amazon web Service.
Cloud Architecture
24. June 21, 2017 www.snipe.co.in 24
Platform as a Service:
•Delivers a computing platform and/or solution stack as a
service.
• Facilitates deployment of applications without the cost and
complexity of buying and managing the underlying hardware and
software layers.
Ex: Google apps.
Cloud Architecture
25. June 21, 2017 www.snipe.co.in 25
Deployment Models:
Public Cloud:
• The cloud infrastructure is made available to general public
or a large industry group and is owned by an organization
selling cloud services.
• These services are free or offered on a pay-per-use model
and offer access only via Internet.
Private Cloud:
• Private cloud is cloud infrastructure operated solely for a
single organization.
• It will require the organization to reevaluate decisions about
existing resources.
Cloud Architecture
26. June 21, 2017 www.snipe.co.in 26
Hybrid Cloud:
• Hybrid cloud is a composition of two or more clouds that
remain unique entities but are bound together, offering the
benefits of multiple deployment models.
• companies and individuals are able to obtain degrees of fault
tolerance combined with locally immediate usability without
dependency on internet connectivity.
Community Cloud:
• Community cloud shares infrastructure between several
organizations from a specific community with common
concerns.
• The costs are spread over fewer users than a public cloud
(but more than a private cloud), so only some of the cost
savings potential of cloud computing are realized.
Deployment Models
27. June 21, 2017 www.snipe.co.in 27
Software as a Service:
•The capability provided to the consumer is to use the provider’s
applications running on a cloud infrastructure.
•The applications are accessible from various client devices through
a thin client interface such as a web browser . (e.g., web-based email)
•The consumer does not manage or control the underlying cloud
infrastructure including network, servers, operating systems,
storage, or even individual application capabilities, with the possible
exception of limited user specific application configuration
settings.
(Continued……)Service Models
28. June 21, 2017 www.snipe.co.in 28
• Software as a service features a complete application
offered as service on demand.
• SaaS is a model of software deployment where an application
is hosted as a service provided to Customers across the
internet.
• A single instance of the software runs on the cloud and
services multiple end users or client organizations.
Ex:Salesforce.com, Google Apps.
• SaaS alleviates the Burdon of software maintenance
/support.
(Continued……)Service Models
29. June 21, 2017 www.snipe.co.in 29
Platform as a service:
• Platform as service encapsulates a layer of software and
provides it as a service That can be used to build higher level
service.
Producer:
• Some one producing PaaS might produce a platform by
integrating an operating system, middle way, application
software and even a development Environment that is
Then provided to the customer as a service .
Consumer:
• Someone using Pass would see an encapsulated service that is
presented to them through an API .
• The consumer interacts with the platform through the API
,and the platform does what is necessary to manage and
scale itself to provide a given level of service .
Service Models
30. June 21, 2017 www.snipe.co.in 30
Infrastructure as a Service
• Infrastructures as a service delivers basic storage and
computing capabilities as a standardized Services over the
n/w.
• Servers, storage system, switches, routers and others
systems are pooled and made available to Handle workloads
that range from application components to high
performance computing applications.
Service Models
31. June 21, 2017 www.snipe.co.in 31
Opportunities and challenges:
The use of the cloud provides a number of opportunities :
• It enables services to be used without any understanding of
their infrastructure.
• Cloud computing using economies of scale .
- It potentially lowers the outlay expense for startup
companies as they would no longer need to buy their
own software or servers.
- Cost would be buy on-demand pricing
- venders and service providers claim costs by
establishing an ongoing revenue streamed.
• Data and services are stored remotely but accessed from
“anywhere”.
Opportunities And Challenges
32. June 21, 2017 www.snipe.co.in 32
Challenges:
Cost
Management
Compliance
Security
Opportunities And Challenges
33. June 21, 2017 www.snipe.co.in 33
Management:
• Cloud computing won't displace the traditional IT
organization, but it will change its mandate and function. IT
managers must anticipate, and learn to accommodate, how
their roles will evolve.
• Cloud computing won't displace the traditional IT
organization, but it will change its mandate and function. IT
managers must anticipate, and learn to accommodate, how
their roles will evolve.
• Cloud computing will help IT management focus more on
business innovation than on infrastructure management. In
turn, IT management must learn to judge IT processes in
terms of business effectiveness and how they fit in the
organization's overall business strategy.
Cost:
• Cost of cloud computing, "expensive” !
Opportunities And Challenges(contd…)
34. June 21, 2017 www.snipe.co.in 34
Compliance:
Numerous regulations pertain to the storage and use of data
• Business continuity and data recovery:
– Cloud providers have business continuity and data recovery
plans in place to ensure that service can be maintained in
case of a disaster or an emergency and that any data loss will
be recovered. These plans are shared with and reviewed by
their customers.
• Logs and audit trails:
– In addition to producing logs and audit trails, cloud providers
work with their customers to ensure that these logs and
audit trails are properly secured, maintained for as long as
the customer requires, and are accessible for the purposes
of forensic investigation (e.g., eDiscovery).
Continued….
Opportunities And Challenges(contd…)
35. June 21, 2017 www.snipe.co.in 35
• Unique compliance requirements:
– In addition to the requirements to which customers are
subject, the data centers maintained by cloud providers may
also be subject to compliance requirements.
• Using a cloud
– cloud service provider (CSP) can lead to additional security
concerns around data jurisdiction since customer or tenant
data may not remain on the same system, or in the same data
center or even within the same provider's cloud.
Opportunities And Challenges(contd…)
36. June 21, 2017 www.snipe.co.in 36
Security:
• Identity management
– Every enterprise will have its own identity management
system to control access to information and computing
resources. Cloud providers either integrate the customer’s
identity management system into their own infrastructure,
using federation or SSO technology, or provide an identity
management solution of their own.
• Physical and personnel security
– Providers ensure that physical machines are adequately
secure and that access to these machines as well as all
relevant customer data is not only restricted but that access
is documented.
Opportunities And Challenges(contd…)
37. June 21, 2017 www.snipe.co.in 37
• Availability
– Cloud providers assure customers that they will have
regular and predictable access to their data and
applications.
– Application security Cloud providers ensure that
applications available as a service via the cloud are
secure by implementing testing and acceptance
procedures for outsourced or packaged application
code. It also requires application security measures
be in place in the production environment.
• Privacy
– Finally, providers ensure that all critical data (credit
card numbers, for example) are masked and that only
authorized users have access to data in its entirety.
Moreover, digital identities and credentials must be
protected as should any data that the provider
collects or produces about customer activity in the
cloud.
Opportunities And Challenges(contd…)
38. June 21, 2017 www.snipe.co.in 38
Basic cloud characteristics:
–The “no-need-to-know” in terms of the underlying details of
infrastructures ,applications interface with the infrastructures
via the APIs .
–The “flexibility and elasticity “ allows these systems to scale
up and down at will.
Utilizing the resources of all kinds
–CPU storage, server capacity, load balancing and databases.
–The “pay as much as used and needed “ type of utility
computing and the “always on ! anywhere and any place “ type of
network-based computing .
Characteristics
39. June 21, 2017 www.snipe.co.in 39
• Clouds are transparent to users and application they can be
built in multiple ways. Branded products ,proprietary open
source, hardware and software are just of the Self PCs
• In general ,they are built on clusters of PC servers and off-
the –self components plus open source software combined with
in house application and /or system software .
Challenges
40. June 21, 2017 www.snipe.co.in 40
Cloud Computing Characteristics
Common Characteristics:
Resilient ComputingResilient Computing
Geographic DistributionGeographic Distribution
Service OrientationService Orientation
Advanced SecurityAdvanced Security
On Demand Self-ServiceOn Demand Self-Service
Broad Network AccessBroad Network Access Rapid ElasticityRapid Elasticity
Resource PoolingResource Pooling Measured ServiceMeasured Service
Massive ScaleMassive Scale
VirtualizationVirtualization
Low Cost SoftwareLow Cost Software
HomogeneityHomogeneity
Essential Characteristics:
Cloud Computing Characteristics
42. What is virtualization ?
– The ability to run multiple operating systems on a single
physical system and share the underlying hardware resources.
06/21/17 42www.snipe.co.in
Virtualization
44. Consolidation
• It's common practice to dedicate each server to a single
application.
• If several applications only use a small amount of processing
power, the network administrate or can combine several
machines into one server running multiple virtual environments.
• This saves on
• Cost : 10000$ per maintenance cost per machine•
• Space: Less servers, less space needed•
• Energy: Savings by upto 80%•Environment:
• Reduced CO2 emissions due to decrease in number of servers
06/21/17 44www.snipe.co.in
45. Redundancy
• Server virtualization provides a way for companies to practice
redundancy without purchasing additional hardware.
• Redundancy refers to running the same application on multiple
servers. It's a safety measure -- if a server fails for any
reason, another server running the same application can take its
place.
06/21/17 45www.snipe.co.in
46. Segregation
• Virtual servers offer programmers isolated, independent
systems in which they can test new applications or operating
systems.
• Rather than buying a dedicated physical machine, the network
administrator can create a virtual server on an existing machine.
• Because each virtual server is independent in relation to all the
other servers, programmers can run software without worrying
about affecting other applications.
06/21/17 46www.snipe.co.in
47. Legacy hardware
• Server hardware will eventually become obsolete, and switching
from one system to another can be difficult. In order to
continue offering the services provided by these outdated
systems – sometimes called legacy systems -- a network
administrator could create a virtual version of the hardware on
modern servers.
• From an application perspective, nothing has changed. The
programs perform as if they were still running on the old
hardware. This can give the company time to transition to new
processes without worrying about hardware failures, particularly
if the company that produced the legacy hardware no longer
exists and can't fix broken equipment.
06/21/17 47www.snipe.co.in
48. MIGRATION
• An emerging trend in server virtualization is called migration
• Migration refers to moving a server environment from one place
to another. With the right hardware and software, it's possible
to move a virtual server from one physical machine in a network
to another.
• Originally, this was possible only if both physical machines ran on
the same hardware, operating system and processor.
• It's possible now to migrate virtual servers from one physical
machine to another even if both machines have different
processors, but only if the processors come from the same
manufacturer.
06/21/17 48www.snipe.co.in
49. • Full Virtualization
• Para-Virtualization
• OS-level Virtualization
06/21/17 49www.snipe.co.in
Types of Virtualization
50. Full Virtualization
• Full virtualization uses a special kind of software called a
hypervisor
• The hypervisor interacts directly with the physical server's CPU
and disk space. It serves as a platform for the virtual servers‘
operating systems.
• The hypervisor keeps each virtual server completely
independent and unaware of the other virtual servers running on
the physical machine. Each guest server runs on its own OS --
you can even have one guest running on Linux and another on
Windows.
06/21/17 50www.snipe.co.in
52. Para-Virtualization
• The para-virtualization approach is a little different than the
full virtualization technique, the guest servers in a para-
virtualization system are aware of one another.
• A para-virtualization hypervisor doesn't need as much
processing power to manage the guest operating systems,
because each OS is already aware of the demands the other
operating systems are placing on the physical server. The entire
system works together as a cohesive unit.
06/21/17 52www.snipe.co.in
54. OS-level Virtualization
• An OS-level virtualization approach doesn't use a hypervisor at
all. Instead, the virtualization capability is part of the host OS,
which performs all the functions of a fully virtualized
hypervisor.
• The biggest limitation of this approach is that all the guest
servers must run the same OS.
• Each virtual server remains independent from all the others, but
you can't mix and match operating systems among them. Because
all the guest operating systems must be the same, this is called
a Homogeneous environment.
06/21/17 54www.snipe.co.in
57. Why migrate my apps to the Cloud?
• Need more compute power / storage than easily accessible
locally / free up local resources
• Avoid costs/problems of local resource hosting
• Power, cooling, space, maintenance,
• Flexibility / Scalability
• Discontinuous demand
• Rapid growth / decline
• Provisioning resources in-house takes too long
Application
06/21/17 57www.snipe.co.in
58. Why Migrate ?
• Pay only for what you use
• Local networking / bandwidth constraints
• Move some/most costs from Capex to Opex
• Greater control – firewalls, resource types, etc.
• Transparent technology refresh
06/21/17 58www.snipe.co.in
59. Why not Migrate ?
• Unsuitable application model
• Security concerns – confidential data / algorithms / …
• Specific hardware/infrastructure requirements (e.g. high-
performance inter-node linking)
• Infrastructure location issues
• Latency concerns
• Resource/data storage locations
• SLA guarantees not satisfactory
06/21/17 59www.snipe.co.in
60. What services on offer ?
• Limited number of raw infrastructure providers
• Increasing numbers of higher level service providers
• Infrastructure – dynamic DNS, load balancing, etc.
• Brokering / Marketplace
• Software toolkits
• Simplified resource management – APIs, GUIs
• Consultants / Application enablers
• Different payment models
06/21/17 60www.snipe.co.in
61. • Batch applications – limited / no interactivity
• HPC applications
• Client / server – Web 2.0 apps, Software-as-a-Service
• Standalone interactive applications
Data in
Results
out
Application Profiles
06/21/17 61www.snipe.co.in
63. Application profile
• Batch applications
• Code takes some input data and carries out processing,
returning result data
• Generally no interactivity
• Individual tasks may be
• Computationally intensive – long running
• Computationally simple but high throughput
• May require significant data to carry out processing – either
as input or from third-party source
• Likely to be produced as a native executable so may require
a specific CPU type for execution
06/21/17 63www.snipe.co.in
64. Application profile
• Web 2.0 apps – client / server model
• High throughput, interactivity
• May be data intensive / processor intensive
• Loosely-coupled, client/server design
• Message-based communication between application
components
• Handle state / sessions for support of multiple concurrent
clients
• SaaS
• Service enabled application core
• Client-side (web) application provides remote GUI
06/21/17 64www.snipe.co.in
65. Application profiles
• HPC Applications
• Processor/Memory intensive
• Data intensive
• Generally batch applications but may have elements of
interactivity
• May be parallelised – operation across multiple CPUs (e.g.
MPI, OpenMP, Hadoop, …)
• May require extensive communication between parallel nodes
(high performance interconnects required)
• Visualisation / steering of output often necessary
06/21/17 65www.snipe.co.in
66. Usage profiles
• Frequency
• How frequently an application is used
• Is usage predictable?
• Load
• Does application require significant processing power?
• Is the processing requirement similar for each application
run?
• Is it dependent on input data?
• Can required processing capacity be identified
programmatically in advance of an application run?
06/21/17 66www.snipe.co.in
67. • Data volume / proximity / coupling
• How much data is involved in a run of the application?
• Is data proximity of importance – if there is a lot of transfer
of data between storage and execution resource, data should
be stored close to where the app is run
• How tightly coupled is the data – can data transfer be
optimised?
• Availability / Reliability – need SLA?
• Are guarantees on uptime / reliability needed?
• If the resources running the application go down, how long will
it take / how complex will it be to restart it?
06/21/17 67www.snipe.co.in
Usage profiles
68. • Information Security
• How critical is data/code security?
• IP in code (algorithms, etc.), data
• Data protection issues – where can data be sent / stored?
• Is third party data being used? Can this be transferred to
another location for processing?
• Latency requirements
• Real time data processing applications
• Are there specific requirements for latency on network
connections?
• Are these catered for under SLA?
06/21/17 68www.snipe.co.in
Usage profiles
70. Problems Associated with Cloud Computing
• Most security problems stem from:
– Loss of control
– Lack of trust (mechanisms)
– Multi-tenancy
• These problems exist mainly in 3rd
party management models
– Self-managed clouds still have security issues, but not
related to above
06/21/17 70www.snipe.co.in
71. Loss of Control in the Cloud
• Consumer’s loss of control
– Data, applications, resources are located with provider
– User identity management is handled by the cloud
– User access control rules, security policies and enforcement
are managed by the cloud provider
– Consumer relies on provider to ensure
• Data security and privacy
• Resource availability
• Monitoring and repairing of services/resources
06/21/17 71www.snipe.co.in
72. • A brief deviation from the talk
– (But still related)
– Trusting a third party requires taking risks
• Defining trust and risk
– Opposite sides of the same coin (J. Camp)
– People only trust when it pays (Economist’s view)
– Need for trust arises only in risky situations
• Defunct third party management schemes
– Hard to balance trust and risk
– e.g. Key Escrow (Clipper chip)
– Is the cloud headed toward the same path?
Lack of Trust in the Cloud
06/21/17 72www.snipe.co.in
73. Multi-tenancy Issues in the Cloud
• Conflict between tenants’ opposing goals
– Tenants share a pool of resources and have opposing goals
• How does multi-tenancy deal with conflict of interest?
– Can tenants get along together and ‘play nicely’ ?
– If they can’t, can we isolate them?
• How to provide separation between tenants?
06/21/17 73www.snipe.co.in
74. Security Issues in the Cloud
• In theory, minimizing any of the issues would help:
– Loss of Control
• Take back control
– Data and apps may still need to be on the cloud
– But can they be managed in some way by the
consumer?
– Lack of trust
• Increase trust (mechanisms)
– Technology
– Policy, regulation
– Contracts (incentives): topic of a future talk
– Multi-tenancy
• Private cloud
– Takes away the reasons to use a cloud in the first
place
• VPC: its still not a separate system
• Strong separation
06/21/17 74www.snipe.co.in
75. Minimize Lack of Trust: Policy Language
• Consumers have specific security needs but don’t have a say-so
in how they are handled
– What the heck is the provider doing for me?
– Currently consumers cannot dictate their requirements to
the provider (SLAs are one-sided)
• Standard language to convey one’s policies and expectations
– Agreed upon and upheld by both parties
– Standard language for representing SLAs
– Can be used in a intra-cloud environment to realize
overarching security posture
06/21/17 75www.snipe.co.in
76. • Create policy language with the following characteristics:
– Machine-understandable (or at least processable),
– Easy to combine/merge and compare
– Examples of policy statements are, “requires isolation between
VMs”, “requires geographical isolation between VMs”, “requires
physical separation between other communities/tenants that
are in the same industry,” etc.
– Need a validation tool to check that the policy created in the
standard language correctly reflects the policy creator’s
intentions (i.e. that the policy language is semantically
equivalent to the user’s intentions).
06/21/17 76www.snipe.co.in
Minimize Lack of Trust: Policy Language
77. Minimize Lack of Trust: Certification
• Certification
– Some form of reputable, independent, comparable
assessment and description of security features and
assurance
– Sarbanes-Oxley, DIACAP, DISTCAP, etc (are they sufficient
for a cloud environment?)
• Risk assessment
– Performed by certified third parties
– Provides consumers with additional assurance
06/21/17 77www.snipe.co.in
79. Why migrate my apps to the Cloud?
• Need more compute power / storage than easily accessible
locally / free up local resources
• Avoid costs/problems of local resource hosting
• Power, cooling, space, maintenance,
• Flexibility / Scalability
• Discontinuous demand
• Rapid growth / decline
• Provisioning resources in-house takes too long
Application
06/21/17 79www.snipe.co.in
80. Why Migrate ?
• Pay only for what you use
• Local networking / bandwidth constraints
• Move some/most costs from Capex to Opex
• Greater control – firewalls, resource types, etc.
• Transparent technology refresh
06/21/17 80www.snipe.co.in
81. Why not Migrate ?
• Unsuitable application model
• Security concerns – confidential data / algorithms / …
• Specific hardware/infrastructure requirements (e.g. high-
performance inter-node linking)
• Infrastructure location issues
• Latency concerns
• Resource/data storage locations
• SLA guarantees not satisfactory
06/21/17 81www.snipe.co.in
82. What services on offer ?
• Limited number of raw infrastructure providers
• Increasing numbers of higher level service providers
• Infrastructure – dynamic DNS, load balancing, etc.
• Brokering / Marketplace
• Software toolkits
• Simplified resource management – APIs, GUIs
• Consultants / Application enablers
• Different payment models
06/21/17 82www.snipe.co.in
83. • Batch applications – limited / no interactivity
• HPC applications
• Client / server – Web 2.0 apps, Software-as-a-Service
• Standalone interactive applications
Data in
Results
out
Application Profiles
06/21/17 83www.snipe.co.in
85. Application profile
• Batch applications
• Code takes some input data and carries out processing,
returning result data
• Generally no interactivity
• Individual tasks may be
• Computationally intensive – long running
• Computationally simple but high throughput
• May require significant data to carry out processing – either
as input or from third-party source
• Likely to be produced as a native executable so may require
a specific CPU type for execution
06/21/17 85www.snipe.co.in
86. Application profile
• Web 2.0 apps – client / server model
• High throughput, interactivity
• May be data intensive / processor intensive
• Loosely-coupled, client/server design
• Message-based communication between application
components
• Handle state / sessions for support of multiple concurrent
clients
• SaaS
• Service enabled application core
• Client-side (web) application provides remote GUI
06/21/17 86www.snipe.co.in
87. Application profiles
• HPC Applications
• Processor/Memory intensive
• Data intensive
• Generally batch applications but may have elements of
interactivity
• May be parallelised – operation across multiple CPUs (e.g.
MPI, OpenMP, Hadoop, …)
• May require extensive communication between parallel nodes
(high performance interconnects required)
• Visualisation / steering of output often necessary
06/21/17 87www.snipe.co.in
88. Usage profiles
• Frequency
• How frequently an application is used
• Is usage predictable?
• Load
• Does application require significant processing power?
• Is the processing requirement similar for each application
run?
• Is it dependent on input data?
• Can required processing capacity be identified
programmatically in advance of an application run?
06/21/17 88www.snipe.co.in
89. Usage profiles
• Data volume / proximity / coupling
• How much data is involved in a run of the application?
• Is data proximity of importance – if there is a lot of
transfer of data between storage and execution resource,
data should be stored close to where the app is run
• How tightly coupled is the data – can data transfer be
optimised?
• Availability / Reliability – need SLA?
• Are guarantees on uptime / reliability needed?
• If the resources running the application go down, how long
will it take / how complex will it be to restart it?
06/21/17 89www.snipe.co.in
90. Usage profiles
• Information Security
• How critical is data/code security?
• IP in code (algorithms, etc.), data
• Data protection issues – where can data be sent / stored?
• Is third party data being used? Can this be transferred to
another location for processing?
• Latency requirements
• Real time data processing applications
• Are there specific requirements for latency on network
connections?
• Are these catered for under SLA?
06/21/17 90www.snipe.co.in
92. Problems Associated with Cloud Computing
• Most security problems stem from:
– Loss of control
– Lack of trust (mechanisms)
– Multi-tenancy
• These problems exist mainly in 3rd
party management models
– Self-managed clouds still have security issues, but not
related to above
06/21/17 92www.snipe.co.in
93. Loss of Control in the Cloud
• Consumer’s loss of control
– Data, applications, resources are located with provider
– User identity management is handled by the cloud
– User access control rules, security policies and enforcement
are managed by the cloud provider
– Consumer relies on provider to ensure
• Data security and privacy
• Resource availability
• Monitoring and repairing of services/resources
06/21/17 93www.snipe.co.in
94. • A brief deviation from the talk
– (But still related)
– Trusting a third party requires taking risks
• Defining trust and risk
– Opposite sides of the same coin (J. Camp)
– People only trust when it pays (Economist’s view)
– Need for trust arises only in risky situations
• Defunct third party management schemes
– Hard to balance trust and risk
– e.g. Key Escrow (Clipper chip)
– Is the cloud headed toward the same path?
Lack of Trust in the Cloud
06/21/17 94www.snipe.co.in
95. Multi-tenancy Issues in the Cloud
• Conflict between tenants’ opposing goals
– Tenants share a pool of resources and have opposing goals
• How does multi-tenancy deal with conflict of interest?
– Can tenants get along together and ‘play nicely’ ?
– If they can’t, can we isolate them?
• How to provide separation between tenants?
06/21/17 95www.snipe.co.in
96. Security Issues in the Cloud
• In theory, minimizing any of the issues would help:
– Loss of Control
• Take back control
– Data and apps may still need to be on the cloud
– But can they be managed in some way by the
consumer?
– Lack of trust
• Increase trust (mechanisms)
– Technology
– Policy, regulation
– Contracts (incentives): topic of a future talk
– Multi-tenancy
• Private cloud
– Takes away the reasons to use a cloud in the first
place
• VPC: its still not a separate system
• Strong separation06/21/17 96www.snipe.co.in
97. Minimize Lack of Trust: Policy Language
• Consumers have specific security needs but don’t have a say-so
in how they are handled
– What the heck is the provider doing for me?
– Currently consumers cannot dictate their requirements to
the provider (SLAs are one-sided)
• Standard language to convey one’s policies and expectations
– Agreed upon and upheld by both parties
– Standard language for representing SLAs
– Can be used in a intra-cloud environment to realize
overarching security posture
06/21/17 97www.snipe.co.in
98. • Create policy language with the following characteristics:
– Machine-understandable (or at least processable),
– Easy to combine/merge and compare
– Examples of policy statements are, “requires isolation
between VMs”, “requires geographical isolation between
VMs”, “requires physical separation between other
communities/tenants that are in the same industry,” etc.
– Need a validation tool to check that the policy created in the
standard language correctly reflects the policy creator’s
intentions (i.e. that the policy language is semantically
equivalent to the user’s intentions).
06/21/17 98www.snipe.co.in
99. Minimize Lack of Trust: Certification
• Certification
– Some form of reputable, independent, comparable
assessment and description of security features and
assurance
– Sarbanes-Oxley, DIACAP, DISTCAP, etc (are they sufficient
for a cloud environment?)
• Risk assessment
– Performed by certified third parties
– Provides consumers with additional assurance
06/21/17 99www.snipe.co.in
100. June 21, 2017 www.snipe.co.in 100
Security in cloud computing
101. June 21, 2017 www.snipe.co.in 101
Security
Security in Cloud Computing :
•The first component that is needed as an extension of the functional
architecture is Security Access Point (SAP).
• Cloud server providing front-end security services. The first, service
which is important before any access to a cloud is allowed, is
authentication of users.
There are main Security and Privacy Issues in Cloud Computing :
• Infrastructure Security
• Data Security and Storage
• Identity and Access Management (IAM)
• Privacy
• Integrity
102. June 21, 2017 www.snipe.co.in 102
• Infrastructure Security :
1.Network Level
• Ensuring confidentiality and integrity of your organization’s data-in-
transit to and from your public cloud provider.
• Ensuring proper access control (authentication, authorization, and
auditing) to whatever resources you are using at your public cloud provider.
• Ensuring availability of the Internet-facing resources in a public cloud
that are being used by your organization, or have been assigned to your
organization by your public cloud providers .
• Replacing the established model of network zones and tiers with domains.
• Network-level risks exist regardless of what aspects of “cloud
computing” services are being used
103. June 21, 2017 www.snipe.co.in 103
2. The Host Level :
• SaaS/PaaS :
Both the PaaS and SaaS platforms abstract and hide the host OS
from end users
Host security responsibilities are transferred to the CSP (Cloud
Service Provider) so no need to wary about protecting hosts.
However, as a customer, we still own the risk of managing
information hosted in the cloud services.
The Host Level
104. June 21, 2017 www.snipe.co.in 104
Local Host Security :
• With mobile devices, the threat may be even stronger :
Users misplace or have the device stolen from them
Security mechanisms on handheld gadgets are often times
insufficient compared to say, a desktop computer
Provides a potential attacker an easy avenue into a cloud system.
If a user relies mainly on a mobile device to access cloud data, the
threat to availability is also increased as mobile devices malfunction or
are lost
Local Host Security
105. June 21, 2017 www.snipe.co.in 105
Local Host Security :
• Devices that access the cloud should have
Strong authentication mechanisms
Tamper-resistant mechanisms
Strong isolation between applications
Methods to trust the OS
Cryptographic functionality when traffic confidentiality is required
Local Host Security
106. June 21, 2017 www.snipe.co.in 106
3. The Application Level :
• DoS
• EDoS(Economic Denial of Sustainability)
An attack against the billing model that underlies the cost of
providing a service with the goal of bankrupting the service itself.
• End user security
• Who is responsible for Web application security in the cloud?
• SaaS/PaaS/IaaS application security.
• Customer-deployed application security.
The Application Level
107. June 21, 2017 www.snipe.co.in 107
Data Security and Storage :
• Data remanence
-Inadvertent disclosure of sensitive information is possible
• Data security mitigation?
-Do not place any sensitive data in a public cloud
• Encrypted data is placed into the cloud?
-Provider data and its security: storage
• To the extent that quantities of data from many companies are
centralized, this collection can become an attractive target for criminals.
• Moreover, the physical security of the data center and the
trustworthiness of system administrators take on new importance.
Data Security and Storage
108. June 21, 2017 www.snipe.co.in 108
Why IAM?
• Organization’s trust boundary will become dynamic and will move beyond
the control and will extend into the service provider domain.
• Managing access for diverse user populations
(employees, contractors, partners, etc.)
• Increased demand for authentication
-personal, financial, medical data will now be hosted in the cloud
S/W applications hosted in the cloud requires access control
• Need for higher-assurance authentication
-authentication in the cloud may mean authentication outside F/W
Limits of password authentication
• Need for authentication from mobile devices
IAM?
109. June 21, 2017 www.snipe.co.in 109
What is Privacy?
• The concept of privacy varies widely among (and sometimes within)
countries, cultures, and jurisdictions.
• It is shaped by public expectations and legal interpretations; as such, a
concise definition is elusive if not impossible.
• Privacy rights or obligations are related to the collection, use, disclosure,
storage, and destruction of personal data (or Personally Identifiable
Information—PII).
• At the end of the day, privacy is about the accountability of
organizations to data subjects, as well as the transparency to an
organization’s practice around personal information
Privacy?
110. June 21, 2017 www.snipe.co.in 110
Privacy?
Companies are still afraid to use clouds
111. June 21, 2017 www.snipe.co.in 111
Advantages
Advantages of cloud computing :
1. Lower computer costs:
• We do not need a high-powered and high-priced computer to run
cloud computing web-based applications.
• Since applications run in the cloud, not on the desktop PC, your
desktop PC does not need the processing power or hard disk space
demanded by traditional desktop software.
• When you are using web-based applications, your PC can be less
expensive, with a smaller hard disk, less memory, more efficient
processor...
• In fact, your PC in this scenario does not even need a CD or DVD
drive, as no software programs have to be loaded and no document
files need to be saved.
112. June 21, 2017 www.snipe.co.in 112
Advantages
2. Improved performance:
• With few large programs hogging your computer's memory, you will see
better performance from your PC.
• Computers in a cloud computing system boot and run faster because
they have fewer programs and processes loaded into memory…
3. Reduced software costs:
• Instead of purchasing expensive software applications, you can get
most of what you need for free-ish!
-most cloud computing applications today, such as the Google Docs suite.
• better than paying for similar commercial software
-which alone may be justification for switching to cloud applications.
113. June 21, 2017 www.snipe.co.in 113
Advantages
4. Instant software updates:
• Another advantage to cloud computing is that you are no longer faced
with choosing between obsolete software and high upgrade costs.
• When the application is web-based, updates happen automatically
available the next time you log into the cloud.
• When you access a web-based application, you get the latest version
without needing to pay for or download an upgrade.
5. Improved document format compatibility.
• You do not have to worry about the documents you create on your
machine being compatible with other users' applications or Oses.
• There are potentially no format incompatibilities when everyone is
sharing documents and applications in the cloud.
114. June 21, 2017 www.snipe.co.in 114
Advantages
6. Unlimited storage capacity:
• Cloud computing offers virtually limitless storage.
• Our computer's current 1 Kbyte hard drive is small compared to the
hundreds of Pbytes available in the cloud.
7. Increased data reliability:
• Unlike desktop computing, in which if a hard disk crashes and destroy
all your valuable data, a computer crashing in the cloud should not
affect the storage of your data.
-if your personal computer crashes, all your data is still out there
in the cloud, still accessible .
• In a world where few individual desktop PC users back up their
data on a regular basis, cloud computing is a data-safe computing
platform!
115. June 21, 2017 www.snipe.co.in 115
Advantages
8. Universal document access:
• That is not a problem with cloud computing, because you do not take
your documents with you.
• Instead, they stay in the cloud, and you can access them whenever you
have a computer and an Internet connection
• Documents are instantly available from wherever you are
9. Latest version availability:
• When you edit a document at home, that edited version is what you see
when you access the document at work.
• The cloud always hosts the latest version of your documents
-as long as you are connected, you are not in danger of having an
outdated version
116. June 21, 2017 www.snipe.co.in 116
Advantages
10.Easier group collaboration:
• Sharing documents leads directly to better collaboration.
• Many users do this as it is an important advantages of cloud computing
-multiple users can collaborate easily on documents and projects
11.Device independence.
• We are no longer tethered to a single computer or network.
Changes to computers, applications and documents follow you through
the cloud.
• Move to a portable device, and your applications and documents are
still available.
117. June 21, 2017 www.snipe.co.in 117
Disadvantages
Disadvantages of Cloud Computing :
1.Requires a constant Internet connection:
•Cloud computing is impossible if you cannot connect to the Internet.
•Since you use the Internet to connect to both your applications and
documents, if you do not have an Internet connection you cannot access
anything, even our own documents.
•A dead Internet connection means no work and in areas where Internet
connections are few or inherently unreliable, this could be a deal-breaker.
118. June 21, 2017 www.snipe.co.in 118
Disadvantages
2. Does not work well with low-speed connections:
• Similarly, a low-speed Internet connection, such as that found with
dial-up services, makes cloud computing painful at best and often
impossible.
• Web-based applications require a lot of bandwidth to download, as do
large documents.
3. Features might be limited:
• This situation is bound to change, but today many web-based
applications simply are not as full-featured as their desktop-based
applications.
-For example, you can do a lot more with Microsoft PowerPoint than
with Google Presentation's web-based offering
119. June 21, 2017 www.snipe.co.in 119
Disadvantages
4. Can be slow:
• Even with a fast connection, web-based applications can sometimes be
slower than accessing a similar software program on your desktop PC.
• Everything about the program, from the interface to the current
document, has to be sent back and forth from your computer to the
computers in the cloud.
• If the cloud servers happen to be backed up at that moment, or if the
Internet is having a slow day, you would not get the instantaneous
access you might expect from desktop applications.
120. June 21, 2017 www.snipe.co.in 120
Disadvantages
5. Stored data might not be secure:
• With cloud computing, all your data is stored on the cloud.
-The questions is How secure is the cloud?
• Can unauthorized users gain access to your confidential data?
6. Stored data can be lost:
• Theoretically, data stored in the cloud is safe, replicated across
multiple machines.
• But on the off chance that your data goes missing, you have no physical
or local backup.
-Put simply, relying on the cloud puts you at risk if the cloud lets
you down.
121. June 21, 2017 www.snipe.co.in 121
Disadvantages
7. HPC Systems:
• Not clear that you can run compute-intensive HPC applications that use
MPI/OpenMP!
• Scheduling is important with this type of application
-as you want all the VM to be co-located to minimize communication
latency!
8. General Concerns:
• Each cloud systems uses different protocols and different APIs
may not be possible to run applications between cloud based
systems.
• Amazon has created its own DB system (not SQL 92), and
workflow system (many popular workflow systems out there)
so your normal applications will have to be adapted to execute on
these platforms.