Towards a Federated CloudEcosystemClovis Chapman, Dell Cloud R&DClovis_Chapman@dell.com  1
NIST Definition    “Cloud computing is a model for enabling convenient, on-demand    network access to a shared pool of co...
NIST Definition of Cloud Computing      Broad network                            Measured         On-demand               ...
Elastic Resource Provisioning                    Under-provisioning                                                 Tradit...
Enterprise Cloud Requirements                Commodity Clouds                       VS                        Data Center ...
Key Challenges• Scalability    – Developing/Re-engineering applications to scale    – Means of exploiting application stru...
Key Challenges• Quality of Service and Service Level Agreements    – Performance stability and homogeneity of shared resou...
Services delivery model                                                License model (per server)                        ...
Identity and Access Management• Identity Provisioning    – Secure and timely management of on-boarding (provisioning) and ...
Example: N-tier Architecture                       Mobile                  Browser       API access                       ...
Key Enablers• Open-source Cloud platforms:     – Technology transfer instrument across domains and communities,     – Enco...
Open Source Cloud Middleware • Example Infrastructure-as-a-Service clouds:                      Since 2010 – Apache Licenc...
Open Source Cloud Middleware• Example Platform-as-a-Service Open Source:                    Since 2010 – Apache Licence   ...
OpenStack Architecture                         Centralized Services                                                       ...
OVF | CIMI                 Standard /                                                    Proprietary                      ...
Example: Open Virtualisation Format•        DMTF standard backed by VMWare         and XenSource which aims to offer a    ...
SCIM• Simple Cloud Identity Management (?)• Focus on Identity Provisioning and facilitating federation• Features:     – Em...
SCIM Specification Set     REST API                            SAML Binding                   Future Binding      CRUD Met...
SCIM Use Case: User Provisioning     Cloud Service User                          Register                                 ...
SCIM Use Case: User Provisioning     Cloud Service User                                        HTTP POST /Users applicatio...
SCIM Use Case: SSO - Just In Time Provisioning                                                               Enterprise   ...
Conclusions• Cloud ecosystem is growing:     – Applications can involve various SaaS, PaaS and IaaS offerings     – Enabli...
Upcoming SlideShare
Loading in …5
×

Towards a Federated Cloud Ecosystem

1,721 views

Published on

Invited talk at the International Conference on Software Engineering (ICSE 2012)

Published in: Technology, Business

Towards a Federated Cloud Ecosystem

  1. 1. Towards a Federated CloudEcosystemClovis Chapman, Dell Cloud R&DClovis_Chapman@dell.com 1
  2. 2. NIST Definition “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. “2 Cloud Research and Development Center
  3. 3. NIST Definition of Cloud Computing Broad network Measured On-demand Rapid elasticity access Access self service Essential Characteristics Resource Pooling Software as a Platform as a Infrastructure as Service Models Service (SaaS) Service (PaaS) a Service (IaaS) Com- Deployment Public Private Hybrid munity Models3 Cloud Research and Development Center
  4. 4. Elastic Resource Provisioning Under-provisioning Traditional IT provisioning  Risks of overprovisioning (under-utilisation) or under- provisioning (saturation).  Real world estimates of server utilisation 5% to 20%  Upfront capital expense and slow capacity adjustment Over-provisioning Fully Cloud hosted solutionResource Capacity  Usage-based pricing  Risk of misestimating workload shifted from service provider to cloud provider Hybrid Solution  “Cloud bursting”  Leverage existing assets: performance and cost management Usage Capacity Forecast Time 4 Cloud Research and Development Center
  5. 5. Enterprise Cloud Requirements Commodity Clouds VS Data Center Designed for: Designed for: • Self-service oriented • Proprietary, customised environment • Low prices - inexpensive entry point • Organisation level scale • Volume operations • Single tenant with full control • Ecosystem of applications and tenants • Dedicated support Applications: Applications: • Design for failure • Resilience: N+1 • Horizontal scaling • Vertical scaling • Weak SLAs that do not cover all resource types • Dedicated resources • Shared network and data • 4 or 5 nine availability Examples: Amazon AWS and EC2 (IaaS) /Google AppEngine (PaaS) Enterprise Cloud5 Cloud Research and Development Center
  6. 6. Key Challenges• Scalability – Developing/Re-engineering applications to scale – Means of exploiting application structural information for elasticity• Resource Utilisation – Capacity planning: Balancing overprovisioning/performance – Infrastructure to monitor, supervise and control• Vendor lock-in – Strong divergences in (proprietary) interfaces: image formats, APIs etc. – Requires re-developing applications6 Cloud Research and Development Center
  7. 7. Key Challenges• Quality of Service and Service Level Agreements – Performance stability and homogeneity of shared resources (disk, network, etc) – Relationship between application level SLAs and Cloud SLAs – “4 or 5 nine” SLAs: increased amounts of redundancy• Security – Modeling overall security profile – Data protection, privacy• Compliance, Governance, Regulation – It auditing: “The process of collecting and evaluating evidence to determine whether a computer system (information system) safegaurds assets, maintains data integrity, achieves organisation goals effectively and consumes resources effectively.” – Need audit tracking for business processes that may span multiple providers7 Cloud Research and Development Center
  8. 8. Services delivery model  License model (per server)  Managed by the customer: • Infrastructure and deployment costs Software as • Upgrade costs/training … product  Pay per use subscription model Public  Managed by the service provider: SaaS Cloud • Cost of remote access Software as service  Composite Services Public  Focused on the business process: Cloud Public • Multiple service providers involved SaaS SaaS Cloud Business • Potential combination of local and cloud resources Services Private data center8 Cloud Research and Development Center
  9. 9. Identity and Access Management• Identity Provisioning – Secure and timely management of on-boarding (provisioning) and off-boarding (de-provisioning) of users in the cloud. – Extending enterprise user management processes to the cloud. – Existing standards: SPML, WS-provisioning, SCIM• Authentication – Organizations must address authentication-related challenges such as credential management, strong authentication, delegated authentication, and managing trust across all types of cloud services• Access Control – The requirements for user profiles and access control policy vary, depending on whether the user is acting on their own behalf (such as a consumer) or as a member of an organization (such as an employer, university, hospital, or other enterprise). – The access control requirements in SPI environments include establishing trusted user profile and policy information, using it to control access within the cloud service, and sdoing this in an auditable way – Existing standards: XACML• Identity Federation – Federated Identity Management plays a vital role in enabling organizations to authenticate their users of cloud services using the organization’s chosen identity provider – Existing standards: SAML Based WS-Trust & SSO, OpenID, OAuth9 Cloud Research and Development Center
  10. 10. Example: N-tier Architecture Mobile Browser API access Load balancing Web Servers Application Cloudbursting Servers Data Access layer Public Cloud Other LDAP SaaS User Store10 Cloud Research and Development Center
  11. 11. Key Enablers• Open-source Cloud platforms: – Technology transfer instrument across domains and communities, – Encourage wider interoperability between solutions – open APIs, etc. – Increased degree of transparency › Visibility into roadmap/objectives › Increased predictability for end-user service delivery• Cloud Computing Standards – Interoperability across products and organisational boundaries – Portability across vendors – Concerns: Landscape is still changing / Numerous emerging standards11 Cloud Research and Development Center
  12. 12. Open Source Cloud Middleware • Example Infrastructure-as-a-Service clouds: Since 2010 – Apache Licence Who: Started by NASA and Rackspace, now a multi-vendor consortium (including Dell) What: Collection of software for building private and public clouds – compute, storage and server library Since 2008 – Apache Licence Who: DSA Research Group at Complutense University of Madrid | Open Nebula Community What: Dynamic management of virtual infrastructures within and across sites, with support for hybrid integration with public clouds Since 2010 – Apache Licence Who: Cloud.com | Citrix What: Java based framework for managing networks of Virtual Machines12 Cloud Research and Development Center
  13. 13. Open Source Cloud Middleware• Example Platform-as-a-Service Open Source: Since 2010 – Apache Licence Who: VMWare What: Open source (free) cloud computing platform as a service (PaaS) software - provides support for various services (e.g. MySQL, MongoDB, etc.)13 Cloud Research and Development Center
  14. 14. OpenStack Architecture Centralized Services Nova Compute Dashboard Queue Network Worker API Scheduler DB Compute Worker Manager Authentication Driver Image Service (Glance) Hypervisor Swift_Proxy Swift_Object Swift_Acct Zones Swift_Container14 Cloud Research and Development Center
  15. 15. OVF | CIMI Standard / Proprietary Interfaces Service Management Interface Private Cloud SaaS PaaS DaaS SCIM Security Management Hybrid Cloud IaaS …17 Cloud Research and Development Center
  16. 16. Example: Open Virtualisation Format• DMTF standard backed by VMWare and XenSource which aims to offer a packaging mechanism in a portable and platform neutral way• The OVF descriptor is an XML-based document composed of three main parts: – Description of the files included in the overall service (disks, ISO images, etc.), – Meta-data for all virtual machines included – Description of the different virtual machine systems. Develop Package Distribute Install Manage Retire 18 Cloud Research and Development Center
  17. 17. SCIM• Simple Cloud Identity Management (?)• Focus on Identity Provisioning and facilitating federation• Features: – Emerging open standard – REST API – Platform neutral schema. – SAML binding. – Emphasis on simplicity and interoperability: operation across organisational boundaries• Started Q1 2011, Involves Ping, UnboundID, Salesforce, Cisco, …19 Cloud Research and Development Center
  18. 18. SCIM Specification Set REST API SAML Binding Future Binding CRUD Methods Attribute Mapping Endpoint URI/Attributes Response Codes Core Schema User, Groups, Enterprise Extensions REST API Resource Endpoint HTTP Operations User /Users GET, POST, PUT, PATCH, DELETE Group /Groups GET, POST, PUT, PATCH, DELETE Service Provider /ServiceProviderConfigs GET Configuration Schema /Schemas GET Bulk /Bulk POST20 Cloud Research and Development Center
  19. 19. SCIM Use Case: User Provisioning Cloud Service User Register HTTP Create SaaS (Identity) User application Store 201 OK SCIM Consumer SCIM Service Provider User Store (LDAP, DB, etc) User Store21 Cloud Research and Development Center
  20. 20. SCIM Use Case: User Provisioning Cloud Service User HTTP POST /Users application/json { Register "schemas": ["urn:scim:schemas:core:1.0"], "id":"2819c223-413861904646", "userName":“clovis_chapman", HTTP Create (Identity) "externalId":“clovis", SaaS "name":{ User application Store "formatted":“Clovis Chapman”, 201 OK "familyName":“Chapman“, SCIM }, Consumer SCIM "emails":[ Service Provider { "value":"bjensen@example.com" }, { "value":"babs@jensen.org" } User Store ]} (LDAP, DB, etc) … } User Store22 Cloud Research and Development Center
  21. 21. SCIM Use Case: SSO - Just In Time Provisioning Enterprise SaaS IDP Login SSO Redirect SAML Response SAML Attribute Query SCIM User Identity Create User23 Cloud Research and Development Center
  22. 22. Conclusions• Cloud ecosystem is growing: – Applications can involve various SaaS, PaaS and IaaS offerings – Enabling complex workflows requires interoperability between both service and infrastructure providers – current silos must be removed. – Standards and Open Source offerings are key to encouraging adoption.• References: – OpenStack - http://openstack.org/ – OpenNebula - http://opennebula.org/ – SCIM Standard Specification: http://www.simplecloud.info/ – DMTF OVF: http://dmtf.org/standards/ovf24 Cloud Research and Development Center

×