This document summarizes a presentation about cloud computing at NASA. It includes an agenda that covers introductions, definitions of cloud computing, benefits of cloud for NASA, how NASA is implementing cloud, and how NASA secures cloud. For implementing cloud, NASA's Nebula platform is described as being open, transparent, and scalable. It uses automation, testing, and monitoring. For security, the presentation outlines isolation, networking, firewalls, access controls and intrusion detection used in Nebula. The vision is for security as a service through continuous monitoring on a security service bus.
Federated Cloud Computing - The OpenNebula Experience v1.0sIgnacio M. Llorente
Â
The talk mostly focuses on private cloud computing to support Science and High Performance Computing environments, the different architectures to federate cloud infrastructures, the existing challenges for cloud interoperability, and the OpenNebula's vision for the future of existing Grid infrastructures.
Federated Cloud Computing - The OpenNebula Experience v1.0sIgnacio M. Llorente
Â
The talk mostly focuses on private cloud computing to support Science and High Performance Computing environments, the different architectures to federate cloud infrastructures, the existing challenges for cloud interoperability, and the OpenNebula's vision for the future of existing Grid infrastructures.
The presentation describes the different cloud federation scenarios, ranging from a federation built on commercial cloud providers that offer no real support for federation to one built on data centers of the same organization where the sites are completely dedicated to supporting all aspects of federation. The level of federation is defined based on the amount of information disclosed and how much control over the resources is provided across sites. The talk also presents the existing challenges for interoperability in federated and hybrid cloud computing scenarios, and ends with real-life examples of multi-cloud environments running OpenNebula.
Overview of Cloud Computing, Infrastructure as a Service, Platform as a Service, Software as a Service.
Cloud computing means transferring ICT resources (servers, hosts, applications, databases, platforms etc.) to a cloud service provider (CSP) with the goal of reducing capital expenditures (CapEx).
Cloud computing differs from legacy hosting services in that CSPs offer standardized services on a massive scale which results in economy-of-scale effects thus further reducing operating expenses (OpEx).
Different cloud models such as public, private and hybrid clouds address different customer needs.
The 3 categories for the functional level of cloud services are IaaS (Infrastructure as a Service),
PaaS (Platform as a Service) and SaaS (Software as a Service). Countless models emerge almost daily such as MaaS (Management as a Service), BaaS (Backend as a Service) and NaaS (Network as a Service).
To accommodate increases in processing power, cloud services offer the possibility to scale-up or scale-out.
Back that *aa s up – bridging multiple clouds for bursting and redundancyRightScale
Â
Back that *aaS up – Bridging Multiple Clouds for Bursting and Redundancy
Peder Ulander, VP of Product Marketing, Cloud Platform Group, Citrix Systems
Bridging multiple cloud computing environments allows enterprises to plan for peak usage even while only building capacity for today’s needs. Using CloudStack, CloudBridge and RightScale can enable Enterprise IT to extend resource pools beyond physical datacenter boundaries and leverage additional private clouds or public clouds to meet peak usage requirements and smoothly manage planned or unplanned capacity spikes.
En dynamisk infrastruktur stiller krav om hybride løsninger med et centraliseret system management. Derfor udgør IBM System z et væsentligt element i en Cloud-løsning. Lær hvordan, man håndterer en dynamisk infrastruktur i skyen.
Læs mere her: bit.ly/softwaredagsystemz3
Gareth Workman at Kainos presents his session First Steps to the Cloud at Lasa's Powering Up The Third Sector Technology Conference at IBM Forum London, 14 November 2011
- Problems with traditional data centers.
- Cloud computing definition, deployment, and services models.
- Essential characteristics of cloud services.
- IaaS examples.
- PaaS examples.
- SaaS examples.
- Cloud enabling technologies such as grid computing, utility computing, service oriented architecture (SOA), The Internet, Multi-tenancy, Web 2.0, Automation and Virtualization.
Introduction to Cloud
Cloud Types
Cloud Deployment Models
Cloud Service Model
Cloud architecture
Challenges and Risks in cloud Computing
Cloud Features, Characteristics and Applications
Bringing Private Cloud Computing to HPC and Science - Berkeley Lab - July 2014 OpenNebula Project
Â
Berkeley Lab – Computing Sciences Seminar
HPC-optimized clouds provide access to flexible and elastic scientific and technical computing to solve complex problems and drive innovation. The talk will describe the most demanded features for building HPC and science clouds, and will illustrate using real-life case studies from leading research and industry organizations how OpenNebula effectively addresses these challenges of cloud usage, scheduling, security, networking and storage. The keynote will end with a view of private cloud's future in HPC and science, and grid as the foundation of cloud federation.
This is the extract of all the good presentation of cloud computing which we made easier for beginners who want to understand cloud computing from basic and easy and it is impressive too.
The presentation describes the different cloud federation scenarios, ranging from a federation built on commercial cloud providers that offer no real support for federation to one built on data centers of the same organization where the sites are completely dedicated to supporting all aspects of federation. The level of federation is defined based on the amount of information disclosed and how much control over the resources is provided across sites. The talk also presents the existing challenges for interoperability in federated and hybrid cloud computing scenarios, and ends with real-life examples of multi-cloud environments running OpenNebula.
Overview of Cloud Computing, Infrastructure as a Service, Platform as a Service, Software as a Service.
Cloud computing means transferring ICT resources (servers, hosts, applications, databases, platforms etc.) to a cloud service provider (CSP) with the goal of reducing capital expenditures (CapEx).
Cloud computing differs from legacy hosting services in that CSPs offer standardized services on a massive scale which results in economy-of-scale effects thus further reducing operating expenses (OpEx).
Different cloud models such as public, private and hybrid clouds address different customer needs.
The 3 categories for the functional level of cloud services are IaaS (Infrastructure as a Service),
PaaS (Platform as a Service) and SaaS (Software as a Service). Countless models emerge almost daily such as MaaS (Management as a Service), BaaS (Backend as a Service) and NaaS (Network as a Service).
To accommodate increases in processing power, cloud services offer the possibility to scale-up or scale-out.
Back that *aa s up – bridging multiple clouds for bursting and redundancyRightScale
Â
Back that *aaS up – Bridging Multiple Clouds for Bursting and Redundancy
Peder Ulander, VP of Product Marketing, Cloud Platform Group, Citrix Systems
Bridging multiple cloud computing environments allows enterprises to plan for peak usage even while only building capacity for today’s needs. Using CloudStack, CloudBridge and RightScale can enable Enterprise IT to extend resource pools beyond physical datacenter boundaries and leverage additional private clouds or public clouds to meet peak usage requirements and smoothly manage planned or unplanned capacity spikes.
En dynamisk infrastruktur stiller krav om hybride løsninger med et centraliseret system management. Derfor udgør IBM System z et væsentligt element i en Cloud-løsning. Lær hvordan, man håndterer en dynamisk infrastruktur i skyen.
Læs mere her: bit.ly/softwaredagsystemz3
Gareth Workman at Kainos presents his session First Steps to the Cloud at Lasa's Powering Up The Third Sector Technology Conference at IBM Forum London, 14 November 2011
- Problems with traditional data centers.
- Cloud computing definition, deployment, and services models.
- Essential characteristics of cloud services.
- IaaS examples.
- PaaS examples.
- SaaS examples.
- Cloud enabling technologies such as grid computing, utility computing, service oriented architecture (SOA), The Internet, Multi-tenancy, Web 2.0, Automation and Virtualization.
Introduction to Cloud
Cloud Types
Cloud Deployment Models
Cloud Service Model
Cloud architecture
Challenges and Risks in cloud Computing
Cloud Features, Characteristics and Applications
Bringing Private Cloud Computing to HPC and Science - Berkeley Lab - July 2014 OpenNebula Project
Â
Berkeley Lab – Computing Sciences Seminar
HPC-optimized clouds provide access to flexible and elastic scientific and technical computing to solve complex problems and drive innovation. The talk will describe the most demanded features for building HPC and science clouds, and will illustrate using real-life case studies from leading research and industry organizations how OpenNebula effectively addresses these challenges of cloud usage, scheduling, security, networking and storage. The keynote will end with a view of private cloud's future in HPC and science, and grid as the foundation of cloud federation.
This is the extract of all the good presentation of cloud computing which we made easier for beginners who want to understand cloud computing from basic and easy and it is impressive too.
Are you facing some, or all, of these challenges?
-Host Mobility (w/o stretching VLANs)
-Network Segmentation (w/o implementing MPLS)
-Roles-based Access Control (w/o end-to-end TrustSec)
-Common Policy for Wired and Wireless (w/o multiple tools)
Using Cisco technologies already available today, you can overcome these challenges and build an evolved Campus network to better meet your business objectives.
This is my presentation on CLOUD COMPUTING IN NASA prepared by me for the NATIONAL SYMPOSIUM ON EMERGING TRENDS IN CLOUD COMPUTING held in my college named R.B.C.E.T bareilly...........
Manage Microservices & Fast Data Systems on One Platform w/ DC/OSMesosphere Inc.
Â
The application landscape inside our data center is changing: Along with the trend of moving toward microservices and containers, there are a number of new distributed data processing frameworks such as Kafka or Cassandra being released on a weekly basis. These changes have implications for the ways we think about infrastructure. With the growing need for computing power and the rise of distributed applications comes the need for a reliable and simple-use cluster manager and programming abstraction.
In this presentation, Mesosphere explains how to use DC/OS to manage microservices and fast data systems on a single platform. We will look at how container orchestration, including resource management and service management, can be streamlined to process fast data in a matter of seconds, allowing for predictive user interfaces, product recommendations, and billing charge back, among other modern app components.
Cloud computing comes into focus only when you think about what IT always needs: a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. Cloud computing encompasses any subscription-based or pay-per-use service that, in real time over the Internet, extends IT's existing capabilities.
All Trophies at Trophy-World Malaysia | Custom Trophies & Plaques Supplier. Come to our Trophy Shop today and check out all our variety of Trophies available. We have the widest range of Trophies in Malaysia. Our team is always ready to greet your needs and discuss with you on your custom Trophy for your event. Rest assured, you will be with the best Trophy Supplier in Malaysia. The official Trophy Malaysia. Thank you for your support.
Pruning enhances your garden's visual appeal by keeping plants neat and well-formed. Whether you prefer a formal, structured look or a more natural, free-flowing design, regular pruning helps you achieve and maintain your desired garden style. A well-pruned garden looks cared for and can significantly improve the overall beauty of your outdoor space.
Merchants from high-risk industries face significant challenges due to their industry reputation, chargeback, and refund rates. These industries include sectors like gambling, adult entertainment, and CBD products, which often struggle to secure merchant accounts due to increased risks of chargebacks and fraud.
To overcome these difficulties, it is necessary to improve credit scores, reduce chargeback rates, and provide detailed business information to high-risk merchant account providers to enhance credibility.
Regarding security, implementing robust security measures such as secure payment gateways, two-factor authentication, and fraud detection software that utilizes machine learning systems is crucial.
Job Vacancies in Norway 🇳🇴
Warehouse Workers for Clothing
2year WORKPERMIT đź‘Ť
Salary: €3900-4300 per month (Paid twice a month).
Requirements:
* Duties include quality control of products, order picking, packing goods, and applying stickers and labels.
* Work schedule: 8-10 hours per day, 5 days a week.
Documents đź“„
*Adhar
Pan
Photo
Education documents
Basic English**o
Education documents
Basic English**
Photo
Education documents
Basic English**
METS Lab SASO Certificate Services in Dubai.pdfsandeepmetsuae
Â
Achieving compliance with the Saudi Standards, Metrology and Quality Organization (SASO) regulations is crucial for businesses aiming to enter the Saudi market. METS Laboratories offers comprehensive SASO certification services designed to help companies meet these stringent standards efficiently. Our expert team provides end-to-end support, from initial product assessments to final certification, ensuring that all regulatory requirements are meticulously met. By leveraging our extensive experience and state-of-the-art testing facilities, businesses can streamline their certification process, avoid costly delays, and gain a competitive edge in the market. Trust METS Laboratories to guide you through every step of achieving SASO compliance seamlessly.
Optimize your online presence as an interior designer in Delhi with tailored SEO strategies. Elevate visibility on search engines, ensuring your design prowess reaches the right audience. Craft engaging content that resonates with local clientele, incorporating relevant keywords and metadata. Harness the power of local SEO techniques to dominate search results, driving organic traffic and inquiries. Stay ahead in Delhi's competitive market by fine-tuning your digital footprint with effective SEO practices.
Stay updated on Siddhivinayak Temple events and timings in Houston, TX. Join our spiritual and community gatherings. Visit us now! gaurisiddhivinayak.org
Discover How Long Do Aluminum Gutters Last?SteveRiddle8
Â
Many people wonder how long aluminum gutters last. In this ppt, we will cover the lifetime of aluminum gutters, appropriate maintenance procedures, and the advantages of using this material for gutter installation.
Solar power panels, also known as photovoltaic (PV) panels, convert sunlight into electricity, offering a renewable and sustainable energy solution. Composed of semiconductor materials, typically silicon, these panels absorb photons from sunlight, generating an electric current through the photovoltaic effect. This clean energy source reduces dependence on fossil fuels, mitigates greenhouse gas emissions, and contributes to environmental sustainability.
Best Immigration Consultants in Amritsar- SAGA StudiesSAGA Studies
Â
Want to fulfill your study abroad dream? Searching for the best Immigration Consultants?
SAGA Studies is the best immigration consultants in Amritsar, provides student admissions, study visa, spouse and dependent visas, tourist visas, PTE exam assistance,and many more.
Comprehensive Water Damage Restoration Serviceskleenupdisaster
Â
Find out how Disaster Kleenup's professional water damage restoration services can quickly and efficiently restore your property. Find more about our advanced techniques and quick action plans. Visit here: https://iddk.com/disaster-cleanup-services/flood-damage/
3 Examples of new capital gains taxes in CanadaLakshay Gandhi
Â
Stay informed about capital gains taxes in Canada with our detailed guide featuring three illustrative examples. Learn what capital gains taxes are and how they work, including how much you pay based on federal and provincial rates. Understand the combined tax rates to see your overall tax liability. Examine specific scenarios with capital gains of $500k and $1M, both before and after recent tax changes. These examples highlight the impact of new regulations and help you navigate your tax obligations effectively. Optimize your financial planning with these essential insights!
đź’Ľ Dive into the intricacies of capital gains taxes in Canada with this insightful video! Learn through three detailed examples how these taxes work and how recent changes might impact you.
âť“ What are capital gains taxes? Understand the basics of capital gains taxes and why they matter for your investments.
đź’¸ How much taxes do I pay? Discover how the amount of tax you owe is calculated based on your capital gains.
đź“Š Federal tax rates: Explore the federal tax rates applicable to capital gains in Canada.
🏢 Provincial tax rates: Learn about the varying provincial tax rates and how they affect your overall tax bill.
⚖️ Combined tax rates: See how federal and provincial tax rates combine to determine your total tax obligation.
💵 Example 1 – Capital gains $500k: Examine a scenario where $500,000 in capital gains is taxed.
💰 Example 2 – Capital gains of $1M before the changes: Understand how a $1 million capital gain was taxed before recent changes.
🆕 Example 3 – Capital gains of $1M after the changes: Analyze the tax implications for a $1 million capital gain after the latest tax reforms.
🎉 Conclusion: Summarize the key points and takeaways to help you navigate capital gains taxes effectively.
#CapitalGainsTax #Taxation #CanadianTax #InvestmentTax #TaxRates #FinancialPlanning #TaxReform #CapitalGains #TaxExamples 💼💸📊🏢⚖️💵💰🆕
eBrand Promotion Full Service Digital Agency Company ProfileChimaOrjiOkpi
Â
eBrandpromotion.com is Nigeria’s leading Web Design/development and Digital marketing agency. We’ve helped 600+ clients in 24 countries achieve growth revenue of over $160+ Million USD in 12 Years. Whether you’re a Startup or the Unicorn in your industry, we can help your business/organization grow online. Thinking of taking your business online with a professionally designed world-class website or mobile application? At eBrand, we don’t just design beautiful mobile responsive websites/apps, we can guarantee that you will get tangible results or we refund your money…
Emmanuel Katto Uganda - A PhilanthropistMarina Costa
Â
Emmanuel Katto is a well-known businessman from Uganda who is improving his town via his charitable work and commercial endeavors. The Emka Foundation is a non-profit organization that focuses on empowering adolescents through education, business, and skill development. He is the founder and CEO of this organization. His philanthropic journey is deeply personal, driven by a calling to make a positive difference in his home country. Check out the slides to more about his social work.
Best steel industrial company LLC in UAEalafnanmetals
Â
AL Afnan Steel Industrial Company LLC is a distinguished steel manufacturer and supplier, celebrated for its high-quality products and outstanding customer service. With a diverse portfolio that includes structural steel, and custom fabrications, AL Afnan meets a wide array of industrial demands. We are dedicated to using advanced technologies and sustainable methods to ensure excellence and reliability in every product, serving both local and international markets with efficiency.
Forex Copy trading is the mode of trading offering great opportunities to the traders lacking time or in-depth market knowledge, yet willing to use currency trading as a form of investment and to increase their initial funds.
Citizen Air Conditioning Services has offered its services to residential and commercial customers, including air conditioning systems inspections and repairs, boiler installations, mini-split systems, and other cost-effective heating solutions by factory-trained technicians. Other services offered include installation of indoor and outdoor fireplaces, patio and pool heaters, outside gaslighting and BBQs, as well as water system and plumbing services.
Citizen Air Conditioning Services|Air Conditioning Nyc
Â
cloud computing
1. Cloud Computing
Architecture, IT Security, & Operational Perspectives
Steven R. Hunt
ARC IT Governance Manager
Ames Research Center
Matt Linton
IT Security Specialist
Ames Research Center
Matt Chew Spence
IT Security Compliance Consultant
Dell Services Federal Government
Ames Research Center
August 17, 2010
2. Agenda
 Introductions
» Steve Hunt
 What is cloud computing?
» Matt Chew Spence
 How can NASA benefit from cloud computing?
» Matt Chew Spence
 How is NASA implementing cloud computing?
» Matt Linton
 How does NASA secure cloud computing?
» Matt Linton
 Q&A
» Presentation Team
Extended Presentation
 FISMA & Clouds
» Matt Chew Spence
» Steve Hunt
 Assessment, Authorization, & FedRAMP
» Steve Hunt
3. OBJECTIVE: Overview of cloud
computing and share vocabulary
OBJECTIVE: Overview of cloud
computing and share vocabulary
Agenda
 Introductions
» Steve Hunt
 What is cloud computing?
» Matt Chew Spence
 How can NASA benefit from cloud computing?
» Matt Chew Spence
 How is NASA implementing cloud computing?
» Matt Linton
 How does NASA secure cloud computing?
» Matt Linton
 Q&A
» Presentation Team
Extended Presentation
 FISMA & Clouds
» Matt Chew Spence
» Steve Hunt
 Assessment, Authorization, & FedRAMP
» Steve Hunt
4. Cloud Computing – NIST Definition:
“A model for enabling convenient, on-
demand network access to a shared
pool of configurable computing
resources (e.g., networks, servers,
storage, applications, and services)
that can be rapidly provisioned and
released with minimal management
effort or service provider interaction”
What is Cloud Computing?
5. Conventional
 Manually Provisioned
 Dedicated Hardware
 Fixed Capacity
 Pay for Capacity
 Capital & Operational
Expenses
 Managed via Sysadmins
Cloud
 Self-provisioned
 Shared Hardware
 Elastic Capacity
 Pay for Use
 Operational Expenses
 Managed via APIs
Conventional Computing
vs.
Cloud Computing
What is Cloud Computing?
6. Five Key Cloud Attributes:
1. Shared / pooled resources
2. Broad network access
3. On-demand self-service
4. Scalable and elastic
5. Metered by use
What is Cloud Computing?
7. Shared / Pooled Resources:
 Resources are drawn from a common pool
 Common resources build economies of scale
 Common infrastructure runs at high efficiency
What is Cloud Computing?
8. Broad Network Access:
 Open standards and APIs
 Almost always IP, HTTP, and REST
 Available from anywhere with an internet
connection
What is Cloud Computing?
9. On-Demand Self-Service:
 Completely automated
 Users abstracted from the implementation
 Near real-time delivery (seconds or minutes)
 Services accessed through a self-serve
web interface
What is Cloud Computing?
10. Scalable and Elastic:
 Resources dynamically-allocated between
users
 Additional resources dynamically-released
when needed
 Fully automated
What is Cloud Computing?
11. Metered by Use:
 Services are metered, like a utility
 Users pay only for services used
 Services can be cancelled at any time
What is Cloud Computing?
12. Three Service Delivery Models
IaaS: Infrastructure as a Service
Consumer can provision computing resources within
provider's infrastructure upon which they can deploy and
run arbitrary software, including OS and applications
PaaS: Platform as Service
Consumer can create custom applications using
programming tools supported by the provider and deploy
them onto the provider's cloud infrastructure
SaaS: Software as Service
Consumer uses provider’s applications running on
provider's cloud infrastructure
What is Cloud Computing?
13. What is Cloud Computing?
SaaS
PaaS
IaaS
Amazon Google Microsoft Salesforce
Service Delivery Model Examples
Products and companies shown for illustrative purposes only and should not
be construed as an endorsement
14.  Cost efficiencies
 Time efficiencies
 Power efficiencies
 Improved process
control
 Improved security
 “Unlimited” capacity
Cloud efficiencies and improvements
• Burst capacity (over-
provisioning)
• Short-duration projects
• Cancelled or failed missions
• Burst capacity (over-
provisioning)
• Short-duration projects
• Cancelled or failed missions
$
• Procurement
• Network connectivity
• Procurement
• Network connectivity
• Standardized, updated base images
• Centrally auditable log servers
• Centralized authentication systems
• Improved forensics (w/ drive image)
• Standardized, updated base images
• Centrally auditable log servers
• Centralized authentication systems
• Improved forensics (w/ drive image)
What is Cloud Computing?
15. OBJECTIVE: Discuss requirements,
use cases, and ROI
OBJECTIVE: Discuss requirements,
use cases, and ROI
Agenda
 Introductions
» Steve Hunt
 What is cloud computing?
» Matt Chew Spence
 How can NASA benefit from cloud computing?
» Matt Chew Spence
 How is NASA implementing cloud computing?
» Matt Linton
 How does NASA secure cloud computing?
» Matt Linton
 Q&A
» Presentation Team
Extended Presentation
 FISMA & Clouds
» Matt Chew Spence
» Steve Hunt
 Assessment, Authorization, & FedRAMP
» Steve Hunt
16. How can NASA benefit from cloud computing?
Current IT options for Scientists
Current Options*Requirements*
* Requirements and Options documented in over 30+ interviews
with Ames scientists as part 2009 NASA Workstation project.
17. Mission Objectives
Explore, Understand, and Share
Exploration Space OpsScienceAeronautics
High Compute Vast Storage
High Speed
Networking
Process
Large
Data
Sets
Scale-out for
one-time
events
Require
infrastructure
on-demand
Store
mission &
science
data
Share
information
with the
public
Run
Compute
Intensive
Workloads
Shared Resource
Mission Support
How can NASA benefit from cloud computing?
Scientists direct access to Nebula cloud computing
19. *15% utilization based on two reports from Gartner Group, Cost of
Traditional Data Centers (2009), and Data Center Efficiency (2010).
ROI and ARC Case Study
How can NASA benefit from cloud computing?
POWER: Computers typically require 70% of their total
power requirements to run at just 15% utilization.
20.  Operational Enhancements:
» Strict standardization of hardware and infrastructure
software components
» Small numbers of system administrators due to the
cookie-cutter design of cloud components and
support processes
» Failure of any single component within the Nebula
cloud will not become reason for alarm
» Application operations will realize similar efficiencies
once application developers learn how to properly
deploy applications so that they are not reliant on any
particular cloud component.
ROI and ARC Case Study
How can NASA benefit from cloud computing?
21. OBJECTIVE: Overview of how NASA
is implementing cloud computing
OBJECTIVE: Overview of how NASA
is implementing cloud computingAgenda
 Introductions
» Steve Hunt
 What is cloud computing?
» Matt Chew Spence
 How can NASA benefit from cloud computing?
» Matt Chew Spence
 How is NASA implementing cloud computing?
» Matt Linton
 How does NASA secure cloud computing?
» Matt Linton
 Q&A
» Presentation Team
Extended Presentation
 FISMA & Clouds
» Matt Chew Spence
» Steve Hunt
 Assessment, Authorization, & FedRAMP
» Steve Hunt
25. Nebula Principles
 Open and Public APIs, everywhere
 Open-source platform, apps, and data
 Full transparency
» Open source code and documentation
releases
 Reference platform
» Cloud model for Federal Government
How is NASA implementing cloud computing?
26. Nebula User Experience
Nebula IaaS user will have an experience
similar to Amazon EC2:
 Dedicated private VLAN for instances
 Dedicated VPN for access to private VLAN
 Public IPs to assign to instances
 Launch VM instances
 Dashboard for instance control and API access
Able to import/export bundled instances to AWS
and other clouds
How is NASA implementing cloud computing?
Products and companies named for illustrative purposes only and should not be
construed as an endorsement
28. Shared Nothing
 Messaging Queue
 State Discovery
 Standard Protocols
Automated
• IPMI
• PXEBoot
• Puppet
How is NASA implementing cloud computing?
33. Object Node
Ubuntu OSUbuntu OS
PuppetPuppet
Nova
Object
Node
Nova
Object
Node
PXEPXE
NginxNginx
How is NASA implementing cloud computing?
34. Network Node
Ubuntu OSUbuntu OS
PuppetPuppet
Nova
Networ
k
Node
Nova
Networ
k
Node
802.1(q)802.1(q)
BrctlBrctl
PXEPXE
Project
VLAN
Project
VLAN
IPTablesIPTables
Public
Internet
Public
Internet
How is NASA implementing cloud computing?
35. Pilot Lessons Learned
- Automate Everything
 No SysAdmin is perfect
 99% is not good enough
 NEVER make direct system changes
 When in doubt - PXEBoot
How is NASA implementing cloud computing?
36. Pilot Lessons Learned
- Test Everything
 KVM + Jumbo Frames
 Grinder
 Unit Tests / Cyclometric Complexity
 TransactionID Insertion (Universal Proxy)
How is NASA implementing cloud computing?
37. Pilot Lessons Learned
- Monitor Everything
 Ganglia
 Munin
 Syslog-NG + PHPSyslog-NG
 Nagios
 Custom Log Parsing (Instance-centric)
How is NASA implementing cloud computing?
38. OBJECTIVE: Overview of technical
security mechanisms built into Nebula
OBJECTIVE: Overview of technical
security mechanisms built into NebulaAgenda
 Introductions
» Steve Hunt
 What is cloud computing?
» Matt Chew Spence
 How can NASA benefit from cloud computing?
» Matt Chew Spence
 How is NASA implementing cloud computing?
» Matt Linton
 How does NASA secure cloud computing?
» Matt Linton
 Q&A
» Presentation Team
Extended Presentation
 FISMA & Clouds
» Matt Chew Spence
» Steve Hunt
 Assessment, Authorization, & FedRAMP
» Steve Hunt
39. Technical Security Overview
• Issues with Commercial Cloud Providers
• Overview of Current Security Mechanisms
• Innovations
OBJECTIVE: Overview of technical
security mechanisms built into Nebula
OBJECTIVE: Overview of technical
security mechanisms built into Nebula
40. How does NASA secure cloud computing?
Commercial Cloud Provider Security Concerns
» IT Security not brought into decision of how & when
NASA orgs use clouds
» IT Security may not know NASA orgs are using
clouds until an incident has occurred
» Without insight into monitoring/IDS/logs, NASA
may not find out that an incident has occurred
» No assurances of sufficient cloud infrastructure
access to perform proper forensics/investigations
» These issues are less likely with a private cloud like
Nebula
41. How does NASA secure cloud computing?
IT Security is built into Nebula
 User Isolation from Nebula Infrastructure
 Users only have access to APIs and Dashboards
» No user direct access to Nebula infrastructure
 Project-based separation
» A project is a set of compute resources
accessible by one or more users
» Each project has separate:
• VLAN for project instances
• VPN for project users to launch, terminate,
and access instances
• Image library of instances
42. How does NASA secure cloud computing?
Networking
 RFC1918 address space internal to Nebula
» NAT is used for those hosts within Nebula
needing visibility outside a cluster
 Three core types of networks within Nebula:
» Customer
• Customer VLANs are isolated from each
other
» DMZ
• Services available to all Nebula such as
NTP, DNS, etc
» Administrative
43. Security Groups
 Combination of VLANs and Subnetting
 Can be extended to use physical
network/node separation as well (future)
How does NASA secure cloud computing?
44. C
L
O
U
D
A
P
I
S
S
M
R
Project A
(10.1.1/24)
Project B
(10.1.2/24)
Operations Console
(custom)
Security Scanners
(Nessus, Hydra, etc)
Log Aggregation,
SOC Tap
RFC1918
Space
(LAN_X)
B
R
I
D
G
E
Public IP
Space
I
N
T
E
R
N
E
T
External
Scanner
DMZ
Services
Event Correlation
Engine
How does NASA secure cloud computing?
45. How does NASA secure cloud computing?
Firewalls
 Multiple levels of firewalling
» Hardware firewall at site border
» Firewall on cluster network head-ends
» Host-based firewalls on key hosts
» Project based rule sets based on Amazon
security groups
46. How does NASA secure cloud computing?
Remote User Access
 Remote access is only through VPN (openVPN)
 Separate administrative VPN and user VPNs
 Each project has own VPN server
47. How does NASA secure cloud computing?
Intrusion Detection
 OSSEC on key infrastructure hosts
» Open source Host-based Intrusion Detection
 Mirror port to NASA SOC tap
 Building 10Gb/sec IDS/IPS/Forensics device
with vendor partners
48. How does NASA secure cloud computing?
Configuration Management
 Puppet used to automatically push out
configuration changes to infrastructure
 Automatic reversion of unauthorized changes
to system
49. How does NASA secure cloud computing?
Vulnerability Scanning
 Nebula uses both internal and external
vulnerability scanners
 Correlate findings between internal and
external scans
50. How does NASA secure cloud computing?
Incident Response
 Procedures for isolating individual VMs,
compute nodes, and clusters, including:
» Taking snapshot of suspect VMs, including
memory dump
» Quarantining a VM within a compute node
» Disabling VM images so new instances
can’t be launched
» Quarantining a compute node within a
cluster
» Quarantining a cluster
51. How does NASA secure cloud computing?
Role Based Access Control
 Multiple defined roles within a project
 Role determines which API calls can be
invoked
» Only network admin can request non-1918
addresses
» Only system admin can bundle new images
» etc
52. How does NASA secure cloud computing?
Innovation - Security Gates
 API calls can be intercepted and security
gates can be imposed on function being called
 When an instance is launched, it can be
scanned automatically for vulnerabilities
 Long term vision is to have a pass/fail launch
gate based on scan/monitoring results
53. How does NASA secure cloud computing?
Vision - Security as a Service
 Goal - Automate compliance through security
services provided by cloud provider
 Security APIs/tools mapped to specific controls
» Customers could subscribe to tools/services to
meet compliance requirements
 When setting up new project in cloud
» Customers assert nature of data they will use
» Cloud responds with list of APIs/tools for
customers to use
 Currently gathering requirements but funding
needed to realize vision
54. How does NASA secure cloud computing?
Vision - Security Service Bus
 Goal - FISMA compliance through continuous
real-time monitoring and situational awareness
» Security service bus with event driven
messaging engine
» Correlate events across provider and multiple
customers
» Dashboard view for security providers and
customers
» Allows customers to make risk-based security
decisions based on events experienced by
other customers
 Funding Needed to Realize Vision
55. Nebula Open Source Progress
 Significant progress in embracing the value of
open source software release
» Agreements with SourceForge and Github
» Open source identified as an essential component of
NASA’s open government plan
 Elements of Nebula in open source release
pipeline
» Started Feb 2010. Hope for release in June.
» Working toward continual incremental releases.
» Exploring avenues to contribute code to external
projects and to accept external contributions to the
Nebula code base.
How does NASA secure cloud computing?
56. Agenda
 Introductions
» Steve Hunt
 What is cloud computing?
» Matt Chew Spence
 How can NASA benefit from cloud computing?
» Matt Chew Spence
 How is NASA implementing cloud computing?
» Matt Linton
 How does NASA secure cloud computing?
» Matt Linton
 Q&A
» Presentation Team
Extended Presentation
 FISMA & Clouds
» Matt Chew Spence
» Steve Hunt
 Assessment, Authorization, & FedRAMP
» Steve Hunt
59. OBJECTIVE: Overview of Nebula C&A
with Lessons Learned
OBJECTIVE: Overview of Nebula C&A
with Lessons Learned
Agenda
 Introductions
» Steve Hunt
 What is cloud computing?
» Matt Chew Spence
 How can NASA benefit from cloud computing?
» Matt Chew Spence
 How is NASA implementing cloud computing?
» Matt Linton
 How does NASA secure cloud computing?
» Matt Linton
 Q&A
» Presentation Team
Extended Presentation
 FISMA & Clouds
» Matt Chew Spence
» Steve Hunt
 Assessment, Authorization, & FedRAMP
» Steve Hunt
60. FISMA & Clouds
FISMA Overview
 Federal Information Security Management Act
– Requires all Gov’t computers to be under a security plan
–Mandates following NIST security guidance
–Required controls depend on FIPS-199 sensitivity level
–Requires periodic assessments of security controls
–Extremely documentation heavy
–Assumes one organization has responsibility for majority of
identified security controls
 FISMA is burdensome to cloud customers
–Customers want to outsource IT Security to cloud provider
61. FISMA & Clouds
FISMA Responsibilities in Clouds
 Clouds are a “Highly Dynamic Shared Management
Environment”
» Customers retain FISMA responsibilities for aspects of a
cloud under their control
» Responsibilities vary depending on level of control maintained
by customer
» Customer control varies relative to service delivery model
(SaaS, PaaS, or IaaS)
 Need to define & document responsibilities
» We parsed 800-53 Rev3 controls per service delivery model
 Nebula currently only offers IaaS
» We parsed all three service models for future planning
62. Identifying data types
Ensuring data appropriate to system
User/Account Management
Personnel Controls
Identifying data types
Ensuring data appropriate to system
User/Account Management
Personnel Controls
Software Licenses
Developer Testing
App Configuration Management
Software Development Lifecycle
Software Licenses
Developer Testing
App Configuration Management
Software Development Lifecycle
OS Config Mgmt
Anti-Malware
SW Install Controls
OS specific Controls
etc
OS Config Mgmt
Anti-Malware
SW Install Controls
OS specific Controls
etc
SaaS
IaaS
PaaS
Cloud
Customer
Security
Responsibility
Customer FISMA Responsibilities for Cloud
Customer FISMA
responsibilities Increase
as Customers have more
control over security
measures
62
FISMA & Clouds
63. FISMA & Clouds
IaaS Customer Security Plan Coverage Options
 At inception little guidance existed on cloud computing control
responsibilities & security plan coverage
 FedRAMP primarily addresses cloud provider responsibilities
» Other than control parsing definitions Customers are given little
guidance on implementing and managing FISMA requirements in a
highly dynamic shared management environment
 We have developed the following options:
Option Description Issues
Customer Owned Customer responsible for
own security plan with no
assistance from provider
• None to Providers
• Burdensome to
customers
Facilitated Customer responsible for
own security plan using
NASA template
• May still be burdensome
to customers.
• Not scalable unless
automated.
Agency Owned Agency or Center level
“Group” security plans
associated with Cloud
providers serve as
aggregation point for
customer.
• May be burdensome to
Agency or Center.
• Requires technology to
automate input and
aggregation of customer
data.
64. FISMA & Clouds
Current NASA Requirements/Tools may Impede
Cloud Implementation
 Default security categorization of Scientific and Space Science
data as “Moderate”
» Independent assessment required for every major change
• Currently requires 3rd
party document-centric audit
• Not scalable to cloud environments
 e-Authentication/AD integration required for all NASA Apps
» NASA implementations don’t currently support LDAP/SAML-
based federated identity management
 Function-specific stove-piped compliance tools
» STRAW/PIA tool/A&A Repository/NASA electronic forms
» Can’t easily automate compliance process for new apps
64
65. FISMA & Clouds
Emerging Developments in FISMA & Clouds
 Interagency Cloud Computing Security Working Group
is developing additional baseline security requirements
for cloud computing providers
 NIST Cloud Computing guidance forthcoming?
 Move towards automated risk models and security
management tools over documentation
 On the bleeding edge - changing guidance &
requirements are a key risk factor (and opportunity)
65
66. FISMA & Clouds
Nebula is Contributing to Cloud StandardsNebula is Contributing to Cloud Standards
 Federal Cloud Standards Working Group
 Fed Cloud Computing Security Working
Group
» Federal Risk & Authorization Management
Program (FedRAMP)
 Cloud Audit project
» Automated Audit Assertion Assessment &
Assurance API
 Providing Feedback to NIST and GAO
 GSA Cloud PMO
66
67. OBJECTIVE: Overview of how Nebula
concepts may integrate with FedRAMP
OBJECTIVE: Overview of how Nebula
concepts may integrate with FedRAMP
Agenda
 Introductions
» Steve Hunt
 What is cloud computing?
» Matt Chew Spence
 How can NASA benefit from cloud computing?
» Matt Chew Spence
 How is NASA implementing cloud computing?
» Matt Linton
 How does NASA secure cloud computing?
» Matt Linton
 Q&A
» Presentation Team
Extended Presentation
 FISMA & Clouds
» Matt Chew Spence
» Steve Hunt
 Assessment, Authorization, & FedRAMP
» Steve Hunt
68.  A Federal Government-Wide program to provide
“Joint Authorizations” and Continuous Monitoring
» Unified Government-Wide risk management
» Authorizations can be leveraged throughout
Federal Government
 This is to be an optional service provided to
Agencies that does not supplant existing
Agency authority
Federal Risk and Authorization
Management Program
Federal Risk and Authorization
Management Program
FedRAMP
69. Independent Agency Risk Management of Cloud Services
…
Federal Agencies
Cloud Service Providers (CSP)
…
: Duplicative risk
management efforts
: Incompatible agency
policies
: Potential for inconsistent
application of Federal
security requirements
: Acquisition slowed by
lengthy compliance
processes
FedRAMP
70. Federated Risk Management of Cloud Systems
: Risk management cost
savings and increased
effectiveness
: Interagency vetted
approach
: Consistent
application of Federal
security requirements
Federal Agencies
: Rapid acquisition
through consolidated
risk management
Cloud Service Providers (CSP)
FedRAMPFedRAMP
Risk Management
• Authorization
• Continuous
Monitoring
• Federal Security
Requirements
…
…
FedRAMP
71. FedRAMP Authorization process
Agency X has a need
for a new cloud based
IT system
Agency X gets
security requirements
for the new IT system
from FedRAMP and
adds requirements if
necessary
Agency X releases
RFP for new IT
system and awards
contract to cloud
service provider
(CSP)
Agency X submits
request to FedRAMP
office for CSP To be
FedRAMP authorized
to operate
CSP is put into FedRAMP
priority queue
(prioritization occurs
based on factors such as
multi-agency use,
number of expected
users, etc.)
FedRAMP
72. FedRAMP Authorization process (cont)
FedRAMP
CSP and agency
sponsor begin
authorization
process with
FedRAMP office
CSP, agency
sponsor and
FedRAMP office
review security
requirements and
any alternative
implementations
FedRAMP office
coordinates with
CSP for creation
of system security
plan (SSP)
CSP has
independent
assessment of
security controls
and develops
appropriate
reports for
submission to
FedRAMP office
FedRAMP office
reviews and
assembles the
final authorization
package for the
JAB
JAB reviews final
certification
package and
authorizes CSP to
operate
FedRAMP office
adds CSP to
authorized system
inventory to be
reviewed and
leveraged by all
Federal agencies
FedRAMP
provides
continuous
monitoring of CSP
73. Issues & Concerns
 FedRAMP doesn’t provide much guidance for customer
side … e.g. Agency users of cloud services
 Current NIST guidance oriented primarily towards “Static
Single System Owner” environments
 Lack of NIST guidance for “Highly Dynamic Shared
Owner” environments … e.g. Virtualized Data Centers &
Clouds
» SSP generation & maintenance
» Application of SP 800-53 (security controls)
» Application of SP 800-37 (assessment & ATO)
» Continuous Monitoring
 Guidance may be forthcoming but NIST is resource
constrained
FedRAMP
74. Potential Solution
 Agency/Center level Aggregated SSPs:
» Plan per CSP … e.g. Nebula, Amazon,
Google, Microsoft … etc.
» Plan covers all customers of a specific CSP
» Technology integration may be needed with
SSP repository to dynamically update SSP
content via Web Registration site.
» Or … SSP may be able to point to dynamic
content entered and housed on Web
Registration site ... maintained in Wiki type
doc.
Presentation Title
—74—
March 5, 2010
FedRAMP