2. Industry Standards Organization
• National Institute of Standards and Technology (NIST)
• Cloud Security Alliance (CSA)
• Distributed Management Task Force (DMTF)
• Storage Networking Industry Association (SNIA)
• Organization for the Advancement of Structured
Information Standards (OASIS)
• The Open Group
• Open Cloud Consortium (OCC)
• European Telecommunication Standards Institute (ETSI)
• Telecommunication Industry Alliance (TIA)
• Liberty Alliance
• Open Grid Forum (OGF)
4. Data center networks
• Web servers
• Email servers
• Database servers
• App servers
• DNS servers
• Load balancers
• Firewalls
• Network Intrusion detection/Prevention devices
• Web accelerators
• Offload engines
• Switches
• Routers
• Wan optimization appliances
• Storage servers
• ToR switches
• Application delivery controllers
• VPN gateways
• Authentication, Authorization and Accounting servers
• Radius servers
• NAS devices
• SAN devices
5. Cloud Provider
NIST Reference architecture
Cloud Auditor
Performance
audit
Privacy
impact audit
Security
Audit
Cloud Consumer
Service Orchestration
Physical Resource layer
Facility
Hardware
Resource Abstraction and
control layer
Service layer
Paa
S
SaaS
IaaS
Cloud
service
managem
ent
Business
Support
Provisionin
g/Configura
tion
Portability
/Interopera
bility
SECURITY
PRIVACY
Cloud
Broker
Service
Intermediat
ion
Service
Aggregatio
n
Service
Arbitrage
CLOUD CARRIER
6. Actors in Cloud Computing
Actor Definition
Cloud Consumer A person or organization that maintains a business
relationship with, and uses service from, Cloud Providers.
Cloud Provider A person, organization, or entity responsible for making a
service available to interested parties.
Cloud Auditor A party that can conduct independent assessment of cloud
services, information system operations, performance and
security of the cloud implementation.
Cloud Broker An entity that manages the use, performance and delivery of
cloud services, and negotiates relationships between Cloud
Providers and Cloud Consumers.
Cloud Carrier An intermediary that provides connectivity and transport of
cloud services from Cloud Providers to Cloud Consumers.
7. Business Support
• Business Support entails the set of business-related services dealing with
clients and supporting processes. It includes the components used to run
business operations that are client-facing.
• Customer management: Manage customer accounts,
open/close/terminate accounts, manage user profiles, manage customer
relationships by providing points-of-contact and resolving customer issues
and problems, etc.
• Contract management: Manage service contracts,
setup/negotiate/close/terminate contract, etc.
• Inventory Management: Set up and manage service catalogs, etc.
• Accounting and Billing: Manage customer billing information, send billing
statements, process received payments, track invoices, etc.
• Reporting and Auditing: Monitor user operations, generate reports, etc.
• Pricing and Rating: Evaluate cloud services and determine prices, handle
promotions and pricing rules based on a user's profile, etc.
8. Provisioning and Configuration
• Rapid provisioning: Automatically deploying cloud systems based on
the requested service/resources/capabilities.
• Resource changing: Adjusting configuration/resource assignment
for repairs, upgrades and joining new nodes into the cloud.
• Monitoring and Reporting: Discovering and monitoring virtual
resources, monitoring cloud operations and events and generating
performance reports.
• Metering: Providing a metering capability at some level of
abstraction appropriate to the type of service (e.g., storage,
processing, bandwidth, and active user accounts).
• SLA management: Encompassing the SLA contract definition (basic
schema with the QoS parameters), SLA monitoring and SLA
enforcement according to defined policies.
10. Example services available to a cloud
consumer
SaaS
consu
mer
Billing
Sales
CRM
ERP
Human
Resources
Social
networks
Financials
collaboration
Content
managemen
t
Document
managemen
t
Email and
office
productivity
11. Example services available to a cloud
consumer
PaaS
consum
er
Business
Intelligence
Developmen
t and testing
Database
Application
Deployment
Integration
IaaS
consum
er
Storage
CDN
Backup
recovery
Services
managemen
t
Platform
Hosting
12. Service Oriented Architecture
• Service consumer
• Service Provider
• SOAP/REST/XML/JSON messaging
• WSDL and UDDI specifications for web
services
13. Regulatory compliances for clouds
• GLBA – Gramm Leach Bliley Act of 1999 also known as
Financial Services Modernization Act of 1999
• HIPAA – Health Insurance Portability and Accountability
Act of 1996
• HITECH – Health Information Technology for Economic
and Clinical Health Act
• PCI-DSS – Payment card industry – Data security
standards
• SOX – Sarbanes Oxley Act
• ECPA – Electronics Communication Privacy Act
14. Certifications in cloud computing
• ISO 9000 certifications
• ISO 27000 certifications
• CMMI certifications
18. ToR Switch
ToR Switch ToR Switch
Server Rack
ToR Switch
Server Rack Server Rack
Aggregation
Switch
To core
switch
Optics
48 10GbE server ports + 4
40GbE optical uplink ports
20. Host Server
Server Virtualization – Vmware
Vsphere ESXi and Microsoft Hyper-V
Vswitch
VM1 VM2 VMn
Network Interface Hypervisor
Logical Diagram of a Virtualized server
21. Network Function Virtualization
V-Switch Hypervisor
VM1 VM2 VM3
Firewall Load
Balancer
Intrusion
detection
Specialized
processing cards
Standard high
performance server
Moving network functions to standard server platforms.
24. Software defined networks
Orchestration layer
Open VM
controller
Open
Storage
Controller
Open
network
controller
TOR switch
Storage
Servers
AppApp App App App
Simplified view of software defined data
center
OpenStack
Operating
system
25. OpenStack
• Free open source Linux based controller software that provides
orchestration layer for cloud data centers.
• Openstack has dashboard called Horizon through which administrators can
control all aspects of data center operation
• Nova – plugin to manage pool of server resources.It can also be used to
manage and configure virtual machines and has support support for
several hypervisors including vmware vsphere and Microsoft Hyper-V.
• Swift – plugin supporting object storage which allows objects to be stored
across multiple servers ( data replication to insure data integrity in case of
server or hard drive failure) in the data center
• Cinder – plugin that provides block storage capabilities .It manages
creation,attachment and detachment of block storage devices to servers
for performance sensitive applications.
• Neutron – plugin for managing data center networking functions.It
provides a framework for providing various functions such as server load
balancing, firewalls and intrusion detection.
26. OpenFlow SDN controller and protocol
• Open networking Foundation generates
OpenFlow specifications
OpenFlow Controller ( centralized control plane)
Switch
Forwarding
Table
Switch
Forwarding
Table
From Orchestration layer
OpenFlow
API
OpenFlow
API
27. Cloud security
• Cybersecurity
• Privacy
• Hacking
• Denial of service attacks
• Network security
• Application security
• Nessus vulnerabilities
• Penetration testing
• Keyloggers, rootkits,bots, botnets, viruses
• Syslogs
• Identity management
• Authentication and Authorization
• NTLM, Kerberos
• Single Sign On
• Metasploit
• Smartphone PenTest Frame work
28. Internet of Things
• M2M communications
• ITU standards
• 6LoPWAN
• IEEE standards
• LoRA alliance, Industrial Internet Consortium, IPSO Alliance
• Sensors/IoT gateways/uIP stack
• Edge computing/analytics
• MQTT, COAP protocols
• Smart City, Smart grid, Smart metering, Connected Vehicle,
Fleet management, Water and sewage disposal, Traffic
control