How to Remove Document Management Hurdles with X-Docs?
Towards a Federated Cloud Ecosystem
1. Towards a Federated Cloud
Ecosystem
Clovis Chapman, Dell Cloud R&D
Clovis_Chapman@dell.com
1
2. NIST Definition
“Cloud computing is a model for enabling convenient, on-demand
network access to a shared pool of configurable computing
resources (e.g. networks, servers, storage, applications and services)
that can be rapidly provisioned and released with minimal
management effort or service provider interaction. “
2 Cloud Research and Development Center
3. NIST Definition of Cloud Computing
Broad network Measured On-demand
Rapid elasticity
access Access self service
Essential
Characteristics
Resource Pooling
Software as a Platform as a Infrastructure as
Service Models
Service (SaaS) Service (PaaS) a Service (IaaS)
Com- Deployment
Public Private Hybrid munity Models
3 Cloud Research and Development Center
4. Elastic Resource Provisioning
Under-provisioning
Traditional IT provisioning
Risks of overprovisioning (under-utilisation) or under-
provisioning (saturation).
Real world estimates of server utilisation 5% to 20%
Upfront capital expense and slow capacity adjustment
Over-provisioning
Fully Cloud hosted solution
Resource Capacity
Usage-based pricing
Risk of misestimating workload shifted from service
provider to cloud provider
Hybrid Solution
“Cloud bursting”
Leverage existing assets: performance and cost
management
Usage Capacity Forecast
Time
4 Cloud Research and Development Center
5. Enterprise Cloud Requirements
Commodity Clouds VS Data Center
Designed for: Designed for:
• Self-service oriented • Proprietary, customised environment
• Low prices - inexpensive entry point • Organisation level scale
• Volume operations • Single tenant with full control
• Ecosystem of applications and tenants • Dedicated support
Applications: Applications:
• Design for failure • Resilience: N+1
• Horizontal scaling • Vertical scaling
• Weak SLAs that do not cover all resource types • Dedicated resources
• Shared network and data • 4 or 5 nine availability
Examples: Amazon AWS and EC2 (IaaS)
/Google AppEngine (PaaS)
Enterprise
Cloud
5 Cloud Research and Development Center
6. Key Challenges
• Scalability
– Developing/Re-engineering applications to scale
– Means of exploiting application structural information for elasticity
• Resource Utilisation
– Capacity planning: Balancing overprovisioning/performance
– Infrastructure to monitor, supervise and control
• Vendor lock-in
– Strong divergences in (proprietary) interfaces: image formats, APIs etc.
– Requires re-developing applications
6 Cloud Research and Development Center
7. Key Challenges
• Quality of Service and Service Level Agreements
– Performance stability and homogeneity of shared resources (disk, network, etc)
– Relationship between application level SLAs and Cloud SLAs
– “4 or 5 nine” SLAs: increased amounts of redundancy
• Security
– Modeling overall security profile
– Data protection, privacy
• Compliance, Governance, Regulation
– It auditing: “The process of collecting and evaluating evidence to determine whether a
computer system (information system) safegaurds assets, maintains data integrity, achieves
organisation goals effectively and consumes resources effectively.”
– Need audit tracking for business processes that may span multiple providers
7 Cloud Research and Development Center
8. Services delivery model
License model (per server)
Managed by the customer:
• Infrastructure and deployment costs
Software as • Upgrade costs/training …
product
Pay per use subscription model
Public Managed by the service provider:
SaaS
Cloud • Cost of remote access
Software as
service
Composite Services
Public Focused on the business process:
Cloud Public • Multiple service providers involved
SaaS
SaaS
Cloud Business • Potential combination of local and
cloud resources
Services
Private data center
8 Cloud Research and Development Center
9. Identity and Access Management
• Identity Provisioning
– Secure and timely management of on-boarding (provisioning) and off-boarding (de-provisioning) of users in the cloud.
– Extending enterprise user management processes to the cloud.
– Existing standards: SPML, WS-provisioning, SCIM
• Authentication
– Organizations must address authentication-related challenges such as credential management, strong authentication,
delegated authentication, and managing trust across all types of cloud services
• Access Control
– The requirements for user profiles and access control policy vary, depending on whether the user is acting on their own
behalf (such as a consumer) or as a member of an organization (such as an employer, university, hospital, or other
enterprise).
– The access control requirements in SPI environments include establishing trusted user profile and policy information,
using it to control access within the cloud service, and sdoing this in an auditable way
– Existing standards: XACML
• Identity Federation
– Federated Identity Management plays a vital role in enabling organizations to authenticate their users of cloud services
using the organization’s chosen identity provider
– Existing standards: SAML Based WS-Trust & SSO, OpenID, OAuth
9 Cloud Research and Development Center
10. Example: N-tier Architecture
Mobile Browser API access
Load balancing
Web
Servers
Application
Cloudbursting Servers
Data Access layer
Public Cloud Other
LDAP SaaS
User Store
10 Cloud Research and Development Center
11. Key Enablers
• Open-source Cloud platforms:
– Technology transfer instrument across domains and communities,
– Encourage wider interoperability between solutions – open APIs, etc.
– Increased degree of transparency
› Visibility into roadmap/objectives
› Increased predictability for end-user service delivery
• Cloud Computing Standards
– Interoperability across products and organisational boundaries
– Portability across vendors
– Concerns: Landscape is still changing / Numerous emerging standards
11 Cloud Research and Development Center
12. Open Source Cloud Middleware
• Example Infrastructure-as-a-Service clouds:
Since 2010 – Apache Licence
Who: Started by NASA and Rackspace, now a multi-vendor consortium
(including Dell)
What: Collection of software for building private and public clouds –
compute, storage and server library
Since 2008 – Apache Licence
Who: DSA Research Group at Complutense University of Madrid | Open
Nebula Community
What: Dynamic management of virtual infrastructures within and across
sites, with support for hybrid integration with public clouds
Since 2010 – Apache Licence
Who: Cloud.com | Citrix
What: Java based framework for managing networks of Virtual Machines
12 Cloud Research and Development Center
13. Open Source Cloud Middleware
• Example Platform-as-a-Service Open Source:
Since 2010 – Apache Licence
Who: VMWare
What: Open source (free) cloud computing platform as a service (PaaS)
software - provides support for various services (e.g. MySQL, MongoDB,
etc.)
13 Cloud Research and Development Center
14. OpenStack Architecture
Centralized Services
Nova Compute
Dashboard Queue
Network Worker
API Scheduler DB
Compute Worker
Manager
Authentication
Driver
Image Service
(Glance)
Hypervisor
Swift_Proxy
Swift_Object
Swift_Acct
Zones
Swift_Container
14 Cloud Research and Development Center
15. OVF | CIMI Standard /
Proprietary
Interfaces
Service Management Interface
Private
Cloud
SaaS
PaaS
DaaS
SCIM Security
Management
Hybrid
Cloud
IaaS
…
17 Cloud Research and Development Center
16. Example: Open Virtualisation Format
• DMTF standard backed by VMWare
and XenSource which aims to offer a
packaging mechanism in a portable
and platform neutral way
• The OVF descriptor is an XML-based
document composed of three main
parts:
– Description of the files included in the
overall service (disks, ISO images,
etc.),
– Meta-data for all virtual machines
included
– Description of the different virtual
machine systems.
Develop Package Distribute Install Manage Retire
18 Cloud Research and Development Center
17. SCIM
• Simple Cloud Identity Management (?)
• Focus on Identity Provisioning and facilitating federation
• Features:
– Emerging open standard
– REST API
– Platform neutral schema.
– SAML binding.
– Emphasis on simplicity and interoperability: operation across organisational boundaries
• Started Q1 2011, Involves Ping, UnboundID, Salesforce, Cisco, …
19 Cloud Research and Development Center
18. SCIM Specification Set
REST API SAML Binding Future Binding
CRUD Methods Attribute Mapping
Endpoint URI/Attributes
Response Codes
Core Schema
User, Groups, Enterprise Extensions
REST API
Resource Endpoint HTTP Operations
User /Users GET, POST, PUT, PATCH, DELETE
Group /Groups GET, POST, PUT, PATCH, DELETE
Service Provider /ServiceProviderConfigs GET
Configuration
Schema /Schemas GET
Bulk /Bulk POST
20 Cloud Research and Development Center
19. SCIM Use Case: User Provisioning
Cloud Service User
Register
HTTP Create
SaaS (Identity)
User
application
Store
201 OK
SCIM
Consumer SCIM
Service
Provider
User Store
(LDAP,
DB, etc)
User
Store
21 Cloud Research and Development Center
20. SCIM Use Case: User Provisioning
Cloud Service User HTTP POST /Users application/json
{
Register
"schemas": ["urn:scim:schemas:core:1.0"],
"id":"2819c223-413861904646",
"userName":“clovis_chapman",
HTTP Create
(Identity)
"externalId":“clovis",
SaaS
"name":{ User
application
Store
"formatted":“Clovis Chapman”,
201 OK
"familyName":“Chapman“,
SCIM },
Consumer SCIM
"emails":[
Service
Provider
{ "value":"bjensen@example.com" },
{ "value":"babs@jensen.org" }
User Store ]}
(LDAP,
DB, etc) …
} User
Store
22 Cloud Research and Development Center
21. SCIM Use Case: SSO - Just In Time Provisioning
Enterprise
SaaS IDP
Login
SSO Redirect
SAML Response
SAML Attribute Query
SCIM User Identity
Create
User
23 Cloud Research and Development Center
22. Conclusions
• Cloud ecosystem is growing:
– Applications can involve various SaaS, PaaS and IaaS offerings
– Enabling complex workflows requires interoperability between both service and infrastructure
providers – current silos must be removed.
– Standards and Open Source offerings are key to encouraging adoption.
• References:
– OpenStack - http://openstack.org/
– OpenNebula - http://opennebula.org/
– SCIM Standard Specification: http://www.simplecloud.info/
– DMTF OVF: http://dmtf.org/standards/ovf
24 Cloud Research and Development Center