SlideShare a Scribd company logo
Towards a Federated Cloud
Ecosystem
Clovis Chapman, Dell Cloud R&D
Clovis_Chapman@dell.com




  1
NIST Definition




    “Cloud computing is a model for enabling convenient, on-demand
    network access to a shared pool of configurable computing
    resources (e.g. networks, servers, storage, applications and services)
    that can be rapidly provisioned and released with minimal
    management effort or service provider interaction. “




2                                                 Cloud Research and Development Center
NIST Definition of Cloud Computing



      Broad network                            Measured         On-demand
                        Rapid elasticity
         access                                 Access          self service
                                                                                       Essential
                                                                                       Characteristics
                                  Resource Pooling




       Software as a              Platform as a           Infrastructure as
                                                                                        Service Models
       Service (SaaS)             Service (PaaS)           a Service (IaaS)




                                                                   Com-                 Deployment
       Public             Private               Hybrid             munity               Models




3                                                                 Cloud Research and Development Center
Elastic Resource Provisioning

                    Under-provisioning
                                                 Traditional IT provisioning
                                                  Risks of overprovisioning (under-utilisation) or under-
                                                   provisioning (saturation).
                                                  Real world estimates of server utilisation 5% to 20%
                                                  Upfront capital expense and slow capacity adjustment
                             Over-provisioning



                                                 Fully Cloud hosted solution
Resource Capacity




                                                  Usage-based pricing
                                                  Risk of misestimating workload shifted from service
                                                   provider to cloud provider




                                                 Hybrid Solution
                                                  “Cloud bursting”
                                                  Leverage existing assets: performance and cost
                                                   management



                                                       Usage       Capacity            Forecast
                                  Time


  4                                                               Cloud Research and Development Center
Enterprise Cloud Requirements

                Commodity Clouds                       VS                        Data Center

    Designed for:                                           Designed for:
    • Self-service oriented                                 • Proprietary, customised environment
    • Low prices - inexpensive entry point                  • Organisation level scale
    • Volume operations                                     • Single tenant with full control
    • Ecosystem of applications and tenants                 • Dedicated support

    Applications:                                           Applications:
    • Design for failure                                    • Resilience: N+1
    • Horizontal scaling                                    • Vertical scaling
    • Weak SLAs that do not cover all resource types        • Dedicated resources
    • Shared network and data                               • 4 or 5 nine availability
    Examples: Amazon AWS and EC2 (IaaS)
    /Google AppEngine (PaaS)



                                                        Enterprise
                                                          Cloud


5                                                                            Cloud Research and Development Center
Key Challenges


• Scalability
    – Developing/Re-engineering applications to scale
    – Means of exploiting application structural information for elasticity

• Resource Utilisation
    – Capacity planning: Balancing overprovisioning/performance
    – Infrastructure to monitor, supervise and control

• Vendor lock-in
    – Strong divergences in (proprietary) interfaces: image formats, APIs etc.
    – Requires re-developing applications




6                                                                Cloud Research and Development Center
Key Challenges


• Quality of Service and Service Level Agreements
    – Performance stability and homogeneity of shared resources (disk, network, etc)
    – Relationship between application level SLAs and Cloud SLAs
    – “4 or 5 nine” SLAs: increased amounts of redundancy

• Security
    – Modeling overall security profile
    – Data protection, privacy

• Compliance, Governance, Regulation
    – It auditing: “The process of collecting and evaluating evidence to determine whether a
      computer system (information system) safegaurds assets, maintains data integrity, achieves
      organisation goals effectively and consumes resources effectively.”
    – Need audit tracking for business processes that may span multiple providers




7                                                              Cloud Research and Development Center
Services delivery model

                                                License model (per server)
                                                Managed by the customer:
                                                   •      Infrastructure and deployment costs
                              Software as          •      Upgrade costs/training …
                               product


                                               Pay per use subscription model
               Public                          Managed by the service provider:
               SaaS
               Cloud                              •       Cost of remote access
                              Software as
                                service


                                                Composite Services
     Public                                     Focused on the business process:
     Cloud           Public                           •   Multiple service providers involved
                      SaaS
                       SaaS
                     Cloud     Business               •   Potential combination of local and
                                                          cloud resources
                               Services




        Private data center



8                                               Cloud Research and Development Center
Identity and Access Management

• Identity Provisioning
    – Secure and timely management of on-boarding (provisioning) and off-boarding (de-provisioning) of users in the cloud.
    – Extending enterprise user management processes to the cloud.
    – Existing standards: SPML, WS-provisioning, SCIM

• Authentication
    – Organizations must address authentication-related challenges such as credential management, strong authentication,
      delegated authentication, and managing trust across all types of cloud services

• Access Control
    – The requirements for user profiles and access control policy vary, depending on whether the user is acting on their own
      behalf (such as a consumer) or as a member of an organization (such as an employer, university, hospital, or other
      enterprise).
    – The access control requirements in SPI environments include establishing trusted user profile and policy information,
      using it to control access within the cloud service, and sdoing this in an auditable way
    – Existing standards: XACML

• Identity Federation
    – Federated Identity Management plays a vital role in enabling organizations to authenticate their users of cloud services
      using the organization’s chosen identity provider
    – Existing standards: SAML Based WS-Trust & SSO, OpenID, OAuth




9                                                                               Cloud Research and Development Center
Example: N-tier Architecture

                       Mobile                  Browser       API access




                                           Load balancing



                      Web
                    Servers




                                                            Application
                    Cloudbursting                           Servers


                                    Data Access layer
     Public Cloud                                                                      Other
                                                                LDAP                   SaaS
                                                                User Store



10                                                           Cloud Research and Development Center
Key Enablers


• Open-source Cloud platforms:
     – Technology transfer instrument across domains and communities,
     – Encourage wider interoperability between solutions – open APIs, etc.
     – Increased degree of transparency
         ›   Visibility into roadmap/objectives
         ›   Increased predictability for end-user service delivery



• Cloud Computing Standards
     – Interoperability across products and organisational boundaries
     – Portability across vendors
     – Concerns: Landscape is still changing / Numerous emerging standards




11                                                                    Cloud Research and Development Center
Open Source Cloud Middleware


 • Example Infrastructure-as-a-Service clouds:

                      Since 2010 – Apache Licence
                      Who: Started by NASA and Rackspace, now a multi-vendor consortium
                      (including Dell)
                      What: Collection of software for building private and public clouds –
                      compute, storage and server library


                      Since 2008 – Apache Licence
                      Who: DSA Research Group at Complutense University of Madrid | Open
                      Nebula Community
                      What: Dynamic management of virtual infrastructures within and across
                      sites, with support for hybrid integration with public clouds



                      Since 2010 – Apache Licence
                      Who: Cloud.com | Citrix
                      What: Java based framework for managing networks of Virtual Machines




12                                                       Cloud Research and Development Center
Open Source Cloud Middleware


• Example Platform-as-a-Service Open Source:

                    Since 2010 – Apache Licence
                    Who: VMWare
                    What: Open source (free) cloud computing platform as a service (PaaS)
                    software - provides support for various services (e.g. MySQL, MongoDB,
                    etc.)




13                                                    Cloud Research and Development Center
OpenStack Architecture

                         Centralized Services


                                                                 Nova Compute
        Dashboard          Queue
                                                                 Network Worker

           API           Scheduler              DB
                                                                 Compute Worker


                                                                     Manager
                            Authentication
                                                                      Driver
                            Image Service
                                (Glance)

                                                                    Hypervisor




                            Swift_Proxy

                            Swift_Object

                             Swift_Acct
                                                     Zones
                          Swift_Container




14                                                       Cloud Research and Development Center
OVF | CIMI                 Standard /
                                                    Proprietary
                                                    Interfaces
     Service Management Interface
                                                                             Private
                                                                             Cloud




             SaaS

             PaaS


          DaaS
                       SCIM Security


                                       Management


                                                                              Hybrid
                                                                              Cloud
             IaaS
                                                    …



17                                                      Cloud Research and Development Center
Example: Open Virtualisation Format

•        DMTF standard backed by VMWare
         and XenSource which aims to offer a
         packaging mechanism in a portable
         and platform neutral way

•        The OVF descriptor is an XML-based
         document composed of three main
         parts:
          –    Description of the files included in the
               overall service (disks, ISO images,
               etc.),
          –    Meta-data for all virtual machines
               included
          –    Description of the different virtual
               machine systems.




              Develop                 Package            Distribute   Install           Manage                Retire


    18                                                                          Cloud Research and Development Center
SCIM


• Simple Cloud Identity Management (?)
• Focus on Identity Provisioning and facilitating federation
• Features:
     – Emerging open standard
     – REST API
     – Platform neutral schema.
     – SAML binding.
     – Emphasis on simplicity and interoperability: operation across organisational boundaries

• Started Q1 2011, Involves Ping, UnboundID, Salesforce, Cisco, …




19                                                              Cloud Research and Development Center
SCIM Specification Set


     REST API                            SAML Binding                   Future Binding
      CRUD Methods                        Attribute Mapping
       Endpoint URI/Attributes
       Response Codes


 Core Schema
            User, Groups, Enterprise Extensions




          REST API
           Resource              Endpoint                     HTTP Operations
           User                  /Users                       GET, POST, PUT, PATCH, DELETE
           Group                 /Groups                      GET, POST, PUT, PATCH, DELETE
           Service Provider      /ServiceProviderConfigs      GET
           Configuration
           Schema                /Schemas                     GET

           Bulk                  /Bulk                        POST




20                                                                   Cloud Research and Development Center
SCIM Use Case: User Provisioning


     Cloud Service User


                          Register


                                              HTTP Create
           SaaS                                (Identity)
                                                                                  User
     application
                                                                                  Store

                                                      201 OK
                                 SCIM
                               Consumer                         SCIM
                                                               Service
                                                               Provider

                                 User Store
                                 (LDAP,
                                 DB, etc)
                                                                                    User
                                                                                    Store




21                                                                        Cloud Research and Development Center
SCIM Use Case: User Provisioning


     Cloud Service User                                        HTTP POST /Users application/json
                                                               {
                          Register
                                                                 "schemas": ["urn:scim:schemas:core:1.0"],
                                                                 "id":"2819c223-413861904646",
                                                                 "userName":“clovis_chapman",
                                              HTTP Create
                                               (Identity)
                                                                 "externalId":“clovis",
           SaaS
                                                                 "name":{           User
     application
                                                                                    Store
                                                                     "formatted":“Clovis Chapman”,
                                                      201 OK
                                                                     "familyName":“Chapman“,
                                 SCIM                              },
                               Consumer                            SCIM
                                                                   "emails":[
                                                                  Service
                                                                 Provider
                                                                      { "value":"bjensen@example.com" },
                                                                      { "value":"babs@jensen.org" }
                                 User Store                          ]}
                                 (LDAP,
                                 DB, etc)                        …
                                                               }                      User
                                                                                   Store




22                                                                       Cloud Research and Development Center
SCIM Use Case: SSO - Just In Time Provisioning


                                                               Enterprise
                            SaaS                                  IDP


                   Login


                                   SSO Redirect




                                   SAML Response

                                      SAML Attribute Query


                                         SCIM User Identity



                   Create
                     User




23                                             Cloud Research and Development Center
Conclusions


• Cloud ecosystem is growing:
     – Applications can involve various SaaS, PaaS and IaaS offerings
     – Enabling complex workflows requires interoperability between both service and infrastructure
       providers – current silos must be removed.
     – Standards and Open Source offerings are key to encouraging adoption.


• References:
     – OpenStack - http://openstack.org/
     – OpenNebula - http://opennebula.org/
     – SCIM Standard Specification: http://www.simplecloud.info/
     – DMTF OVF: http://dmtf.org/standards/ovf




24                                                              Cloud Research and Development Center

More Related Content

What's hot

Open stack in action hp cloud openstack
Open stack in action  hp cloud  openstackOpen stack in action  hp cloud  openstack
Open stack in action hp cloud openstack
eNovance
 
Glassbeam Moves SaaS Application to the Cloud for Improved Flexibility and Lo...
Glassbeam Moves SaaS Application to the Cloud for Improved Flexibility and Lo...Glassbeam Moves SaaS Application to the Cloud for Improved Flexibility and Lo...
Glassbeam Moves SaaS Application to the Cloud for Improved Flexibility and Lo...
Keao Caindec
 
Cloud computing
Cloud computingCloud computing
Cloud computing
Med Zaibi
 
Dc architecture for_cloud
Dc architecture for_cloudDc architecture for_cloud
Dc architecture for_cloud
Alain Geenrits
 
Perfect Storm: HR in the Cloud
Perfect Storm: HR in the CloudPerfect Storm: HR in the Cloud
Perfect Storm: HR in the Cloud
Stanton Jones
 
Covmug v sphere 4.1 what's new
Covmug v sphere 4.1 what's newCovmug v sphere 4.1 what's new
Covmug v sphere 4.1 what's new
esarakaitis
 
The Enterprise Cloud: Immediate. Urgent. Inevitable.
The Enterprise Cloud: Immediate. Urgent. Inevitable.The Enterprise Cloud: Immediate. Urgent. Inevitable.
The Enterprise Cloud: Immediate. Urgent. Inevitable.
Peter Coffee
 
Cloud Tools for Connected Communities
Cloud Tools for Connected CommunitiesCloud Tools for Connected Communities
Cloud Tools for Connected Communities
Peter Coffee
 
Cisco live 2013 anything as a service david deakin
Cisco live 2013 anything as a service david deakinCisco live 2013 anything as a service david deakin
Cisco live 2013 anything as a service david deakin
OptusBusiness
 
Track 1, session 4, hcl by adarsh singh, practice head, cloud computing
Track 1, session 4, hcl by adarsh singh, practice head, cloud computingTrack 1, session 4, hcl by adarsh singh, practice head, cloud computing
Track 1, session 4, hcl by adarsh singh, practice head, cloud computing
EMC Forum India
 
Proformative:The Three Stages of Cloud Economics
Proformative:The Three Stages of Cloud EconomicsProformative:The Three Stages of Cloud Economics
Proformative:The Three Stages of Cloud Economics
Proformative, Inc.
 
Cloud Computing - Making IT Simple
 Cloud Computing - Making IT Simple Cloud Computing - Making IT Simple
Cloud Computing - Making IT Simple
Bob Rhubart
 
Presentación Carlos Spera Cablevisión Day 2010
Presentación Carlos Spera Cablevisión Day 2010Presentación Carlos Spera Cablevisión Day 2010
Presentación Carlos Spera Cablevisión Day 2010
Logicalis Latam
 
Capacity Managementand the Cloud
Capacity Managementand the CloudCapacity Managementand the Cloud
Capacity Managementand the Cloud
dannyq
 
Having the Cloud Conversation: Why the Business Architect Should Care
Having the Cloud Conversation: Why the Business Architect Should CareHaving the Cloud Conversation: Why the Business Architect Should Care
Having the Cloud Conversation: Why the Business Architect Should Care
Peter Coffee
 
Kaavo MSP Introduction 08182011
Kaavo MSP Introduction 08182011Kaavo MSP Introduction 08182011
Kaavo MSP Introduction 08182011
sams2618
 
Optimizing Cloud Computing with IPv6
Optimizing Cloud Computing with IPv6Optimizing Cloud Computing with IPv6
Optimizing Cloud Computing with IPv6
John Rhoton
 
FewebPlus @ microsoft 19 april 2010 cloud continuum
FewebPlus @ microsoft 19 april 2010 cloud continuumFewebPlus @ microsoft 19 april 2010 cloud continuum
FewebPlus @ microsoft 19 april 2010 cloud continuum
Tom Crombez
 
Business and Online Services - Ben Kepes
Business and Online Services - Ben KepesBusiness and Online Services - Ben Kepes
Business and Online Services - Ben Kepes
Intergen
 
The role of hyper-v in nist model
The role of hyper-v in nist modelThe role of hyper-v in nist model
The role of hyper-v in nist model
Alexey Bokov
 

What's hot (20)

Open stack in action hp cloud openstack
Open stack in action  hp cloud  openstackOpen stack in action  hp cloud  openstack
Open stack in action hp cloud openstack
 
Glassbeam Moves SaaS Application to the Cloud for Improved Flexibility and Lo...
Glassbeam Moves SaaS Application to the Cloud for Improved Flexibility and Lo...Glassbeam Moves SaaS Application to the Cloud for Improved Flexibility and Lo...
Glassbeam Moves SaaS Application to the Cloud for Improved Flexibility and Lo...
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Dc architecture for_cloud
Dc architecture for_cloudDc architecture for_cloud
Dc architecture for_cloud
 
Perfect Storm: HR in the Cloud
Perfect Storm: HR in the CloudPerfect Storm: HR in the Cloud
Perfect Storm: HR in the Cloud
 
Covmug v sphere 4.1 what's new
Covmug v sphere 4.1 what's newCovmug v sphere 4.1 what's new
Covmug v sphere 4.1 what's new
 
The Enterprise Cloud: Immediate. Urgent. Inevitable.
The Enterprise Cloud: Immediate. Urgent. Inevitable.The Enterprise Cloud: Immediate. Urgent. Inevitable.
The Enterprise Cloud: Immediate. Urgent. Inevitable.
 
Cloud Tools for Connected Communities
Cloud Tools for Connected CommunitiesCloud Tools for Connected Communities
Cloud Tools for Connected Communities
 
Cisco live 2013 anything as a service david deakin
Cisco live 2013 anything as a service david deakinCisco live 2013 anything as a service david deakin
Cisco live 2013 anything as a service david deakin
 
Track 1, session 4, hcl by adarsh singh, practice head, cloud computing
Track 1, session 4, hcl by adarsh singh, practice head, cloud computingTrack 1, session 4, hcl by adarsh singh, practice head, cloud computing
Track 1, session 4, hcl by adarsh singh, practice head, cloud computing
 
Proformative:The Three Stages of Cloud Economics
Proformative:The Three Stages of Cloud EconomicsProformative:The Three Stages of Cloud Economics
Proformative:The Three Stages of Cloud Economics
 
Cloud Computing - Making IT Simple
 Cloud Computing - Making IT Simple Cloud Computing - Making IT Simple
Cloud Computing - Making IT Simple
 
Presentación Carlos Spera Cablevisión Day 2010
Presentación Carlos Spera Cablevisión Day 2010Presentación Carlos Spera Cablevisión Day 2010
Presentación Carlos Spera Cablevisión Day 2010
 
Capacity Managementand the Cloud
Capacity Managementand the CloudCapacity Managementand the Cloud
Capacity Managementand the Cloud
 
Having the Cloud Conversation: Why the Business Architect Should Care
Having the Cloud Conversation: Why the Business Architect Should CareHaving the Cloud Conversation: Why the Business Architect Should Care
Having the Cloud Conversation: Why the Business Architect Should Care
 
Kaavo MSP Introduction 08182011
Kaavo MSP Introduction 08182011Kaavo MSP Introduction 08182011
Kaavo MSP Introduction 08182011
 
Optimizing Cloud Computing with IPv6
Optimizing Cloud Computing with IPv6Optimizing Cloud Computing with IPv6
Optimizing Cloud Computing with IPv6
 
FewebPlus @ microsoft 19 april 2010 cloud continuum
FewebPlus @ microsoft 19 april 2010 cloud continuumFewebPlus @ microsoft 19 april 2010 cloud continuum
FewebPlus @ microsoft 19 april 2010 cloud continuum
 
Business and Online Services - Ben Kepes
Business and Online Services - Ben KepesBusiness and Online Services - Ben Kepes
Business and Online Services - Ben Kepes
 
The role of hyper-v in nist model
The role of hyper-v in nist modelThe role of hyper-v in nist model
The role of hyper-v in nist model
 

Viewers also liked

Federated Cloud Computing
Federated Cloud ComputingFederated Cloud Computing
Federated Cloud Computing
David Wallom
 
Open Standard Based identity Provisioning System for Cloud
Open Standard Based identity Provisioning System for CloudOpen Standard Based identity Provisioning System for Cloud
Open Standard Based identity Provisioning System for Cloud
Prabath Siriwardena
 
Architecting &Building Scalable Secure Web API
Architecting &Building Scalable Secure Web APIArchitecting &Building Scalable Secure Web API
Architecting &Building Scalable Secure Web API
SHAKIL AKHTAR
 
WSO2 Charon
WSO2 CharonWSO2 Charon
WSO2 Charon
HasiniG
 
SCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is GrowingSCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is Growing
Kelly Grizzle
 
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIM
HasiniG
 
Federated Cloud Computing - The OpenNebula Experience v1.0s
Federated Cloud Computing  - The OpenNebula Experience v1.0sFederated Cloud Computing  - The OpenNebula Experience v1.0s
Federated Cloud Computing - The OpenNebula Experience v1.0s
Ignacio M. Llorente
 
SCIM 2.0 - Choose your own identity adventure
SCIM 2.0 - Choose your own identity adventureSCIM 2.0 - Choose your own identity adventure
SCIM 2.0 - Choose your own identity adventure
Kelly Grizzle
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
Kelly Grizzle
 
Measurement for Improvement
Measurement for ImprovementMeasurement for Improvement
Measurement for Improvement
Care City
 
Why you need excellent documents and how to produce them… with Enterprise Arc...
Why you need excellent documents and how to produce them… with Enterprise Arc...Why you need excellent documents and how to produce them… with Enterprise Arc...
Why you need excellent documents and how to produce them… with Enterprise Arc...
eaDocX
 
Adventures in enterprise architecture
Adventures in enterprise architectureAdventures in enterprise architecture
Adventures in enterprise architecture
Jeff Bramwell
 
Value of enterprise architecture max webinar - m fulton
Value of enterprise architecture   max webinar - m fultonValue of enterprise architecture   max webinar - m fulton
Value of enterprise architecture max webinar - m fulton
MAX Technical Training
 
SharePoint on Azure
SharePoint on Azure SharePoint on Azure
An Exploration: Moving Your Enterprise to a Cloud Collaboration
An Exploration: Moving Your Enterprise to a Cloud CollaborationAn Exploration: Moving Your Enterprise to a Cloud Collaboration
An Exploration: Moving Your Enterprise to a Cloud Collaboration
Thomas Danford
 
Introduction to Hybrid Connections
Introduction to Hybrid ConnectionsIntroduction to Hybrid Connections
Introduction to Hybrid Connections
Daniel Toomey
 
A Venture Capitalist’s View on the Start-up Ecosystem and the Cloud (SPOT202)...
A Venture Capitalist’s View on the Start-up Ecosystem and the Cloud (SPOT202)...A Venture Capitalist’s View on the Start-up Ecosystem and the Cloud (SPOT202)...
A Venture Capitalist’s View on the Start-up Ecosystem and the Cloud (SPOT202)...
Amazon Web Services
 
API Security and Management Best Practices
API Security and Management Best PracticesAPI Security and Management Best Practices
API Security and Management Best Practices
CA API Management
 
Unwired Ground-Cloud Ecosystem
Unwired Ground-Cloud EcosystemUnwired Ground-Cloud Ecosystem
Unwired Ground-Cloud Ecosystem
Ed Pimentel
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap
Raleigh ISSA
 

Viewers also liked (20)

Federated Cloud Computing
Federated Cloud ComputingFederated Cloud Computing
Federated Cloud Computing
 
Open Standard Based identity Provisioning System for Cloud
Open Standard Based identity Provisioning System for CloudOpen Standard Based identity Provisioning System for Cloud
Open Standard Based identity Provisioning System for Cloud
 
Architecting &Building Scalable Secure Web API
Architecting &Building Scalable Secure Web APIArchitecting &Building Scalable Secure Web API
Architecting &Building Scalable Secure Web API
 
WSO2 Charon
WSO2 CharonWSO2 Charon
WSO2 Charon
 
SCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is GrowingSCIM in the Real World: Adoption is Growing
SCIM in the Real World: Adoption is Growing
 
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIM
 
Federated Cloud Computing - The OpenNebula Experience v1.0s
Federated Cloud Computing  - The OpenNebula Experience v1.0sFederated Cloud Computing  - The OpenNebula Experience v1.0s
Federated Cloud Computing - The OpenNebula Experience v1.0s
 
SCIM 2.0 - Choose your own identity adventure
SCIM 2.0 - Choose your own identity adventureSCIM 2.0 - Choose your own identity adventure
SCIM 2.0 - Choose your own identity adventure
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
 
Measurement for Improvement
Measurement for ImprovementMeasurement for Improvement
Measurement for Improvement
 
Why you need excellent documents and how to produce them… with Enterprise Arc...
Why you need excellent documents and how to produce them… with Enterprise Arc...Why you need excellent documents and how to produce them… with Enterprise Arc...
Why you need excellent documents and how to produce them… with Enterprise Arc...
 
Adventures in enterprise architecture
Adventures in enterprise architectureAdventures in enterprise architecture
Adventures in enterprise architecture
 
Value of enterprise architecture max webinar - m fulton
Value of enterprise architecture   max webinar - m fultonValue of enterprise architecture   max webinar - m fulton
Value of enterprise architecture max webinar - m fulton
 
SharePoint on Azure
SharePoint on Azure SharePoint on Azure
SharePoint on Azure
 
An Exploration: Moving Your Enterprise to a Cloud Collaboration
An Exploration: Moving Your Enterprise to a Cloud CollaborationAn Exploration: Moving Your Enterprise to a Cloud Collaboration
An Exploration: Moving Your Enterprise to a Cloud Collaboration
 
Introduction to Hybrid Connections
Introduction to Hybrid ConnectionsIntroduction to Hybrid Connections
Introduction to Hybrid Connections
 
A Venture Capitalist’s View on the Start-up Ecosystem and the Cloud (SPOT202)...
A Venture Capitalist’s View on the Start-up Ecosystem and the Cloud (SPOT202)...A Venture Capitalist’s View on the Start-up Ecosystem and the Cloud (SPOT202)...
A Venture Capitalist’s View on the Start-up Ecosystem and the Cloud (SPOT202)...
 
API Security and Management Best Practices
API Security and Management Best PracticesAPI Security and Management Best Practices
API Security and Management Best Practices
 
Unwired Ground-Cloud Ecosystem
Unwired Ground-Cloud EcosystemUnwired Ground-Cloud Ecosystem
Unwired Ground-Cloud Ecosystem
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap
 

Similar to Towards a Federated Cloud Ecosystem

Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference Architecture
Bob Rhubart
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
Govind Maheswaran
 
Cloud + Soa: Enterprise Service Platform
Cloud + Soa: Enterprise Service PlatformCloud + Soa: Enterprise Service Platform
Cloud + Soa: Enterprise Service Platform
victorlbrown
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
Nazish Mohammed
 
Cloud Computing 101
Cloud Computing 101Cloud Computing 101
Cloud Computing 101
Kamal Arora
 
Virtualization Into Cloud
Virtualization Into CloudVirtualization Into Cloud
Virtualization Into Cloud
IBM India Smarter Computing
 
MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101
MISA Ontario Cloud SIG
 
Cloud computing in south africa reality or fantasy
Cloud computing in south africa   reality or fantasyCloud computing in south africa   reality or fantasy
Cloud computing in south africa reality or fantasy
Samantha James
 
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Eucalyptus Systems, Inc.
 
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Eucalyptus Systems, Inc.
 
An enterprise journey in the Cloud
An enterprise journey in the CloudAn enterprise journey in the Cloud
An enterprise journey in the Cloud
Raghuraman Balachandran
 
Cloud computing
Cloud computing Cloud computing
Cloud computing
ananyaakk
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010   Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010   Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
ptaglephd
 
Cloud Computing at UTM Shillong
Cloud Computing at UTM ShillongCloud Computing at UTM Shillong
Cloud Computing at UTM Shillong
Capgemini
 
Using a private cloud to automate and govern enterprise development
Using a private cloud to automate and govern enterprise developmentUsing a private cloud to automate and govern enterprise development
Using a private cloud to automate and govern enterprise development
WSO2
 
Deadly Sins Bcs Elite
Deadly Sins Bcs EliteDeadly Sins Bcs Elite
Deadly Sins Bcs Elite
Jon G. Hall
 
Hot Cloud Companies: Tap In Systems - The Problem: Managing Cloud Complexities
Hot Cloud Companies: Tap In Systems - The Problem: Managing Cloud ComplexitiesHot Cloud Companies: Tap In Systems - The Problem: Managing Cloud Complexities
Hot Cloud Companies: Tap In Systems - The Problem: Managing Cloud Complexities
OpSource
 
JISC11_Cloud Solutions Henry Hughes
JISC11_Cloud Solutions Henry HughesJISC11_Cloud Solutions Henry Hughes
JISC11_Cloud Solutions Henry Hughes
Jisc
 
Cloud computing ppt_0
Cloud computing ppt_0Cloud computing ppt_0
Cloud computing ppt_0
Bishnupriya Dash
 
Building A Cloud Platform
Building A Cloud PlatformBuilding A Cloud Platform
Building A Cloud Platform
WSO2
 

Similar to Towards a Federated Cloud Ecosystem (20)

Oracle Cloud Reference Architecture
Oracle Cloud Reference ArchitectureOracle Cloud Reference Architecture
Oracle Cloud Reference Architecture
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
 
Cloud + Soa: Enterprise Service Platform
Cloud + Soa: Enterprise Service PlatformCloud + Soa: Enterprise Service Platform
Cloud + Soa: Enterprise Service Platform
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Cloud Computing 101
Cloud Computing 101Cloud Computing 101
Cloud Computing 101
 
Virtualization Into Cloud
Virtualization Into CloudVirtualization Into Cloud
Virtualization Into Cloud
 
MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101
 
Cloud computing in south africa reality or fantasy
Cloud computing in south africa   reality or fantasyCloud computing in south africa   reality or fantasy
Cloud computing in south africa reality or fantasy
 
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast Great Chance of Hybrid Clouds
 
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid CloudsBe Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
Be Prepared for Tomorrow's IT Forecast: Great Chance of Hybrid Clouds
 
An enterprise journey in the Cloud
An enterprise journey in the CloudAn enterprise journey in the Cloud
An enterprise journey in the Cloud
 
Cloud computing
Cloud computing Cloud computing
Cloud computing
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010   Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010   Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
 
Cloud Computing at UTM Shillong
Cloud Computing at UTM ShillongCloud Computing at UTM Shillong
Cloud Computing at UTM Shillong
 
Using a private cloud to automate and govern enterprise development
Using a private cloud to automate and govern enterprise developmentUsing a private cloud to automate and govern enterprise development
Using a private cloud to automate and govern enterprise development
 
Deadly Sins Bcs Elite
Deadly Sins Bcs EliteDeadly Sins Bcs Elite
Deadly Sins Bcs Elite
 
Hot Cloud Companies: Tap In Systems - The Problem: Managing Cloud Complexities
Hot Cloud Companies: Tap In Systems - The Problem: Managing Cloud ComplexitiesHot Cloud Companies: Tap In Systems - The Problem: Managing Cloud Complexities
Hot Cloud Companies: Tap In Systems - The Problem: Managing Cloud Complexities
 
JISC11_Cloud Solutions Henry Hughes
JISC11_Cloud Solutions Henry HughesJISC11_Cloud Solutions Henry Hughes
JISC11_Cloud Solutions Henry Hughes
 
Cloud computing ppt_0
Cloud computing ppt_0Cloud computing ppt_0
Cloud computing ppt_0
 
Building A Cloud Platform
Building A Cloud PlatformBuilding A Cloud Platform
Building A Cloud Platform
 

Recently uploaded

Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
maigasapphire
 
Pigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending PlantPigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending Plant
LINUS PROJECTS (INDIA)
 
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
Edge AI and Vision Alliance
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
SynapseIndia
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
Figma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdfFigma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdf
Management Institute of Skills Development
 
CiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.pptCiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.ppt
moinahousna
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Networks
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
BrainSell Technologies
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
Steven Carlson
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
huseindihon
 
Uncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in LibrariesUncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in Libraries
Brian Pichman
 
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes..."Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
Anant Gupta
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
Jimmy Lai
 
Sonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdfSonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdf
SubhamMandal40
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
HackersList
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
aakash malhotra
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
KAMAL CHOUDHARY
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
bhumivarma35300
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
Tatiana Al-Chueyr
 

Recently uploaded (20)

Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
 
Pigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending PlantPigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending Plant
 
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
Figma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdfFigma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdf
 
CiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.pptCiscoIconsLibrary cours de réseau VLAN.ppt
CiscoIconsLibrary cours de réseau VLAN.ppt
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
 
Uncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in LibrariesUncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in Libraries
 
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes..."Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
 
Sonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdfSonkoloniya documentation - ONEprojukti.pdf
Sonkoloniya documentation - ONEprojukti.pdf
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
 

Towards a Federated Cloud Ecosystem

  • 1. Towards a Federated Cloud Ecosystem Clovis Chapman, Dell Cloud R&D Clovis_Chapman@dell.com 1
  • 2. NIST Definition “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. “ 2 Cloud Research and Development Center
  • 3. NIST Definition of Cloud Computing Broad network Measured On-demand Rapid elasticity access Access self service Essential Characteristics Resource Pooling Software as a Platform as a Infrastructure as Service Models Service (SaaS) Service (PaaS) a Service (IaaS) Com- Deployment Public Private Hybrid munity Models 3 Cloud Research and Development Center
  • 4. Elastic Resource Provisioning Under-provisioning Traditional IT provisioning  Risks of overprovisioning (under-utilisation) or under- provisioning (saturation).  Real world estimates of server utilisation 5% to 20%  Upfront capital expense and slow capacity adjustment Over-provisioning Fully Cloud hosted solution Resource Capacity  Usage-based pricing  Risk of misestimating workload shifted from service provider to cloud provider Hybrid Solution  “Cloud bursting”  Leverage existing assets: performance and cost management Usage Capacity Forecast Time 4 Cloud Research and Development Center
  • 5. Enterprise Cloud Requirements Commodity Clouds VS Data Center Designed for: Designed for: • Self-service oriented • Proprietary, customised environment • Low prices - inexpensive entry point • Organisation level scale • Volume operations • Single tenant with full control • Ecosystem of applications and tenants • Dedicated support Applications: Applications: • Design for failure • Resilience: N+1 • Horizontal scaling • Vertical scaling • Weak SLAs that do not cover all resource types • Dedicated resources • Shared network and data • 4 or 5 nine availability Examples: Amazon AWS and EC2 (IaaS) /Google AppEngine (PaaS) Enterprise Cloud 5 Cloud Research and Development Center
  • 6. Key Challenges • Scalability – Developing/Re-engineering applications to scale – Means of exploiting application structural information for elasticity • Resource Utilisation – Capacity planning: Balancing overprovisioning/performance – Infrastructure to monitor, supervise and control • Vendor lock-in – Strong divergences in (proprietary) interfaces: image formats, APIs etc. – Requires re-developing applications 6 Cloud Research and Development Center
  • 7. Key Challenges • Quality of Service and Service Level Agreements – Performance stability and homogeneity of shared resources (disk, network, etc) – Relationship between application level SLAs and Cloud SLAs – “4 or 5 nine” SLAs: increased amounts of redundancy • Security – Modeling overall security profile – Data protection, privacy • Compliance, Governance, Regulation – It auditing: “The process of collecting and evaluating evidence to determine whether a computer system (information system) safegaurds assets, maintains data integrity, achieves organisation goals effectively and consumes resources effectively.” – Need audit tracking for business processes that may span multiple providers 7 Cloud Research and Development Center
  • 8. Services delivery model  License model (per server)  Managed by the customer: • Infrastructure and deployment costs Software as • Upgrade costs/training … product  Pay per use subscription model Public  Managed by the service provider: SaaS Cloud • Cost of remote access Software as service  Composite Services Public  Focused on the business process: Cloud Public • Multiple service providers involved SaaS SaaS Cloud Business • Potential combination of local and cloud resources Services Private data center 8 Cloud Research and Development Center
  • 9. Identity and Access Management • Identity Provisioning – Secure and timely management of on-boarding (provisioning) and off-boarding (de-provisioning) of users in the cloud. – Extending enterprise user management processes to the cloud. – Existing standards: SPML, WS-provisioning, SCIM • Authentication – Organizations must address authentication-related challenges such as credential management, strong authentication, delegated authentication, and managing trust across all types of cloud services • Access Control – The requirements for user profiles and access control policy vary, depending on whether the user is acting on their own behalf (such as a consumer) or as a member of an organization (such as an employer, university, hospital, or other enterprise). – The access control requirements in SPI environments include establishing trusted user profile and policy information, using it to control access within the cloud service, and sdoing this in an auditable way – Existing standards: XACML • Identity Federation – Federated Identity Management plays a vital role in enabling organizations to authenticate their users of cloud services using the organization’s chosen identity provider – Existing standards: SAML Based WS-Trust & SSO, OpenID, OAuth 9 Cloud Research and Development Center
  • 10. Example: N-tier Architecture Mobile Browser API access Load balancing Web Servers Application Cloudbursting Servers Data Access layer Public Cloud Other LDAP SaaS User Store 10 Cloud Research and Development Center
  • 11. Key Enablers • Open-source Cloud platforms: – Technology transfer instrument across domains and communities, – Encourage wider interoperability between solutions – open APIs, etc. – Increased degree of transparency › Visibility into roadmap/objectives › Increased predictability for end-user service delivery • Cloud Computing Standards – Interoperability across products and organisational boundaries – Portability across vendors – Concerns: Landscape is still changing / Numerous emerging standards 11 Cloud Research and Development Center
  • 12. Open Source Cloud Middleware • Example Infrastructure-as-a-Service clouds: Since 2010 – Apache Licence Who: Started by NASA and Rackspace, now a multi-vendor consortium (including Dell) What: Collection of software for building private and public clouds – compute, storage and server library Since 2008 – Apache Licence Who: DSA Research Group at Complutense University of Madrid | Open Nebula Community What: Dynamic management of virtual infrastructures within and across sites, with support for hybrid integration with public clouds Since 2010 – Apache Licence Who: Cloud.com | Citrix What: Java based framework for managing networks of Virtual Machines 12 Cloud Research and Development Center
  • 13. Open Source Cloud Middleware • Example Platform-as-a-Service Open Source: Since 2010 – Apache Licence Who: VMWare What: Open source (free) cloud computing platform as a service (PaaS) software - provides support for various services (e.g. MySQL, MongoDB, etc.) 13 Cloud Research and Development Center
  • 14. OpenStack Architecture Centralized Services Nova Compute Dashboard Queue Network Worker API Scheduler DB Compute Worker Manager Authentication Driver Image Service (Glance) Hypervisor Swift_Proxy Swift_Object Swift_Acct Zones Swift_Container 14 Cloud Research and Development Center
  • 15. OVF | CIMI Standard / Proprietary Interfaces Service Management Interface Private Cloud SaaS PaaS DaaS SCIM Security Management Hybrid Cloud IaaS … 17 Cloud Research and Development Center
  • 16. Example: Open Virtualisation Format • DMTF standard backed by VMWare and XenSource which aims to offer a packaging mechanism in a portable and platform neutral way • The OVF descriptor is an XML-based document composed of three main parts: – Description of the files included in the overall service (disks, ISO images, etc.), – Meta-data for all virtual machines included – Description of the different virtual machine systems. Develop Package Distribute Install Manage Retire 18 Cloud Research and Development Center
  • 17. SCIM • Simple Cloud Identity Management (?) • Focus on Identity Provisioning and facilitating federation • Features: – Emerging open standard – REST API – Platform neutral schema. – SAML binding. – Emphasis on simplicity and interoperability: operation across organisational boundaries • Started Q1 2011, Involves Ping, UnboundID, Salesforce, Cisco, … 19 Cloud Research and Development Center
  • 18. SCIM Specification Set REST API SAML Binding Future Binding CRUD Methods Attribute Mapping Endpoint URI/Attributes Response Codes Core Schema User, Groups, Enterprise Extensions REST API Resource Endpoint HTTP Operations User /Users GET, POST, PUT, PATCH, DELETE Group /Groups GET, POST, PUT, PATCH, DELETE Service Provider /ServiceProviderConfigs GET Configuration Schema /Schemas GET Bulk /Bulk POST 20 Cloud Research and Development Center
  • 19. SCIM Use Case: User Provisioning Cloud Service User Register HTTP Create SaaS (Identity) User application Store 201 OK SCIM Consumer SCIM Service Provider User Store (LDAP, DB, etc) User Store 21 Cloud Research and Development Center
  • 20. SCIM Use Case: User Provisioning Cloud Service User HTTP POST /Users application/json { Register "schemas": ["urn:scim:schemas:core:1.0"], "id":"2819c223-413861904646", "userName":“clovis_chapman", HTTP Create (Identity) "externalId":“clovis", SaaS "name":{ User application Store "formatted":“Clovis Chapman”, 201 OK "familyName":“Chapman“, SCIM }, Consumer SCIM "emails":[ Service Provider { "value":"bjensen@example.com" }, { "value":"babs@jensen.org" } User Store ]} (LDAP, DB, etc) … } User Store 22 Cloud Research and Development Center
  • 21. SCIM Use Case: SSO - Just In Time Provisioning Enterprise SaaS IDP Login SSO Redirect SAML Response SAML Attribute Query SCIM User Identity Create User 23 Cloud Research and Development Center
  • 22. Conclusions • Cloud ecosystem is growing: – Applications can involve various SaaS, PaaS and IaaS offerings – Enabling complex workflows requires interoperability between both service and infrastructure providers – current silos must be removed. – Standards and Open Source offerings are key to encouraging adoption. • References: – OpenStack - http://openstack.org/ – OpenNebula - http://opennebula.org/ – SCIM Standard Specification: http://www.simplecloud.info/ – DMTF OVF: http://dmtf.org/standards/ovf 24 Cloud Research and Development Center