Cloud Computing Certification Training

3,420 views

Published on

Cloud Computing is the trend of the day. Owing to various benefits, organizations are moving towards cloud applications and services. To cope up with the changing market scenario, knowledge on cloud computing has become a necessity. A cloud computing certification is a globally acknowledge credential that validates one’s knowledge on cloud applications and services. Simplilearn brings to you online cloud computing training program that lets you prepare for the Cloud Computing foundation exam at your pace and from your own place. This presentation on Cloud Computing covers all the basic cloud topics. This is prepared by our highly qualified and certified trainers. Each slide covers important topics like types of cloud services, applications and advantages of cloud implementation in industries. Get an understanding of Cloud Computing topics through these slides. Also get better training insights from the cited examples and practice questions. Improve your knowledge on Cloud Computing with Simplilearn and make us a part of your success story.

Published in: Education
  • Be the first to comment

Cloud Computing Certification Training

  1. 1. Cloud Computing FoundationAn Introduction to Could Computing Training by Simplilearn
  2. 2. Agenda• Introduction• History of Cloud computing• Foundational Elements of Cloud Computing• Principles of Cloud Computing• Cloud Computing Security• Secure Cloud Migration Paths• Using the Cloud• Implementing and Supporting the Cloud• Managing Cloud Computing• Evaluation of Cloud Computing• Cloud Computing Case Studies and Security Models
  3. 3. 1. Introduction
  4. 4. Course objectives• Fundamental concepts of the cloud computing platform: – Deployment – Architecture – Design• What made cloud possible• Pro’s and cons, benefits and risks• Standards and best practices
  5. 5. What you will learn?After completing this course, you will be able to:•Identify essential elements•Describe the pros and cons•Understand the business case for going to the cloud•Describe how to build a cloud network•Understand virtualization architecture•Describe security and privacy issues•Understand federation and presence•Describe cloud computing standards and best practices•Describe how mobile devices can be used in the cloud
  6. 6. Overview 6
  7. 7. The NIST Cloud Definition Framework Hybrid CloudsDeploymentModels Private Community Public Cloud Cloud CloudService Software as a Platform as a Infrastructure as aModels Service (SaaS) Service (PaaS) Service (IaaS) On Demand Self-ServiceEssential Broad Network Access Rapid ElasticityCharacteristics Resource Pooling Measured Service Massive Scale Resilient ComputingCommon Homogeneity Geographic DistributionCharacteristics Virtualization Service Orientation Low Cost Software Advanced Security Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com 7
  8. 8. History of Cloud ComputingObjective:•Exploring the history of shared computing and the technological, economic, organizational enablers for Cloud Computing•To learn about how technologies evolved from cluster , grid and virtualization into cloud computing•To learn about datacenter architectures of grid, utility and virtual machines 8
  9. 9. History of Cloud computing In principle, there were Cluster Computing  for load balancing Grid computing  many computers in a network solve a single problem Utility computing  packaging of computing resources, such as computation, storage and services, as a metered service Virtualization  decouple software and hardware
  10. 10. Trends* distributed * grid computing * utility computing * cloud computingcomputing * distributed computing * grid computing * utility computing * cloud computing 10
  11. 11. EXAMPLES• Amazon • Elastic Compute Cloud (EC2) • Simple Storage Service (S3)• Google’s App Engine• Microsoft • Windows Azure • Microsoft SQL Services • Microsoft .NET Services • Live Services • Microsoft SharePoint Services and Microsoft Dynamics CRM Services 12
  12. 12. Example 1: Amazon Cloud • Amazon cloud components • Elastic Compute Cloud (EC2) • Simple Storage Service (S3) • SimpleDB • New Features • Availability zones • Place applications in multiple locations for failovers • Elastic IP addresses • Static IP addresses that can be dynamically remapped to point to different instances (not a DNS change) 13
  13. 13. Amazon Cloud Users: New York Times and Nasdaq (4/08)• Both companies used Amazon’s cloud offering• New York Times – Didn’t coordinate with Amazon, used a credit card! – Used EC2 and S3 to convert 15 million scanned news articles to PDF (4TB data) – Took 100 Linux computers 24 hours (would have taken months on NYT computers – “It was cheap experimentation, and the learning curve isnt steep.” – Derrick Gottfrid, Nasdaq• Nasdaq – Uses S3 to deliver historic stock and fund information – Millions of files showing price changes of entities over 10 minute segments – “The expenses of keeping all that data online *in Nasdaq servers+ was too high.” – Claude Courbois, Nasdaq VP – Created lightweight Adobe AIR application to let users view data 14
  14. 14. Example 2: IBM-Google Cloud• “Google and IBM plan to roll out a worldwide network of servers for a cloud computing infrastructure” – Infoworld• Initiatives for universities• Architecture – Open source • Linux hosts • Xen virtualization (virtual machine monitor) • Apache Hadoop (file system) – “open-source software for reliable, scalable, distributed computing” – IBM Tivoli Provisioning Manager 15
  15. 15. Example 3: Microsoft Azure ServicesSource: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das 16
  16. 16. Windows Azure Applications,Storage and Roles n m LB Web Role Worker Role Cloud Storage (blob, table, queue) Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das 17
  17. 17. Grid Computing• Distributed parallel processing across a network• Key concept: “the ability to negotiate resource-sharing arrangements”• Characteristics of grid computing – Coordinates independent resources – Uses open standards and interfaces – Quality of service – Allows for heterogeneity of computers – Distribution across large geographical boundaries – Loose coupling of computers 18
  18. 18. Grid Computing
  19. 19. 20
  20. 20. Utility computing•Originally, time-sharing access to mainframe (1960’s)•“Rediscovered” in late 1990’s as alternative to building and running yourown datacenter – build large datacenter and rent access to customers Sun, IBM, HP, Intel, and many others built datacenters and rented access to servers•1990’s usage model: Long legal negotiations with strong service guarantees Long-term contracts (monthly/yearly) Approx. $1/hour pricing per physical computer•Overall, this model was not commercially viable!
  21. 21. Utility Computing• “Computing may someday be organized as a public utility” - John McCarthy, MIT Centennial in 1961• Huge computational and storage capabilities available from utilities• Metered billing (pay for what you use)• Simple to use interface to access the capability (e.g., plugging into an outlet) 22
  22. 22. Virtualization • Creation of a virtual (rather than actual) version of something, such as a hardware platform, operating system, a storage device or network resources. o Abstraction layer that decouples computation from physical resource • Motivations o Resource sharing with security and isolation  Similar to multi-user/multi-programming o Ease of management  Virtual machines (bits) vs.. physical resources (hardware)  E.g.: start/stop, clone, migrate, suspend an entire virtual machine  As flour is to a cookie, virtualization is to a cloud 23
  23. 23. Cloud Enabling Technology: Virtualization Traditional and Virtualized stack App App App App App App OS OS OS Operating System Hypervisor Hardware Hardware Traditional Stack Virtualized Stack
  24. 24. Many Types of Virtualization• Full virtualization• Hardware-assisted virtualization (IBM S/370, Intel VT, or AMD-V)• Para-virtualization• Operating System virtualization
  25. 25. Modern OS Virtualization• Hardware-assisted virtualization is a key technological enabler for Cloud Computing – Provides complete isolation on commodity (low-cost) platforms – Enables multiplexing of many users onto single server• Key contribution is minimal performance overhead (few percent) versus non-virtualized – However, high I/O applications incur many VM traps (high CPU overhead), limiting scalability and efficiency• Challenge: true performance isolation for multiple applications – Many dimensions! (more in research discussion)
  26. 26. Enterprise Software RevolutionSoftware as a Service (SaaS)• SaaS is hosting applications on the Internet as a service (both consumer and enterprise)• Jon Williams, CTO of Kaplan Test Prep on SaaS – “I love the fact that I dont need to deal with servers, staging, version maintenance, security, performance”• Eric Knorr with Computerworld says that “*there is an+ increasing desperation on the part of IT to minimize application deployment and maintenance hassles” 27
  27. 27. Three Features ofMature SaaS Applications• Scalable – Handle growing amounts of work in a graceful manner• Multi-tenancy – One application instance may be serving hundreds of companies – Opposite of multi-instance where each customer is provisioned their own server running one instance• Metadata driven configurability – Instead of customizing the application for a customer (requiring code changes), one allows the user to configure the application through metadata 28 28
  28. 28. SaaS Maturity Levels• Level 1: Ad-Hoc/Custom• Level 2: Configurable• Level 3: Configurable, Multi- Tenant-Efficient• Level 4: Scalable, Configurable, Mu lti-Tenant-Efficient 29 29 Source: Microsoft MSDN Architecture Center
  29. 29. Examples of Companies offering SaaSThere are dozens of companies offering SaaS.•Intuit QuickBooks •conventional application for tracking business accounting. With the addition of QuickBooks online, accounting has moved to the cloud.•Google Apps •suite of applications that includes Gmail webmail services, Google Calendar shared calendaring, Google Talk instant messaging and Voice over IP
  30. 30. QUESTIONS1. What is cloud computing?2. What are the differences between grid, virtualization and cloud computing. 31
  31. 31. Foundational Elements of Cloud ComputingObjective: To learn about the Technological enablers and Economicenablers of cloud computing 32
  32. 32. Foundational Elementsof Cloud Computing Primary Technologies Other Technologies• Virtualization • Autonomic Systems• Grid technology • Web application frameworks• Service Oriented Architectures • Service Level Agreements• Distributed Computing• Broadband Networks• Browser as a platform• Free and Open Source Software 33
  33. 33. Service Level Agreements (SLAs)• Contract between customers and service providers of the level of service to be provided• Contains performance metrics (e.g., uptime, throughput, response time)• Problem management details• Documented security capabilities• Contains penalties for non-performance 34
  34. 34. Autonomic System Computing• Complex computing systems that manage themselves• Decreased need for human administrators to perform lower level tasks• Autonomic properties: Purposeful, Automatic, Adaptive, Aware• IBM’s 4 properties: self-healing, self-configuration, self-optimization, and self-protection IT labor costs are 18 times that of equipment costs. The number of computers is growing at 38% each year. 35
  35. 35. Platform Virtualization• Host operating system provides an abstraction layer for running virtual guest OSs• Key is the “hypervisor” or “virtual machine monitor” – Enables guest OSs to run in isolation of other OSs – Run multiple types of OSs• Increases utilization of physical servers• Enables portability of virtual servers between physical servers• Increases security of physical host server 36
  36. 36. Web Services• Web Services – Self-describing and stateless modules that perform discrete units of work and are available over the network – “Web service providers offer APIs that enable developers to exploit functionality over the Internet, rather than delivering full-blown applications.” – Info world – Standards based interfaces (WS-I Basic Profile) • e.g., SOAP, WSDL, WS-Security • Enabling state: WS-Transaction, Choreography – Many loosely coupled interacting modules form a single logical system (e.g., legos) 37 37
  37. 37. Service Oriented Architectures• Service Oriented Architectures – Model for using web services • service requestors, service registry, service providers – Use of web services to compose complex, customizable, distributed applications – Encapsulate legacy applications – Organize stove piped applications into collective integrated services – Interoperability and extensibility 38
  38. 38. Web application frameworks• Coding frameworks for enabling dynamic web sites – Streamline web and DB related programming operations (e.g., web services support) – Creation of Web 2.0 applications• Supported by most major software languages• Example capabilities – Separation of business logic from the user interface (e.g., Model-view- controller architecture) – Authentication, Authorization, and Role Based Access Control (RBAC) – Unified APIs for SQL DB interactions – Session management – URL mapping• Wikipedia maintains a list of web application frameworks 39
  39. 39. Free and Open Source Software• External ‘mega-clouds’ must focus on using their massive scale to reduce costs• Usually use free software – Proven adequate for cloud deployments – Open source – Owned by provider• Need to keep per server cost low – Simple commodity hardware • Handle failures in software 40
  40. 40. Public Statistics on Cloud Economics 41
  41. 41. Cost of Traditional Data Centers• 11.8 million servers in data centers• Servers are used at only 15% of their capacity• 800 billion dollars spent yearly on purchasing and maintaining enterprise software• 80% of enterprise software expenditure is on installation and maintenance of software• Data centers typically consume up to 100 times more per square foot than a typical office building• Average power consumption per server quadrupled from 2001 to 2006.• Number of servers doubled from 2001 to 2006 42
  42. 42. Energy Conservation and Data Centers• Standard 9000 square foot costs $21.3 million to build with $1 million in electricity costs/year• Data centers consume 1.5% of our Nation’s electricity (EPA) – .6% worldwide in 2000 and 1% in 2005• Green technologies can reduce energy costs by 50%• IT produces 2% of global carbon dioxide emissions 43
  43. 43. Cloud Economics• Estimates vary widely on possible cost savings• “If you move your data Centre to a cloud provider, it will cost a tenth of the cost.” – Brian Gammage, Gartner Fellow• Use of cloud applications can reduce costs from 50% to 90% - CTO of Washington D.C.• IT resource subscription pilot saw 28% cost savings - Alchemy Plus cloud (backing from Microsoft)• Preferred Hotel – Traditional: $210k server refresh and $10k/month – Cloud: $10k implementation and $16k/month 44
  44. 44. 2. Principles of Cloud Computing
  45. 45. 2.1THE CONCEPT OF CLOUDCOMPUTING
  46. 46. Overview 47
  47. 47. Cloud Computing: Examples• Examples – webmail, web based office tools – customer relation management tools (CRM), backup services – drop box, slide share, Wikispaces, social media – online games
  48. 48. What is Cloud Computing“Clouds are a large pool of easily usable and accessible virtualized resources(such as hardware, development platforms and/or services).These resources can be dynamically reconfigured to adjust to a variable load(scale), allowing also for an optimum resource utilization.This pool of resources is typically exploited by a pay-per-use model in whichguarantees are offered by the Infrastructure Provider by means of customizedSLAs.” (ACM, Association of Computing Machinery)
  49. 49. Key notions in Cloud Computing• Service based• Uses internet technologies• Scalable and elastic• Shared• Metered by use• Virtualized resources “Cloud computing is not a product you buy. It’s not a SKU. It’s not a technology. It’s an IT delivery model.” (Mike Martin, Director of Cloud Computing for Logicalis)
  50. 50. Virtualization It does not matter where hardware, applications or data is located in the cloud, as long as we can access and use it.
  51. 51. Key Features of Virtualization• Flexibility• Deployability• Elasticity• Centralization of resources• Memory and processor requirements• Failover capabilities• Features continue to emerge
  52. 52. The Cloud and Collaboration• Reach extender – to suppliers and customers• Communication enabler, enhancing communication with: – suppliers – customers – employees• Employee enabler – less travel time – virtual office access – just-in-time access
  53. 53. Public, Private and Hybrid Clouds
  54. 54. 2.2THE EVOLUTION OFCLOUD COMPUTING
  55. 55. Overview
  56. 56. Standalone MainframesBenefits Limitations• Dedicated Hardware for • Limited memory single tasks • Limited storage• Multitasking and time- • Expensive sharing • Difficult deployment• Early virtualization and multi-processing
  57. 57. Communication SystemsTwo forms Uses• Dedicated leased line • Time sharing services• Dial-up • Multitasking operating systems • Dumb tubes • Communication controllers • Remote terminal access • Remote Job Entry
  58. 58. Minicomputers • Smaller • Less expensive • Multi-user • Mulri-tasking • Proprietary and ‘standard’ operating systems (UNIX) • Expanded communication (including LANs)
  59. 59. Local Area Networking
  60. 60. Microcomputers • Even smaller • Single user • Rudimentary operating system • Limited memory and storage
  61. 61. Internet• Initial goals – Reliable communication • Even in the event of partial equipment or network failure – Connectivity • With different types of computer and operating systems – Cooperative effort • Not a monopoly• International, world-wide network
  62. 62. Virtualization• Virtualization is not a new concept• Around since the 1970s in mainframe environments Example: 1972 IBM VM/370
  63. 63. The Cloud
  64. 64. Internet Vision “As of now, computer networks are still in their infancy. But as they grow up and become more sophisticated, we will probably see the spread of computer utilities which, like present electric and telephone utilities, will service individual homes and offices across the country’’ Leonard Kleinrock, 1969
  65. 65. Managed Services Provider Modelto Cloud Computing and SaaSEarly managed networks Evolution• Frame Relay • High-speed• ATM • High-bandwidth internet• Proprietary protocols • Standard protocols • Standard services
  66. 66. What’s Next in Cloud Computing?• The cloud may never mature• Thin client based access• General purpose applications in the cloud
  67. 67. 2.3CLOUD COMPUTINGARCHITECTURES
  68. 68. Overview
  69. 69. Cloud Computing Architecture
  70. 70. Single Purpose Architectures Migrate toMultipurpose ArchitecturesSingle-purpose Multipurpose• Mainframe • Any application on any• General applications server• Time-sharing • Interface to large storage• Airline reservations • Interface to large computers
  71. 71. Service-Oriented Architectures• Single service functions• Services loosely coupled• Services can be used by different applications
  72. 72. Cloud ServicesCloud service offerings: – CaaS (Communication-as-a-Service) – SaaS (Software-as-a-Service) – PaaS (Platform-as-a-Service) – IaaS (Infrastructure-as-a Service) – MaaS (Monitoring-as-a-Service)
  73. 73. Communication-as-a-Service • Offsite communications service provider • Voice over IP • Instant messaging • Video teleconferencing
  74. 74. Software-as-a-Service• Software hosted offsite • Little or no change to• As-is software package application• Vendor has high • User has little flexibility knowledgeable level • User locked into• Mash-up or plug-in vendor• External software used with internal applications (hybrid cloud)
  75. 75. Platform-as-a-Service• Remote application development• Remote application support• Portability among vendors• Lower cost of development
  76. 76. Infrastructure-as-a-Service • Hardware service providers (HaaS) • Rent what you need • Servers • Network equipment • (Virtual) CPU availability • Storage • Hosting companies
  77. 77. Monitoring-as-a-Service• External monitoring services• Servers• Disk utilization• Applications• Networking• Specialized skill set
  78. 78. Tiered Architecture
  79. 79. Server Virtualization Architectures• The Hypervisor• Virtualization as the Operating System• Virtualization with a host Operating System
  80. 80. The Hypervisor• AKA: Virtual Machine Monitor (VMM)• The foundation of virtualization• Interfaces with hardware – Replace the operating system – Intercept system calls – Operate with the operating system – Hardware isolation – Multi-environment protection
  81. 81. Virtualization as the ‘Operating System’ Application Application Application Programs Programs Programs Guest Operating Guest Operating Guest Operating System System System Hypervisor Virtual Operating Environment Hardware Type 1 Hypervisors are seen as the principle operating system.
  82. 82. Virtualization with a Host Operating System Application Application Application Programs Programs Programs Guest Operating Guest Operating Guest Operating System System System Hypervisor Virtualization Layer Host Operating System Hardware
  83. 83. Data Center Architecture for Cloud• Communications capacity• Public Internet• Private Intranet & Private Cloud• Routing to the datacenter• Moving data within the local datacenter• Bandwidth• Security
  84. 84. 2.4BENEFITS AND LIMITATIONSOF CLOUD COMPUTING
  85. 85. Overview
  86. 86. Cloud Computing Benefits• Reduced Costs• Increased storage• Highly automated• Flexibility• More mobility• Allows IT to shift focus• Going Green• Keeping things up to date
  87. 87. Cloud Computing Limitations• Security – Is data adequately protected? – Is it hacker proofed?• Data location and privacy – Where is it stored? – Regulatory concerns• Internet dependency – Bandwidth and latency• Availability and service levels – SLA requirements• Enterprise application migration
  88. 88. Exercises – Quiz1. Which of the following is not a cloud deployment model? a) Private b) Protected c) Public d) Hybrid e) Community2. Which of the following is not an essential characteristic of cloud computing? a) Free b) Scalable c) Virtualized d) On demand e) Metered
  89. 89. Exercises – Quiz3. Which of the following is not a cloud architecture? a) IaaS b) PaaS c) HaaS d) SaaS4. Which of the following is a benefit of using cloud computing? a) Security b) Availability c) Compliance d) Bandwidth guarantees e) Reduced costs
  90. 90. Exercises – Quiz5. In this model, formerly known as hardware as a service(HaaS), an organization outsources business components suchas servers, storage and networking equipment. What is it? a) Infrastructure as a Service (IaaS) b) Platform-as-a-Service (PaaS) c) Software-as-a-Service (SaaS) d) None of the above6. Infrastructure as a Service (IaaS) provides: a) Servers b) Storage c) Network equipment d) All the above
  91. 91. Exercises – Quiz7. What is Cloud Computing replacing? a) Corporate data centers b) Expensive personal computer hardware c) Expensive software upgrades d) All of the above8. The hypervisor is also know as a) Virtual Machine Monitor b) Middleware c) Both of the above d) None of the above9. The "Cloud" in cloud computing represents what? a) Wireless b) Hard drives c) People d) Internet
  92. 92. Cloud Computing SecurityObjective : to learn about the security risks and advantages of the cloud 93
  93. 93. Security is the Major Issue 94
  94. 94. Cloud Security Challenges • Data dispersal and international privacy laws • EU Data Protection Directive and U.S. Safe Harbor program • Exposure of data to foreign government and data subpoenas • Data retention issues • Need for isolation management • Multi-tenancy • Logging challenges • Data ownership issues • Quality of service guarantees • Dependence on secure hypervisors 95
  95. 95. Cloud Security Challenges ..• Attraction to hackers (high value target)• Security of virtual OSs in the cloud• Possibility for massive outages• Encryption needs for cloud computing • Encrypting access to the cloud resource control interface • Encrypting administrative access to OS instances • Encrypting access to applications • Encrypting application data at rest• Public cloud vs. internal cloud security• Lack of public SaaS version control
  96. 96. Cloud Security Advantages• Data Fragmentation and Dispersal• Dedicated Security Team• Greater Investment in Security Infrastructure• Fault Tolerance and Reliability• Greater Resiliency• Hypervisor Protection Against Network Attacks• Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds) 97
  97. 97. Cloud Security Advantages.. • Simplification of Compliance Analysis • Data Held by Unbiased Party (cloud vendor assertion) • Low-Cost Disaster Recovery and Data Storage Solutions • On-Demand Security Controls • Real-Time Detection of System Tampering • Rapid Re-Constitution of Services • Advanced Honeynet Capabilities 98
  98. 98. Security Relevant Cloud Components• Cloud Provisioning Services• Cloud Data Storage Services
  99. 99. Security Relevant Cloud Components.. • Cloud Processing Infrastructure • Cloud Support Services • Cloud Network and Perimeter Security Elastic Elements: Storage, Processing, and Virtual Networks 100
  100. 100. Additional Issues• Issues with moving PII and sensitive data to the cloud – Privacy impact assessments• Using SLAs to obtain cloud security – Suggested requirements for cloud SLAs – Issues with cloud forensics• Contingency planning and disaster recovery for cloud implementations• Handling compliance – FISMA – HIPAA – SOX – PCI – SAS 70 Audits 101
  101. 101. Comparisons
  102. 102. Examples of cloud advantage• Social networking systems will evolve into collaborative management systems.• Homesourcing becomes mainstream.• Corporate processes become decentralized.• Smart phones evolve with cloud apps • access to wireless broadband. • productivity apps over the cloud for corporate use.
  103. 103. The Business Case for Going to the Cloud -Examples•Eli Lilly and Company is one company that has moved to Amazon EC2 aspart of their IT operations.
  104. 104. Secure Migration Paths for Cloud ComputingObjective:The reasons ‘Why’ migration to cloud is a good ideaand ‘How’ to implement secure Cloud Migration 105
  105. 105. Balancing Threat Exposure and CostEffectiveness• Private clouds may have less threat exposure than community clouds which have less threat exposure than public clouds.• Massive public clouds may be more cost effective than large community clouds which may be more cost effective than small private clouds. 106
  106. 106. Cloud Migration and Cloud SecurityArchitectures• Clouds typically have a single security architecture but have many customers with different demands – Clouds should attempt to provide configurable security mechanisms• Organizations have more control over the security architecture of private clouds followed by community and then public – This doesn’t say anything about actual security• Higher sensitivity data is likely to be processed on clouds where organizations have control over the security model 107
  107. 107. Migration Paths for Cloud Adoption• Use public clouds• Develop private clouds – Build a private cloud – Procure an outsourced private cloud – Migrate data centers to be private clouds (fully virtualized)• Build or procure community clouds – Organization wide SaaS – PaaS and IaaS – Disaster recovery for private clouds• Use hybrid-cloud technology – Workload portability between clouds 108
  108. 108. Migration standardsCloud Standards Mission: Provide guidance to industry and government for the creation and management of relevant cloud computing standards allowing all parties to gain the maximum value from cloud computing
  109. 109. NIST and Standards • NIST wants to promote cloud standards: – We want to propose roadmaps for needed standards – We want to act as catalysts to help industry formulate their own standards • Opportunities for service, software, and hardware providers – We want to promote government and industry adoption of cloud standards 110 11
  110. 110. Goal of NIST Cloud Standards Effort • Fungible clouds – (mutual substitution of services) – Data and customer application portability – Common interfaces, semantics, programming models – Federated security services – Vendors compete on effective implementations • Enable and foster value add on services – Advanced technology – Vendors compete on innovative capabilities 111
  111. 111. A Model for Standardizationand Proprietary Implementation • Advanced features Proprietary Value Add Functionality • Core features Standardized Core Cloud Capabilities 112
  112. 112. Proposed Result• Cloud customers knowingly choose the correct mix for their organization of – standard portable features – proprietary advanced capabilities 113
  113. 113. A proposal: A NIST CloudStandards Roadmap • We need to define minimal standards – Enable secure cloud integration, application portability, and data portability – Avoid over specification that will inhibit innovation – Separately addresses different cloud models 114 11
  114. 114. Towards the Creation of a Roadmap (I)• Thoughts on standards: – Usually more service lock-in as you move up the SPI stack (IaaS->PaaS->SaaS) – IaaS is a natural transition point from traditional enterprise datacenters • Base service is typically computation, storage, and networking – The virtual machine is the best focal point for fungibility – Security and data privacy concerns are the two critical barriers to adopting cloud computing 115
  115. 115. Towards the Creation of a Roadmap (II)• Result: – Focus on an overall IaaS standards roadmap as a first major deliverable – Research PaaS and SaaS roadmaps as we move forward – Provide visibility, encourage collaboration in addressing these standards as soon as possible – Identify common needs for security and data privacy standards across IaaS, PaaS, SaaS 116
  116. 116. A Roadmap for IaaS• Needed standards – VM image distribution (e.g., DMTF OVF) – VM provisioning and control (e.g., EC2 API) – Inter-cloud VM exchange (e.g., ??) – Persistent storage (e.g., Azure Storage, S3, EBS, GFS, Atmos) – VM SLAs (e.g., ??) – machine readable • uptime, resource guarantees, storage redundancy – Secure VM configuration (e.g., SCAP) 117
  117. 117. A Roadmap for PaaS and SaaS• More difficult due to proprietary nature• A future focus for NIST• Standards for PaaS could specify – Supported programming languages – APIs for cloud services• Standards for SaaS could specify – SaaS-specific authentication / authorization – Formats for data import and export (e.g., XML schemas) – Separate standards may be needed for each application space 118
  118. 118. Security and Data Privacy AcrossIaaS, PaaS, SaaS • Many existing standards • Identity and Access Management (IAM) – IdM federation (SAML, WS-Federation, Liberty ID-FF) – Strong authentication standards (HOTP, OCRA, TOTP) – Entitlement management (XACML) • Data Encryption (at-rest, in-flight), Key Management – PKI, PKCS, KEYPROV (CT-KIP, DSKPP), EKMI • Records and Information Management (ISO 15489) • E-discovery (EDRM) 119
  119. 119. 3. Using the Cloud
  120. 120. Overview
  121. 121. 3.1ACCESSING THE CLOUD
  122. 122. Overview
  123. 123. Web Browsers
  124. 124. Web ApplicationsApplications Issues• Google Gmail • Security• Yahoo Mail • Interoperability• Twitter • Bandwidth• Zimbra • Latency• Salesforce • Design• Dropbox• Skype•…
  125. 125. Cloud Access Architecture• Client software for emulation• Networking protocol with security features• Server software to intercept and interpret client requests• Keyboard access• Mouse access• Peripheral device support – Sound – Printing – Others
  126. 126. Thin Clients• What makes them thin?• Network connectivity (wired and wireless)• No moving parts (possibly a fan)• Keyboard, monitor, and USB connections• Sound card• Embedded terminal services client – RDP, VNC, etc.• Green features: Small footprint – Low heat; Low power consumption (starting at 6 Watt) – Low disk space
  127. 127. 3.2MOBILITY IN THE CLOUD
  128. 128. Overview
  129. 129. Smartphones
  130. 130. Collaboration Applications for Mobile platforms• Text messaging• iPhone applications• BlackBerry applications• Android applications
  131. 131. Text Messaging• Universal communication path, two forms: – SMS – MMS• Communicate: – Phone to phone – Computer to phone• Hidden costs: – Loss of productivity – Loss of security – Loss of safety
  132. 132. Basic Mobile Application Issues• Limited landscape• Security – Data security on the phone – Phone access protection – Eavesdropping or shoulder surfing – Must have application enforced encryption – WAP gap• Similar but not always equal• Usefulness vs. fun to have
  133. 133. Location Independence• Don’t care where it is, as long as we can get to it• Depends on – Network – Security – Vendor or internal IT – Application meeting needs• Location independence promotes an environment that is – Flexible – Fail-save – Fail-soft
  134. 134. Exercises – Quiz1. Example of Web application is a) Google mail b) Twitter c) Skype d) All the above2. Platform as a service is a) Google App engine b) Salesforce CRM c) Rackspace servers d) Google mail3. Which of these companies is not a leader in cloud computing? a) Google b) Amazon c) Blackboard d) Microsoft
  135. 135. Exercises – Quiz4. Which is not a major cloud computing platform? a) Google 101 b) IBM Deep blue c) Microsoft Azure d) Amazon EC25. Which one of these is not a key notion in cloud computing? a) Free b) Service based c) Scalable d) shared e) Virtualized resources6. Which of these is not a major type of cloud computing usage? a) Hardware as a Service b) Platform as a Service c) Software as a Service d) Infrastructure as a Service
  136. 136. Exercises – Quiz7. An Internet connection is necessary for cloud computing interaction. a) True b) False8. Mobile platforms are supporting a) Iphone applications b) Blackberry applications c) Android applications d) All the above9. What enables Thin Clients to work? a) Network connectivity b) Keyboard c) USB connections d) All the above
  137. 137. Exercises – Quiz10. Location independence promotes an environment that is a) Flexible b) Fail-save c) Fail-soft d) All the above
  138. 138. 4. Security and Identity Management
  139. 139. Overview
  140. 140. 4.1SECURITY AND THE CLOUD
  141. 141. Overview
  142. 142. Confidentiality, Integrity and Availability• Confidentiality – No unauthorized access – Privacy and data protection – Encryption – Physical security• Integrity – Information is accurate and authentic• Availability – When needed, where needed by authorized users – 5 nines standard: 99.999%
  143. 143. Authentication, Authorization and Accountability• Authentication – Authorized user? – Prove identity with something you • Know (password) • Have (RSA token device) • Are (fingerprint or retina scan)• Authorization – What can an authorized person do?• Accountability – Audit access and applications – Review logs periodically
  144. 144. Virus Infections on Virtualized EnvironmentsVirus infections on• Type 1 virtualized environment• Type 2 virtualized environment• Client Operating System
  145. 145. Virus Infections on Type 1 Virtualized Environments• Viruses invade below the hypervisor layer• Viruses intercept and react with hypervisor request to hardware Application Application Application Programs Programs Programs Guest Operating Guest Operating Guest Operating System System System Hypervisor Virtual Operating Environment Virus Hardware
  146. 146. Virus Infections on Type 2 Virtualized Environments• Viruses infect host OS below the hypervisor layer• Viruses intercept an react with hypervisor requests to hardware Application Application Application Programs Programs Programs Guest Operating Guest Operating Guest Operating System System System Hypervisor Virtualization Layer Virus Host Operating System Hardware
  147. 147. Client Operating System Virus Infections• Viruses infect Guest OS• Need Antivirus software on each guest• Benefits: – Guests are separated from each other – No impact to hypervisor – No impact to host OS
  148. 148. 4.2IDENTITY MANAGEMENT
  149. 149. Overview
  150. 150. Cloud-based Identity Management• Federation Management• Using multi-system identity information for a ‘global’, single-sign- on environment• Based on trust relationships• Often standards-based – Ensure compliance – Allows interoperability
  151. 151. Federation: Example One federated or trusted login is sufficient for all three parties in this example: each trust the other to identify the user.
  152. 152. Federation: Implementation• Information card components: – Subject is identity holder – Digital identities are issued for subject by identity providers – Relying parties accept identity – Similar to a personal digital credit card• Using a PKI and Digital Certificate• Microsoft CardSpace – More flexible than username and password – Consistent user experience• OpenID – Emerging
  153. 153. Federation Levels• Permissive: no verification• Verified: DNS and domain keys verified – Not encrypted – DNS poison• Encrypted: TLS and digital certificates – Certificates may be self-signed – Weak identity verification• Trusted: TLS and digital certificates from root CA – Encrypted – Strong authentication
  154. 154. Presence in the Cloud• Individual presence: Foundation for Information Management – Are you here? – Are you logged in? – Are you busy?• Hardware services – Hardware type – Hardware feature• Location: GPS• Pub-Sub: Publish and Subscribe – Facebook has friends and fans – IM has buddies
  155. 155. Leveraging Presence• Subscribe from anywhere• Publish from anywhere• Wide range of options• Many development possibilities
  156. 156. Presence Protocols• IMPS – Cell phones• SIP – Subscribe – Notify• SIMPLE – Messaging• XMPP – XML based
  157. 157. Presence Enabled• Instant Messaging (IM)• Soft Phone• Hard Phone• Web page logins
  158. 158. The Future of Presence• Continual development• Location Centric Cloud Services – Access based on where you are – Service depending on where you are• Using standards for full integration
  159. 159. The interrelation of Identity, Presence and Location• Digital Identity – Traits – Attributes – Preferences• Digital identity, presence and location determine available services and capabilities
  160. 160. Identity Management Solutions• Claim-based solutions• Identity-as-a-Service (IDaaS)• Compliance-as-a-Service (CaaS)
  161. 161. Claim-based Solutions• Method to introduce a claim to a resource• Recall previous information on a claim• Extended to include multiple point of truth – Active Directory controller for a domain is single point of truth for a domain – Federated identity is multiple points of truth • Hotel • Airline • Rental Car
  162. 162. Identity-as-a-Service• Provider based identity services• SSO for web• Strong authentication• Across boundary federation• Audit and compliance
  163. 163. Compliance-as-a-Service• Regulatory compliance• Difficult to establish audit compliance in third-party contracts• New service possibilities: – Multi-regulation compliance verification – Continuous audit – Threat intelligence
  164. 164. Privacy• Confidentiality of personal information is paramount• Must comply with laws and regulations – HIPAA – GLBA – EU, Canadian, Australian, … privacy statutes/acts• Clouds are international in nature, making privacy issues difficult
  165. 165. Personal Identifiable Information (PII)• Forms of identification• Contact information• Financial information• Health care information• Online activity• Occupational information• Demographic information
  166. 166. Privacy Related Issues• Notice: The user is given a privacy notice• Choice: The user can choose which information to enter• Consent: The use accept terms and conditionsThe user should be informed about: – Use: What is the intended use of information? – Access: Who will have access? – Retention: How long is the information stored? – Disposal: When and how will the information be disposed? – Security: How is security provided?
  167. 167. International Privacy• European Union – EU Data Protection Directive (1998) – EU Internet Privacy Law (DIRECTIVE 2002/58/EC, 2002) – Laws an privacy standards of the member states• Japan – Personal Information Protection Law – Law for Protection of Computer Processed Data Held by Administrative Organs (1988)• Canada – Privacy Act (1983) – PIPEDA (Bill C-6)
  168. 168. Safeguards• Effective Access Control and Audit – Single Sign On (SSO) – Strong authentication – Audit log• Secure Storage – Encryption – Integrity• Secure Network Infrastructure – Encryption protocols – Integrity protocols
  169. 169. Exercises – Quiz1. Which of these should a company consider before implementing cloud computingtechnology? a) Employee satisfaction b) Potential cost reduction c) Information sensitivity d) All of the above2. What is the most important drawback of cloud computing? a) Compliance b) Regulation c) Security d) Availability3. The CIA triangle is made up of a) Correctness, Integrity and Availability b) Confidentiality, Integrity and Availability c) Confidentiality, Infrastructure and Availability d) Confidentiality, Integrity and Authentication
  170. 170. Exercises – Quiz4. The CIA triangle is implemented using a) Encryption b) Access control lists c) Auditing d) All the above5. Which of the following is true about viruses a) Viruses invade below the hypervisor layer b) Viruses intercept and react with hypervisor request to hardware c) Viruses infect Guest OS d) All the above6. Federation is implemented using a) PKI and Digital certificate b) Biometric login c) Username and password d) None of the above
  171. 171. Exercises – Quiz7. Which of the following is not a federation level? a) Verified b) Signed c) Encrypted d) Trusted8. Which of the following is not an Identity Management Solutions a) Claim-based solutions b) Presence as a Service c) Identity-as-a-Service (IDaaS) d) Compliance-as-a-Service (CaaS)9. Which of the following standards is not used for handling security and compliance a) FISMA b) HIPAA c) X.800 standard d) SAS 70 Audits
  172. 172. Exercises – Quiz10. Cloud computing has the following advantage over in-house computing a) Requires little or no capital investment b) No need to deploy backup and disaster recovery c) Does not require IT staff to attend to servers, applications etc. d) All the above
  173. 173. 5. Implementing and Managing Cloud Computing
  174. 174. Overview
  175. 175. 5.1BUILDING LOCAL CLOUDNETWORKS
  176. 176. Overview
  177. 177. Local Database Center-based Cloud• Standards based• Independent components• Message based• Location independence• Seamless replication across sites• Seamless disaster recovery across sites
  178. 178. Independent Components
  179. 179. Message Base• Assures consistency and portability between components• Uses messaging protocols – Object Oriented: SOAP, JSON, REST – Support Websites: HTTP and HTML – E-mail: SMTP, POP3, IMAP• Requires middleware for message protocol conversion
  180. 180. Communications Capacity• Requires plenty of bandwidth – Difficult to measure without detailed analysis• Measuring network utilization: – Transaction-based – Process-based – Application-based
  181. 181. Private Intranet and Private Cloud• Under control of the own organization – Your own infrastructure – Engineered to your needs• Cost factors – Hardware – Circuits – Global reach – Engineering – On going support – Outages• Internal Security
  182. 182. Routing to the Data Center• Sufficient routing hardware• Sufficient circuits• High bandwidth• Low latency• Advanced routing processes such as MPLS• Quality of Service• Data vs. Voice
  183. 183. Moving Data within the Local Data Center• High-speed internal circuits• VLAN for traffic isolation and security• Campus area networks• Wide area Ethernet• Wireless• Internal security
  184. 184. Storage Capacity• Exactly how much do you need?• How much can you afford?• What features do you need? – Speed vs. capacity – Green is great – Lower cost options • SAS • SATA • Virtual (networked) disk
  185. 185. Network Attached Storage• Disk storage used to store file-based records such as: – Documents – Pictures – Scanned images• Server software simplified• Disk access and security• Multiple access methods: – CIFS (Windows) – NFS (Unix)
  186. 186. Multi-site• Multiple sites assists with disaster recovery and avoidance – Multiple access routes – Streamline user pathways
  187. 187. Monitoring• Monitoring disk usage and performance• Build baseline and trend analysis• Expand as needed• Consider physical plant requirements – Electrical • UPS • Generator – HVAC – Floor space
  188. 188. Server Software EnvironmentsThat Support Cloud Computing• Server capacity• Virtualization• Clustering and High Availability (HA)• Expansion• Server functions
  189. 189. Server Capacity• Services being provided – Applications – Processes• Speed and features – Processors: SMP vs. Cores – Memory – Local disk and Network disk• Vendor support
  190. 190. Cloud Applications
  191. 191. Open Source Software in Data Centers• Cost reduction vs. reliability• Not necessarily for free – Free based support – Hidden costs• Server software – Apache – Jetty – Zend• Databases – MySQL – postgresSQL
  192. 192. Establishing a Baseline for Cloud Performance• Connection speed• Datastore (delete and read times)• Deployment latency• Lag time
  193. 193. Connection Speed• If the network is fast, the cloud succeeds• Bandwidth: Measure of network throughput – bps/Bps: bits/Bytes per second – Rating: network capacity or throughput? – 54Mbps wireless is really 22 Mbps• Latency: Delay – Firewalls, routers, servers – Congestion factors
  194. 194. Public Internet• Using the public internet can be risky: – Target of DDOS – Recent attacks show vulnerabilities – No way to regulate bandwidth consumption – Now way to regulate bandwidth availability – Criticality vs. cost – External security
  195. 195. Data Protection and PartitioningBrewer Nash Fibre ChannelSecurity Model Security • Information barriers • Zoning • Eliminating conflict of • LUN Masking interest Protection across operating systems and virtual servers
  196. 196. 5.2SUPPORTING THE USE OFCLOUD COMPUTING
  197. 197. Overview
  198. 198. Virtual Private Network• Remote access gives participant full network use• Tunnel mode – Transparent connection, clients not aware of tunnel – All traffic encrypted• Transport mode – Requires use of VPN client software – IP addresses not encrypted• Security risks in both modes
  199. 199. Content Management Systems• Collaboration tool• Allows large number of people to share stored data• Controls access to data, based on user roles• Aids in easy storage and retrieval of data• Reduces repetitive duplicate input• Improves the ease of report writing• Improves communication between users
  200. 200. Scripting Languages
  201. 201. Content Formatting Languages HTML XML JSON
  202. 202. Backup and RecoveryBackup Recovery • Short term and • Frequent planned archival storage exercises • Compliance • Master the process! • May use replication locations
  203. 203. Disaster Recovery SolutionsMethods Coverage Solutions • Multi-site locations • Failover • Long distance ‘clustering’ • Fail-safe • Specialized software and • Fail-soft dedicated ‘pipes’
  204. 204. 5.3STANDARDS IN CLOUDCOMPUTING
  205. 205. Overview
  206. 206. Standards and Best PracticesInformation Management – COBIT, ISO/IEC 38500 – BiSLService Management – ITIL – ISO/IEC 20000Security Management – ISO/IEC 27001Application Management – ASLTechnical Standards – IEEE, OSI, ISO/IEC
  207. 207. The Case for Standards Common ground Multiple General Standards providers and accepted provide multiple practices applications Portability
  208. 208. Using Industry and International Standards• Standards assist in – Portability – Uniformity• Standards organizations are not standard – IEEE and others for physical networks – ISO and IETF for logical networking – Consortia and others for applications and middleware – ISO and others for management and security• Commonality of standards regardless of source
  209. 209. Open Cloud Consortium• Supports the development of standards and interoperability frameworks• Develops cloud computing benchmarks• Supports open source reference implementations• Manages cloud computing test beds• Manages infrastructure to support scientific research
  210. 210. Web-based Enterprise Management• WBEM is a set technologies – Unifying management of computing environments• Core set of standards – CIM, CIM-XML, CIM Query Language – SLP and URI mapping• Extensible – Facilitating the development of reusable and platform-neutral tools and applications
  211. 211. Web Services Management• WS-MAN specification promotes interoperability between applications and resources• Features: – Discover managed devices – Get and put information from and to managed devices – Create and delete dynamic settings and values – Enumerate contents – Subscribe to generated log records – Execute management processes
  212. 212. Distributed Management Taskforce• Facilitates a collaborative effort within the IT industry to develop, validate and promote standards for systems management• 4000 active participants from 43 countries• 160 member companies and organizations
  213. 213. Storage Management Initiative Specification ( SMI-S)• Solves the problem of managing standardized Storage Area Networks (SANs)• Allows a Web-based enterprise management system to bridge the gap among the various vendors and provide a consistent management capability regardless of hardware source
  214. 214. System Management Architecturefor System Hardware• An application suite that consolidates several aspects of data center management• CLP provides standardized server management in the data center• Provides standard-based Web server management, regardless of – Machine state – Operating system state – Server system topology – Access method
  215. 215. Standards for Application Developers Content formatting Scripting Protocols languages standards and languages
  216. 216. Standards for Security in the Cloud• Privacy regulations – HIPAA – GLBA – International Privacy• Security protocols• International laws: www.informationshield.com/intprivacylaws.html•US Federal and state privacy laws and regulations: www.informationshield.com/usprivacylaws.html
  217. 217. Health Assurance Portability and Accountability• HIPAA• Privacy Rule – Allows disclosure of personal health information when required – Protects personal health information – Gives patients rights• Security Rule – Allows implementation of the privacy Rule – Specifies safeguards to assure CIA of patient information – Provides administrative, technical and physical security controls
  218. 218. Financial Services Modernization Act• GLBA, also known as the Financial Services Modernization Act of 1999• Financial Privacy Rule – Governs information collection and disclosure – Applies to financial and non-financial entities• Safeguard Rule – Receivers of financial information must protect it – Design, implement and maintain standards• Pre-texting protection – Protects against deceptive information gathering practices
  219. 219. Payment Card Industry• Goal of managing the confidential payment card information – Debit – Credit – Prepaid – E-purse – ATM and POS – Associated businesses• Issue: How to secure PCI-based information?
  220. 220. Security Protocols SSH SSL and TLS IPSec VPN OpenID Kerberos PCI
  221. 221. Internet Protocol Security• Data encryption in two modes – Tunnel – Transport• ESP performs – Authentication – Encryption
  222. 222. OpenID• Single credential system• The goal – Simplify multiple website logins• Adopters – Yahoo – Google – AOL• OpenID Federation
  223. 223. 6. Evaluation of Cloud Computing
  224. 224. Overview
  225. 225. 6.1THE BUSINESS CASE
  226. 226. Overview
  227. 227. Should Your Company Invest in Cloud Computing? Does it do what we want or need? Can we adjust? • Provide services we need • Appropriate applications available Can we accept? Is the move justified? • Decision makers vs. users • Economic value • Operational value
  228. 228. Business Benefits of Cloud Computing• Operational – Efficiency in: servers, workers, power, disaster recovery, training – Flexibility• Economic – Save money – Reduce overhead – Become ‘green’• Staffing – Reduce or redeploy staff
  229. 229. Operational Benefits• Incremental investment• Storage availability• Automation• Flexibility• Increased mobility
  230. 230. More Operational Benefits• Optimum use of staff• Centralization and management of systems and desktops• Archiving of systems simplified• Disaster recovery simplified and manageable across sides
  231. 231. Deliver What You Want Quicker• Can the cloud provide your users the resource being utilized in the cloud faster than if the resource was hosted locally at your company?• What do we give up?• What do we gain?• Is your organization willing to compromise?
  232. 232. Economical Benefits• Hardware: – Buying less or less complex equipment• Budget: – Pay as you go – Improved budget control – Buy what you need when you need it• Time-to-market – Quicker deployment using standardized products
  233. 233. More Economical Benefits• Little or no software installation or maintenance• Shorter deployment time• Worldwide availability• SLA adherence• Upgrades• Make life easier on your IT staff• More money
  234. 234. Meeting Short-term NeedsAre you going to the cloud permanent or for a short term goal?Example • Need to develop major software package • Need to access to additional development hardware • Budget restrictions exclude buying hardware • Cloud PaaS solution is ideal: – Acquire – Use – Loose
  235. 235. Staffing Benefits• Optimum use of staff• People fewer or better deployed• Accomplishment• Less stress in operational environment• Make life easier on your IT staff
  236. 236. Cloud Implementations impact• Power savings • Service• Floor space savings • Wiser investment• Network infrastructure • Security• Maintenance reductions • Quick delivery• Software licensing • Reduced capital expense• Time to value • Meeting shot-term needs• Trial period
  237. 237. Power Savings• Reduce overall power requirements – Limited servers and data platforms – Simpler desktop platforms• HVAC reduction – Server farm – Storage farm – Workspace cooling and heating• Simpler UPS and Generator needs• Offset by cloud provider cost increase – Virtualization and shared storage
  238. 238. Floor Space Savings• Smaller overall footprint in the enterprise• Displace to Cloud provider• Reduced lease and rental costs• Less maintenance• Less cleaning costs
  239. 239. Maintenance Reductions• Reduction of maintenance costs: – Hardware – Software – Facility• New maintenance costs – Uploaded and downloaded data – Update software if PaaS environment
  240. 240. Software Licensing• Depending on implementation, a reduction in the number of licenses required• Requires analysis of demand for software• Per seat vs. per user
  241. 241. 6.2EVALUATINGIMPLEMENTATIONS
  242. 242. Overview
  243. 243. Wiser Investment• Is the cloud investment smarter than in-house?• Cost factors• Performance factors• Management factors• Satisfaction factors• Can the cloud be defended?• Who are the stakeholders?
  244. 244. Network Infrastructure Changes• Need high bandwidth Internet connections• Internal infrastructure may be simplified• Less complexity in switching and routing network
  245. 245. Reduced Capital Expense• Reduce inventory• Reduce taxes (some jurisdictions)• Cost of money over time• Recurring costs handled differently than capital expenditures for tax and budgeting purposes
  246. 246. Vendor Access and Support• Does the provider support my needs?• Is the vendor easy to work with?• What is the vendor’s remote monitoring and management strategy?• Can the vendor provide references?• Is it easy to access and update the data?• Can you use the vendor’s dataflow processes?
  247. 247. Time to Value• How long does it take to get value from the cloud implementation? OR• How soon can I start using it to make money?• If you need ten new servers online tomorrow, consider: – What does it take to do it in-house – What does it take to provision them in the cloud?
  248. 248. Trial Period• Make sure you get a ‘try it, then buy it’ clause• Do not commit until you are sure it works the way you want• Especially true if you are using a new software package or new service you have not seen before!
  249. 249. Service: what you get for the money• What services are provided? – Installation – Conversion• Are the SLA terms reasonable?• What are the penalties?• What type of support is provided?• Do you have alternative or backup plan?• Do you fully understand the offering and the expected outcome?
  250. 250. Security• All in-house security requirements must be present in the cloud• Regulatory and statutory requirements• Industry accepted practices• Privacy• Eliminate data leakage• Understand the internal server structures – One tier – Two tier – Three tier
  251. 251. Evaluating Cloud Implementations Summary• Power savings • Service• Floor space savings • Wiser investment• Network infrastructure • Security• Maintenance • Delivers what you want• Software licensing quicker• Time to value • Reduced capital• Trial period expense • Meeting short-term needs
  252. 252. Cloud Computing examples for migration 253
  253. 253. Google Cloud User: City of Washington D.C.• Vivek Kundra, CTO for the District (now OMB e-gov administrator)• Migrating 38,000 employees to Google Apps• Replace office software – Gmail – Google Docs (word processing and spreadsheets) – Google video for business – Google sites (intranet sites and wikis) 254
  254. 254. Case Study: Facebook’s Use of OpenSource and Commodity Hardware (8/08) • Jonathan Heiliger, Facebooks vice president of technical operations • 80 million users + 250,000 new users per day • 50,000 transactions per second, 10,000+ servers • Built on open source software – Web and App tier: Apache, PHP, AJAX – Middleware tier: Memcached (Open source caching) – Data tier: MySQL (Open source DB) 255
  255. 255. Case Study:Salesforce.com in Government• 5,000+ Public Sector and Nonprofit Customers use Salesforce Cloud Computing Solutions• President Obama’s Citizen’s Briefing Book Based on Salesforce.com Ideas application – Concept to Live in Three Weeks – 134,077 Registered Users – 1.4 M Votes – 52,015 Ideas – Peak traffic of 149 hits per second• US Census Bureau Uses Salesforce.com Cloud Application – Project implemented in under 12 weeks – 2,500+ partnership agents use Salesforce.com for 2010 decennial census – Allows projects to scale from 200 to 2,000 users overnight to meet peak periods with no capital expenditure 256
  256. 256. Case Study:Salesforce.com in Government• New Jersey Transit Wins InfoWorld 100 Award for its Cloud Computing Project – Use Salesforce.com to run their call center, incident management, complaint tracking, and service portal – 600% More Inquiries Handled – 0 New Agents Required – 36% Improved Response Time• U.S. Army uses Salesforce CRM for Cloud-based Recruiting – U.S. Army needed a new tool to track potential recruits who visited its Army Experience Center. – Use Salesforce.com to track all core recruitment functions and allows the Army to save time and resources. 257

×