Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Introduction to cloud computing

2,990 views

Published on

This presentation is a general introduction to cloud computing and some of the major tools available on the market.

Published in: Technology

Introduction to cloud computing

  1. 1. Introduction to Cloud Computing William El Kaim Oct. 2016 - V 2.2
  2. 2. This Presentation is part of the Enterprise Architecture Digital Codex http://www.eacodex.com/Copyright © William El Kaim 2016 2
  3. 3. Plan What is Cloud Computing? • Why Cloud Computing? • Virtualization and Cloud • Cloud vs. Grid Computing • Cloud Computing Adoption • Cloud Computing Landscape • Cloud Computing Security • Cloud clients Tools • Backend As A Service (BAAS) • The Software Defined Datacenter (SDDC) • Is cloud Cost Effective? Copyright © William El Kaim 2016 3
  4. 4. Cloud Computing Definitions • Forrester • A standardized IT capability (services, software, or infrastructure) delivered via the Internet in a pay-per-use, self-service way • NIST (National Institute of Standards and Technologies) • Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. • Larry Ellison • Water Vapor... [other than that] it is just a computer connected to a network! • Changed its mind in 2015 … Copyright © William El Kaim 2016 4
  5. 5. 5 Essential Cloud Characteristics • On-demand self-service • Broad network access • Resource pooling • Location independence • Rapid elasticity • Measured service Copyright © William El Kaim 2016 5
  6. 6. Cloud Services Taxonomy • Cloud Software as a Service (SaaS). • The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure and accessible from various client devices through a thin client interface such as a Web browser (e.g., web-based email). • The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. • Cloud Platform as a Service (PaaS). • The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created applications using programming languages and tools supported by the provider (e.g., java, python, .Net). • The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, or storage, but the consumer has control over the deployed applications and possibly application hosting environment configurations. • Cloud Infrastructure as a Service (IaaS). • The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. • The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly select networking components (e.g., firewalls, load balancers). Copyright © William El Kaim 2016 6
  7. 7. Cloud Services Taxonomy Source: BSACopyright © William El Kaim 2016 7
  8. 8. Software-as-a-service (SaaS) Finished applications that you rent and customize Platform-as-a-service (PaaS) Developer platform that abstracts the infrastructure, OS, and middleware to drive developer productivity Infrastructure-as-a-service (IaaS) Deployment platform that abstracts the infrastructure Cloud Services Taxonomy Copyright © William El Kaim 2016 8
  9. 9. Cloud Services Taxonomy Source: BSACopyright © William El Kaim 2016 9
  10. 10. Cloud Services Taxonomy Copyright © William El Kaim 2016 10
  11. 11. Cloud Services Taxonomy Source: May 13, 2009, “Clouds Appearing In The Sky Of Outsourcing” Forrester report Copyright © William El Kaim 2016 11
  12. 12. Plan • What is Cloud Computing? Why Cloud Computing? • Virtualization and Cloud • Cloud vs. Grid Computing • Cloud Computing Adoption • Cloud Computing Landscape • Cloud Computing Security • Cloud clients Tools • Backend As A Service (BAAS) • The Software Defined Datacenter (SDDC) • Is cloud Cost Effective? Copyright © William El Kaim 2016 12
  13. 13. Highly Available Infrastructure • Public Infrastructure composed of computing power, storage, security • Platforms, software, applications, services reside on top • Immediate availability, ordering, provisioning on the web • Easier and cheaper than deploying it in-house • Easily manageable from a single web interface • Partition, synchronize, distribute, secure, store data/apps • Run from centralized deployments/datacenters • Supports Platforms as a Service • Real-time accessible and usable across the web • Many (often smaller) applications run off more consistently available resources Copyright © William El Kaim 2016 13
  14. 14. Private (On-Premise) IT as a Service Infrastructure (as a Service) Platform (as a Service) Storage Server HW Networking Servers Databases Virtualization Runtimes Applications Security & Integration Storage Server HW Networking Servers Databases Virtualization Runtimes Applications Security & Integration Storage Server HW Networking Servers Databases Virtualization Runtimes Applications Security & Integration Youmanage Managedbyvendor Managedbyvendor Youmanage Youmanage Copyright © William El Kaim 2016 14
  15. 15. Cloud Computing Is Attractive To Businesses • Pay by the drink - Credit card billable • SLA driven • defined response times, immediate recreation of instances, consistent service for all users • Providing easy integration with back-end services • Should always be available and self-healing • Unobstructive/transparent: client only sees end workload • Multi-tenant infrastructure with complete security/privacy • Linearly scalable on the fly (up/down) – cost reducing Private Enterprise clouds are not included in this discussion Copyright © William El Kaim 2016 15
  16. 16. Utility Computing & On-Demand Storage • Two developer driven components of the Cloud • Utility computing • Range from minute to monthly provisioning/billing • Target is web based ordering + instant provisioning • Should be pay by the drink & include an SLA • Should be desktop mountable & immediately available • Should have back-end storage and other web services • On-demand Storage • Range from Managed hosters offering on-demand SAN,NAS and DAS - orders possible with seasonal billing • Back-up/Protection wins when on-demand storage fails Copyright © William El Kaim 2016 16
  17. 17. Plan • What is Cloud Computing? • Why Cloud Computing? Virtualization and Cloud • Cloud vs. Grid Computing • Cloud Computing Adoption • Cloud Computing Landscape • Cloud Computing Security • Cloud clients Tools • Backend As A Service (BAAS) • The Software Defined Datacenter (SDDC) • Is cloud Cost Effective? Copyright © William El Kaim 2016 17
  18. 18. Why Virtualization? • Without virtualization, the application and operations architecture teams design, acquire and install the servers, storage and networking needed for each application • Virtualization offers only a hardware abstraction layer that can adjust to the specific CPU, memory, storage, and network needs of applications on a per server basis • Of course, this is not enough • What is the right density of VMs per host and type of workloads? • Virtualization may require an expensive shared storage infrastructure (Fiber Channel SAN) • It is not elastic, turn-key or upgradeable by itself • Same old Operations and Management processes apply • Cloud computing is an “operation model” applied to virtualization Copyright © William El Kaim 2016 18
  19. 19. Managed Hosting Services Evolutions Copyright © William El Kaim 2016 19
  20. 20. Technology: Operating System Virtualization • Only one OS at a time • Reduces OS sprawl • Reduces in-memory consumption • Best for • Applications that do not coexist well with others • Individual workloads • SaaS • Examples • Parallels Virtuozzo Containers • Sun Solaris Containers • OpenVZ • Unix chroot command • Linux V-Server OS Management OS Virtualization Technology Virtual Machine Virtual Machine Application(s)Application(s) x86 Server SAN / NAS / DAS Copyright © William El Kaim 2016 20
  21. 21. Technology: Bare Metal Hypervisor • Best for heterogeneous environments • Development and testing environments • Virtual desktop • legacy server consolidation • Virtualizes access to hardware (CPU, Memory, Storage) • assisted by Intel and AMD • Each VM has a guest OS • Reduces server sprawl • Examples • VMARE ESX • Citrix XENserver (Linux) • Parallels Server • Microsoft Hyper-V • Trango • Sun xVM Bare Metal Virtualization Technology (Hypervisor) Virtual Machine Virtual Machine Guest OS Guest OS Application(s)Application(s) x86 Server SAN / NAS / DAS Copyright © William El Kaim 2016 21
  22. 22. Technology: Containerization • Containers are the products of operating system virtualization. • Lightweight virtual environment that groups and isolates a set of processes and resources such as memory, CPU, disk, etc., from the host and any other containers. • The isolation guarantees that any processes inside the container cannot see any processes or resources outside the container. • Only one App (or microservice) at a time • Run in isolated process on the host operating system • Portable and efficient • Reduces in-memory consumption • Best for • Multi-tenant application • Elastic applications (automatic scaling) • Examples • Docker, CoreOS, RancherOS, Snappy Ubuntu Core, RedHat Atomic, Mesosphere DCOS, Vmware Photon Container OS Container Container Application(s)Application(s) x86 Server SAN / NAS / DAS Copyright © William El Kaim 2016 22
  23. 23. Containerization Example: Docker • Docker allows each development team to implement microservices using whatever language, framework or runtime they deem appropriate. • The only requirement they have to get their service to production is to provide a Docker image (plus some basic run configuration in a YAML file) to the Ops Team. Source: Tom LeachCopyright © William El Kaim 2016 23
  24. 24. Plan • What is Cloud Computing? • Why Cloud Computing? • Virtualization and Cloud Cloud vs. Grid Computing • Cloud Computing Adoption • Cloud Computing Landscape • Cloud Computing Security • Cloud clients Tools • Backend As A Service (BAAS) • The Software Defined Datacenter (SDDC) • Is cloud Cost Effective? Copyright © William El Kaim 2016 24
  25. 25. What is Grid Computing? • Grid computing is the collection of computer resources from multiple locations to reach a common goal. • The grid can be thought of as a distributed system with non-interactive workloads that involve a large number of files. • Grid computing is distinguished from conventional high performance computing systems such as cluster computing in that grid computers have each node set to perform a different task/application. • For certain applications, distributed or grid computing can be seen as a special type of parallel computing that relies on complete computers (with onboard CPUs, storage, power supplies, network interfaces, etc.) connected to a computer network (private or public) by a conventional network interface, such as Ethernet. • Although a single grid can be dedicated to a particular application, commonly a grid is used for a variety of purposes. • Grids are a form of distributed computing whereby a "super virtual computer" is composed of many networked loosely coupled computers acting together to perform large tasks. • This is in contrast to the traditional notion of a supercomputer, which has many processors connected by a local high-speed computer bus. Source: WikipediaCopyright © William El Kaim 2016 25
  26. 26. Cloud vs. Grid Computing? Cloud Computing • Cloud computing evolves from grid computing and provides on-demand resource provisioning. • Grid computing may or may not be in the cloud depending on what type of users are using it. • If the users are systems administrators and integrators, they care how things are maintained in the cloud. They upgrade, install, and virtualize servers and applications. • If the users are consumers, they do not care how things are run in the system. Copyright © William El Kaim 2016 26
  27. 27. Cloud vs. Grid Computing? Grid Computing • Grid computing requires the use of software that can divide and farm out pieces of a program as one large system image to several thousand computers. • One concern about grid is that if one piece of the software on a node fails, other pieces of the software on other nodes may fail. • This is alleviated if that component has a failover component on another node, but problems can still arise if components rely on other pieces of software to accomplish one or more grid computing tasks. • Large system images and associated hardware to operate and maintain them can contribute to large capital and operating expenses Copyright © William El Kaim 2016 27
  28. 28. Cloud vs. Grid Computing? Similarities • Cloud computing and grid computing are scalable. • Scalability is accomplished through load balancing of application instances running separately on a variety of operating systems and connected through Web services. • Both computing types involve multi-tenancy and multitask • Meaning that many customers can perform different tasks, accessing a single or multiple application instances. • Sharing resources among a large pool of users assists in reducing infrastructure costs and peak load capacity. • Cloud and grid computing provide service-level agreements (SLAs) for guaranteed uptime availability • Storage as a service • While the storage computing in the grid is well suited for data-intensive storage, it is not economically suited for storing objects as small as 1 byte. Copyright © William El Kaim 2016 28
  29. 29. Clouds Versus Grids Clouds and Grids are distinct • Cloud • Full private cluster is provisioned • Individual user can only get a tiny fraction of the total resource pool • No support for cloud federation except through the client interface • Opaque with respect to resources • Grid • Built so that individual users can get most, if not all of the resources in a single request • Middleware approach takes federation as a first principle • Resources are exposed, often as bare metal • In a data grid, the amounts of distributed data must be large for maximum benefit. A computational grid focuses on computationally intensive operations. Copyright © William El Kaim 2016 29
  30. 30. Grid Computing: Tools • EMI: Software platform for high performance distributed computing • Globus Toolkit: open source software toolkit used for building grids. It is being developed by the Globus Alliance. • GridWay: Metascheduler enables large- scale, reliable and efficient sharing of computing resources • Parabon: Software platform for high performance distributed computing Copyright © William El Kaim 2016 30
  31. 31. Plan • What is Cloud Computing? • Why Cloud Computing? • Virtualization and Cloud • Cloud vs. Grid Computing Cloud Computing Adoption • Cloud Computing Landscape • Cloud Computing Security • Cloud clients Tools • Backend As A Service (BAAS) • The Software Defined Datacenter (SDDC) • Is cloud Cost Effective? Copyright © William El Kaim 2016 31
  32. 32. Cloud Computing Adoption Rise of PaaS and SaaS Source: August 14, 2008, “Forrester’s SaaS Maturity Model” Forrester reportCopyright © William El Kaim 2016 32
  33. 33. Cloud Computing Adoption Forrester’s PaaS Reference Architecture Copyright © William El Kaim 2016 33
  34. 34. Example In The Public Cloud Copyright © William El Kaim 2016 34
  35. 35. Example Around ERP System Copyright © William El Kaim 2016 35
  36. 36. Easy Subscription Into Own Tenant Copyright © William El Kaim 2016 36
  37. 37. Cloud Computing Adoption Adoption Model Copyright © William El Kaim 2016 37
  38. 38. Cloud Computing Adoption When Cloud Computing may be a Fit? • When the processes, applications, and data are largely independent. • When the points of integration are well defined. • When a lower level of security will work just fine. • When the core internal enterprise architecture is healthy. • When the Web is the desired platform. • When cost is an issue. • When the applications are new. Copyright © William El Kaim 2016 38
  39. 39. Start planning when your app… • is not yet in your data center • is used intermittently • is out of support • can’t be upgraded easily • requires significant changes • can’t scale (computing, network, storage) • costs too much to operate and manage • is down more than you can handle • is difficult to secure Copyright © William El Kaim 2016 39
  40. 40. Use a Dedicated Drawing Tool Copyright © William El Kaim 2016 40https://cloudcraft.co/
  41. 41. Cloud Computing Adoption When Cloud Computing may not a Fit? • When the processes, applications, and data are largely coupled. • When the points of integration are not well defined. • When the core internal enterprise architecture needs work. • When the application requires a native interface. • When cost is an issue. Copyright © William El Kaim 2016 41
  42. 42. Cloud Computing Adoption Stepping to the Clouds 1. Access the business. 2. Access the culture. 3. Access the value. 4. Understand your data. 5. Understand your services. 6. Understand your processes. 7. Understand the cloud resources. 8. Identify candidate data. 9. Identify candidate services. 10. Identify candidate processes. 11. Create a governance strategy. 12. Create a security strategy. 13. Bind candidate services to data and processes. 14. Relocate services, processes, and information. 15. Implement security. 16. Implement governance. 17. Implement operations. Copyright © William El Kaim 2016 42
  43. 43. Plan • What is Cloud Computing? • Why Cloud Computing? • Virtualization and Cloud • Cloud vs. Grid Computing • Cloud Computing Adoption Cloud Computing Landscape • Cloud Computing Security • Cloud clients Tools • Backend As A Service (BAAS) • The Software Defined Datacenter (SDDC) • Is cloud Cost Effective? Copyright © William El Kaim 2016 43
  44. 44. Cloud Computing Landscape: IAAS • Leaders • Amazon AWS • Microsoft Azure • Google Cloud Platform • IBM SoftLayer (IAAS) • Others • DigitalOcean • Joyent • Linode • Rackspace Cloud • VMWare vCloud Copyright © William El Kaim 2016 44
  45. 45. Cloud Computing Landscape (PAAS) Open Source PaaS Platforms • Apache Stratos • This is more of a framework than just a “simple” platform. It is highly multi-tenant enabled and provides a lot of customization features. The architecture is very complex and has a lot of moving parts. Supports Docker and Kubernetes. • Cloud Foundry • One of the biggest player besides OpenShift in this market. It provides a platform for running applications and is used widely in the industry. Has a steep learning curve and is not easily installed, configured, or operated • Dokku • A simple, small PaaS running on one host. Uses Docker and Nginx as the most important building blocks. It is written in Bash and uses Buildpacks to build an application specific Docker container. Copyright © William El Kaim 2016 45Source: Tobias Brunner
  46. 46. Cloud Computing Landscape (PAAS) Open Source PaaS Platforms • Deis • The big sister of Dokku. Building blocks used in Deis include CoreOS, Ceph, Docker, and a pluggable scheduler (Fleet by default, however Kubernetes will be available in the future). Buildpacks are used for creating the runtime containers. At least three servers are needed to effectively run Deis. • Flynn • Also similar to the two tools above. It also uses Docker as backend, but uses many project specific helper services. At the moment, only PostgreSQL is supported as a datastore for applications. • OpenShift • Started in 2011 as a new PaaS platform using it’s own project specific technologies, has been completely rewritten in v3 using Docker and Kubernetes as the underlying building blocks. • Tsuru • Similar to Deis, but says it also supports non-12-Factor apps. There is even a possibility to manage VMs, not only containers. This, too, uses Docker as building block. Other components like scheduler are coming from the Tsuru project. Copyright © William El Kaim 2016 46Source: Tobias Brunner
  47. 47. OpenShift vs. Cloud Foundry Architecture Copyright © William El Kaim 2016 47 OpenShift V3 Cloud Foundry Architecture
  48. 48. Cloud Computing Landscape (PAAS) Commercial Platforms • ActiveState (HP) • Amazon AWS • Apprenda • CenturyLink • CloudBees • Cloudify • Engine Yards • Google Cloud Platform • GridGrain • Heroku • IBM Bluemix • Microsoft Azure • ProfitBricks • VMWare VCloud Copyright © William El Kaim 2016 48
  49. 49. Integration PaaS (iPaaS) • The rise of software-as-a-service (SaaS) and the increasing heterogeneity of enterprise applications portfolios and data sources have necessitated a shift to suitable alternatives to traditional integration approaches. • Integration platform-as-a-service (iPaaS), a sub-segment of PaaS, continues to evolve as an integration approach capable of meeting a wide range of integration needs, including on premise,cloud, B2B, and mobile application integration. • iPaaS is a platform for building and deploying integrations within the cloud and between the cloud and enterprise. • With iPaaS, users can develop integration flows that connect applications residing in the cloud or on-premises and then deploy them without installing or managing any hardware or middleware. • Gartner also sees iPaaS as a potential platform for the buying, selling, and exchange of integration flows (both out-of-the-box and custom-built patterns) between users, service providers, and integration providers. Copyright © William El Kaim 2016 49
  50. 50. Integration PaaS (iPaaS) • Adaptris • Bedrock Data • Boomi (Dell) • Celigo • CloudHub (MuleSoft) • Cyclr • Informatica • Jitterbit • Snaplogic • Universal Platform • Zapier Copyright © William El Kaim 2016 50
  51. 51. Integration PaaS (iPaaS) • Adeptia: Provides Adeptia Connect, a citizen integrator-oriented iPaaS focused on supporting B2B requirements. • AppPoint: Provides its CollaBridge iPaaS offering as part of its application infrastructure services. • Azuqua: A U.S.-based iPaaS provider targeting SaaS integration. • Built.io: This U.S.-based company provides an iPaaS offering called Flow alongside its MBaaS and content management system products. • elastic.io: An iPaaS provider based in Bonn, Germany. • HiQ: A Finnish company that provides the Frends4 iPaaS offering, which is also available in an on-premises software format. • Maestrano: Provides an iPaaS that combines application and data integration capabilities based around a centralized data hub architecture. • Moskitos: Provides Crosscut, a Microsoft Azure-centric iPaaS targeting medium and large organizations in France. • Primeur: An Italian software vendor that provides the Ghibli Business Integrator HIP, which includes iPaaS functionality and delivery model. • Service-Flow: Provides an iPaaS offering targeting the integration of various IT service desk implementations. • Software AG: Provides webMethods Integration Cloud, an adaptive integration- oriented rendition of its veteran webMethods Integration Platform. • Talend: Provides the Talend Integration Cloud, a data-integration-centric iPaaS offering. • TIBCO: Provides TIBCO Cloud Integration and Simplr • Xplenty: Provides its Data Integration cloud service; it is based in Israel. Copyright © William El Kaim 2016 51Source: Gartner
  52. 52. iPaaS Landscape Copyright © William El Kaim 2016 52
  53. 53. PaaS Finder Copyright © William El Kaim 2016 53https://paasfinder.org/vendors
  54. 54. Source: Bessemer Venture Partners Copyright © William El Kaim 2016 54
  55. 55. Copyright © William El Kaim 2016 55
  56. 56. Copyright © William El Kaim 2016 56
  57. 57. Cloud Monitoring • Boundary: Monitoring-as-a-Service for cloud and server infrastructure • Datadog: Aggregates metrics and events across the full devops stack • Google Stackdriver: For applications running on Google Cloud Platform and Amazon Web Services • Monitis: All-in-one application monitoring platform • NewRelic • OpsView: Monitoring-as-a-Service for cloud and server infrastructure • vRealize Hyperic • ZenOSS: Private & Hybrid Cloud Monitoring • Open Source • Nagios, Zabbix Copyright © William El Kaim 2016 57
  58. 58. Hybrid Cloud Mgt. Tools • Avni • Hybrid Cloud Platform To Deploy, Scale And Migrate Digital Services That Contain Containers, VMs And Cloud Specific Apps with Security, Analytics and Policy. • AppDynamics • Application monitoring in the cloud • CloudHealth • Gives visibility across the enterprise entire cloud ecosystem to optimize resources and define governance policies for ongoing management. • Cloudyn • One platform to view and optimize all your public and hybrid cloud deployments. • DHCQ • Out-of-box integrations with private and public cloud platforms to automate the provisioning and auto-scaling of virtual infrastructure used for Docker-based application deployments • Dynatrace • Dynatrace supports all types of cloud environments with easy, automatic deployment. • Platform9 • Run OpenStack and Kubernetes like SaaS Copyright © William El Kaim 2016 58
  59. 59. Hybrid Cloud Mgt. Tools: Cloudyn https://www.cloudyn.com/Copyright © William El Kaim 2016 59
  60. 60. Hybrid Cloud Mgt. Tools DCHQ Copyright © William El Kaim 2016 60 https://www.dchq.io/landing/index.html
  61. 61. Hybrid Cloud Mgt. Tools: Cloudify http://getcloudify.org/downloads/get_cloudify.htmlCopyright © William El Kaim 2016 61
  62. 62. Hybrid Cloud Mgt. Tools: ActiveEon Copyright © William El Kaim 2016 62http://www.activeeon.com/
  63. 63. Plan • What is Cloud Computing? • Why Cloud Computing? • Virtualization and Cloud • Cloud vs. Grid Computing • Cloud Computing Adoption • Cloud Computing Landscape Cloud Computing Security • Cloud clients Tools • Backend As A Service (BAAS) • The Software Defined Datacenter (SDDC) • Is cloud Cost Effective? Copyright © William El Kaim 2016 63
  64. 64. Cloud Computing Security IAAS Security • General Rules • Provider secures “their” infrastructure • Remainder of the stack is your problem • Focus on VM and container • Example Amazon IAAS • “We strive to keep Your Content secure, but cannot guarantee that we will be successful at doing so, given the nature of the Internet. • you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content and Applications... • We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications.” Copyright © William El Kaim 2016 64
  65. 65. Cloud Computing Security PAAS Security • General Rules • Provider owns the compute, network, storage layers and programmatic interface security • The consumer creates the application based upon supported development environment • Writing secure applications and ensuring your data is safe is on you • Example: Google App Engine • “You must provide accurate and complete registration information any time you register to use the Service. • You are responsible for the security of your passwords and for any use of your account. • If you become aware of any unauthorized use of your password or of your account, you agree to notify Google immediately.” Copyright © William El Kaim 2016 65
  66. 66. Cloud Computing Security SAAS Security • General Rules • The provider owns the entire stack • Security is defined by internal policy and customer contract • Example: Salesforce.com • “We shall maintain appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Your Data. • We shall not (a) modify Your Data, (b) disclose Your Data except as compelled by law in accordance with Section 7.5 (Compelled Disclosure) or as expressly permitted in writing by You, or (c) access Your Data except to provide the Services or prevent or address service or technical problems, or at your request in connection with customer support matters.” Copyright © William El Kaim 2016 66
  67. 67. Cloud Computing Security Advantages • Shifting public data to a external cloud reduces the exposure of the internal sensitive data • Cloud homogeneity makes security auditing/testing simpler • Clouds enable automated security management • Redundancy / Disaster Recovery • Data Fragmentation and Dispersal • Dedicated Security Team • Greater Investment in Security Infrastructure • Fault Tolerance and Reliability • Greater Resiliency • Hypervisor Protection Against Network Attacks • Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds) • Simplification of Compliance Analysis • Data Held by Unbiased Party (cloud vendor assertion) • Low-Cost Disaster Recovery and Data Storage Solutions • On-Demand Security Controls • Real-Time Detection of System Tampering • Rapid Re-Constitution of Services • Advanced Honeynet Capabilities Copyright © William El Kaim 2016 67
  68. 68. Cloud Computing Security Challenges • Trusting vendor’s security model • Customer inability to respond to audit findings • Obtaining support for investigations • Indirect administrator accountability • Proprietary implementations can’t be examined • Loss of physical control • Data ownership issues • Quality of service guarantees • Data dispersal and international privacy laws • EU Data Protection Directive and U.S. Safe Harbor program • Exposure of data to foreign government and data subpoenas • Data retention issues • Need for isolation management • Multi-tenancy • Logging challenges Copyright © William El Kaim 2016 68
  69. 69. Cloud Computing Security Challenges • Dependence on secure hypervisors • Attraction to hackers (high value target) • Security of virtual OSs in the cloud • Possibility for massive outages • Encryption needs for cloud computing • Encrypting access to the cloud resource control interface • Encrypting administrative access to OS instances • Encrypting access to applications • Encrypting application data at rest • Public cloud vs internal cloud security • Lack of public SaaS version control • Issues with moving PII and sensitive data to the cloud • Privacy impact assessments • Using SLAs to obtain cloud security • Suggested requirements for cloud SLAs • Issues with cloud forensics • Contingency planning and disaster recovery for cloud implementations • Handling compliance • FISMA, HIPAA, SOX, PCI, SAS 70 Audits Copyright © William El Kaim 2016 69
  70. 70. Cloud Security Landscape Source: CloudNewsDaily Copyright © William El Kaim 2016 70
  71. 71. Plan • What is Cloud Computing? • Why Cloud Computing? • Virtualization and Cloud • Cloud vs. Grid Computing • Cloud Computing Adoption • Cloud Computing Landscape • Cloud Computing Security Cloud clients Tools • Backend As A Service (BAAS) • The Software Defined Datacenter (SDDC) • Is cloud Cost Effective? Copyright © William El Kaim 2016 71
  72. 72. CIMI: Cloud IAAS Standard • Cloud Infrastructure Management Interface • Specification that standardizes interactions between cloud environments to achieve interoperable cloud infrastructure management between service providers and their consumers and developers, enabling users to manage their cloud infrastructure use easily and without complexity. • Primer / Cloud Infrastructure Management Interface Model Copyright © William El Kaim 2016 72
  73. 73. Cloud Tools Free clients • CloudBerry S3 Explorer • This is a free Amazon S3 file browser application that enables creating-deleting-updating buckets, folders & files. • It supports: multiple S3 accounts, setting up file access permissions, generating external URLs & more.. • S3Fox Organizer • A FTP-like Firefox add-on which enable anyone to reach S3 buckets for uploading & downloading files. • It supports managing CloudFront, changing access policies & syncronizing S3 with the local system. • S3tools • Various open source tools for reaching Amazon S3. Copyright © William El Kaim 2016 73
  74. 74. Cloud Tools Free clients • JetS3t (free) • It is an open-source Java toolkit and application suite for the Amazon S3 and Amazon CloudFront content delivery network. • The toolkit contains 5 applications for reaching, synchronizing & creating an authorization service to mediate to S3 accounts. • GridGain (free) • An open source cloud platform, built with Java, that enables developers to develop and run applications on private or public clouds. • Abiquo (free) • Online software for creating & managing public or private clouds. • The tool mainly offers users the capacity for scaling, management, automatic and immediate provision of servers, storage, networks, virtual network devices as well as applications. Copyright © William El Kaim 2016 74
  75. 75. Plan • What is Cloud Computing? • Why Cloud Computing? • Virtualization and Cloud • Cloud vs. Grid Computing • Cloud Computing Adoption • Cloud Computing Landscape • Cloud Computing Security • Cloud clients Tools Backend As A Service (BAAS) • The Software Defined Datacenter (SDDC) • Is cloud Cost Effective? Copyright © William El Kaim 2016 75
  76. 76. Backend As A Service (BAAS) • BaaS is an approach for providing web and mobile app developers with a way to connect their applications to backend cloud storage and processing while also providing common features such as user management, push notifications, social networking integration, and other features that mobile users demand from their apps these days. • This new breed of BaaS services are provided via custom software development kits (SDK) and application programming interfaces (APIs). • BaaS is a relatively recent development in cloud computing, with most BaaS start-ups dating from 2011 or later. • The global BaaS market is estimated to grow from $216.5 million in 2012 to $7.7 billion in 2017 from a report published by MarketsandMarkets. Source: API EvangelistCopyright © William El Kaim 2016 76
  77. 77. Copyright © William El Kaim 2016 77
  78. 78. How Does BaaS Differ From IaaS and PaaS? • Baas has evolved out of frustration around deployment of IaaS platforms like Amazon Web Services, just to fire up a single new mobile application. • BaaS is about abstracting away the complexities of launching and managing your own infrastructure, then bridging a stack of meaningful resources targeting exactly what developers need to build the next generation of mobile apps. • BaaS, has a lot of the same intent as PaaS, to speed up the application development process, but BaaS is purely a backend • Providing an infrastructure that automatically scales and optimizes, bundled with a set of essential resources developers require Source: API EvangelistCopyright © William El Kaim 2016 78
  79. 79. What Are The Benefits of BaaS? • Efficiency Gains - Reducing overhead in all aspects of app devt, increasing efficiency at all stages of development • Faster Times to Market - Reducing the obstacles to take a mobile app from idea to production and overhead with operations once in production • App Delivery With Fewer Resources • Optimize for Mobile and Tablets - BaaS providers have put a lot of time and resources into optimization of data and network for mobile apps, and reduce fragmentation problems across multiple platforms and devices. • Secure and Scalable Infrastructure • Stack of Common API resources - BaaS brings common and essential 3rd party API resources into a single stack, preventing developers from having to go gather them separately Source: API EvangelistCopyright © William El Kaim 2016 79
  80. 80. Facebook Parse / Google EndPoints https://cloud.google.com/endpoints/ https://www.parse.com/Copyright © William El Kaim 2016 80
  81. 81. Microsoft Azure AppServices http://azure.microsoft.com/en-us/services/app-service/Copyright © William El Kaim 2016 81
  82. 82. AppDynamics http://www.appdynamics.com/Copyright © William El Kaim 2016 82
  83. 83. Appery.io https://appery.io/Copyright © William El Kaim 2016 83
  84. 84. Backend As A Service (BAAS) http://www.telerik.com/platform/backend-servicesCopyright © William El Kaim 2016 84
  85. 85. Backend As A Service (BAAS) http://www.baqend.com/Copyright © William El Kaim 2016 85
  86. 86. Backend As A Service (BAAS) • Anypresence: http://www.anypresence.com/ • Apigee App Services: http://apigee.com/docs/app_services • APISpark: http://apispark.com/ • Build.io: http://www.built.io/ • IFFT: https://ifttt.com/login • Kinvey: http://www.kinvey.com/ • Proxomo: http://www.proxomo.com/ Copyright © William El Kaim 2016 86
  87. 87. Plan • What is Cloud Computing? • Why Cloud Computing? • Virtualization and Cloud • Cloud vs. Grid Computing • Cloud Computing Adoption • Cloud Computing Landscape • Cloud Computing Security • Cloud clients Tools • Backend As A Service (BAAS) The Software Defined Datacenter (SDDC) • Is cloud Cost Effective? Copyright © William El Kaim 2016 87
  88. 88. The Software Defined Datacenter (SDDC) Introduction • Also named: Virtual Data Center (VDC) or Private Cloud As a Service • Was coined in 2012 by VMWare CTO Steve Harrod • Marketing term that extends virtualization concepts such as abstraction, pooling, and automation to all datacenter resources and services to achieve IT as a service (ITaaS) Copyright © William El Kaim 2016 88
  89. 89. The Software Defined Datacenter (SDDC) SDDC Enablers • Virtualization • Server virtualization is the first and most prominent technologies that is used to enable private clouds. • Converged Infrastructure • Converged, software-defined infrastructure is still in its early stages • Takes multiple resources (i.e., physical servers) and unifies them into a single pool, and instead of having you manually manage a resource, the system does it automatically for you. • The next step leads to hyper-converged infrastructure, which is a type of infrastructure system with software-centric architecture that tightly integrates compute, storage, and network data center subsystems into a commodity hardware box. • Allows the three subsystems to interact better with one another. For example, the storage subsystem can independently communicate with the compute subsystem, which can help when it comes to automatically allocating idle resources in order to overcome node failures. Copyright © William El Kaim 2016 89Source: Cloudyn
  90. 90. The Software Defined Datacenter (SDDC) SDDC Enablers • Comprehensive Networking • Modern data centers embrace new network modeling that can be seen in comprehensive network architectures from the likes of Google, Facebook (check out Facebook Fabric) and other cloud-native hyperscale giants. • Network bandwidth bottlenecks can be alleviated and you can unify your resources into a single facility that relies on the network layer. • Distributed Storage • In comparison to traditional external appliances, storage in the world of modern data centers is distributed across compute nodes, which has a direct impact on costs. • Physical SAN devices can cost hundreds of thousands of dollars, if not millions, not to mention the upkeep involved in constantly managing the required capacity. • Distributed storage relies on commodity hardware and naturally integrates with the compute subsystem, eliminating traditional storage bottlenecks. • Modern software defined storage systems support high availability by running automatic replicas of data across data center resources. Copyright © William El Kaim 2016 90Source: Cloudyn
  91. 91. The Software Defined Datacenter (SDDC) Definition • Forrester definition • “An SDDC is an integrated abstraction layer that defines a complete data center by means of a layer of software that presents the resources of the data center as pools of virtual and physical resources and allows their composition into arbitrary user-defined services." • A modern SDDC deployment is defined by virtualized, software-defined resources that can be scaled up or down as required, and can be deployed as needed in a number of distinct ways. • There are four key components to the SDDC: • Software defined computing • Software defined networking • Software defined storage • Software defined Management and Automation Copyright © William El Kaim 2016 91
  92. 92. The Software Defined Datacenter (SDDC) SDDC Key Components • SDDC encompasses a variety of concepts and data-center infrastructure components, with each component potentially provisioned, operated, and managed through an application programming interface (API). • Core architectural components include: • Computer virtualization • Software-defined networking (SDN), which includes network virtualization - the process of merging hardware and software resources and networking functionality into a software-based virtual network • Software-defined storage (SDS), which includes storage virtualization, suggests a service interface to provision capacity and slas (service level agreements) for storage, including performance and durability • Management and automation software, enabling an administrator to provision, control, and manage all software-defined data-center components Copyright © William El Kaim 2016 92
  93. 93. The Software Defined Datacenter (SDDC) SDDC Key Components: Software-Defined Storage (SDS) • Software-defined storage (SDS) is, in essence, virtual storage and handles all storage replication and management information between a cluster of servers. • Server local or even shared disks are used in stretched pools with disks from other member servers. • Virtual disks are created and replicated to all nodes from the combined storage in these pools. • Storage functionality is abstracted from the physical storage device (an SAN for instance) and placed as software on commodity servers. • You then have the choice to use any disk compatible with your server and benefit from tiered storage. Use cheap and slow SATA disks for cold data and fast NVMe or SSD disks for hot data. • SDS also offers enterprise features normally available with traditional SAN hardware. • With software-defining storage, you get better redundancy, easy deployments, and frequent updates. Patching can now be easily done without downtime or significant performance loss, and all due to the fact that these nodes replicate to each other and form a highly redundant cluster, compared to a (single) dedicated shared storage unit. Copyright © William El Kaim 2016 93
  94. 94. The Software Defined Datacenter (SDDC) SDDC Key Components: Software-Defined Networking (SDN) • Software Defined Networking, is in essence, Virtual Networking. • It came along with the hypervisors and compute support, offering virtual networks for routing traffic between VM’s, and outside the host. • It has taken another leap in the last years by also virtualizing enterprise network functionality, like firewalling load balancing, VPN gateways, and routing with VXLAN and BGP support, moving logic and code away from hardware based devices to pieces of virtualized network software, deployed on virtual or physical servers controlling the network. • Network consuming now moves from a very complex and traditional model to this new software model. • Apart from complexity and hardware savings there are more serious advantages using this new software-defined networking (SDN) model. Copyright © William El Kaim 2016 94
  95. 95. The Software Defined Datacenter (SDDC) SDDC Key Components: Software-Defined Networking (SDN) Copyright © William El Kaim 2016 95Source: Forrester
  96. 96. The Software Defined Datacenter (SDDC) SDDC Key Components: Management And Automation Software • Deployment, provisioning, configuration, and operation of the entire physical infrastructure could now be abstracted from hardware, and implemented through software as a service. • On top of the subsystems’ smart software- defined solutions, resource provisioning and management is done through APIs or self- service portals • Enable IT to provision resources simply by using online consoles and CLI tools. • These self-provisioning, inherent availability and security features reduce the need for traditional infrastructure experts. Copyright © William El Kaim 2016 96Source: Cloudyn Source: HappiestMinds
  97. 97. The Software Defined Datacenter (SDDC) Maturity Curves for Enterprises Copyright © William El Kaim 2016 97Source: HappiestMinds
  98. 98. The Software Defined Datacenter (SDDC) Evolutions Copyright © William El Kaim 2016 98
  99. 99. The Software Defined Datacenter (SDDC) Evolutions Copyright © William El Kaim 2016 99Source: HappiestMinds
  100. 100. The Software Defined Datacenter (SDDC) Market Landscape • Availability of containers and PaaS service in hosted clouds, enable companies to host all their cloud services in their own data centers using a SDDC stack. • Also called Hyper-converged infrastructure • In 2016, software-defined storage and networking markets have started to grow exponentially. • Gaining on traditional enterprise solutions, like an SAN or load-balancing on hardware, SDDC, in general, is expected to grow from 21.7 billion in 2015 to 77.18 billion in five years. • SDDC hosted cloud market is currently occupied by: • Atomia, Cisco Metapod, CloudStack, Nutanix, OpenStack, OmniStack, VMware, ZeroStack. • Some only tackle Application Management on top of SDDC like AviNetworks or Hyperscale Storage (DSD) like Hedvig Copyright © William El Kaim 2016 100
  101. 101. The Software Defined Datacenter (SDDC) Ex: SDDC VMWare Stacks Copyright © William El Kaim 2016 101 Source: VMWare
  102. 102. Plan • What is Cloud Computing? • Why Cloud Computing? • Virtualization and Cloud • Cloud vs. Grid Computing • Cloud Computing Adoption • Cloud Computing Landscape • Cloud Computing Security • Cloud clients Tools • Backend As A Service (BAAS) • The Software Defined Datacenter (SDDC) Is cloud Cost Effective? Copyright © William El Kaim 2016 102
  103. 103. Is cloud Cost Effective? • When designing infrastructure systems, whether creating new applications or deploying existing software, it’s crucial to manage cost. • Costs come from a variety of sources, and every approach to delivering infrastructure has its own tradeoffs and complexities. Cloud infrastructure systems create a whole new range of variables in these complex equations. • In addition, no two clouds are the same! • Some bundle components while others offer more granular purchasing. • Some bill in different time increments, and many offer a variety of payment structures, each with differing economic ramifications. • How do you figure out what each costs and make a choice? Copyright © William El Kaim 2016 103
  104. 104. Is cloud Cost Effective? • Estimates vary widely on possible cost savings • Brian Gammage, Gartner Fellow • “If you move your data centre to a cloud provider, it will cost a tenth of the cost.” • CTO of Washington D.C. • “Use of cloud applications can reduce costs from 50% to 90%” • Alchemy Plus cloud (backing from Microsoft) • “IT resource subscription pilot saw 28% cost savings” • Preferred Hotel • Traditional: $210k server refresh and $10k/month • Cloud: $10k implementation and $16k/month • George Reese, founder Valtira and enStratus • Using cloud infrastructures saves 18% to 29% before considering that you no longer need to buy for peak capacity Copyright © William El Kaim 2016 104
  105. 105. Cloud Pricing Calculator • Pricing Calculator • Amazon Cloud Platform Pricing Calculator • AWS Total Cost of Ownership (TCO) Calculator • Google Cloud Platform Pricing Calculator • IBM Softlayer Cloud Calculator • Interoute Virtual Datacenter Calculator • Microsoft Azure Cloud Platform Pricing Calculator • Rackspace Cloud Calculator • Mware Cloud Calculator • Documents • Price Comparison: Google Cloud Platform vs. Amazon Web Service • How to plan for the cost of cloud computing? Copyright © William El Kaim 2016 105
  106. 106. Cloud Pricing Optimization http://www.actonmagic.com/#!/Copyright © William El Kaim 2016 106
  107. 107. Cloud Brokers GravitantCloudOrbitCopyright © William El Kaim 2016 107
  108. 108. Twitter http://www.twitter.com/welkaim SlideShare http://www.slideshare.net/welkaim EA Digital Codex http://www.eacodex.com/ Linkedin http://fr.linkedin.com/in/williamelkaim Claudine O'Sullivan Copyright © William El Kaim 2016 108

×