A day in the cloud. 2 An Introduction to Cloud Dr David Wallom, Associate Director (Oxford e-Research Centre) Thanks to NIST Clouds Introduction & Bob.

A day in the cloud

2

An Introduction to CloudDr David Wallom,

Associate Director (Oxford e-Research Centre)

Thanks to NIST Clouds Introduction & Bob Jones (CERN, Helix Nebula)

3

Outline

• What is Cloud…?

• Using Cloud (technically)

• Using cloud (non-technical)

• Available resources

4

What is cloud?

5

A Working Definition of Cloud Computing

• Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

• This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.

5

Walloms Def: If a user speaks to a person to get access to resources, its virtualisation, if the user gets access through a computational interface, expanding and contracting their available resources at will, it’s a Cloud!

Courtesy of NIST

6

5 Essential Cloud Characteristics

• On-demand self-service

• High performance network access

• Resource pooling Location independence

• Rapid elasticity/service scalability

• Measured service/usage is accounted for

6

Courtesy of NIST

7

3 Cloud Service Models

8

3 Cloud Service Models

• SaaS: Software as a Service –> Google Apps, salesForce.com, Facebook, Microsoft Office 365;

deployeduse

SaaSprovider

9

3 Cloud Service Models

• SaaS: Software as a Service –> Google Apps, salesForce.com, Facebook, Microsoft Office 365;

• PaaS: Platform as a Service –> Google App Engine, Force.com, Azure Platform, Oracle Fusion;

use

Application

package

deployed

PaaSprovider

.NET PHP Python Ruby

Visual Studio and Eclipse

…

Web Standards + Industry Standards

Azure™ Services Platform

Microsoft Azure

11

3 Cloud Service Models

• SaaS: Software as a Service –> Google Apps, salesForce.com, Facebook, Microsoft Office 365;

• PaaS: Platform as a Service –> Google App Engine, Force.com, Azure Platform;• IaaS: Infrastructure as a Service –> Amazon Web Services, EGI Fed Cloud,

100%IT

use

OSimage

instantiated

IaaSprovider

Amazon AWS

Amazon AWS

Elastic Compute Cluster (EC2)

SimpleDB

Simple Storage

Service (S3)

Simple Queue Servcie (SQS)

CloudFront

13

4 Deployment Models

• Private cloud

– enterprise owned or leased, e.g operated by your institutional IT support

• Community cloud

– shared infrastructure for specific community, e.g. provided only to specific sectors, e.g. EBI

• Public cloud

– Sold to the public, mega-scale infrastructure, e.g. Amazon

• Hybrid cloud– composition of two or more clouds, e.g. what it says on the tin!

Courtesy of NIST

14

Common Cloud Characteristics

• Cloud computing often leverages:

– Massive scale (beyond a single projects scaling)

– Homogeneity

– Virtualization

– Resilient computing

– Low cost software

– Geographic distribution

– Service orientation

– Advanced security technologies

Courtesy of NIST

The NIST Cloud Definition Framework

15

CommunityCloud

Private Cloud

Public Cloud

Hybrid Clouds

DeploymentModels

ServiceModels

EssentialCharacteristics

Common Characteristics

Software as a Service (SaaS)

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

Resource Pooling

High Perf Network Access Rapid Elasticity

Measured Service

On Demand Self-Service

Low Cost Software

Virtualization Service Orientation

Advanced Security

Homogeneity

Massive Scale Resilient Computing

Geographic Distribution

Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com

16

Usage Models of Cloud

17

• Globally distributed;

• different resources/cost;

• different applications;

• non standardised: different AAA and UI.

Private/Public Multiple Clouds

Users

NGS cloudAmazon cloud

Eduserv cloud

EGI cloud

Azure cloud

18

Mediated Private/Public Multiple Clouds

Management Interface

UK NGS cloudAmazon cloud

Eduserv cloud

EGI cloud

Users

• Automation;

• load balancing;

• costs reduction;

• usability.

19

• Federation of Local and Global resources

• Elasticity managed by local cloud not user

• different resources/cost;

• different applications;

• non standardised: different AAA but single UI through private provider

Hybrid Multiple Clouds

Users

Institutional cloud

Amazon cloud Eduserv cloud

EGI cloud

NGS cloud

20

Migration Paths for Cloud Adoption

• Use public clouds• Develop private clouds

– Build a private cloud– Procure an outsourced private cloud– Migrate data centers to be private clouds (fully virtualized)

• Build or procure community clouds– Organization wide SaaS– PaaS and IaaS– Disaster recovery for private clouds

• Use hybrid-cloud technology– Workload portability between clouds

21

Using an IaaS

Users retains (full) control on:

• operating system:∙ create, modify or use existing OS images;∙ VM instantiation and management (start, stop, #VMs);

• networking:∙ elastic IP, virtual firewalls, isolation (security groups);

• data:∙ create and manage EBS devices; ∙ snapshotting.

Great flexibility vs. extra effort

22

Cloud Infrastructure for Research

Centralisation Vs Federation

• Centralisation: one large, dedicated datacentre that serves the national HEI demand

• Federation: heterogeneous set of infrastructures coordinated in order to satisfy the HEI demand

Criteria for evaluation

• Funding

• Scalability

• Flexibility

• Maintenance

• Support

• Accountability

• Obsolescence

• Competitiveness

• Security

23

Client Tools

HybridFox

RightScale Gems RightAws

Command Line Interface

24

Cloud Computing Security

25

Security is the Major Issue

26

Analyzing Cloud Security

• Some key issues:

– trust, multi-tenancy, encryption, compliance

• Cloud security is a tractable problem

– There are both advantages and challenges

27

General Security Advantages

• Shifting public data to a external cloud reduces the exposure of the internal sensitive data

• Cloud homogeneity makes security auditing/testing simpler

• Clouds enable automated security management

• Redundancy / Disaster Recovery

28

Cloud Security Advantages

• Data Fragmentation and Dispersal

• Dedicated Security Team

• Greater Investment in Security Infrastructure

• Fault Tolerance and Reliability

• Greater Resiliency

• Hypervisor Protection Against Network Attacks

• Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds)• Simplification of Compliance Analysis• Data Held by Unbiased Party (cloud vendor assertion)• Low-Cost Disaster Recovery and Data Storage Solutions• On-Demand Security Controls• Real-Time Detection of System Tampering• Rapid Re-Constitution of Services• Advanced Honeynet Capabilities

29

General Security Challenges

• Trusting someone else's security model

• Customer inability to respond to audit findings

• Limitations in obtaining support for investigations

• Indirect administrator accountability

• Proprietary implementations can’t be examined

• Loss of physical control

30

Cloud Security Challenges

• Data dispersal and international privacy laws• EU Data Protection Directive and U.S. Safe Harbor program• Exposure of data to foreign government and data subpoenas• Data retention issues

• Need for isolation management• Multi-tenancy • Logging challenges• Data ownership issues • Quality of service guarantees• Dependence on secure hypervisors• Attraction to hackers (high value target)• Security of virtual OSs in the cloud • Possibility for massive outages• Encryption needs for cloud computing

• Encrypting access to the cloud resource control interface• Encrypting administrative access to OS instances• Encrypting access to applications• Encrypting application data at rest

• Public cloud vs internal cloud security • Lack of public SaaS version control

31

32

Examples of using cloud in research

35

Cloud Resources Available

• Private Cloud – Various universities and STFC

• Community Cloud – Eduserv, EBI, Magelium

• Public Cloud – Amazon, Elastic-hosts, Microsoft Azure IaaS, CEMS, 100% IT