By Pin Chang and John Gillson
By Pin Chang and John Gillson
ObjectiveThe goals for cloud computing are increasing
how fast an application can grow, increasing innovations, and increasing agility, but reducing costs.
Cloud computing is supposed to be able to support servers, storage, network, and virtualization technology.
This concept is definitely changing and transforming from old to new architectures and designs.
Cloud Computing Infrastructure ModelsPublic, Private, and
Hybrid CloudsArchitectural Layers
of Cloud Computing (SaaS, PaaS, and IaaS)
Cloud Computing Application Programming Interfaces (API)
Cloud Computing BenefitsReduce run time and response timeMinimize infrastructure riskLower cost of entry
Renting the infrastructure, thus saving lots of money.
Developers programming in assembly language, a low-level language.
Increase pace of innovation
Architectural Considerations for IaaS
Cloud Security – Securing Data Encrypt data at rest – if an intruder is able to penetrate a
cloud provider’s security, or if a configuration error makes that data accessible to unauthorized parties, data cannot be interpreted
Encrypt data in transit – data will pass over public infrastructure and could be viewed by any party in between
Require strong authentication between application components – data should only be transmitted to known parties
Pay attention to cryptography and how algorithms are compromised and replaced by new ones. For example, since MD5 has been proven vulnerable to attack, the usage of a stronger technique such as SHA-256 would be feasible
Cloud Security – Securing DataConsider using strong, token-based authentication for
administrator rolesFor customer login/password access, consider who
manages the authentication server and whether it is under the company or the cloud provider’s control
For anonymous access to storage, for example anonymous FTP, consider whether a customer would register with the cloud provider for access or whether the cloud provider could federate with the company’s authentication servers
Cloud Security – Web ServicesWeb Services platform is the largest implementation
technology in cloud computing and requires a robust security policy
Web Service Security specification (WS-Security) provides a set of mechanisms to assist developers of Web Services to secure SOAP message exchanges
WS-Security describes enhancements to the existing SOAP messaging to provide Quality of Protection (QoP) through the application of message integrity, message confidentiality, and single message authentication to SOAP messages
Cloud Security – Web Services
Cloud Security – Web Services
Cloud Security – Security Domains Security domains group Virtual Machines (VMs) together and control access to the domain
through the cloud provider’s port filtering capabilities. For example, create a security domain for front-end Web servers, open only the HTTP or HTTPS ports to the outside world, and filter traffic from the Web server security domain to theone containing back-enddatabases
Cloud Security - Common ScenarioSystem administrators commonly deploy clusters of nodes on
private unroutable networks with a single front-end node responsible for routing traffic between the cluster of nodes and the public network
This configuration means that nodes can initiate connections to external hosts but external hosts cannot connect to nodes running within each cluster
An administrator might configure two Linux clusters, a server pool, and a collection of workstation nodes – each Linux cluster would have a front-end node with a public IP address, while the cluster nodes are connected via a private network; the server and workstation nodes have public IP addresses, but the workstations are behind a firewall and cannot be contacted from the outside world
It may be impossible to install a fully connected system, because many of the nodes can only initiate connections to external hosts or are completely isolated from external networks
Two sets of clusters may even have overlapping IP addresses because their networks are private and unroutable
Sample Cloud architecture
A hierarchical design to reflect underlying resource topologies in a Cloud architecture;Client, Cloud Controller (CLC), Cluster Controller (CC), and Node Controller (NC) components
Example location of CLC, CC, and NC components running within a typical resource environment
Sample Cloud architectureNode Controller (NC)The NC component executes on the physical resources
that host VM instances and is responsible for instance initialization, inspection, termination, and cleanup
There are typically many NCs but only one NC needs to execute for each physical node, since a single NC can manage multiple VM instances on a single node
Sample Cloud architectureCluster Controller (CC)A collection of NCs that logically belong together are
managed by a single CC that typically executes on a cluster front-end node that has access to both private and public networks
The CC is responsible for gathering state information from its collection of NCs, scheduling incoming VM instance execution requests to individual NCs, and managing the configuration of public and private instance networks
Sample Cloud architectureCloud Controller (CLC)A single CLC is the primary entry-point and decision-
making componentThe CLC is responsible for processing incoming user or
administrative requests, facilitating VM instance scheduling decisions, processing service-level agreements (SLAs) and maintaining persistent system and user metadata
The CLC has an associated composition of services that handle user requests and authentication, persistent system and user metadata, and the management and monitoring of VM instances
An enterprise service bus (ESB) component configures, manages, and publishes associated services and decouples the service implementation from message routing and transport details
Sample Cloud architectureInstance ControlWhen instance creation events are initiated, the
VmControl coordinates with the other services in the CLC to resolve user requests to images, keypairs, networks, and security groups
Allocation of these user requests consists of validating references to metadata
Messages are disseminated to the CCs involved in the allocation and each such CC will schedule the instance request to its locally controlled NCs which create the VM instance itself and respond accordingly
Sample Cloud architecture
Overview of services that comprise the CLC. Lines indicate the flow of messages where the dashed lines correspond to internal service messages
Cloud Security – Virtual NetworkingA complete VM instance network solution must address
connectivity, isolation, and performance issuesEvery VM must have network connectivity to each other
and to the InternetUsers who are granted super-user access to the
underlying network interfaces can cause security concerns – a VM instance user may act maliciously because they could realize that they have the ability to acquire system IP or MAC addresses
If multiple VM instances are running on one physical machine, a VM user may have the ability to intercept network packets belonging to another
Cloud Security – Virtual NetworkingIn a cloud shared by different, distributed, and often
unrelated users, VMs belonging to a single cloud allocation must be able to communicate, but VMs belonging to separate allocations must be isolated
A public virtual network interface handles communication outside or between a given set of VM instances.
Cloud Security – Virtual NetworkingIn an environment that has available public IP
addresses, public virtual network interfaces may be assigned to VM instances at instance initialization, allowing communication both to and from the instance
In environments where instances are connected to a private network with a router that supports external communication through network address translation (NAT), the public interface may be assigned a valid private address giving it access to systems outside the local network through the NAT-enabled router
Cloud Security – Virtual NetworkingThe CC can be configured to set up the public interfacenetwork in three (3) ways:
Attach the VM’s public interface directly to a software
Ethernet bridge connected to the real physical machine’s network, allowing the administrator to handle VM network DHCP requests the same way they handle regular DHCP requests
Allow the administrator to define a dynamic pool of IP addresses that will be assigned via a DHCP server that is executed by the CC. The administrator defines a network, an interface on the CC that is connected to that network, and a range of IP addresses that are assigned as instances are started
Allow an administrator to define static MAC and IP address tuples. Each new instance created by the system is assigned a free MAC/IP tuple, which is released when the instance is terminated
Cloud Security – Virtual NetworkingAnother requirement of the virtual network is that it
supports instance network traffic isolationIf two instances which are owned by separate users are
running on the same host or on different hosts connected to the same physical Ethernet, the users do not have the ability to inspect or modify each other’s network traffic – in order to meet this requirement, each set of user-owned instances is assigned a tag that is then used as a VLAN identifier assigned to that particular user’s instances
Essentially, each VM gets a private network address and the use of “Elastic IPs” or public addresses that can persist across user requests, are supported via IP tables at the cluster head-node
References[1] Wang, J., Zhao, Y., Jiang, S., & Le, J. (2009). Providing Privacy Preserving in cloud
computing
[2] Wei, J., Zhang, X., Ammons, G., Bala, V., & Ning, P. (2009). Managing Security of Virtual Machine Images in a Cloud Environment
[3] Yildiz, M., Abawajy, J., Ercan, T., & Bernoth, A. (2009). A Layered Security Approach for Cloud Computing Infrastructure
[4] Introduction to Cloud Computing – Sun Microsystems whitepaper
[5] General Parallel File System (GPFS) http://www.almaden.ibm.com/storagesystems/projects/gpfs/
[6] Web Services Security (WS-Security) http://www.ibm.com/developerworks/library/specification/ws-secure/
[7] WS-Security Specification.http://publib.boulder.ibm.com/infocenter/dmndhelp/v6rxmx/index.jsp?topic=/com.ibm.wbit.help.runtime.doc/topics/cwssecurity.html
[8] Nurmi, D., Wolski, R., Grzegorczyk, C., Obertelli, G., Soman, S., Youseff, L., & Zagorodnov, D. (2009). Eucalyptus: an open-source cloud computing infrastructure