Cloud Computing
Feb 25, 2016
Cloud Computing
Definition
“Cloud computing is a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability.”
What is cloud computing? I don’t understand what we would do differently in
the light of Cloud Computing other than change the wordings of some of our ads
Larry Ellision, Oracle’s CEO
I have not heard two people say the same thing about it [cloud]. There are multiple definitions out there of “the cloud”
Andy Isherwood, HP’s Vice President of European Software Sales
It’s stupidity. It’s worse than stupidity: it’s a marketing hype campaign.
Richard Stallman, Free Software Foundation founder
3
Business attributes• Access resources from cloud of available computing
resources Is always available and scales automatically to meet demand Is pay per use: Based on resources consumed Enables full customer self-service Note: Can be provided by 3rd party (e.g. Amazon) or on own network for v.
large organisations (a.k.a private cloud)
• Acquire resources on demand Release resources when no longer needed Turns capital investment/fixed cost into operating costs/variable costs Reduced cost – take advantage of economies of scale across users of cloud
Technology attributes• Access computing resources via Internet protocols from
any computer Reduced system administration overhead: automated provisioning Increased/matched reliability and security
• Acquire resources on demand Increased utilisation through sharing of resources through virtualisation
or multi-tenancy To minimise the cost to the provider, clouds rely on a large number of
‘commodity’ processors. These are cheaper to purchase and consumer less power per unit of processing when compared to high power processors
No longer design deployment environment to meet maximum load
The NIST Cloud Definition Framework
6
CommunityCommunityCloudCloud
Private Private CloudCloud
Public Public CloudCloud
Hybrid Clouds
DeploymentModels
ServiceModels
EssentialCharacteristics
Common Characteristics
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Resource PoolingBroad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost SoftwareVirtualization Service Orientation
Advanced Security
HomogeneityMassive Scale Resilient Computing
Geographic Distribution
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com
• OS Virtualisation leads directly to resilient computing, rapid elasticity and advanced security• In case of VM based cloud, facilitates measured service as
hypervisor tracks usage• Multi-tenancy provides rapid elasticity
The NIST Cloud Definition Framework
7
EssentialCharacteristics
Common Characteristics
Resource PoolingBroad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost SoftwareVirtualization Service Orientation
Advanced Security
HomogeneityMassive Scale Resilient Computing
Geographic Distribution
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com
A number of other attributes rely on the scale of investment undertaken by cloud providers• Early cloud promoters (e.g. Amazon & Google) had to build
massive scale for their main businesses Use of open source software and commodity hardware
reduces overall cost to cloud provider
The NIST Cloud Definition Framework
8
EssentialCharacteristics
Common Characteristics
Resource PoolingBroad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost SoftwareVirtualization Service Orientation
Advanced Security
HomogeneityMassive Scale Resilient Computing
Geographic Distribution
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com
9
4 Cloud Deployment Models Private cloud
Cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise
Typically only large organisations
Public cloud Cloud infrastructure is made available to the 3rd parties but is
owned by an organization selling cloud services Cloud services designed to be ‘generic’ and suitable to all
customers E.g. Amazon, Google, Microsoft, BM etc
10
4 Cloud Deployment Models Community cloud
Cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations)
May be managed by the organizations or a third party and may exist on premise or off premise
Hybrid cloud composition of two or more clouds that remain unique and separate
entities but are bound together by standardized or proprietary technology that enables data and application portability
Cloud bursting is the term used to describe the process where an organisation extend from a private to public cloud
Client access architecture Client access via browser of Web Services
Independent of type of cloud computing
11
ServerOS
DatabaseApp Server
StorageNetwork
App 1
ClientsAccess via
BrowserOr
web-service(SOAP or REST) Network
App 1
Or
Storage
VM
App server
DBOS
Platform
Service model architecture
Four main service model architectures Datastore as a service is not always included although currently
the most popular use of cloud Significant differences in the technical and commercial
architectures 12
Infrastructure As A Service (IaaS)
Platform As A Service (PaaS)
Software As A Service (SaaS)
Dat
asto
re a
s a
serv
ice
Service model architecture: Datastorage as a servce
Functional: Data storage interfaces can be used by any of the other types or accessed directly Examples of direct usage: Amazon’s really simple storage
Commercial: Charged on basis of amount of storage used13
Infrastructure As A Service (IaaS)
Platform As A Service (PaaS)
Software As A Service (SaaS)
Dat
asto
re a
s a
serv
ice
Characteristics of cloud datastore Cloud based datastore is massively distributed and scalable
Utilises large number of commodity servers (a.k.a. nodes)
This implies that the chance of system failure across a large number of nodes is high Therefore, cloud datastore must cope with node failure
Cloud datastores are typically non-relational Distribution across a large number of nodes not a good fit to the
relational model of databases. Relational databases support “joins” which are hard to implement in a massively distributed way
To address requirement for relational database capabilities Either provide relational interfaces to non-relational infrastructure Allow relational databases to run on a small number of nodes as part of
the virtualisation14
Characteristics of cloud datastore Cloud datastores are optimised for large scale data search
E.g. Google’s MapReduce (and hadoop – an open source implementation) which divide the processing into multiple blocks (Map) and then process each block on one or more nodes (reduce)
Cloud datastores are also appropriate to business intelligence applications which require ‘column’ based processing E.g. Summing sales in a particular region In contrast, relational databases are efficient for record/row level
read/write
15
Service model architecture: IaaS
Functional: Virtual server instances available for provisioning Examples: Amazon’s EC2,
Commercial: Charged on basis of number /scale of instances as well as usage profile
16
Infrastructure As A Service (IaaS)
Platform As A Service (PaaS)
Software As A Service (SaaS)
Dat
asto
re a
s a
serv
ice
Example: Amazon EC2 Amazon provides a range of
general purpose support services accessible via VMs
Examples of these services include Simple Queue Service: Limited
messaging system for communications between VMs
S3: Cloud storage service
17
Example: Amazon EC2 Other examples of these services (cont)
SimpleDB: Non-relational database Elastic MapReduce: large scale search and text processing
infrastructure Flexible payment service: enabling website payments Mechanical Turk: outsourcing marketplace
18
Amazon EC2 options and pricing Aws.amazon.com/ec2
19
Service model architecture: PaaS
Functional: Application development and deployment environment Provides programming APIs as well as underlying infrastructure
Commercial: Metering and billing based on application usage – typically CPU consumption/datastore consumption
20
Infrastructure As A Service (IaaS)
Platform As A Service (PaaS)
Software As A Service (SaaS)
Dat
asto
re a
s a
serv
ice
Example: Google AppEngine Platform uses multiple tenancy on the
single infrastructure Benefit of charging only on usage and not on
number of instance (as with IaaS) Provides general purpose support services
Includes infrastructure services such as database
Also includes application level interfaces such as video conferencing
Provides both server and client side APIs to develop Google AppEngine applications Provides a platform which is proprietary
21
22
Example: Microsoft Azure Services
Access to the Microsoft platform as a cloud based platform Provides a platform which is proprietary
Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das
Service model architecture: SaaS
Functional: End user interaction with the Application’s function Allows for customisation of UI and workflows Often uses mult-tenancy databases
Commercial: typically billing based on number of users23
Infrastructure As A Service (IaaS)
Platform As A Service (PaaS)
Software As A Service (SaaS)
Dat
asto
re a
s a
serv
ice
Example: Salesforce.com Provides complete application accessible from
the cloud Infrastructure is hidden from the user
Software can be configured to support customer specific requirements Supports customisation through configuration driven
language Scope for customisation is limited
Uses multi-tenancy architecture Essential a platform for a specific class of application Configuration results in a change to both UI and
underlying database schema for that customer24
Examples of configuration
UI actions (such as entering an email address) can have customised scripts associated with them which perform workflow or validation logic• Workflow defines the sequence of steps through the UI screens• Validation logic enforces rules about information entered based on customer
specific standards or context specific restraints (i.e. What can be entered given the current workflow)
These may not effect the database schema definition and therefore can be deployed only to that customers UI 25
Examples of configuration
UI definitions (or associated workflows) may also require modifications/extensions to the database schema
Through multi-tenancy/multi-schema approach, the metadata defining the schemas specific to that customer is modified without impacting on the ‘base’schema or the other customers’ deployed schemas
26
27
Different types of SaaS Type 1: Ad-Hoc/Custom Type 2: Configurable Type 3: Configurable, Multi-
Tenant-Efficient Type 4: Scalable,
Configurable, Multi-Tenant-Efficient
27Source: Microsoft MSDN Architecture Center
28
Different types of SaaS Type 1: Ad-Hoc/Custom Each customer (or tenant) has
there own instance of the application which can be customised on an individual basis
Level 1 SaaS is equivalent to application hosting
28
29
Different types of SaaS Type 2: Configurable A single application base is
customised for each customer/tenant
Customisation is deployed within each instance of the application
Deployment of upgrades across the instance will require roll-out to each instance
29
30
Different types of SaaS Type 3: Configurable, Multi-
Tenant-Efficient A single application base and
instance is customised for each customer/tenant
Customisation is deployed at run-time within each instance of the application
Single instance is more resource efficient than multiple instances
Deployment of upgrades made to a single instance
30
31
Different types of SaaS Type 4: Scalable,
Configurable, Multi-Tenant-Efficient
Uses a tenant load balancer to balance load between multiple instances Similar to a hypervisor
Should provide superior scalability and efficiency
Requires deployment of upgrades to made to multiple instances
31
Conclusions: Understanding the different service model architectures
Different levels of abstraction OS: Amazon EC2 Application development framework : Google AppEngine Applicaton customisation: Salesforce
Similar to languages Higher level abstractions can be built on top of lower ones
EC2 Azure AppEngine
Lower-level,More flexibility,More managementScalability through configuration
Higher-level,Less flexibility,
Less managementAutomatically scalable
32
Salesforce.com
IAAS PAAS SAAS
Cloud and security
33
34
General Security Challenges Security/data control is the most often cited issue with
migration to the cloud
Issues include: Trusting vendor’s security model Customer inability to respond to audit findings
(dependent on service provider to modify service) Obtaining support for investigations Indirect administrator accountability Proprietary implementations can’t be examined Loss of physical control
35
Cloud Security Challenges Part 1
Data dispersal and international privacy laws EU Data Protection Directive and U.S. Safe Harbor program Exposure of data to foreign government and data subpoenas Data retention issues Mostly addressed by cloud vendor providing geographic specific
services
Clear data ownership Quality of service guarantees
Reliability of cloud service providers’ service in the context of enterprise level quality of service commitments (typically with required recovery times in seconds or minutes)
Potential for massive outages
36
Cloud Security Challenges Part 2 Dependence on secure hypervisors (for IaaS) or Multi-
tenancy (in both PaaS and SaaS) Attraction to hackers (high value target)
Security of virtual OSs in the cloud
Encryption needs for cloud computing Encrypting access to the cloud resource control interface Encrypting administrative access to OS instances Encrypting access to applications Encrypting application data at rest
Lack of public PaaS/SaaS version control Changes to the service may occur with out explicit agreement from the
customer – unlike tightly controlled lifecycle management within an enterprise