2
An Introduction to CloudDr David Wallom,
Associate Director (Oxford e-Research Centre)
Thanks to NIST Clouds Introduction & Bob Jones (CERN, Helix Nebula)
3
Outline
• What is Cloud…?
• Using Cloud (technically)
• Using cloud (non-technical)
• Available resources
5
A Working Definition of Cloud Computing
• Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
• This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.
5
Walloms Def: If a user speaks to a person to get access to resources, its virtualisation, if the user gets access through a computational interface, expanding and contracting their available resources at will, it’s a Cloud!
Courtesy of NIST
6
5 Essential Cloud Characteristics
• On-demand self-service
• High performance network access
• Resource pooling Location independence
• Rapid elasticity/service scalability
• Measured service/usage is accounted for
6
Courtesy of NIST
8
3 Cloud Service Models
• SaaS: Software as a Service –> Google Apps, salesForce.com, Facebook, Microsoft Office 365;
deployeduse
SaaSprovider
9
3 Cloud Service Models
• SaaS: Software as a Service –> Google Apps, salesForce.com, Facebook, Microsoft Office 365;
• PaaS: Platform as a Service –> Google App Engine, Force.com, Azure Platform, Oracle Fusion;
use
Application
package
deployed
PaaSprovider
.NET PHP Python Ruby
Visual Studio and Eclipse
…
Web Standards + Industry Standards
Azure™ Services Platform
Microsoft Azure
11
3 Cloud Service Models
• SaaS: Software as a Service –> Google Apps, salesForce.com, Facebook, Microsoft Office 365;
• PaaS: Platform as a Service –> Google App Engine, Force.com, Azure Platform;• IaaS: Infrastructure as a Service –> Amazon Web Services, EGI Fed Cloud,
100%IT
use
OSimage
instantiated
IaaSprovider
Amazon AWS
Amazon AWS
Elastic Compute Cluster (EC2)
SimpleDB
Simple Storage
Service (S3)
Simple Queue Servcie (SQS)
CloudFront
13
4 Deployment Models
• Private cloud
– enterprise owned or leased, e.g operated by your institutional IT support
• Community cloud
– shared infrastructure for specific community, e.g. provided only to specific sectors, e.g. EBI
• Public cloud
– Sold to the public, mega-scale infrastructure, e.g. Amazon
• Hybrid cloud– composition of two or more clouds, e.g. what it says on the tin!
Courtesy of NIST
14
Common Cloud Characteristics
• Cloud computing often leverages:
– Massive scale (beyond a single projects scaling)
– Homogeneity
– Virtualization
– Resilient computing
– Low cost software
– Geographic distribution
– Service orientation
– Advanced security technologies
Courtesy of NIST
The NIST Cloud Definition Framework
15
CommunityCloud
Private Cloud
Public Cloud
Hybrid Clouds
DeploymentModels
ServiceModels
EssentialCharacteristics
Common Characteristics
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Resource Pooling
High Perf Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost Software
Virtualization Service Orientation
Advanced Security
Homogeneity
Massive Scale Resilient Computing
Geographic Distribution
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com
17
• Globally distributed;
• different resources/cost;
• different applications;
• non standardised: different AAA and UI.
Private/Public Multiple Clouds
Users
NGS cloudAmazon cloud
Eduserv cloud
EGI cloud
Azure cloud
18
Mediated Private/Public Multiple Clouds
Management Interface
UK NGS cloudAmazon cloud
Eduserv cloud
EGI cloud
Users
• Automation;
• load balancing;
• costs reduction;
• usability.
19
• Federation of Local and Global resources
• Elasticity managed by local cloud not user
• different resources/cost;
• different applications;
• non standardised: different AAA but single UI through private provider
Hybrid Multiple Clouds
Users
Institutional cloud
Amazon cloud Eduserv cloud
EGI cloud
NGS cloud
20
Migration Paths for Cloud Adoption
• Use public clouds• Develop private clouds
– Build a private cloud– Procure an outsourced private cloud– Migrate data centers to be private clouds (fully virtualized)
• Build or procure community clouds– Organization wide SaaS– PaaS and IaaS– Disaster recovery for private clouds
• Use hybrid-cloud technology– Workload portability between clouds
21
Using an IaaS
Users retains (full) control on:
• operating system:∙ create, modify or use existing OS images;∙ VM instantiation and management (start, stop, #VMs);
• networking:∙ elastic IP, virtual firewalls, isolation (security groups);
• data:∙ create and manage EBS devices; ∙ snapshotting.
Great flexibility vs. extra effort
22
Cloud Infrastructure for Research
Centralisation Vs Federation
• Centralisation: one large, dedicated datacentre that serves the national HEI demand
• Federation: heterogeneous set of infrastructures coordinated in order to satisfy the HEI demand
Criteria for evaluation
• Funding
• Scalability
• Flexibility
• Maintenance
• Support
• Accountability
• Obsolescence
• Competitiveness
• Security
26
Analyzing Cloud Security
• Some key issues:
– trust, multi-tenancy, encryption, compliance
• Cloud security is a tractable problem
– There are both advantages and challenges
27
General Security Advantages
• Shifting public data to a external cloud reduces the exposure of the internal sensitive data
• Cloud homogeneity makes security auditing/testing simpler
• Clouds enable automated security management
• Redundancy / Disaster Recovery
28
Cloud Security Advantages
• Data Fragmentation and Dispersal
• Dedicated Security Team
• Greater Investment in Security Infrastructure
• Fault Tolerance and Reliability
• Greater Resiliency
• Hypervisor Protection Against Network Attacks
• Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds)• Simplification of Compliance Analysis• Data Held by Unbiased Party (cloud vendor assertion)• Low-Cost Disaster Recovery and Data Storage Solutions• On-Demand Security Controls• Real-Time Detection of System Tampering• Rapid Re-Constitution of Services• Advanced Honeynet Capabilities
29
General Security Challenges
• Trusting someone else's security model
• Customer inability to respond to audit findings
• Limitations in obtaining support for investigations
• Indirect administrator accountability
• Proprietary implementations can’t be examined
• Loss of physical control
30
Cloud Security Challenges
• Data dispersal and international privacy laws• EU Data Protection Directive and U.S. Safe Harbor program• Exposure of data to foreign government and data subpoenas• Data retention issues
• Need for isolation management• Multi-tenancy • Logging challenges• Data ownership issues • Quality of service guarantees• Dependence on secure hypervisors• Attraction to hackers (high value target)• Security of virtual OSs in the cloud • Possibility for massive outages• Encryption needs for cloud computing
• Encrypting access to the cloud resource control interface• Encrypting administrative access to OS instances• Encrypting access to applications• Encrypting application data at rest
• Public cloud vs internal cloud security • Lack of public SaaS version control