View
22
Download
0
Category
Tags:
Preview:
DESCRIPTION
Day 3. An Introduction to Cloud. Dr David Wallom, Associate Director - Innovation (Oxford e-Research Centre) Technical Director (UK NGS) Thanks to NIST Clouds Introduction. Outline. What is Cloud…? Using Cloud (technically) Using cloud (non-technical) Nationally available resources. - PowerPoint PPT Presentation
Citation preview
Day 3
2
An Introduction to CloudDr David Wallom, Associate Director - Innovation (Oxford e-Research Centre)Technical Director (UK NGS)
Thanks to NIST Clouds Introduction
3
Outline
• What is Cloud…?
• Using Cloud (technically)
• Using cloud (non-technical)
• Nationally available resources
4
What is cloud?
5
A Working Definition of Cloud Computing
• Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
• This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.
5
Walloms Def: If a user speaks to a person to get access to resources, its virtualisation, if the user gets access through a computational interface, expanding and contracting their available resources at will it’s a Cloud!
Courtesy of NIST
6
5 Essential Cloud Characteristics
• On-demand self-service • High performance network access (not necessarily JANet quality though)• Resource pooling Location independence• Rapid elasticity/service scalability• Measured service/usage is accounted for
6
Courtesy of NIST
7
Service Models of Cloud Computing: SaaS, PaaS, IaaS
• SaaS: Software as a Service –> Google Apps, Force.com, Facebook, Microsoft Office Live;
deployeduse
SaaSprovider
8
Microsoft Azure Services
Azure™ Services Platform
Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das
9
Service Models of Cloud Computing: SaaS, PaaS, IaaS
• SaaS: Software as a Service –> Google Apps, Force.com, Facebook, Microsoft Office Live;
• PaaS: Platform as a Service –> Google App Engine, Azure Platform, Oracle Fusion;
use
Application
package
deployed
PaaSprovider
.NET PHP Python Ruby
Visual Studio and Eclipse
…Web Standards + Industry Standards
Azure™ Services Platform
Microsoft Azure
11
Service Models of Cloud Computing: SaaS, PaaS, IaaS
• SaaS: Software as a Service –> Google Apps, Force.com, Facebook, Microsoft Office Live;
• PaaS: Platform as a Service –> Google App Engine, Azure Platform;• IaaS: Infrastructure as a Service –> Amazon Web Services, NGS Cloud,
Eduserv
use
OSimage
instantiated
IaaSprovider
Amazon AWS
Amazon AWS
Elastic Compute Cluster (EC2)
SimpleDB
Simple Storage
Service (S3)
Simple Queue Servcie (SQS)
CloudFront
13
4 Deployment Models
• Private cloud – enterprise owned or leased, e.g operated by your institutional Information Services
• Community cloud– shared infrastructure for specific community, e.g. provided only to UK Universities, e.g.
Eduserv (Swindon)
• Public cloud– Sold to the public, mega-scale infrastructure, e.g. Amazon
• Hybrid cloud– composition of two or more clouds, e.g. what it says on the tin!
Courtesy of NIST
14
Common Cloud Characteristics
• Cloud computing often leverages:– Massive scale (one research projects scaling)
– Homogeneity
– Virtualization
– Resilient computing
– Low cost software
– Geographic distribution
– Service orientation
– Advanced security technologies
Courtesy of NIST
The NIST Cloud Definition Framework
15
CommunityCloud
Private Cloud
Public Cloud
Hybrid Clouds
DeploymentModels
ServiceModels
EssentialCharacteristics
Common Characteristics
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Resource Pooling
High Perf Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost Software
Virtualization Service Orientation
Advanced Security
Homogeneity
Massive Scale Resilient Computing
Geographic Distribution
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com
16
Usage Models of Cloud
17
• Globally distributed;
• different resources/cost;
• different applications;
• non standardised: different AAA and UI.
Private/Public Multiple Clouds
Users
NGS cloudAmazon cloud
Eduserv cloud
EGI cloud
Azure cloud
18
Mediated Private/Public Multiple Clouds
Management Interface
NGS cloudAmazon cloud
Eduserv cloud
EGI cloud
Users
• Automation;
• load balancing;
• costs reduction;
• usability.
19
• Federation of Local and Global resources
• Elasticity managed by local cloud not user
• different resources/cost;
• different applications;
• non standardised: different AAA but single UI through private provider
Hybrid Multiple Clouds
Users
Institutional cloud
Amazon cloud Eduserv cloudEGI cloud
NGS cloud
20
Migration Paths for Cloud Adoption
• Use public clouds• Develop private clouds
– Build a private cloud– Procure an outsourced private cloud– Migrate data centers to be private clouds (fully virtualized)
• Build or procure community clouds– Organization wide SaaS– PaaS and IaaS– Disaster recovery for private clouds
• Use hybrid-cloud technology– Workload portability between clouds
21
Using an IaaS
Users retains (full) control on:
• operating system:∙ create, modify or use existing OS images;∙ VM instantiation and management (start, stop, #VMs);
• networking:∙ elastic IP, virtual firewalls, isolation (security groups);
• data:∙ create and manage EBS devices; ∙ snapshotting.
Great flexibility vs. extra effort
22
Cloud Infrastructure for Research
Centralisation Vs Federation• Centralisation: one large, dedicated datacentre that serves
the national HEI demand• Federation: heterogeneous set of local infrastructures are
coordinated nationally in order to satisfy the HEI demand
Criteria for evaluation• Funding• Scalability• Flexibility• Maintenance• Support
• Accountability• Obsolescence• Competitiveness• Security
23
Client Tools
HybridFox
RightScale Gems RightAws
Command Line Interface
24
Cloud Computing Security
25
Security is the Major Issue
26
Analyzing Cloud Security
• Some key issues: – trust, multi-tenancy, encryption, compliance
• Cloud security is a tractable problem– There are both advantages and challenges
27
General Security Advantages
• Shifting public data to a external cloud reduces the exposure of the internal sensitive data
• Cloud homogeneity makes security auditing/testing simpler• Clouds enable automated security management• Redundancy / Disaster Recovery
28
Cloud Security Advantages
• Data Fragmentation and Dispersal• Dedicated Security Team• Greater Investment in Security Infrastructure• Fault Tolerance and Reliability• Greater Resiliency• Hypervisor Protection Against Network Attacks• Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds)• Simplification of Compliance Analysis• Data Held by Unbiased Party (cloud vendor assertion)• Low-Cost Disaster Recovery and Data Storage Solutions• On-Demand Security Controls• Real-Time Detection of System Tampering• Rapid Re-Constitution of Services• Advanced Honeynet Capabilities
29
General Security Challenges
• Trusting someone else's security model• Customer inability to respond to audit findings• Limitations in obtaining support for investigations• Indirect administrator accountability• Proprietary implementations can’t be examined• Loss of physical control
30
Cloud Security Challenges
• Data dispersal and international privacy laws• EU Data Protection Directive and U.S. Safe Harbor program• Exposure of data to foreign government and data subpoenas• Data retention issues
• Need for isolation management• Multi-tenancy • Logging challenges• Data ownership issues • Quality of service guarantees• Dependence on secure hypervisors• Attraction to hackers (high value target)• Security of virtual OSs in the cloud • Possibility for massive outages• Encryption needs for cloud computing
• Encrypting access to the cloud resource control interface• Encrypting administrative access to OS instances• Encrypting access to applications• Encrypting application data at rest
• Public cloud vs internal cloud security • Lack of public SaaS version control
31
An example of using cloud in research
Strategic Plan for Helix Nebula
• Set up a cloud computing infrastructure for European Research Area
• Identify and adopt policies for trust, security and privacy on a European-level
• Create a light-weight governance structure involving all stakeholders
• Define a short and medium term funding scheme
Pilot phase goals• Through the pilot phase we expect to explore/push a series of
perceived barriers to Cloud adoption: • Security: Unknown or low compliance and security standards • Reliability: Availability of service for business critical tasks • Data privacy: Moving sensitive data to the Cloud • Scalability/Elasticity: Will the Cloud scale-up to our needs • Network performance: Data transfer bottleneck; QoS • Integration: Hybrid systems with in-house/legacy systems • Vendor lock-in: Dependency on vendors once data & applications have
been transferred to the Cloud • Legal concerns: Such as who has legal liability • Transparency: Clarity of conditions, terms and pricing
37
Cloud Resources Available
• Private Cloud – Matteo Turilli, Steve Thorn & Richard Tarrant
• Community Cloud – Matt Johnson
• Public Cloud – John Donnelly, Ryan Shuttleworth
Recommended