Day 3. 2 An Introduction to Cloud Dr David Wallom, Associate Director - Innovation (Oxford...
-
Upload
arleen-jefferson -
Category
Documents
-
view
217 -
download
3
Transcript of Day 3. 2 An Introduction to Cloud Dr David Wallom, Associate Director - Innovation (Oxford...
Day 3
2
An Introduction to CloudDr David Wallom,
Associate Director - Innovation (Oxford e-Research Centre)
Technical Director (UK NGS)
Thanks to NIST Clouds Introduction
3
Outline
• What is Cloud…?
• Using Cloud (technically)
• Using cloud (non-technical)
• Nationally available resources
4
What is cloud?
5
A Working Definition of Cloud Computing
• Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
• This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.
5
Walloms Def: If a user speaks to a person to get access to resources, its virtualisation, if the user gets access through a computational interface, expanding and contracting their available resources at will it’s a Cloud!
Courtesy of NIST
6
5 Essential Cloud Characteristics
• On-demand self-service
• High performance network access (not necessarily JANet quality though)
• Resource pooling Location independence
• Rapid elasticity/service scalability
• Measured service/usage is accounted for
6
Courtesy of NIST
7
Service Models of Cloud Computing: SaaS, PaaS, IaaS
• SaaS: Software as a Service –> Google Apps, Force.com, Facebook, Microsoft Office Live;
deployeduse
SaaSprovider
8
Microsoft Azure Services
Azure™ Services Platform
Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das
9
Service Models of Cloud Computing: SaaS, PaaS, IaaS
• SaaS: Software as a Service –> Google Apps, Force.com, Facebook, Microsoft Office Live;
• PaaS: Platform as a Service –> Google App Engine, Azure Platform, Oracle Fusion;
use
Application
package
deployed
PaaSprovider
.NET PHP Python Ruby
Visual Studio and Eclipse
…
Web Standards + Industry Standards
Azure™ Services Platform
Microsoft Azure
11
Service Models of Cloud Computing: SaaS, PaaS, IaaS
• SaaS: Software as a Service –> Google Apps, Force.com, Facebook, Microsoft Office Live;
• PaaS: Platform as a Service –> Google App Engine, Azure Platform;• IaaS: Infrastructure as a Service –> Amazon Web Services, NGS Cloud,
Eduserv
use
OSimage
instantiated
IaaSprovider
Amazon AWS
Amazon AWS
Elastic Compute Cluster (EC2)
SimpleDB
Simple Storage
Service (S3)
Simple Queue Servcie (SQS)
CloudFront
13
4 Deployment Models
• Private cloud
– enterprise owned or leased, e.g operated by your institutional Information Services
• Community cloud
– shared infrastructure for specific community, e.g. provided only to UK Universities, e.g.
Eduserv (Swindon)
• Public cloud
– Sold to the public, mega-scale infrastructure, e.g. Amazon
• Hybrid cloud– composition of two or more clouds, e.g. what it says on the tin!
Courtesy of NIST
14
Common Cloud Characteristics
• Cloud computing often leverages:
– Massive scale (one research projects scaling)
– Homogeneity
– Virtualization
– Resilient computing
– Low cost software
– Geographic distribution
– Service orientation
– Advanced security technologies
Courtesy of NIST
The NIST Cloud Definition Framework
15
CommunityCloud
Private Cloud
Public Cloud
Hybrid Clouds
DeploymentModels
ServiceModels
EssentialCharacteristics
Common Characteristics
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Resource Pooling
High Perf Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost Software
Virtualization Service Orientation
Advanced Security
Homogeneity
Massive Scale Resilient Computing
Geographic Distribution
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com
16
Usage Models of Cloud
17
• Globally distributed;
• different resources/cost;
• different applications;
• non standardised: different AAA and UI.
Private/Public Multiple Clouds
Users
NGS cloudAmazon cloud
Eduserv cloud
EGI cloud
Azure cloud
18
Mediated Private/Public Multiple Clouds
Management Interface
NGS cloudAmazon cloud
Eduserv cloud
EGI cloud
Users
• Automation;
• load balancing;
• costs reduction;
• usability.
19
• Federation of Local and Global resources
• Elasticity managed by local cloud not user
• different resources/cost;
• different applications;
• non standardised: different AAA but single UI through private provider
Hybrid Multiple Clouds
Users
Institutional cloud
Amazon cloud Eduserv cloud
EGI cloud
NGS cloud
20
Migration Paths for Cloud Adoption
• Use public clouds• Develop private clouds
– Build a private cloud– Procure an outsourced private cloud– Migrate data centers to be private clouds (fully virtualized)
• Build or procure community clouds– Organization wide SaaS– PaaS and IaaS– Disaster recovery for private clouds
• Use hybrid-cloud technology– Workload portability between clouds
21
Using an IaaS
Users retains (full) control on:
• operating system:∙ create, modify or use existing OS images;∙ VM instantiation and management (start, stop, #VMs);
• networking:∙ elastic IP, virtual firewalls, isolation (security groups);
• data:∙ create and manage EBS devices; ∙ snapshotting.
Great flexibility vs. extra effort
22
Cloud Infrastructure for Research
Centralisation Vs Federation
• Centralisation: one large, dedicated datacentre that serves the national HEI demand
• Federation: heterogeneous set of local infrastructures are coordinated nationally in order to satisfy the HEI demand
Criteria for evaluation
• Funding
• Scalability
• Flexibility
• Maintenance
• Support
• Accountability
• Obsolescence
• Competitiveness
• Security
23
Client Tools
HybridFox
RightScale Gems RightAws
Command Line Interface
24
Cloud Computing Security
25
Security is the Major Issue
26
Analyzing Cloud Security
• Some key issues:
– trust, multi-tenancy, encryption, compliance
• Cloud security is a tractable problem
– There are both advantages and challenges
27
General Security Advantages
• Shifting public data to a external cloud reduces the exposure of the internal sensitive data
• Cloud homogeneity makes security auditing/testing simpler
• Clouds enable automated security management
• Redundancy / Disaster Recovery
28
Cloud Security Advantages
• Data Fragmentation and Dispersal
• Dedicated Security Team
• Greater Investment in Security Infrastructure
• Fault Tolerance and Reliability
• Greater Resiliency
• Hypervisor Protection Against Network Attacks
• Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds)• Simplification of Compliance Analysis• Data Held by Unbiased Party (cloud vendor assertion)• Low-Cost Disaster Recovery and Data Storage Solutions• On-Demand Security Controls• Real-Time Detection of System Tampering• Rapid Re-Constitution of Services• Advanced Honeynet Capabilities
29
General Security Challenges
• Trusting someone else's security model
• Customer inability to respond to audit findings
• Limitations in obtaining support for investigations
• Indirect administrator accountability
• Proprietary implementations can’t be examined
• Loss of physical control
30
Cloud Security Challenges
• Data dispersal and international privacy laws• EU Data Protection Directive and U.S. Safe Harbor program• Exposure of data to foreign government and data subpoenas• Data retention issues
• Need for isolation management• Multi-tenancy • Logging challenges• Data ownership issues • Quality of service guarantees• Dependence on secure hypervisors• Attraction to hackers (high value target)• Security of virtual OSs in the cloud • Possibility for massive outages• Encryption needs for cloud computing
• Encrypting access to the cloud resource control interface• Encrypting administrative access to OS instances• Encrypting access to applications• Encrypting application data at rest
• Public cloud vs internal cloud security • Lack of public SaaS version control
31
An example of using cloud in research
Strategic Plan for Helix Nebula
• Set up a cloud computing infrastructure for European Research Area
• Identify and adopt policies for trust, security and privacy on a European-level
• Create a light-weight governance structure involving all stakeholders
• Define a short and medium term funding scheme
Pilot phase goals• Through the pilot phase we expect to explore/push a series of
perceived barriers to Cloud adoption: • Security: Unknown or low compliance and security standards • Reliability: Availability of service for business critical tasks • Data privacy: Moving sensitive data to the Cloud • Scalability/Elasticity: Will the Cloud scale-up to our needs • Network performance: Data transfer bottleneck; QoS • Integration: Hybrid systems with in-house/legacy systems • Vendor lock-in: Dependency on vendors once data & applications
have been transferred to the Cloud • Legal concerns: Such as who has legal liability • Transparency: Clarity of conditions, terms and pricing
37
Cloud Resources Available
• Private Cloud – Matteo Turilli, Steve Thorn & Richard Tarrant
• Community Cloud – Matt Johnson
• Public Cloud – John Donnelly, Ryan Shuttleworth