Day 3

2

An Introduction to CloudDr David Wallom,

Associate Director - Innovation (Oxford e-Research Centre)

Technical Director (UK NGS)

Thanks to NIST Clouds Introduction

3

Outline

• What is Cloud…?

• Using Cloud (technically)

• Using cloud (non-technical)

• Nationally available resources

4

What is cloud?

5

A Working Definition of Cloud Computing

• Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

• This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.

5

Walloms Def: If a user speaks to a person to get access to resources, its virtualisation, if the user gets access through a computational interface, expanding and contracting their available resources at will it’s a Cloud!

Courtesy of NIST

6

5 Essential Cloud Characteristics

• On-demand self-service

• High performance network access (not necessarily JANet quality though)

• Resource pooling Location independence

• Rapid elasticity/service scalability

• Measured service/usage is accounted for

6

Courtesy of NIST

7

Service Models of Cloud Computing: SaaS, PaaS, IaaS

• SaaS: Software as a Service –> Google Apps, Force.com, Facebook, Microsoft Office Live;

deployeduse

SaaSprovider

8

Microsoft Azure Services

Azure™ Services Platform

Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das

9

Service Models of Cloud Computing: SaaS, PaaS, IaaS

• SaaS: Software as a Service –> Google Apps, Force.com, Facebook, Microsoft Office Live;

• PaaS: Platform as a Service –> Google App Engine, Azure Platform, Oracle Fusion;

use

Application

package

deployed

PaaSprovider

.NET PHP Python Ruby

Visual Studio and Eclipse

…

Web Standards + Industry Standards

Azure™ Services Platform

Microsoft Azure

11

Service Models of Cloud Computing: SaaS, PaaS, IaaS

• SaaS: Software as a Service –> Google Apps, Force.com, Facebook, Microsoft Office Live;

• PaaS: Platform as a Service –> Google App Engine, Azure Platform;• IaaS: Infrastructure as a Service –> Amazon Web Services, NGS Cloud,

Eduserv

use

OSimage

instantiated

IaaSprovider

Amazon AWS

Amazon AWS

Elastic Compute Cluster (EC2)

SimpleDB

Simple Storage

Service (S3)

Simple Queue Servcie (SQS)

CloudFront

13

4 Deployment Models

• Private cloud

– enterprise owned or leased, e.g operated by your institutional Information Services

• Community cloud

– shared infrastructure for specific community, e.g. provided only to UK Universities, e.g.

Eduserv (Swindon)

• Public cloud

– Sold to the public, mega-scale infrastructure, e.g. Amazon

• Hybrid cloud– composition of two or more clouds, e.g. what it says on the tin!

Courtesy of NIST

14

Common Cloud Characteristics

• Cloud computing often leverages:

– Massive scale (one research projects scaling)

– Homogeneity

– Virtualization

– Resilient computing

– Low cost software

– Geographic distribution

– Service orientation

– Advanced security technologies

Courtesy of NIST

The NIST Cloud Definition Framework

15

CommunityCloud

Private Cloud

Public Cloud

Hybrid Clouds

DeploymentModels

ServiceModels

EssentialCharacteristics

Common Characteristics

Software as a Service (SaaS)

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

Resource Pooling

High Perf Network Access Rapid Elasticity

Measured Service

On Demand Self-Service

Low Cost Software

Virtualization Service Orientation

Advanced Security

Homogeneity

Massive Scale Resilient Computing

Geographic Distribution

Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com

16

Usage Models of Cloud

17

• Globally distributed;

• different resources/cost;

• different applications;

• non standardised: different AAA and UI.

Private/Public Multiple Clouds

Users

NGS cloudAmazon cloud

Eduserv cloud

EGI cloud

Azure cloud

18

Mediated Private/Public Multiple Clouds

Management Interface

NGS cloudAmazon cloud

Eduserv cloud

EGI cloud

Users

• Automation;

• load balancing;

• costs reduction;

• usability.

19

• Federation of Local and Global resources

• Elasticity managed by local cloud not user

• different resources/cost;

• different applications;

• non standardised: different AAA but single UI through private provider

Hybrid Multiple Clouds

Users

Institutional cloud

Amazon cloud Eduserv cloud

EGI cloud

NGS cloud

20

Migration Paths for Cloud Adoption

• Use public clouds• Develop private clouds

– Build a private cloud– Procure an outsourced private cloud– Migrate data centers to be private clouds (fully virtualized)

• Build or procure community clouds– Organization wide SaaS– PaaS and IaaS– Disaster recovery for private clouds

• Use hybrid-cloud technology– Workload portability between clouds

21

Using an IaaS

Users retains (full) control on:

• operating system:∙ create, modify or use existing OS images;∙ VM instantiation and management (start, stop, #VMs);

• networking:∙ elastic IP, virtual firewalls, isolation (security groups);

• data:∙ create and manage EBS devices; ∙ snapshotting.

Great flexibility vs. extra effort

22

Cloud Infrastructure for Research

Centralisation Vs Federation

• Centralisation: one large, dedicated datacentre that serves the national HEI demand

• Federation: heterogeneous set of local infrastructures are coordinated nationally in order to satisfy the HEI demand

Criteria for evaluation

• Funding

• Scalability

• Flexibility

• Maintenance

• Support

• Accountability

• Obsolescence

• Competitiveness

• Security

23

Client Tools

HybridFox

RightScale Gems RightAws

Command Line Interface

24

Cloud Computing Security

25

Security is the Major Issue

26

Analyzing Cloud Security

• Some key issues:

– trust, multi-tenancy, encryption, compliance

• Cloud security is a tractable problem

– There are both advantages and challenges

27

General Security Advantages

• Shifting public data to a external cloud reduces the exposure of the internal sensitive data

• Cloud homogeneity makes security auditing/testing simpler

• Clouds enable automated security management

• Redundancy / Disaster Recovery

28

Cloud Security Advantages

• Data Fragmentation and Dispersal

• Dedicated Security Team

• Greater Investment in Security Infrastructure

• Fault Tolerance and Reliability

• Greater Resiliency

• Hypervisor Protection Against Network Attacks

• Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds)• Simplification of Compliance Analysis• Data Held by Unbiased Party (cloud vendor assertion)• Low-Cost Disaster Recovery and Data Storage Solutions• On-Demand Security Controls• Real-Time Detection of System Tampering• Rapid Re-Constitution of Services• Advanced Honeynet Capabilities

29

General Security Challenges

• Trusting someone else's security model

• Customer inability to respond to audit findings

• Limitations in obtaining support for investigations

• Indirect administrator accountability

• Proprietary implementations can’t be examined

• Loss of physical control

30

Cloud Security Challenges

• Data dispersal and international privacy laws• EU Data Protection Directive and U.S. Safe Harbor program• Exposure of data to foreign government and data subpoenas• Data retention issues

• Need for isolation management• Multi-tenancy • Logging challenges• Data ownership issues • Quality of service guarantees• Dependence on secure hypervisors• Attraction to hackers (high value target)• Security of virtual OSs in the cloud • Possibility for massive outages• Encryption needs for cloud computing

• Encrypting access to the cloud resource control interface• Encrypting administrative access to OS instances• Encrypting access to applications• Encrypting application data at rest

• Public cloud vs internal cloud security • Lack of public SaaS version control

31

An example of using cloud in research

Strategic Plan for Helix Nebula

• Set up a cloud computing infrastructure for European Research Area

• Identify and adopt policies for trust, security and privacy on a European-level

• Create a light-weight governance structure involving all stakeholders

• Define a short and medium term funding scheme

Pilot phase goals• Through the pilot phase we expect to explore/push a series of

perceived barriers to Cloud adoption: • Security: Unknown or low compliance and security standards • Reliability: Availability of service for business critical tasks • Data privacy: Moving sensitive data to the Cloud • Scalability/Elasticity: Will the Cloud scale-up to our needs • Network performance: Data transfer bottleneck; QoS • Integration: Hybrid systems with in-house/legacy systems • Vendor lock-in: Dependency on vendors once data & applications

have been transferred to the Cloud • Legal concerns: Such as who has legal liability • Transparency: Clarity of conditions, terms and pricing

37

Cloud Resources Available

• Private Cloud – Matteo Turilli, Steve Thorn & Richard Tarrant

• Community Cloud – Matt Johnson

• Public Cloud – John Donnelly, Ryan Shuttleworth