Presentation is loading. Please wait.

Presentation is loading. Please wait.

A day in the cloud.

Similar presentations


Presentation on theme: "A day in the cloud."— Presentation transcript:

1 A day in the cloud

2 An Introduction to Cloud
Dr David Wallom, Associate Director (Oxford e-Research Centre) Thanks to NIST Clouds Introduction & Bob Jones (CERN, Helix Nebula)

3 Outline What is Cloud…? Using Cloud (technically)
Using cloud (non-technical) Available resources

4 What is cloud?

5 A Working Definition of Cloud Computing
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models. Walloms Def: If a user speaks to a person to get access to resources, its virtualisation, if the user gets access through a computational interface, expanding and contracting their available resources at will, it’s a Cloud! Note 1: Cloud computing is still an evolving paradigm. Its definitions, use cases, underlying technologies, issues, risks, and benefits will be refined in a spirited debate by the public and private sectors. These definitions, attributes, and characteristics will evolve and change over time. Note 2: The cloud computing industry represents a large ecosystem of many models, vendors, and market niches. This definition attempts to encompass all of the various cloud approaches. Courtesy of NIST

6 5 Essential Cloud Characteristics
On-demand self-service High performance network access Resource pooling Location independence Rapid elasticity/service scalability Measured service/usage is accounted for Courtesy of NIST

7 3 Cloud Service Models EC2 = Amazon Elastic Compute Cloud
PaaS offerings facilitate deployment of applications without the cost and complexity of buying and managing the underlying hardware and software and provisioning hosting capabilities[1], providing all of the facilities required to support the complete life cycle of building and delivering web applications and services entirely available from the Internet[2]. PaaS offerings may include facilities for application design, application development, testing, deployment and hosting as well as application services such as team collaboration, web service integration and marshalling, database integration, security, scalability, storage, persistence, state management, application versioning, application instrumentation and developer community facilitation.

8 use deployed SaaS provider 3 Cloud Service Models
SaaS: Software as a Service –> Google Apps, salesForce.com, Facebook, Microsoft Office 365; use deployed EC2 = Amazon Elastic Compute Cloud PaaS offerings facilitate deployment of applications without the cost and complexity of buying and managing the underlying hardware and software and provisioning hosting capabilities[1], providing all of the facilities required to support the complete life cycle of building and delivering web applications and services entirely available from the Internet[2]. PaaS offerings may include facilities for application design, application development, testing, deployment and hosting as well as application services such as team collaboration, web service integration and marshalling, database integration, security, scalability, storage, persistence, state management, application versioning, application instrumentation and developer community facilitation. SaaS provider

9 use deployed Application package PaaS provider 3 Cloud Service Models
SaaS: Software as a Service –> Google Apps, salesForce.com, Facebook, Microsoft Office 365; PaaS: Platform as a Service –> Google App Engine, Force.com, Azure Platform, Oracle Fusion; use Application package deployed EC2 = Amazon Elastic Compute Cloud PaaS offerings facilitate deployment of applications without the cost and complexity of buying and managing the underlying hardware and software and provisioning hosting capabilities[1], providing all of the facilities required to support the complete life cycle of building and delivering web applications and services entirely available from the Internet[2]. PaaS offerings may include facilities for application design, application development, testing, deployment and hosting as well as application services such as team collaboration, web service integration and marshalling, database integration, security, scalability, storage, persistence, state management, application versioning, application instrumentation and developer community facilitation. PaaS provider

10 Microsoft Azure Azure™ Services Platform .NET PHP Python Ruby
Visual Studio and Eclipse Web Standards + Industry Standards

11 use instantiated OS image IaaS provider 3 Cloud Service Models
SaaS: Software as a Service –> Google Apps, salesForce.com, Facebook, Microsoft Office 365; PaaS: Platform as a Service –> Google App Engine, Force.com, Azure Platform; IaaS: Infrastructure as a Service –> Amazon Web Services, EGI Fed Cloud, 100%IT use OS image instantiated EC2 = Amazon Elastic Compute Cloud PaaS offerings facilitate deployment of applications without the cost and complexity of buying and managing the underlying hardware and software and provisioning hosting capabilities[1], providing all of the facilities required to support the complete life cycle of building and delivering web applications and services entirely available from the Internet[2]. PaaS offerings may include facilities for application design, application development, testing, deployment and hosting as well as application services such as team collaboration, web service integration and marshalling, database integration, security, scalability, storage, persistence, state management, application versioning, application instrumentation and developer community facilitation. IaaS provider

12 Amazon AWS Amazon AWS Elastic Compute Cluster (EC2) SimpleDB
Simple Storage Service (S3) Simple Queue Servcie (SQS) CloudFront

13 4 Deployment Models Courtesy of NIST Private cloud Community cloud
enterprise owned or leased, e.g operated by your institutional IT support Community cloud shared infrastructure for specific community, e.g. provided only to specific sectors, e.g. EBI Public cloud Sold to the public, mega-scale infrastructure, e.g. Amazon Hybrid cloud composition of two or more clouds, e.g. what it says on the tin! Courtesy of NIST

14 Common Cloud Characteristics
Cloud computing often leverages: Massive scale (beyond a single projects scaling) Homogeneity Virtualization Resilient computing Low cost software Geographic distribution Service orientation Advanced security technologies Courtesy of NIST

15 The NIST Cloud Definition Framework
Hybrid Clouds Deployment Models Community Cloud Private Cloud Public Cloud Service Models Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Resource Pooling High Perf Network Access Rapid Elasticity Measured Service On Demand Self-Service Essential Characteristics Cloud diagram idea inspired by Maria Spinola Low Cost Software Virtualization Service Orientation Advanced Security Massive Scale Resilient Computing Homogeneity Geographic Distribution Common Characteristics Based upon original chart created by Alex Dowbor -

16 Usage Models of Cloud

17 Private/Public Multiple Clouds
Amazon cloud NGS cloud Azure cloud Eduserv cloud Users Globally distributed; different resources/cost; different applications; non standardised: different AAA and UI. EGI cloud

18 Mediated Private/Public Multiple Clouds
Amazon cloud UK NGS cloud Management Interface Users Automation; load balancing; costs reduction; usability. Engineering design: a systematic approach, 614pp, no definition of design! Eduserv cloud EGI cloud

19 Hybrid Multiple Clouds
EGI cloud Amazon cloud Eduserv cloud NGS cloud Institutional cloud Federation of Local and Global resources Elasticity managed by local cloud not user different resources/cost; different applications; non standardised: different AAA but single UI through private provider Users

20 Migration Paths for Cloud Adoption
Use public clouds Develop private clouds Build a private cloud Procure an outsourced private cloud Migrate data centers to be private clouds (fully virtualized) Build or procure community clouds Organization wide SaaS PaaS and IaaS Disaster recovery for private clouds Use hybrid-cloud technology Workload portability between clouds

21 Great flexibility vs. extra effort
Using an IaaS Users retains (full) control on: operating system: create, modify or use existing OS images; VM instantiation and management (start, stop, #VMs); networking: elastic IP, virtual firewalls, isolation (security groups); data: create and manage EBS devices; snapshotting. Great flexibility vs. extra effort EC2 = Amazon Elastic Compute Cloud

22 Cloud Infrastructure for Research
Centralisation Vs Federation Centralisation: one large, dedicated datacentre that serves the national HEI demand Federation: heterogeneous set of infrastructures coordinated in order to satisfy the HEI demand Criteria for evaluation Accountability Funding Obsolescence Scalability Competitiveness Flexibility Security Maintenance Support

23 Client Tools Command Line Interface HybridFox RightScale Gems RightAws

24 Cloud Computing Security

25 Security is the Major Issue

26 Analyzing Cloud Security
Some key issues: trust, multi-tenancy, encryption, compliance Cloud security is a tractable problem There are both advantages and challenges

27 General Security Advantages
Shifting public data to a external cloud reduces the exposure of the internal sensitive data Cloud homogeneity makes security auditing/testing simpler Clouds enable automated security management Redundancy / Disaster Recovery

28 Cloud Security Advantages
Data Fragmentation and Dispersal Dedicated Security Team Greater Investment in Security Infrastructure Fault Tolerance and Reliability Greater Resiliency Hypervisor Protection Against Network Attacks Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds) Simplification of Compliance Analysis Data Held by Unbiased Party (cloud vendor assertion) Low-Cost Disaster Recovery and Data Storage Solutions On-Demand Security Controls Real-Time Detection of System Tampering Rapid Re-Constitution of Services Advanced Honeynet Capabilities

29 General Security Challenges
Trusting someone else's security model Customer inability to respond to audit findings Limitations in obtaining support for investigations Indirect administrator accountability Proprietary implementations can’t be examined Loss of physical control

30 Cloud Security Challenges
Data dispersal and international privacy laws EU Data Protection Directive and U.S. Safe Harbor program Exposure of data to foreign government and data subpoenas Data retention issues Need for isolation management Multi-tenancy Logging challenges Data ownership issues Quality of service guarantees Dependence on secure hypervisors Attraction to hackers (high value target) Security of virtual OSs in the cloud Possibility for massive outages Encryption needs for cloud computing Encrypting access to the cloud resource control interface Encrypting administrative access to OS instances Encrypting access to applications Encrypting application data at rest Public cloud vs internal cloud security Lack of public SaaS version control

31

32 Examples of using cloud in research

33 Set up a cloud computing infrastructure for European Research Area
Identify and adopt policies for trust, security and privacy on a European-level Create a light-weight governance structure involving all stakeholders Define a short and medium term funding scheme

34

35 Cloud Resources Available
Private Cloud – Various universities and STFC Community Cloud – Eduserv, EBI, Magelium Public Cloud – Amazon, Elastic-hosts, Microsoft Azure IaaS, CEMS, 100% IT


Download ppt "A day in the cloud."

Similar presentations


Ads by Google