Download presentation
Presentation is loading. Please wait.
Published byJodie Ryan Modified over 9 years ago
1
Cloud Operating System Unit 13 Cloud System Management II M. C. Chiang Department of Computer Science and Engineering National Sun Yat-sen University Kaohsiung, Taiwan, ROC Cloud Operating System
2
Outline Data Management Data Integration Data Security Data Redundancy Data Ownership Network Management OpenStack Nova-Network OpenStack Quantum Network Security Summary 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-2
3
Data Management What can be taken as data? Uploaded files (Documents, Videos, Music) Program Codes User personal information (Name, Age, Location, etc.) User surfing history etc. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-3
4
Data Integration There are no existing standards for moving data in the cloud. The methods of each manufacture’s cloud data storage is different. Here are some issues for enterprises to treat their data for integration: Backup Data movement (from/to) the Cloud 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-4
5
Data Security (1) Data security can be considered from three aspects: Physical Layer Touchable things such as machines, devices. As mentioned in “IDC Management”. Network Layer The behaviors through network. This will be discussed later. Management Layer Can data be recognized by the Cloud? 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-5
6
Data Security (2) With the rise of cloud computing, there are some new problems. Data analysis Google advertisement, e.g., the righ side of the letter when using Gmail. Mash-up authorization Facebook utilizes both sensitive and non-sensitive data to present to other users. Third-party applications on Facebook can also utilize the data. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-6
7
Data Security (3) Increased authentication demands Pros Software piracy becomes difficult. Centralize monitoring on software. Prevents sensitive data spread on untrustworthy clients. Cons Phishing for stealing access credentials. Cost-effective defense Cloud Computing encourages single points of failure. Protect productivity and trust from attackers. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-7
8
Data Security (4) Data shouldn’t be recognized by the Cloud provider/maintainer. The simplest way to protect the data is performing encryption. AES RSA Blowfish IDEA 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-8
9
Data Security – Examples (1) Amazon S3 2011/10/04 announced Encryption When writing the object, add an additional request header. Decryption Automatically happens when the data retrieved. Encryption Algorithm AES-256 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-9
10
Data Security – Examples (2) Google Docs Google Docs doesn’t provide any server side encryption methods. For data security, users can encrypt the document before uploading set the group who can view the document Encrypted document can not be viewed on Google Docs. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-10
11
Data Security – Before Using the Cloud Users should confirm service providers’ response for the following three questions Are files transferred securely to/from the servers? Are files stored on the servers encrypted by default? How will the provider react to the file request from law? If the provider could decrypt the file, what will the provider do? 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-11
12
Data Redundancy The idea is simple; copy multiple data across different “zones”. Example: The Ring in OpenStack Review: Ring records the physical address of data. When creating a ring, administrator must supply how many replicas through the zones, and the minimum interval of copying data in command. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-12
13
Data Ownership Cloud service provider provides a free/non-free disk space and computing ability for users to handle the data. After all, who owns the data? Provider? I provide the disk space!! User? I upload the data!! 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-13
14
Network Management Network is a fundamental part of Cloud Computing. Network is an infrastructure which is easy to access stable high transfer rate low latency for users. Network in a cloud can be classified into two parts. Internal network External network 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-14
15
OpenStack Nova-Network OpenStack network controller (nova-network) The operations: Allocate fixed IP addresses. Configuring VLANs for projects. Configuring networks for compute nodes. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-15
16
OpenStack Nova-Network - Concepts Fixed IPs An IP address will be assigned to an instance after instance creation. The assigned IP will be remained until the instance is explicitly terminated. Floating IPs An IP address can be dynamically associated with an instance. An IP address can be disassociated and associated with an instance at any time. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-16
17
Fixed IPs Implementation (1) There are three strategies available for implementing fixed IPs. Flat Mode The simplest networking mode. Flat DHCP Mode Similar to flat mode. VLAN DHCP Mode The default networking mode. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-17
18
Fixed IPs Implementation (2) Flat Mode By default, all instances attach to the same bridge (br100). Before the instance is booted, the network configuration will be injected into the instance. So far, this only works on linux-style systems. The network configuration is in /etc/networking/interfaces. Flat DHCP Mode Nova will attempt to bridge into an ethernet device. A DHCP server (dnsmasq) will respond to instance’s dhcpdiscover operation. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-18
19
Fixed IPs Implementation (3) VLAN DHCP Mode Requires a switch which supports host-managed vlan tagging. A vlan will be created with a range of private ips. Cloudpipe helps user access the instances. Nova generates a key and certificate for user. One vpn per project. Illustration is shown in next page. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-19
20
Fixed IPs Implementation (4) 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-20
21
OpenStack Quantum (1) Isolated from Nova to serve “Network Connectivity as a Service”. Help user to establish their own network services. Three components: REST API Layer Directly connect to Nova. Authentication and Authorization Layer Pluggable Backend 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-21
22
OpenStack Quantum (2) REST API Layer Implement Quantum API and redirect API requests to where they should. Authentication and Authorization Layer Validate API requests and ensure them from the authorized users. Pluggable Backend Enhance REST API Layer. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-22
23
Network Security Even though it might be safe in the cloud, but the network is complicated. The traditional methods still work for cloud. Sniffer ARP Poison XSS SQL Injection etc. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-23
24
Summary Users should confirm the agreement before using the service. Quantum helps users to create the ideal network. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-24
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.