Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud Operating System Unit 13 Cloud System Management II M. C. Chiang Department of Computer Science and Engineering National Sun Yat-sen University Kaohsiung,

Published byJodie Ryan Modified over 9 years ago

Similar presentations

Presentation on theme: "Cloud Operating System Unit 13 Cloud System Management II M. C. Chiang Department of Computer Science and Engineering National Sun Yat-sen University Kaohsiung,"— Presentation transcript:

1 Cloud Operating System Unit 13 Cloud System Management II M. C. Chiang Department of Computer Science and Engineering National Sun Yat-sen University Kaohsiung, Taiwan, ROC Cloud Operating System

2 Outline  Data Management  Data Integration  Data Security  Data Redundancy  Data Ownership  Network Management  OpenStack Nova-Network  OpenStack Quantum  Network Security  Summary 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-2

3 Data Management  What can be taken as data?  Uploaded files (Documents, Videos, Music)  Program Codes  User personal information (Name, Age, Location, etc.)  User surfing history  etc. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-3

4 Data Integration  There are no existing standards for moving data in the cloud.  The methods of each manufacture’s cloud data storage is different.  Here are some issues for enterprises to treat their data for integration:  Backup  Data movement (from/to) the Cloud 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-4

5 Data Security (1)  Data security can be considered from three aspects:  Physical Layer Touchable things such as machines, devices. As mentioned in “IDC Management”.  Network Layer The behaviors through network. This will be discussed later.  Management Layer Can data be recognized by the Cloud? 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-5

6 Data Security (2)  With the rise of cloud computing, there are some new problems.  Data analysis Google advertisement, e.g., the righ side of the letter when using Gmail.  Mash-up authorization Facebook utilizes both sensitive and non-sensitive data to present to other users. Third-party applications on Facebook can also utilize the data. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-6

7 Data Security (3)  Increased authentication demands Pros Software piracy becomes difficult. Centralize monitoring on software. Prevents sensitive data spread on untrustworthy clients. Cons Phishing for stealing access credentials.  Cost-effective defense Cloud Computing encourages single points of failure. Protect productivity and trust from attackers. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-7

8 Data Security (4)  Data shouldn’t be recognized by the Cloud provider/maintainer.  The simplest way to protect the data is performing encryption.  AES  RSA  Blowfish  IDEA 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-8

9 Data Security – Examples (1)  Amazon S3  2011/10/04 announced  Encryption When writing the object, add an additional request header.  Decryption Automatically happens when the data retrieved.  Encryption Algorithm AES-256 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-9

10 Data Security – Examples (2)  Google Docs  Google Docs doesn’t provide any server side encryption methods.  For data security, users can encrypt the document before uploading set the group who can view the document  Encrypted document can not be viewed on Google Docs. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-10

11 Data Security – Before Using the Cloud  Users should confirm service providers’ response for the following three questions  Are files transferred securely to/from the servers?  Are files stored on the servers encrypted by default?  How will the provider react to the file request from law? If the provider could decrypt the file, what will the provider do? 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-11

12 Data Redundancy  The idea is simple; copy multiple data across different “zones”.  Example: The Ring in OpenStack  Review: Ring records the physical address of data.  When creating a ring, administrator must supply how many replicas through the zones, and the minimum interval of copying data in command. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-12

13 Data Ownership  Cloud service provider provides a free/non-free disk space and computing ability for users to handle the data.  After all, who owns the data?  Provider? I provide the disk space!!  User? I upload the data!! 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-13

14 Network Management  Network is a fundamental part of Cloud Computing.  Network is an infrastructure which is  easy to access  stable  high transfer rate  low latency for users.  Network in a cloud can be classified into two parts.  Internal network  External network 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-14

15 OpenStack Nova-Network  OpenStack network controller (nova-network)  The operations:  Allocate fixed IP addresses.  Configuring VLANs for projects.  Configuring networks for compute nodes. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-15

16 OpenStack Nova-Network - Concepts  Fixed IPs  An IP address will be assigned to an instance after instance creation.  The assigned IP will be remained until the instance is explicitly terminated.  Floating IPs  An IP address can be dynamically associated with an instance.  An IP address can be disassociated and associated with an instance at any time. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-16

17 Fixed IPs Implementation (1)  There are three strategies available for implementing fixed IPs.  Flat Mode The simplest networking mode.  Flat DHCP Mode Similar to flat mode.  VLAN DHCP Mode The default networking mode. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-17

18 Fixed IPs Implementation (2)  Flat Mode By default, all instances attach to the same bridge (br100). Before the instance is booted, the network configuration will be injected into the instance. So far, this only works on linux-style systems. The network configuration is in /etc/networking/interfaces.  Flat DHCP Mode Nova will attempt to bridge into an ethernet device. A DHCP server (dnsmasq) will respond to instance’s dhcpdiscover operation. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-18

19 Fixed IPs Implementation (3)  VLAN DHCP Mode Requires a switch which supports host-managed vlan tagging. A vlan will be created with a range of private ips. Cloudpipe helps user access the instances. Nova generates a key and certificate for user. One vpn per project. Illustration is shown in next page. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-19

20 Fixed IPs Implementation (4) 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-20

21 OpenStack Quantum (1)  Isolated from Nova to serve “Network Connectivity as a Service”.  Help user to establish their own network services.  Three components:  REST API Layer Directly connect to Nova.  Authentication and Authorization Layer  Pluggable Backend 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-21

22 OpenStack Quantum (2)  REST API Layer  Implement Quantum API and redirect API requests to where they should.  Authentication and Authorization Layer  Validate API requests and ensure them from the authorized users.  Pluggable Backend  Enhance REST API Layer. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-22

23 Network Security  Even though it might be safe in the cloud, but the network is complicated.  The traditional methods still work for cloud.  Sniffer  ARP Poison  XSS  SQL Injection  etc. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-23

24 Summary  Users should confirm the agreement before using the service.  Quantum helps users to create the ideal network. 9/5/2015 Cloud Operating System - Unit 12: Cloud Management U12-24

Download ppt "Cloud Operating System Unit 13 Cloud System Management II M. C. Chiang Department of Computer Science and Engineering National Sun Yat-sen University Kaohsiung,"

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
A 5 minutes intro to Openstack (and a few more minutes on Openstack Networking) Salvatore Orlando 3 rd OSUG Italy Meetup Rome, May 9 th 2013.

A 5 minutes intro to Openstack (and a few more minutes on Openstack Networking) Salvatore Orlando 3 rd OSUG Italy Meetup Rome, May 9 th 2013.
What’s New: Windows Server 2012 R2 Tim Vander Kooi Systems Architect www.NetComLearning.com.

What’s New: Windows Server 2012 R2 Tim Vander Kooi Systems Architect
The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.

The Case for Enterprise Ready Virtual Private Clouds Timothy Wood, Alexandre Gerber *, K.K. Ramakrishnan *, Jacobus van der Merwe *, and Prashant Shenoy.
Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.

Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.
Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.

Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Network Security Philadelphia UniversityAhmad Al-Ghoul 2010-20111 Module 11 Exploring Secure Topologies  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Network Security Philadelphia UniversityAhmad Al-Ghoul Module 11 Exploring Secure Topologies  MModified by :Ahmad Al Ghoul  PPhiladelphia.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
14.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Data Networking Fundamentals Unit 7 7/2/2015 1 Modified by: Brierley.

Data Networking Fundamentals Unit 7 7/2/ Modified by: Brierley.
Chapter 5 Database Application Security Models

Chapter 5 Database Application Security Models
Wide-area cooperative storage with CFS

Wide-area cooperative storage with CFS
Institute of Technology, Sligo Dept of Computing Semester 3, version 2.1.3 Semester 3 Chapter 3 VLANs.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.

Similar presentations

Ads by Google