USC CSSE Annual Research Review
Executive Workshop, March 9, 2011
Dr. Craig A. Lee, lee@aero.org
Senior Scientist, The Aerospace Corporation, www.aero.org
Board of Directors, (Past) President, Open Grid Forum, www.ogf.org
© The Aerospace Corporation 2011

2
• Cloud computing has many potential benefits
– As well as potential pitfalls
• Different organizations -- industrial, scientific & governmental – will have different requirements and perceived risks for cloud computing
– How will these different requirements and risks drive cloud development and deployment?
• How can Software Engineering be applied to improve software and the development process?
– What’s different about cloud environments?

www.gpoaccess.gov/usbudget
3
• FY 2010 US Federal IT Budget: $79B
– ~70% spent on maintenance
• US Federal CIO pursuing cloud computing
– Apps.gov, data.gov web sites stood up
Reprinted courtesy of the U.S. Government

4
Basic Science, Computational Science, Data Access, On-Demand Resources actual path
5 days out
2
4
1
3
Philip Bogden, (Past) SCOOP Program Director scoop.sura.org/documents/MTS_Journal_Article_Final.pdf
Reprinted courtesy of SURA

Open Geospatial Consortium OWS-6 Project:
5
Lan-Kun Chung, Feng Chia University, Taiwan
Reprinted courtesy of Prof. Chung

6
6
• A broad term used to denote virtualization at any of several different system layers
– “Outsourcing” of hardware, system environment, or services
– Things just run “in the cloud”, i.e., somebody else’s data center
• Generally from a single provider through a very simple API
– Simple API eases adoption at the cost of insight and control
– Effective business model for provider to “sell” virtualized, back-end data center resources
Application
Level
Platform
Level
Infrastructure
Level
• Software as a Service (SaaS)
• Build an application from pre-defined services
• Example: Salesforce.com
• Platform as a Service (PaaS)
• Acquire a set of hosting environments
• Example: Google App Engine (Python)
• Infrastructure as a Service (IaaS)
• Acquire a set of machines you can login to
• Example: Amazon EC2

7
Provider-oriented
Benefits
• Improved server utilization
• Improved reliability
• Greener IT
• Clear business models
User-oriented
Benefits
• Commodification of compute resources
• Managing surge requirements
• Ease of application deployment
• Virtual ownership of resources

8
• Security
– Information Assurance
• Governance
– Regulatory, Legal -- SLAs
• Cost
– Where's the break-even point?
• Performance Management
– Abstraction vs. Control -- SLAs
• Portability & Interoperability
– Data and Applications
• Execution Models
– Frameworks & SaaS

9
Hybrid
Cloud
Private
Cloud
Organization A
Federated
Cloud
Hybrid
Cloud
Private
Cloud
Organization B

10
The distinction between private and public clouds is really a relative distinction between whether you
"own" the resources or not -- whether the resources are inside or outside your security perimeter, i.e., your administrative domain.
• Can you enforce membership, usage, and security policies?
– Do you know who your cloud tenants are and how they will behave?
• 451 Group identifies Trust and Control as the primary inhibitor of cloud technology, followed by Interoperability,
Portability and Licensing (“It Is Cloud” report, June 2010)
• Cloud Security Alliance “Security Guidelines” document listing many security and regulatory issues

11
Trust
Relationships
Need for:
• Federated identity models
• Role-based authorization
• Virtual Organizations
• Something like the IGTF

12
• Top-Down deployment/adoption of “public cloud”?
– Appealing from “end-goal” perspective, such as national cloud initiatives
– Challenge: Recruiting enough users whose security, reliability, and control requirements can be met
• Bottoms-Up deployment of “organizational clouds”?
– Realistic starting-point for many organizations -- much easier to control policy, security, risk, liability
– Challenge: Mitigating the risk of creating “cloud silos” that are non-interoperable -- cannot federate or hybridize

13
Private
Everything within secure perimeter
Federated
Known number of known tenants
Hybrid
Unknown tenants but secure perimeter
Public
No secure perimeter
• Job types & mixes
• Data access/interop
• Storage mgmt
• Workload mgmt
• Reliability
• Energy mgmt
• Governance
– VMs, VNs, VDCs
•
•
•
•
•
ID mgmt
VO mgmt
Distributed workload mgmt
Portability
Interoperability
• SLAs
• Full Security
• Privacy
• Data Leakage
•
Denial of Service
•
Eff. data deletion
• Costing models
• Avoid vendor lock-in
• Harmonize/shake-out basic infrastructure standards
• Agreement on joint operations
• e.g., International Grid
Trust Federation
• Outsourceable tasks
• Cost Predictability
• Liability
• Reporting
• Co-tenant reputation
• Provider viability
• Audits • Harmonize/shake-out relevant standards
• Federation
• Distributed mgmt
• Legal Precedent
• Harmonize/shake-out relevant standards
• Practical ways to operate on encrypted data (not!)
• Virtual Private Clouds
• On-site inspections
• Understand & test provider’s operation
• Harmonize/shake-out relevant standards
Issues/Concerns Accumulate Left to Right

14
Phase I Phase II Phase III Phase IV
• Existing IaaS processing and storage
• VO mgmt
• Dist Wrkld Mgmt
• ID mgmt
• Data access & interop
• Hybrid infrastructure
• SLAs
• Auditing/Monitoring/Re porting
• VN, VDC, VPC
• Secure operations
• Organizations deprecate their own infrastructures • Develop common, extensible data arch
& semantics
• Testbed Bake-off
• Reliability practices
• Workload mgmt
• Costing models
• Joint practices
• Energy Mgmt
• SLAs at scale
• PaaS capabilities
• Auditing/Reporting mechanisms
• Regulatory support
• Set legal precedent
• Cloud DNS
• VN, VDC, VPC demonstration
• Various security tools
•
• Virtual
Enterprise/Mission
Support
Autonomic systems
• SLAs & governance to support job mix
• Event Notification at scale
• Various security issues
• Naming – Cloud DNS
• VN, VDC, VPC mgmt
• Autonomic policy enforcement
• Virtual Missions
• Virtual Enterprises
• Encrypted operation
• Quantum computing

15
• Industry
– Beyond client-provider to business-to-business
• Science
– Many operational grids adding cloud functionality: EGI, OSG, …
– Motivations similar to broader cloud community
• cf. Seeking Supernovae in the Clouds: A Performance Study, K.
Jackson, et al., Science Cloud Workshop , HPDC, June 2010
• Government -- National Cloud Initiatives
– US Cloud Storefront Concept
– Japanese Kasumigaseki Cloud Concept
– UK GCloud Concept, …
• National Cloud Standards Efforts
– US NIST: http://collaborate.nist.gov/twiki-cloud-computing
– EU SIENA: http://www.sienainitiative.eu
– Japan GICTF: http://www.gictf.jp/index_e.html

• An informal group of Standards Development Organizations (SDOs) collaborating to coordinate and communicate standards for cloud computing, networks and storage
– Wiki: cloud-standards.org
– Mailing List: groups.google.com/group/CloudStandards
• All of these SDOs could feed into
Open Cloud Consortium
16
– Open source cloud stack repository – all code under Apache 2.0
– Started by NASA and Rackspace in support of NASA Nebula cloud

• OGF Open Cloud Computing Interface
• DMTF Open Virtualization Format
• SNIA Cloud Data Management Interface
• Together these represent a basis for standard
Infrastructure-as-a-Service
17
17

• RESTful API: ~15 commands
• Four main documents: www.ogf.org/gf/docs/?archived
• Twelve implementations
©
GET http://abc.com/uid123foobar/
Provider Instance
18
Compute
Operations
(start, stop, delete, update)
Covered by OCCI
HTTP LINK header
Storage
Network
Resource
Links
Attributes
Atom-like categories

• A multi-vendor format enabling interoperability
Exactly one XML document defining the content and requirements of the virtual appliance
Optional SHA-1 digest for package data integrity
Optional certificate for package authenticity
Zero or more disk image files representing virtual disks for the virtual appliance
19

Manages the provisioning of blockoriented, file-oriented
& object-oriented storage
20
Used by permission of SNIA.

21
Virtual Appliances, Virtual Missions, Virtual Data Centers
Virtual Storage
Virtual Servers
Virtual Networks
Google Data Center
The Dalles, Oregon
Publicity photo reprinted courtesy of Google.

Control Plane
22
Application Plane

23
Control Plane
Split
Events and
Monitored Data
Func
Cntl
Merge
Control
Signals
Func
Application Plane

24

These will be highly distributed, federated, virtualized, autonomic, on-demand systems !

25
•
Requirements
•
Design
•
Development: Languages and Tools
•
Testing
•
Maintenance
•
Configuration Management: Versioning and Source Control
•
Engineering Management: ~Project Management
•
Development Process: Waterfall, Spiral, Iterative,
Incremental, Agile
•
Engineering Tools: Computer Aided Software Engineering
•
Software Quality
Chapters in Software Engineering Body of Knowledge
IEEE CS, Bourque and Depuis, eds., 2004

26
Requirements
Design
Development
Testing
Maintenance
Config. Mgmt
Eng. Mgmt
Devel. Process
Eng. Tools
Quality
Public
Hybrid
Federated
Private

27
•
Use of VMIs to control system configuration
•
Use of on-demand resources for testing purposes
•
How to manage testing when going from a private cloud development system to a federated/hybrid cloud?
•
Use of VMIs as a maintenance mechanism
•
Costing models for private vs. public clouds
•
Can VO concept be used for development & test?
•
Interoperability testing portals between clouds?
•
How to monitor/audit across virtualized environments?
•
How to ensure that virtual system requirements are satisfied by on-demand physical resources?
•
….. (many, many others)

28
• We have presented a "cloudscape" of issues, challenges, opportunities wrt virtualized, federated environments
– Grand scale motivations
– Expected benefits
– National/International efforts
– Speculated on a draft roadmap "dartboard”
– Emerging cloud standards
– Virtual Appliances/Mission/Data Centers
• Provoked questions on how to apply software engineering
• Much more work to be done
• … and one more slide…

29

“All trademarks, service marks, and trade names are the property of their respective owners”
© The Aerospace Corporation 2011