A day in the cloud
An Introduction to Cloud
Dr David Wallom,
Associate Director (Oxford e-Research Centre)
Thanks to NIST Clouds Introduction & Bob Jones (CERN, Helix Nebula)
2
Outline
• What is Cloud…?
• Using Cloud (technically)
• Using cloud (non-technical)
• Available resources
What is cloud?
A Working Definition of Cloud Computing
• Cloud computing is a model for enabling convenient, on-demand
network access to a shared pool of configurable computing resources
(e.g., networks, servers, storage, applications, and services) that can
be rapidly provisioned
and released
with
minimal
management effort
Walloms
Def:
If
a
user
speaks
or service provider interaction.
to promotes
a person
to get
to of five
• This cloud model
availability
and access
is composed
essential characteristics,
three
models, and four
resources,
itsservice
virtualisation,
deployment models.
if the user gets access through
a computational interface,
expanding and contracting
their available resources at
will, it’s a Cloud!
Courtesy of NIST
5 Essential Cloud Characteristics
• On-demand self-service
• High performance network access
• Resource pooling Location independence
• Rapid elasticity/service scalability
• Measured service/usage is accounted for
Courtesy of NIST
3 Cloud Service Models
3 Cloud Service Models
• SaaS: Software as a Service –> Google Apps, salesForce.com, Facebook,
Microsoft Office 365;
use
deployed
SaaS
provider
3 Cloud Service Models
• SaaS: Software as a Service –> Google Apps, salesForce.com, Facebook,
Microsoft Office 365;
• PaaS: Platform as a Service –> Google App Engine, Force.com, Azure
Platform, Oracle Fusion;
use
deployed
Applicatio
n
package
PaaS
provider
Microsoft Azure
Azure Services Platform
™
.NET
PHP
Python
Ruby
Web Standards + Industry Standards
Visual Studio and Eclipse
…
3 Cloud Service Models
• SaaS: Software as a Service –> Google Apps, salesForce.com, Facebook,
Microsoft Office 365;
• PaaS: Platform as a Service –> Google App Engine, Force.com, Azure
Platform;
• IaaS: Infrastructure as a Service –> Amazon Web Services, EGI Fed Cloud,
100%IT
use
instantiated
OS
image
IaaS
provider
Amazon AWS
Elastic
Compute
Cluster
(EC2)
CloudFront
Amazon
AWS
Simple
Queue
Servcie
(SQS)
SimpleDB
Simple
Storage
Service (S3)
4 Deployment Models
• Private cloud
– enterprise owned or leased, e.g operated by your institutional IT support
• Community cloud
– shared infrastructure for specific community, e.g. provided only to specific sectors, e.g. EBI
• Public cloud
– Sold to the public, mega-scale infrastructure, e.g. Amazon
• Hybrid cloud
– composition of two or more clouds, e.g. what it says on the tin!
Courtesy of NIST
Common Cloud Characteristics
• Cloud computing often leverages:
– Massive scale (beyond a single projects scaling)
– Homogeneity
– Virtualization
– Resilient computing
– Low cost software
– Geographic distribution
– Service orientation
– Advanced security technologies
Courtesy of NIST
The NIST Cloud Definition Framework
Hybrid Clouds
Deployment
Models
Service
Models
Community
Cloud
Private
Cloud
Software as a
Service (SaaS)
Public Cloud
Platform as a
Service (PaaS)
Infrastructure as a
Service (IaaS)
On Demand Self-Service
Essential
Characteristics
Common
Characteristics
High Perf Network Access
Rapid Elasticity
Resource Pooling
Measured Service
Massive Scale
Resilient Computing
Homogeneity
Geographic Distribution
Virtualization
Service Orientation
Low Cost Software
Advanced Security
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com
15
Usage Models of Cloud
Private/Public Multiple Clouds
Amazon cloud
NGS cloud
Azure cloud
Eduserv cloud
Users
• Globally distributed;
• different resources/cost;
• different applications;
• non standardised: different AAA and UI.
EGI cloud
Mediated Private/Public Multiple Clouds
Amazon cloud
UK NGS cloud
Users
Management
Interface
• Automation;
Eduserv cloud
• load balancing;
• costs reduction;
• usability.
EGI cloud
Hybrid Multiple Clouds
EGI cloud
Amazon cloud
Eduserv cloud
NGS cloud
Institutional cloud
• Federation of Local and Global resources
• Elasticity managed by local cloud not user
Users
• different resources/cost;
• different applications;
• non standardised: different AAA but single UI through private provider
Migration Paths for Cloud Adoption
• Use public clouds
• Develop private clouds
– Build a private cloud
– Procure an outsourced private cloud
– Migrate data centers to be private clouds (fully virtualized)
• Build or procure community clouds
– Organization wide SaaS
– PaaS and IaaS
– Disaster recovery for private clouds
• Use hybrid-cloud technology
– Workload portability between clouds
Using an IaaS
Users retains (full) control on:
• operating system:
∙ create, modify or use existing OS images;
∙ VM instantiation and management (start, stop, #VMs);
• networking:
∙ elastic IP, virtual firewalls, isolation (security groups);
• data:
∙ create and manage EBS devices;
∙ snapshotting.
Great flexibility vs. extra effort
Cloud Infrastructure for Research
Centralisation Vs Federation
• Centralisation: one large, dedicated datacentre that serves
the national HEI demand
• Federation: heterogeneous set of infrastructures
coordinated in order to satisfy the HEI demand
Criteria for evaluation
• Funding
• Scalability
• Flexibility
• Maintenance
• Support
•
•
•
•
Accountability
Obsolescence
Competitiveness
Security
Client Tools
Command Line Interface
HybridFox
RightScale Gems RightAws
Cloud Computing Security
Security is the Major Issue
Analyzing Cloud Security
• Some key issues:
– trust, multi-tenancy, encryption, compliance
• Cloud security is a tractable problem
– There are both advantages and challenges
General Security Advantages
• Shifting public data to a external cloud reduces the exposure of the internal sensitive
data
• Cloud homogeneity makes security auditing/testing simpler
• Clouds enable automated security management
• Redundancy / Disaster Recovery
Cloud Security Advantages
• Data Fragmentation and Dispersal
• Dedicated Security Team
• Greater Investment in Security Infrastructure
• Fault Tolerance and Reliability
• Greater Resiliency
• Hypervisor Protection Against Network Attacks
•
•
•
•
•
•
•
•
Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds)
Simplification of Compliance Analysis
Data Held by Unbiased Party (cloud vendor assertion)
Low-Cost Disaster Recovery and Data Storage Solutions
On-Demand Security Controls
Real-Time Detection of System Tampering
Rapid Re-Constitution of Services
Advanced Honeynet Capabilities
General Security Challenges
• Trusting someone else's security model
• Customer inability to respond to audit findings
• Limitations in obtaining support for investigations
• Indirect administrator accountability
• Proprietary implementations can’t be examined
• Loss of physical control
Cloud Security Challenges
• Data dispersal and international privacy laws
• EU Data Protection Directive and U.S. Safe Harbor program
• Exposure of data to foreign government and data subpoenas
• Data retention issues
• Need for isolation management
• Multi-tenancy
• Logging challenges
• Data ownership issues
• Quality of service guarantees
• Dependence on secure hypervisors
• Attraction to hackers (high value target)
• Security of virtual OSs in the cloud
• Possibility for massive outages
• Encryption needs for cloud computing
• Encrypting access to the cloud resource control interface
• Encrypting administrative access to OS instances
• Encrypting access to applications
• Encrypting application data at rest
• Public cloud vs internal cloud security
• Lack of public SaaS version control
Examples of using cloud in research
Cloud Resources Available
• Private Cloud – Various universities and STFC
• Community Cloud – Eduserv, EBI, Magelium
• Public Cloud – Amazon, Elastic-hosts, Microsoft Azure IaaS,
CEMS, 100% IT