Professional Documents
Culture Documents
Fang Liu, Jin Tong, Jian Mao, Robert Bohn, John Messina, Lee Badger v Dawn Leaf
Dch sang ting Vit: L Trung Ngha, letrungnghia.foss@gmail.com Dch xong: 20/11/2011 Bn gc ting Anh: http://collaborate.nist.gov/twiki-cloudcomputing/pub/CloudComputing/ReferenceArchitectureTaxonomy/NIST_SP_500-292_-_090611.pdf
NIST SP 500-292
Kin trc Tham chiu in ton m my ca NIST Nhng khuyn co ca Vin Tiu chun v Cng ngh Quc gia Fang Liu, Jin Tong, Jian Mao, Robert Bohn, John Messina, Lee Badger v Dawn Leaf
Chng trnh in ton m my Phng th nghim Cng ngh Thng tin Vin Tiu chun v Cng ngh Quc gia Gaithersburg, MD 20899-8930 Thng 09/2011
B Thng mi M Rebecca M. Blank, Quyn B trng Vin Tiu chun v Cng ngh Quc gia Patrick D. Gallagher, Th k B trng v Tiu chun v Cng ngh v Gim c
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 2/35
NIST SP 500-292
Nhng thc th, trang thit b hoc t liu nht nh no c th c xc nh trong ti liu ny m t mt th tc hoc khi nim thc nghim mt cch tng xng. Nhng nhn din nh vy khng c nh ng khuyn co hoc chng thc ca Vin Tiu chun v Cng ngh Quc gia, cng khng c nh ng rng cc thc th, t liu hoc trang thit b l nht thit sn sng tt nht cho mc ch .
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 3/35
NIST SP 500-292
Tha nhn
Cc tc gi, Fang Liu, Jin Tong, Jian Mao ca Knowcean Consulting Inc. (cc dch v c mua sm thng qua hp ng SPAWAR ca Hi qun M), Robert Bohn, John Messina, Lee Badger, Dawn Leaf t Vin Tiu chun v Cng ngh Quc gia (NIST), mong c cm n cc ng nghi ca h, nhng ngi r sot li cc phc th o ca ti liu ny v ng gp cho n i dung k thut ca ti liu. Cc tc gi tha nhn v nh gi cao vi lng bit n nhng ng gp to ln t cc thnh vin ca Nhm Lm vin v Nguyn tc phn loi v Kin trc Tham chi u v i Phn tch v Kin trc Tham chiu in ton m my (TM) ca NIST.
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 4/35
NIST SP 500-292
Mc lc
Tng quan.............................................................................................................................................6 1. Gii thiu..........................................................................................................................................8 1.1 Bi cnh.....................................................................................................................................8 1.2 Mc tiu.....................................................................................................................................8 1.3 Bo co ny c thc hin nh th no.............................................................................9 1.4 Cu trc ca bo co................................................................................................................10 2. Kin trc tham chiu TM: Tng quan.......................................................................................11 2.1 M hnh tham chiu khi nim................................................................................................11 2.2 Ngi s dng m my..........................................................................................................13 2.3 Nh cung cp m my............................................................................................................14 2.4 Nh kim ton m my..........................................................................................................15 2.5 Nh mi gii m my............................................................................................................16 2.6 Nh vn chuyn m my........................................................................................................16 2.7 Phm vi kim sot gia nh cung cp v ngi s dng.........................................................16 3. Kin trc tham chiu TM: Cc thnh phn kin trc................................................................18 3.1 Trin khai dch v....................................................................................................................18 3.2 Dn phi dch v......................................................................................................................20 3.3 Qun l dch v m my........................................................................................................21 3.3.1 H tr nghip v..............................................................................................................22 3.3.2 Cp pht v thit lp cu hnh..........................................................................................22 3.3.3 Tnh kh chuyn v tnh tng hp.................................................................................22 3.4 An ninh.....................................................................................................................................23 3.4.1 Vin cnh ca m hnh dch v m my........................................................................23 3.4.2 Quan h mt thit ca cc m hnh trin khai m my..................................................24 3.4.3 Trch nhim v an ninh c chia s...............................................................................24 3.5 Tnh ring t.............................................................................................................................24 4. Nguyn tc phn loi m my......................................................................................................25 Ph lc A: Cc khi nim v nh ngha v nguyn tc phn loi ca m my...............................27 Ph lc B: Nhng v d v cc dch v m my..............................................................................31 Ph lc C: Cc t vit tt....................................................................................................................33 Ph lc D: Ti liu tham kho............................................................................................................34
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 5/35
NIST SP 500-292
Tng quan
S p dng TM trong chnh ph M (USG) v s trin khai ca n ph thuc vo m t lo t cc yu t k thut v phi k thut. Mt im tham chiu c bn, da vo nh ngha TM c a NIST, l cn thit m t ton b khung cng vic c th c chnh ph s d ng m t cch r ng ri. Ti liu ny trnh by Nguyn tc phn loi (Tax) v Kin trc tham chiu (RA) TM ca NIST s truyn t mt cch chnh xc cc thnh phn v cc cho hng ca TM. Nhng nguyn tc ch dn c s dng to ra RA tng l: (1) Pht trin mt ki n trc trung l p v i nh cung c p l nht qun vi nh ngha ca NIST; (2) pht trin mt gii php khng bp nght i mi sng to vi vic xc nh mt gii php k thut b sai khin. Gii php ny s to ra mt sn chi bnh ng cho nn cng nghip tho lun v so snh nhng cho mi m my ca h vi USG. K t qu RA v Tax cho TM c pht trin nh mt m hnh da vo Tc nhn / Vai tr a ra c nhng yu t trng tm ca TM cho cc CIO Lin bang, cc quan ch c mua s m v nh ng ngi qun l cc chng trnh cng ngh thng tin (CNTT). Bc tranh v m my l m v a dng v i theo vi Tax cung cp mt phng tin m t n theo m t cch th c khng m h . RA c trnh by trong 2 phn: mt khi qut y v cc tc nhn vi cc vai tr c a h v cc thnh phn kin trc cn thit cho vic qun l v cung cp cc dch v m my nh s trin khai dch v, dn phi dch v, qun l, an ninh v tnh ring t ca cc d ch v m my. Nguyn t c phn loi (Tax) c trnh by trong phn ring ca n v trong cc ph l c chuyn cho nh ng khi nim v nhng nh ngha v nhng v d ca cc dch v m my. Khi qut kin trc tham chiu (RA) m t 5 tc nhn chnh vi cc vai tr v trch nhi m c a h c s dng nguyn tc phn loi (Tax) TM mi c pht trin. 5 tc nhn tham gia ch cht l Ngi s dng m my, Nh cung cp m my, Nh mi gii m my, Nh ki m ton m my v Nh vn chuyn m my. Nhng c nhn ct li ny c nhng vai tr chnh trong thc tin c a TM. V d, mt Ngi s dng m my l mt c nhn hoc t ch c ginh c v s d ng cc sn phm v dch v m my. Nh thu cung cp cc s n ph m v d ch v l Nh cung c p m my. Do cc cho hng dch v c kh nng (Phn mm, Nn tng hoc H tng) c php t nh cung cp m my, s c mt s dch chuyn theo mc cc trch nhim i vi mt s kha cnh v phm vi kim sot, an ninh v cu hnh. Nh mi gii m my hnh ng nh bn trung gian gia ngi s dng v nh cung cp v s gip cho nhng ngi s dng vt qua c s phc tp ca cc li cho dch v m my v cng c th to ra cc d ch v m my gi tr gia tng. Nh kim ton m my cung cp mt chc nng vn d c gi tr cho chnh ph bng vic tin hnh gim st an ninh v hiu nng ca cc dch v m my mt cch c lp. Nh v n chuyn m my l t chc c trch nhim truyn cc d liu ging nh ngi phn phi in cho li in. Cc thnh phn kin trc ca RA m t nhng kha cnh quan trng ca trin khai d ch v v dn phi dch v. Ton b s qun l dch v ca m my c tha nhn nh mt yu t quan trng trong s kin trc. Cc c ch h tr nghip v l sn sng chp nhn cc vn qun l khch hng nh cc hp ng, kim ton v t gi v l sng cn cho TM. M t th o lu n v vic cp pht v cu hnh ch ra cc yu cu i vi cc h thng m my s sn sng khi cn thit, c o m v c s qun l cc tha thun mc dch v (SLA) tha ng sn sng. Cc vn v tnh tng hp v tnh kh chuyn v d liu, cc h thng v cc dch v l cc yu t sng cn m cc khch hng i mt trong vic p dng m my cng c tin hnh y. Cc khch hng cn s tin cy trong vic chuyn cc d liu v dch v ca h xuyn kh p nhi u mi tr ng m my.
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 6/35
NIST SP 500-292
Nh mt thnh phn kin trc chnh ca m my, nhng lo ngi v an ninh v s ring t c n ph i c gii quyt v cn phi c mt mc t tin v tin tng to ra c m t b u khng kh tha nhn trong kh nng ca m my cung cp mt h thng ng tin cy v ch c ch n. Cc trch nhim v an ninh, cn nhc v an ninh cho cc m hnh dch v m my v cc m hnh trin khai khc nhau cng s c bn tho ti.
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 7/35
NIST SP 500-292
1. Gii thiu
1.1 Bi cnh
Vin Tiu chun v Cng ngh Quc gia (NIST) c Gim c Thng tin (CIO) Lin bang Vivek Kundra ch nh lnh o v k thut cho nhng n lc ca cc c quan ca USG c lin quan ti vic p dng v pht trin cc tiu chun TM. Mc tiu l tng t c cho chnh ph lin bang trong p dng TM c an ninh v hiu qu gim chi ph v ci thi n cc d ch v . Chin lc ca NIST l xy dng mt L trnh Cng ngh TM ca USG tp trung vo cc yu cu c u tin cao nht v TM i vi USG v an ninh, tnh tng h p v tnh kh chuy n, v dn dt nhng n lc pht trin cc tiu chn v ch dn vi s tham v n v c ng tc ch t ch v i cc c quan tiu chun, khu vc t nhn v nhng ngi tham gia ng gp khc. Chng trnh TM ca NIST tng c khi xng chnh thc vo thng 11/2010 h tr cho n lc ca chnh ph lin bang kt hp TM nh mt s thay th, hoc s ci tin cho cc m hnh ng dng v h thng thng tin nhng ni ph hp. Chng trnh TM ca NIST vn hnh trong s phi hp vi nhng n lc khc v TM rng khp trong USG (cc H i ng CIO / ISIMC, ...) v c tch hp vi K hoch 1 Ci cch Qun l CNTT 25 im ca Lin bang v Chin lc2 TM Lin bang. NIST to ra cc nhm lm vic sau a ra chi n l c h ng vo cng ngh v ch dn da vo cc tiu chun cho n lc trin khai TM ca Lin bang: 1. Nhm lm vic v Trng hp Nghip v ch TM 2. Nhm lm vic v Kin trc Tham chiu v Nguyn tc phn loi TM 3. Nhm lm vic v L trnh cc Tiu chun TM 4. Nhm lm vic SAJACC TM 5. Nhm lm vic v An ninh TM
1.2 Mc tiu
nh ngha TM ca NIST [1] c tha nhn rng ri nh mt ng gp c gi tr h ng t i vic cung cp mt s hiu bit r rng v cc cng ngh TM v cc dch v m my. N a ra mt nguyn tc phn loi r rng v n gin ca 3 m hnh dch v s n sng cho nh ng ng i tiu dng m my: phn mm nh mt dch v m my (SaaS), nn t ng nh mt d ch v m my (PaaS) v h tng nh mt dch v m my (IaaS). N cng tm tt 4 m hnh trin khai m t cch m h tng in ton phn phi nhng dch v ny c th c chia s : m my ring, m my cng ng, m my cng cng v m my lai. Cui cng, nh ngha ca NIST cng a ra mt quan im thng nht v 5 c tnh c bn m tt c cc dch v m my u c: t ph c v theo nhu cu, truy cp mng rng ri, bn rt ti nguyn, tnh n hi mm do cao v dch v o m c.
1 Vn phng Qun l v Ngn sch, Gim c Thng tin Lin bang M Vivek Kundra, K ho ch tri n khai 25 i m ci cch qun l cng ngh thng tin lin bang, thng 12/2010. http://www.cio.gov/documents/25-PointImplementation-Plan-to-Reform-Federal%20IT.pdf 2 Vn phng Qun l v Ngn sch, Gim c Thng tin Lin bang M Vivek Kundra, Chi n l c TM Lin bang, thng 02/2011. http://www.cio.gov/documents/Federal-Cloud-Computing-Strategy.pdf
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 8/35
NIST SP 500-292
Nhng dch v ny v s phn phi ca chng l ct li ca TM. Trong m hnh TM, s t p trung ban u l vo mt phng php kinh t hn trong vic cung c p cc d ch v nhanh h n v cht lng cao hn chi ph thp hn cho nhng ngi s dng. Trong m hnh phn phi dch v CNTT truyn thng, c mt s nhn mnh rng ln vo vic mua sm, duy tr v vn hnh h tng c lin quan v phn cng cn thit. M hnh TM xc tc cho cc quan ch c mua s m v nh ng ngi qun l cc d n CNTT, cc CIO hng s ch c a h t i s t o ra cc d ch v i m i sng to cho nhng ngi tiu dng. c c s phn phi dch v thnh cng, USG cn m bo tin c y trong phn ph i cc s n phm v qui trnh. Bng vic m bo cc tiu chu n ph hp v b n lu s n sng cho TM trong an ninh, tnh kh chuyn cc d liu v tnh tng hp cc dch v, USG s c c s tin cy b sung cn thit chuyn cc ng dng ca h vo m my. Cc tiu chun cn thi t cng s thc y thm ch mt sn chi bnh ng gia cc nh cung cp dch v m my v trao cho nhng ngi tiu dng dch v m my mt s la chn khc nhau trong th tr ng v s tin c y rng cc d liu v ng dng ca h s vn hnh trong bt k m my no. Cc tiu chun cho TM l mc tiu tng th ca chng trnh TM ca NIST; bc logic phi tin hnh sau s hnh thnh nh ngha TM ca NIST l to ra mt im tham chi u trung gian t c th xy dng khung cho nhng phn cn li ca th o lun v TM v b t u xc nh cc phn trong kin trc tham chiu trong cc tiu chun cng theo yu cu, hu dng ho c la chn c. Kin trc tham chiu TM ca NIST c trnh by trong ti li u ny l m t m r ng logic cho nh ngha TM ca NIST. y l mt m hnh khi nim mc cao chung v l m t cng c c hiu qu cho vic tho lun cc yu cu, cc cu trc v cc hot ng c a TM. M hnh ny khng b tri vo bt k sn phm, dch v hoc trin khai tham chiu ca nh cung cp c th no, cng khng xc nh cc gii php sai khin truyn lnh no cm on s i mi sng to. N xc nh mt tp hp cc tc nhn, cc hot ng v cc ch c nng c th c s d ng trong qu trnh pht trin cc kin trc TM v lin quan ti mt nguyn tc ng hnh v phn loi TM. Kin trc tham chiu bao gm mt tp hp cc quan im v m t l c s cho vic th o lun cc c tnh, s dng v cc tiu chun cho TM. M hnh cc tc nhn / vai tr ny c nh s phc v cho nhng mong i ca nhng ngi tham gia ng gp b ng cch cho php h hiu c quan im tng th cc vai tr v cc trch nhim nh gi v ch ra c ri ro. Kin trc tham chiu TM ca NIST tp trung vo cc yu cu v nh ng g cc d ch v m my cung cp, ch khng phi l lm th no thit k gii php v trin khai. Ki n trc tham chiu c nh to thun li cho s hiu bit nhng iu phc tp vn hnh trong TM. N khng trnh by kin trc h thng ca mt h thng TM c th no; thay vo n l mt cng c cho vic m t, tho lun v pht trin mt kin trc c th h thng c s dng mt khung cng vic tham chiu chung. Thit k kin trc tham chiu TM ca NIST phc v cho cc mc ch sau: minh h a v hi u mt lot cc dch v m my trong ng cnh ca m hnh khi nim tng th TM; cung c p mt tham chiu k thut cho cc c quan ca USG nhng tiu chun ng vin v an ninh, tnh tng hp, tnh kh chuyn v nhng trin khai tham chiu.
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 9/35
NIST SP 500-292
tham chiu v nguyn tc phn loi TM ca NIST, h tch cc ho t ng trong kho ng th i gian t thng 11/2010 ti thng 04/2011. Qu trnh ny c lin quan ti s tham gia rng ri t cc t chc ca gii cng nghip, hn lm, cc c quan pht trin tiu chun (SDO) v nhng ngi p dng m my ca khu vc t nhn v nh nc. i d n r sot l i m t cch l p i l p l i m hnh tham chiu bng vic kt hp nhng bnh lun v kin phn h i nh n c t nhm lm vic. Ti liu ny bo co phin bn u tin ca kin trc tham chiu v nguyn l phn lo i TM ca NIST.
1.4 Cu trc ca bo co
Phn cn li ca ti liu ny c t chc nh sau: Phn 2 trnh by tng quan v ki n trc tham chiu TM ca NIST, lit k nhng tc nhn chnh v tho lun v nhng tng tc gia cc tc nhn . Phn 3 i su xung cc chi tit ca cc thnh ph n ki n trc trong m hnh tham chi u. Phn 4 m t nguyn l phn loi c lin quan. Ti liu cng bao g m cc t li u h tr trong cc ph lc. Ph lc A lit k nhng khi nim v nh ngha xut hin trong nguyn t c phn lo i. Ph lc B c mt s v d cc dch v m my. Ph lc C v D li t k nh ng tham chi u v nh ng t vit tt c s dng trong ti liu, mt cch tng ng.
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 10/35
NIST SP 500-292
Hnh 1: M hnh tham chiu khi nim Nh ch ra trong Hnh 1, kin trc tham chiu TM ca NIST xc nh 5 tc nhn chnh: ngi s dng m my, nh cung cp m my, nh vn chuyn m my, nh kim ton m my v nh mi gii m my. Mi tc nhn l mt thc th (mt ngi hoc mt t chc) tham gia trong mt giao dch hoc qui trnh v/hoc thc hin cc tc v trong TM. B ng 1 li t k v n t t cc tc nhn c xc nh trong kin trc tham chiu TM ca NIST. Cc hot ng chung c a cc tc nhn c tho lun trng phn cn li ca phn ny, trong khi cc chi tit v cc y u t ki n trc s c tho lun trong Phn 3. Hnh 2 minh ha nhng tng tc gia cc tc nhn. Mt ngi s dng m my c th i hi cc dch v m my t mt nh cung cp m my mt cch trc tip hoc thng qua mt nh mi gii m my. Mt nh kim ton m my tin hnh nhng kim ton c lp v c th lin h v i nhng tc nhn khc thu thp cc thng tin cn thit. Cc chi tit s c tho lun trong cc phn sau v c trnh by mc cc chi tit ngy mt gia tng theo cc s k tip. Tc nhn nh ngha Ngi s dng Mt ngi hoc t chc duy tr mt mi quan h nghip v vi, v s dng d ch m my v t, cc nh cung cp m my. Nh cung cp Mt ngi, t chc hoc thc th c trch nhim lm cho mt dch v s n sng m my cho cc bn c quan tm. Nh kim ton Mt bn c th tin hnh nh gi c lp v cc dch v m my, cc ho t m my ng h thng thng tin, hiu nng v an ninh ca trin khai m my.
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 11/35
NIST SP 500-292
Tc nhn
nh ngha
Nh mi gii Mt thc th qun l s dng, hiu nng v phn phi cc dch v m my, v m my thng tho cc mi quan h gia cc nh cung cp m my v nhng ngi s dng m my. Nh vn chuyn Mt ngi trung gian cung cp kt ni v giao thng ca cc d ch v m my m my t cc nh cung cp m my cho nhng ngi s dng m my. Bng 1. Cc tc nhn trong TM
Hnh 2: Tng tc gia cc tc nhn trong TM V d kch bn s dng 1: Mt ngi s dng m my c th yu cu d ch v t m t nh mi gi i m my thay v lin h vi mt nh cung cp m my mt cch tr c ti p. Nh mi gi i m my c th to ra mt dch v mi bng vic kt hp nhiu dch v ho c b ng vi c c i thi n m t d ch v ang tn ti. Trong v d ny, ngi s dng m my khng nhn thy cc nh cung cp m my thc th v ngi s dng m my tng tc trc tip vi nh mi gii m my.
Hnh 3: Kch bn s dng cho cc nh mi gii m my V d kch bn s dng 2: Nh vn chuyn m my cung cp kt ni v giao thng ca cc dch v m my t cc nh cung cp dch v m my cho nhng ngi s dng m my. Nh c minh ha trong Hnh 4, mt nh cung cp dch v m my tham gia trong v dn x p cho 2 th a thu n mc dch v (SLA) duy nht, mt vi nh vn chuyn m my (nh SLA2) v m t v i ng i s dng m my (nh SLA1). Nh cung cp m my dn xp cc tha thun mc dch v (SLA) v i nh vn chuyn m my v c th yu cu cc kt ni chuyn dng v c m ha m b o cho cc dch v m my c s dng mt mc nht qun theo cc bn phn h p ng v i nhng ngi s dng m my. Trong trng hp ny, nh cung cp c th ch nh nhng yu cu ca mnh v kh nng, tnh mm do v chc nng trong SLA2 cung cp nhng yu cu c bn trong SLA1. Hnh 4: Kch bn s dng i vi nh vn chuyn m my
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 12/35
NIST SP 500-292
V d kch bn s dng 3: i vi mt dch v m my, mt nh kim ton m my tin hnh nhng nh gi c lp v hot ng v an ninh ca trin khai cc dch v m my. Kim ton c th lin quan ti nhng tng tc vi c ngi s dng m my v nh cung cp m my.
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 13/35
NIST SP 500-292
vo s lng nhng ngi s dng u cui, thi gian s dng, bng thng m ng c s d ng, lng d liu c lu tr hoc khong thi gian cc d liu c lu tr. Nhng ngi s dng PaaS c th s dng cc cng c v cc ngun thc thi do cc nh cung c p m my cung cp pht trin, kim th, trin khai v qun l cc ng d ng c t trong m t mi trng m my. Nhng ngi s dng PaaS c th l nhng lp trnh vin ng d ng ti n hnh thit k v trin khai cc phn mm ng dng, nhng ngi kim th ng d ng ti n hnh ch y v kim th cc ng dng trong cc mi trng da vo m my, cc lp trnh vin ng d ng ti n hnh xut bn cc ng dng trong m my, v cc nh qun tr ng d ng ti n hnh thi t l p c u hnh v gim st s thc thi ca cc ng dng trn mt nn t ng. Nh ng ng i s d ng PaaS c th lm ha n theo vic x l, cc ti nguyn mng v lu tr c ng dng PaaS s d ng v khong thi gian s dng nn tng . Nhng ngi s dng IaaS c s truy cp ti cc my tnh o, l u tr m ng truy c p c, cc thnh phn h tng mng v cc ti nguyn tnh ton c bn khc trong h c th tri n khai v chy cc phn mm ty . Nhng ngi s dng IaaS c th l cc lp trnh vin h thng, cc qun tr vin h thng v nhng ngi qun l CNTT c quan tm trong vic to ra, ci t, qu n l v gim st cc dch v cho cc hot ng ca h tng CNTT. Nh ng ng i s d ng IaaS c cung cp vi cc kh nng truy cp nhng ti nguyn tnh ton ny, v lm ha n theo s l ng hoc khong thi gian cc ti nguyn c s dng, nh s gi CPU c cc my tnh o s dng, lng v khong thi gian cc d liu c lu tr, rng bng thng mng c s d ng, s cc a ch IP c s dng trong nhng khong thi gian nht nh no .
2.3 Nh cung cp m my
Nh cung cp m my l mt ngi, mt t chc; y l thc th c trch nhim lm cho cc d ch v sn sng cho cc bn c quan tm. Nh cung cp m my ginh c v qu n l h t ng tnh ton theo yu cu cho vic cung cp cc dch v, chy cc phn mm m my cung c p cc dch v, v thc hin nhng sp xp phn phi cc dch v m my cho nh ng ng i s d ng m my thng qua s truy cp mng. i vi Phn mm nh mt Dch v, nh cung cp m my trin khai, thit lp cu hnh, duy tr v cp nht hot ng ca cc ng dng phn mm trong mt h tng m my sao cho nh ng d ch v c cung cp cc mc dch v c mong i cho nhng ngi s dng m my. Nh cung cp SaaS lnh hu ht cc trch nhim trong vic qun l v kim sot cc ng dng v h tng, trong khi nhng ngi s dng m my c s kim sot qun tr hn ch i vi cc ng dng. i vi PaaS, nh cung cp m my qun l h tng tnh ton cho nn tng v chy cc phn mm m my cung cp cc thnh phn ca nn tng , nh kho thc thi phn m m th i gian th c, cc c s d liu v nhng thnh phn phn mm trung gian (middleware) khc. Nh cung c p m my PaaS cng thng h tr cho qui trnh pht trin, trin khai v qun l ca ngi s d ng m my PaaS bng vic cung cp cc cng c nh cc mi trng pht trin tch hp (IDE), phin bn pht trin ca phn mm m my, cc b cng c pht trin phn mm (SDK), cc cng c tri n khai v qun l. Ngi s dng m my PaaS c s kim sot i vi cc ng d ng v c th c mt s thit lp mi trng t ch hosting, nhng khng c hoc c s truy cp hn ch ti h tng nm bn trong nn tng nh mng, cc my ch, cc h iu hnh hoc lu tr. i vi IaaS, nh cung cp m my ginh c cc ti nguyn tnh ton v t l n m bn d i cc dch v, bao gm cc my ch, cc mng, h tng lu tr v t ch hosting. Nh cung cp m my chy cc phn mm m my cn thit lm cho cc ti nguyn tnh ton s n sng cho ng i
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 14/35
NIST SP 500-292
s dng m my IaaS thng qua mt tp hp cc giao din dch v v o ha ti nguyn tnh ton, nh cc my tnh o v cc giao din mng o. Ngi s dng m my IaaS ti lt mnh s d ng cc ti nguyn tnh ton , nh mt my tnh o, cho nhng nhu cu tnh ton c b n c a h c kh nng so snh c vi nhng ngi s dng m my SaaS v PaaS, m t ng i s d ng m my IaaS c s truy cp ti nhng mu c bn hn cc ti nguyn tnh ton v v th c s ki m sot ln hn i vi nhiu hn cc thnh phn phn mm, c s kim sot i vi phn cng v t l v phn mm m my m lm cho vic cp pht cc dch v h tng c kh nng, v d , cc my ch vt l, cc trang thit b mng, cc thit b lu tr, cc h iu hnh my ch host v cc trnh o ha cho s o ha. Cc hot ng ca mt nh cung cp m my c th c m t trong 5 lnh v c chnh, c trnh by trong Hnh 7, mt nh cung cp m my tin hnh cc hot ng ca mnh trong cc lnh vc trin khai dch v, dn phi dch v, qun l dch v m my, an ninh v tnh ring t . Cc chi ti t c tho lun trong Phn 3.
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 15/35
NIST SP 500-292
Mt s kim ton tc ng ti tnh ring t c th gip cc c quan Lin bang tun th vi cc lut v qui nh v tnh ring t c p dng iu hnh c tnh ring t ca c nhn, v m bo tnh b mt, tnh ton vn v tnh sn sng ca thng tin c nhn ca m t c th b t k giai o n no ca s pht trin v hot ng [5].
2.5 Nh mi gii m my
Khi TM tin ha, th s tch hp cc dch v m my c th qu phc tp cho nh ng ng i s dng m my qun l. Mt ngi s dng m my c th yu cu cc dch v m my t mt nh mi gii m my, thay v lin h trc tip vi mt nh cung cp m my. Nh mi gi i m my l mt thc th qun l s s dng, s thc thi v phn phi cc d ch v m my v th ng tho cc mi quan h gia cc nh cung cp m my v nhng ngi s dng m my. Ni chung, mt nh mi gii m my c th cung cp cc dch v 3 dng [9]: Trung gian dch v: nh mi gii m my ci tin mt dch v c a ra bng vic thc y mt s kh nng c bit v cung cp cc gi tr gia tng cho ngi s dng m my. S ci tin c th l vic qun l truy cp ti cc dch v m my, qun l nhn di n, bo co v hiu nng, ci tin an ninh, ... Tng hp dch v: nh mi gii m my kt hp v tch hp nhiu dch v vo lm mt hoc cc dch v mi. Nh mi gii cung cp s tch hp d liu v m b o chuy n cc d liu mt cch c an ninh gia ngi s dng m my v nhiu nh cung cp m my. Bun dch v: bun dch v tng t vi tng hp dch v ngoi tr l cc d ch v ang c tng hp s khng l c nh. Bun dch v c ngha l nh mi gii c s mm do chn cc dch v t nhiu c quan. Nh mi gii m my, v d, c th s d ng m t d ch v tnh im tn dng o m v la chn mt c quan vi im tt nht.
2.6 Nh vn chuyn m my
Nh vn chuyn m my hnh ng nh mt trung gian cung cp s kt ni v giao thng c a cc dch v m my gia ngi s dng m my v nh cung cp m my. Nh vn chuyn m my cung cp s truy cp ti ngi s dng thng qua cc thit b mng, truy n thng v cc truy cp khc. V d, ngi s dng m my c th c c cc d ch v m my thng qua cc d ch v truy cp mng nh cc my tnh, my xch tay, in thoi di ng, thit b Internet di ng (MID), ... [1]. S phn phi cc dch v m my thng c cc nh mng v truyn thng ho c mt i l vn chuyn cung cp [8], ni m i l vn chuyn tham chi u ti m t t ch c kinh doanh tin hnh cung cp s vn chuyn vt l phng tin lu tr nh cc a cng dung lng ln. Lu l mt nh cung cp m my s thit lp cc SLA vi mt nh v n chuy n m my cung cp cc dch v mt cch nht qun vi mc SLA c cho cho nh ng ng i s d ng m my, v c th yu cu nh vn chuyn m my cung cp nhng k t n i chuyn d ng v an ninh gia nhng ngi s dng m my v cc nh cung cp m my.
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 16/35
NIST SP 500-292
kho phn mm kinh in c cu to t cc lp h iu hnh, phn mm trung gian v ng dng. Phn tch hnh v cc kim sot ny i vi kho ng dng gip hi u c cc trch nhi m c a cc bn c lin quan trong vic qun l ng dng m my.
Hnh 8: Phm vi cc kim sot gia nh cung cp v ngi s dng Lp ng dng bao gm cc ng dng phn mm nhm ti cc chng trnh hoc nhng ng i s dng u cui. Cc ng dng c nhng ngi s dng SaaS s dng, hoc nhng ngi s dng PaaS, nhng ngi s dng IaaS v cc nh cung cp SaaS ci t/qun l/duy tr. L p ph n m m trung gian cung cp cc khi phn mm (nh cc th vin, c s d liu, v my o Java) cho vic pht trin phn mm ng dng trong m my. Phn mm trung gian c nhng ngi s dng PaaS s dng, nhng ngi s dng IaaS hoc cc nh cung cp PaaS ci t/qu n l/duy tr, v nhng ngi s dng SaaS th khng nhn thy chng. Mt m my IaaS cho php m t ho c nhi u h iu hnh khch chy c mt cch o trn mt my ch host vt l duy nh t. Thng th ng, nhng ngi s dng c s t do rng ri chn h iu hnh no s c t ln trong s tt c cc h iu hnh c th c nh cung cp m my h tr. Nhng ngi s dng IaaS nn lnh ton b trch nhim cho nhng h iu hnh khch, trong khi nh cung cp IaaS kim sot h i u hnh ca my ch host.
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 17/35
NIST SP 500-292
Hnh 9: m my cng cng Mt m my ring trao cho mt t chc duy nht cc khch hng m my s truy c p v s d ng dnh ring i vi cc ti nguyn h tng v tnh ton. N c th c t chc ca nhng ngi s dng m my hoc mt bn th 3 qun l, v c th c t trong nh ca ca t chc (nh cc m my ring ti ch) hoc c a ra thu ngoi ti mt cng ty t ch hosting (nh cc m my ring c thu ngoi). Hnh 10 v Hnh 11 trnh by mt m my ring t i ch v m t m my ring c thu ngoi, mt cch tng ng.
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 18/35
NIST SP 500-292
Mt m my cng ng phc v mt nhm nhng ngi s dng m my c nhng mi quan tm c chia s nh cc mc tiu nhim v, an ninh, tnh ring t v chnh sch tun th , h n l phc v mt t chc duy nht nh m my ring thc hin. Tng t nh cc m my ring, m t m my cng ng c th c cc t chc hoc mt bn th 3 qun l, v c th c trin khai trong nh ca ca ngi s dng (nh m my cng ng ti ch) hoc c thu ngoi t i m t cng ty t ch hosting. Hnh 12 miu t mt m my cng ng c cu t o t m t s t ch c tham gia. Mt ngi s dng c th truy cp cc ti nguyn m my cc b, v c cc ti nguyn ca nhng t chc tham gia khc thng qua nhng kt ni gia cc t ch c c lin quan. Hnh 13 ch ra mt m my cng ng c a ra thu ngoi, ni m pha cc my ch c a ra thu ngoi ti mt cng ty t ch hosting. Trong trng hp ny, mt m my cng ng c thu ngoi xy dng h tng bn ngoi nh ca ca mnh, v phc v mt tp hp cc t chc yu cu v s dng cc dch v m my.
Hnh 13: m my cng ng c thu ngoi Mt m my lai l mt s kt hp ca 2 hoc nhiu hn m my (ring ti ch, cng ng ti ch, ring thu ngoi, cng ng hoc cng cng thu ngoi) vn cn gi l nhng thc th ring bit nhng b rng buc cng nhau bng cng ngh c tiu chun ha hoc s hu c quyn, xc tc cho tnh kh chuyn ca d liu v ng dng. Hnh 14 trnh by mt kiu nhn n gin v mt m my lai c th c xy dng vi mt tp hp cc m my trong 5 ph ng n m hnh
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 19/35
NIST SP 500-292
trin khai.
Hnh 15: Nh cung cp m my Dn phi dch v M hnh 3 lp c s dng trong s miu t ny, miu t vic nhm 3 d ng thnh ph n h th ng m cc nh cung cp dch v m my cn to nn phn phi cc dch v ca h. Trong m hnh c ch ra Hnh 15, nh l lp dch v, y l ni m cc nh cung cp dch v xc nh cc giao din cho nhng ngi s dng m my truy cp cc dch v tnh ton. Truy cp cc giao din ca mi trong s 3 m hnh dch v c cung cp trong lp ny. i u c kh nng, d khng nht thit, rng cc ng dng SaaS c th c xy dng trn nh ca cc thnh phn PaaS v cc thnh phn PaaS c th c xy dng trn nh ca cc thnh ph n IaaS. M i quan h la chn ph thuc gia cc thnh phn ca SaaS, PaaS v IaaS c trnh by b ng th nh nhng thnh phn xp chng ln nhau; trong khi vic t gc ca cc thnh phn i din r ng m i trong s cc thnh phn dch v c th t ng c. V d, mt ng d ng SaaS c th c tri n khai v c t trong cc my o t mt m my IaaS ho c n c th c tri n khai m t cch
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh Trang 20/35
NIST SP 500-292
trc tip trn nh ca cc ti nguyn m my m khng s dng cc my o IaaS. Lp gia trong m hnh l lp kim sot v o ha ti nguyn. Lp ny ch a cc thnh ph n h thng m cc nh cung cp m my s dng cung cp v qun l truy cp ti cc ti nguyn tnh ton vt l thng qua o ha phn mm. Nhng v d ca cc thnh phn o ha ti nguyn bao gm cc yu t phn mm nh cc trnh o ha, cc my o, lu tr d liu o, v cc ngu n tnh ton o khc. S o ti nguyn cn m bo s dng hiu qu, an ninh v ng tin c y cho cc ti nguyn vt l nm bn di. Trong khi cng ngh my o thng c s d ng l p ny, th cc phng tin khc cung cp nhng s o ha phn mm cn thit cng c kh nng. Kha c nh kim sot ca lp ny tham chiu ti cc thnh phn phn mm c trch nhi m cho phn b ti nguyn, kim sot truy cp, v gim st vic s dng. y l dn phn mm gn cng nhau v i v s ti nguyn vt l nm bn di v nhng s o ha phn mm ca chng xc tc cho vi c bn rt ti nguyn, phn b ng, v dch v o m. Mt lot cc phn mm m my ngun m v s hu c quyn l nhng v d ca dng phn mm trung gian ny. Lp thp nht trong kho l lp ti nguyn vt l, bao gm tt c cc ti nguyn tnh ton vt l. Lp ny bao gm cc ti nguyn phn cng, nh cc my tnh (CPU v b nh), cc mng (cc b nh tuyn router, cc tng la, cc b chuyn mch, cc lin kt v giao din mng), cc thnh ph n lu tr (cc cng) v cc yu t h tng tnh ton vt k khc. N cng bao gm cc ti nguyn c s, nh s t nng, qut v iu ha nhit (HVAC), in, truyn thng v cc kha c nh khc ca my mc thit b vt l. Theo sau nhng qui c kin trc h thng, vic sp t v tr theo chiu n m ngang, nh vi c phn lp, trong mt m hnh i din cho cc mi quan h ph thuc cc thnh phn ca lp nm trn hn ph thuc vo lp thp hn lin k vn hnh. Lp kim sot v o ha ti nguyn by ra cc ti nguyn o ca m my trn nh ca lp ti nguyn vt l v h tr cho lp dch v n i m cc giao din dch v m my c by ra cho nhng ngi s dng m my, trong khi nhng ngi s dng m my khng c s truy cp trc tip ti cc ti nguyn vt l.
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 21/35
NIST SP 500-292
3.3.1 H tr nghip v
H tr nghip v i hi tp hp cc dch v c lin quan ti nghip v lm vic v i cc khch hng v cc qui trnh h tr. N bao gm cc thnh phn c s dng chy cc hot ng nghip v m khch hng i mt. Qun l ngi s dng: Qun l cc ti khon ca ngi s dng, m/ng/ch m dt cc ti khon, qun l cc h s ngi s dng, qun l cc mi quan h khch hng bng vic cung cp cc im lin h v gii quyt cc vn ca ngi s dng,... Qun l hp ng: qun l cc hp ng dch v, thit lp/thng tho/ng/chm dt hp ng... Qun l kho: Thit lp v qun l cc catalog dch v, K ton v lm ha n: Qun l thng tin ha n ca ngi s dng, gi i cc cng b ha n, x l cc thanh ton nhn c, theo di cc bo gi, Bo co v kim ton: Gim st cc hot ng ca ngi s dng, to cc bo co, Lm gi v xp hng: nh gi cc dch v m my v xc nh gi, iu tit cc qui nh v gi v khuyn mi da vo h s ca ngi s dng.
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 22/35
NIST SP 500-292
Cc nh cung cp m my nn a ra cc c ch h tr tnh kh chuy n c a d li u, tnh t ng hp ca dch v, v tnh kh chuyn ca h thng [8]. Tnh kh chuyn ca d liu l kh nng c a nhng ngi s dng m my sao chp cc i tng d liu vo hoc ra khi mt m my ho c s dng mt a cho vic truyn b cc d liu. Tnh tng hp dch v l kh nng c a nh ng ngi s dng m my s dng cc d liu v dch v ca h xuyn khp nhiu nh cung c p m my vi mt giao din qun l thng nht. Tnh kh chuyn ca h thng cho php chuy n i m t trin khai ci t my o hon ton dng hoc mt nh my t mt nh cung cp ny sang nh cung cp khc, hoc chuyn i cc ng dng v dch v v cc thnh phn ca chng t mt nh cung cp dch v ny sang nh cung cp dch v khc. Nn c lu rng mt lot m hnh dch v m my c th c nh ng yu c u khc nhau c lin quan ti tnh tng hp v tnh kh chuyn [35]. V d, IaaS i hi kh nng chuyn i d liu v chy cc ng dng trong mt m my mi. V th, cn thit chp c cc nh my o v chuyn i sang cc nh cung cp m my mi, h c th s dng cc cng ngh o ha khc. Bt k nhng m rng c th no ca nh cung cp i vi cc nh my o cn phi c loi b hoc lp trnh li c th kh chuyn c. Trong khi i vi SaaS, s tp trung l vo tnh kh chuy n ca d liu, v v th n l c bn thc hin nhng trch xut v sao lu d li u trong m t nh dng tiu chun.
3.4 An ninh
Sng cn nhn thc c rng an ninh l mt kha cnh ct xuyn su t ki n trc v trn qua khp tt c cc lp ca m hnh tham chiu, tri t an ninh vt l ti an ninh ng dng. V th , cc mi lo v an ninh trong kin trc ca TM khng ch trong ph m vi c a cc nh cung c p m my, m cn cho c nhng ngi s dng m my v cc tc nhn tng ng khc. Cc h thng da vo m my vn cn gii quyt cc yu cu v an ninh nh xc thc, y quyn, tnh s n sng, tnh b mt, qun l nhn din, tnh ton vn, kim ton, gim st an ninh, ph n ng v i s c , v qun l chnh sch an ninh. Trong khi nhng yu cu an ninh ny l khng m i, th chng ta th o lun nhng vin cnh c th ca m my gip tho lun, phn tch v tri n khai an ninh trong mt h thng m my.
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 23/35
NIST SP 500-292
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 24/35
NIST SP 500-292
Cc t vng ng kim sot c nu trong Ph lc A: Cc khi nim v nh ngha v nguyn t c phn loi ca m my.
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 25/35
NIST SP 500-292
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 26/35
NIST SP 500-292
11.An ninh - Tham chiu ti an ninh thng tin. An ninh thng tin c ngha l vi c b o v thng tin v cc h thng thng tin khi s truy cp, s dng, tit l, g y v, s a i ho c ph hy mt cch khng c php cung cp: a) Tnh ton vn, c ngha l vic canh phng chng li s sa i hoc ph hoi thng tin khng c php v bao gm c vic m bo s khng th ph nhn v tnh xc th c ca thng tin; b) Tnh b mt, c ngha l vic gn gi nhng hn ch c trao quyn truy cp v tit l, bao gm bin php bo v tnh ring t ca c nhn v thng tin s hu c quyn.
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 27/35
NIST SP 500-292
c) Tnh sn sng, c ngha l vic m bo truy cp ng lc v tin c y t i v s d ng thng tin. (Ngun: [NGUN: Tiu III ca Lut Chnh ph in t, c u l Lut Qun l An ninh Thng tin Lin bang nm 2002 (FISMA)]). 12. Tnh ring t - Tnh ring t ca thng tin l s thu thp, x l, truy n t, s d ng v sp t cc thng tin c nhn (PI) v cc thng tin nh n di n c m t cch c nhn (PII) mt cch c bo an, ph hp v nht qun thng qua vng i ca n. (Ngun: c p dng t OASIS). Phn mm nh mt Dch v (SaaS) - Kh nng cung cp c cho ng i s d ng s dng cc ng dng ca nh cung cp chy trong mt h tng m my. Cc ng dng l c kh nng truy cp c t mt lot cc thit b khch thng qua mt giao din my trm mng nh mt trnh duyt web (nh th in t da vo web). Ngi s d ng khng qu n l hoc kim sot h tng m my nm bn di, bao gm c mng, cc my ch , cc h iu hnh hoc lu tr, hoc thm ch c cc kh nng ng dng c nhn, v i s ngo i l c th i vi cc thit lp cu hnh ng dng c th c gii hn ca ngi s dng. Nn tng nh mt Dch v (PaaS) - Kh nng c cung cp cho ngi s d ng trin khai bn trn h tng m my cc ng dng c ngi s dng to ra ho c yu c u to ra bng vic s dng cc ngn ng v cc cng c l p trnh c nh cung c p h tr . Ngi s dng khng qun l hoc kim sot h tng m my nm bn di, bao gm c mng, cc my ch, cc h iu hnh hoc lu tr, nhng c s kim sot i vi cc ng dng c trin khai v c th c nhng thit lp cu hnh mi tr ng t ch hosting cc ng dng. (Ngun: nh ngha TM ca NIST). H tng nh mt Dch v (IaaS) - Kh nng c cung cp cho ngi s dng cung cp cc ti nguyn cho vic x l, lu tr, cc mng v cc ti nguyn tnh ton khc ni m ngi s dng c kh nng trin khai v chy cc phn mm ty , c th bao g m cc h iu hnh v cc ng dng. Ngi s dng khng qun l hoc kim sot h tng m my nm bn di nhng c s kim sot i vi cc h iu hnh, lu tr, cc ng dng c trin khai, v c th c s kim sot c gii hn i v i cc thnh ph n k t n i mng chn lc (nh cc tng la ca cc my ch host). (Ngun: nh ngha TM c a NIST). S dng dch v - Mt nh mi gii m my trong hnh ng s dng mt dch v m my. Cung cp dch v - Mt nh mi gii m my trong hnh ng cung c p m t d ch v m my. Kim ton an ninh - nh gi mt cch c h thng mt h th ng m my b ng vic o m cch n tun th tt th no i vi mt tp hp cc tiu ch c thi t l p v an ninh. Kim ton tc ng ti tnh ring t - nh gi mt cch c h th ng m t h th ng m my bng vic o m cch m n tun th tt th no i vi mt tp h p cc tiu ch c nh hng ti tnh ring t. Kim ton hiu nng - nh gi mt cch c h thng mt h thng m my b ng vic o m cch m n tun th tt th no i vi mt tp hp cc tiu ch c thit l p v hiu nng.
13.
14.
15.
19.
20.
===============================================================
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 28/35
NIST SP 500-292
Cc khi nim mc 3: 21. Trung gian dch v - mt nh mi gii trung gian cung cp mt dch v ci thin trc tip cho mt dch v no c phn phi cho mt hoc nhiu ngi s dng dch v , v c bn c gi tr gia tng trn nh ca dch v c a ra c i thi n m t s kh nng nht nh. (Ngun: Gartner). Tng hp dch v - Dch v mi gii tng hp kt hp nhiu dch v vo thnh mt hoc nhiu hn cc dch v mi. N s m bo rng cc d li u c m hnh ha xuyn khp tt c cc dch v thnh phn v cng c tch hp bng vic m bo cho s chuyn dch v an ninh ca d liu gia ngi s dng dch v v nhiu nh cung cp dch v. (Ngun: Gartner). Bun (n chnh lch) dch v - Bun dch v m my l tng t v i t ng h p d ch v m my. S khc bit gia chng l vic cc dch v ang c tng hp s khng l c nh. Qu thc mc tiu ca bun l cung cp nhng la chn v tnh mm do v ch ngha c hi cho nh tng hp dch v, nh, cung cp dch v nhiu th in t thng qua mt nh cung cp dch v hoc a ra mt dch v tnh im tn d ng ki m tra i m s ca nhiu c quan v chn ra im s tt nht. (Ngun: Gartner). m my ring - H tng m my c vn hnh ch cho mt t chc. N c th c t chc hoc bn th 3 qun l v c th tn ti trong nh ca ca t ch c ho c bn ngoi. (Ngun: nh ngha TM ca NIST). m my cng ng - H tng m my c vi t chc chia s v h tr mt cng ng nht nh chia s cng cc mi quan tm (nh, nhim v, cc yu cu v an ninh, chnh sch v nhng cn nhc tun th). N c th c cc t chc hoc mt bn th 3 qun l v c th tn ti trong hoc bn ngoi nh ca ca cc t chc. (Ngun: nh ngha TM ca NIST). m my cng cng - H tng m my c lm sn sng cho cng chng chung hoc mt nhm cng nghip ln v c mt t chc bn cc dch v m my s h u. (Ngun: nh ngha TM ca NIST). m my lai - H tng m my l mt s kt hp ca 2 ho c nhi u h n m my (ring, cng ng hoc cng cng) m vn gi cho cc thc th duy nht nh ng rng bu c cng vi nhau bng cng ngh c tiu chun ha hoc s hu c quy n, chng xc tc cho tnh kh chuyn ca d liu v ng dng (nh, vic bng n cc m my cho vic cn bng ti gia cc m my). (Ngun: nh ngha TM ca NIST). cp. 29. 30. 31. Lp dch v - Xc nh cc dch v c bn c cc nh cung cp m my cung
22.
23.
24.
25.
26.
27.
28.
Lp ti nguyn vt l - Bao gm tt c cc ti nguyn vt l c s d ng cung cp cc dch v m my, ng ch nht, phn cng v c s trang thit b. Lp o ha v kim sot - a ra cc yu t phn mm, c s d ng nh n ra h tng trn mt dch v m my c th c thit lp. Tnh kh chuyn - (1) Kh nng truyn cc d liu t mt h thng ny sang h thng khc m khng i hi to li hoc vo li cc m t d liu hoc sa i ng k ng dng ang c chuyn. (2) Kh nng ca phn mm hoc mt h thng chy trn nhiu hn mt dng hoc kch c my tnh di hn 1 h iu hnh. Xem POSIX. (3) V thit b, cht lng c kh nng hot ng bnh thng trong khi ang chuyn ch. [Ngu n: Tiu
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 29/35
NIST SP 500-292
chun Lin bang 1037C]. 32. Tnh tng hp - Kh nng giao tip, chy cc chng trnh, hoc truyn d liu gia nhiu n v chc nng di cc iu kin c ch nh. [Ngun: T in Tiu chun Quc gia M v CNTT (ANSDIT)]. Vic cp pht/Thit lp cu hnh - qui trnh chun b v trang b cho mt m my cho php n cung cp cc dch v (mi) cho nhng ngi s dng ca n. Cc im cui di ng - Mt thit b vt l, thng c ngi s dng mang m cung cp mt giao din ngi/my cho cc dch v v ng dng m my. M t i m cu i di ng c th s dng nhiu phng php v giao thc kt ni ti cc dch v v ng d ng m my. Cc im cui c nh - Mt thit b vt l, c nh ti a im ca n, cung cp mt giao din ngi/my cho cc dch v v ng dng m my. Mt i m cu i c nh thng s dng mt phng php v giao thc kt ni ti cc dch v v ng d ng m my.
33. 34.
35.
=============================================================== Cc khi nim mc 4: 36. Tnh kh chuyn ca d liu - Kh nng truyn d liu t mt h thng ny sang mt h thng khc m khng i hi to li hoc vo li cc m t d liu hoc sa i ng k ng dng c truyn. [Ngun: Tiu chun Lin bang 1037C]. Tnh tng hp dch v - Kh nng giao tip, chy cc chng trnh, hoc truyn d liu gia nhiu dch v m my khc nhau di nhng iu kin c ch nh. [Ngun: c sa i t T in Tiu chun Quc gia M v CNTT (ANSDIT)]. Tnh kh chuyn h thng - Kh nng ca mt dch v chy trong mt hoc nhiu dng hoc kch c m my. [Ngun: c sa i t Tiu chun Lin bang 1037C]. Vic cp pht nhanh - T ng trin khai h thng m my da vo dch v/cc ti nguyn/cc kh nng theo yu cu. Thay i ti nguyn - Chnh cu hnh/ch nh ti nguyn cho nhng sa cha, nng cp v tham gia vo cc nt mi trong m my. Gim st v bo co - Pht hin v gim st cc ti nguyn o, gim st cc ho t ng v s kin ca m my, v to ra cc bo co v s thc thi. o m - Cung cp kh nng o m mt vi mc o ha ph hp vi dng dch v (nh lu tr, x l, rng bng thng v cc ti khon tch cc ca ngi s dng). Qun l SLA - Hon thin nh ngha hp ng SLA (da vo s vi cht lng cc tham s dch v), vic gim st SLA, v tun th SLA, theo cc chnh sch c xc nh.
37.
43.
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 30/35
NIST SP 500-292
Ph lc B: Nhng v d v cc dch v m my
Mt vi v d cc dch v m my sn sng cho mt ngi s dng m my c li t k bn d i [13]: Cc dch v SaaS: Th in t v sn xut vn phng: Cc ng dng cho th in t, x l vn b n, b ng tnh, trnh din, Lp ha n: Cc dch v ng dng qun l ha n ca ngi s d ng d a trn s s dng v thu bao cc sn phm v dch v. Qun l quan h khch hng (CRM): Cc ng dng CRM tri t cc ng dng ca trung tm gi ti t ng ha nhn lc bn hng. Cng tc: Cc cng c cho php nhng ngi s dng cng tc trong cc nhm lm vic, bn trong cc doanh nghip v xuyn cc doanh nghip. Qun l ni dung: Cc dch v cho vic qun l sn xut v truy c p n i dung i v i cc ng dng da trn web. Ti chnh: Cc ng dng cho vic qun l cc qui trnh ti chnh tri t x l v bo gi chi tiu cho ti qun l thu. Cc ngun nhn lc: Phn mm cho vic qun l cc chc nng ngu n nhn l c trong cc cng ty. Bn hng: Cc ng dng c thit k c bit cho cc chc nng bn hng nh bo gi, theo ri tin hoa hng, Cc mng x hi: Phn mm x hi thit lp v duy tr mt s kt ni gia nh ng ng i s dng c rng buc trong mt hoc nhiu dng nht nh nhng s ph thuc ln nhau. Lp k hoch ngun lc doanh nghip (ERP): H thng tch hp da trn my tnh c s dng qun l cc ti nguyn ni b v bn ngoi, bao gm cc ti s n h u hnh, cc ngun ti chnh, cc nguyn vt liu v cc ngun nhn lc. Tri thc nghip v: Cc nn tng cho s to ra cc ng dng nh cc b ng i u khi n (dashboard), cc h thng bo co v phn tch d liu. C s d liu: Cc dch v cho cc gii php c s d liu quan h c kh nng m r ng phm vi hoc cc kho cha d liu phi SQL c kh nng m rng v phm vi. Pht trin v kim th: Cc nn tng cho s pht trin v ki m th cc vng pht tri n ng dng, m rng v hp ng khi cn thit. Tch hp: Cc nn tng pht trin cho vic xy dng cc ng dng tch hp trong m my v bn trong doanh nghip. Pht trin ng dng: Cc nn tng ph hp cho s pht trin ng dng c cc mc ch chung. Nhng dch v ny a ra cc c s d liu, cc mi trng th i gian th c cho cc
Cc dch v PaaS:
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 31/35
NIST SP 500-292
ng dng web, Cc dch v IaaS: Sao lu v phc hi: Cc dch v cho vic sao lu v phc hi cc h th ng v cc kho d liu th trn cc my ch v cc h thng my bn. Tnh ton: Cc ti nguyn my ch cho vic chy cc h thng da vo m my c th c cung cp ng v c thit lp cu hnh khi cn thit. Cc mng phn phi ni dung (CDN - Content Delivery Network): CND cha cc ni dung v cc tp ci thin hiu nng v chi ph ca vic phn ph i n i dung cho cc h th ng da trn web. Qun l dch v: Cc dch v qun l cc nn tng h tng m my. Nh ng cng c ny thng cung cp cc tnh nng m cc nh cung cp m my khng cung cp hoc chuyn mn ha trong vic qun l cc cng ngh ng dng nht nh. Lu tr: Kh nng lu tr c th m rng phm vi mt cch khng l m c th c s dng cho vic lu tr cc ng dng, sao lu, lu tr v tp.
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 32/35
NIST SP 500-292
Ph lc C: Cc t vit tt
CDN - Content Delivery Networks - Cc mng phn phi ni dung CIO - Chief Information Officer - Gim c thng tin CRM - Customer Relationship Management - Qun l quan h khch hng ERP - Enterprise Resource Planning - Ln k hoch ngun lc doanh nghip HVAC - Heating, Ventilation and Air Conditioning - Lm nng, qut v iu ha nhit IaaS - Cloud Infrastructure as A Service - H tng m my nh mt dch v IT - Information Technology - Cng ngh thng tin - CNTT MID - Mobile Internet Devices - Cc thit b Internet di ng NIST - National Institute of Standards and Technology - Vin Tiu chun v Cng ngh Quc gia OS - Operating System - H iu hnh QoS - Quality of Service - Cht lng dch v SaaS - Cloud Software As A Service - Phn mm m my nh mt dch v SAJACC - Standards Acceleration to Jumpstart the Adoption of Cloud Computing - Tng tc cc Tiu chun y nhanh p dng in ton m my SDO - Standards Development Organization - T chc Pht trin Tiu chun SLA - Service Level Agreement - Tha thun mc dch v PaaS - Cloud Platform As A Service - Nn tng m my nh mt dch v PI - Personal Information - Thng tin c nhn PII - Personally Identifiable Information - Thng tin nhn din c c nhn USG - US government - Chnh ph M
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 33/35
NIST SP 500-292
[3] NIST SP 800-53, Recommended Security Controls for Federal Information Systems and Organizations, http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3final_updated-errata_05-01-2010.pdf [4] Federal Cloud Computing Strategy, http://www.cio.gov/documents/Federal-Cloud-ComputingStrategy.pdf [5] Chief Information Officers Council, Privacy Recommendations for Cloud Computing, http://www.cio.gov/Documents/Privacy-Recommendations-Cloud-Computing-8-19-2010.docx [6] Office of Management and Budget, Memorandum http://www.whitehouse.gov/sites/default/files/omb/memoranda/fy2007/m07-16.pdf 07-16,
[7] NIST SP 800-144, Guidelines on Security and Privacy Issues in Public Cloud Computing, http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf [8] NIST Cloud Computing Use Cases, http://collaborate.nist.gov/twiki-cloudcomputing/bin/view/CloudComputing/UseCaseCopyFromCloud [9] Gartner, Gartner Says Cloud Consumers Need Brokerages to Unlock the Potential of Cloud Services, http://www.gartner.com/it/page.jsp?id=1064712. [10] IETF internet-draft, Cloud Reference Framework, http://tools.ietf.org/html/draft-khasnabishcloud-reference-framework-00 [11] IBM, Cloud Computing http://www.opengroup.org/cloudcomputing/doc.tpl? CALLER=documents.tpl&dcat=15&gdid=23840 Reference Architecture v2.0,
[12] GSA, Cloud Computing Initiative Vision and Strategy http://info.apps.gov/sites/default/files/Cloud_Computing_Strategy_0.ppt [13] Cloud Taxonomy, http://cloudtaxonomy.opencrowd.com/
Document
(DRAFT),
[14] OASIS, the charter for the OASIS Privacy Management Reference Model Technical Committee, http://www.oasis-open.org/committees/pmrm/charter.php [15] Open Security Architecture (OSA), Cloud Computing Patterns, http://www.opensecurityarchitecture.org/cms/library/patternlandscape/251-pattern-cloud-computing [16] Juniper Networks, Cloud-ready Data Center Reference www.juniper.net/us/en/local/pdf/reference-architectures/8030001-en.pdf [17] Federal Information Security Management Act of 2002 Architecture, (FISMA),
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 34/35
NIST SP 500-292
http://csrc.nist.gov/drivers/documents/FISMA-final.pdf [18] NIST IR-7756, DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture, http://csrc.nist.gov/publications/drafts/nistir7756/Draft-nistir-7756_feb2011.pdf [19] NIST SP 800-61 Rev.1, Computer Security Incident http://csrc.nist.gov/publications/nistpubs/800-61-rev1/SP800-61rev1.pdf [20] Federal Standard 1037C, http://www.its.bldrdoc.gov/fs-1037/ [21] http://www.webopedia.com/TERM/T/taxonomy.html [22] http://en.wikipedia.org/wiki/Enterprise_information_security_architecture [23] http://en.wikipedia.org/wiki/Information_security [24] http://en.wikipedia.org/wiki/Computer_security#Security_architecture [25] The Open Group Architecture Framework http://www.opengroup.org/architecture/togaf9-doc/arch/ (TOGAF), section 21.3, Handling Guide,
[26] IBM, Introducing the IBM Security Framework and IBM Security Blueprint to Realize Business-Driven Security, http://www.redbooks.ibm.com/redpieces/pdfs/redp4528.pdf [27] http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp? topic=/com.ibm.mq.csqzas.doc/sy10280_.htm [28] Cloud Computing Use Cases White Paper, http://groups.google.com/group/cloud-computinguse-cases [29] DMTF, Interoperable incubator/DSP_IS0101_1.0.0.pdf Clouds White Paper, http://www.dmtf.org/about/cloud-
[30] Cloud Security Alliance, Security Guidance for Critical Areas of Focus In Cloud Computing V2.1, www.cloudsecurityalliance.org/csaguide.pdf [31] CISCO, Cisco Cloud Computing - Data Center Strategy, Architecture, and Solutions, http://www.cisco.com/web/strategy/docs/gov/CiscoCloudComputing_WP.pdf [32] SNIA, Cloud Storage for www.snia.org/cloud/CloudStorageForCloudComputing.pdf Cloud Computing,
[33] Stuart Charlton, Cloud Computing and the Next Generation of Enterprise Architecture, http://www.slideshare.net/StuC/cloud-computing-and-the-nextgeneration-of-enterprise-architecturecloud-computing-expo-2008-presentation [34] Morrie Gasser, Building a secure computer system, ISBN 0-442-23022-2, Van Nostrand Reinhold Co., 1988. [35] Security Guidance for Critical Areas of Focus in Cloud https://cloudsecurityalliance.org/wp-content/uploads/2011/07/csaguide.v2.1.pdf Computing,
Vn phng Phi hp Pht trin Mi trng Khoa hc & Cng ngh, B Khoa hc & Cng ngh
Trang 35/35