You are on page 1of 100

Contents | Zoom in | Zoom out

For navigation instructions please click here

Search Issue | Next Page

The

+ Datacenter Trends and Challenges 10
+ Practical Cloud Security 28

MAY 2014
www.computer.org/cloudcomputing

Contents | Zoom in | Zoom out

For navigation instructions please click here

Search Issue | Next Page

Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page

M
q
M
q

M
q

MqM
q
THE WORLD’S NEWSSTAND®

Seeking Editor in Chief

T

he IEEE Computer Society seeks applicants for the
position of editor in chief, serving a two-year term
starting 1 January 2016. The EIC would need to be available for
training and interim activity beginning 1 October 2015.

Prospective candidates are asked to provide (as PDF files),
by 1 August 2014, a complete curriculum vitae, a brief plan
for the publication’s future, and a letter of support from their
institution or employer.

Qualifications and Requirements
Candidates for any IEEE Computer Society editor in chief
position should possess a good understanding of industry,
academic, and government aspects of the specific publication’s
field. In addition, candidates must demonstrate the managerial
skills necessary to process manuscripts through the editorial
cycle in a timely fashion. An editor in chief must be able to
attract respected experts to his or her editorial board.
Major responsibilities include

actively soliciting high-quality manuscripts from potential

authors and, with support from publication staff, helping
these authors publish their manuscripts;
identifying and appointing editorial board members, with the
concurrence of the Publications Board;
selecting competent manuscript reviewers, with the help of
editorial board members, and managing timely reviews of
manuscripts;
directing editorial board members to seek special-issue
proposals and manuscripts in specific areas;
providing a clear, broad focus through promotion of personal
vision and guidance where appropriate; and
resolving conflicts or problems as necessary.

Applicants should possess recognized expertise in the computer
science and computer security community, and must have clear
employer support.

Contact Information
For more information on the search process and to submit
application materials for IEEE Security & Privacy, please contact:
Kathy Clark-Fisher at __________________
kclark-fisher@computer.org.

Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page

M
q
M
q

M
q

MqM
q
THE WORLD’S NEWSSTAND®

Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page

M
q
M
q

M
q

MqM
q
THE WORLD’S NEWSSTAND®

EDITOR IN CHIEF

Mazin Yousif, T-Systems International, mazin@computer.org
_____________

EDITORIAL BOARD
Zahir Tari, RMIT University
Rajiv Ranjan, CSIRO Computational Informatics
Eli Collins, Cloudera
Kim-Kwang Raymond Choo, University of South Australia
Ivona Brandic, Vienna University of Technology
David Bernstein, Cloud Strategy Partners

Alan Sill, Texas Tech University
Omer Rana, Cardiff University
Beniamino Di Martino, Second University of Naples
Samee Khan, North Dakota State University
J.P. Martin-Flatin, EPFL
Pascal Bouvry, University of Luxembourg

STEERING COMMITTEE
Manish Parashar, Rutgers, the State University of New Jersey
Steve Gorshe, PMC-Sierra (Communications Society
liaison; EIC Emeritus IEEE Communications)
Carl Landwehr, NSF, IARPA (EIC Emeritus IEEE S&P)
Dennis Gannon, Microsoft

V.O.K. Li, University of Hong Kong
(Communications Society liaison)
Rolf Oppliger, eSecurity Technologies
Hui Lei, IBM
Kirsten Ferguson-Boucher, Aberystwyth University.

EDITORIAL STAFF

CS MAGAZINE
OPERATIONS COMMITTEE

,BUIZ$MBSL'JTIFSŔ.BOBHJOH&EJUPSŔ
kclark-fisher@computer.org
_________________
Chris Nelson, Mark Gallaher, Cheryl Baltes, Joan
5BZMPS BOE,FSJ4DISFJOFSŔ$POUSJCVUJOH&EJUPST
.POFUUF7FMBTDP +FOOJF;IV.BJŔ1SPEVDUJPO%FTJHO
3PCJO#BMEXJOŔ4FOJPS.BOBHFS &EJUPSJBM4FSWJDFT
+FOOJGFS4UPVUŔ.BOBHFS &EJUPSJBM4FSWJDFT
&WBO#VUUFSţFMEŔ1SPEVDUTBOE4FSWJDFT%JSFDUPS
4BOEZ#SPXOŔ4FOJPS#VTJOFTT%FWFMPQNFOU.BOBHFS
.BSJBO"OEFSTPOŔ4FOJPS"EWFSUJTJOH$PPSEJOBUPS

IEEE Cloud Computing (ISSN 2325-6095) is published quarterly by the IEEE Computer
Society. IEEE headquarters: Three Park Ave., 17th Floor, New York, NY 10016-5997.
IEEE Computer Society Publications Office: 10662 Los Vaqueros Cir., Los Alamitos, CA
90720; +1 714 821 8380; fax +1 714 821 4010. IEEE Computer Society headquarters:
2001 L St., Ste. 700, Washington, DC 20036.

Paolo Montuschi (chair), Erik R. Altman, Maria Ebling, Miguel
Encarnação, Lars Heide, Cecilia Metra, San Murugesan, Shari
Lawrence Pfleeger, Michael Rabinovich, Yong Rui, Forrest
Shull, George K. Thiruvathukal, Ron Vetter, Daniel Zeng

CS PUBLICATIONS BOARD
Jean-Luc Gaudiot (VP for Publications), Alain April,
Laxmi N. Bhuyan, Angela R. Burgess, Greg Byrd,
Robert Dupuis, David S. Ebert, Frank Ferrante, Paolo
Montuschi, Linda I. Shafer, H.J. Siegel, Per Stenström

Subscription rates: IEEE Computer Society members get the lowest rate of US$39
per year. Go to www.computer.org/subscribe to order and for more information on
other subscription prices.

Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page

M
q
M
q

M
q

MqM
q
THE WORLD’S NEWSSTAND®

and Albert Y. practitioners. and timely columns from the luminaries in the field. Khan. Amoroso 21 Enabling On-Demand Science via Cloud Computing Kate Keahey and Manish Parashar FEATURED ARTICLES 40 Cloud Computing Roundtable Mazin Yousif. and researchers need to address when utilizing cloud services? This inaugural issue of IEEE Cloud Computing magazine serves as a forum for the constantly shifting cloud landscape. Martin-Flatin Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . best practices. Khalidi 58 Cloud and Adjacent Technology Trends Emerging Paradigms and Areas for Expansion 50 Standards and Compliance Pascal Bouvry Setting Cloud Standards in a New World Alan Sill 62 Cloud Economics The Costs of Cloud Migration 54 Cloud Security and Privacy Security and Privacy in Cloud Computing Zahir Tari Omer Rana 66 Cloud Management Challenges in Cloud Management J. Zomaya 28 Practical Methods for Securing the Cloud Edward G. Samee U. and Yousef A. Saif Ur Rehman Malik.P. bringing you original research. THEME ARTICLES 10 Trends and Challenges in Cloud Datacenters Kashif Bilal. in-depth analysis.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® 50 CONTENT What will the future of cloud computing look like? What are some of the issues professionals. Johan Krebbers. Stefan Pappe. Tom Edsall.

harassment. All rights reserved. provided that the IEEE copyright notice and a full citation to the origin al work appear on the first screen of the posted copy. For more information. Issue 1 www. advertising. Piscataway. Abstracting and Library Use: Abstracting is permitted with credit to the source. provided the per-copy fee indicated in the code at the bottom of the first page is paid through the Copyright Clearance Center.html.org.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® 62 10 71 May 2014 Volume 1. but not the published version with copyediting.org/cloudcomputing 71 Cloud Experiences and Adoption 74 Cloud Services Elements of Cloud Adoption Applications Portability and Services Interoperability among Multiple Clouds Samee U. proofreading and formatting added by IEEE. Authors and their companies are permitted to post the accepted version of their IEEE-copyrighted material on their own Web servers without permission. Khan Beniamino Di Martino COLUMNS 4 From the Editor in Chief Introducing IEEE Cloud Computing: A Very Timely Magazine 86 StandardsNow Defining Our Terms Alan Sill Mazin Yousif 8 Q&A Q&A with Mazin Yousif.computer. provided such use: 1) is not made for profit. Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to the IEEE Intellectual Property Rights Office. 445 Hoes Lane. and 3) does not imply IEEE endorsement of any third-party products or services. please go to: http://www.ieee. Danvers. 2) includes this notice and a full citation to the original work on the first page of the copy.org/publications_standards/publications/rights/paperversionpolicy. An accepted manuscript is a version which has been revised by the author to incorporate review suggestions.org/web/aboutus/whatis/policies/p9-26. visit www. For more information. Libraries are permitted to photocopy for private use of patrons.ieee.html. Copyright © 2014 IEEE. 222 Rosewood Drive. IEEE prohibits discrimination. NJ 08854-4141 or pubs-permissions@ _________ ieee. and bullying. MA 01923. IEEE Cloud Computing Editor in Chief 78 BlueSkies Streaming Big Data Processing in Datacenter Clouds 90 Cloud Tidbits Today’s Tidbit: VoltDB David Bernstein 93 Cloud and the Law Legal Issues in the Cloud Kim-Kwang Raymond Choo Rajiv Ranjan 84 What’s Trending? 53 IEEE CS Information 70 Advertising Index Intersection of the Cloud and Big Data Eli Collins Reuse Rights and Reprint Permissions: Educational or personal use of this material is permitted without fee. Permission to reprint/republish this material for commercial.

we can focus on more interesting things: the develop- ment of our businesses. and r Visibility: consumers can monitor their deployment parameters such as usage and cost. industry. Put simply. That’s a great vision. A cloud architecture has four key attributes: r Elasticity: the ability to scale up or down as workload resource needs increase or decrease. address users’ security and privacy concerns. Today. r Multitenancy: resources are shared by more than one workload and possibly more than one customer. Why a New Magazine? MAZIN YOUSIF T-Systems International mazin@computer. Cloud computing has progressed and has been adopted in the marketplace at an astonishing pace. platform as a service (PaaS). r Connectivity: the ability to connect to the cloud from anywhere and anytime. or simply the cloud. Cloud computing. cloud computing is a consumer/delivery model in which IT functions are offered as services. Cloud computing promises that we don’t need to worry about running our IT because it will be delivered as a service from inside or outside the enterprise or from the walls of our offices and homes.org ______________ 4 I EEE CLO U D CO M P U T I N G P U B L I SH ED BY T H E I EEE CO M P U T ER S O CI E T Y The cloud vision is still a work in progress. our customers. IEEE Cloud Computing offers a powerful forum in which to highlight cloud chal2325. So. it’s already happening. the cloud is a reality for millions of users all over the world. and software as a service (SaaS). and to some extent. You’ve probably already seen multiple definitions of cloud computing.0 0 © 2014 IEEE Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . anytime from anywhere. have not yet put their full faith in cloud computing. This is a call to action to all researchers and technologists to push the envelope to address current cloud challenges. In other words. is changing how we deploy and run IT. especially enterprises. billed based on usage. cloud computing turns IT expenses from a capital expenditure into an operational expenditure. There are therefore many opportunities for researchers to improve cloud technologies and elevate them to the promised vision. and accessed with an Internet connection. Its basic premise is that consumers—individuals. and discourage lock-in through interoperability among cloud providers.6095/14/$31 . government. encourage innovation. Examples of cloud services include infrastructure as a service (IaaS). academia. and so on—pay for IT services while they’re using them. or simply on having fun. Consumers. instead of spending time on our IT. instill confidence in its promised capabilities. However. there is still work to be done to facilitate its use.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® FROM THE EDITOR IN CHIEF Introducing IEEE Cloud Computing: A Very Timely Magazine IT IS A PLEASURE TO WELCOME YOU TO THE FIRST ISSUE OF IEEE CLOUD COMPUTING.

privacy. exchanging experiences. cloud providers must provide enough monitoring and reporting to give consumers full visibility and control of their deployments in the cloud.org/). issues will be published in August. and social media—exploring their intersection with cloud computing is essential. and so on. aims to provide a platform for “all you need to know about cloud computing. process and governance. We plan to have four issues per annum. These concerns stem from technology. and cloud deployment hiccups. Big Data. This area deals with two key issues: the direct and indirect cost of cloud adoption for customers. For example. cloud computing could easily serve as the main infrastructure in Big Data deployments. If customers are to reap the expected benefits of migrating IT services to the cloud. The magazine will consist of two main sections: areas and columns. As they adopt cloud services. self-protect. typically as a function of how their business/operational/market models evolve and of their existing landscapes. Cloud security and privacy. Cloud services. academic. they must choose the cloud architecture that best matches their business model and IT landscape. The cloud experiences and adoption area will look at topics such as how consumers feel about cloud services. and self-optimize. Cloud architecture. and standardization. The decision was based on many factors. research institutions. and clearing misconceptions. Areas The magazine is soliciting articles from industry and academia in the following areas. and independent professionals. This area also covers the specifics of cloud services for various industry sectors. self-heal. industries and humans evolve. which includes an easy-to-use Web portal. But more importantly.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® lenges and bring their resolutions to the forefront. and December. Cloud management. consumers’ experiences can vary considerably depending on the specifics of the services. The magazine will also be a venue in which to debate the technologies and bring the best to the market. Topics will be presented in an easy-to-read style with the goals of educating. Cloud economics. and r the need to push for better controls such as security. Dedicating a magazine to this topic is the right decision at the right time. broadening horizons. the Internet’s reach becomes truly global. new cloud services will likely evolve as markets develop. government. Magazine Structure IEEE Cloud Computing seeks to foster the evolution of cloud computing and M AY 2 0 14 provide a forum for reporting original research. including. October. the pace and challenges of adoption. the magazine will cover a blend of diverse cloud computing topics from all venues. depending on the number of submitted articles and cloud-related news items. in addition to the current May issue. The vision here is to enable the cloud infrastructure (both hardware and software) to self-configure. mobility. and developing sustainable business models for providers. Consumers adopt cloud computing differently. r the rapid evolution of technologies pertinent to cloud computing. including industry. The frequency may change in the future. and developing best practices. the cloud service provider. The initia________________ tive. Cloud and adjacent technology trends. and the slow progression of legal frameworks to deal with what technology is enabling us to accomplish. This area will look at efforts to further evolve cloud architectures in all their delivery models and deployments.” Thus. offering insight. Because there are usually several trends in the market—for example. IEEE Cloud Computing is the newest addition to the IEEE portfolio of magazines. The area is still very much a work in progress. Another catalyst that accelerated the decision to establish a magazine on cloud computing is the fast-paced acceptance and growth of the IEEE initiative on cloud computing (http:// ____ cloudcomputing. and considerable research and development remains to be done to enable the cloud to become self-managed and self-governed. r the rapid expansion of the open source cloud software community. That said.ieee. but not limited to r the increasing adoption of cloud computing as a critical platform in the market. In 2014. Concerns about cloud security and privacy often make consumers and enterprises tread slowly and cautiously with their sensitive and critical data. The cloud and adjacent technology trends area will focus on commonalities between current trends and cloud computing. thereby increasing its robustness and performance and reducing its operational costs. I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 5 M q M q M q MqM q THE WORLD’S NEWSSTAND® . and the underlying service-level agreement (SLA). This area deals with the command and control of the cloud. national and international laws. Cloud experiences and adoption. cloud services crossing international borders.

government. Cloud governance. but it will focus on academic and research news. and so on. edited by David Bernstein of Cloud Strategy Partners. will be similar to Cloud Tidbits. enterprise users. across all areas. But in other cases. Ongoing efforts in industry. We’ll start with the following list and expand it as the market demands evolve: dustry. But what is the point of providing the right tools when people don’t know what governance principles should be enforced or what their enforcement means? Cloud governance goes beyond technology and includes the transparency of the underlying processes.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® FROM THE EDITOR IN CHIEF Some of the promises of lower costs for deploying services in the cloud are true. edited by Alan Sill of Texas Tech. it might become a separate area in the magazine. will cover standardization and compliance issues in cloud computing. or bring new economic models. IEEE Cloud Computing will give all parties a forum in which to voice their opinions. The column might also highlight cloud-related events and technologies from specific startups that are deemed to have a deep impact on the cloud industry. This column will be edited by Kim-Kwang Raymond Choo of the University of South Australia. or government employees. cloud standardization and compliance have received little attention. migrating existing or legacy applications to the cloud could result in a high total cost of ownership (TCO). as practitioners increase their understanding of what governance means in the cloud computing context. whether the deployment is short lived or 24/7. r Cloud and the Law will cover topics related to cloud security. and government are appreciated. W W W. We’ll initially address the topic in a transversal manner. Eli Collins of Cloudera will coedit this column. r What’s Trending? (industry trends intersecting with cloud computing) will look at various industry trends. cloud computing might not be an option because of indirect costs. international laws related to cloud data protection. for applications that need to run 24/7. r Blue Skies (cloud research news). academia. government. The best way to encourage cloud r Cloud Tidbits (cloud technology news). analyze. To incentivize consumers. and so on. and so on. r CloudServ (cloud computing services) will present. do’s and don’ts when multiple providers are involved. For example. I will edit this column until a new editor is assigned. We could also dissect the acquisition of a cloud technology or talk about a cloud competition challenge. or evangelize cloud usage and delivery models. Cloud governance is increasingly mentioned but seldom enforced. and pricing. introduce efficiencies. It will cover all sectors: in- interoperability is to facilitate the standardization of cloud technologies and to define test suites for checking compliance. such as Big Data. facilitate cloud adoption. however.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . Providing cloud consumers with monitoring and reporting tools lets them visualize and control their deployments in the cloud. we need more exotic economic models for using the cloud. taking into consideration multiple dimensions such as performance. We’re currently contemplating adding several other columns: r a column on cloud misconceptions to clear misleading jargon about cloud computing. Interviewees will come from industry. using a cloud might be more expensive than keeping them on premise. how the trends increase cloud adoption or bring new usage or delivery models. privacy. and a clear legal framework outlining what to do when things go wrong. (For example. and mobility. development. Until recently. r a column on cloud benchmarking to compare and contrast cloud offerings from multiple providers. Or. Cloud standardization and compliance. or any other organization. cross-border legal constraints. edited by Rajiv Ranjan of CSIRO. r StandardsNow (cloud standards). the 6 I EEE CLO U D CO M P U T I N G Columns The columns in IEEE Cloud Computing will seek to provide in-depth analysis of cloud-related topics. Such models should work with or without an advanced reservation and whether the cloud provider targets individuals. In the future. Cloud Tidbits will appear in every issue and is expected to be the longest column. social networks. healthcare. academia. functionality. usage. mainly resulting from migration costs. but they must be backed up by stronger voices and actions by major cloud players. or business. r Interview Corner will feature interviews with opinion leaders or cloud experts involved in research. It will investigate how cloud computing facilitates such trends. focusing on the intersection of Big Data and the cloud. what happens to the data if the provider or the consumer goes bankrupt?) Much remains to be learned in this area.CO M P U T ER . and present areas of commonality. academia. will highlight industry cloud technologies and innovations such as those that resolve cloud challenges.

autonomic.P. working on various architecture and development topics. USA) r Zahir Tari (RMIT. UK) r Rajiv Ranjan (CSIRO. we’ll try to make IEEE Cloud Computing the best platform for solving cloud challenges. and green computing. Italy) r Samee U. leading many projects on energy optimization. They also have the energy and commitment to deliver an outstanding magazine. He has also published extensively (more than 70 publications). Contact him at mazin@ _____ computer. He was an IEEE Distinguished Visitors Program speaker from 2008 to 2013. They might also organize special issues. Together. the cloud community. Yousif has an MSc and PhD in electrical engineering and computer engineering. to embrace this magazine and help us develop it into your reference magazine for the best in cloud computing. He was also a chief architect at Numonyx. Switzerland) r Omer Rana (Cardiff University. where he focused on cloud computing. which was responsible for defining the InfiniBand Architecture.er______ cim. he spent some time with IBM xSeries Division in Research Triangle Park. Martin-Flatin (EPFL. North Carolina. Florida. Yousif was with IBM Canada.computer. moderate panels focused on specific cloud themes. highlighting inefficiencies in cloud technologies and deployments. Members of the board will serve as column editors or area editors. virtualization. I’m very excited to have them onboard. He was a principal leader in defining the InfiniBand Architecture and cochaired the management working group in the InfiniBand Trade Association. Editorial Board Finally. He has served as the general chair or program chair for many conferences and serves on the editorial boards of many journals. I encourage you. The company provides integrated solutions for the networked future of businesses and society. Column editors will manage the write-ups for their respective columns.org. Australia) These well-accomplished individuals have extensive experience in cloud computing. and Rutgers) to develop the necessary documentation and paperwork to establish the center. from Pennsylvania State University. Selected CS articles and columns are also available for free at ___ http:// ComputingNow. I’ll assign more area and column editors in the next few months to balance the efforts of each editor. Real challenges still need to be resolved before we can feel comfortable with cloud computing’s promise and vision. and was an assistant professor at Louisiana Tech University. North Carolina State University. Yousif has been an adjunct professor at Duke University. Yousif chairs the advisory board of the European Research Consortium for Informatics and Mathematics (www. International. Before that. USA) r J.org. I’ll also strive to maintain a mix of editors from academia and industry. _________________ I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 7 M q M q M q MqM q THE WORLD’S NEWSSTAND® .org). T-Systems operates information and communication technology (ICT) systems for multinational corporations and public sector institutions. MAZIN YOUSIF is the chief technology officer and vice president of architecture for the Royal Dutch Shell Global account at T-Systems. Before joining T-Systems. promoting the cloud’s positive aspects. Australia) r Alan Sill (Texas Tech University. such as healthcare and automobiles.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® r a column on cloud and governments that looks at how governments position clouds and their use within governments. He is a frequent speaker at academic and industry conferences on various topics related to cloud. Khan (North Dakota State University. These may appear within the next few issues. Global Technology Services. The main role of the area editors is to manage articles submitted in their respecM AY 2 0 14 tive areas. USA) r Beniamino Di Martino (Seconda Universitá di Napoli. I am pleased to announce the IEEE Cloud Computing editorial board: r David Bernstein (Cloud Strategy Partners. We’re in the early days of cloud computing. respectively. USA) r Ivona Brandic (Vienna University of Technology. and a principal engineer at Intel. and the Oregon Graduate Institute. and rewarding outstanding cloud technologies. and r a column on cloud and industry verticals that explores cloud deployments with specific capabilities tailored to various industry sectors. the University of Arizona. or write feature articles. and autonomic computing. He founded the US National _____ Science Foundation Industry/University Cooperative Research Center for Autonomic Computing and then delegated to professors in three universities (Arizona. Austria) r Pascal Bouvry (University of Luxembourg) r Kim-Kwang Raymond Choo (University of South Australia) r Eli Collins (Cloudera. where he focused on the role of phase change memory (PCM) in server architectures and data center optimizations.

Organizations. There is no transparency. For instance. will they be locked in or will they be able to freely move it somewhere else. governments.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® Q&A Q&A with Mazin Yousif. and that service providers. for industries where data is a critical business asset. and drivers for broader adoption. Therefore. People are also concerned that if they move their workloads and data to a service provider. they no longer have physical access to oversee security like they would if it were hosted on a server on premise. Additionally. the open source community. I am confident that these challenges will be addressed in the near future. Interoperability among service providers is another area that needs attention. as they see the positives of increased agility and reduced total cost of ownership. where they can store some data on premise and some off premise. when people send their data to the cloud. and standards bodies will each play a role in the solutions. I EEE CLO U D CO M P U T I N G P U B L I SH ED BY T H E I EEE CO M P U T ER S O CI E T Y 2325. educational institutions. 8 Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . technology companies. key challenges facing the industry today. enterprises are more likely to turn to a hybrid solution. the industry is still trying to figure out what the cloud is and where it is going. Currently. Although addressing these concerns should increase cloud adoption. However. IEEE Cloud Computing Editor in Chief he IEEE Cloud Computing Initiative sat down with Mazin Yousif.0 0 © 2014 IEEE What do you see as the key challenges facing the cloud computing industry today and in the future? Today. service providers do not publish their internal processes or details of technological capabilities. They do not know who has access to their data or how the service provider is protecting their data. Why do you think consumers and enterprises have not put their full faith in cloud computing? Are cloud security and privacy key areas of concern when considering adoption? There is certainly some sensitivity surrounding security and privacy of data that inhibits further cloud adoption by consumers and enterprises. Some of these key challenges are around security and privacy. government. these unknowns keep enterprises from storing their data in the cloud. people want to know what will happen to their data if a service provider goes out of business. if desired? As the cloud industry moves forward. cloud is happening. Publishing internal processes would allow for more transparency and for enterprises to compare the service providers’ processes against their internal processes. which means there are challenges and concerns that still must be addressed. to share his perspective on the future of cloud.6095/14/$31 . and many others are adopting or using the cloud in some way. which is another reason that consumers and enterprises have a hard time placing their data in the cloud. editor in chief of the new IEEE Cloud Computing magazine.

Globally. and although they have been used to some extent.org. I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 9 M q M q M q MqM q THE WORLD’S NEWSSTAND® . and compliance mechanisms to consumers. and legal. ing industry trends and the potential for increasing cloud adoption? Cloud is becoming a major catalyst for the adoption of trends such as big data and mobility.ieee. A collaborative source for all things related to cloud computing and big data. greater adoption is needed. the IEEE Cloud Computing Initiative’s web portal offers many opportunities to participate. governances.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® How can the critical challenges in cloud computing be addressed by key players in the industry? Let’s look at these critical challenges from three angles: technological. For example. and monitoring capabilities to allow consumers to know more about their deployments in the cloud. challenges. Another idea to enhance confidence is third-party auditors that can examine the datacenter deployments on the consumer’s behalf to ensure the service-level agreement is being satisfied. check out cloudcomputing. These are just few examples of means to build confidence. such as online training. including access to upcoming conferences. Service providers need to work with legislatures and governments to draft laws that are fair and can manage and help protect consumers when they put data in the cloud. software-defined environments provide a great deal of flexibility and agility. regulatory. the cloud is a great technology paradigm for all industry sectors. To learn more. and select industry verticals such as the healthcare and automobile sectors. the cloud has allowed many small players to make big dents in these industry trends because they don’t need to have large capital investments. experiences. For example. service providers need to develop innovations that provide more visibility. or functional need. influence. A second related example is building a cloud to provide all the capabilities a university needs. Another use case is higher education. and the intercloud testbed. outreach. We need regulations and laws that govern cloud services and the data that is placed in the cloud. I am confident that the open source community will play a major role in addressing technological challenges. which is to be the best platform available in the market for understanding cloud and how to use it well. education opportunities. publications. And we want to enable a greater adoption of cloud computing by sharing the benefits. service providers also need to embrace technology trends. and online courses. confidence building. From a technology angle. along with featuring the numerous ways to use the cloud. where cloud can play a huge role. developing standards. What are your thoughts on these intersectM AY 2 0 14 IEEE CLOUD COMPUTING WEB PORTAL With cloud computing significantly impacting today’s information and communications ecosystem. Connect with the Cloud Computing Initiative on social media and join our free technical community to learn more about what IEEE is doing in the revolutionary fields of cloud computing and big data. We want to highlight cloud-related news. the portal features the latest news and a variety of resources. Are there a few specific areas that you are excited about highlighting in the new publication that will have a tangible. and technological developments. just minimal operational expenses to run their workloads and services in the cloud. Overall. For example. transparency. It’s evident that there are synergies with cloud/cloud deployments as they relate to big data. We want to publish approaches and methodologies to resolve the current cloud challenges. Building confidence can be accomplished if service providers publish their internal processes. and contribute to this technology. mobility. This way consumers can know who can see or access their data in the cloud and have a baseline to compare against their internal on-premise processes. Industry verticals such as healthcare and automotive have also benefited from using the cloud because a cloud can easily be designed with specific features to satisfy just about any compliance. it would be easy to build a shared research cloud that can be used by any number of universities. future impact for the cloud industry at large? We have a threefold approach to the overall vision of the magazine.

Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page

M
q
M
q

M
q

MqM
q

DATACENTER MANAGEMENT

THE WORLD’S NEWSSTAND®

Trends and
Challenges in Cloud
Datacenters
Kashif Bilal, Saif Ur Rehman Malik, and Samee U. Khan,
North Dakota State University

Albert Y. Zomaya, University of Sydney

Next-generation datacenters (DCs) built on
virtualization technologies are pivotal to the effective
implementation of the cloud computing paradigm. To
deliver the necessary services and quality of service,
cloud DCs face major reliability and robustness
challenges.
loud computing is the next major paradigm shift in information and
communication technology (ICT). Today, contemporary society relies
more than ever on the Internet and cloud computing. According to a
Gartner report published in January 2013, overall public cloud services
are anticipated to grow by 18.4 percent in 2014 into a $155 billion market.1 Moreover, the total market is expected to grow from $93 billion in
2011 to $210 billion in 2016. Figure 1 depicts the public cloud service market size along
with the growth rates. We’ve seen cloud computing adopted and used in almost every
domain of human life, such as business, research, scientific applications, healthcare, and
e-commerce2 (see Figure 2).
The advent and rapid adoption of the cloud paradigm has brought about numerous
challenges to the research community and cloud providers, however. Datacenters (DCs)
constitute the structural and operational foundations of cloud computing platforms.2 Yet,
the legacy DC architectures cannot accommodate the cloud’s increasing adoption rate
and growing resource demands. Scalability, high cross-section bandwidth, quality of service (QoS) concerns, energy efficiency, and service-level agreement (SLA) assurance are
10

I EEE CLO U D CO M P U T I N G P U B L I SH ED BY T H E I EEE CO M P U T ER S O CI E T Y

2325- 6095/14/$31 .0 0 © 2014 IEEE

Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page

M
q
M
q

M
q

MqM
q
THE WORLD’S NEWSSTAND®

Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page

M
q
M
q

M
q

MqM
q
THE WORLD’S NEWSSTAND®

Cloud Datacenter Architectures
The DC architecture plays a pivotal role in the
performance and scalability of the cloud platform.
Cloud computing relies on DCs to deliver the expected services.2 The widespread adoption of the
cloud paradigm mandates exponential growth in the
DC’s computational, network, and storage resources. Increasing the computational capacity of today’s
DCs is not an issue. However, interconnecting the
computational resources to deliver high intercommunication bandwidth and specified QoS are key
challenges. Today’s DCs are not constrained by computational power but are limited by their interconnection networks.
Legacy, multirooted tree-based network architectures, such as the ThreeTier architecture, cannot
accommodate cloud computing’s growing demands.4
Legacy DC architectures face several major challenges: scalability, high oversubscription ratio and
low cross-section bandwidth, energy efficiency, and
fault tolerance.
To overcome these challenges, researchers have
proposed various new DC architectures, such as FatTree, DCell, FiConn, Scafida, and JellyFish.2 However, these proposed DC architectures overcome
only a fraction of the challenges faced by legacy
DC architectures. For instance, the FatTree architecture delivers high bisection bandwidth and a 1:1
M AY 2 0 14

Growth rate
Market

25

200

20

150

15

100

10

50

5

0
2010

2011

2012

2013

2014

2015

2016

Growth rate (%)

250

Cost (billions USD)

some of the major challenges faced by today’s cloud
DC architectures. Multiple tenants with diverse resource and QoS requirements often share the same
physical infrastructure offered by a single cloud provider.3 The virtualization of server, network, and storage resources adds further challenges to controlling
and managing DC infrastructures.2 Similarly, cloud
providers must guarantee reliability and robustness
in the event of workload perturbations, hardware failures, and intentional (or malicious) attacks3 and ultimately deliver the anticipated services and QoS.
The cloud computing paradigm promises reliable services delivered through next-generation DCs
built on virtualization technologies. This article
highlights some of the major challenges faced by
cloud DCs and describes viable solutions. Specifically, we focus on architectural challenges, reliability and robustness, energy efficiency, thermal awareness, and virtualization and software-defined DCs.

0
2017

Year
FIGURE 1. Market and growth rate of public clouds. The market is

expected to reach more than $200 billion by 2017.

oversubscription ratio, but it lacks scalability. The
DCell, FiConn, Scafida, and Jellyfish architectures,
on the other hand, deliver high scalability but at the
cost of low performance and high packet delays with
high network loads.
Because of the huge number of interconnected
servers in a DC, scalability is a major issue. Treestructured DC architectures, such as ThreeTier,
VL2, and FatTree, offer low scalability. Such DC
architectures are capped by the number of network
switch ports. Server-centric architectures, such as
DCell and FiConn, and freely/randomly connected
architectures, such as JellyFish and Scafida, offer
high scalability.2
DCell is a server-centric DC architecture, in
which the servers act as packet-forwarding devices
in addition to performing computational tasks.4
DCell is a recursively built DC architecture consisting of a hierarchy of cells called dcells. The dcell0 is
the building block of the DCell topology, which contains n servers connected through a network switch.
Multiple lower-level dcells constitute a higher-level
dcell—for instance, n + 1 dcell0 builds a dcell1. A
four-level DCell network with six servers in dcell0
can interconnect approximately 3.26 million servers. However, such DC architectures can’t deliver
the required performance and cross-section bandwidth within a DC.4
I EEE CLO U D CO M P U T I N G

Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page

11
M
q
M
q

M
q

MqM
q
THE WORLD’S NEWSSTAND®

Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page

M
q
M
q

M
q

MqM
q

DATACENTER MANAGEMENT

THE WORLD’S NEWSSTAND®

FIGURE 2. Adoption of cloud computing in the information and communications technology (ICT) sector. In 2014,
the amount spent on clouds is expected to reach $55 billion annually.

Similarly, JellyFish and Scafida are nonsymmetric DC architectures that randomly connect servers
to switches for high scalability. In the JellyFish architecture, the servers are connected randomly to
switches such that a network switch can be connected to n servers. Each network switch is then connected to k other switches. The Scafida DC architecture has a scale-free network architecture. The
servers are connected to switches using the Barabasi
and Albert network-generation algorithm. Because
of the large number of nodes within the network,
DC architectures can’t use conventional routing algorithms. The customized routing algorithms that
DC architectures use, such as DCell Routing, perform poorly under high network loads and many-tomany traffic patterns.
In a previous study,4 we analyzed the network
performance of state-of-the-art DC architectures
with various configurations and traffic patterns.4
Our analysis revealed that server-centric architectures, such as DCell, suffer from high network
delays and low network throughput compared with
12

I EEE CLO U D CO M P U T I N G

tree-structured switch-centric DC architectures,
such as FatTree and ThreeTier. Figure 3 shows
that DCell experiences higher network delays and
low throughput as the number of nodes within the
DC architecture increases.4 This is because, for
larger topologies, all the inter-dcell network traffic
must pass through the network link that connects
the dcells at the same level, resulting in increased
network congestion. However, for smaller network
topologies, the traffic load on the inter-dcell links
are low and the links serve fewer nodes, resulting in
high throughput. Moreover, the routing performed
in DCell is not the shortest routing path, which increases the number of intermediate hops between
the sender and receiver.
High cross-sectional bandwidth is a necessity
for today’s DCs. An industry white paper estimated
that the cloud will process around 51.6 exabytes
(Ebytes) of data in 2015.5 The network traffic pattern within a DC may be one-to-many, one-to-all,
and all-to-all. For instance, serving a search query
or social networking request, such as group chats
W
W W.CO M P U T ER .O RG /CLO U D CO M P U T I N G
_________________________

Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page

M
q
M
q

M
q

MqM
q
THE WORLD’S NEWSSTAND®

fully optical. that are effective but not applicable in real-world DC scenarios. Energy Efficiency in Cloud Datacenters Concerns about environmental impacts. severely limits the internode communication bandwidth and affects performance.8 Hybrid. DCell experiences higher network delays and low throughput. c-Through. Various factors. and HyPac. line of sight. energy demands. For example.6 Similar to the optical interconnects. such as 60-GHz communications. and r optical-electrical-optical (OEO) signal conversion delays caused by the lack of efficient bit-level processing technologies and incurred at every routing node when the optical links are used with electrical devices.096 Seconds FIGURE 3. As the number of nodes within the DC architecture increases. and electricity costs of cloud DCs are intensifying. and hashing-based flow distribution. but the aforementioned open challenges are currently a barrier to their widespread adoption. such as the massive amounts of energy DCs consume. For instance. requires thousands of servers to act in parallel. Optical interconnects offer high bandwidth (up to terabytes per second per fiber). such as Helios. optical networks are certainly a possible solution for the ever-increasing bandwidth demands within DCs. and signal attenuation. and idle DC resources mandate that we consider energy efficiency as one of the foremost concerns within cloud DCs. such as networks flows without priorities. the FatTree architecture is not scalable and uses numerous network switches and network cables for interconnection. excessive greenhouse gas (GHG) emissions. are also being considered to overcome various challenges faced by the current DC networks.6 The high oversubscription ratio within some DC architectures. 60-GHz technology in DCs is still in its infancy and faces numerous challenges.7 Various hybrid (optical/electrical) DC architectures. Average network throughput and packet delay of datacenter networks. DCs are one I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 13 M q M q M q MqM q THE WORLD’S NEWSSTAND® . a typical oversubscription ratio in legacy DC architectures is between 4:1 and 8:1. such as propagation loss. a FatTree topology of 128 nodes (8 pod) requires 80 network switches to interconnect. and high port density. M AY 2 0 14 r inefficient packet header processing.048 4. such as ThreeTier and DCell. r high insertion loss. short communication range. independent flows. r unrealistic and stringent assumptions. However. optical networks also face numerous challenges: r high cost. Therefore.8 However. have been proposed recently to augment existing electrical DC networks. The FatTree architecture offers a 1:1 oversubscription ratio by using a Clos-based interconnection topology. r large switching and link setup time (usually 10 to 25 ms). An oversubscription of 4:1 means that the end host can communicate at only 25 percent of the available network bandwidth. The industry is also considering the use of hybrid DC architectures (optical/electrical and wireless/electrical) to augment DC networks.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® 250 180 FatTree DCell ThreeTier FatTree ThreeTier DCell 160 200 Throughput 120 150 100 80 100 60 Packet delay (ns) 160 40 50 20 0 0 16 32 64 128 256 512 1. and wireless DCs may be viable solutions for DC networks. low latency. and file sharing. emerging wireless technologies.7 However.024 2. such as cabling costs and complexity.

10 Coal-fired power stations are among the biggest sources of the GHG emissions. higher than that of the worldwide aviation industry. Idle servers in the University of New York at Buffalo datacenter.000 25. Consolidation techniques exploit resource overprovisioning and redundancy to consolidate workloads on a minimum subset of devices.000 35.000 10.10 DCs are experiencing a growth rate of around 9 percent every year.034 Mt by 2020. Because of the increasing energy costs (around 18 percent in the past five years and 10 to 25 percent in the coming years).12 In certain cases. such as coal.CO M P U T ER .13 Such strategies use optimization techniques. energy-aware workload placement. which have doubled in the last five years. Idle devices can be transitioned to sleep mode or powered off to save energy by using the Wake on LAN (WoL) feature on network interface cards (NICs). most of the electricity used by DCs is produced by “dirty” resources.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q DATACENTER MANAGEMENT THE WORLD’S NEWSSTAND® 100 Idle servers Idle servers (%) 80 60 40 20 0 5.000 20.11. over a 20-year period.9 The cloud infrastructure’s carbon footprint may be close to 1.5 metric tonnes in 2010. and as a result.13 meaning that DC 14 I EEE CLO U D CO M P U T I N G resources are overprovisioned to handle peak loads and workload surges.12 The enormous GHG emissions produced by DCs and the cloud infrastructure have intensified environmental concerns. the aforementioned consolidation strategies do not consider two critical issues: r How will the strategy handle workload surges and resource failures? r When will the resources be transitioned to sleep/wake mode? Activating a power off or sleep device requires a long delay (usually in seconds or minutes). In fact. A typical DC experiences around 30 percent of average resource utilization. and proportional computing. approximately 45 percent of one IBM DC’s operational expenses went to its energy bill.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . and the biggest source of GHG emissions in the US. significant energy savings are possible using judicial DC resource optimization techniques. such as ElasticTree and DCEERS. The ICT sector’s carbon footprint was approximately 227. For instance.11 are continuing to increase as well. of the major energy-consuming entities worldwide.12 The energy bill of a typical DC dominates its total operational expenses. a DC’s available resources remain idle most of the time. the energy costs may account for up to 75 percent of operational expenses. a DC’s operational expenses are three to five times that of its capital expenditures.000 44.11 As a result.000 30. as much as 85 percent of the computing capacity of distributed systems remains idle. Researchers have recently proposed various workload consolidation strategies. We can achieve energy efficiency within DCs by exploiting workload consolidation.963.74 TWh. The cloud infrastructure consumed approximately 623 terawatt-hours (TWh) of energy in 2007.12 IBM has reported that.10 Moreover. Such extra delays are intolerable in SLA-constrained DC enW W W.270 Time (minutes) FIGURE 4. Careful workload placement and consolidation can result in better resource allocation and thus reduced energy consumption.9 The estimated energy consumption of the cloud infrastructure in 2020 is 1.000 40. such as calculating a minimum subset of devices to service the necessary workload. Therefore. for energy savings within DCs.8.000 15. DC operational expenses are also increasing. However. their energy demands. The Xen platform also provides a host power-on feature to sleep/wake devices.

3az standard uses the ALR technique to scale down Ethernet link data rates. a small network failure in the O2 network (the UK’s leading cellular network provider) affected around seven million customers for three days. millions of customers lost Internet connectivity for three days. minimize energy consumption. even a short downtime could result in huge revenue losses. the scaled-down state upturns the execution time of the tasks. and control the network load.9 percent annual availability of their services. The DCell architecture exhibits better connectivity and robustness against various types of failures. and the European Network and Information Security Agency (ENISA) has projected that approximately 80 percent of public and private organizations will be cloud dependent by 2014. the DCell architecture cannot deliver the required QoS and performance necessary for large networks and heavy network loads. Such idle resources can be placed in sleep or low power mode to attain significant energy savings. including Google. Therefore. around-theclock availability is of utmost importance. However. Similarly. Many cloud service providers (CSPs) offer 99.000 for every hour of downtime. However. ALR techniques are applied to network links to scale down the links’ data rates for reduced energy consumption. efficient and robustness-aware policies are mandatory to exploit the full potential of the proportional computing techniques. Using consolidation. The DVFS technique is applied to processors to scale down a processor’s voltage or frequency. and proportional computing I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 15 M q M q M q MqM q THE WORLD’S NEWSSTAND® . robustness and failure resiliency within the cloud paradigm is of paramount importance. and network-only failures. Similarly. Figure 4 shows that.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® vironments.9 percent availability rate still translates into 8. the IEEE 802. The cloud market is growing rapidly.3 Similarly.8 However. so there is an immense need to consider system robustness while using energy-efficiency techniques. Therefore. and true efficiency and energy savings depend on the proportional computing policies that decide when to change the state of the resources. most of the resources remain idle in a DC. the Bank of America website outage affected around 29 million customers.14 In addition to huge revenue losses. We analyzed the robustness and connectivity of the major DC architectures under various types of failures. In other incidents. dynamic power (sleep/ wake) management.3az standard only provides a mechanism to change the link’s state. Amazon. Moreover. Robustness in Cloud Datacenters As the operational and architectural foundation of cloud computing. For any cloud-dependent organization. energy-aware workload placement and on-the-fly task migration can help maximize resource utilization.14 The business sector is expected to lose around $108. and Virgin Blue airline lost approximately $20 million because of a hardware failure in its system. The IEEE 802.14 Major brands faced service outages in 2013. such as random. We used a real DC workload from the University of New York at Buffalo to observe the impact of energy-aware workload placement and live migration to save energy.3 We found that the legacy DC architectures lack the required robustness against random and targeted failures. For instance. DC resources in an idle or underutilized state consume around 80 to 90 percent of the energy consumed during peak utilization. Proportional computing techniques. a 99. Yahoo. Bank of America. Proportional computing involves consuming energy in proportion to resource utilization. M AY 2 0 14 However. Facebook. with task migrations and proper workload placement.76 hours of annual downtime. aim to execute resources (processors and network links) in a scaled-down state to consume less power. We observed that careful workload placement and consolidation can result in a high percentage of idle resources within a DC. leading to larger makespan.000. service downtimes also result in reputation damage and customer attrition. targeted. However.8 Such techniques depend on a mechanism for efficiently scaling the power state of the resources up and down and a policy for determining when to alter the power state. DCs hold a fundamental role in the operational and economic success of the cloud paradigm. dynamic and virtualized cloud environments are prone to failures and workload perturbations. SLA-constrained cloud environments must be robust to workload surges and perturbations as well as software and hardware failure3 to deliver the specified QoS and meet SLA requirements. InformationWeek reported that IT outages result in a revenue loss of approximately $26. in a survey of 200 DC managers. because of a core switch failure in BlackBerry’s network. USA Today reported that DC downtime costs per hour exceed $50. and Motorola. In one incident.5 billion per year. A small performance deprivation or minor failure in a cloud may have severe operational and economic impacts. A single access layer switch failure disconnects all the connected servers from the network. Microsoft. such as dynamic voltage and frequency scaling (DVFS) and adaptive link rate (ALR).

Cloud DCs can utilize one or more strategies to regulate and manage operating temperatures.3 Similarly. Therefore. Similarly.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q DATACENTER MANAGEMENT THE WORLD’S NEWSSTAND® Software-driven thermal management strategies Air-flow management strategies Jobs Thermal Management Exhaust filter/fan Input filters/fans Exhaust air to outside Air from outside ITE racks Datacenter design strategies Economization FIGURE 5. Activating sleep and power-off devices requires significant time. The dynamic power management and proportional computing policies and consolidation strategies must be robust enough to handle workload surges and failures. techniques to save energy may also affect a cloud’s performance. A W W W.CO M P U T ER .11 Therefore. Google reported a revenue loss of around 20 percent because of an additional response delay of 500 ms. appropriate measures must be taken to avoid any extra delays. prediction-based techniques for forecasting future workloads and failures can also help enhance system robustness.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . scaling up a processor or network link may also result in an 16 I EEE CLO U D CO M P U T I N G extra delay and power spike. a delay of as small as nanoseconds may have huge financial effects. electricity costs comprise a major portion of overall DC operational expenses. energy-efficient techniques must not compromise system robustness and availability. Similarly. Thermal management strategies. Thermal Awareness in Cloud Datacenters As we stated earlier. In high frequency trading (HFT) systems. Amazon reported around 1 percent sales reduction because of an additional delay of 100 ms.

were used for containment. where an air-flow management technique is adopted but there is no complete isolation between hot and cold air flows (using hot and cold aisles). partial containment. the integer linearprogramming modeling approach17 aims to meet real-time deadlines while minimizing hotspots and spatial temperature differences through job scheduling. Initially.20 Virtualization is one of the key aspects used to achieve scalability and flexibility in cloud DCs and is the underlying technology that contributes application and adoption of the cloud paradigm. ducts. and thermodynamic-formulation and thermal-profiling-based strategies optimize the DC’s thermal status. To enhance efficiency. depending on the nature of the workload being processed. Moreover. increasing the possibility of failures.18 However. equipment-placement strategies are adopted based on the physical room layout and the building’s infrastructure. and r economization. In a typical DC. The DC cooling system is significantly influenced by the air movement. different softwaredriven thermal strategies produce different thermal footprints. Intel IT conducted an experiment and claimed that an air economizer could potentially reduce annual operating costs by up to $2. r DC design strategies. Such strategies adopt various methods for job allocation. such as plenums that combine containment with variable fan drives to prevent air from mixing. and contained. we can broadly categorize such strategies into four areas: r software-driven thermal management and temperature-aware strategies. DC managers have added containment systems that isolate hot and cold aisles to avoid air mixing. the perimeter-based strategy uses one or more CRAC units to supply cold air through plenums. and fans.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® further breakdown of the energy consumption within a DC reveals that an overwhelming portion of those costs are incurred to stabilize the DC’s thermal dynamics. For example. Generally. genetic-algorithm-based job allocation16 attempts to select a set of feasible servers to minimize the thermal impact of job allocation. physical barriers. where no intentional air flow management is deployed. inappropriate air-flow management within DCs can create hotspots that may cause servers to throttle down. is equivalent to a fully functional machine. However. where the hot and cold air flows are completely isolated. Virtualization in Cloud Datacenters The process of abstracting the original physical structure of innumerable technologies. today vendors M AY 2 0 14 offer other commercial options. DC design strategies aim to build efficient physical DC layouts. hot and cold aisles are separated by rows of racks. Three air-flow management strategies are usually followed: open. Software-driven thermal management strategies mainly focus on maintaining a thermal balance within the DC. or dampers. In a typical air-cooled DC. or other network resources is called virtualization. and hot air removal dissipated from the servers. The hot air coming out of the servers is pushed into the hot aisles. chillers.87 million for a 10-MW DC.15 High operating temperatures can decrease the reliability of the underlying computing devices. such as a raised floor and hot and cold aisles. A virtual machine monitor (VMM) serves as an abstraction layer that controls the operations of all the VMs running on top of it. cooling delivered to servers. The economization strategy reduces the cost spent on cooling infrastructure by drawing in cool air from outside and expelling the hot air to outdoors. As Figure 5 shows. air-flow management strategies are adopted to appropriately maneuver the hot and cold air within the DC. Every physical machine in the cloud hosts multiple VMs. r air-flow management strategies. For instance. which from a user’s perspective. Other DC design strategies involve the placement of cooling equipment. Virtualization ensures high resource utilization I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 17 M q M q M q MqM q THE WORLD’S NEWSSTAND® . such as a hardware platform. and the rooftop-based strategy uses central air handling units to cool the DC. including the cost of purchasing and installing the CRAC units. operating system. The goal is to reduce the average heat dissipation of the servers to reduce the cost of running the CRAC unit. The CRAC unit’s blower pressurizes the under-floor plenum with cold air that is drawn through the vents located in front of the racks in the cold aisle. the row-based strategy dedicates CRAC units to a specific row of cabinets. the annual electricity cost of cooling alone is $4 to $8 million. such as the computer room air conditioning (CRAC) units. the cabinetbased strategy contains the closed-loop cooling equipment within a cabinet. a storage device. such as vinyl plastic sheeting or Plexiglas covers. In this case. The DC industry uses several strategies to stabilize thermal subtleties.19 A combination of all of the aforementioned strategies could be used to implement an efficient thermal-aware DC architecture.

20 The exercise was to demonstrate the models’ flexibility and W W W. may grow to four or five tiers. such as system migration.5 Memory (Mbytes) 3. and. and Nimbus. and full virtualization. Moreover. and Open Nebula. we performed formal modeling.0 350 300 Eucalyptus execution time Open Nebula execution time Nimbus execution time 2. r load balancing. and cumbersome management. and cooling.5 150 1. Verification time and memory consumed by VM-based cloud management platforms. r hardware consolidation. OS-layer virtualization. and verification of three stateof-the-art VM-based cloud management platforms: Eucalyptus. Moreover. OpenStack. and thus leads to huge savings in hardware. the primary focus for virtualization continues to be on servers. The advent of virtual switches and virtual topologies bring further complexity to the DC network topology. is also evolving as a prominent strategy. r easy management of tasks. Specifically. analysis. the workload virtualization will increase from around 60 percent in 2012 to almost 90 percent in 2014. is usually unaddressed. network services in a virtualized environment have to look beyond the physical machine level to a lower virtual level. The exercise to investigate the scalability of the models revealed they functioned appropriately as the numbers of VMs increased. Open Nebula. where the range of operating systems creates difficulties when securing and maintaining VMs. r simulated hardware and hardware configurations. where multiple instances of the same OS run in parallel.0 100 0.11 According to a Gartner survey.CO M P U T ER .22 In a recent study. which may be suboptimal and impractical in various cloud environments. virtualization faces some key challenges. such as storage and networks.5 50 0 Execution time (ms) DATACENTER MANAGEMENT THE WORLD’S NEWSSTAND® 0 10 20 30 40 50 60 70 80 90 100 Virtual machines FIGURE 6.21 Several major reasons exist for this increase: r scalability and availability. where every user has an isolated virtual application environment. and security-specific settings is a difficult task. power consumptions.11 The MAC address management and scalability of the consolidated VMs is a major concern that must prevent the MAC tables from overloading in network devices. network. 18 I EEE CLO U D CO M P U T I N G Despite all the benefits. including VM hopping. and recovery. Virtualization is experiencing an annual growth rate of around 42 percent. virtualization is also used in other areas: application virtualization. Previous research has focused on the computing and storage aspects of the cloud.5 250 2. Today.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . backup. where managing the configuration. hardware-layer virtualization. controlling and synchronizing the access to hardware resources.0 200 1. the connectivity (networking). VM mobility. virtualization technology poses several serious threats and adds further challenges to efficiently and appropriately managing a DC. Several VM-based cloud management platforms are available. However. or the quick spread of vulnerable configurations that can be exploited to jeopardize security. r legacy applications continuing to operate on newer hardware and operating systems. where the I/O devices are allotted to the guest machines by imitating the physical devices in the VMM. The inception of the cloud is based on distributed (grid and cluster) computing and virtualization.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q Eucalyptus memory Open Nebula memory Nimbus memory 3. the virtualization of other components. where an attacker on one VM can access another VM. while a crucial aspect. such as Eucalyptus. A legacy ThreeTier topology. where a VMM runs directly on hardware. VM diversity. for example.

K. As we stated earlier. References 1.” 2011–2016. SDN offers high flexibility. The hybrid DC architectures and SDN-based DCs are still in their infancy.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® scalability. The New York Times reported one such error in August 2012: the Knight Capital Group lost $440 million in just 45 minutes when newly installed trading software went haywire.future. Formal methods have gained a great deal of popularity since the famous Pentium Bug that caused Intel to recall faulty chips. nergy efficiency. Bilal et al. Researchers and industry are striving to find the viable solutions for the challenges facing DCs. We instantiated 100 VMs and verified whether the models’ functionality was affected by the increase in the number of instances. 2. Bilal et al. and Intel.. have already realized the importance of formal methods and are using techniques and tools to verify the functionality and reliability of their respective software and hardware. such as Microsoft. Cloud Computing. “On the Characterization of the Structural Robustness of Data Center Networks. reliability.edu.11 The SDN market is expected to grow by $35 billion in 2018. Bilal et al. a central SDN controller creates a single point of failure.cfm?URI= ofc-2011-otuh2. 1. 4Q12 Update. IBM. resulting in a $475 million loss. however.” Concurrency and Computation: Practice and Experience. robustness.24 Various SDN frameworks such as Cisco One and Open Daylight offer APIs. Software-defined networking (SDN) involves separating the network control plane from the data plane within a network. and control over a network using network programmability and automation. 2013. Moreover. whereas the control plane is the software-based portion of the network device that determines how the packets will be forwarded.” Apr. robustness. 3. Conf. M AY 2 0 14 SDN-based automated DC networks are a possible solution to the various challenges faced by legacy DC networks.pdf. for example... vol. 12. The results from the exercise revealed that the models were functioning appropriately as the numbers of VMs increased. but legacy network devices do not support such communication protocols.ceet. Bell Labs and Univ. SDN offers decoupled and centralized network management of the control plane to manage the whole network in a unified way.1016/j. K.” to be published in Future Generation Computer Systems. doi:10 . Control plane management is performed independently of the devices and the forwarding rules. such as routing and VM management.07. “Quantitative Comparisons of the State of the Art Data Center Architectures. 1. routing tables are assigned to the data plane on the fly using communication protocols. The increasing criticality and complexity involved in cloud-based applications. no. Such techniques aim to increase software quality. no.006. 64–77. of Melbourne.11 The data plane is considered a hardware-based portion of the device for sending and receiving network packets. such as cloud and real-time systems. and scalability are among the foremost concerns faced by cloud DCs. and safety by introducing rigorousness and performing proofs and verification of the underlying systems. 2013. but such technologies are still in their infancy. remove ambiguities. Formal method techniques can be adopted to ensure system correctness. Therefore. serious research efforts are necessary to overcome the limitations and drawbacks of the emerging technologies to deliver the required QoS and performance. and protocols for configuring and building a centrally controlled programmable network. Google. Optical Fiber Comm. “Forecast Overview: Public Cloud Services.org /abstract. agility. the occurrence of errors and miscalculations are hazardous and expensive in large-scale computing and critical systems.au/pdfs/ceet_white_ ________________________________ paper_wireless_cloud.2013. 1771–1783. and prevention of malicious misuse of the SDN platforms is a major security concern. The SDN-based DCs architectures are also being considered to handle various network-related problems and to deliver high performance.” Proc. Gartner. as Figure 6 shows. 2013. AT&T. w w w. 5. w w w. 2011. SDN deployment requires OpenFlow (or another SDN-based communication protocol) compliant network devices to operate.. necessary to deliver QoS has led to the maturity of formal method techniques.opticsinfobase. reveal incompleteness. pp. 4. A. __________ I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 19 M q M q M q MqM q THE WORLD’S NEWSSTAND® . Worldwide. “The Emerging Optical Data Center. In addition. 2013. tools. Vahdat et al. pp. “A Taxonomy and Survey on Green Data Center Networks. K.” IEEE Trans. _________________ 6.. vol. “The Power of Wireless Cloud: An Analysis of the Energy Consumption of Wireless Cloud.23 Most of the well-known names connected to DCs. 25.unimelb. Hybrid DC architectures employing optical and wireless technologies are one of the strongest feasible solutions today. and expose inconsistencies by mathematically proving program correctness as opposed to using test cases.

2013. 18–30. 19. 2010. robustness. Springer. 1.rehmanmalik@ndsu. and distributed systems. Pedram.org/usa/Global/ u s a / r e p o r t / 2 010 / 3 / m a k e -it. pp. vol.CO M P U T ER . Panzieri et al. Parallel and Distributed Systems. ____________ SAMEE U..” Proc. vol.. 12.” IBM.pdf. Malik has a MS in computer science from COMSATS Institute of Information Technology.” Technology-Enhanced Systems and Tools for Collaborative Learning Scaffolding. 2011. “A Survey on Optical 21. He is a fellow of IEEE. Tang. “Downtime. “Data Center Energy Efficient Resource Scheduling. 13. Intel Information Technology.g r e e n. pp. 4. Gartner.in/sjij.Y. S. pp. no.. W W W. and optical networks. cluster and big data computing.au. pp.” Proc.K. datacenter networks. “Reducing Data Center Cost with an Air Economizer.. His research interests include optimization. http://link. Warrilow and M. Khan. 2009. pp. http://urlm. smart grids.”  IEEE Trans. “Energy-Efficient Thermal-Aware Task Scheduling for Homogeneous High-Performance Computing Data Centers: A Cyber-Physical Approach. Srinivasan. social networks. 18.intel. pp. vol. power systems. IBM. 1995. “Temperature Variation Characterization and Thermal Management of Multicore Architectures. 61–75. Arlington.” Proc. T. “Modeling and Analysis of State-of-the-Art VMBased Cloud Management Platforms. G. and datacenters networks.Y. A Look at the Energy Choices That Power Cloud Computing. 23. no. Frontiers of Information Technology. He is a senior member of IEEE. Cloud Computing. wired and wireless networks. ____ khan@ndsu. 2013. no. 1. www. vol. ZOMAYA is a professor at the University of Sydney. Greenpeace Int’l. Cloud Adoption Increase by 2015?” research note G00250893. “Will Private Interconnects for Data Centers. 10. and G.bilal@ndsu. J. Usenix Conf. Cheung. 18 Sept. 24. May 2013. 16.zomaya@sydney.springer. 2010. 50–63. http://urlm. “Distributed Computing in the 21st Century: Some Aspects of Cloud Computing. K.greenpeace. 8. 145–150. S.” tech report.org. Contact him at samee. KHAN is an assistant professor at North Dakota State University. S. Contact him at ______ saif. J. Selected CS articles and columns are also available for free at http://ComputingNow. 2005. SAIF UR REHMAN MALIK is a doctoral student at North Dakota State University. Contact him at ______________ kashif.1007%2 Fs10586-014-0365-0. “How Dirty Is Your Data. Surveys & Tutorials. cloud computing. 29. S. 1458–1472. Greenpeace Int’l. “Minimizing Data Center Cooling and Server Power Costs.edu. 12 Nov. grid.. Kachris and I.edu. E. Tomkos. Zomaya has a PhD from the Sheffield University in the United Kingdom. Q. Evolven.L. “IBM and Cisco: Together for a World Class Data Center. C. 2.in/sjhk. Pakistan.  Challenges of NFV and SDN. Moore et al. 393–412.U. vol. 2013.U. ______________ 14. Cloud Computing and its Contribution to Climate Change. F. His research interests include areas of algorithms.” IEEE Computational Science and Eng. “Green Data Center Networks: Challenges and Opportunities. pp. Coe et al.. pp. pp.edu. Kursun and C.” IEEE Micro. Pakbaznia and M. 2009. Khan. and security of cloud.116–126. 11th IEEE Int’l Conf. Shuja et al. 2011. ___________ ALBERT Y. and A. 19. 14th ACM/IEEE Int’l Symp. His research interests include cloud computing.pdf. Sams. 11. “Openwave Exec Discusses the Benefits. Bernier.R.” Wind of Change blog. Zomaya. Cook and J.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . “Making Scheduling ‘Cool’: Temperature-Aware Workload Placement in Data Centers. and parallel and distributed systems.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q DATACENTER MANAGEMENT THE WORLD’S NEWSSTAND® 20 7. no. Contact him at ___________________ albert. Make IT Green. complex systems. Mar. Bilal has an MS in computer science from the COMSATS Institute of Information Technology. 14. 2012. “Discovering Hidden Costs in Your Data Center—A CFO Perspective.” 2008. 229–234. “Computational Aspects of the Pentium Affair. I EEE CLO U D CO M P U T I N G KASHIF BILAL is a doctoral student at North Dakota State University. P.c l o u d _______________________________ computing. and S.” IEEE Comm.com/it/pdf/Reducing_Data_Center_ ________________________________ Cost_with_an_Air_Economizer. 9. He is a student member of IEEE. Pakistan. _________ 11. Outages and Failures— Understanding Their True Costs.U.edu. Low Power Electronics and Design. Khan has a PhD in computer science from the University of Texas. M. Malik.” IEEE Trans. 1021–1036. Bilal. www. 2008. E. Cher.com/article/10. He is a student member of IEEE. 2014. Gupta. Horn.” Cluster Computing. 1. 22.” SDN Zone Newsletter. 17. green computing. 15.” 2013.computer. His research interests include formal methods. 2013. S. large-scale computing systems. _______________________ 20. Varsamopoulos.

and scale down. and grids as viable platforms for scientific exploration and discovery. a diverse and dynamically federated marketplace of “cloud-of-clouds” can accommodate heterogeneous and highly dynamic application requirements by composing appropriate (public and/or private) cloud services and capabilities best suited to the needs of a given application. thus enabling research institutions to 2325. such as procuring. Clouds provide on-demand access to computing utilities.6095/14/$31 . a fundamental building block for on-demand scale up. Clouds are also rapidly joining high-performance computing (HPC) systems. clouds can enable the outsourcing of many of the potentially distracting aspects of research and education. scale out. Rutgers. housing. Argonne National Laboratory and University of Chicago Manish Parashar. The State University of New Jersey The advantages of on-demand resource availability are making cloud computing a viable platform option for research and education that may enable new practices in science and engineering. and an abstraction of unlimited computing resources—overall.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® CLOUDS AND SCIENTIFIC COMPUTING Enabling On-Demand Science via Cloud Computing Kate Keahey. clusters.0 0 © 2014 IEEE PUBLISHED BY T HE IEEE COMPU T ER SO CIE T Y I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 21 M q M q M q MqM q THE WORLD’S NEWSSTAND® . building. and operating infrastructures. user control over the computing environment. nfrastructure cloud computing has emerged as a new. revolutionary resource procurement paradigm that has been widely adopted by enterprises. Furthermore.1 Analogous to their role in enterprise IT.

the scientists were able to run the data calibration component of processing concurrently with data collection. We then articulate challenges in research and current practices that need to be overcome to leverage those opportunities and overcome obstacles before developing cloud computing into a viable scientific platform. the ability to represent a computational environment as an appliance that different researchers can publish and then easily share enables the reproducibility of associated computations and thus facilitates sharing not only data but also new algorithms and methods. a demand that traditional batch-oriented computational centers can’t always satisfy. in real or near-real time. We must also determine how a hybrid CI can enable new practices in science and engineering. such as the Large Hadron Collider (LHC). it becomes clear that their characteristics will evolve to place additional requirements on com- The advent of infrastructure cloud computing has had a tremendous. STAR scientists would have had to wait almost a year to assess the results of the experiment. equipped with millions of sensors and capable of producing up to petabytes of data per second. turning our planet and everything W W W. It’s important. With cloud computing resources. Data may even have to be analyzed in real time so that it can provide feedback during the experiment. disruptive force. We explain how on-demand resource availability provided by cloud computing can become a vital part of such an instrument and discuss both opportunities and obstacles to cloud adoption in science. Furthermore. Data produced in such large quantities often must first be reduced by orders of magnitude in real time to a volume that can be stored at an acceptable cost. Inexpensive and increasingly sophisticated sensor devices now allow scientists to instrument ecological systems (such as oceans and rivers) or cities. clouds in the research and education context can democratize access to computational and data resources because institutions and individual researchers can lease powerful resources for a short time at relatively little cost.CO M P U T ER . and as a result. We conclude with recommendations for catalyzing integration of cloud computing opportunities into the current scientific landscape and discuss the significance of such an integration. opening up the possibility of adaptively tuning the experimental parameters.2 Using a traditional approach. a highly desirable capability. Furthermore.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . Such processing must happen within the context of an experiment—that is. The transformation and the potential that this capability has opened up are exemplified by the Solenoidal Tracker at RHIC (STAR) nuclear physics experiment. As we look to the future needs of scientific platforms. This exploration pattern increasingly places a premium on the on-demand availability of resources. in particular as extreme data and computing scales continue to transform and drive science and engineering research. and likewise. Not all application patterns or usage patterns common in the scientific community lend themselves to the cloud computing platform. Such advances are particularly interesting as we consider the types of experiments we are likely to conduct in the future. science is performed in “bursty” cycles. to look beyond these benefits and understand application formulations and usage modes that are meaningful in a cloudcentric cyberinfrastructure (CI). similar to their enterprise role. it enables the ability to lease resources on demand with a preconfigured environment that guarantees correct and consistent execution. a local cluster’s computational capacity would have throttled the speed at which experimental results could be processed. putational support. akin to the uptick of shopping during the Christmas season relative to other times of the year. the STAR scientists were able to reduce this time to just three months—a significant difference in a competitive field. disruptive force in this space. The advent of infrastructure cloud computing has had a tremendous. Additionally. however. 22 I EEE CLO U D CO M P U T I N G Science On Demand Large-scale experiments. This article discusses the current and future needs of data-driven scientific exploration based on traditional as well as emergent scientific instruments and experiments. the criticality—of computational support as an extension of scientific instruments. not all the potential created by infrastructure clouds is currently being leveraged. Additionally. have highlighted the importance—or. Thus. rather.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q CLOUDS AND SCIENTIFIC COMPUTING THE WORLD’S NEWSSTAND® make science their primary focus. raw data must be processed into derived products that give actual insight into the observed phenomena and can be analyzed by groups of diverse scientists contributing their expertise and generating new scientific insight.

based on the online inspection of data streams. Doing so requires a responsive infrastructure. for example. computational support is no longer optional. but further development is necessary to combine it with the additional infrastructure that satisfies the timeliness. Such levels of dynamicity and customization. Clouds can help make this vision a reality in multiple ways. however. alternative energy sources. and the ability to easily scale up. it constitutes an inherent and indispensable component of an instrument at large. correlated. the abstractions provided by the cloud model will allow scientists to address their problems more effectively and can even enable them to formuI EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 23 M q M q M q MqM q THE WORLD’S NEWSSTAND® . scientists can uniquely customize experiments to answer specific questions. For example. capable of performing such an inspection within the required time constraints. data from social networks. Finally. M AY 2 0 14 The groundbreaking possibilities created by such instruments will make them widely useful and a focus of activity over the coming years. are being augmented by the innovative use of personal mobile devices (such as using cell phones to detect earthquakes). whereas an experiment on a traditional instrument often has a well-defined beginning and end. structure clouds in science and shaping their capabilities and ecosystem into a viable and responsive scientific tool. Moreover. the abstraction of elastic and readily accessible resources. For example. a user may want to modify an experiment by accessing additional data streams or moving mobile sensors to different locations. the increasingly important and growing class of many task computing (MTC) applications can benefit from the ease of use. scalability. engineering. Given these requirements. and stored. down. Finally. and society. experiments supported by instruments at large can—and often do—go on indefinitely. clouds can serve as accelerators or provide resilience to scientific workflows by moving the workflow execution to alternative resources when a failure occurs. customized. They can also supplement existing systems by providing additional capacity or complementary capabilities to meet heterogeneous or dynamic needs. and reliability requirements of experiment-driven processing. Furthermore. structured deployments. Although traditional instruments present demanding—but roughly known and finite—requirements for online processing. The cloud abstraction’s simplicity can also alleviate some of the problems that scientific applications face in current HPC environments. This situation places new emphasis and urgency on investigating the applicability of infra- Given the requirements of experiments such as STAR.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® in it into an “instrument at large”—dynamic. highly available computational support as incoming data is filtered. reduced. will result in unpredictable and highly volatile requirements for the instruments that provide computational support. They can provide resources for running applications on demand when local infrastructures are unavailable. processed. such as the global network of flux towers. or out. Clouds as Enablers of On-Demand Science The opportunities offered by on-demand and datadriven science are compelling and could dramatically impact science. or social network sources become inaccessible. and often self-organizing groups of sensors with outputs that we can aggregate and correlate to support experiments organized around specific questions. The on-demand availability provided by cloud computing will be a fundamental building block for the support of experimental science. Many of those sensors allow for adaptive feedback or can be combined with actuators that can control the experiment’s environment. miniaturization. rather. For example. high-throughput computing (HTC) applications. this trend is likely to continue accelerating and offering unprecedented opportunities to science. as their batteries run out. Current cloud installations can also provide effective platforms for certain classes of computational and data-enabled science and engineering (CDS&E) applications—for example. and so on) as well as economic factors (price). an instrument at large consists of a dynamic set of sensors that can become active or inactive at different times. The online analysis needs of such instruments at large are more challenging than those of traditional instruments. Such experiments require always-on. and even citizen science. Driven by the proliferation of personal sensors marketed at large scales and technological progress (battery life. using carefully selected streams of spatial data from a variety of sources. darkness prevents taking pictures. computational support for this kind of experiment is clearly no longer an option.

which is provisioned on demand at commercial cloud providers such as the Amazon Elastic Computer Cloud (EC2) or Microsoft Azure. This situation opens the possibility of turning to more loosely coupled and asynchronous computational models. in science has been slow. virtualization. and has been enthusiastically adopt- 24 I EEE CLO U D CO M P U T I N G W W W. Furthermore. at the algorithmic level.000 cores). decentralized. a novel. on-demand proviThe most frequently cited reasons for the sioning. commodity clouds work effectively only for specific classes of HPC applications. size. sustaining a model when all of them must reliably move in lockstep is increasingly hard. virtualization imposes a performance penalty. tating a need for new application patterns and kerthe characteristics of such “supercomputers” differ nels. Work on lightweight hypervisors holds out promise that. implications of cloud characteristics such as elasticity. Several early projects have reported successful deployments of such applications on existing clouds. and resilient formulation of the “replica exchange” algorithm for simulating proed by many branches of industry.Wholesale to Retail cerns of large computations. and reliably to support on-demand availability. However. asynchronous. however—we may come to the mountain.CO M P U T ER . For example. and dynamics. we tend to think in terms clouds and CIs to provide elastic access to cloud of whether the mountain will come to us—in other services and extending existing cloud programming words. cloud computing in science are technical factors: and performance engineering. the asynchrolack of adoption of cloud computing in nous replica exchange8 formulation is science are technical. validation management. The most ware as a service. Several factors play a part Another key research challenge is developing in the applicability of cloud computing to science. Additionally. make computing at large scales using infrastructure clouds a challenge. Application examples include embarrassingly parallel applications (those that are efficiently parallelized into components with little or no communication and can withstand latency across networked systems) that analyze independent data or spawn independent simulations that integrate distributed sensor data. science gateways and portals. has developed rapidly in that time. facilivirtual cluster currently stands at 156.adoption within the scientific community is social late their applications and algorithms in new ways.5 According to that study.Table) to support scientific computing.4 Running these applications typically involves using virtualized commodity-based hardware. and failure.3. optimized libraries. will cloud computing evolve to suit the needs models and platforms (such as MapReduce and Bigof traditional HPC? Although clouds can accom.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q CLOUDS AND SCIENTIFIC COMPUTING THE WORLD’S NEWSSTAND® nificant. Other ways of looking at this question may exist. and/or specialized middlefrom those of traditional HPC machines. although cloud computing has been around for more than a decade. quickly. virtualized supercomputers can offer performance close to those of HPC resources. or data analytics that can use MapReduce-like formulations. a host of features. inadequate performance and management options. appropriate programming models and systems that can enable CDS&E applications to take advantage Moving the Mountain of clouds. folding. modate ever-larger computations (the largest known entire applications will need to be exported. research is still ongoing regarding how best to integrate cloud computing with hardware accelerators and fast communication hardware such as InfiniBand. New tools will thus be necessary frequently cited reasons for the lack of adoption of for application debugging. A recent technical report by Geoffrey Fox and Dennis Gannon provided an extensive study of HPC applications in the cloud. As HPC resources grow in scale to include ever-larger numbers of processing elements. multitenancy.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® .7 However.6 As the underlying technology that allows cloud providers to enable users to project their images onto their infrastructure securely. Key research challenges here include exploring application formulations that can effectively utilize clouds and addressing. and a lack of understanding of reliability con. its broad adoption tein structure. in the future. A more insidious problem with cloud computing The impact of these limitations can be sig. These include developing programming When we consider whether clouds can provide a abstractions and tools to support the federation of suitable platform for HPC. ranging from HPC-specific resource management to reliability.

storage options. And now that we have computing power “on tap. a traditional cluster user would expect it to be configured and upgraded as needed and to include all the standard software. clearly indicating the trade-offs and their implications. requires admitting that there is a premium on time. Defining a community administrator in charge of the computing environment for a given community will also help. Similarly. A platform layer that can take all this information and automatically build and maintain a user. Making this equation work. Middleware stacks and services are essential for supporting CDS&E application formulations and hybrid usage modes targeted to cloud and CI environments. A related challege is the interoperability between cloud providers and the creation of cloud federations. Perhaps the most important aspect of the cloud computing disruption is that it has revolutionized our idea of resource procurement. instead of buying a small cluster and waiting a year for a computation to complete. Instead of buying a system wholesale to run a certain class of computations—an investment that can cost millions of dollars to buy. and optimization of these hybrid infrastructures with respect to multiple objectives including performance. such as virtual machine configuration. cost. management. together with a better understanding and automated characterization of the load.” turning the tap on proves to be nontrivial ers (including Amazon Web Services and Microsoft Azure) will provide a solution to the image problem. A key research issue is provisioning.or application-specific platform. and development of curricula and training modules. Previously. Providing appliances that can be automatically rendered as consistent sets of images working across virtual machine image formats (such as Xen and the Kernelbased Virtual Machine. many of them can be resolved with a research and development investment in critical ecosystem components and by creating new support relationships that provide the necessary layer between users/applications and cloud services. specific issues include support for selecting from among the diverse storage I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 25 M q M q M q MqM q THE WORLD’S NEWSSTAND® . but doesn’t provide other features. in other words. maintenance and user support were provided as part of the wholesale purchase. build. on-demand availability of a resource is worth more than batch cycles and that this should be reflected in the market price of time on said resources. and reliability. Currently. development of community testbeds and benchmarks. house. arguably. The Case of the Missing Infrastructure Many of the challenges we outline here are.” turning the tap on proves to be a nontrivial operation. however. will make that tuning exercise simple. In contrast. acknowledging that the instantaneous. Research issues include the definition of community standards. scheduling. This capability makes the timecapacity product more flexible. Moreover. documentation of experiences and best practices. Data management research challenges exploring the different types of cloud storage solutions and the nature of cloud connectivity are also important. choosing the optimal configuration among the myriad cloud offerings—including diverse services. instance types. energy. Certainly. established funding. or KVM) and cloud provid- Now that we have computing power “on tap. the cloud currently provides some features. A relatively short-term challenge is establishing a cloud ecosystem that can enable and drive research and can address issues related to deployment M AY 2 0 14 and transition to practice. and autonomic mechanisms that can balance these objectives at runtime. even if it can bring substantial benefits. consistency.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® rather than technological. higher-level abstractions for science at the platform-as-a-service (PaaS) and software-as-a-service (SaaS) levels can make clouds more accessible to scientists. procurement. and providers—requires special expertise and a significant time commitment. in terms of performance. including support for dynamic cloud bursting and infrastructure federation. billing models. and reliability. can all help resolve the new complexity problem. and operate—we can now shop retail and spend only a few thousand dollars on a per-computation basis as the need arises. merely the growing pains of a deceptively simple but deeply disruptive innovation. and allocation systems aren’t equipped to deal with such a nuanced and multifaceted concept of worth. researchers can now “rent” a large cluster for a short time and complete the computation using all the available resources. such as resource availability. For example. Services and informative benchmarks for service comparison.

Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page

M
q
M
q

M
q

MqM
q

CLOUDS AND SCIENTIFIC COMPUTING

THE WORLD’S NEWSSTAND®

options with varying service levels, networks architectures to support data transport needs and their
interaction with cloud storage offerings, and the colocation of computing and data. Combining those
two areas of exploration into support for cyberphysical systems will ultimately provide a viable platform
for instruments at large.
Lack of understanding of security and privacy
issues as they relate to clouds is a critical barrier to
adoption, especially in areas dealing with private
data such as biomedical applications. Clouds renegotiate the security space with new types of attacks proposed all the time, emphasizing the need
for high-quality security mechanisms because of the
sharing of storage and computing.
In addition to crosscutting cloud security challenges, specific issues related to cloud and CI integration with CDS&E include the interoperability
with broader CI security mechanisms and policies,
such as single-sign-on, federated identify management (such as inCommon, cilogin, and SCIM), and
security policies and mechanisms for specific applications (including differential privacy and data ano-

demonstrated. Such challenges are also effective in
nucleating a community. On the cloud computing
frontier, such challenges to date have been driven
more by what we can answer than by what we’d like
to know. This approach highlights the strengths of
a technology, but it doesn’t fully relate it to the context of surrounding requirements. Offering specific
problem formulations as well as benchmarks and
metrics in collaboration with the scientific community will help address this shortcoming and highlight areas in which additional work is necessary.

Construct Experimental Testbeds
An open, reconfigurable experimental testbed—large
enough to reflect the scale appropriate to handle the
big data and big compute challenges we face—is as
critical to the advancement of computer science as
large instruments such as LHC are to the advancement of physical sciences. A testbed alone is insufficient, however. Data that can lead to specific problem formulations, such as cloud utilization data, is of
critical importance as well. This data is often available only from commercial providers, and thus collaboration between academia and industry
emerges as a critical ecosystem element
of such a testbed.
Another critical enabler is the deep
What can we do to overcome obstacles
familiarity with specific usage patterns
that can be obtained only by working dito adoption of a promising innovation
rectly with application scientists. Open
access to such resources, problems, and
and catalyze its impact?
data will create a community operating
within the same collaborative context
and thus capable of creating research
nymization requirements for bio/medical informat- that is more than the sum of its parts. A viable exics applications). Investments in homomorphic or perimental testbed should therefore place emphasis
partial homomorphic encryption are driven largely on building such a community.
by the needs of those applications.
Standards, Policies, and Practices
Many important standard activities exist, from those
The Path Forward
What can we do to overcome obstacles to adoption specifying the basic virtual machine structure to
of a promising innovation and catalyze its impact? higher-level standards defining the PaaS/SaaS enWe propose several ideas that can accelerate the de- vironment. Although these standards, such as the
velopment of cloud computing capabilities relevant Open Grid Forum’s Open Cloud Computing Interto science and promote an understanding of the im- face (OCCI) in OpenNebula and OpenStack, have
some support, this area is still under development,
pact of its power.
with the US National Institute of Standards and
Technology (NIST) and IEEE playing leadership
Throw Down a Challenge
A well-defined challenge that captures the gradient roles. In addition, substantial progress is needed to
of missing capabilities can be an effective vehicle enable the procurement of services through capped
of progress. Successive milestones in responding to purchase orders or subcontracts; subaccount adsuch a challenge can be a good yardstick for judg- ministration; resource and authority delegation; and
ing the state of the art of a promising technology, as monitoring, managing, and reporting. Furthermore,
projects such as the Top 500 list have successfully the development and modification of codes adapted
26

I EEE CLO U D CO M P U T I N G

W
W W.CO M P U T ER .O RG /CLO U D CO M P U T I N G
_________________________

Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page

M
q
M
q

M
q

MqM
q
THE WORLD’S NEWSSTAND®

Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page

M
q
M
q

M
q

MqM
q
THE WORLD’S NEWSSTAND®

to the cloud environment require a unique skill set
that necessitates appropriate educational and training structures.

4. K. Keahey and T. Freeman, “Science Clouds:

Practice Makes Perfect
Some problems can be fully understood and resolved
only by facilitating the use of clouds in practice, in
the context of specific applications or application
groups, and by experiencing and solving problems
on the fly. Encouraging cloud-based application
platforms will lead to solutions that offer practical
solutions and thereby generate more confidence,
familiarity, and expertise related to this emergent
platform.

5.

6.

7.
lthough industry has enthusiastically embraced
cloud computing, and it has demonstrated enticing possibilities for various branches of science—particularly those that place a premium on on-demand
availability such as the experimental sciences—cloud
computing currently runs the risk of getting stuck
crossing the chasm between potential and reality in its
broad application to scientific problems. This impasse
is due to the computationally demanding nature of scientific applications, both in terms of performance and
infrastructure support, as well as the lack of economic
flexibility in the scientific environment. Catalyzing
progress in this space is essential before the potential
of clouds as enablers for science can be realized.
As we look to the future and ponder the needs
of technologies underlying future experimental instruments that integrate computation as an inherent component, we can see this will become all the
more important. Such computations will rely on the
on-demand availability and control over the environment provided by infrastructure clouds. They will
also require support for the big compute applications
that are currently running in HPC centers. Finding
ways to overcome the performance, usage modes,
and infrastructure barriers currently dividing clouds
and HPC is therefore of primary importance.
References
1. M. Parashar et al., “Cloud Paradigms and
Practices for Computational and Data-Enabled
Science and Engineering,” Computing in Science
& Eng., vol. 15, no. 4, 2013, pp. 10–18.
2. J. Balewski et al., “Offloading Peak Processing to
Virtual Farm by STAR Experiment at RHIC,” J.
Physics Conf. Series, 2012, p. 368.
3. E. Deelman et al., “The Cost of Doing Science on
the Cloud: The Montage Example,” Proc. 2008
ACM/IEEE Conf. Supercomputing, 2008, pp. 1–12.
M AY 2 0 14

8.

Early Experiences in Cloud Computing for
Scientific Applications,” Proc. Cloud Computing
and Its Applications, 2008, pp. 825–830.
G. Fox and D. Gannon, “Programming Models
for Technical Computing on Clouds and
Supercomputers (aka HPC),” Proc. Cloud Futures
Workshop, 2012; http://research.microsoft.com/
en-us/um/redmond/events/cloudfutures2012/
________________________________
monday/
Plenar y_ ProgrammingParadigms_
_______________________________
Geoffrey_Fox.pdf.
____________
K. Yelick et al., The Magellan Report on Cloud
Computing for Science, Office of Science and
Office of Advanced Scientific Computing
Research (ASCR), US Dept. of Energy, 2011.
J. Lange et al., “Minimal Overhead Virtualization
of a Large Scale Supercomputer,” Proc. 2011 ACM
SIGPLAN/SIGOPS Int’l Conf. Virtual Execution
Environments (VEE), 2011, pp. 169–180.
Z. Li and M. Parashar, “Grid-Based Asynchronous
Replica Exchange,” Proc. 8th IEEE/ACM Int’l
Conf. Grid Computing, 2007, pp. 201–208.

KATE KEAHEY is a scientist in the Mathematics
and Computer Science Division at Argonne National
Laboratory and a senior fellow of the Computation
Institute at the University of Chicago. She created and
leads the Nimbus Project, recognized as the first open
source infrastructure-as-a-service, implementation
more recently focusing on infrastructure platform tools.
Her research interests focus on resource management
in cloud computing and cyberphysical systems. Keahey
has a PhD in computer science from Indiana University. Contact her at _____________
keahey@mcs.anl.gov.
MANISH PARASHAR is professor of electrical and
computer engineering at Rutgers University. He is
also the founding director of the Rutgers Discovery Informatics Institute (RDI2), site codirector of the NSF
Cloud and Autonomic Computing Center (CAC),
and the associate director of the Rutgers Center for
Information Assurance (RUCIA). His research interests are in parallel and distributed computing, with
a focus on computational and data-enabled science
and engineering. He is fellow of the IEEE Computer
Society and AAAS. Manish has a PhD in computer
engineering from Syracuse University. Contact him at
parashar@rutgers.edu.
______________

Selected CS articles and columns are also available
for free at http://ComputingNow.computer.org.

I EEE CLO U D CO M P U T I N G

Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page

27
M
q
M
q

M
q

MqM
q
THE WORLD’S NEWSSTAND®

Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page

M
q
M
q

M
q

MqM
q

CLOUD SECURITY

THE WORLD’S NEWSSTAND®

Practical Methods for
Securing the Cloud
Edward G. Amoroso, AT&T

Combining the various methods of securing the cloud
infrastructure, services, and content can help meet
or exceed the protection benefits of a traditional
enterprise perimeter.

he advantages of virtualizing servers, databases, and applications into the
cloud are well known: hardware costs are reduced, content becomes more
ubiquitous, and IT services can better adapt to an organization’s changing
needs. Such benefits have led to many new cloud initiatives, ranging from
private cloud efforts behind corporate firewalls to the widespread use of
publicly accessible cloud services such as Amazon Web Services (AWS).
Despite the success of these cloud-based initiatives and services, concerns remain
about security protection. The financial services community, for example, is engaged in
a vigorous debate about whether public cloud services are secure enough for financial
applications.1 The specific cloud threats generally cited include the compromise or
unauthorized modification of cloud-resident financial data, as well as the possibility that
denial-of-service attacks will cause cloud-resident financial data to become unavailable.
28

I EEE CLO U D CO M P U T I N G P U B L I SH ED BY T H E I EEE CO M P U T ER S O CI E T Y

2325- 6095/14/$31 .0 0 © 2014 IEEE

Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page

M
q
M
q

M
q

MqM
q
THE WORLD’S NEWSSTAND®

is often used in conjunction with a private cloud deployment. r A public cloud with service gateways involves popular cloud services used by millions of individuals and businesses today. Integration is usually straightforward between a private cloud and the enterprise security information and event management (SIEM) system. an organization can meet or exceed the existing security capabilities offered by its enterprise perimeter. enterprise perimeter-protected datacenters host cloud services and/or are used to virtualize applications. including key management to further protect cloud-resident content. for example. The safeguards inherent in the private cloud approach include the following: r Identity and access. r Cloud access brokers integrate security measures such as authentication or access monitoring for users accessing cloud services. Private Cloud with Enterprise Perimeters The most common solution for enterprise organizations seeking to mitigate cloud security threats currently involves building a virtual infrastructure inside an existing corporate firewall (see Figure 1). r Runtime security virtualization integrates dynamic runtime virtual security functions directly into virtual entities in the cloud. despite the perimeter solutions available to protect the enterprise. complex policy-based decisions I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 29 M q M q M q MqM q THE WORLD’S NEWSSTAND® . and a data loss prevention (DLP) tool. provide customizable identity and access management support for private cloud deployments. Using a private cloud infrastructure within the enterprise. Encryption solutions from companies such as Checkpoint Software support integration into cloud-resident data storage. With this approach. r Firewall. and DLP. The challenge associated with private cloud implementations is that. Private clouds can integrate enterprise encryption capabilities. Enterprise auditors and regulators approve of this architecture because the familiar perimeter remains a primary control for security compliance. By properly utilizing these practical cloud security methods. and applications. r SIEM analytics. HP’s ArcSite SIEM. The goal of this survey is to provide cloud decision makers with broader insight into how best to mitigate cloud-specific security threats.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® Enterprise organizations and cloud service providers today are using several practical methods to secure their cloud infrastructure and services: r A private cloud with enterprise perimeters is the most common large enterprise approach to securing cloud content. an intrusion detection/prevention system (IDPS). the typical organization is still unable to stop attacks such as advanced persistent threats (APTs) from the Internet. Private clouds mediate external access from untrusted. In addition. r Content encryption focuses on protecting data stored in the cloud from unauthorized compromise and leakage. These services and applications are accessible only to users who have been properly authenticated and securely admitted to the corporate intranet. nonenterprise users via the corporate firewall. providing data analytics and incident response processes and tools. IDPS. thereby making this technology more acceptable to a wider range of industries. r Encryption. A private cloud available for internal enterprise users is easily integrated with existing identity and access management functions. for example. environments. Cisco Systems. Figure 2 illustrates the security architecture for a typical private enterprise cloud. offers intrusion detection and prevention signatures that protect private clouds utilizing an enterprise perimeter. such as corporate directory services. r Session containers ensure that data are properly removed from client devices such as mobile devices after cloud access. but without the security concerns that come from ubiquitous. open access. This is a mature security approach that’s consistent with existing protection strategies for all other enterprise assets. for example. Products such as the IBM Security Identity Manager and Security Access Manager. an organization gains the advantages of M AY 2 0 14 software virtualization. such as reduced hardware costs through shared virtual machines with high utilization.

where X is a wildcard for “infrastructure. customer data. degree of sharing between users. cloud users log into their accounts through dedicated W W W. Purveyors of private clouds may have control over vendor selection. Specifically. combined with the increasingly common method of bypassing the perimeter using mobile devices.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . and business support systems (see Figure 3). and day-today system administration. made over long periods of time to allow a multitude of enterprise services and approved exceptions through the corporate firewall. the approach is vulnerable to collusion.” “compute.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q CLOUD SECURITY THE WORLD’S NEWSSTAND® Internal. The primary public cloud security solution involves dedicated service gateways in front of the cloud platform. but the idea that they’re immune to external attacks because of enterprise perimeter protections is no longer justifiable. Even in the presence of segregation of duty controls. untrusted nonenterprise resident user Private cloud Corporate firewall External access Enterprise perimeter Enterprise network FIGURE 1. trusted enterprise resident user Internal access External network (Internet) External. As such. The result is that private cloud infrastructures have devolved into architectures that are indistinguishable. Public cloud service providers generally differentiate their services via the familiar “XaaS” designation. which is easy to achieve with malware on multiple compromised systems. we can abstract such distinctions to focus on the common underlying architectures in the various public cloud services. as with Sarbanes-Oxley relevant systems. at least to the security engineer. by situating a private cloud inside the enterprise and assuming that internal access can be trusted. Public Cloud with Service Gateways A second approach to cloud security involves using the native protections in a public cloud service.” “software. an organization places its cloud infrastructure at direct risk of compromise.” “storage. have rendered the enterprise perimeter essentially useless from an advanced threat perspective.” For the purposes of this discussion. this mature security approach is consistent with existing protection strategies. Thus.CO M P U T ER . from public cloud systems. Private cloud with enterprise perimeter.2 An additional fatal issue with private clouds is that enterprise security teams can’t stop determined insider attacks.” or even “security. As the most common solution for enterprise organizations. private cloud deployments should never rely on an enterprise perimeter as their sole security control. cloud service fea30 I EEE CLO U D CO M P U T I N G tures.

M AY 2 0 14 I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 31 M q M q M q MqM q THE WORLD’S NEWSSTAND® . The security controls in public cloud services include the following: frastructure behind gateways integrated with perimeter security functions. r User account security. Key security issues include user authentication. r Service provider perimeter. external users. and DLP. however. and so on). r User separation. Private clouds may incorporate additional enterprise safeguards such as encryption and identity management to protect cloud-resident data. firewall exceptions. Admittedly. Organizations such as financial services firms (as mentioned earlier) have expressed low confidence in public cloud security because of a perceived loss of infrastructure control. such as firewalls. Private cloud security architecture. which may introduce shared risks. such as incident response. and the administrative and access controls used to manage accounts. Public cloud offerings can bundle advanced security functions. like all service providers. Similarly. internal networks from untrusted. DLP External access Private cloud Access gateway Enterprise perimeter Enterprise cryptography Internal integration Enterprise network Internal integration Enterprise SIEM FIGURE 2. every organization must connect to the Internet through a service provider. trusted enterprise resident user External network (Internet) Internal access Identity and access management External. the gateway approach to protecting public cloud services is similar to the enterprise perimeter because chokepoints separate trusted. is that public cloud service gateways are dedicated to the cloud service and aren’t subject to the security risks of everyday enterprise usage (email phishing. cloud administrators log into their accounts via side channel infrastructure gateways. r Content distribution. run an in- Figure 4 illustrates the typical security architecture for a public cloud service offering. IDPS. A content distribution network (CDN) reduces distributed denial-ofservice (DDOS) risk for public cloud services. r Virtualized security capabilities. and cloud developers gain access to services and infrastructure through API gateways.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® Internal. Cloud services include logical separation mechanisms that prevent cascading of malware across user accounts or break-ins from one user’s cloud assets to another. Such lack of confidence is inconsistent with the common reliance of business entities on shared services such as the Domain Name Service (DNS). that some smaller enterprise customers or individuals might not be able to afford. The most basic security primitive for cloud service provision is the user account. Public cloud services also typically deploy SIEM functionality inside the provider enterprise. DDOS controls offered by Internet service providers can complement a CDN as well. direct mobile access. Cloud service providers. untrusted nonenterprise resident users Firewall. service gateway interfaces. The difference. provisioning controls. IDPS.

Organizations considering the use of public cloud services must analyze whether advantages such as Internet-facing ubiquity outweigh the risks inherent in any shared. The gateway approach isn’t subject to the security risks of everyday enterprise usage. The encryption algorithm’s strength and key management should be based on risk analysis. then encrypted cloud storage is useless. Many organizations choose to combine public and private clouds into a hybrid arrangement.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . including strongly authenticated user accounts through gateways and user control of permission settings through an account management tool. These risks will vary between providers—as in. 32 I EEE CLO U D CO M P U T I N G Content Encryption To address data confidentiality. Strong. Stated simply.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q CLOUD SECURITY THE WORLD’S NEWSSTAND® Cloud service provider administrator Authorized administrative access External network (Internet) Unauthorized external traffic Authorized external users Public cloud Cloud service gateways Access (usage or API) Cloud provider network Cloud provider perimeter FIGURE 3. Cloud encryption works only if the underlying cryptographic algorithm or supporting key management can’t be broken. but it usually increases costs. Public cloud with service gateways. The adoption of a public cloud for dedicated or even hybrid arrangements thus requires a degree of transparency on the part of the public cloud service provider. the ability of that provider to fend off denial-of-service attacks. Nevertheless. cloud encryption is generally designed to ensure that cloud-resident content can’t be retrieved as plain text by APT malware or by compromised insiders with direct access inside a perimeter. public cloud users should integrate additional security controls such as the ones described in the remaining sections here. Hybrid clouds introduce orchestration issues for security mechanisms that differ between the component clouds. The over-the-top encryption approach lets users maintain control of key management and infrastructure.CO M P U T ER . if malicious actors can easily gain access to decryption keys. Dropbox is a popular public cloud service that provides security solutions. for example. For example. resilient ciphers that utilize expert cryptanalysis are readily available. identities established in one cloud will require federation to other hybrid elements. external service. so the primary focus is generally on the security of the underlying key management. The primary security requirements for encrypted content in the cloud are as follows: W W W. Encryption tools can be integrated on top of a public or private cloud infrastructure or can be selected from native encryption features offered by the cloud service provider (see Figure 5).

The idea is that any user interested in obtaining access to cloud services or content would initiate a secure connection that would maintain end-to-end closure. Encrypting cloud data prevents backdoor leakage and restricts access to privileged users and administrators. include filters that scan in-bound and outbound cloud content for the presence of malware. Cloud service providers run an infrastructure behind gateways integrated with perimeter security functions. Such interoperability with public. Public cloud security architecture. for example. CipherCloud’s Searchable Strong Encryption (SSE) is one example. not unlike the way HTML5 sessions are encapsulated between the browser and website. r Cloud storage malware resistance. Additional tools exist to ensure that malicious users don’t insert malware directly into the cloud. I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 33 M q M q M q MqM q THE WORLD’S NEWSSTAND® .Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® Cloud service provider administrator External network (Internet) Authorized administrative access Authenticated user account management Unauthorized external traffic CDN Authorized external users Private cloud Gateway security (firewall. A key consideration for session containers involves support for multiple personas. where session-contained access to proprietary applications such as payroll systems is done under a corporate persona. The functional requirements for most cloud ciphers include maintaining search capabilities for stored data as well as the ability to perform big data analysis. especially in the case of remote access tool (RAT) attacks that target individuals with authorized access to data. Such closure usually requires a software client-server arrangement with the provision that no residual information exists on the client device after the session has been completed. Cloud fedM AY 2 0 14 eration and orchestration of key management infrastructure in hybrid systems require a bit more attention. but they’re still practically workable. access to nonbusiness relevant applications such as games or YouTube is done under nonsession-contained access in a noncorporate persona. Many companies provide encryption for cloud systems data at rest. r Stored data secrecy. or hybrid cloud capabilities and associated business processes is an important requirement for encryption solutions. IDPS. Companies such as CipherCloud. Bring-yourown-device (BYOD) environments. including Pawaa. private. Session Containers A cloud security solution for mobile access to a public cloud involves a session container (see Figure 6). for example. Correspondingly. Encryption provides malware resistance for stored data. DLP) Separation Access (usage or API) Cloud provider perimeter Internal integration Cloud provider network SIEM FIGURE 4. require differentiation between corporate personas. which encrypts files at the device before they are sent off to the cloud infrastructure for storage.

secrecy. Nevertheless. stored plaintext content Successful data capture Cloud Unsuccessful data capture Perimeter Direct. organizations are advised to integrate session containers into their use of public. In complex environments. back door inside access to data Malicious actors APT attack Perimeter firewall APT attack Successful data capture Unencrypted. Session containers provide dynamic separation of different user activities within the cloud. Algorithms for secure wipe are available. Encrypted content in the cloud. r Data separation. provides a session container solution that allows for access to cloud applications from a variety of devices. and authentication functions are supported on a per-session basis. Encryption tools integrated on top of a public or private cloud infrastructure can further protect cloud-resident content. and wipes the data securely afterward. especially in private clouds.4 Session containers provide security benefits for cloud services in the following functional areas: mentalizing different personas on a client device is long established in computer security. Modern implementations of BYOD programs using session containers generally allow granularity at the persona or application level.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . AT&T’s Toggle product. for example. 34 One additional consideration is the degree to which data that temporarily reside on client systems are properly wiped. once a user has completed access to a cloud-resident object such as an application. The idea of compart- Most session containers include support for end-to-end encryption. r Multiple persona support. private. The separation is enforced at the client and server levels by controls that keep data from being intermingled with resources outside the container. The biggest practical issue with session containers is whether they work with legacy computing. Session containers ensure that. integrity.CO M P U T ER .Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q CLOUD SECURITY THE WORLD’S NEWSSTAND® Malicious insider Direct. for example. The company Bromium uses hardware assistance to ensure trusted separation during user access to cloud resources. Invincea. When end-to-end encryption is employed. Thus. provides flexible multiple persona support with the ability to create customized server controls. stored plaintext content Encrypted. back door inside access to data Unsuccessful data capture Malicious insider FIGURE 5. r Client system data wipe. I EEE CLO U D CO M P U T I N G W W W. the associated data are properly wiped from the client device. or hybrid clouds. session containers often can’t create the runtime support environment required for user access and local computing requirements. although this may not be required for less critical applications. such as mobile smartphones. Encryption might incur minor additional overhead and additional key management infrastructure support. and session container users should check with their vendor to ensure acceptable implementation of well-known standards. local testing is necessary to determine the feasibility of this approach.

Cloud access proxies in active mode can mitigate malware or policy violations in real time. The specific security advantages of the cloud proxy method include the following: r Passive security monitoring. Similarly. Qualys offers a WAF solution called QualysGuard that integrates well with common cloud services such as AWS. For example. however. which includes more functionality (such as encryption support) than just proxy or simple gateway services.3 Nevertheless. The user may obtain access to cloud services or content via a secure connection that maintains end-to-end closure. often implemented as a forward or reverse proxy. r Active security mitigation. in which case in-line mitigation is possible. Generally. With cloud access to public or hybrid clouds. If the cloud access is encrypted. because changes in applications require that the WAF also be adjusted. can be used to provide enhanced security. Off-line cloud access brokers can passively collect statistics about the use of cloud services.” and “broker” synonymously. A provider can modify an existing broker collecting information about one attribute to collect information about another property. Thus.” “proxy. even when the solution resides between clients and cloud solutions. or active. such a capability is similar to a Web application firewall (WAF). which offers a proxy solution for enterprises that works well with private clouds. This may be desirable for organizations that want to better understand the intensity and nature of public cloud use from the enterprise. rather than applications on Web sites. because it breaks the end-toend nature of the client-server secrecy. Providing certificates and keys to brokers has always been an issue of some debate. in which case indicators and security statistics are provided. Session container. this article uses the terms “gateway. Adallom provides a cloud access proxy tool that resides in the authentication path between clients and cloud applications for the purpose of collecting information for security teams. the cloud access broker will require the ability to interrupt the end-to-end secrecy. Brokers can be passive. WAF maintenance is more complex than tradiI EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 35 M q M q M q MqM q THE WORLD’S NEWSSTAND® . a special broker. Positioning proxies at the perimeter has been the basis for several growing successful companies. as in a session container. This is a double-edged sword. an in-line broker such as a WAF can be adjusted to meet a changing policy or maintain consistency with changes in an application. such as Blue Coat Systems. the Gartner Group has introduced a concept called a Cloud Access Security Broker. Brokers implemented as proxies have been included in security architectures for many years.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® Cloud session Client container Cloud object Cloud session (contained) Cloud user All cloud data destroyed after session completed Cloud Cloud session server (shared) FIGURE 6. Blue Coat has successfully virM AY 2 0 14 tualized their proxy capability to support this type of use. The idea behind such man-in-the-middle security functionality is that when any user decides to access a cloud-based application. Cloud access brokers allow for flexible integration of new security capabilities. Cloud Access Broker A security method that provides additional security capability for cloud application usage involves the use of a broker that either observes or integrates with the authentication path from users (see Figure 7). the proxy must be more ubiquitous and virtual because no perimeter exists.

can provide either passive security monitoring or active security mitigation. the WAF would exist as a virtual machine appliance woven into the execution. they create a customized runtime environment for the cloud object. desktop. The result is the dynamic creation of runtime security components that are virtualized alongside the cloud objects they’re intended to protect. and DLP should be embedded in the same environment (see Figure 8). SIEM) Cloud access security module (offline) Cloud user Cloud access Cloud access Cloud object Cloud access security broker (inline) Cloud access gateway Cloud object Cloud user Active mode: in-line security mitigation (firewall. The primary security controls offered by the runtime virtualization approach to cloud security include the following: Runtime Security Virtualization The most innovative security solution in the cloud ecosystem involves the dynamic creation of runtime security virtualization. r Tunable policy based on assets. the application resides on a physical Web server. As objects such as virtual machines are created into the cloud. Cloud access broker. Traditionally. They can help simplify access from an organization to multiple vendor clouds. so compliance auditors should accept brokers as suitable control replacements as organizations virtualize on the cloud. The idea is that as the computing. Any WAF can be inserted physically into the network access path.CO M P U T ER . If we port that application to a virtual machine on a hypervisor-based system integrated into a cloud platform. An example of runtime virtualization involves the provision of a virtual WAF to protect an HTTP application. IDPS. or other device. broker solutions for cloud access will likely be important components in cloud security architectures in the coming years. which often require no rule changes when applications are modified. In particular. an object with a low security risk might have light functional W W W. either as a proxy or gateway function. tional five-tuple firewalls. accessible by users with 36 I EEE CLO U D CO M P U T I N G r Security for dynamic objects. storage. IPS) Passive mode: in-line security monitoring (IDS. With runtime security virtualization. then the WAF can be virtualized as well. the security protections associated with such objects are created dynamically.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . AWS offers this type of protection for many of its services in conjunction with companies such as Tenable Systems and AlertLogic. They’re also comparable in their operation to familiar security tools such as firewalls. different assets that reside together in the same cloud can be associated with different security protections. Brokers. security functions such as firewall. tracing all users accessing the application from their mobile. Nevertheless. browsers. and infrastructure are embedded in a virtual runtime system. often implemented as a forward or reverse proxy. In essence. for example. Because providers can customize security.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q CLOUD SECURITY THE WORLD’S NEWSSTAND® Passive mode: offline security monitoring (IDS. SIEM) FIGURE 7.

memory) Cloud user Cloud object configuration Cloud object configuration Cloud object provisioning Cloud object provisioning Runtime object functionality (CPU. above the state of the practice but below target protection levels (solution B in Figure 9). IDPS. The possible solutions for threat protection are either below the state of the practice (solution A in Figure 9). it must be determined whether the cloud security methods adequately mitigate advanced attacks. r Expandable security protections. but compliance frameworks measure attention to management process rather than whether a target system is actually secure. Second. possible threat vectors. protections. whereas another object with high risk might include multiple. IDPS. Many readers would list compliance as the top of their priority list. VMware includes support for such runtime protection as part of its native suite of cloud services. DLP. In addition.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® Object function specification (CPU. r Flexible security vendor management. Runtime virtualization. Although accurate threat assessment requires a detailed investigation of local assets. SIEM) Runtime security functionality (firewall. First. which implies some target degree of protection higher than existing cloud solutions. Layer 7 intrusion-detection support for DDOS protection from companies such as Radware can be virtualized to expand during a major attack and contract afterward. Runtime security components are virtualized alongside the cloud objects they’re intended to protect. a provider can dynamically expand the runtime environment to include more protection. memory) Object attributes Runtime security provisioning Cloud object Object attributes with security Runtime secured object Cloud user Security function specification (firewall. because the vast majority of practical cases will include a legacy enterprise demilitarized zone (DMZ). and the consequences I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 37 M q M q M q MqM q THE WORLD’S NEWSSTAND® . Industry groups such as the Cloud Security Alliance (CSA) have done a good job advancing this notion of security versus compliance. SIEM) FIGURE 8. M AY 2 0 14 he most important consideration in securing cloud services and infrastructure is whether the methods selected can properly mitigate relevant threats. more intense security functions. The dynamic nature of virtual runtime protections allows for multiple layers of defense using different security vendor products. Catbird provides a cloud security platform that includes virtual machine appliances that allow for customization of protection across different assets. or above target protection levels. During an event such as a DDOS attack. DLP. if a vendor is no longer desired or needed. Service providers such as AT&T are also in the process of creating similar marketplace offerings for their customers. it must be determined whether the cloud security methods provide equivalent protection to an existing perimeter. AWS has already established an impressive portfolio of security companies offering dynamic runtime protection. especially with respect to winning customer contracts for cloud services. it can be easily decommissioned from the runtime environment by simple changes in API calls. Determining whether a given arrangement of practical cloud security methods for some environment can sufficiently mitigate threats must include two important thresholds. but below perfect (solution C in Figure 9). The advantages of this runtime approach have led to the planning and development of security marketplaces for cloud service users.

vol. 2014. Amoroso has a PhD in computer science from the Stevens Institute of Technology.com/ it-glossary/cloud-access-security-brokers-casbs. Nat’l Industrial Security Program. EDWARD G. References 1. 2006.org/events/ Cloud_Finance. private. “Trusted Computer System Evaluation Criteria (TCSEC). 3. New York Technology Council. ____________ W W W. and session containers for client access to critical data and applications. Gartner. “IT Glossary. and systems to the cloud. US Dept.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q CLOUD SECURITY THE WORLD’S NEWSSTAND® Solution A: Below state of practice No protection Solution B: Above state of practice. Contact him at eamoroso@att. or hybrid cloud with full integration of perimeter protections into the cloud infrastructure. cloud providers and users can achieve approaches consistent with solution C. the cloud security solution C approach would provide a higher degree of protection for their data in public. or hybrid cloud with full integration of perimeter protections into the cloud infrastructure.” IEEE Security and Privacy. Amoroso. including its emerging Long-Term Evolution (LTE) mobile network and cloud services. of Defense. 23–31. no. proxy access capabilities for authentication and monitoring. solutions for threat protection range from below the state of the practice (solution A). and dynamic runtime protection for all cloud objects based on a threat assessment.” panel discussion. E. 1. 1988). __________ 2. encryption of stored data.com. but here’s one possible approach: r Cloud security solution A implementation (below the state of the practice)—utilize a public. “From the Enterprise Perimeter to a Mobility-Enabled Secure Cloud. or hybrid cloud with no additional protections beyond perimeters and gateways. Readers can create classes as they see fit for their environment.22-M. where he also serves as an adjunct professor of computer science. but below perfect (solution C). 27 Mar. 1983 (updated 21 Mar. where his primary responsibilities lie in the real-time protection of AT&T’s vast enterprise. but below target)—utilize a public. above the state of the practice but below target protection levels (solution B). 15 Aug. For organizations that currently protect their data using an enterprise perimeter with presumed trust for insiders. or hybrid clouds because it addresses insider threats and 38 I EEE CLO U D CO M P U T I N G APTs without dependence on any perimeter. https://www. AMOROSO is the senior vice president and chief security officer at AT&T.gartner. “Cloud Computing in the Finance Industry. private. but below perfect)—utilize a public. private. Specifically. 28 Feb. and computing infrastructure.5 a hierarchy emerges. pp. the migration of data. 11. private. of an attack.” 2013. by arranging our cloud methods into broad equivalence classes. r Cloud security solution C implementation (above target. “National Industrial Security Program Operating Manual. He also manages AT&T’s intellectual property and patent development group. Security protection effectiveness. session containers for client access to critical data and applications.28STD (popularly known as the Orange Book). 2013. www. r Cloud security solution B implementation (above the state of the practice.” DOD 5220. below target Typical protection (existing) Solution C: Above target. should be immediately adopted to promote both IT and cybersecurity objectives. or above target protection levels. ______________________________ 4. encryption of stored data. motivated by the original Orange Book security criteria. even in critical environments such as financial services. US Dept.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® .CO M P U T ER . Today.” DOD 5200.nytech. applications. we can argue that by combining the practical methods for securing the cloud described here into a cohesive security architecture. He was awarded the AT&T Labs Technology Medal and is an AT&T fellow. 5. of Defense. below perfect Target protection (practical) Perfect protection (theoretical) FIGURE 9. network. In this scenario.

Example topics of interest include.com/ ccm-cs. and related application areas. practical. ibrahim. security and privacy of big data are vital concerns which have received less research focus. Articles should be at most 6.  However.khalil@rmit. Submit your papers through Manuscript Central at https://mc. and cloud based platforms are increasingly utilized as potential hosts for big data. privacy. Purdue University. but are not limited to: t Access control in big data Submission Guidelines Submissions will be subject to IEEE Cloud Computing magazine’s peer-review process.edu. zahir.computer. and original. contact the guest editors: t Models and languages for big data storage t Data privacy preservation t Joint encryption and compression of big data t Obfuscation of big data t Watermarking of big data t Bharat Bhargava. All accepted articles will be edited according to the IEEE Computer Society style guide. The writing style should be down to earth.000 words. Australia. USA. The aim of this special issue is to solicit both original research and tutorial articles that discuss the security and privacy of big data within the cloud.edu _____________ t Ibrahim Khalil.tari@rmit. and trust in big data t Collaborative threat detection using big data analytics Guest Editors t Big data encryption For more information.edu. _____ t Network security.manuscriptcentral. bbshail@purdue. Current work on big data focuses on information processing such as data mining and analysis.au ______________ www. with a maximum of 15 references. big data.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® Call for Papers Special Issue on Secure Cloud Computing Techniques for Big Data For IEEE Cloud Computing’s Sep/Oct 2014 issue Submission Deadline: 20 July 2014 D ata explosion is an ever-evolving area of focus in business and research. RMIT University. Australia.org/cloudcomputing Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . RMIT University.au _________________ t Secure and efficient transmission of big data t Secure storage/retrieval of big data t Secure database transactions of big data t Zahir Tari. and should be understandable to a broad audience of people interested in cloud computing.

6095/14/$31 . to security and privacy. from standards and compliance. IBM Yousef A. Shell Stefan Pappe. Tom Edsall: The industry is trying to figure out what cloud computing is and where it’s going. EIC Mazin Yousif chats with cloud experts from Cisco. T-Systems International Tom Edsall. what people are looking for is the lowest total cost of ownership (TCO). 40 Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . They discuss a range of issues. Whether you’re trying to provide or consume cloud services.0 0 © 2014 IEEE Mazin Yousif: Thank you for participating in our roundtable. IBM. Microsoft In this issue of IEEE Cloud Computing. Shell. as well as the service provider. achieved through agility—that is. the ability I EEE CLO U D CO M P U T I N G P U B L I SH ED BY T H E I EEE CO M P U T ER S O CI E T Y 2325. There’s a lot of change occurring. Khalidi. and Microsoft about directions in cloud computing through 2020. Cisco Johan Krebbers. as you would expect with any sort of large idea that’s relatively new in the mind of the individual consumer and the enterprise.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q ROUNDTABLE THE WORLD’S NEWSSTAND® EDSALL KREBBERS PAPPE KHALIDI Cloud Computing Roundtable Mazin Yousif. Let’s start with each of you taking a few minutes to tell us about the current state of cloud computing in the market. to the role of open source.

and how would you meet my requirements. but it does not need to be. Also. which is what clients often implement these days. but the questions have shifted to. This is where APIs and standards come in to enable a variety of integration and delivery models. “What is the cloud and what does it really mean?” “What’s the difference between hosting and cloud. as I don’t believe in private cloud—around four years ago. I would like to distinguish between off-premise and on-premise deployment models. but increasingly we see production workloads as well. So. data governance. Internet-facing workloads. the hype cycle was really high and the workload was still new. Clients often start with an IaaS and with specific workloads—for example. This means they require very short development cycles and a continuous delivery model. when we use platform as a service (PaaS). but that is M AY 2 0 14 changing as we speak. There are still always questions about compliance. security. The cloud services consumed are mainly IaaS. These services are often implemented as workload patterns. This trend is fueled by the increasing number of what we call systems of engagements. there are workloads that stay on premise. So when we can’t use cloud. what we see is often a mix of on-premise and off-premise cloud models. “What is the cloud?” to “Why should I use the cloud.” Fast-forward a couple of years and the question shifted from. security. clients still want to see a single catalog and a single service-management interface. which are then uniformly standardized and offered to all developers across an enterprise. we’re seeing more complex patterns. Both can be dedicated or shared. Systems of records include enterprise resource planning (ERP) systems. we prefer larger providers over small ones for fear that smaller providers will go out of business and we might not be able to retrieve our data. That said. mobile and/or social applications. Yousef Khalidi: If you look back three years. Stefan Pappe: You don’t hear me saying public and private cloud because it means so many things to different people. which will always be around—but they’re more and more frequently front-ended by the new systems of engagements. we rely on local datacenters. different from the traditional system of records. “Yes. You see services from vendors left I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 41 M q M q M q MqM q THE WORLD’S NEWSSTAND® . They usually start with simple Web service database patterns. Additionally. private cloud is often dedicated. Most enterprise customers were asking. and so forth?” If you fast-forward to today. The resulting organizational pattern is called a hybrid cloud pattern. let’s say to 2007 or 2008 or 2009. and then deploy and expand them. for example—the transaction systems of the world as we know them. Let me take a client view and reflect on how clients currently adopt cloud. especially requirements related to compliance. These PaaS services are often based on open source models such as Cloud Foundry. But regardless. we’ll go to a big cloud and put our stuff there. “My CIO said ‘use the cloud.’ What can I use it for? Which of my applications are appropriate for the cloud? When do I adopt the cloud in my technology-refresh cycle? In which geographical location should I do this? In which should I not?” What I see at the moment is that adoption is definitely there. Sometimes there are real reasons and other times there are perceived reasons and feelings for not putting certain workloads on the cloud. for example. we’re moving to software as a service (SaaS). That drives the growth of managed service providers. Now. These types of applications require short turnaround times. it’s unlikely that we’ll retrench back to just an on-premise software model. which represents a more agile type of application and application development. many of those questions are gone. and control. which are. The next level of services that are already accepted is PaaS. A good share of clients is already adopting cloud services. Johan Krebbers: Royal Dutch Shell started looking at cloud—meaning public cloud. such as high-performance computing (HPC). allowing smooth transitions between clouds. and why should we even bother?” Startups might have thought. Latency is not really a major cloud challenge for us.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® to quickly adapt applications to the cloud. focusing mainly on infrastructure as a service (IaaS). They react quickly to new client demands and market changes. When we go for a SaaS offering. Another entry point is clients putting test workloads into the cloud. Public cloud is often shared. it’s our inability to export our data from selected countries.

If you look at what people have on premW W W. I use a public cloud and I use it in a shared environment. starting with the operating system (OS) level. That drives down your cost. perhaps not the backend transactional applications. Does that mean the industry needs to do a better job defining these terms? Is there market confusion? Pappe: I think there is confusion and sometimes we confuse them ourselves. which means faster time to value. but if we look at some of the negatives. Virtualization is a necessary condition for cloud but it’s not sufficient. so whatever your business needs. Edsall: There are a lot of considerations and everybody focuses on the positives of going to a cloud. That type of transformation needs to be clearly spelled out with clients. and you have direct control over it. but your internal compliance still needs to be executed with manual hand-offs and evidence gathering.” That defines it. and changing an OS level might have a far reaching ripple effect. Edsall: Virtualization is so overused it’s not even a useful term anymore. Yousif: There’s also confusion using the term “virtualization. Therefore. It comes with a transformation need for the client moving to cloud because you need to clearly articulate the levers to lower the cost and increase agility.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . but the cloud is beyond that. which is off premise in another country. You need to virtualize both the compute infrastructure and the network infrastructure. customized. But the core question now is how I should use the cloud vis-à-vis the rules of constraint I might have with my on-premise systems. but more organizations now depend on the cloud to run their business. There’s a balanced discussion happening as we speak. 42 I EEE CLO U D CO M P U T I N G Yousif: I would like you to come up with statements about the pain versus gain when moving applications to an off-premise cloud. You move to cloud usually to lower the cost and increase your agility. importantly. but there might be dependencies with your middleware and your applications. it might be easy to move applications off premise. clearly there are compliance and regulatory concerns that have already been mentioned. I think it’s perfectly fine to use public and private cloud if you define what you mean. you might end up not having improved your overall time for service activation. On a related note. If you do not change your post provisioning processes. It’s yours. and application to be able to lower the number of elements in your service catalog because this will result in greater consistency and less cause for errors when moving from development to test to production. you can get your data from anywhere. OS. Lowering the number of variants of catalog elements makes it also easier to automate. You have total control. Khalidi: I use the term “on premises” to refer to data and applications that are controlled by you behind some security wall—within your datacenter. and actions like that to fulfill your internal compliance. not realizing that sometimes it might be painful to move workloads off premise. “Oh. middleware. your server is up in minutes. and. I think it makes a lot of sense. Sounds simple. but not so easy to move the data. Khalidi: I strongly believe on premise will stay for a long time. This means you need to standardize your stack.CO M P U T ER . but sometimes I hear conversations in which different things are just implicitly assumed. Yousif: Let’s have a little discussion on private and public versus on and off premise. A cloud basically includes scale and is truly global. in another datacenter. which is not the case. With that. And then you can automate the heck out of it because instead of 400 variants you have maybe 10. and the adoption I’m seeing now spans the spectrum from customer premises to the public cloud.” which some people refer to meaning cloud. The agility aspect is very useful for many customers. and some people confuse virtualization with cloud.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q ROUNDTABLE THE WORLD’S NEWSSTAND® and right and people are seeing advantages to the cloud. We’re also seeing enterprise mission-critical applications being put in the cloud. Your IT department can see the gear and wires. Khalidi: I’ve seen a lot of confusion in the marketplace. You need to have the on-demand aspect. because this is often overlooked—which means there’s a need for internal transformation to fully exploit the benefits of the cloud. it’s good to say. the scale. but that comes with a price. Pappe: An interesting topic because sometimes we see migration to cloud as a technology exercise and miss the transformational aspect. and it can reside almost anywhere. One aspect is the need to standardize—not necessarily cloud standards—but the number of variants you operate in your environment. Edsall: I like the terminology that Stefan was suggesting. Sometimes people think they can move everything to the off-premise cloud and still do better than on premise.

in which case you really need a hosting place. and storage blurring. Edsall: I agree that what Stefan is talking about is a big part of what we’re going to see in the future. One example is Cisco and IBM working together on a group-based policy model that’s being pushed into OpenStack and Open Day Light ODL. if you couple this programmable infrastructure with workload awareness. you’ll see your large transactional big database systems supporting your ERP system and the like. and the line between compute. I think this combination of workload awareness and programmable infrastructure will make a big difference in the future. instead of handcrafting them. SDE also prevents a vendor lock-in because you can move between infrastructures much more easily. and so on. The applications actually run faster because of the integration with the infrastructure. And so what we really see is that the line between the infrastructure and the application is starting to blur. Today. your control layer can automatically react if an incident happens. You can do it in a hoster. or governance considerations you might keep it on premise.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® ise. scale out. Therefore.” For your application XYZ this is the right thing to do. let’s say in 2020. you will M AY 2 0 14 detect it. a big cluster of machines. including the topology and the network’s setup and so on. latency considerations. that you might have on premise. For example. maybe fair isn’t the right answer in all cases. And it will provision more or it will ask for the infrastructure proactively to do something. just as we see the line between development and quality assurance (QA) and operations. OpenStack is a central element to this concept. Another example is if you have a lot of data on premise. but also your nonfunctional requirements. The customization you can do on premise isn’t really possible in the cloud. It is enabling the next level of agility—by having a programmable infrastructure. So. You still have systems that are technically built out of very large systems. The scale out happens automatically by using the programmable infrastructure. SDE based on OpenStack to programmatically manage your infrastructure without having to manually configure it or go down to the device. Yousif: How do you envision cloud evolving going forward. because it nicely scale out and it’s written for that. along with more standardized integration. the same kind of cost structure. you can define thresholds. for example. Are we going to see more diversity in services? What about manageability? What about the degree of automation? Pappe: Software-defined environments (SDE) are the drivers for cloud automation. you monitor it. But what is more interesting is that the application might anticipate that it’s going to need more capacity. I believe that hybrid is the way we’re going to live in this space for a long time. For example. if my performance falls below some threshold. Well. We spend a lot of time trying to be fair. So all these lines are blurring together. These are the infrastructure benefits. That’s great because you can hide all the specifics from let’s say our many infrastructure vendors from your cloud automation. Edsall: 2020 is a long way off. and our strategy is very much aligned with OpenStack. These things would be painful to move to the cloud. The policy might say. for example in OpenStack HOT. What that means is you will be able to define your workload characteristics formally. with very little on premise. I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 43 M q M q M q MqM q THE WORLD’S NEWSSTAND® . if your performance falls below a certain threshold. anyway. It won’t be cost effective. or maybe there’s an advantage—I am thinking strictly from a networking perspective. but nobody has to do anything manually. SDE enables the abstraction from the infrastructure. and then you can trigger an automated policy. “if your performance of application XYZ goes down. and it’s implemented in pockets already. you don’t have to bother with your switch configuration in your network anymore. we might see performance improvements in those applications. And if the application could inform us of how its traffic should be treated. I think this will be big because it will let you automatically define the infrastructure requirements when you develop applications. use half a terabyte of memory. the infrastructure can react. Trying to move that to the cloud would be very painful at the moment. but it becomes even more interesting. Krebbers: I expect most software will be off-premise SaaS in 2020. We always treat all traffic equally. Others will probably stay on premise. an open source consortium for an SDN controller). and you’ll recover your service-level agreement (SLA) automatically. it makes your infrastructure programmable. What we don’t know now. like for performance and with that knowledge built into the application definition. networking. which I think will be an interesting area of technology development for the future. transactional workloads. You might see that on a dashboard. Some move to the cloud just fine. is when these applications will begin to directly interact with the infrastructure. which lets customers describe what they need from the infrastructure from the applications’ perspective.

I can walk to the machine. We might also see more attacks coming from the inside rather than from the outside. this changes. too. Pappe: You also see mixed-delivery models with mixed responsibilities between providers and users.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . you want your developers to be able to develop secure cloud applications with the respective APIs. because in my view. and application). you need to protect your cloud infrastructures. This can be a great opportunity for making cloud more compliant and more secure than in the past. in the spirit of DevOps. If you have a hybrid cloud—on-premise and off-premise deployment—you need to have full visibility across both deployments. agile types of applications. Now. On the SaaS level. So. You want to create a risk profile and see if offW W W. and controlling what’s going on is going to be important. and to be candid. and also raises a whole set of security opportunities. I think you’ll see more automation for load management. 44 I EEE CLO U D CO M P U T I N G However. is more visibility and understanding what’s going on. customers want control over the policies of who can do what. I want to differentiate between infrastructure platform and software. who can access their systems. You also want to protect them against fraud and application threats. With the emerging. when off premise. Yousif: Any insights on how security and privacy concerns will be dealt with in the next few years? Edsall: I think the cloud raises a new set of security concerns. So. even if it’s within a single enterprise’s IT shop. A common question from enterprise customers is. I think. Regularly. current monitoring in the cloud is basic—not as sophisticated as onpremise monitoring. When you go up to the PaaS level. The rate of change in these applications is high. the development teams are directly involved in operations. a provider manages the workload completely (OS. and meet the enterprise compliance objectives. On the infrastructure side. And they have to work with what they have on premise. runs in the cloud. Systems of engagement often need a lightweight. when on premise. Everything is an extension of what I have on premise. any insights beyond technology such as processes or governance? Pappe: When it comes to security. but it opens a whole new set of questions about security and how do I know that there is real separation? How can I be sure that someone isn’t looking at my data? Again. as they grow for example. That said. modular way of service management. I think we’ll see a huge movement in the area of big data analytics pertinent to security and understanding compliance. which lend themselves to different splits in roles and responsibilities between providers and users. I think applicationbased models for defining the behavior of the infrastructure will be an integral part of the tools used to develop applications such as Cloud Foundry. and so forth. I think recent events are causing a lot of people to ask about the security of their data on a public infrastructure. and especially a shared environment. and so on. We’ll face new challenges in that space. Yousif: Because security isn’t just a technology issue. the systems of engagement. securely deploy workloads. my system is beyond my security wall and I have no control. I know everything. legitimate questions are: Do you want visibility and assurances? Who’s accessing the data? Who’s doing configurations? Moreover. and therefore it has to augment in-house systems not just in terms of network and storage and the like but also in terms of management. you want to have complete visibility into the enterprise usage of SaaS—on premise and off premise. Khalidi: You hear me speak of governance and about who controls what. moving workloads around and so forth. The same applies for applications with legal restrictions. I think off-premise deployments. the cloud will be an extension of what they have. Today’s outsourcing model. is often all or nothing in terms of management. especially when business-critical applications need to comply with certain rules. do you need more visibility. the degree of monitoring that you see currently in the cloud. middleware. In this more traditional model. off-premise cloud needs to have monitoring similar to on-premise deployments. I do think that will happen way before 2020. provide a great economic advantage. switch. but the first part.CO M P U T ER . and associated tools and processes. you can clearly define what you would like from the infrastructure in terms of security as well as interaction of the application components in a way that’s comprehensive and not dependent on the physical infrastructure or where the applications are within that infrastructure. or are you satisfied with the current monitoring and reporting? Krebbers: The ability to see more.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q ROUNDTABLE THE WORLD’S NEWSSTAND® Yousif: In terms of manageability. On a note related to monitoring. With an application-based model. These applications often replace their underlying middleware. almost by definition you will not have the exact visibility you have when on premise. therefore they implement a continuous deployment model.

Nowadays. Edsall: I think that the challenge is—considering the services provided to you—how do you know that the service provider has its house in order? How do you guarantee their compliance. but we’ll likely need something because there will always be this trust split between service providers and customers. if you say. And my point is that. but only if you provide the types of service that will provide the type of hooks you need. “Okay. We still need to figure that out. you still need confidence that people operate against that base. you’re right. There are special companies for I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 45 M q M q M q MqM q THE WORLD’S NEWSSTAND® . So. Why should an off-premise service be different from an on-premise service if the same rules. Krebbers: Yes. don’t operate against that base. because certain companies will start offering certain types of services or certain types of compliance services that will start to add the hooks you’re talking about. because they can’t dedicate an auditor to each individual customer. you know who it is. hopefully you don’t have shared privileged IDs. Krebbers: We need new ways to find out. In many cases. for such reasons. is to recognize what makes sense to move to the cloud or to use the cloud to augment what you have on premise. on storing the most confidential data. I do believe there is room for differentiation as cloud providers might differentiate themselves on their level of transparency or level of security. The law says so. My state says so. You need to verify it. Actually. that the provider’s standards are as strict as your own or as you expect them to be? That’s a difficult problem. just reasons that the law says that this has to stay here. and the trick. You can go around the globe and you’ll find good reasons.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® premise deployments have similar or different risk profiles than on-premise deployments.” then you have a base on which to judge your security level. along with documentation of processes and those sorts of things. Service providers also need to find a way to satisfy their customer base. a general statement is difficult to make. Krebbers: I challenge in certain cases whether on premise is more secure than cloud (off premise). In principle. The main reasons aren’t technical. But. it’s hard to define what a firewall really is. even if you have agreed upon it. I see the shift happening now. but the point we made is farther along. “I know cloud provider XYZ’s policies. you’ll stay on premise. If it’s not published to the detail you need. you’ll need to add another type of hook to your environment. Therefore. internally and externally. although I think it raises questions around liability. then you can’t judge. and they publish them. again. which can be in the thousands. processM AY 2 0 14 es.” If there’s data you need to be very secure. Pappe: My statement is only that if you don’t know the policies. but even if you have the base. I don’t know what the best model is. on premise is as insecure as the cloud or as secure as the cloud. in Shell terms. Edsall: This can be an opportunity for a whole new industry. is the third-party auditor liable or is the provider liable or does it ultimately come back to the customer? Yousif: Too early to tell. There will still be reasons for keeping things within your control. On premise. so there will special companies for that. so if there’s a malicious insider. Khalidi: There has been a shift from a few years ago. If something goes wrong. and I’m fine with them. Countries say so. Krebbers: You need to create a base. The law is the law. do we need to architect additional capabilities in the platforms? Edsall: That will be a matter of gathering information and providing audit trails and having standards around what should be done. you can’t judge. Yousif: This could be along the lines of auditing performance benchmarks. and policies are applied? Often you don’t know the off-premise rules and policies. Yousif: For third-party independent consultants to do their jobs. Krebbers: I’m more careful of statements like on premise is more secure than off premise. when the notion of putting anything outside my firewall was a no-no. Pappe: Let me challenge you. And that’s not really open to debate as far as I’m concerned. Does your off-premise provider follow the same rule set? If not. We need independent parties to monitor services on customers’ behalf on an ongoing basis. Let’s take the example of the famous malicious insider. the probability that they’ll catch a malicious insider is much lower. but I fully focus. as well as you know your own policies. I’m using the word firewall figuratively. I think a lot of this will be worked out.

enabling interaction and preventing vendor lock in. as you move up the stack. and sometimes despite. you created a de facto standard. But the community also needs to allow that there can be differentiators for the individual companies. and service composition frameworks. for example. The question really is. Yousif: How do we get there? Edsall: There’s a lot happening in the open source community. But that would be different depending on whether you receive or produce the services. with OpenStack. So I believe you’re going to see a lot more standardization at the lower part of the stack. And that’s the trick the big companies need to learn. Krebbers: But the difference is in how you apply it. be part of the party. I believe you’ll see that very soon. to entice more consumers to use the clouds? W W W. open source. See how well-visited the OpenStack conferences have been recently. Edsall: Another industry that’s seen effective auditing is the finance community. much more than through standardization communities such as IEEE or IETF. Yousif: Another topic is economics. I think we’re beginning to see it now. open source is becoming dominant. audits of public companies by specialized firms. It’s quite interesting to see open source moving in many areas into the mainstream. So there has to be flexibility for innovation and differentiation. It’s happening. If you look at the whole analytics space. or we’ll see a suite of tools that will provide middleware that ensures interoperability. Microsoft Azure. and IBM PureSystems? Edsall: Either you’ll have direct interoperability. most cloud providers have well-defined RESTful interfaces to their services. it’s all about how you apply the software. Many. That’s how innovation is driven. Krebbers: I also agree. The open source community. Yousif: Let’s move to standardization and compliance. but not all. I think you’ll definitely be able to have workloads spread across all of those environments. In fact. I think this will be done through the open community. and standardized and regulated reporting. but how you applied it. how much can you expect to have common interfaces for things like application management? It becomes harder and harder to have standards further up the stack. And the big companies need to develop the ability to innovate with. And most of them have a way to get your data in and out quickly if you need it. From a supplier viewpoint.CO M P U T ER . ecosystems.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . it can’t be the same software. But they have to be done in such a way that service providers can differentiate among themselves.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q ROUNDTABLE THE WORLD’S NEWSSTAND® other types of services. Cloud Foundry is another candidate. More and more. Tom? Edsall: Because I think the whole industry is so fluid and there is such rapid rate of innovation that those standards committees aren’t agile enough and sometimes they get a bit too mired in politics. and they’ll start driving the hooks you were talking about. where there are general accounting principles. If you win the hearts of the developers. Pappe: I think there is a trend to marketplaces. Are we going to see different economic models. Pappe: This is also where the actions is. It’s cool to be there. maybe even be a committer. on the other hand. Khalidi: We already have a fair amount of commonality among different providers and systems in that the 46 I EEE CLO U D CO M P U T I N G Pappe: I agree with Tom on the needs. so there’s actually a fair amount of transparency to at least the big providers. where the “cool” developers are. I know that’s a little bit contentious. is all about delivering actual products. building blocks that we rely on are things like TCP/IP and SSL. Yousif: Are you going to see interoperability among major service providers such as Amazon Web Services (AWS). be influential. of the libraries and APIs are available in open source. It’s still early. Yousif: Why do you think so. One more thing. But not everybody is participating in all of them and we will some evolution and gravitation over time. companies need to participate in open source. Are we going to see interoperable cloud offerings during that timeframe with sufficient degree of standardization? Edsall: Absolutely. and I think that a fair amount of standardization of data access APIs is currently available. They’re tied together with open standards. OpenStack and ODL are a few examples. different consumption models from service providers versus what the customers and consumers are asking for. There are technical arguments for it being too early for standardization.

They become more agile and they can differentiate themselves better from the competition. For example. you had to build it yourself using components designed for a different kind of infrastructure. primarily because M AY 2 0 14 of recent US National Security Agency (NSA) revelations. whether they want to have the cloud on premise or off. or maybe they’ll provide content to their customers that you can’t get anywhere else. Until just recently. As the infrastructure community reacts to what’s happening in the cloud space. they’ll provide different levels of security or compliance. if you wanted a private cloud. or audit capability. Certainly. When you give them a global computer infrastructure with rich services and go all the way up to SaaS services and unshackle them from the mundane aspects of putting in the data centers doing mundane work. Now we’re seeing production in the cloud. That certainly will happen quite a lot if you’re going on premise. and adoption? Do you think enterprises will have full faith in the cloud by that timeframe. I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 47 M q M q M q MqM q THE WORLD’S NEWSSTAND® . Yousif: What does that mean? Pappe: I mean. A cloud delivery model is essential for such a process to work. but that’s going to change. There’s a whole decision process they’re going through right now. That will be mostly driven by economics. those economics are changing. ‘If I’m going to use cloud. but. that user experiences will be always positive? Are we going to see additional use cases that will be defined? Edsall: Certainly not everyone is using cloud yet. not production. Netflix’s entire business model is based on the cloud. using clouds to provide industryspecific applications and value adds. Yousif: What about cloud use cases. new applications. Pappe: Let me put a different spin on it. The adoption of cloud is occurring across the industry. despite the existing sensitivities about security and privacy? Edsall: I agree with Stefan. Netflix wrote its own open source platform on top of an infrastructure cloud service. The cloud model is the underlying principle of such a DevOps model. because they derive business value out of it. Khalidi: A few years back. I’m surprised at what people are coming up with. it changes how we think about applications and how they interact with the infrastructure. regardless of whether the cloud runs on or off premise. Take Netflix. so turnaround times are fast. We’re seeing a transformation in how we develop and deploy applications. By cloud. most enterprises don’t have a cloud. There is also the question. I might be developing policies in parallel with my application development. Netflix’s platform is an industry solution which is a large differentiator for them and their business model. I predict we’ll see a combination of more lift and shift. more extension. So maybe I can build my own cloud economically. to industry transformations. Everybody’s moving to cloud. importantly. There are a lot of considerations for a company when they adopt a cloud strategy and as we were saying about the DevOps lifecycle of an application. adding value to what you have. In the next few years. which wouldn’t be possible without cloud. Yousif: Are you saying that adoption will increase quite quickly. Now we’re starting to see products designed for the cloud. I might therefore evaluate the on-premise versus offpremise decision a bit differently. and that’s more than infrastructure services. and developing my QA as I’m deploying these applications and iterating on this rapidly. will it be on-premise or off-premise?’ I recently had some feedback that companies are pulling back a little bit from off premise. In fact. We’re also seeing new application mixes in the cloud. Netflix wouldn’t be there without cloud. The ability to execute that is a huge value for our enterprise and our clients. I’m not as strict as Johan in terms of cloud vis-à-vis on premise. Frankly. As I said earlier. Say some developers are writing an application using the DevOps method. Pappe: I see a trend from the pure lowering of IT cost—a trend shifting the value to industry solutions. I mean both on and off premise. people are actually coming up with very interesting applications. experiences. there’s a lot happening on premise. if I was running one of these networks. They’re developing their cloud strategies. This is related to concerns about who is really looking at my data when it is off premise. importantly. I would be doing everything I could to attract more customers and trying every economic model I could think of.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® Edsall: That will be part of how providers differentiate themselves. You’ll see more and more services running in the cloud that are extending what you have on premise and. for example. The process is driven by continuous delivery. it was testing and development. They’re experimenting with it and clearly there are exceptions. The future drivers of cloud are new business models and platforms enabling those which wouldn’t work without a cloud.

memory management. I don’t know what changes first—the organization. and infrastructure. Khalidi is currently concentrating on Azure networking. and a cofounder of Insieme Networks. He has been awarded more than 70 patents in the networking industry. which includes a new line of Nexus 9000 switches that form an application-aware switching fabric along with a centralized controller that manages both virtual and physical network infrastructures. In fact. including network virtualization. As they go into even the on premise clouds.  Stefan Pappe is an IBM Fellow and vice president for Cloud Architecture in IBM’s Global Technology Services.CO M P U T ER . see page 7. Yousef A. the tool sets. He has worked on and published papers in several areas. distributed systems. do you see in that timeframe cloud services delivered by few 800-pound gorilla providers or a large number of small cloud providers. those boundaries probably don’t make as much sense. As Group IT architect he is responsible for the IT architecture across the entire group.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q ROUNDTABLE THE WORLD’S NEWSSTAND® OUR PANELISTS Tom Edsall is the chief technology officer of Cisco’s Insieme Business Unit. including the IBM Cloud Computing Reference Architecture. For his full bio. Johan Krebbers is the Shell Group IT architect and the lead architect for Shell’s Projects & Technology Business. Edsall has led the development of the applicationcentric infrastructure (ACI). a networking organization. including business. Microsoft’s large-scale cloud system. networking. and hybrid networks. Krebbers is currently based in the Netherlands. and a storage organization.  At Insieme (recently spun back into Cisco). He holds more than 40 patents in these areas. Mazin Yousif is the EIC of IEEE Cloud Computing. and a PhD in Computer Science from University of Kaiserslautern. softwaredefined networks. a Cisco Fellow. Edsall has an MS in electrical engineering from Stanford University. Khalidi has a PhD in information and computer science from the Georgia Institute of Technology. Yousif: On a related topic. data. quite often how you organize your tools and develop applications and how you structure your organization all tend to mirror one another. working on Windows Azure. Stefan spent most of the 25 years of his IBM career fueling the services business through technical advancements and assetbased innovation. applications. Germany.000 users in more than 130 countries. In this capacity he oversees the architecture and design of cloud offerings and client solutions. Previous position include infrastructure architect in Shell’s Exploration and Production business unit and architecture and development manager for the Shell Group Infrastructure Desktop (GID) project. which rolled out the same desktop infrastructure to 130. Germany.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . cloud systems. Pappe received a Master degree in Economics from University of Karlsruhe. 48 I EEE CLO U D CO M P U T I N G moving from a lot of handcrafted scripts and configurations that are somewhat fragile and static to a process that’s much more automated and more software driven. and computer architecture. Khalidi is a distinguished engineer at Microsoft. It’s starting to erode traditional organizational boundaries. a comprehensive technical blueprint guiding cloud design and delivery. And lastly. Most enterprises have a compute organization. or the applications—but they all change together. each delivering specialized cloud services? Pappe: There might be a consolidation of infraW W W. He is an author of several patents and technical papers. including operating systems. organizations’ skillsets will change.

Having said that. and integrating it with their own systems to provide their services. You’ll see them taking the open source. When there’s a critical mass in the open source community. Hadoop is a great engine. We see that using open source can be a key differentiator for us and so we feed in on the open source movement around our ACI (Application Centric Infrastructure) architecture. which leads to some consolidation. you get more specialization. Certain technologies are useful for building largerscale systems for synchronization. Edsall: I agree completely. my gosh. platforms.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® structure providers because of the need for large investments and continued optimization of operations down to the tenth of a penny and even smaller. I hope that everything we talked about happens within the next couple of years. augmented with technology providers and on-premise technologies that cater to local governance issues. Yousif: Anything else you want to address here that we haven’t touched on? Yousif: We touched on the role of open source. but we see that with almost everything that happens on the Internet. but it’s still Lego blocks. again. tions and maybe even more standardization than many standard organizations. I think we might see consolidation on the infrastructure side.” so the good news. For an IT person like me. I really believe they’ll embrace this technology. while differentiating with our own value adds and eco systems. Actually. I am not an economist. “Oh. not just at datacenters and servers. it will favor large scale. And the rate of innovation is hard for private companies to match. I would like you to summarize your thoughts about it. The race to zero will be by the big guys and everybody else is going to try to figure out how to inject value so they don’t have to race to zero. I think everybody supports them at the moment. but they fuel innovations on all levels. injecting their own value into it. much takes place as we speak. That is the key ingredient of the future cloud. but this pattern will result in fewer providers. I think that all of what we’re talking about can happen in the next three years. You might have Ruby-on-rails. If you ask for a prediction for six years out. I think we’re all making it up. it’s one of the most exciting times in my lifetime. Khalidi: Given that building a cloud requires capital-intensive businesses. So. we will see the number of service offerings exploding. Khalidi: Open source has an important role. there are regulations. often they get acquired by somebody. innovations. we can end up with a handful of large public global cloud providers. Our entire product strategy is based open standards and open source at IBM. by creating de-facto standards. relatively low-level stuff. which wouldn’t be possible without a cloud. There are geopolitical considerations that will make this more than a pure economical argument. industry solutions. Edsall: That’s also true for Cisco. We’re seeing a lot of SaaS and PaaS providers with exceptional innovations. including new industry models. data replication. configure this. Edsall: The only thing I can say is that 2020 is six years away. As you move up the stack you get specialization. very quickly. in my opinion. but to build solutions. Edsall: I definitely think you are going to see service providers trying to use open source. so you can do some website type of stuff. Do this and this and that. Of course we’re going to see a mix. There’s a lot of activity in open source for all technologies. meaning many providers. Supporting open source is essential. and so forth. So as you move up the stack. You’ll always see vendors that do special functions. New enterprises are coming up. which in my opinion says you still need either on-premise private clouds or specialized vendors that are within some domains. and they’re very much in the mix. You have to compose things. is that there are a lot of building blocks available. a lot of plumbing is still needed. which we evolve and make operationally robust and efficient. What I see missing is an infrastructure to make it easy to build cloud applications. allowing for choices. Pappe: The open source community drives innova- Yousif: Thank you all. it moves very. It lets us offer an open environment to clients with no vendor lock-in. be it open source or otherwise. caching. Just pick up that piece of code and you can say. We really don’t know and that’s so far in the future in this industry. M AY 2 0 14 I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 49 M q M q M q MqM q THE WORLD’S NEWSSTAND® . because of the exciting transformation we talked about and the fact that we are in the middle of it forming our future. But at the higher level of the stack. middleware. Of course. and there’s a large likelihood to it. but also at the global network level. Pappe: I agree with Tom.

I describe some of the practical aspects and nuances of the current cloud standards landscape. For reasons detailed here and in that column. In the fi rst article in the “StandardsNow” series. at its most basic level. Such inconsistencies led to server-side developers spending a great deal of time and effort to deal with them. or weaknesses. an even more important consideration now stems from the manner in which hypermedia and Web APIs are being designed and integrated deeply into business processes for essentially all new software. we could sweep up a broad range of human intellectual effort. and everyone working with us to financial ruin. The corresponding need for consistency and reproducibility in the associated frameworks and standards is very high. developing. Like all the other editorial sections of the magazine. but also the process through which they’re developed. An inconsistent Web browsing experience between products is no longer the most unpleasant thing we might expect from inconsistent HTTP frameworks. Although this problem still occurs. and many of the introductory editorials already mention such topics. on their analysis I EEE CLO U D CO M P U T I N G P U B L I SH ED BY T H E I EEE CO M P U T ER S O CI E T Y 2325. Although other areas might touch on standards from time to time. which appears elsewhere in this issue. Texas Tech University IEEE Cloud Computing aims to publish articles that describe not only cloud-specific standards seeing use.6095/14/$31 . we want to recruit well-written. catastrophic security vulnerabilities. and recognizing standards in general is intrinsically a community activity. It might be possible to define what constitutes a standard. 50 defect in a cryptographic standard might expose you.” and in such a definition.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® STANDARDS AND COMPLIANCE Setting Cloud Standards in a New World Alan Sill. as “anything agreed to by more than one party. there is and has always been a wide variety of community time and effort expended to define and codify the framework and details of our work. succinct articles from leading projects and experts that illuminate our readers about the topic at hand. articles in this part of the magazine will focus in detail on the development process used to create cloud computing standards. me.0 0 © 2014 IEEE Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . This great range of activity continues to this day. Cloud Computing magazine welcomes articles covering standards and compliance. The ongoing process of defining. the area of standards for cloud computing is now mature enough to merit coverage in IEEE Cloud Computing on an ongoing basis. clear. In the IT field.

but also the process through which they’re developed to the point that they can see the light of day. or refine cooperative standards and specification sets into new levels. r standards structured for particular branches of service-oriented architectures (SOAs). This is true of any field. meaning you. For this reason. taxonomy. to identify what’s of interest. standards that are experiencing substantial uptake are the best ones to document. and platform as a service (PaaS). to much more elaborate specification-oriented document production methods that aren’t tied to any one particular software product. r use cases and requirements. and these methods differ substantially between various organizations developing standards. I’ll also make space available for short tutorials or relevant and revealing use-case examples. but it can simultaneously improve interoperability and promote innovation in a given cloud project or product. explain. What about standards adoption? We shouldn’t miss the opportunity to engage in this topic directly. I explore this topic in more detail in the “StandardsNow” column. many of these protocols and specifications have been under continuous development for several years. and definitions. I’m also interested in articles that describe cooperative work across multiple standards-developing organizations. so the magazine aims to collect the most coherent explanations available and expand on them wherever possible. such as infrastructure as a service (IaaS). it’s nonetheless true that there are many ways for such communication to take place. leading to an increasing state of maturity that makes it possible and practical to take on such an effort. software as a service (SaaS). defi nitely. standards in the cloud computing world aren’t new at all. and give a forum for describing not only the standards that are seeing use. in brief. I’ll be relying on the community. but there’s room also to put promising new efforts into the spotlight to provide exposure and possibly improve their uptake. promote cooperation. This approach not only works best. Although this much almost goes without saying. You might not know about such efforts yet. and M AY 2 0 14 r benchmarking for performance and functionality. as long as they’re focused on creating a successful standards-based framework for cloud computing innovation. r proofs of principle. they vary so much that there’s often little resemblance among them from one organization to the next. Topics of Interest Are there really established and emerging standards in the new world of cloud computing? Yes. especially work that combines efforts to reduce duplication. The process through which standards are developed and studied is obscure to most people and even to a large fraction of experienced developers in this field. Articles that document adoption efforts for both established and emerging standards sets are welcome here. if these examples are general in nature and illustrate the solution provided by the standard being described. and possibly the ones that least need documentation. “standardize at the interfaces to enable innovation between the boundaries” of a process or workflow. Because standards are in fact a communal activity. Of course. (Disclosure: I work a lot with organizations that are in the latter category. r test infrastructures. In fact. even if they’re familiar with the resulting specifications. r ontology. which range from completely open processes designed to develop working software for a given project. As we’ll see. and in the case of the Open Grid Forum. and on their practical use to solve real-world problems. the standardization process works best when there are multiple coordinated avenues for close.) I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 51 M q M q M q MqM q THE WORLD’S NEWSSTAND® . Contributions can be historical or modern in approach. iterative communication between people working on the documents comprising the standards and those using them in the field. it will be interesting to the community to document and describe the procedures used by the various organizations. In my experience. Improving Interoperability and Promoting Innovation It must be acknowledged at the outset that not all parts of the cloud computing world are or will be amenable to treatment by standards. but for the moment let me just say that there are already successful cloud standards. and it’s even possible to understand where they’ll work best. This effort will aim to study. r standards intended to cut across or bridge SOA levels. a specification can’t even be promoted to the highest recommendation level without documented evidence of more than one successful implementation in the field as well as significant uptake.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® and description. Specific topics to be targeted include r architectural efforts. document.

Although OCCI was initially applied to IaaS control and communication. Consider the Open Cloud Computing Interface as an example. as mentioned in my “StandardsNow” column. including machine images and associated metadata needed to deploy. but any thought directed toward how they can be used to accomplish different parts of a given task can be fruitful. and has an extensible design that allows discovery of service aspects at any level of the URI for accessing those services.5 We can use these standards to orchestrate workflows requiring coordination among multiple machine instances. need your help identifying areas in which a substantial discussion on cloud standards is now possible. Too often.4 The implementation of such metadata to carry out detailed machine control once such images are running wouldn’t be covered under OVF.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . such as the Topology and Orchestration Specification for Cloud Applications (TOSCA). again.) Explaining the relationship between these standards. This is true of many other aspects of IT development. value. there are other standards either already existing or in process that are designed specifically to help with such coordination.CO M P U T ER .1–3 It was designed as a general boundary-layer protocol to allow RESTful control and communication across that boundary. the Open Virtualization Format (OVF) is a packaging standard designed to improve the portability and deployment of virtual appliances. there’s the question of whether the architecture and landscape of cloud computing applications is sufficiently settled to identify all areas in which the application of standards-based approaches is even sensible. jargon associated with the standards-development process can and does exhaust the patience of many participants in the cloud computing world. specifications that are specifically written for particular cloud tasks will have features that are customized to make your life easier when handling the characteristic details of those tasks. that not all aspects of the field have yet been covered by sufficiently mature standards. For example. and expected interdependency of such standards for the benefit of the educated reader. often with greater specialization to the task at hand. can apply equally well to PaaS and SaaS applications. Leaving aside the question of uptake. and that often people need to encounter this topic multiple times before it even begins to make sense to them. W W W. but that go beyond such details to explain the motivation. is actually not that new). Not all of these standards fit together. start. it’s intended to be general in nature and. as should be obvious to even casual observers of the cloud computing scene. and many of them have been designed independently. To be successful. as well as mix-ins to allow customization of service descriptions and interactions. usage scenarios.) OCCI was one of the first standards to be deployed in the area of infrastructure services control.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® STANDARDS AND COMPLIANCE Road to Adoption I understand that the topic of standards might not be everyone’s cup of tea. so I appeal to you to write topical. is the ongoing goal of this area of the magazine. the IaaS level of SOA. articles must go beyond normal levels of clarity and readability. lively (but not too argumentative!) articles that will truly illuminate the subject under discussion. (This explanation anticipates a longer discussion to be published in an upcoming issue. 52 I EEE CLO U D CO M P U T I N G but would require an IaaS control standard. It’s also true. with its flexible format. which is specifically designed to perform such tasks. clear articles that not only capture the technical details of a standard set or specification. or even whether they can in fact be used together within a given piece of cloud software. either OCCI or a standard such as the Cloud Infrastructure Management Interface (CIMI). which will be discussed in detail when we get to each standard. For this purpose. Not all of these standards fit together. (This isn’t unusual: often many successful software products are also designed independently. This characteristic makes it especially important to recruit good. Other standards have also been developed to tackle particular aspects of cloud computing interfaces for specific tasks. using communication flows that are possible within the information that they’re designed to convey. especially in the new world of cloud computing (which. and many of them have been designed independently.6 Although it might be possible to handle such workflow coordination on your own or through a general standard. and manage them.

1.0. D.M q M q M q MqM q Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page THE WORLD’S NEWSSTAND® If you can produce a coherent.1. VP. www.org/ documents/GFD. 20036-4928 Phone:  . http://docs. Past President: David Alan Grier. Educational Activities: Phillip Laplante. 21 June 2011. Bader. and others interested in the computer field.184.org/ tosca/TOSCA/v1. Open Grid Forum.0-os. IEEE.: 2001 L St. Hakan Erdogmus. 3 Jan. Christina M. Milojicic President-Elect: Thomas M. Sill has a PhD in particle physics from American University. Information Technology & Services: Ray Kahn. He’s an active member of the Distributed Management Task Force. Products & Services: Evan Butterfield. Open Cloud Computing Interface—Core. Ebert. Ste. Professional Activities: Donald F. Pierre Bourque.org. DSP0243. Cloud Infrastructure Management Interface (CIMI) Model and RESTful HTTP-based Protocol. Nov. ___________________________ ALAN SILL is an adjunct professor of physics and senior scientist at the High Performance Computing Center and directs the US National Science Foundation Center for Cloud and Autonomic Computing at Texas Tech University. Walrad. www. Sales & Marketing: Chris Jensen COMPUTER SOCIETY OFFICES Washington. 7 Apr. Governance: Anne Marie Kelly.sill@standards-now.0. v2. GFD. Topology and Orchestration Specification for Cloud Applications. Open Virtualization Format. 2011 (updated 21 June 2011). Contact him at __________________ alan. Publications: Jean-Luc Gaudiot.org. 6. He also serves as the vice president of standards for the Open Grid Forum and cochair of the US National Institute of Standards and Technology’s “Standards Acceleration to Jumpstart Adoption of Cloud Computing” working group. Rob Reilly. Jean-Luc Gaudiot.ogf. NJ.ogf. On behalf of all of the editors of the magazine. Walz BOARD OF GOVERNORS Term Expiring 2014: Jose Ignacio Castillo Velazquez. 2013. Director. GFD.184. D. 2014.. VP.pdf. Treasurer: Charlene (“Chuck”) J. Conte.C.1. Arnold N. 4.0. Technical & Conference Activities: Cecilia Metra. COMPUTER SOCIETY WEBSITE: www. Shafer. readable account of recent work in this area. Membership is open to all IEEE members. 2014 IEEE Director & Delegate Division VIII: Roger U. Pears Term Expiring 2015: Ann DeMarle. v1. USA EXECUTIVE COMMITTEE President: Dejan S. New Brunswick. Open Cloud Computing Interface—Infrastructure. www. Schober M AY 2 0 14 Executive Director: Angela R. Burd. Finance & Accounting: John Miller.ogf. Open Cloud Computing Interface—HTTP Restful Rendering. DSP0263. Member & Geographic Activities: Elizabeth L. www. David S. affiliate society members.183. VP.pdf.185. For purposes of this area of IEEE Cloud Computing. Jill I. we look forward to your submissions.C. ________________ 3. 25 Oct. Distributed Management Task Force.185. Washington. 7 Apr.computer. you can reach me at ___________________ alan. 700. 2011 (updated 21 June 2011). Ebert. Director. (Kathy) Land. 2014 IEEE Director & Delegate Division V: Susan K. Director. and opportunities to serve (all activities are led by volunteer members).html. 2014. Dennis Frailey. GFD.183. TOSCA 1. References 1. Burgess.dmtf. Nita Patel. Secretary: David S.sill@standards-now. Hironori Kasahara. Moore. Distrib- uted Management Task Force. Director. Open Grid Forum. TM Forum. v1.org/documents/ GFD. Diomidis Spinellis.org Next Board Meeting: 16–17 Nov. Gargi Keeni. Fabrizio Lombardi. VP. Phillip Laplante.org/documents/GFD. and other cloud standards working groups. VP. Fujii. MEMBERSHIP: Members receive the monthly magazine Computer. Open Grid Forum. and has served either directly or as liaison for the Open Grid Forum on several national and international standards roadmap committees.org/standards/ovf. v1.dmtf.1.0/os/TOSCA-v1. EXECUTIVE STAFF PURPOSE: The IEEE Computer Society is the world’s largest association of computing professionals and is the leading provider of technical information in the field. Membership Development: Eric Berkowitz. Associate Executive Director & Director. 2013.oasis-open. Organization for the Advancement of Structured Information Standards (OASIS). discounts. www. Gostin. Stefano Zanero Term Expriring 2016: David A. Atsuhiro Goto. Director.org/standards/cmwg. 2014 IEEE Director-Elect & Delegate Division VIII: John W. 5. I’d like to hear from you. Cecilia Metra.pdf. VP. _________ 2. Standards Activities: James W.

ofc@computer.org ___________ Los Alamitos: 10662 Los Vaqueros Circle. CA 90720 Phone:   .  GFax: +1 202 728 9614 Email: hq. Los Alamitos.

org __________ Asia/Pacific: Watanabe Building.. Tokyo   .org __________ MEMBERSHIP & PUBLICATION ORDERS Phone:    GFax:     GEmail: help@computer. GEmail: help@computer. Minato-ku..9G$3:90 . 1-4-2 Minami-Aoyama.

.

.

GFax: .

.

.

.

Technical Activities: Jacek M. Standards Association: Karen Bartleson. Past President$0?0=*&?.0. Director & VP. Roberto de Marca. Director & President.60=. Publication Services and Products: Gianluca Setti. Secretary: Marko Delimar.ofc@computer. Educational Activities: Saurabh Sinha. President-Elect: Howard E.org _____________ IEEE BOARD OF DIRECTORS President: J. Director & VP. Director & VP. Fujii revised 23 May 2014 I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 53 M q M q M q MqM q THE WORLD’S NEWSSTAND® . Director & Delegate Division VIII: Roger U. IEEE-USA: Gary L. Director & Delegate Division V: Susan K. Ford. Director & President. Michel. (Kathy) Land. Blank. Membership and Geographic Activities: Ralph M. Barr.G Email: tokyo. Director & VP. Treasurer: John T. Zurada.

and the Massachusetts Institute of Technology demonstrated leakage attacks against Amazon’s Elastic Compute Cloud (EC2) virtual machines (VMs).Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® CLOUD SECURITY AND PRIVACY Security and Privacy in Cloud Computing Zahir Tari.1 More specifically. and flexible pricing. In response to such concerns. San Diego. Furthermore. storage. opportunities. uniform management. RMIT University Significant research and development efforts in both industry and academia aim to improve the cloud’s security and privacy. can significantly hinder user acceptance of cloud-based services. researchers from the University of California. The author discusses related challenges. in 2009. and communication infrastructures and services. Identifying New Threats and Vulnerabilities An essential task in cloud security and privacy research is to identify new threats and vulnerabilities that are specific to cloud platforms and services. such as sharing and consolidation. an attacker can launch a malicious EC2 instance and then determine whether that instance is physically colocated with a targeted (victim) instance. However. significant research and development efforts in both industry and 54 I EEE CLO U D CO M P U T I N G P U B L I SH ED BY T H E I EEE CO M P U T ER S O CI E T Y academia have sought to improve the cloud’s security and privacy. the features that bring such benefits. and solutions. the researchers showed that it’s possible to probe and infer the overall placement of VMs in the EC2 infrastructure. with the purpose of stimulating more in-depth and extensive discussion on related problems in upcoming issues of this magazine. also introduce potential security and privacy problems. benefits include on-demand capacity. and cost-effective operation. For example. the cloud is being increasingly patronized by both organizations and individuals.0 0 © 2014 IEEE Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . he cloud has fundamentally changed the landscape of computing. low cost of ownership. Here I give a quick (and incomplete) overview of new challenges. and causing disclosure of confidential information. and solutions in this area. Recent surveys support this observation. opportunities. Several recent reports have explored such vulnerabilities. cloud computing’s main benefits include resource consolidation.6095/14/$31 . Security and privacy issues resulting from the illegal and unethical use of information. With strong interest and investment from industry and government. From the cloud provider’s perspective. for the cloud user. indicating that security and privacy concerns prevent many customers from adopting cloud computing services and platforms. When the attacker’s instance is successfully colocated with the 2325.

naming. A client that outsources a computation job must verify the correctness of the result returned from the cloud.4 This solution doesn’t require modifying the underlying hypervisor or cloud platform. However. disabling. without incurring significant overhead at its local infrastructure—the extreme being to execute the job locally. we need more generic. allowing them to attack each other. The uniformity is reflected by the cloud provider’s consistent installation. such as a datacenter network. researchers from the College of William and Mary reported that side-channel attacks aren’t just a potential risk. Encouragingly. and firewall policy enforcement. Hence. Researchers have proposed several solutions to defend against cross-VM side-channel attacks. flushes) so the collocated attack VM can’t infer cache access patterns. In this self-defensive approach. the cloud provider doesn’t provide a desirable level of isolation and protection between tenants in the cloud. With the rapid advances in software-defi ned networking (SDN).3 They created a covert channel via another shared resource (the memory bus) that had a level of reliability and throughput of more than 100 bps in both lab and EC2 environments.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® victim. Protecting Virtual Infrastructures Virtual infrastructures are infrastructure-level (virtual) entities. M AY 2 0 14 either by the underlying hypervisor or by the more privileged management domain (for example. In the examples. or tampering with it. the SDN paradigm raises security issues. Protecting Outsourced Computation and Services Many organizations have been increasingly outsourcing services and computation jobs to the cloud. the target VM’s guest operating system injects cache access noise (that is. To defend against memory bus-based side channels. it can launch a side-channel attack by monitoring the status of shared physical resources such as level-1 and level-2 caches. which would nullify the benefit of outsourced job execution. a virtualizationbased malware-monitoring and detection system. the cloud provider isn’t trusted because of its resource sharing and VM consolidation practices. and thus infer the victim’s computation and I/O activities. configuration. such as VMs and virtual networks. and scalable. Malware targeting a tenant VM—at either the user or kernel level—can be detected and prevented using such an “out-of-the-box” antimalware service. a group of in-cloud antivirus engines analyzes suspicious fi les submitted by agents running in client machines (including VMs) and collectively detects malware in them. In CloudAV. incurring excessive workload and resource consumption to both the control and the data plane. a simple and practical approach is to prevent a VM from locking the memory bus and let the hypervisor emulate the execution of atomic instructions that would otherwise require memory bus locking. These risks represent a small subset of known cloud-specific vulnerabilities and threats.2 In another study. a production-quality system that reflects the antivirus-as-a-service idea. they motivate us to think further about new adversary models. SDN decouples the control and data-forwarding functions of a physical networked infrastructure. aims to disrupt cache-based side channels. Düppel. Such verifiability is important to achieving cloud service trustworthiness and hence has become a topic of active research. which would support virtual infrastructure hosting in the cloud. The cloud presents a new opportunity to defend against these attacks. preventing the malware from detecting. Researchers have reported that it’s possible to launch attacks against the SDN architecture. scalable solutions that make the SDN architecture secure. and update of antimalware services for all hosted tenants. the antimalware software is out of the malware’s reach. The SDN control plane performs control functions such as routing.7 This way. moves commodity. Domain 0 of Xen).8 Although researchers are developing defenses against such attacks. Side-channel attacks target these virtual infrastructures. researchers have in recent years developed I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 55 M q M q M q MqM q THE WORLD’S NEWSSTAND® . However. and the SDN data plane follows the control plane’s decisions to forward packets belonging to different flows. A networked virtual infrastructure can consist of multiple VMs connected by a virtual network.6 VMwatcher. Such decoupling makes it easy to optimize the control and data planes without them affecting each other.5 Other attacks against virtual infrastructures include malware attacks against tenant VMs. off-the-shelf antimalware software from the inside to the outside of each tenant VM. created in the cloud on behalf of users. for example. A follow-up study showed that it’s possible to extract private keys via the cross-VM side channel in a lab environment. the cloud provides a uniform and tamper-resistant platform to deploy system monitoring and antimalware functions. but a realistic threat. More specifically. trust relations. It’s tamper resistant because monitoring and detection of malware attacks can be performed from outside the hosted VMs. the cloud increasingly supports such networked virtual infrastructures. robust. and risk factors relative to cloud computing stakeholders.

scalable. The challenge is to secure the storage and access to this data to preserve its integrity.12 In fact. in addition to end points (that is. researchers reported a breakthrough in achieving both practical and theoretically sound ORAM.11 Such data will remain encrypted and hence maintain its confidentiality to the cloud provider. Fortunately. Call for Contributions The magazine welcomes articles that discuss new challenges. collaborating on. The cloud user will perform data decryption locally once the encrypted data is returned from the cloud as application output. authenticity.CO M P U T ER . such a requirement can limit the usability of (encrypted) data when a cloud application processes it. such as electronic health records and sensor data. Given emerging trends in big data. more research has focused on cloud-based big data applications. the cloud provider shouldn’t be able to see unencrypted or decrypted sensitive data during the data’s residence in the cloud. and solutions in the area W W W.) However. enriching the cloud ecosystem. As a result. Path ORAM has been implemented as part of a processor prototype called Phantom. firewall policy enforcement. In addition to computation outsourcing. weakening the data’s confidentiality. VMs). is elegant by design and efficient in practice. the access patterns exhibited by the corresponding applications can reveal sensitive 56 I EEE CLO U D CO M P U T I N G information about the nature of the original data.16 More recently.10 They also proposed a framework for verifiable network function outsourcing (vNFO) that aims to achieve verifiability. observed that many cloud applications can process encrypted data without affecting the correctness of the data execution. These researchers proposed Silverline. researchers have proposed solutions for increasing accountability and secure access to cloud-based health data.15 as well as robust cryptographic access control methods to increase the storage security of privacy-sensitive big data. Many consider the cloud to be the most promising platform for hosting.” To protect user data in the cloud. Smitha Sundareswaran and his colleagues.12 The solution.9 It achieves theoretically sound verifiability of computation for realistic cloud applications. and sharing big data.14 The advent of many types of big data. For example. which identifies data that the application can properly process in encrypted form. For example. and nonrepudiation while facilitating availability. the cloud can support network service/function outsourcing. confidentiality.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® CLOUD SECURITY AND PRIVACY techniques and real systems to bring the vision of a “verifiable cloud service” closer to reality. even if the application data is encrypted. opportunities. proposed a decentralized accountability framework with logging capabilities using the programmable capabilities of Java Archive files. Recently. and accountability of outsourced network functions. in the cloud. Seyed Kaveh Fayazbakhsh and his colleagues noted that.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . a major challenge is to verify (at end points of network connections) that the “middle boxes” in the cloud correctly execute outsourced network functions with satisfactory performance. the Pantry system composes and outsources proof-based verifiable computation with untrusted storage. Recently. have spurred research on secure access and sharing with greater accountability. called Path ORAM. we need more research on efficient. homomorphic cryptography17) for secure cloud-based storage systems to facilitate secure distributed access. sensitive data should remain encrypted while in the cloud. in which the cloud is not fully trusted because of operator errors or software vulnerabilities. researchers have designed more advanced solutions (for example. efficiency. Guojun Wang and his colleagues proposed hierarchical attribute-based cryptography to facilitate secure access to users in large-scale cloud storage systems. Hence a challenge is to achieve confidentiality of data access patterns in the cloud—a problem called oblivious RAM (ORAM). transcoding. researchers at the University of California. and network-level intrusion detection. Such a framework will pave the way for deploying trusted network middle boxes. for example. similar to computation outsourcing. a key challenge is to guarantee the confidentiality of privacy-sensitive data while it’s stored and processed in the cloud. Example network functions include traffic filtering. In-cloud data confidentiality poses even greater challenges. Protecting User Data User data is another important cloud “citizen. Santa Barbara. (In other words. and accountable privacy-preserving mechanisms that can address application-specific requirements. This problem assumes a somewhat different trust model. Securing Big Data Storage and Access Control In the recent past. This is a significant step toward ultimate deployment of ORAM-enabled machines for sensitive data processing in the cloud. Interesting solutions to increase the accountability of data sharing have been proposed for cloudbased distributed systems.13 which achieves realistic performance for real-world applications. such as MapReduce jobs and simple MySQL queries.

311–324. Security (CCS 09). 7. Security (CCS 2013).Y. “Path ORAM: An Extremely Simple Oblivious RAM Protocol.L. 2. 4. Security (CCS 13). 2012. no.edu. fault tolerance and recovery. M. 4. 17th ACM Conf. ZAHIR TARI is a full professor of distributed systems at RMIT University. 299–310. 3. 556–568. vol. 11.” IEEE J. vol.” Proc. 2013. Xu. 165–166. His research interests include system performance (for example. 17. Z. Zhang and M. 2007. pp. Fayazbakhsh.C. “Ensuring Distributed Accountability for Data Sharing in the Cloud.K. 15. M AY 2 0 14 “Verifiable Network Function Outsourcing: Requirements. 125–141. 199–212.” Proc. 2013.” Proc. 24th ACM Symp. “Hierarchical Attribute-Based Encryption for Fine-Grained Access Control in Cloud Storage Services. Sekar. 735–737. Jiang. Reiter.” Proc. K. C. 25–30. Security (CCS 07). B.” IEEE Access. Zhang et al. 2010. Security (CCS 13). “Stealthy Malware Detection Through VMM-Based ‘Out-of-theBox’ Semantic View Reconstruction. 19th ACM Conf. and cloud computing) and system security (for example. S. “Verifying Computations with State. Wang. 6. Y. E. and X.org. Lin. Contact him at _______________ zahir. 18. Australia. Sundareswaran. new vulnerabilities and challenges.. “CloudAV: N-Version Antivirus in the Network Cloud. Xu. and M. “Hey. France. and forensics. vol. Stefanov et al. and D.N. J. T. Wu. Reiter. pp. I’d like to hear from practitioners about their lessons and experience in developing. Computer and Comm. Gu. Cooke. ACM Workshop Hot Topics in Middleboxes and Network Function Virtualization (HotMiddlebox 13).” Proc. Cloud Computing (SoCC 11). Zhang. 2013. 16. S. virtualization. Tong et al. 2. ACM Conf. “Cloud-Assisted Mobile-Access of Health Data with Privacy and Auditability. and new or even controversial ideas and visions. and V. 8. data management and analytics. Wang. 2013. 2009. Wu. Zhao. 14..computer. ACM Conf. 2012. 2008. 91–106. 2nd ACM Symp. Tari received a PhD in computer science from the University of Grenoble. Q. 2013. Enabling techniques include cryptography.. software-defined networking. Y.” Proc. ACM Conf. 419–429. Get Off of My Cloud: Exploring Information Leakage in ThirdParty Compute Clouds. Ristenpart et al. I also welcome reports from academia on cutting-edge research and development. Computer and Comm. “Cross-VM Side Channels and Their Use to Extract Private Keys. M. 2012. pp. deploying.. “PHANTOM: Practical Oblivious Computation in a Secure Processor.tari@rmit. and D. 13.P. Security (CCS 12). Xu. D. Maas et al. Varna. X. 2011. and communication..” Proc.” Proc. ACM Conf. Wu.”  IEEE Trans.” Proc. Operating Systems Principles (SOSP 13). article 10. P2P. Liu. Saltaformaggio. pp.” Proc. Lu. S.” Proc. Web servers. and F. B. 305–316. Kruegel. You. 10. and H. and J. Challenges. I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 57 M q M q M q MqM q THE WORLD’S NEWSSTAND® . 2014. Computer and Comm. In addition to serving on the IEEE Cloud Computing editorial board. 17th Usenix Security Symp. “ConfidentialityPreserving Image Search: A Comparative Study between Homomorphic Encryption and Distance-Preserving Randomization. W. ACM SIGCOMM Workshop Hot Topics in Software Defined Networking (HotSDN 13). Braun et al. articles that relate to data. Wang.” Proc.K. G. Security.. “Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud. pp. 2013. storage. “Düppel: Retrofitting Commodity Operating Systems to Mitigate Cache Side Channels in the Cloud. Selected CS articles and columns are also available for free at http://ComputingNow. 128–138.” Proc. E. pp.” Proc. and Roadmap. pp. Biomedical and Health Informatics. Y.. SCADA and cloud). Jahanian. he’s an associate editor of IEEE Transactions on Computers and IEEE Transactions on Parallel and Distributed Systems. “Silverline: Toward Data Confidentiality in Storage-Intensive Cloud Applications. Squicciarini. Puttaswamy. Oberheide. pp. 5. References 1. pp. no. Z.au. 2. pp. pp. Computer and Comm. 2013. computation. pp. 20th ACM Conf. and using cloud security and privacy solutions and services. Computer and Comm. Usenix Security Symp. 6th European Workshop on Systems Security (EuroSec 13). Shin and G. 9.. X. and B. A. 341–357.K.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® of cloud security and privacy—in particular. 12. Dependable and Secure Computing. Computer and Comm. Computer and Comm.  9. pp. 2014. “Attacking Software-Defined Networks: A First Feasibility Study. “BusMonitor: A Hypervisor-Based Solution for Memory Bus Covert Channels. A.

We plan to cover these paradigms in the “Cloud and Adjacent Technology Trends” area as well as provide a longterm futuristic vision of how the cloud will look and the new opportunities it will offer. Emerging paradigms and technologies will have a major impact on society and industry. and so on).Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® CLOUD AND ADJACENT TECHNOLOGY TRENDS Emerging Paradigms and Areas for Expansion Pascal Bouvry. from sequencing a family a few years ago. proteomics. Although the prices are dropping. to entire populations in the future. University of Luxembourg IEEE Cloud Computing seeks articles on emerging cloud and adjacent technologies and their impact on the perception and use of the cloud. making all resistance futile and assimilating all existing technologies and services. Instead. loud computing was born from the opportunity to open major distributed datacenters to end users to provide on-demand services.6095/14/$31 . the list is nonexhaustive.1 Consequently.2 At the same time. personalized medicine and social networks) or transversals (such as big data and the Internet of Things). tremendous amounts of data have become available. sensor-as-a-service. the size of the collected genomics data remains the same—roughly 0. extending the approach beyond existing borders—such as hardware-as-a-service (HaaS) and business-process-as-a-service (BPaaS)— to other areas and dimensions (robot-as-a-service. In the last decade. The new pay-per-use business model is so appealing that we’re entering an everything-as-aservice (EaaS) era. and I expect even more upcoming breakthroughs to revolutionize how we see things. and the costs will eventually drop even more. researchers gained access to “-omics”— experimental readouts of high dimensionality and volume. I’ll describe some potential major players. major I EEE CLO U D CO M P U T I N G P U B L I SH ED BY T H E I EEE CO M P U T ER S O CI E T Y 2325. With the number of sequences reaching hundreds. In this intro- With the development of new technologies in biomedicine.0 0 © 2014 IEEE Growth in Data Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . current networks can’t support their prompt transfer. and metabolomics. These paradigms and related technologies can be domain-driven (for example. the price of genetic sequencing (genomics) dropped from millions to thousands of US dollars per sequence. One reason is the great reduction of “-omics” costs. the scope of collected data keeps growing. ranging from infrastructure as a service (IaaS) to software as a service (SaaS). 58 ductory article. to cohorts today. By its nature. The cloud is like the Borg from Star Trek.3 terabytes per sequence. transcriptomics. such as genomics.

0 technologies and social networks present a tremendous amount of data that can’t be stored locally main reason for the current relatively restrictive use to be processed for key information. Newly developed models and techniques will processors are sold each year. Therefore. the pay-perimpact and shape the cloud’s future. in which tractor. trusting the subcontractor’s other hardware sharing needs. as passive components and network coding) are also expected to revolutionize the cloud’s core compo. groupings of uncorniques. or the “4 Vs.” Each dimension brings new challenges in terms of reon mobile computing create new quired models. Another biomedical domain observing a rapid other accelerators. large images. IEEE Cloud Computing will investigate all of related tasks. these data transfers occur in huge data the cloud. and technologies. However. includware/software border. which is somehow implicit when sharing alization. such as societal of the cloud for high-performance computing (HPC) resides in the lack of cloud offers featuring highor marketing studies. TNT. and so on) ship disks across the globe. the unit prices of the newest Standard subcontracting approaches involve a sergeneration of hardware components has dropped vice-level agreement (SLA) and trusting the subconlow enough to allow an HaaS approach.bag-of-tasks paradigm—that is. use paradigm and the cloud’s elasticity features are so attractive that users are willing to pay this extra Hardware Advances Some of the paradigm shifts. data is also tightly coupled with the emergence of the cloud.customers. and data-processing tech. such as CPUs using virtu. Indeed. chip and be required to parallelize the information transfer to board manufacturers continually announce new exploit the many paths connecting one point to an. which category of cloud services they can provide. UPS. DHL.6 ing the hypervisor and various device drivers.4 Big data and data analytics are among the biggest technology trends. will be re-explored and modules will help build chains of trusts and attract more customers to the cloud. HPC users challenges. veracity. is the Because of the mass market. M AY 2 0 14 I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 59 M q M q M q MqM q THE WORLD’S NEWSSTAND® . developed by the grid computing community. the 2. Cyberphysical systems develop quickly. Technology advances in this field that will incomputing and technologies like those developed for mobile computing (for example. and A key goal is to increase the security level and trust cloud computing will help further blur the hard.e. algorithms.generations of low-power chipsets and the coupling of such chipsets at the cache level with GPUs and other but also multipoint communications. the virtualization layer. From a broader bile computing create new opportunities to enrich perspective. and upcoming trends. Indeed. such Dedicated hardware coupled with trusted platform as elastic parallel designs.5 IBM divides big data into four dimensions: volume. We’ll need new generations of data ware. Web At the other end of the cloud spectrum. is rather new and unusual. and Hardware advances boosted by research variety. are less crucial. We intend to investigate new generis imaging. methods.typically restrict their use of cloud computing to the houses. Some of the techniques hardware with them.3 but also to remotely visualize paradigm. low-power CPUs crease the cloud’s appeal for scientific computing in and systems on chip) or advanced networking (such the coming years is another prime area of interest.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® Hardware advances boosted by research on motransport companies (Fedex. Moreover. billions of source of several newly discovered vulnerabilities. units sold per year. however. The virtualization and cloud management laythese adjacent technologies and explore how they’ll ers also induce an overhead. velocity. such as Infi niband. further developed in this new context. Here the challenge isn’t only to store ations of hardware. The notion of big opportunities to enrich the cloud.in the cloud. more than 10 billion ARM flows. For example.Toward a Safer and Trusted Cloud nents. i. how well they work in the cloud or analyze the data. such as field-programmable gate increase in the size and volume of collected data arrays (FPGAs). such as sustainable price. as processing power and providing this as a service to well as the lack of efficient cloud driver implementapotential customers involves some major underlying tions for such interconnects. (no-)file systems. Tying together zetabytes of data with the required performance interconnects.

An enhanced legal framework and recommendations are required to bring customers peace of mind. Cloud brokering will also help create highervalue services by combining services from various providers. empowering small.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® CLOUD AND ADJACENT TECHNOLOGY TRENDS Confidentiality and privacy are also of primary concern to many cloud customers.8 but the technologies needed to enforce such rules require further development. On the economic side. The cloud is driving new needs. major world changes will likely emerge from a mix of technology. which are known to turn simple problems into NP-hard ones. remote control of robots. anywhere. such as hardware-software codesign. and glasses. regardless of the service provider. us to rebuild original. initiated by the need for multitenant clouds. clothes. For example. will be reflected in the cloud’s expansion to mobile devices required to meet the challenges of the “last mile. Finally. These new business models coupled with the opportunities of microcredit and community funding. allow anyone to have a major impact. Many recent publications have highlighted the problem’s multiobjective nature. Other Areas of Development There is certainly still room in the cloud computing paradigm for theoretical development.”9 At the other end. and economics. This trend. duplicating resources used for fault tolerance. the cloud is expected to provide the necessary backbone to the Internet of Things. But the client side also becomes more demanding with the appearance of 4K TV. or they might unnecessarily reinforce some requirements. the abundance of information and the opportunity to cross compare it enable Because clouds are distributed across many countries. This is illustrated in recent actions to fight global warming and in the grid computing community’s attempts to provide a sound business model. and smartboards. HPC. because major findings will likely come from multidisciplinary research.CO M P U T ER . Decentralized approaches should let applications call remote services. minimizing cost and energy while maximizing resilience. Decisions at the various levels could be contradictory. and other emerging high-resolution 3D screens such as the University of California. Many applications transport much more information than required because they process data centrally. the paradigm change brought by the cloud induces new business models. Such frameworks have started to appear.and medium-sized companies. Now anyone can potentially accomplish what only corporations could do in the past. For example.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . smart surface. This certainly calls for cross-layer approaches. The cloud should let us mine our quantified selves. law. such as the study location and local phone books. The Last Mile Ubiquity of services. will also favor cloud brokering. Service roaming will let users move from one cloud to another. and for the various research communities to join forces. keep the data where it’s produced. no less. some of which will certainly fail. To put the cherry on the cake.10 We need new algorithms and heuristics to meet these new challenges. missing information. for example. Also. there is a critical need for stochastic and fault-tolerant approaches. Sensors are now everywhere. leading to potential data leakage. to operate worldwide businesses. San Diego (UCSD) SCOPE (Scalable Omnipresent Environment) project. These aspects are currently handled at various levels—from hardware to middleware to application. and return just the requested result—no more. anytime. which aims to find the best match between customers and providers. enabling new trends of continuous monitoring of individuals provided by fancy hard60 I EEE CLO U D CO M P U T I N G ware such as smart watches.7 Among other issues. Thus. the new generation of applications will require not only large bandwidth. the government of LuxemW W W. Qualcomm’s NexCave. international laws and regulations also play a key role. the cloud’s “last mile” also requires broad connections to support these technical challenges. and so on). recent stories have reported successful attempts to trace the names of “anonymous” genetic sequences simply by looking at publicly available information. as well as individuals. with millions of devices interconnected through the cloud. Cloud management techniques must also be improved. The many underlying sets of ontologies describing the data form complex networks that can be described using hypergraphs. but also low latency (for gaming. New cryptographic data processing will allow applications to process data without uncovering unnecessary information.

Discussion Framework for Clinical Trial Data Sharing: Guiding Principles. ____________ 4.” Nature. Nat’l Academies Press. “Analysis of Genetic Inheritance in a Family Quartet by Whole-Genome Sequencing. of California.” IEEE CommSoft ELetters. medium. Lee. ____________ 5. Roach et al.gov/ pubmed/20360735.nih. He is on the IEEE Cloud Computing editorial board.nlm.org. 2014. J. optimization. Technology and Communication at the University of Luxembourg and a  faculty member at the Luxembourg Interdisciplinary Center of Security. vol.” J Computer Science. 2008.nih. vol. 8. Elements.bouvry@ __________ uni. 636–639. no. 2010. “Cloud Computing Security: The Scientific Challenge. 5978. Cyber Physical Systems: Design Challenges.lu.K. Contact him at pascal. and Activities. “Survey on Mobile Cloud Computing—Challenges Ahead.” The Scientist. Ryan. www. 23 Jan. 1. international laws and regulations also play a key role. 2013. 9. and Think. NEWSLETTERS Stay Informed on Hot Topics computer. Big Data: A Revolution That Will Transform How We Live. vol. p. Cukier.org/newsletters I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 61 M q M q M q MqM q THE WORLD’S NEWSSTAND® . vol. www. 2010. Board on Health M AY 2 0 14 Sciences Policy. 464. Systems and Software. May 2013. Samsi.. McCray. 8.D. no. and Trust.N.. 2. Reliability. 269–279. Watching the emergence of new international laws and regulations facilitating the use of the cloud will also be of a prime importance.nlm. Fowler. 2263–2268. don’t hold in distributed cloud services. “An Efficient Computational Framework for the Analysis of Whole Slide Images: Application to Follicular Lymphoma Immunohistochemistry. and a Survey of Solutions. tech.  and M. Work. Bouvry has a PhD in computer science from the University of Grenoble (INPG). 5. PASCAL BOUVRY is a professor in the Computer Science and Communication research unit of the Faculty of Science.ncbi. pp. security and reliability. 7. Classical ways of dealing regionally with copyright for technologies. 15. 328. Combinatorics of Finite Sets. S. Univ. 10. pp. S.  His research interest include cloud & parallel computing. 3. “‘Ome Sweet ‘Omics—A Genealogical Treasury of Words. Lederberg and A. pp.computer. ____ Selected CS articles and columns are also available for free at http://ComputingNow.nih.  France. 721–727. B.ncbi. Mayer-Schonberger and K. C.  A. References 1. no. vol. Berge.” Science. 7. Institute of Medicine.” J.nlm.ncbi. 2. 9. ____________ 3. no. Hypergraphs. 2012. J. 2013.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® bourg passed a project of law guaranteeing the conservation of data in the event of a local provider’s bankruptcy. “Phenotypic Profiling of the Human Genome by Time-Lapse Microscopy Reveals Cell Division Genes. Berkeley. 2001.C. Krishnamurthy. V. 7289. and long term. Because clouds are distributed across many countries. Committee on Strategies for Responsible Sharing of Clinical Trial Data. 6.gov/ pubmed/22962572. such as zoning. Eamon Dolan/Houghton Mifflin Harcourt. M. pp. no. Gurcan. E. no. 1989. vol. North Holland Mathematical Library/ Elsevier.gov/ pubmed/20220176. EEE Cloud Computing calls for the academic and research communities to provide exciting articles on emerging paradigms on cloud and adjacent technology trends and their impact on how we perceive and use the cloud in the short. report UCB/EECS-2008-8. Neumann et al. 86. www.

such as concern about job security for existing in-house administrative staff and lack of understanding of how the provider operates. loud computing is one of the most potent examples of how we can use computing as a utility. has allowed various companies to successfully adopt the cloud computing utility model.6095/14/$31 . many companies surrender important 62 I EEE CLO U D CO M P U T I N G P U B L I SH ED BY T H E I EEE CO M P U T ER S O CI E T Y systems management skills that they could have developed in house. Cardiff University The cost of outsourcing computing infrastructure requires consideration not only of potential savings in operational and capital expenditures. such companies can save operational expenditures and focus on their core business rather than their computing systems. Smaller companies unable to afford an in-house computing infrastructure (and operational support for maintaining and managing such an infrastructure) are often cited as potential benefactors of this model. human issues can also influence cloud migration decisions.0 0 © 2014 IEEE Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . can be unfavorable for smaller companies. long-term use of cloud systems makes sense. However. Such analyses also offer important insights into which part of the local system should be moved to an external provider and which should remain in house. it’s also useful to understand the organizational changes that cloud computing would generate. Of course. but also of human and management costs. By migrating to a cloud infrastructure. The ability to outsource computing infrastructure to one or more providers.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® CLOUD ECONOMICS The Costs of Cloud Migration Omer Rana. A Multicriteria Economic Perspective Taking a wider. multicriteria economic perspective is essential to ensuring that sustained. By outsourcing. For instance. how would departments within a company deal with “pay-as-you-go” pricing? Economic models therefore play an essential role in determining whether such outsourcing is likely to benefit the company. with varying levels of trust. especially for longterm use of an outsourced computing infrastructure. In this context. They strongly influence the decision of many companies as to whether they’ll migrate (either partially or fully) 2325. the actual costs. Understanding the true cost of outsourcing infrastructure therefore requires more detailed consideration than many organizations undertake when performing cost-saving analyses to decide whether cloud migration would benefit them.

often available M AY 2 0 14 in a range of pricing bands (current versus older instances) and market models (spot market versus reserved instances. Simulation-based approaches are generally used to demonstrate the benefit of these auction-based models and how they can improve utility for both consumers (cheaper resources) and providers (increased utilization of an otherwise rarely used resource). performance/availability. By sharing common aspects of an infrastructure (using virtualization technologies) across multiple users. often requires input from economic and technical experts working in collaboration. I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 63 M q M q M q MqM q THE WORLD’S NEWSSTAND® . or bundle provider-specific services. is also significant interest in providing auctionbased models for improving utilization of spare capacity in the cloud market. Understanding how resource requirements can map to products from such providers. reputation/trust. and the number of instance hours used are charged to that card. “matchmaking” service requests to providers based on factors such as cost. making an overall comparison of providers a nontrivial process. energy savings. and user feedback. Cloud providers also need to estimate the cost of provisioning infrastructure and services to clients. for instance). establishing mutually beneficial service-level agreements (SLAs) that provide financial security for the company running the website (allowing them to establish penalty clauses that could lead to crediting customers in case of unavailability. Energy costs are increasingly important in this equation for many cloud providers and have influenced where they build their datacenters as well as potential alliances with energy providers offering special pricing. Today. With the emergence of digital currencies such as Bitcoin. potential data leakage (due to “dirty disks”). Existing cloud providers generally require users to register for their services using a credit card. in practice. Interference between virtual machine (VM) instances. as well as potential reputation concerns (such as how potential clients perceive them in terms of reliability and their ability to deliver what they advertise) that impact their long-term survivability in the marketplace. operational history (for example. Standards (see the “StandardsNow” column in this magazine) play an important role in creating suitable terminology that can be shared across providers. There is also often a cloud supply chain. in which a single company uses services that are provisioned by others (in various service mashups). when a VM goes beyond its defined boundaries and interacts directly with the operating system (and other VMs)—could negatively affect the potential cost benefits for customers. and so on). Difficulty arises when cloud providers use different names/terms for computing and storage resources. and security and privacy. offering users a range of configurable options. resource sharing across users also provides a key limitation if used inefficiently or incorrectly. However. there The multitenancy nature of cloud computing is often a leading reason for revenue generation by cloud providers. accounting for their own operational and capital expenditures. a limited number of providers dominate the market. and longer-term reputation and strategic operation. as well as associated dependencies within the supply chain. so users can factor in these risks when choosing a cloud provider. uptime and availability). It’s important to understand how such data hosting risks can be quantified and presented to users (and providers). Are users who access such websites fully aware of the different providers in the supply chain? Do service providers fully disclose their dependencies within their supply chains to their users/customers? Brokers play an important role in establishing these supply chains. Pricing and Usage Models Understanding how external infrastructure and service platforms should be compared also remains a challenge for companies. In the research community. providers can benefit from economies of scale (and management efficiency). With this approach. Such decisions factor in issues of pricing/cost. Each of these decision factors impacts both shorter-term revenue and cost savings. cloud providers might begin offering exchangeable credit schemes. cloud providers have been reluctant to adopt auction-based models. a company might run its own website but outsource storage to an infrastructureas-a-service (IaaS) provider. However.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® their infrastructure or services to a cloud provider. and VM/hypervisor “escape”—that is. For instance. Why are most cloud providers unwilling to offer underutilized capacity in an auctions market? The multitenancy nature of cloud computing is often a leading reason for revenue generation by cloud providers.

Should operation of cloud providers. requiring clients to use standard caered). in which unused tokens are auctioned to potential bidders. and only delivers the resource if it can benefit from havr providing subscription-based pricing that ating a certain minimal number of consumers. no party is required to perform the pabilities offered by the vendor. Examples of fit to the client of using the SaaS capability. and how customers per. models for selling software products (or licensing). could create a dynamic marketplace for services/resources. otherwise.configurability. but it is not guaranteed. special-price offers of products/services that must be outsourcing deployment and hosting) could offer a accepted within a limited time frame). are SaaS offerings coexistence of multiple marketplaces (with varying primarily obtained for services that are seen as nondegrees of guarantees provided on the privacy of the critical for a company’s operation? Of course. along with the potential of using software-defined network models for accessing network components such as routers and switches (using GENI OpenFlow. Understanding how these cloud havens useful to remember that cloud service consumers impact a cloud marketplace. The marketplace can now extend beyond the datacenter to devices owned by individuals or consortia. Such contracts range of potential capabilities. the provider a key part of the business offering. A token exchange. This limits the beneaction and any fees paid are refunded. The highly configurable nature of cloud computing—especially software-as-a-service (SaaS) offerings—suggests the potential for new business models that have yet to be fully realized. According to a Gartner report. can’t guarantee in advance that a resource will be r establishing long-term strategic relationships available). and how providers can use data from such usage to enhance their offerings.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® .business models for consumers differ from those for providers? How different should they be? ceive them remain interesting research questions.” which attempt to integrate datacenter and edge device capabilities. Delivery this include offers from “daily deal” websites (making of software capability through the Internet (hence. it is stored data). Once the 64 I EEE CLO U D CO M P U T I N G W W W.CO M P U T ER . for instance). how they influence the aren’t just companies. SaaS business models are often similar to traditional by individuals or consortia. cloud computing service providers operating in countries with lax or nonexistent security and their existing in-house systems also remains an imprivacy regulations) creates the potential for the portant question.2 How Distributed clouds extend the marketplace much current SaaS offerings will need to change to reach such spending tarbeyond the datacenter to devices owned gets is unclear. The mapping between token value and number of instance hours received could vary depending on the popularity (and demand) for offerings from a particular provider. For instance. More popular providers could charge more tokens for their services than less popular providers. The consumer requests a resource to use with customers through negotiated provisioning in the future. users could purchase several instance tokens from a cloud marketplace and redeem them at a number of different providers.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® CLOUD ECONOMICS Interest in “distributed clouds. interest in the creation of cloud “havens” How companies integrate SaaS capability into (that is. Understanding how resource sharing and revenue models can factor into such multilayer capability remain important research challenges for the future.1 tempts to understand how consumers use the system. opens up new possibilities for cloud economics. global spending on SaaS will likely reach US$250 billion by 2017. Emerging Issues Recently. It’s essentially a r combining software hosting and development as form of advance best-effort lease (that is. but also individuals. the action is taken based on els. in which members of a group pledge to contribute to an action if some prespecified threshold condition is met. and customers have limited ability to negotiate or alter these modthreshold point is passed. The provider agreements. Currently. Existing SaaS vendors also limit their products’ the advertised capability (service or product is deliv. such as allow cloud providers to reduce operational expenditure through economies of scale. Another example is the use of provision-point (assurance) cloud provider contracts. thereby creating a marketplace driven by supply-demand principles. along with access to services made available by backbone network providers.

4Q13 Update.00 Topics: Project Management. “Forecast: Public Cloud Services.org/online-courses I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 65 M q M q M q MqM q THE WORLD’S NEWSSTAND® . is only in its seventh year. for instance. Contact him at ________________ o. Expert Online Courses — Just $49. The IEEE/ACM “Utility and Cloud Computing” conference. It’s also important to note that an organization’s ability to understand such risk factors can change with maturity—that is. Gartner. Authors are also encouraged to report on the practical use of economic models for provisioning cloud services/infrastructure and their experiences using pricing/economic models from commercial providers. intermediate brokers can consider concerns relevant to particular users or companies and subsequently compare these with offerings (at particular price bands) from various cloud providers.gartner. hese are still early days for the cloud computing research and development community—in particular. and more. the International Conference on Parallel Processing is now in its 43rd edition. 2.org. 2013. M AY 2 0 14 References 1.f.com/doc/2642020/ forecast-public-cloud-services-worldwide. Forwards and Provision Point Contracts. data analysis/mining. With improved understanding of how cloud computing systems and services are used in practice. Software Security. and how novel resource provisioning strategies could lead to the development of new economic models. especially risk from an economic perspective. and multiagent systems.rana@cs. __________________________ OMER RANA is a professor of performance engineering in the School of Computer Science and Informatics at Cardiff University.ac..” 26 Dec. how long they’ve been using cloud services.computer. such as Amazon and Google). Increasing interest and adoption of cloud standards can also be an important catalyst for generating a more sustainable cloud market. covering both micro. Cloud Computing magazine also seeks articles covering aspects of risk. Worldwide. O. UK. Brokerage-based risk assessment also remains an important challenge. www.cardiff. and construction sector. Authors are encouraged to contribute articles demonstrating novel thinking on how economic models adapted from other domains could improve the use of multilayered cloud systems. engineering. He also currently acts as an advisor to CBNine. Embedded Systems. Selected CS articles and columns are also available for free at http://ComputingNow. Different users are therefore likely to place varying degrees of emphasis on particular factors that impact their operation. Dept. of Computer Science.uk. Here.and macro-economic issues. He is a member of the IEEE Cloud Computing editorial board and a member of IEEE. intermediate (brokerage) organizations can find numerous opportunities for interacting with users and cloud providers. 2013. Rogers.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® Call for Submissions Cloud Computing magazine seeks submissions in a variety of areas.” PhD thesis. www. compared with conferences in areas such as parallel computing that have been occurring for decades—for example. There is still plenty of room for innovation. 2011-2017. “Improved Public Cloud Capacity Planning through the Sale of Options. Rana has a PhD in neural and parallel computing from Imperial College (London University). how this community perceives and uses utility computing.computer. given new cloud providers (some of which use services from more established companies. Risk-assessment strategies are often influenced by criteria that have a particular bearing on a company’s operation (because a risk-versus-opportunity assessment is often needed). His research interests include high-performance distributed computing. a company specializing in cloud computing for the architecture. Bristol Univ.

Management systems. and describe several challenges posed by cloud environments. average response time per hour. If service-level agreements (SLAs) are specified. ne of the topic areas covered by this new magazine is cloud management.P.6095/14/$31 . Some aspects of cloud management are generic management concerns. explain what management in general is about. known as operations support systems in the telco world and management platforms in the Internet world.1 When new services go into production. including userperceived quality of cloud services.0 0 © 2014 IEEE Generic Management: FCAPS Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . Rationale for Managing Clouds 66 ensure that these services are delivered with the expected quality in terms of robustness. maximum response time. performance. EPFL In addition to generic management concerns. or maximum time to detect and block an intrusion.2 Management functions are traditionally broken down into five areas3. The latter specify cloud quality metrics. cloud management poses particular challenges for researchers and practitioners in areas such as scalability. management systems and support staff are put in action to Since the early 1990s. are key enablers of operations. Cloud management deals with the operations of cloud infrastructures (software and hardware) and cloud services. In this short article. and security. and so on. the Internet world has used for management a terminology that originated in the telecommunications world.4: fault management. I briefly present the rationale for managing clouds. account- I EEE CLO U D CO M P U T I N G P U B L I SH ED BY T H E I EEE CO M P U T ER S O CI E T Y 2325. others pose challenges that are specific to (or particularly acute in) cloud environments. In contrast. and the enforcement of SLAs. These support teams implement processes and follow procedures known as operations. average uptime per month. production environments rely on management systems and support staff to offer service guarantees (such as no service downtime of more than 15 minutes during business hours). Test labs provide only besteffort services. configuration management. The key difference between test and production environments is the dependability of the systems and services that they offer. these guarantees are translated into measurable quality metrics such as maximum downtime. Martin-Flatin.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® CLOUD MANAGEMENT Challenges in Cloud Management J. interoperability.

a number of corporations and government agencies follow the recommendations of the Information Technology Infrastructure Library (ITIL)6 to structure their IT service management process. the security management subsystem is expected to detect and block intrusions and denial-of-service (DoS) attacks using firewalls and other tools. even small errors in accounting management systems can turn expected profits into actual losses. but it also deals with usage statistics independent of monetary aspects. as depicted by Figure 1. security. a normal system is not just a system that is up and running. the same terminology is used for grouping different management functions into coherent sets. and so on. scalability. and diagnosis.5 where security is based on the confidentiality-integrityavailability triangle. they span multiple management domains and require a complete rethinking of management processes and procedures. Whether dealing with IP network management. but management processes and procedures are essentially the same. performance management. Management functions can be classified in many other ways. Fault management deals with malfunctioning cloud resources and services (such as when a server is down or a service is unavailable). the performance management subsystem is in charge of triggering corrective actions by interacting with the fault management subsystem. increase agility. and in making sure they perform as expected by comparing quality measurements (extracted from monitoring data and user complaints) with a baseline. Versatility Behind the term cloud lurk polymorphic realities that pose radically different management problems. security management does not deal with availability. Security management guarantees the security of all cloud systems and services. Multiprovider public clouds. and restore the systems or resume the services. virtual machine (VM) image to be launched for running a given service. However. the configuration management subsystem. For instance. managing systems and services in a multiprovider public cloud is I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 67 M q M q M q MqM q THE WORLD’S NEWSSTAND® . interoperability. server management. Unlike private clouds. PaaS add-on PaaS IaaS Datacenters FIGURE 1. with small margins. The configuration management subsystem plays an essential role in guaranteeing robustness. To date.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® M AY 2 0 14 Users SaaS Networks ing management. however. Xen. Configuration management is about setting the parameters that control all cloud resources and services: IP addresses. In particular. You need new software. but it does not check whether they perform satisfactorily. The fault management subsystem ensures that cloud resources and services are up and running. or cloud management. When services do not fulfill their SLAs. automation. and security management. and facilitate the swift deployment of new functionality at the expense of robustness. correlate them. and rely on high volumes for generating profits. Managing a private cloud based on VMware. In contrast to information security terminology. In performance management. whereas the latter strives to decrease costs. or the Linux kernel-based VM (KVM) and deployed in a single datacenter is not vastly different from managing a cluster in a noncloud environment. These five areas are known as “FCAPS” for the first letter of each area. Performance management consists in regularly checking the health of all cloud resources and services. As a result. for instance by making it possible to resume an entire production environment from scratch in a new datacenter. find their root causes. Configuration parameters are usually stored in databases and “pushed” to production software and hardware. Fine-grained accounting management is crucial for public cloud providers as most of them charge on a pay-per-use basis. Cloud Management: Six Challenges Cloud environments pose many management challenges. It processes monitoring data and user complaints to detect anomalies. and so on. number of small buffers for a database. as well as the cloud management systems themselves. trigger corrective actions. Accounting management is typically associated with charging (which is handled by business support systems in the telco world). but a system that provides the expected service with the expected quality. which falls into the realm of fault management. including versatility. Web service management. ITIL and public clouds rarely coexist because the former increases costs and bureaucracy for the sake of robustness.

Cloud management tools are therefore increasingly adopting techniques that emerged a few years ago under various names: selfmanaging systems. For example. DevOps advocates tight links between software development and operations. As usual in IT. The first lesson they learn is that public clouds. the public cloud Automation Automation is a classic solution for making man. In turn. are not experts in cloud management. When software deScalability In the precloud days. CloudBees.Shortly after people start deploying new services in lected. DevOps looks great. when software engineers design and produce software. In the past few years. Such an began turning to diagnosis. and implemented from scratch. self-repair. which is becoming widespread in SaaS engineering. Their new management platforms need to be architected. and each platform might use a different underlying infrastructure-as-a-service (IaaS) such as Amazon Web Services or CloudSigma. with entirely different. and self-optimization. With cations to provide enough monitoring information to public clouds. hybrid clouds for enterprise users 68 I EEE CLO U D CO M P U T I N G W W W. adopting DevOps means asking the same and a public cloud provided by a telco). and public clouds. Precloud service provider with another. Other cloud environments include singleprovider public clouds (such as Google App Engine and Google Compute Engine. As a result. too. whereas having 10. IT analytics is dead. it was considered exceptional a decade ago. or EngineYard. the exact opposite is true: large cloud analytics engines. small computer rooms were velopers do not know how to instrument their applithe rule and large datacenters the exception. a private cloud on premise For them.000 on monitoring (as with NewRelic). and yet others in noncloud security breaches. At first sight. or Microsoft’s Windows Azure). however.000 servers in a single cloud datacenter is growing rapidly. the need for more automation is also driven by the development and operations (DevOps) trend. This market segment than 100. End users interact with softwareas-a-service (SaaS) from different providers. second lesson is that anyone can replace one cloud designed. and Interoperability hence in the amount of monitoring data to be col. so we cloud environments. (comprising. and autonomic computing. others in private clouds. in their vast majority.CO M P U T ER . the reality. they rely on management software datacenters have become the norm. The sad reality. long live big IT analytics! The solution to these problems is cloud interoperability. you have to cope with multiple management domains and monitoring data silos. These days. thereby addressing the “management as an afterthought” syndrome. systems integration costs are non-negligible. and so on. providers are very small companies that worship two gods: Scrum and DevOps. increase in the average datacenter size implies a tremendous increase in measurement points. for example. Precloud IT analytics solutions are not suited to environments.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . is that few people clouds).Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® CLOUD MANAGEMENT agement more scalable. it focused is increasingly common. however. To scale to XXL-size cloud datacenters. this adoption is encouraging further work in areas such as self-configuration. Having more to do it for them automatically. they usually want to integrate them processed to monitor performance. are left with people who. are outstanding in both software engineering and opand systems have little in common in these different erations. transferred to the analytics engines. For multiprovider public clouds. you must rethink your management processes and procedures from the ground up. More recently. Cloud management processes. each service might run on a different platform-as-a-service (PaaS) such as Heroku. procedures. Darwinism ensures that poor software developers soon disappear from the SaaS market. is a bit more problem. vendor lock-in issues and high migration costs abound. or a security problem prosaic. but when doing so.market began in a rather anarchic manner. DevOps encourages them to adapt their software at design-time to facilitate its operation when it is eventually put into Diagnosing the causes of a performance production. detect faults and with other services—some running in public clouds. a fault. and public people to develop SaaS software and support its opclouds for smartphone users (also known as mobile eration. the majority of SaaS requires access to monitoring data. In such environments. self-organizing systems. self-adaptive systems (with localloop adaptation).

. and the switch saturates due to a software design mistake in the PaaS add-on. a SaaS running on a PaaS. D. That SaaS accesses a Database-as-a-Service (DaaS) that is provided as a PaaS add-on. for example. The former is something that cloud service customers will learn over time—either the hard way (by trial and error) or through education. and your contributions are very welcome! References 1. This new magazine offers a unique forum for sharing experiences and know-how. Diagnosis Diagnosing the causes of a performance problem.3400. eral administrative entities that enforce their own management policies. Davis. that a user complains about a service—say.” Some of the first standards that were released in the cloud management arena pertain to interoperability. Recommendation M. for instance. I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 69 M q M q M q MqM q THE WORLD’S NEWSSTAND® . How can you secure all these monitoring data exchanges that go across public cloud datacenters. We need to improve the state of the art in this field by testing new approaches. In private clouds. 1992. when multiple providers are involved in the root cause analysis of a given problem. Int’l Telecommunication Union. 2. Zhang. we have at least five companies involved here: the user’s employer.700. Pilz. different types of cloud environments. The latter is presented in the “Settings Standards in a New World” article and the StandardsNow department “Defining Our Terms. cloud security has received considerable attention in the press. suppose that the “multiple customers” mentioned Security In the past few years. all cloud resources and services normally run in a single administrative domain—that is. the PaaS provider. because we have multiple administrative domains and thus sevM AY 2 0 14 Step by step.8 Another de facto standard is OpenStack. and so on? Security problems also abound in multiprovider public clouds. TMN Management Functions. G. Cloud interoperability is primarily driven by two factors: customer demands and standards. irrespective of others. 1992. which heavily uses a network switch shared by multiple customers. So.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® many newcomers rushing to the market and focusing on just one thing: functionality. transoceanic optical fibers. security also covers other aspects. and Content: An Overview of Current Methods” introduction). the PaaS add-on provider. Suppose. For the sake of clarity. Internet backbone switches. The situation is quite different when multiple providers are involved. people are gradually reengineering their cloud services to take nonfunctional aspects into account (a trend known as SaaS industrialization in the context of SaaS). Assume that the user’s problem is due to the PaaS add-on. Services. or a security problem requires access to monitoring data—a lot of monitoring data in the case of cloud environments. Issues such as access control (Who can access what monitoring data?) are therefore easy to solve. telco networks. Data security is one of the main concerns of people who remain hesitant about using public clouds (see the “Securing Cloud Infrastructure. Cloud Infrastructure Management Interface (CIMI) Primer. publishing experience reports. They include the Open Cloud Computing Interface (OCCI)7 and the Cloud Infrastructure Management Interface (CIMI). Int’l Telecommunication Union. Both the PaaS and the PaaS add-on run atop the same IaaS. 3. and sharing the lessons learned. Now that the market is maturing and consolidating. How do you perform root-cause analysis automatically across five management domains? How can cloud providers exchange enough monitoring data to debug and solve such a problem. without incurring the risk of sensitive information leaks by sharing too much monitoring data? loud management poses interesting challenges to researchers and practitioners alike. eds. the SaaS provider. and A. Recommendation X. we need to assemble a corpus of best practices for managing above all use the same SaaS provided by the same supply chain. we need to assemble a corpus of best practices for managing different types of cloud environments. In cloud management. In public clouds. under the control of a single administrative entity that enforces its own management policy. Step by step. A key nonfunctional aspect is interoperability. Data Communication Networks—Management Framework for Open Systems Interconnection (OSI) for CCITT Applications. and the IaaS provider. a fault. monitoring data needs to be transferred from the monitored entity to the analytics engine.

Hegering.” often acting as a bridge between academia and industry. 1994. Standardization (ISO)/Int’l Electrotechnical Commission (IEC). 2012. 2nd ed. California: Mike Hughes Email: _________________ mikehughes@computer. 2012.. 5. Abeck. 6. Int’l Org.184.org. Business Development Mgr. His research interests include integrated management. Addison-Wesley. Open Grid Forum. Neumair.G. self-managing systems. UK Office of Govt.org Phone: +1 973 304 4123 Fax: +1 973 585 7071 Advertising Sales Representatives (display) $GYHUWLVLQJ6DOHV5HSUHVHQWDWLYHV &ODVVLÀHG/LQH. Martin-Flatin has a PhD in communication systems from EPFL. GFD-PR. and B.martin-flatin@ieee. He is or has been on the editorial boards of IEEE Transactions on Network and Service Management (TNSM) and Journal of Network and Systems Management (JNSM). Switzerland. Edmonds. 7.buonadies@computer. Open Cloud Computing Interface—Infrastructure. 1.computer. S. June 2011.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® CLOUD MANAGEMENT 4. v. H. Selected CS articles and columns are also available for free at http://ComputingNow. eds.1. 8. Sloman. Contact him at ________________ jp. He also co-founded the SASO conference series (IEEE International Conference on Self-Adaptive and Self-Organizing Systems). Distributed Management Task Force. ed. J. Integrated Management of Networked Systems: Concepts. he has worked alternatively in research and the “real world.. ADVERTISER INFORMATION Advertising Personnel Marian Anderson: Sr. Architectures. Commerce.org Phone: +1 714 816 2139 | Fax: +1 714 821 4010 Sandy Brown: Sr.P.org. 2011. DSP2027. big IT analytics. errata update. ISO/IEC 2700: Information Technology—Security Techniques—Information Security Management Systems—Overview and Vocabulary.0. and Their Operational Application. and cloud troubleshooting. ITIL Service Operation. Switzerland. Advertising Coordinator Email: ________________ manderson@computer. Metsch and A. Morgan Kaufmann. T.org Phone: +1 714 816 2144 | Fax: +1 714 821 4010 Southwest. M. Network and Distributed Systems Management.org Phone: +1 805 529 6790 Southeast: Heather Buonadies Email: _________________ h. Throughout his career. Email ______________ sbrown@computer. 1999.. MARTIN-FLATIN is an Academic Guest at EPFL.

buonadies@computer. Midwest.org Phone: +1 973 304 4123 Fax: +1 973 585 7071 W W W.org _________________ Phone: +1 973 304 4123 Fax: +1 973 585 7071 Advertising Sales Representatives (Jobs Board) Heather Buonadies Email: _________________ h.org Phone: +1 508 394 4026 Fax: +1 508 394 1707 70 I EEE CLO U D CO M P U T I N G Heather Buonadies Email: h. ________________ d.buonadies@computer. Far East: Eric Kincaid Email: _______________ e. Central.CO M P U T ER . Europe. Middle East: Ann & David Schissler Email: ________________ a. Northwest.org Phone: +1 214 673 3742 Fax: +1 888 886 8599 Northeast.schissler@computer.schissler@computer.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® .kincaid@computer.org.

The cloud offers everything as a service (XaaS) on a pay-per-use model. by implementing a cloud-based system. North Dakota State University Sharing experiences in transitioning from traditional computing paradigms to the cloud can provide a blueprint for organizations to gauge the depth and breadth of cloud-enabled technologies.2. storage. Enterprises can procure and release cloud resources for short-term needs based on the “pay per use” policy. on-demand network access to a shared pool of configurable computing resources (e. Among the main incentives to adopt the cloud computing paradigm are easy and pervasive (anytime. Moreover. applications.6095/14/$31 . convenient. cloud computing 2325. Khan. servers. loud computing.3 yet most definitions include on-demand. According to the US National Institute of Standards and Technology (NIST). Employees can access cloud-based services anywhere and anytime using handheld devices. a mainstream of research over the last decade. networks.1 As an IT buzz word.. relieving data security and backup concerns. and elastic services provisioning. anywhere) access to data and applications and cost effectiveness. and access to virtually unlimited shared resources.0 0 © 2014 IEEE makes computing and storage resources available when required on the fly. Significant savings in initial capital expenditures and operational expenses inspire enterprises and businesses to adopt cloud services for their computing demands.g. and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. they can reduce running/ operational costs by reducing the IT staff. Such a viewpoint ignites a debate that perhaps the M AY 2 0 14 I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 71 M q M q M q MqM q THE WORLD’S NEWSSTAND® . pay-per-use. Enterprises using the cloud don’t need an enormous budget to deploy a computing infrastructure. is expected to revolutionize the information and communication technology (ICT) sector. pervasive and convenient access to enterprise data and applications augment employees’ productivity. cloud computing is software implemented on a shared pool of interconnected resources in a largescale datacenter to deliver various cloud services. Moreover. and lowering energy bills. Cloud computing is a model for enabling ubiquitous. Furthermore. From a system engineer’s perspective. cloud computing has been defined in a variety of ways.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® CLOUD EXPERIENCES AND ADOPTION Elements of Cloud Adoption Samee U.

” Growth Areas In a “Market Trends” report. raising customer engagement to 70 percent. agriculture. Through Forge. Not only do players have a rich set of online competitors to choose from. Recovery.8 The US government spends more than $76 billion annually on IT. Here.5 Moreover. healthcare. An IBM Institute of Business Value and Economist Intelligence Unit survey of 572 technology and business executives across the globe revealed that around three-fourths of the surveyed companies are using the cloud. and product reviews. videos.9 For a datacenter outage having a recovery time of 134 minutes. the US government announced the Federal Government’s Cloud Computing Initiative. The Defense Information Systems Agency (DISA) launched the Forge. In September 2009. and scientific applications. testing. but all of the game processing and rendering is performed in the cloud for a real-time gaming experience.000 to $500.8 The cloudbased system empowered the Air Force to reduce manpower and save around $4 million annually. the average loss is around $680. files. The business sector is overwhelmingly adopting cloud computing. Gartner estimates that the cloud-based business services and software-as-aservice (SaaS) markets will increase from US$13. Open Issues Round-the-clock service availability is integral to cloud-based organizations. and deployment of new software and systems to the entire Department of Defense. For instance.5 billion in 2016.7 Government agencies are also envisioning the cloud as a cost-effective and unified paradigm. and customer survey mission needs. such as unlimited resources at nominal prices. These conflicting and sometimes ambiguous definitions and interpretations mandate the need for a forum in which to share successes (and lessons learned) from cloud experiences and adoption.gov to the cloud saved $334. However.2 billion in 2016.mil.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . cloud computing is transforming many aspects of our social and personal lives.mil project to deliver a software development platform for reusing software code. I describe some of the elements of cloud adoption to set the tone for the types of articles that will be of interest under the emblem of “Cloud Experiences and Adoption. By using this cloud-based collaborative environment and open development platform. these automated systems are error prone. cloud providers receive information disclosure requests from government W W W. downtime and failures have a huge effect. Such a forum will not only help us understand what works and what doesn’t but also help move academia and industry toward this game-changing technology. It also led to an overwhelming increase in queries to the knowledge base to around 2 million per week. Cloud computing is also being used widely in e-commerce. The system used the Amazon Elastic Compute Cloud (EC2) infrastructure to provide added security.mil environment. In the cloud. many organizations have faced failures.4 Similarly. contact center tracking. The cloud also facilitates the downloading and updating of various mobile applications and allows people to easily share pictures.4 In addition to supporting various operations in the business and enterprise sector. cloud gaming lets users play state-of-theart online games on low-performance endpoints.8 Moreover. DISA avoided large start-up costs and increased its return on investment (ROI) through software reuse. such as smartphones. with Web mail as the prime example. moving Recovery.8 an amount it expects to reduce with the adoption of cloud computing. Moreover. In 2010. nuclear science.000 in 2011.6 billion in 2011 to $35. Regardless of safety measures and infrastructure robustness. smart grids.000 per project using the Forge.4 billion in 2011 to $32.6 For example. DISA saves an estimated $200. social networking has minimized the communication gap by helping users connect seamlessly through the cloud.800 in 2010 and $420.CO M P U T ER . According to a government report.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® CLOUD EXPERIENCES AND ADOPTION cloud was available as early as the 1990s.600 per minute of the datacenter downtime. are motivating enterprises and research organizations to use the cloud for their computation and data storage requirements.9 Data privacy and security are among the foremost concerns pertaining to cloud computing.8 In collaboration with RightNow solutions.40. the US Air Force implemented an SaaS-based solution for knowledge management. the agency saves $15 million through software reusability and collaborative development. the infrastructure-as-a-service (IaaS) and platformas-a-service (PaaS) markets are estimated to grow from $7. pharmaceutical company Eli Lilly executed a complex bioinformatics workload 72 I EEE CLO U D CO M P U T I N G on a 64-machine cluster within a cloud with a price tag of $6. Organizations pay an average of approximately $5. DISA provides the tools and services necessary for rapid development. gov became the first government-wide system to migrate to the public cloud. 90 percent of these surveyed executives are expected to adopt the cloud paradigm within the next three years5 The benefits offered by cloud computing. case tracking.000. In addition to malicious threats.

com/c/a/Spotlight/UnplannedIT-Outages-Cost-More-than-5000-per-Minute_______________________________ Report-105393. Khan has a PhD in computer science from the University of Texas. or position papers. Cloud Computing and Pharma: A Prescription for Success. has already penetrated (or replaced)—mainstream computing paradigms. as we will learn more about the cloud computing technology. http:// ____ dx. 2014. it will help clarify ambiguities pertaining to the definition of cloud computing and related technologies. Transparency Report. loud computing is poised to penetrate—and. 8. Moreover. and Google provided data for 83 percent of them. I would encourage you to consider submitting to Cloud Computing magazine to share your experiences with the rest of the scientific and industrial communities.dailymail.edu.doi. ____ google.khan@ndsu. V. State of Public Sector Cloud Computing. 9.11 However. He is a Fellow of the Institution of Engineering and Technology (IET. L. Google. Wang et al. 2012. “A Taxonomy and Survey on Green Datacenter Networks.forbes. lawmaking agencies are suggesting various laws and opinions to protect user privacy (see http://epic. A. 2014. Sep. remove or edit content in its sole discretion” (https://aws. The Article 29 Working Party. 6. The US federal government is vigilant about establishing security standards to secure cloud environments. terminate accounts. I strongly encourage you to consider submissions that highlight various aspects of cloud experiences and adoption. A UK-based insurance provider claimed to have accessed the medical records of 47 million patients to determine insurance premiums.. 8 Nov. Mell and T.pdf.” Channel Insider.co.254 user accounts.477 requests for user data as of December 2013. 7. IBM. CIO Council. w w w.” National Institute of Standards and Technology.10 Amazon Web Services (AWS) states in its servicelevel agreement (SLA) that.” Proc. Grid Computing Environments Workshop (GCE 08). We must therefore share as much information as possible about our experiences pertaining to the transition from traditional computing paradigms to the cloud. Such write-ups could be deep technical articles.org/10.nist. (HPCC 08). “AWS reserves the right to refuse service. social networks. 2008. The Power of Cloud: Driving Business Model Innovation. specifying 18. 2008. Google received approximately 27. 2012. “Scientific Cloud Computing: Early Definition and Experience. and security of cloud.” to be published in Future Generation Computer Systems. His research interests include the optimization. vol. Columbus.future. __________ 10. KHAN is an assistant professor of electrical and computer engineering at North Dakota State University. 4. smart grids. ____________ com/terms). Foster et al. industries. Together.com/sites/louiscolum______________________ bus/2012/11/08/cloud-computing-and-enterprise________________________________ software-forecast-update-2012. ____________________ 5. governments.006. states that cloud providers must abide by the “EU Data Protection Directive. “The NIST Definition of Cloud Computing.1016/j. ______________ SAMEE U. surveys. and optical networks. Kelly Outsourcing and Consulting Group. Kundra.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® agencies and courts across the globe.8 Cloud providers are using state-of-the-art security measures to protect and secure user data from unintentional access and use. pp. cluster. M. www. grid.amazon. Contact him at _______________ samee. “Cloud Computing and Enterprise Software Forecast Update. 1–10. 2012. and funding agencies to gauge the depth and breadth of cloud-enabled technologies. a privacy agency representing European Union countries. Bockrath. 825–830.. formerly IEE) and a Fellow of the British Computer Society (BCS). L.2013. pp. Bilal et al. NIST Special PublicaM AY 2 0 14 tion 800-145. Such information dissemination will act as a blueprint for academia.000 Per Minute: Report. www.org/privacy/cloudcomputing). 2011. I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 73 M q M q M q MqM q THE WORLD’S NEWSSTAND® . cloud competitive technology articles.” Daily Mail. Arlington. “Cloud Computing and Grid Computing 360-Degree Compared.” Proc. wired and wireless networks. 11. power systems. References 1. and big data computing. 3. Grance. Keeley. IEEE Int’l High Performance Computing and Comm. www. NIST released a draft of the Guidelines on Security and Privacy in Public Cloud Computing for public comment.gov/ publications/nistpubs/800-145/SP800-145.” In the US. robustness.07. “The Society Which Used Data on Every NHS Patient—and Used It to Guide Insurance Companies on Premiums. 2010.” Forbes. P. July 2014. K.574 data requests. http://csrc. _______________________________ html#ixzz2uRHBCYib.uk/news/article-2566397/ The-insurance-firms-buy-data-NHS-patient.10 US government agencies submitted 10. 8. I.. ____ channelinsider. “Unplanned IT Outages Cost More Than $5. IBM Institute of Business Value. Khan is a member of the IEEE Cloud Computing editorial board.com/transparencyreport/userdatarequests. 23 Feb. 2011. ______________________________ 2. to a certain extent.

Interoperability issues are related to how different cloud platforms and provider offers interoperate in the presence of multiple clouds. 74 hanks to the relative ease of managing and configuring resources and the low cost required for setup and maintaining cloud services. a cloud service is offered by a cloud computing platform that users access through the Web by exploit- ing some kind of interface. even worse. fully functional. definitive solutions to interoperability and portability issues among multiple cloud environments. Portability in the cloud refers to two different but strictly interlinked aspects: legacy software’s modernization aimed at exploiting current cloud-based technologies. or.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® CLOUD SERVICES Applications Portability and Services Interoperability among Multiple Clouds Beniamino Di Martino. In contrast. and immediately available appliance to users. virtual machines offer functionalities that are very similar to those provided by cloud services. and softwareas-a-service (IaaS. cloud providers are increasingly offering new and different services and steadily incrementing the available cloud service at all levels—infrastructure-. which are virtual machine images running on virtualization platforms that deliver a complete. platform-. Second University of Naples Although researchers are actively seeking answers.6095/14/$31 . The current scenery’s complexity is further increased by the introduction of virtual appliances. In many cases. and the portability of cloud-ready applications among different cloud platforms and providers. cloud providers who won’t federate. remain elusive due to the technical complexity and a lack of standards. This context gives rise to two main issues in terms of cloud applications development: services interoperability and portability. especially at PaaS and SaaS level. and SaaS). provider federations. These issues affect the cloud computing landscape I EEE CLO U D CO M P U T I N G P U B L I SH ED BY T H E I EEE CO M P U T ER S O CI E T Y 2325. PaaS.0 0 © 2014 IEEE Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® .

Brokering. Metadata added through annotations pointing I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 75 M q M q M q MqM q THE WORLD’S NEWSSTAND® . www.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® in different ways. and thus they present patterns that are cloud-platform specific in terms of cloud components that can implement the pattern. including ModaClouds (www. middleware. platform-dependent cloud services to use during application development and deployment. data modeling. the outcome of the European Commission’s Open Source API and Platform for Multiple Clouds (mOSAIC) research project2.5. adopt the cloud-agnostic abstraction methodology as a key point. and. ____ cloudcomputingpatterns.html). ______________ and PaaSage (www. Several cloud pattern catalogs are emerging. see http://en . as a consequence. In particular. generate anywhere.3 demonstrates in the cloud agency4 the benefits of adopting a cloud multiagent technology. in vendor-agnostic terms. the topology of the system in the cloud—as well as the minimum hardware resources required to run it—can be defined in a cloud-agnostic way.org and http://cloudpatterns . defining sets of prepackaged and preconfigured architectural solutions. ____________ www. it’s possible to map a platform-specific model to one or more cloud providers. as well as to migrating them from one cloud to another.com/software/ucd/designpatterns.” is particularly relevant when it comes to application design and management across multiple clouds. Promising Approaches and Technologies Introducing an upper layer of abstraction improves the portability and reusability of cloud resources and services among several clouds. or cloud services—these entities often rely on similar concepts. Windows Azure. and reusability of system parts (which makes it easy to move the parts from one platform to another).modaclouds. and service description enhancement.6 These cloud patterns support cloud application developers in defining. This approach. Following a specific cloud pattern or a composition of cloud patterns to migrate and port an application to the cloud represents a best practice: the patterns themselves support the redesign and deployment of applications on the cloud—and. In the cloud computing context. interoperability.eu).paasage. exposed through the concepts and mechanisms of software engineering design patterns. Model-Based Approaches The Object Management Group (OMG) ModelDriven Architecture (MDA.org). negotiating. As Amit Sheth and Ajith Ranabahu stated. several initiatives have emerged that define approaches to support application migration to the cloud.artist-project. their consistent application tends to naturally improve the quality of system designs. which is commonly summarized as “model once. which can be abstracted from the specificities of each cloud provider.clouddesignpattern. even if the system is designed for a specific platform—including framework. Indeed.org/mda). such as initiatives relying on model-driven engineering and semantic approaches. Cloud Patterns Another promising methodology currently emerging is cloud patterns—that is.omg.8 semantic models are helpful in three ways: functional and nonfunctional definitions. Thanks to this new abstraction layer. the most viable cloud architectural solutions for their cloud development or porting activity.7 and IBM _______________ (www-01.eu). Some of these catalogs are closer to a specific cloud platform. without offering uniform representations of services.eu). and reconfiguring cloud services are challenging tasks for cloud application developers. Recently.org) and from commercial cloud providers such ___ as Amazon Web Services (AWS. They also propose specific. monitoring. Given this. managing. Patterns describe common aspects of cloud computing environments and application designs and can be useful in understanding the application code changes that might be needed for a successful migration to cloud. Some of them. Another benefit is that system maintenance occurs through human readable and reusable specifications at various abstraction levels. several research groups and projects are combining model-driven application engineering with cloud computing.1 is a model-based approach for software system development.ibm. for the users of those applications. Semantic Models A contributing factor in interoperability and portability issues is the difference in the offered services’ semantics: providers use proprietary terms and semantics. model-driven development can be helpful in letting developers design a software system in a cloud-agnostic way and still be supported by model transformation techniques when instantiating the system into specific and multiple clouds. proposed from academia 6 (see also www. because the design pattern solutions are proven. ___________ M AY 2 0 14 Multiagent Systems Multiagent systems seem to offer another effective approach. Typically. The MDA’s main benefits from the cloud perspective are the ease of portability. the Advanced _____________ Software-Based Service Provisioning and Migration of Legacy Software (Artist.

such as __________ for PaaS architectures. which usually rely on large technologies involved. despite the common.etsi. Openstack (www.w3. defining a Open Source Application Programming Interfaces and Platforms set of basic APIs. issues among multiple cloud environments. machine-readable dictionary that can many different efforts to that end. The current SIIF standard.and proposals (not exclusively for the cloud) to dements and offers. www.org/standards/cloud).apache. ___________ Researchers have also sought to define how such standards can be used to build a cloud infrastructure. and data-storage management.13 defining in detail its tomatically discover.eu). we’re still far from a decommunities for support and further development. services. This is especially the case with ue to the huge number of vendors. service-level agreements.definition of cloud computing. fine a topology. model-based approaches. (TOSCA)14. finitive solution on interoperability and portability Notable examples here are Openshift (www. supporting application portability methodologies. ___________ Oasis Cloud Application Management for Platforms (CAMP).com).org/Submission/SWRL) include the Cloud Management Initiative (http:// _________________ to express additional ____ rules and heuristics. and related key performance termine which specific cloud issues they can solve.12 which aims to dein and enable services composition.org). invoke. such as Cloud (http://deltacloud. www. MDA. namic discovery and mapping system10 (see www.ment Interface (CDMI. which address IaaS interoperability by letting consumers use APIs from different cloud vendors. require. Among ____ openshift. which addresses IaaS offers. which foparticular constraints. To address these different aspects. by its semantic engine9 and dy. given its flexibility. and research projects are producing very good results OpenNebula (http://opennebula. Toward a Standard We’ve yet to establish an internationally accepted standard or set of standards that definitively solves r OWL (www. which refers to the NIST ____________ to add semantics to cloud services that let users and software agents au. including the Open Cloud perform queries to retrieve services according to Computing Interface (OCCI.w3. an IaaS cloud platform that is positioning it. ____ services.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . a set of functionalities.org/Submission/2004/SUBMand reported only as a draft. and open source solutions. offers.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® CLOUD SERVICES to generic operational models would play a key role in consolidating these APIs and enable interoperability among the heterogeneous cloud environments.org) and Delta. could r Semantic Web Rule Language (SWRL. focusing on infrastructure.CO M P U T ER . and pattern-oriented solutions based on cloud org).Version 1. the Topology and Or________________ chestration Specification for Cloud Applications These aspects are also addressed by mOSA. and a governance model for cloud interoperability and federation. Various other commercial and open source solutions have been developed to resolve interoperability and portability issues. be applied to other service layers. services.0.15 which relates to PaaS offers.w3. dmtf. focuses on describing _________________________ OWL-S-20041122) the intercloud topology. still in development r OWL-S (www. APIs and related have conducted studies to collect existing standards parameters. it’s possible to use existing technologies inherited from the semantic Web field. European __ self as a de-facto standard for interoperability.in defining new frameworks and standards: among 76 I EEE CLO U D CO M P U T I N G W W W.patterns seem to be the most promising.openstack. A notable Cloud services interoperability and example here is the IEEE’s Standard for Intercloud Interoperability and Federaportability help avoid cloud vendor locktion (SIIF) project. Other standards ____ w3. _______ occi-wg. many other cloud-specific standards r SPARQL (www.org).snia.org/TR/rdf-sparql-query) to are under development.org/TR/owl-features) to define a interoperability and portability issues. Researchers express resources. indicators (KPIs). Of course.org/cdmi). an example here is the Cloud Standards Coordina11 tion initiative (http://csc. and the mosaic-cloud. the Cloud Data ManageIC2 —in particular. and compose cloud components and the relationships among them. and cuses mostly on IaaS but.org).

Sheth and Ajith Ranabahu. Cloud Application Management for Platforms Version 1. 4. “Semantic and Matchmaking Technologies for Discovering. com / b/jmeier/archive/2010/09/11/w indows________________________________ azure-application-patterns. B.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® these. 2013. “Experiences in Building a Mosaic of Clouds. vol. 9.. 2013. 198–203. technique. http://blogs. Migrating Applications to the Cloud: Roadmap for Success. I encourage you to submit research briefs.1/csprd01/camp-spec-v1 .0. and Software Intensive Systems. 31 July 2013. Object Management Group. LNCS 6586. www. 2000. Di Martino has a PhD in computer science from University Federico II of Naples.0-cs01.1. Venticinque. the Cloud Standards Customer Council.” IEEE Internet Computing. 14. Cloud Standards Customer Council (CSCC). P. and software patterns.” Proc.1. IEEE Standards Assoc. Oasis Committee Specification Draft 03.” J. 10.europa. Intelligent and Software Intensive Systems (CISIS 12). Complex. “Windows Azure Application Patterns. C.” Proc. _______________ 15. Mell and T. no. 4. more research and technological innovation efforts are hugely needed to solve cloud application portability and services interoperability challenges. 2012. 571–578. including the mOSAIC project. ___________________________ 12. pp.ieee. G. References 1. and Applications. The NIST Definition of Cloud Computing (draft). 1 Sept. Springer. version 1. 2013. 2014. 11.D.” Proc. 6th Int’l Conf. 2013. ___________________ 6. Di Martino et al. pp.org/MigratingApps-to-the-Cloud-Final. R. ____ http:// standards. Cloud vendors also support the creation and adoption of new standards.org/tosca/ TOSCA /v1. A. 2010. the IEEE Intercloud Testbed Initiative. Mapping and Aligning Cloud Provider’s Services.” Euro-Par 2010 Parallel Processing Workshops. NIST Special Publication 800-145. and descriptions of practical solutions. mOSAIC clearly shows how semantic and agent-based technologies can ease interoperability and portability issues and lead to an effective and efficient solution. and is a member of the IEEE P3203 Standard on Cloud Interoperability Working Group. Di Martino. Luca Tasquier. p. position papers. 18 Mar. He participates in and leads several European Commission projects on cloud computing. Meier. 249–256. and application domains (such as public administration services) on these and other relevant cloud services challenges. 2012. white paper. 2010. 13. OMG: Model Driven Architecture. S. P2302 Standard for Intercloud Interoperability and Federation (SIIF). semantics. such as Openshift for PaaS and Openstack for IaaS.org/develop/project/2302. ____ cloudstandardscustomercouncil. Information Integration and Web-Based Applications and Services (iiWAS 13). 12. Soley. Intercloud Working Group. J. org/camp/camp-spec/v1. “Towards a Semantic Engine for Cloud Applications Development. G. pp. white paper. “Building a Mosaic of Clouds. knowledge engineering. are steadily growing in importance and being adopted by a growing number of consumers. 81–84. 380–384. Cretella and B. 2011. Acknowledgment I thank both Giuseppina Cretella and Antonio Esposito for their valuable contributions to this article. and Beniamino Di Martino.html.dimartino@unina. 2012. vol. 3. Intelligent. Complex. 2013. 2. challenging case studies.it.oasis-open. Oasis Committee Specification 01. D. Because no standard. 1.. Grance. clear examples here are CAMP for PaaS and TOSCA for IaaS. Systems. and the EC’s Cloud Computing Experts’ Group. _____________________ M AY 2 0 14 8. 2. C. http://docs. Baudoin. due in part to the support of large developer communities. Topology and Orchestration Specification for Cloud Applications Version 1. p. 15th Int’l Conf. Fehling et al. methodology.. Cloud Computing: Advances. Cloud Computing Patterns. Di Martino.html. European Commission. no. _________ I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 77 M q M q M q MqM q THE WORLD’S NEWSSTAND® . “Semantic Modeling for Cloud Computing. 11 Sept. http:// ____ docs.pdf. pp. Springer. Cretella and B. Petcu et al. He is the editor or associate editor of four international journals. 6th Int’l Conf. ___________ BENIAMINO DI MARTINO is a full professor and vice director in the Department of Industrial and Information Engineering at Second University of Naples.html. by proposing them to standardization groups.. or framework stands above the others. Cloud Standards Coordination—Final Report.” blog. “Agents-Based Cloud Computing Interface for Resource Provisioning and Management.oasis-open. Part 2.1-csprd01. http://ec. 14.msdn. 2011.aspx. Thus. Commercial proposals distributed as open source software and sustained by cloud vendors.0/cs01/ TOSCA-v1. Contact him at ____________ beniamino. his research interests include cloud and high-performance computing. 7.eu/digital-agenda/en/news/ cloud-standards-coordination-final-report. including this publication and IEEE Transactions on Cloud Computing. 5.

A zetabyte of data passed through the Internet in the past year.0 0 © 2014 IEEE Welcome to the inaugural Blue Skies column of IEEE’s flagship cloud computing magazine. and R). and DB2) and data mining (such as Microsoft Excel. and content distribution. Conventional data processing technologies are now unable to process this data within a tolerable elapsed time.6095/14/$31 . we live in a digital universe in which information and technology are not only around us but also play important roles in dictating the quality of our lives. high-energy physics synchrotron. IDC predicts that this digital universe will explode to an unimaginable eight Zbytes by 2015. next-generation radio astronomy telescopes. These data are and will be generated mainly from Internet search.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® BLUE SKIES Streaming Big Data Processing in Datacenter Clouds Rajiv Ranjan Commonwealth Scientific and Industrial Research Organization. This approach has two key problems. Such applications generate datasets that don’t fit the data processing model frameworks of traditional relational databases (such as Oracle. research challenges must be solved to realize a standard large-scale. all state-of-the-art implementations of data mining algorithms operate by loading the whole training dataset into the main (RAM) memory of a single machine or simple machine clusters that have static processing and storage capacity configurations. easily aggregating to terabytes or even petabytes of information. Government and business organizations are now overflowing with data. velocity. That is. and volume of data1. In contrast. As we delve deeper into this digital universe. Australia espite clear technological advances. MySQL. The above examples demonstrate the rise of big data applications. business transactions. QoSoptimized platform for managing streaming big data analytics ecosystem. in which data has grown unrestrainedly. social media. Relational databases operate on archived data in response to queries such as “commit a credit card transaction” (as in e-commerce). we’re witnessing explosive growth in the variety. This column intends to provide an in-depth analysis of the most recent and influential research related to cloud technologies and innovations. mobile devices. the data processing technologies are designed to maintain an efficient and fault-tolerant collection of data that’s accessed and aggregated only when users issue a query or transaction request (and thus the data must be archived prior to processing). Matlab. Big Data Computing Paradigm 78 Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . the Internet of Things.3–6 I EEE CLO U D CO M P U T I N G P U B L I SH ED BY T H E I EEE CO M P U T ER S O CI E T Y 2325. focusing on streaming big data processing in datacenter clouds.2 being transmitted over the Internet. Today.

such as Amazon Kinesis (https:// ____ aws. we live in a digital universe in which information and technology are not only around us but also play important roles in dictating the quality of our lives.org) and Apache Storm ____________ (http://storm.3 FlexGP.com/kinesis) and Apache Kafka (http://kafka.apache. _______________ provide a reliable. write applications that rapidly process massive amounts of data in parallel on large sets of machines. Moving all the datasets to a centralized machine is thus expensive (due. works simplify the process of distributing the training and learning tasks across a parallel set of machines. However. The frameworks also automatically take care of low-level distributed system management complexities.apache. This advancement is broadly supported by two key technologies. because they allow data mining algorithms (and underlying application programming and database frameworks) to run at the scale required for handling uncertain data volume. and Amazon Dynamo (http://aws. latent Dirichlet allocation. Finally. monitoring. Data Mining/Application Programming Frameworks Data mining and application programming frameworks enable the creation of a big data analytics application architecture. the algorithms don’t scale well and they never finish or are unable to process the whole training dataset. when the data mining algorithms’ computational complexity exceeds the available RAM. and Bayesian—that can mine datasets in parallel by leveraging distributed set of machines. such as GraphLab. as NoSQL databases don’t require fixed table schemas or support expensive join operations. Cas_____________ sandra (http://cassandra. such as MongoDB (www.6 for processing big datastreams. open-ended datastreams. to network communication and other I/O costs). allow data access based on predefined access primitives such as key-value pairs. such as Apache Hadoop (http:// ____ hadoop. NoSQL database frameworks. decision trees. the data can simply grow too big over time to fit into the available RAM. low-latency M AY 2 0 14 system of queuing real-time datastreams. Broadly.8–10 which promise on-demand access to affordable large-scale resources in computing (such as multicore CPUs. and MLBase. high-throughput. variety. interprocess communication.org). the value is returned.incubator. These frameworks can scale more naturally to ad hoc and evolving large datasets. r Data analytics consists of many systems—such as stream/batch processing systems and scalable machine learning frameworks—that ease implementation of data analytics use I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 79 M q M q M q MqM q THE WORLD’S NEWSSTAND® .org). and QoS control.org). dynamically configurable big data ecosystem. Datacenter cloud services are a natu- Today. regression.amazon. This well-defined data access pattern results in better scalability and performance predictability that is suitable for storing and indexing real-time streams of big datasets.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® First.6 Apache Mahout (http://mahout. and result collection.apache. such as online services and back-end system logs. Data application programming frameworks.org).org). and velocity. GPUs. we need to innovate and implement novel services and techniques for orchestrating cloud resource selection. these frame- Datacenter Clouds The second key technology is datacenter clouds.apache. Given the exact key. even if we assume that the machine has a super-large RAM to hold all the data for processing. Big Data Analytics Ecosystem As Figure 1 shows. ____________ HyperTable (http://hypertable. Distributed message queuing frameworks. ral fit1. deployment. fault management. and CPU clusters) and storage (such as disks) without substantial upfront investment.4.7 implement a wide range of data mining algorithms—including clustering.apache. the paradigm has changed from the conventional “one-shot” data processing approach to elastic and virtualized datacenter cloud-based data processing frameworks that can mine continuous. Second. To process data as they arrive. such as task scheduling. to support a complicated. a big data ecosystem’s high-level architecture consists of three main components or layers: r Data ingestion accepts data from multiple sources. high-volume. com/dynamodb).mongodb. for example. Largescale data mining frameworks. these frameworks can be classified into four categories. To speed up the data mining algorithms. Further.org). most of big data applications produce data spread across multiple distributed data sources (including streaming sources).amazon.

r Data storage consists of nextgeneration database systems for storing and indexing final as well as intermediate datasets. and LinkedIn released open source solutions for dealing with big data. A simple instance of large-scale datastream-processing service.11 Recently. integration with other technologies. and documentation and community support. picking an appropriate platform for (near) real-time stream processing is a nontrivial task given the number of offers and their multiple features. Open Source Real-Time Stream Computation Frameworks Although the stream-processing concept is not new. Therefore. Apache Cassandra Apache Kafka Apache Storm FIGURE 2.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . A high-level architecture of large-scale data processing service. Apache Storm (data analytics layer). language support. and Apache Cassandra Systems (data storage layer). and storage—and the first two layers communicate with various databases during execution. distributed. The example service consists of Apache Kafka (data ingestion layer). Twitter. It’s not surprising that real-time stream-processing systems are just one building block in the big data ecosystem. Figure 2 shows an example of the new architecture: Apache Kafka serves as a high-throughput distributed messaging system.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® BLUE SKIES Applications Disaster management Radio astronomy Smart energy grids Healthcare Telephone fraud detection Big data analytics ecosystem Data ingestion layer Data analytic layer Data storage layer Data application programming frameworks Streams Distributed streaming systems Distributed data queuing systems Batch processing systems Large-scale data mining framework NoSQL databases Scalable data centre cloud resource layer Datacenter provider A Datacenter provider B Datacenter provider C FIGURE 1. We divide the architecture dimension into centralized. Apache Storm as a distributed and fault-tolerant real-time computation. where required. cases such as collaborative filtering and sentiment analysis. computing arbitrary datasets via arbitrary queries demands a variety of tools and techniques.CO M P U T ER . The simple architecture in Figure 1 offers a snapshot 80 I EEE CLO U D CO M P U T I N G of real ones. each architectural layer changed dramatically in terms of the software stack when services such as Yahoo!. CentralW W W. analytics. the available open source stream-processing systems are quite young and a silver bullet solution doesn’t exist. and Apache Cassandra as a NoSQL database. To ease this process. persist or load the data in or from a database. The first two layers talk with different databases during execution and. we created an initial list of criteria: architecture. we encourage passionate readers to also investigate the Lambda Architecture. The big data analytics architectures have three layers— data ingestion. and parallel distributed systems.

r how the various measures should be combined to give a holistic view of the stream of data flows end-to-end. which is a trump card.code___________ haus. key quality factors include throughput and latency in distributed messaging system. Monitoring and Managing End-toEnd QoS Guaranteeing QoS for large-scale data processing across multiple layers and various computing platforms is a nontrivial task. Understanding an Optimal Analytics System It’s not yet clear how to build an optimal big data application architecture given the abundance of existing frameworks that offer competing functionalities for large-scale data mining. or r how optimal optimization would be realized in cases with large sets of variables and constraints. The datacenter cloud resource provisioning’s uncertainty14–16 has two I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 81 M q M q M q MqM q THE WORLD’S NEWSSTAND® . a better answer is found in systems with a parallel-distributed architecture—such as Apache Samza (http://samza. the availability of ready-to-plug libraries for connecting the system to various inline technologies. For example. Although datacenter clouds offer abundant resources. especially for heterogeneous (structured and unstructured) datatypes. Open Challenges and Research Directions Despite the clear technological advances in machine learning. Therefore. which is only expected to grow as more and more end-users adopt these systems. it supports both JVM and non-JVM languages. Another salient dimension is technology integration—specifically. To this end. Similarly. M AY 2 0 14 built-in monitoring. state management.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® ized in-memory streaming systems are suitable for handling queries with lowlatency requirements. and so on. However. Esper (http://esper. some data application programming frameworks such as Apache Hadoop are suitable for handling historic data. and precision recall in the scalable data mining platform.org)—which let you partition _________ the streams and parallelize operators’ execution across a cluster of machines. Table 1 gives an overview of state-of-the-art open source systems and how they meet the criteria. while others like Spark Streaming12 or Apache S413 are better suited to streaming data.incuba_____________ tor. Similar complexities exist in choosing NoSQL databases. For example.org) _____ is a streaming system with a centralized architecture that runs on a single node and keeps everything (states. they don’t support QoSdriven autonomic resource provisioning or deprovisioning in response to changes in the 3Vs (that is. and NoSQL databases. we would expand the criteria list to include more technical features such as dynamic rebalancing. Language support refers to the frameworks’ flexibility in letting your team develop an application using your choice of language. Apache Storm is a good example here. However. and so on) in memory. fault-tolerance. if the continuous queries have a large window size and might entail millions of tuples per second. operators. Given more space. we’ve yet to realize a standard large-scale. in-depth analysis of overriding open source or commercial frameworks is beyond this column’s scope. future research efforts must take an end-to-end QoS view of the ecosystem and develop techniques and frameworks that cater to all components rather than treating them as silos. Apache Kafka is a high-throughput distributed in-memory messaging system that complements every stream-processing system and has a ready component for this integration. QoS-optimized platform as a service-level software for managing a streaming big data analytics ecosystem. Esper and Apache Storm have adequate documentation support. data application programming. The last (but not least) criterion is the framework’s documentation and community support. Frameworks such as Apache Mahout implement several data mining algorithms. The QoS for each computing platform in the ecosystem isn’t necessarily the same. it is not yet clear r how these QoS could be defined coherently across layers. but it’s not clear which is most suitable for processing given both historical and streaming big data in a distributed and parallel setting. its volume. and velocity). such as with heterogeneous resources. bursty workloads. variety. Future efforts will focus on solving the following research challenges.apache. in the big data application’s behavioral uncertainties). Provisioning Datacenter Cloud Resources for Real Time Analytics Handling large volumes of streaming and historical data—ranging from structured to unstructured and numerical to micro-blog datastreams— is challenging because its volume is heterogeneous and highly dynamic. Therefore. distributed message queuing. which lets developers employ APIs easily. we must develop a solid scientific foundation and decision-making technique that can help us select these key functionalities based on the big data’s nature (that is. response time in the batch processing platform. Here. and they don’t produce much intermediate state data. big data application programming frameworks. and metric reporting capabilities. and datacenter clouds.

from a big data application’s perspective. due to failure. Furthermore. distributed mes- Limited documentations and examples sage queuing systems. Second. and I/O system behavior.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® BLUE SKIES Table 1. malicious attacks.NET Declarative SQL-like query language Apache Samza Paralleldistributed Java Virtual Machine (JVM) languages Active community mailing list Managed by Apache Yet Another Resource Negotiator (YARN) resource manager (Storm-YARN) Limited documentations and examples Apache Kafka Spark Streaming12 Paralleldistributed Integrated scalable machine learning library (MLlib) Scala Java SQL-like query language (Shark) Limited documentations and examples Integrated graph processing algorithms Apache Kafka Apache Flume Twitter ZeroMQ Message Queuing Telemetry Transport (MQTT) Apache Storm Paralleldistributed JVM and nonJVM languages Managed by apache YARN resource manager (Storm-YARN) Well-documented APIs and online tutorials Higher-level programming model (Trident) Apache Kafka Several books Kestrel Active community RabbitMQ Java Messaging Services (JMS) Apache HBase (Storm-HBase) Twitter Machine learning integration with TridentML library Apache S413 Paralleldistributed JVM and nonJVM languages aspects. data processing time distributions. or network link congestion. data application programming frameworks. Ensuring End-to-End Security and Privacy Data stored on (and processed by) cloud resources and big data analytics ecosystem components aren’t secured at finer granularity levels. without knowing the big data’s requirements or behaviors. and throughput of datacenter resources can vary in unpredictable ways.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . from a datacenter resource perspective. In other words. First. Esper Architecture Language Support Integration Documentation Centralized in-memory Java API for integrating functionalities Well-documented API and a thorough reference architecture that covers all features with clear-cut examples . Capability Analysis of Recent Open Source Stream-Processing Systems. data arrival rate. and NoSQL databases. datatypes. it’s difficult to estimate workload behavior in terms of the data volume to be analyzed.CO M P U T ER . we need reasonable workload and load resource performance prediction models when making provisioning decisions for datacenter resources that host instances of data mining algorithms. The application data managed by these resources W W W. the availability. it’s difficult to make decisions about the size of resources to be provi82 I EEE CLO U D CO M P U T I N G Apache YARN sioned at any given time. load.

vol. Very Large Database Endowment. order comparisons. vol. Very Large Database Endowment. Bifet. 51. Fan and A.A. and quality of service (QoS) optimization in distributed systems.. 40th Int’l Conf. D. cloud and big data challenges at leading international conferences. L. Neumeyer et al. 12. 1. “A Survey of Methods for Distributed Machine Learning. big data. R. Analyzing. _____________ 13. 460–471. Schad et al. 5. Innovative Data Systems Research. 16. 2011. Buyya. research efforts must focus on developing techniques that efficiently support the following: r end-to-end data encryption and decryption without causing additional query and data processing overhead (time and space).cidrdb. IEEE Int’l Conf. M. GuijarroBerdiñas. X. Ranjan has a PhD in computer science and software engineering from the University of Melbourne. “On the Performance Variability of Production Cloud Services. _________________ I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 83 M q M q M q MqM q THE WORLD’S NEWSSTAND® . 3. Patterson. 3. A. and open source cloud computing projects. 716–727.pdf.” Progress in Artificial Intelligence. 3. 2011. Acknowledgements I thank Omer Rana (Cardiff University).C. 10.” Comm. vol. Sixth Biennial Conf. 97–107. r execution of various traditional SQL queries—such as equality checks. no. pp.computer.. doctoral dissertation.org/cidr2013/Papers/ CIDR13_Paper118. 2. T. 73.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® and components are vulnerable to theft. “Mining Big Data: Current Status. 6. 9. 2013. Low et al. and Grid Computing (CCGrid 11). 2012. S.” IEEE Trans.cs. “Technical Perspective: The Data Center Is the Computer. Zaharia et al. Calheiros. pp. pp. Hence. and Applications.ict.. Electrical and Computing Eng.au/staff/rajiv. nos. vol. 1..” Proc. Lizhe Wang (Chinese Academy of Sciences). Iosup et al. www. J.pdf. 2013. Future contributions might also include in-depth reports on innovative research projects in academia and research institutions. Cloud Computing: Methodology. no. 103–113. 1–11. I also thank Khoshkbarforoushha for his instrumental input in the compilation of Table 1. IEEE/ACM Int’l Symp. 14. no. eds. _______________ 8. because adversaries can gain access to private data and malicious database administrators might capture or leak data. Systems. “MLBase: A Distributed Machine-Learning System.. 2013. 295–304. 2013. pp. 2013. “S4: Distributed Stream Computing Platform.” J. vol. 170–177. ______________ csiro. Developing techniques that can ensure end-to-end stream security and privacy remains a challenging research problem.. His research interests include cloud computing. 2. 284–292. Hot Topics in Cloud Computing. and R. and r preservation of data security and privacy at each lifecycle stage (including creation. 2008. 14. M AY 2 0 14 References 1.” SIGKDD Explorations Newsletter. M.. Big Data: Principles and Best Practices of Scalable Real-Time Data Systems. pp.au and http://www. “Data Mining with Big Data. no.. vol. RAJIV RANJAN is a senior research scientist and Julius Fellow at the Commonwealth Scientific and Industrial Research Organization (CSIRO).R. 105–105. no. R. 1–5. 4. Contact him at rajiv. and Alireza Khoshkbarforoushha (Australian National University) for providing and discussing their viewpoints on research areas related to this column. 2010. Y.” Proc. Wu et al. his column also welcomes highquality position. www. 4.” Proc. pp.ranjan@csiro. 2013. Australia. ACM. 15. ACM. “Discretized Streams: An Efficient and FaultTolerant Model for Stream Processing on Large Clusters. analytics. no. L. and review papers from cloud computing and related research areas.” Proc. ingestion. Knowledge and Data Eng. D.. and Reducing Variance.” Comm. 5.” Proc. pp.org. “A View of Cloud Computing. 50–58. pp. FlexGP: a Scalable System for Factored Learning in the Cloud. O. Parallel Distributed Computing. pp. 2013. survey. CRC Press. Armbrust et al. 26. aggregates. on Data Mining Workshops. “Parallel Approaches to Machine Learning—A Comprehensive Survey. 8.” Proc. MIT. 4th Usenix Conf. Dept. 2010. “Distributed GraphLab: A Framework for Machine Learning and Data Mining in the Cloud. 2012. W. 1. edu/~matei/papers/2012/hotcloud_ ________________________ spark_streaming. and Forecast to the Future. pp. Kraska. N. 2010.berkeley. 2. no. “Virtual Machine Provisioning Based on Analytical Performance and QoS in Cloud Computing Environments. and joins—or NoSQL queries over encrypted data. vol. O’Reilly Media. 11. 1–2. 7.ranjan..N. 2011. ________________ Selected CS articles and columns are also available for free at http:// ___ ComputingNow. Cluster.. Marz.” Proc. and visualization). Parallel Processing (ICPP 11). pp. 53. Upadhyaya. Derby. Cloud. Peteiro-Barral and B. Ranjan. Wang et al. vol. “Runtime Measurements in the Cloud: Observing.

and consume experiments that were previously not feasible. the services are run by a third party. The relatively easy access to this abundance of data means we can use it to construct. and much of it is now produced by machines instead of people. Netflix can use customer data to produce shows tailored to their audiences. Defining the Cloud When defining the cloud and big data. networking. The third trend is exploration. the second trend is instrumentation. and how quickly can you derive value from it? Although these are good technical descriptions of big data. computing. How much data is there. variety. data is driving many more decisions today than it has in the past. it’s helpful to consider both the consumer and producer perspectives. For consumers. on the other hand. Finally. we collect information about all our activities with the intent to measure and analyze them. I EEE CLO U D CO M P U T I N G P U B L I SH ED BY T H E I EEE CO M P U T ER S O CI E T Y For consumers. big data is about using large datasets from new or diverse sources to provide meaningful and actionable information about how the world works. to diagnosing disease. the cloud is about consuming hardware or software as a service (SaaS) and the various implications of this approach.com ____________ 84 thing from the data center to the storage. We collect data at each step in many of our activities. they don’t fully explain it. Related to consumption. From booking a flight. From supply chains to Fitbits. We live in a relatively new social context where people increasingly want to make data-driven decisions. there are several macro trends behind big data. but they might not be used when implementing an application as a public service. while in private clouds. For example. Consumers effectively choose the level of vertical integration for their IT. For example. In public clouds. the cloud is about the technology that goes into providing service offerings at each level. The technology required to provide an application as a service in the public cloud may differ significantly from the software product that a customer installs to run an internal service. of what types.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® WHAT’S TRENDING? Intersection of the Cloud and Big Data Defining Big Data THE TWO BIGGEST TRENDS IN THE DATA CENTER TODAY ARE CLOUD COMPUTING AND BIG DATA. diverse datasets. Producers characterize big data in terms of volume.6095/14/$31 . big data is about the technology necessary to handle these large. they can choose to own or outsource every- ELI COLLINS Cloudera eli@cloudera. virtual machines are the resource allocation units in most cloud infrastructure offerings. and software infrastructure up to the application. pricing models and data governance may change dramatically. and velocity. to finding a partner.0 0 © 2014 IEEE Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . For example. For producers. we consume data as part of the everyday activities in our personal and working lives. so I’ll start by defining terms. Industry hype has resulted in nebulous definitions for each. For producers. related to 2325. test. Just as adopting a service-oriented approach is the macro trend behind the cloud. they are owner-operated on premise. however. The first trend is consumption. This column will examine the intersection of the two.

Collins has an MS in computer science from the University of Wisconsin–Madison. Google invented this technology because indexing the Web was infeasible with existing systems. Usage-based pricing models are forcing us to rethink how we produce and consume technology. Upcoming columns will cover the development and use of converged analytics and AaaS. which itself may be running on a cloud infrastructure. and new algorithms and techniques for visualizing information enables converged analytics—performing analytics on data from many different sources. For example. This service in turn drives demand for big data technologies to store. SaaS lets us collect data that was infeasible or impossible in a world of packaged software. Future columns will examine new developments in both areas and the increasing overlap between them. Ultimately. big data is about the change in relationship between us and our data and. Selected CS articles and columns are also available for free at ____ http:// ComputingNow. recent advances in the Apache Hadoop ecosystem enable more types of workloads and more tenants to share a cluster. I look forward to exploring all these topics here. it’s driving new business models and applications. _________________ I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 85 M q M q M q MqM q THE WORLD’S NEWSSTAND® . process. the combination of big data and cloud computing is having a substantial impact on the nontechnical aspects of our lives as well. instrumentation. As this abstraction layer evolves and more projects build on it. This isn’t a new idea of course. users will be able to run more types of infrastructures on the same Hadoop cluster. The decision for enterprises is thus a familiar one: How vertically or horizontally integrated should your infrastructure be? A spectrum of valid options exists. and how people are making the cloud better through data. not just input to or a byproduct of a business process. The expansion of the cloud continues to drive both the creation of new big data technologies and big data adoption by making it easier and cheaper to access storage and computing resources. Now companies adopting Hadoop are bringing a cloud architecture into their data centers. These new techniques for data delivery and data management also enable cloud-based analytics as a service (AaaS). For example. was built on research from Google and initially deployed at Yahoo. The combination of big data. and analysis. processing. but cloud technology is already enabling more infrastructure outsourcing. ELI COLLINS is Cloudera’s chief technologist. Data is increasingly an asset. the implications of this change on cloud technology. Another area of exploration for this column will be technologies and trends that are leveraging both cloud computing and big data. Future columns will examine how people are using these trends together. Both models work in the public cloud and in onpremise systems. What were once discrete systems running on their own hardware are now effectively applications running on Hadoop. As big data infrastructures become more generic.computer. His research interests include cloud computing and data management. cloud computing. Companies can run their big data platforms on infrastructure provided as a service (IaaS) or consume the big data M AY 2 0 14 platform as a service (PaaS). and analyze these interactions and inject the value of the analysis back into the application through query and visualization. The simultaneous rise of cloud and big data technologies isn’t coincidental—they’re mutually reinforcing.org. the cloud infrastructure will add more specialized services for data storage. in the context of this column.com. There is a tension between our desire for converged analytics and cloud computing—which is about sharing more computing resources and data with increasingly diverse tenants— and our desire for better privacy controls and data protection. Apache Hadoop. sharing the same data and hardware resources. THESE ARE EXCITING TIMES FOR BOTH BIG DATA AND THE CLOUD. big data developments from cloud builders. and exploration. one of the most widely used big data technologies today. Big data enables the cloud services we consume. whether it’s outsourced to a cloud provider or an internal centralized IT department. Future columns will look at how policies and economics are being shaped by these technological advances. From security and privacy to pricing models. An application can record every interaction from millions of users. Converging Technologies So what is the relationship between big data and the cloud? Big data has its origins in the cloud.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® exploration is the concept that the data itself has value. Contact him at ____________ eli@cloudera. but in the context of consumption. Big data infrastructures also play a role in this trend.

or perhaps than even he had in mind. r identifying solutions and problems. chair of the Board of the Distributed Management Task Force (DMTF) and senior director of Architecture and Standards at VMWare. “Mapping the Current State and Future Directions of Cloud Standards. “you should standardize at the interfaces and innovate between the boundaries”1 of a system or ecosystem of products. A MEMBER OF THE DEBATE TEAM ONCE TOLD ME THAT THE BEST METHOD HE HAD FOUND SO FAR TO STOP A SUCCESSFUL ARGUMENT BY MEMBERS OF AN OPPOSING TEAM WAS TO ASK THEM TO DEFINE THEIR TERMS. A key element of a successful outcome is not only recognizing areas where standards exist or should exist.sill@standards-now. There’s a premium. isn’t the point of a useful debate not just tactics. This always struck me as obscure and unproductive advice: after all. As Marvin Waschke. there are several essential ingredients for making progress on this topic in the fast-paced modern world of cloud computing development. multitechnology approach toward implementing the identified solutions to real-world problems. Promoting Standards Innovation Taking such an approach also lets us make short 86 I EEE CLO U D CO M P U T I N G P U B L I SH ED BY T H E I EEE CO M P U T ER S O CI E T Y 2325. Sometimes the advocacy of a viewpoint can distort and filter our perceptions of prog- ALAN SILL Texas Tech University. but we find that taken together. however. we tend to get caught up in particular positioning or viewpoints. David Wallom. Collectively defining our terms is a crucial step toward fully understanding and illuminating any topic under discussion. that we can gain if instead of advocating for one particular viewpoint or camp in an argument.org __________________ ress.6095/14/$31 . Such an approach is already central to several successful open source and commercial product sets and is a key feature of the overall framework that makes cloud computing possible—that is. and r taking a broad-based. but also being fully aware of those areas in which standardization isn’t the right approach and in which latitude must be left or built in by design for multiple approaches to exist. r defining terms. but arriving at the truth of the matter? After much reflection and subsequent experience. and I discuss in our article. These ingredients can occur in a wide variety of combinations. A crucial step in pursuing this approach is defining our terms. I’ve decided that there might be more value hidden in my debate team friend’s observation than I noticed at the time. Andre Merzky. the Internet itself. cloud stacks. and computing projects. they characterize the success patterns of many current projects. Ingredients for Success In IT standards. often says (and I don’t mind quoting). we look at the general point of the standard or standards under discussion from multiple viewpoints. It can be applied to all large-scale applications.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® STANDARDS NOW Defining Our Terms WHEN I WAS IN COLLEGE. Winston Bumpus. becoming captured by a localized “team” argument such as the debate team example.” which will appear in a subsequent issue of IEEE Cloud Computing. They are: r promoting innovation.0 0 © 2014 IEEE Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . alan. This distinction bears closer scrutiny. r gathering input from multiple communities.

Not only is there room in such an approach for both standardization and innovation in standards-related topics. I hope that you will come to view this portion of the magazine as an opportunity to highlight progress and topics of interest M AY 2 0 14 to the broader community and a forum for cloud standards progress. Specifically for this column. and groups that are extending these methods. but to make the best To some degree. or notable standards body publications. use case requirements.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® work of dispatching useless arguments regarding architectural use patterns and room for creativity in design. some results of which are beginning to demonstrate noticeable deployment. Developers. in terms of both mind share and current financial performance. I’ll be editing this column from that viewpoint. as well as others that are more specific and either on the cusp of. The US National Institute of Standards and Technology (NIST) and the European Telecommunications Standards Institute (ETSI) have recently drawn up lists of cloud-computing-specific and cloud-computing-related (or relevant) standards for evaluation. but it still has the benefit of several years’ worth of ongoing progress. tried-and-true formal specifications that might in principle be applied to any particular task. see page 50). the need to interoperate among significant components can only become clear once the market coalesces around the major players. as well as news about formal standards progress and publications or calls for input on software projects. A short list of such cloud-specific standards that have made their way into multiple software products includes r Cloud Data Management Interface (CDMI) from the Storage Networking Industry Association (SNIA). Work to create cross-product or cross-project standards is noticeably less advanced. or already achieving significant uptake by portions of the cloud computing community. I’d like to hear from those studying and implementing new techniques from the viewpoint of enabling further developments. standards for commercial products. I hope to take just such an ecumenical approach in gathering and distributing news on the current state of cloud computing. possible progress. but making such room is required. when in fact they simply appropriately use the set of HTTP standards and the REST architectural design pattern to allow creativity to flourish within and between boundaries defined by HTTP interfaces. modern RESTful API design is a vindication of the standards-based approach and a real-world example of using communitydesigned standards to solve practical problems in creative ways. Advocates of Representational State Transfer (REST)/HTTP API design methods.2. I intend to use your input to draw attention to appropriate innovations in standards.3 Such lists inevitably produce a mix of well-known. and old or new in approach. highlight successes as well as instructive failures in standardization. we need to define our terms. API innovations. and create open channels for communication. With your cooperation. The need to interoperate among significant components can only become clear once the market coalesces around the major players. The world of cloud computing is moving quickly. for example (practitioners of which include me). sometimes say that such methods don’t use standards or are an antistandards alternative. Nonetheless. and further work is ongoing in several sectors to lay the groundwork for additional progress. and contributors involved in these projects and products are working hard to build components that can operate at least within their respective boundaries. Emerging Cloud Standards Even a light and cursory overview of the cloud computing ecosystem reveals that several large projects and vendor-based products have captured large segments of the market. significant cross-cutting standards have begun to emerge. Far from being antistandards in nature. as long as they contribute to producing a successful standards-based framework for innovation. It’s worth noting that both lists mentioned share some recent cloud-specific standards that are already being implemented. vendors. I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 87 M q M q M q MqM q THE WORLD’S NEWSSTAND® . I’ll leave the detailed comparison of such lists to you as the reader. These methods can be historical or modern. In this column and in articles covering the area of standards and compliance (for more information. I further hope that you’ll be persuaded to submit longer articles that expand on the topics highlighted here.

which is an infrastructure-as-a-service (IaaS) management and control specification set that has reached a published state and is also beginning to see significant work on implementations.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . More general work is also occurring. Those who have been following the NIST work on the cloud computing reference architecture.) Several standards-development organizations are continuing work on additional cloud-specific standards that I hope to draw to your attention in this column. spanning previous work of several branches of each participating organization.org) ______________ News on SDO Efforts Finally. Deepak Vij of Huawei Technologies chairs the working group. and using standards-based cloud computing products and services. which was an important forerunner and contributor to the formation of OpenStack.4 Each of these standards has already received multiple implementations in the field. please submit it for consideration. John Messina of NIST chairs this group. The group is working on a new multipart document set. SEND IN YOUR NEWS. if you can produce a coherent. please see the “Standards and Compliance” area’s introductory editorial on page 52. and r Topology and Orchestration Specification for Cloud Applications (TOSCA) from the Organization for the Advancement of Structured Information Standards (OASIS). has the ambitious goal of op88 I EEE CLO U D CO M P U T I N G erating an intercloud testbed (www. readable account of recent work in this area that you would like to call to the attention of the community. we have to start the discussion somewhere. The “joint” in this special committee name means that it’s a merged effort between these organizations.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® STANDARDS NOW r Open Cloud Computing Interface (OCCI) from the Open Grid Forum (OGF). building. includes the content of one such document (the NIST Definition of Cloud Computing7) in nearly every talk he gives. Along with the committee’s other terminology and ontology products on service-oriented architecture. It sometimes frustrates those who don’t deal frequently with these organizations to encounter such fine-grained subdivision of effort. also known as the IEEE Intercloud Working Group (ICWG. Along these lines. Such work can be valuable.CO M P U T ER . Membership in each of these groups is open to non-IEEE members. What is a “national body representative. the widely praised instigator of the NASA Nebula project. ___ in support of this work. and thus represents an organizational simplification. intercloudtestbed. Your opinions on all of these topics are welcome. ISO/IEC CD 19086. I hope you W W W. In addition. the P2302 project. also by Special Committee 38. the IEEE’s own P2301 and P2302 groups have been defined for some time and have each recently increased their levels of activity and organization. ISO/IEC 17789. (For references to these. ontology. for which Eric Simmon of NIST serves as the editor. Chris Kemp. Seungyun Lee of the Electronics and Telecommunications Research Institute of Korea (ETRI) leads the special committee working group. and metrics will want to read and comment on this output through their national body representatives. along with a summary of the types and varieties of standards-developing organizations and a review of the roles of open source projects and commercial products in vetting the output of these organizations. but this granularity is part of how standards organizations often order their internal work to make progress on the widely varying topics that they pursue. Service-Level Agreement (SLA) Framework and Terminology.) We’ll go into this topic in more detail in the next column. terminology. this work is a literal example of “defining our terms” in ways that should yield valuable long-term results. I think we’ll soon be able to add the DMTF’s Cloud Infrastructure Management Interface (CIMI). And. To this list. http://grouper.” you ask? (Apologies in advance to those of you who know this already. The P2301 group aims to develop a Guide for Cloud Portability and Interoperability Profiles (CPIP)5 as an aid to vendors and users in developing. and is intended to be compatible with the cloud Reference Architecture.ieee. such as detailed efforts to establish the ontology and terminology of cloud computing. and considers it his “favorite government document ever. let me draw your attention to work being done in the context of the International Standards Organization (ISO)/ International Electrotechnical Commission (IEC) Joint Technical Committee 1 Special Committee 38 “Distributed Application Platforms and Services (DAPS)”8 in its Working Group 3 on cloud service-level agreements (SLAs). MEANWHILE. more broadly. The document builds on the cloud computing Overview and Vocabulary produced by this committee as ISO/IEC 17788. r Open Virtualization Format (OVF) from the Distributed Management Task Force (DMTF). org/groups/2302)6 has set out to develop ___________ the Standard for Intercloud Interoperability and Federation (SIIF) and.” The NIST definition has become widely known and nearly universally adopted as a starting point in understanding the landscape of cloud computing.

Software. G. 2013.sill@standards-now. Int’l Standards Organization (ISO)/ Int’l Electrotechnical Commission (IEC). “Cloud Standards Necessary For Portability. 2014. TM Forum.org/develop/ project/2301.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® will contribute to this magazine. advancements and future trends in computer and software technologies and applications.org. and I invite you to contact me regarding any and all topics that you think are interesting or that deserve a wider audience.etsi.org/images/files/ Events/2013/2013_CSC_Delivery_ ________________________ WS/CSC-Final_report-013-CSC_ ________________________ Final_report_v1_0_PDF_format-. I can be reached at __________________ alan. ________________________ PDF. __________________ Selected CS articles and columns are also available for free at ____ http:// ComputingNow. P2302—Standard for Intercloud Interoperability and Federation (SIIF). NIST Special Publication 800-145. Topology and Orchestration Specification for Cloud Applications Version 1. www.0-os. NIST Cloud Computing Standards Roadmap. ____________ M AY 2 0 14 7.compsac.” Cloud Commons.org. nist. of Standards and Technology. industry.nist. ISO/IEC JTC 1/SC 38—Distributed Application Platforms and Services (DAPS). 2014 Vasteras. ___ 4. 2014. http://standards. 2011. www.org/tosca/TOSCA/v1. gov/publications/nistpubs/800-145/ SP800-145. and has served either directly or as liaison for the Open Grid Forum on several national and international standards roadmap committees. He also serves as vice president of standards for the Open Grid Forum and cochair of the US National Institute of Standards and Technology’s “Standards Acceleration to Jumpstart Adoption of Cloud Computing” working group. 2014. of Standards and Technology. and government to discuss research results. The NIST Definition of Cloud Computing. and other cloud standards working groups. 2012. OASIS.pdf.com/articles/-/ a________________________ sset _ publ isher/ bY1m /content / cloud-standards-necessary-for-por________________________ tability-innovation. http://docs. Hulme.org ________________ I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 89 M q M q M q MqM q THE WORLD’S NEWSSTAND® .org/develop/ project/2302. Cloud Standards Coordination Report version 1.sill@standards-now. 2013. __________ 8.. _________________ IEEE COMPSAC 2014 38th Annual IEEE International Computers.nist.html.ieee. Software and Applications Conference July 21-25. IEEE Standards Assoc. It is one of the major international forums for academia.ieee.0/ os/TOSCA-v1. http://csrc. (ETSI). Nat’l Inst.cloudcommons.gov/twiki-cloud-computing/ _______________________ bin/v iew/CloudComputing / _______________________ StandardsInventory). ________________ 5.0. oasis-open. ____________ 2.html. IEEE Standards Assoc. Sill has a PhD in particle physics from American University.computer. For purposes of this column. 23 Apr. Register today! www. The theme of the 38th COMPSAC conference is The Integration of Heterogeneous and Mobile Services in Smart Environments. Contact him at alan. and Applications. 2013. standard catalogue. IEEE.pdf (see also _________ http://collabo_______ rate. _____________ 3. http://standards. Sweden COMPSAC is the IEEE Signature Conference on Computers.iso. ____ www.htm?commid=601355. ___________________ ALAN SILL is an adjunct professor of physics and senior scientist at the High Performance Computing Center and directs the US National Science Foundation Center for Cloud and Autonomic Computing at Texas Tech University. References 1. Innovation. www.gov/itl/cloud/upload/NIST_SP500-291_Version-2_2013_June18_ ________________________ FINAL. European Telecomm.org. Standards Inst.0. NIST Special Publication 500-291 version 2. P2301—Guide for Cloud Portability and Interoperability Profiles (CPIP).html ____________ 6.. He’s an active member of the Distributed Management Task Force. Nat’l Inst.org/iso/home/ store/catalogue_tc/catalogue_tc_ _______________________ browse.

and more recently. At that time. But interestingly. the Web. Today’s tidbit is VoltDB. in this goaround. Also in the last 25 years. text management.6095/14/$31 . Storage volumes have increased enormously. each data item has a row of attributes. and has a loosely coupled scale-out capability perfectly matched to cloud computing platforms. The IBM Information Management System (IMS). Stonebraker declared that he has thrown “all previous database architecture out the window” and “started over with a complete rewrite. one of the first production databases. and vendors imagined operators inputting queries through an interactive terminal prompt. Relational databases displaced hierarchical databases because the ability to add new relations made it possible to add new. processors became thousands of times faster and memories grew to be thousands of times larger. Vertica. and the database-powered IT marketplace was born. business data processing was the only DBMS market.and table-oriented NoSQL systems. multithreading to hide latency. Wait a minute! That doesn’t sound possible. In this model. as compared to the “NoSQL” compromises detailed above. and log-based recovery. including data warehousing. Moreover. Things Have Changed DAVID BERNSTEIN Cloud Strategy Partners.” called NewSQL. cloud computing has 2325. Illustra. What we have is nothing short of a whole class of SQL. This “total rearchitecture. locking-based concurrency control mechanisms. valuable information. Early Databases The first databases used hierarchical data models in which all data was organized in a tree-like structure. Tables can be related to other tables using a key mechanism. The hierarchical data model lost traction as the relational model became the de facto standard used by virtually all mainstream DBMSs. Implementations of relational databases trace their roots to the original RDBMS designs (IBM System R and follow-ons) of the 1970s. Streambase. This system caught my eye for several reasons. That’s precisely why I thought it made for a perfect tidbit.0 0 © 2014 IEEE Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . the database pioneer best known for Ingres. Key architectural features of the original DBMSs were disk-oriented storage and indexing structures. so the database displays a fundamentally tabular organization.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® CLOUD TIDBITS Today’s Tidbit: VoltDB WELCOME TO CLOUD TIDBITS! In each issue. It sounds too good to be true. This structure is simple but inflexible because it’s confined to a one-to-many relationship. several other markets have evolved. VoltDB claims a 50 to 100x speed improvement over other relational database management systems (RDBMSs) and NoSQL systems.com ______________________ 90 I EEE CLO U D CO M P U T I N G P U B L I SH ED BY T H E I EEE CO M P U T ER S O CI E T Y In the past 25 years. Through the use of scale-out techniques. supports 100 percent in memory op- eration. These markets have very different requirements from business data processing. First. The main user interface device then was the dumb terminal. I’ll be looking at a different “tidbit” of technology that I consider unique or eye-catching and of particular interest to IEEE Cloud Computing readers. it’s the latest database designed by Michael Stonebraker. PostgreSQL. a new cloud database.”1 What’s resulted is something totally different from every other database—including all the column. SQL offered a way to program relational queries. and stream processing. The relational database uses a data model much more aligned with real-world business models. david@cloudstrategypartners. used this model. supports SQL and stored procedures.

a transaction must set a lock on it in the lock table. the log must be forced to disk to guarantee transaction durability. NewSQLs. Why Not Start Over? In 2005. implementing a data partitioning or “sharding” scheme (that is. Traditional DBMSs have five sources of processing overhead: r Index management: B-tree. r Write-ahead logging: Traditional databases write everything twice: once to the database and once to the log. shared-memory machines). r Buffer management:  Data in traditional systems is stored on  fixed-size disk pages. Carnegie Mellon University. today’s RDBMSs are expensive and difficult to scale. there have been extensions over the years.  Again. Scaling a DBMS typically involves migrating from an inexpensive commodity server to an expensive symmetric multiprocessing (SMP) server. Introducing VoltDB VoltDB was formed to commercialize the NewSQL technology. in 2007. However. Of course. this is done with shortduration latches. Such systems can scale out horizontally across multiple machines to improve throughput. As a result. including support for compression. He assembled a group of researchers from Brown University. published the paper “The End of an Architectural Era (It’s Time for a Complete Rewrite). records  must be located on pages and the field boundaries identified. shared-disk architectures. r Locking: Before touching a record. A buffer pool manages which set of disk  pages is cached in memory at any given time. manually dividing the database into many smaller databases running on different servers and modifying the application code to coordinate data access across the partitions). making them essentially infinite. This is an overhead-intensive operation. General-purpose relational database management system (RDBMS) processing profile. Moreover. thereby forfeiting transactional consistency and the ability to use SQL. no RDBMS has had a complete redesign since the technology’s inception. claiming that the H-Store was the first implementation of a new class of parallel database management systems. redesigning the database (and corresponding application data access logic). bitmap indexes. resource tables. the typical RDBMS engine only spends 12 percent of its time doing useful work (see Figure 1). multiprocessor. the lock table. LogM AY 2 0 14 20% 18% 10% 11% 12% 29% Index management Logging Locking Latching Buffer management Useful work Figure 1. which are another considerable source of overhead. and Yale University. And yet. therefore. but without giving up support for SQL and the transactional guarantees of a traditional DBMS. Used with permission. Stonebraker and his team addressed all these issues. and user-defined data types and operators. Moreover. systems that use DBMSs rarely run interactive transactions or present users with direct SQL interfaces. and other indexing schemes require significant CPU and I/O. the Massachusetts Institute of Technology. (© 2014 VoltDB. an expensive operation. all the major commercial DBMSs are still built around the original System R architectural features.”1 According to the Stonebraker team.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® extended these resources.) ging is. hash. Finally. r Latching: Updates to shared data structures (B-trees. and so on) must be done carefully in a multithreaded environment. and then implementing a key-value (KV) store. which must be scaled up (for example. that provide the high throughput and high availability of NoSQL systems. Stonebraker noted this lack of technological evolution and predicted the end of one size fits all as a commercial RDBMS paradigm. these operations are overhead-intensive. The H-Store project found an open I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 91 M q M q M q MqM q THE WORLD’S NEWSSTAND® . unlike all other SQL DBMSs. They worked together on a “new way to implement a relational database” called H-Store and. Typically.

r Each single-threaded partition operates autonomously. eliminating the need for buffer management. therefore. Unique Place in the CAP Theorem According to theoretical computing’s CAP theorem (also known as Brewer’s 92 I EEE CLO U D CO M P U T I N G theorem). they won’t work well on a loosely coupled/distributed system (such as a cloud). BerkeleyDB. M. distributed systems. cofounder of the IEEE Cloud Computing Initiative. eliminating the need for locking and latching. AP examples include Dynamo. Stonebraker et al. and Riak. my friends. and locking). And there are plenty of them. eliminate some of this overhead—and SQL and data integrity along with it (delivering eventual consistency). and SQL Server. as well as distributed SQL processors such as Aster Data and Greenplum. r Partition tolerance. His research interests include cloud computing. In-memory systems can safely operate without buffer management and often without logging (at the expense of durability). 2007. and originator and chief architect of the IEEE Intercloud Testbed Project. CouchDB. Voldemort. some databases. I hope you enjoyed it! Reference 1. which ensures that all nodes in the system see the same data simultaneously. all these systems use a KV. MongoDB. a unique place in the cloud.computer. functionality that would normally be executed by the database must be implemented in the application layer. and converged communications. or document-oriented data model. However.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® CLOUD TIDBITS source home in VoltDB. Very Large Databases (VLDB). DB2. Cassandra. the maximum performance improvement is roughly double. but not partition tolerance). such as NoSQL KV stores. we find all kinds of clever systems.” Proc. To achieve VoltDB’s 50x speedup. latching. Examples are MySQL. MemcacheDB.  Bernstein was a  University  of California Regents Scholar with highest honors BS degrees in  both mathematics and physics. VoltDB isn’t the first attempt to overcome the performance and scalability limitations of traditional databases. Oracle. Hbase.com.CO M P U T ER . “The End of an Architectural Era (It’s Time for a Complete Rewrite). Hypertable. Two alternatives to VoltDB are running conventional databases in memory and using a NoSQL KV store. completing its implementation: r Data and the associated processing are partitioned together and distributed across the CPU cores (virtual nodes) in a shared-nothing hardware cluster. with partition tolerance). founding chair of the IEEE P2302 Working Group. It has a truly unique place in the CAP theorem and. and you really want to use SQL—VoltDB gives you a new tool. you need scale-out capability to handle it. But we already knew that. partitiontolerant DBMS I’ve ever seen. a distributed system cannot satisfy the following guarantees at the same time: r Consistency. KAI. they offer both consistency and availability. pp. and none support SQL. _________________ W W W. which ensures that the system returns a response for every request indicating whether or not it was successful. Tokyo Cabinet. CP examples include BigTable. SimpleDB.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . A CLOUD-FRIENDLY SCALE-OUT ARCHITECTURE RDBMS? We thought that was impossible. Unfortunately. These architectures therefore have no partition tolerance. r Data is automatically replicated for intracluster and intercluster high availability. even with these systems removed. DAVID BERNSTEIN is the managing director of Cloud Strategy Partners. Selected CS articles and columns are also available for free at ____ http:// ComputingNow. column-oriented/tabular. When you wish you could use SQL on a problem where data is piling into the cloud. Postgres. Terastore. because KV stores don’t execute SQL. r Availability. This notably unique piece of technology should make a lot of developers’ lives a lot easier. 1150–1160. Unique Place in Cloud Computing Databases that will work well with cloud computing must have partition tolerance. r Data is held in memory for maximum throughput. logging. And this. the “cloud/big data” area has no shortage of innovations! If we look at the “AP” and “CP” categories (that is. However. DBMSs that use a relational model (and support SQL) fall into the “CA” category (that is. Slarais.. VoltDB is a CP solution. To deliver better performance on scale-out hardware. making it the only relational model.org. None use a relational data model. for example. and Redis. which ensures that the system will continue to operate in the event of arbitrary message loss or partial system failure. buffer management. all legacy online transaction processing (OLTP) time syncs must be removed (that is. qualified it to be this column’s Cloud Tidbit. Contact him at _____ david@ cloudstrategypartners.

Security and Privacy. Java. and courses. among others Join or renew today at www. Project Management. Computer Engineering.org/membership Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . including Computer and other resources to enhance your knowledge : FREE ONLINE BOOKS from Safari Books Online—a library of 600 tech and business books from top publishers such as O’Reilly Media. as well as the ability to participate in conferences. Oracle. all helped me develop in my field. covering topics related to Cisco. “IEEE Computer Society membership has helped me advance at each stage of my career. or Information and Communication Technologies : FREE AND DISCOUNTED PROFESSIONAL TRAINING AND PUBLICATIONS. Your Technical Excellence.” Cecilia Metra Associate Professor in Electronics. By staying on top of the leading-edge trends and networking with the top people in computing. digital library. The publications. Addison-Wesley. its magazines and journals were a great source of career-helping information. University of Bologna Computer Society membership offers you a host of ways to stay up-to-date with the technology in your field—as well as learn new foundational and management skills which can advance your career opportunities: : YOUR CHOICE OF FOCUS AREA and digital magazine—choose from Software and Systems.computer. IT Security. Leadership. When I was first starting in my field. the Profession. MS Office 2010.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® The Community for Technology Leaders Membership Matters to Your Career. and more : FREE ONLINE COURSES organized into 16 Knowledge Centers with hundreds of online courses and career resources from Skillsoft. Cisco Press. and the World. I became more established in my career.

Due to the virtual. I present here a general overview of some of these legal issues. social.8–10 Conventional forensic tools often focus on physically accessing the media that stores the target data. This includes data not held at the premises.11. so. public policy. To inaugurate this column.15 As Australia’s Chief Defence Scientist Alexander Zelinsky noted. recent. and data storage is critical for a criminal syndicate’s operation.0 0 © 2014 IEEE Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . dynamic. privacy. such as during a search and seizure process.14 The technical and legal uncertainties surrounding these questions are. too. why traditional boundaries are now blurred. and emerging). For example.7 This is particularly true in sophisticated and organized crime.13. However. As cloud computing use grows throughout society. and borderless nature of cloud computing services. it is often impossible or infeasible to access the physical media and. Crimes involving cloud computing use typically involve an accumulation or retention of data on a digital device (such as a mobile phone) that must be identified. regulatory. It requires a deep understanding of the underlying technical. but the provisions might not be available in other countries. preserved.6095/14/$31 . does its use by criminals. legal.12 As Darren Quick and I pointed out. where ongoing secure communication. dissemination. forensic investigators would have to rely on the cloud service provider to locate where the evidential data resides in the cloud.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® CLOUD AND THE LAW Legal Issues in the Cloud ENSURING A SECURE CLOUD SYSTEM (AND ECOSYSTEM) IS A HIGHLY SPECIALIZED AND INTERDISCIPLINARY FIELD.org ______________________ 94 I EEE CLO U D CO M P U T I N G P U B L I SH ED BY T H E I EEE CO M P U T ER S O CI E T Y enforcement and regulatory agencies—as well as other key stakeholders in both public and private sectors.1. analyzed. such as data accessible from a computer or data storage device used to access cloud services. Government and law enforcement investigators face difficulty in accessing the physical hardware to locate evidential data.7.10 not all countries have legal provisions that allow data to be secured when a warrant is served. Section 3L of Australia’s Crimes Act 1914 (a Commonwealth legislation) allows the officer executing a search and seizure warrant to access data.16 2325. emerging technologies such as cloud computing entail various challenges and implications for governments—particularly law KIM-KWANG RAYMOND CHOO University of South Australia raymond. However.choo@fulbrightmail. as well as intimate knowledge of temporal trends (historical. as well as by businesses in civil litigation. Such provisions are designed to overcome the efforts of accused people to conceal data through the use of passwords or encryption. Although security.10 Data fragmentation and distribution across numerous international datacenters also presents technical and jurisdictional challenges in identifying and seizing (the fragile and elusive) evidential data by government agencies in criminal investigations. public policy. perhaps. and presented in a court of law—a process known as digital forensics. government and law enforcement investigations into malicious cyber activities will require cooperation between government agencies from multiple countries. in a cloud computing environment. including in cloud services. in many cases. and legal and law enforcement aspects. and forensic challenges associated with cloud computing have attracted academic attention—particularly the issues relating to data sovereignty and confidentiality and to the inadequacy of our existing legislative and regulatory frameworks to protect data from prying eyes1–6 —research on the topic is still in its infancy.

overseas cloud service providers may not be legally obliged to notify the clients (owners of the data) about such requests. particular types of transactional data as these data may be subject to the laws of the jurisdiction in which the physical machine is located … r data protection. such as r the legislative trends across countries and the interplay between different legal areas (such as privacy.and legal-oriented submissions related to cloud issues such as r cloud computing strategies. [F]oreign intelligence services and industrial spies may not disrupt the normal functioning of an information system as they are mainly interested in obtaining information relevant to vital national or corporate interests. Cloud service providers may be compelled to scan or search data of interest to “national security” and to report on. and national security legislations) and the cloud computing strategies in those countries. Examples might include a comparative analysis. and r the legal implications for cloud service providers and users if the data is breached or users suffer an economic loss resulting from the provider’s negligent act. survey. Therefore. They do so through clandestine entry into computer M AY 2 0 14 systems and networks as part of their information-gathering activities. r forensics. r extraterritorial jurisdiction (in theory and practice). To help advance the state of the art in this research area and to address emerging cloud-related risks. policy. r data governance. existing digital forensic techniques are designed to collect evidential data from typical digital devices. r security. and r visualizations. We also welcome high-quality position. but it’s important to maintain persistent pressure on threat actors to safeguard cloud security and a secure cloud ecosystem.17–19 As I noted in a 2010 article. partly in response to defensive actions or crime displacement. r data sovereignty. national data sovereignty. survey.1 IT MIGHT BE IMPOSSIBLE TO COMPLETELY ERADICATE ILLEGAL AND MALICIOUS CYBER ACTIVITIES. partly in response to defensive actions or crime displacement. Although a legitimate need exists for cooperation between cloud service providers and government and law enforcement agencies. r surveillance. In contrast. For example. and review papers from computer science and interdisciplinary scholars. r information assurance. in which advanced security features and antiforensic techniques are rarely fully exploited. this column is actively seeking highquality technical-. r incident response and management. r service-level agreements (SLAs). r provenance. the digital forensics “space” can be seen as a race to keep up with r hardware and software/application releases. and r software and hardware modifications made by end users—particularly sophisticated and organized criminals—to complicate or prevent digital evidence collection and analysis. telecommunication interception. sophisticated and organized criminals often use secure services and devices specifically designed to evade legal interception and forensic collection attempts. or monitor. I EEE CLO U D CO M P U T I N G Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page 95 M q M q M q MqM q THE WORLD’S NEWSSTAND® . such as those released by cloud service providers. r public–private partnership. r privacy. business-.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® Cloud security threats and vulnerability windows evolve over time. r risk management. there are also legitimate concerns about cloud service providers being compelled to hand over user data that reside in the cloud to government agencies without the user’s knowledge or consent due to territorial jurisdiction by a foreign government. Cloud security threats and vulnerability windows evolve over time. and review of legal and privacy issues.

Quick and K. pp. Conf. 2013.cnrs. Quick and K. 71–80. “Digital Droplets: Microsoft SkyDrive Forensic Data Remnants.R.” Trends & Issues in Crime and Criminal Justice. 2009) and Cloud Storage Forensics. 2.R. no. Maxwell and C.” to be published in Security J.S.-K. pp.” 24 Jan. “Forensic Collection of Cloud Storage Data: Does the Act of Collection Result in Changes to the Data or its Metadata?” Digital Investigation. vol. no. Choo. “Conflict of Laws and the Cloud.R. “Government Cloud Computing and National Data Sovereignty. vol. His honors include a 2009 Fulbright Scholarship. 28. Jones and K. “Should There Be a New Body of Law for Cyber Space?.choo@fulbrightmail. ______________ 18. 58–65. 1.-K. 10. 10.-K.doi. no. 6. 1999. 3. R. Choo. pp. 2013. “Liberty and Security in a Changing World. 9.” to be published in Proc. www. Choo. no. K.. 2012. www.pdf. and the British Computer Society’s Wilkes Award. Martini and K. with Darren Quick and Ben Martini (Elsevier.L. McKemmish. vol.info. B. 2013. 1–6. Ryan and S. Quick and K.” Computer Law & Security Rev. “What is Forensic Computing?” Trends and Issues in Crime and Criminal Justice. 2013. B. vol.R. Falvey. no.org/10. Choo has a PhD in information security from Queensland University of Technology. “IT Standards and Guides Do Not Ad- Our goal with this column is to help mitigate emerging and evolving cloud security threats and facilitate informed decisions about cloud security and privacy. D.-K. the 2010 Australian Capital Territory Pearcey Award.fr/CIL/IMG/ pdf/Hogan_Lovells_White_Paper_ ________________________ Government_ Access_to_Cloud_ ________________________ Data_Paper_1_.org. K. ____ http:// dx. vol. Martini and K. 2012. Contact him at ____________________ raymond.-K. Choo. 2014. 29. pp. 118. “An Integrated Conceptual Digital Forensic Framework for Cloud Computing. 2013.R. 9. Choo.. A. D. no. ____________ 5. 29.cil. 2014.O RG /CLO U D CO M P U T I N G _________________________ Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . 15. 16. 10. _____________ KIM-KWANG RAYMOND CHOO is a senior lecturer in the School of Information Technology and Mathematical Science at the University of South Australia. W W W. and K. 400. 29. 2. pp.” Computer Law & Security Review.-K.” Computer Law & Security Review.R. 5. Wolf. Quick. 2012. Choo. 264–273. Cloud Computing Industry?” Information Technology and Innovation Foundation. 152–163. Gray. “How Much Will PRISM Cost the U. 3-4. W. 11.1057/sj. no.” 12 Dec. 287–299. D. Butler and K.R. 3. 3.” white paper. Martini. 2014.R. 12. Martini.-K. pp. Syngress/Elsevier. 2013. Choo. Cloud Storage Forensics. References 1. no. Clarke et al. B. 1–6.gov/ sites/default/files/docs/2013-12-12_ _______________________ rg_final_report. Australia. and his books include Secure Key Establishment (Advances in Information Security) (Springer. 2010. 40–71. D. pp. the 2010 Consensus IT Professional Award. 7.” Computer Law & Security Review. 4. 10. as well as keep pace with society’s needs and preferences in these areas. 96 I EEE CLO U D CO M P U T I N G equately Prepare IT Practitioners to Appear as Expert Witnesses: An Australian Perspective. 22nd Euro. 29. Choo. B. 513–521. pp. R. 4.-K. “Cloud Storage Forensics: ownCloud as a Case Study. 2014. pp.-K.” Future Generation Computer Systems. D. K. B. “Cloud Computing and Its Implications for Cybercrime Investigations in Australia.A. 2013.R. 1378–1394. “Trust in the Clouds. 2013). pp. P.CO M P U T ER .” Policy & Internet. 266–277. 2012. 2013.pdf. “An Open Letter from US Researchers in Cryptography and Information Security. C. 3–18.2013.. “Singapore’s Personal Data Protection Legislation: Business Perspectives. 8. pp. Choo. no. vol. His research interests include cyber and information security and digital forensics. and K. no. vol. 17. Ter. 1.-K. a 2008 Australia Day Achievement Medallion.” Digital Investigation. 19. 13. 6. no.R.” Digital Investigation.2. vol. “Cloud Computing: Challenges and Future Directions. Information Systems (ECIS 2014).whitehouse. vol.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® CLOUD AND THE LAW Our goal with this column is to help mitigate emerging and evolving cloud security threats and facilitate informed decisions about cloud security and privacy. Castro. 4. Irion. 2013. 2. We welcome your contributions to this end. Choo. no. Hooper. “A Global Reality: Governmental Access to Data in the Cloud. 14. vol. D. “Dropbox Analysis: Data Remnants on User Machines.29. pp.” Digital Investigation. http:// ____ masssurveillance.

org/cloudcomputing Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . and minimizing casualties.edu. New cloud-based techniques are needed that can extract meaningful information from large-scaled data in real time.a _________ www. The management of evacuation activities. with a maximum of 15 references.com/ ccm-cs.usyd. raj. Sydney University. USA.khan@ndsu.com t Albert Zomaya. but only some 100. _______________ samee.computer. floods. contact the guest editors: t Rajiv Ranjan. including on-site sensors. beginning shortly after the onset of emergency events. text messaging via mobile phones and Twitter made headlines as being crucial for disaster response. big data. Australia. CSIRO. CUT. such as guiding people out of dangerous areas and coordinating rescue teams. Design and development of evacuation systems for emergency management requires a complete information and communication technology (ICT) paradigm shift so that systems do not get overwhelmed by incoming data volume. Well-coordinated emergency management activities that involve guiding citizens out of danger areas.000 messages were actually processed by government agencies because of the lack of an automated and scalable data processing infrastructure. data sources. and data types. _____________ joanna. Submit your papers through Manuscript Central at https://mc. Submission Guidelines Submissions will be subject to IEEE Cloud Computing magazine’s peer-review process.au ____________ t Samee Khan.manuscriptcentral. However. which ultimately results in the creation of a tsunami of data. Australia.kolodziej68@ gmail. social media. and original. placing medical team in the most appropriate locations. NDSU. protecting critical infrastructures. All accepted articles will be edited according to the IEEE Computer Society style guide. and planning evacuation routes before and after a disaster. and messaging on mobile devices.000 words.edu t Joanna Kolodziej. such as tsunamis. and mobile devices means there are more sources of outbound traffic. zomaya@ ______ it. while avoiding unnecessary data transmission or storage. and should be understandable to a broad audience of people interested in cloud computing. _____ For more information. The writing style should be down to earth. and epidemics pose a significant threat to human societies. practical. play a significant role in saving lives. Future initiatives should focus on developing cloud-based techniques to improve the performance of multiple datastream processing systems while balancing computational complexity and quality of service. During the 2010 Haiti earthquake. This data tsunami phenomenon presents a new grand challenge in computing. This special issue aims to solicit both original research and tutorial articles that discuss cloud computing strategies to enable safer and more effective emergency response. depends on the availability of historical data as well as on the effective real-time integration and utilization of data streaming from multiple sources. Articles should be at most 6. the growing ubiquity of on-site sensors. data rate.ranjan@csiro. and related application areas. earthquakes. social media feeds. Poland.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® Call for Papers Special Issue on Cloudbased Smart Evacuation Systems for Emergency Management For IEEE Cloud Computing’s Nov/Dec 2014 issue Submission Deadline: 20 August 2014 N atural and man-made emergencies.

Cyber Security Strategist– Federal GARY MCGRAW Cigital. of Homeland Security. TX REGISTER NOW PEDER JUNGCK BAE. you will learn: & Effective strategies for securing business operations & New and innovative approaches to responding to today’s security threats & How government agencies are balancing cybersecurity threats and privacy & Big data’s implications for security analytics & Implications of the cybersecurity skills shortage on the ability to respond to attacks BRETT WAHLIN HP. Senior Director– Global Information Security Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® . CTO PETER FONASH Dept. Vice President and CTO Early pricing now available: $299 (Full price: $399) IEEE Computer Society Member: $229 (Full price: $329) Special discounts available for teams of 3 or more. & How to implement a secure enterprise architecture computer. Vice President and CISO 24 SEPTEMBER 2014 Brazos Hall Austin. CTO At the Rock Stars of Cybersecurity conference. well-respected cybersecurity authorities from leading companies will deliver case studies and actionable advice that you can immediately put to use.org/cyber-security SARATH GEETHAKUMAR VISA. At the Rock Stars of Cybersecurity conference.Previous Page | Contents | Zoom in | Zoom out | Front Cover | Search Issue | Next Page M q M q M q MqM q THE WORLD’S NEWSSTAND® F O S R A T S K C RO R E B Y C Y T I R U C E S PETER ALLOR IBM.