This action might not be possible to undo. Are you sure you want to continue?
A White paper on “Cloud Computing”
Prof. Prithwis Mukherjee
In partial fulfillment of the requirements of the course Business Information System On 7/11/2010 By Nabeela Khaled (B10011)
Cloud Computing Abstract: If you need milk would you buy a cow? No, you would only be interested in the milk right…well cloud computing offers this type of service. Resource sharing in a pure plug and play model which dramatically simplifies infrastructure planning is the „promise‟ of cloud computing. The two key benefits of this model are its cost effectiveness and speed along with agility. Though there remains the question of security and privacy, the benefits of the model are many. The paper aims to explore the basics of cloud computing, it‟s present status and its impact on the future of IT. What is cloud computing? Cloud Computing is one of the latest computer and business industry buzzwords. It joins the rank of virtualization, grid computing and clustering among others in the IT industry. Cloud computing is a computing paradigm where a large pool of systems are connected in private or public networks to provide dynamically scalable infrastructure for application data and file storage. It allows individuals and enterprises to use applications without installation and access their personal information through any personal computer with internet connection. A simple example of cloud computing would be Yahoo or Gmail. The consumer simply needs an internet connection to access his mails. The server and email management software is all on the internet (cloud) which is totally managed by Yahoo or Gmail etc. The consumer gets to use the software and enjoy the benefits. Characteristics of Cloud Computing: The cloud computing model distinguishes itself from other computing paradigms like grid computing, utility computing and internet computing in the following aspects: User centric Interface: Cloud computing is accessed with simple and pervasive methods. Users obtain and employ computing platforms in computing clouds as easily they access a traditional public utility. In detail the cloud computing model enjoys the following aspects: The cloud computing model does not force users to change their working habits and environment. The cloud client software which is to be required to be installed is lightweight. Cloud interfaces are location independent and they can be accessed by some well established interfaces like web services framework and internet browser. On demand service Provisioning: Cloud Computing provide resources and services for users on demand. Users can customize and personalize their computing platforms at their will. Autonomous system: The cloud computing model is an autonomous system. Hardware, software and services within the cloud can be reconfigured, redesigned and consolidated to present a single platform which is finally rendered to the user. Scalability and flexibility: These two are the most important aspects that are driving the emergence of cloud computing. Cloud computing services can spread across many concerns including geographical locations, hardware performance and software configurations. The
computing platforms are flexible enough to adapt to various requirements to a potentially large number of users.
Enabling technologies behind Cloud Computing A number of enabling technology contribute to the emergence of cloud computing. Several techniques are identified here: Virtualization Technology: Virtualization technologies partition hardware and thus provide flexible and scalable computing platforms. Virtual machine techniques, such as VMware and Xen offer virtualized IT-infrastructures on demand. Virtual network advances, such as VPN, support users with a customized network environment to access Cloud resources. Virtualization techniques are the basis of cloud computing since they render flexible and scalable hardware services. Orchestration of service and work flow: Computing clouds offer a complete set of service templates on demand, which could be composed by services inside the computing cloud. Computing clouds should therefore be able to automatically orchestrate services from different sources and of different types to form a service flow or workflow transparently and dynamically for users. Web services and service oriented Architecture: Cloud computing services are normally exposed as Web services, which follow the industry standards. The services organization and orchestration inside clouds could be managed in a Service Oriented Architecture (SOA). A set of cloud services furthermore could be used in a SOA application environment, thus making them available on various distributed platforms and could be further accessed across the Internet. Web 2.0: Web 2.0 is the technology describing the innovative trends of using World Wide Web and Web Design that aims to enhance creativity, information sharing, collaboration and functionality of the Web. The essential idea behind Web 2.0 is to improve the interconnectivity and interactivity of Web applications. The new paradigm to develop and access Web applications enables the users to access the Web more easily and efficiently. Clouds computing in nature are Web applications which render desirable computing services on demand. It is thus a natural technique evolution that Cloud Computing adopts the Web 2.0 technique. Based on the services the model can provide it can be divided into three categories: Software as a service (SaaS): In this model an application is offered to the consumer as a service on demand. A single instance of the software is uploaded on the cloud and multiple end consumers can licenses and from the provider‟s end his costs are lowered since only a single application needs to be hosted and maintained by him. Today Saas is offered by companies like Zoho, Google and Microsoft. Platform as a service (Paas): Here a layer of software is presented to the consumer or a developmental service is offered to the consumer as a service upon which higher levels of service can be built. The consumer has the freedom to develop his own applications which run on the provider‟s infrastructure. Example of PaaS would include Google‟s Engine and Windows Azure by Microsoft. Infrastructure as a Service (IaaS): This service provides basic storage and computing facilities as standardized services. Servers, Storage systems networking equipment are made available to handle 3Tera.
Based on the people using this model the model can be classified into three major types of clouds: Public Clouds (external cloud): A public cloud is where the resources such as storage and applications can be used by a mix of users from different locations. The applications can be accessed via a web application or a web service over the internet. The service is typically low cost or pays on demand mode. The public clouds are maintained by third party users. Some of the major players include Amazon Elastic Compute Cloud (EC2), IBM Blue Cloud, Sun Cloud, Google App Engine and Amazon Web Services.* Private Cloud (internal cloud): A private cloud is meant exclusively for a single enterprise. It is accessed by a limited number of users. The private cloud has all the benefits of public cloud just that it is hosted within the firewall of the company. It aims to provide enhanced data security and offer greater control which lacks in a public cloud. The future of IT is in Private clouds Hybrid Cloud: This model combines both Public model and the private model. The service providers can rd utilize a 3 party service in a full or partial manner thus increasing the flexibility of computing. It is able to provide on demand service on an extremely provisioned scale. The ability to combine the positive aspects of both public and private cloud can be used to manage any unexpected surges in workload. Current players in this area Cloud computing has been evolving ever since its invention. The current players in this field include the big IT players. They are: 1) Microsoft: This IT company is one of the major players of Cloud computing. It has launched Azure based on the cloud computing model. Azure: Azure is not of product of Microsoft per say rather it includes a variety of services that form a platform. The services that have been announced so far are: Windows Azure is a service that allows the user to deploy code on Microsoft‟s servers. This code has access to local storage resource. SQL Azure: With the use of this server, the user can out up his database on the cloud. Even though it uses T-SQL like SQL server, it is not a full SQL Server instance since not all built in applications of SQL server are available. It can integrate with SQL server, though. Azure AppFabric: It serves as a gateway and a router between the user‟s LAN and the items on the Azure Platform. It deals with authentication and security. “Dallas”: It is a market place to buy and sell access to services running on Window‟s Azure Platform. The Azure platform would be an ideal choice for batch processing where it can be put under a heavy load and then scaled down. But before considering to use Azure, the user must be certain that his is architecture is in sync with cloud model and that means things like security, latency, etc. And anything mission critical that must operate if external connectivity is down is strictly a nono. 2) Amazon Elastic Cloud Compute Cloud (EC2): This is a web service that provides resizable compute capacity to the user. It has been designed to make web scale computing easier for the user. It allows the user to use web service interfaces to launch instances with a variety of
operating systems, customize it as per the user and manage the networks‟ access permission as per the user. To use Amazon‟s EC2, the following steps should be followed: Selection of a pre configured template image to start immediately or creation of an Amazon Machine Image (AMI) containing the user‟s applications, libraries, data and associated configuration. Configuration of the network and security access of the user‟s Amazon EC2 instance. Choice of the instance type(s), operating system, software and the decision to start, terminate and monitor as many instances of the user‟s AMI. Determination of whether to run the instances in multiple locations, utilization of static endpoints or attachment of persistent block storage to the instances. Payment for the resources that the user actually consumes, like instance-hours and data transfer.
Features of Amazon EC2 Amazon’s Elastic Block Store: It offers persistent storage for Amazon EC2 instances. Amazon EC2 volumes are highly available; highly reliable that can be leveraged as an Amazon EC2 instance‟s boot partition or attached to a running Amazon EC2 instance as a standard block device. Multiple locations: It provides the ability to place instances in multiple locations. Amazon EC2 locations are composed of regional and availability zones. Availability zones are distinct locations that are designed in a manner such that they are insulated from other failures in other availability regions. By launching the same instance in several Availability zones the user can protect users‟ application from failure of a single location. Elastic IP address: These are static IP addresses designed for dynamic cloud computing. An elastic IP address is not attached to the instance but rather to the users‟ accounts. This allows the user to control his address until he explicitly chooses to release it Amazon Cloud Watch: It is a web service that provides monitoring for Amazon‟s cloud resources starting with Amazon‟s EC2. It provides the user with visibility into resource utilization, operational performance and overall demand patterns. Auto Scaling: This feature automatically allows the user to scale the Amazon‟s EC2 capacity to scale up or down according to the conditions defined by the user. It allows the user to seamlessly scale up the instances during demand spikes to maintain performance and scale down automatically during demand lulls to minimize costs. Amazon EC2 changes the economies of computing by allowing the user to pay for only what he uses. It has enabled the Amazon EC2 users to build resilient applications and isolating them from common failure scenarios. 3) Zoho: It is yet another application that runs on cloud computing. They provide several products in categories like Productivity, Collaboration and Business Applications. Their applications include Office Suite, CRM, Creator, Mail, projects etc. Zoho has both free and paid versions. In Zoho, the products are based in software-as-a-Service model. All the applications of Zoho are US-EU Safe Harbor certified.
4) Salesforce.com: This is an enterprise cloud computing company headquartered in San Francisco, USA that distributes business software on a subscription basis. It is best known for its Customer Relationship Management (CRM). Salesforce‟s CRM solution is broken down into several broad categories which are as follows: The sales Cloud: This application which runs on the cloud allowing the user to access it from anywhere. It includes a real time collaborative tool called the Chatter which provides sales representatives with a complete profile and account history therefore allowing the user to manage marketing campaign spending and planning across a variety of channels from a single application and tracking all opportunity related data including milestones, decision makers , customer communications and any other information unique to the company‟s sales process. The Service Cloud: This application provides companies with a call-center like view that enables companies to create and track cases coming in from every channel and automatically route and escalate what‟s important. The CRM powered customer portals enable the customers the customers to track their own cases 24 hours a day. It also allows the user to join in the conversation about their company on social networking sites, provides analytical tools and other services including email services, chatting tools and visibility to customers‟ entitlement and service level agreements (SLA) to ensure that the customer gets the best service possible. Force.com platform: The Company‟s Platform-as-a service product is known as the Force.com Platform. It allows the user to build applications fast and in a very simple manner. It includes a database, security, workflow, user interface and other tools that guide the user in the process of building powerful business applications, mobile applications and websites. Around 82,400 companies use Salesforce to run their business efficiently. Some major clients of this cloud computing enterprise include Google, Crocs, Cisco, The Wall Street Journal, Tulip, Qualcomm, Del, Starbucks and many more.
Cloud computing versus other computing paradigms: As a new metaphor, the cloud computing model is often confused with other existing technologies and services. In terms of comparison, grid computing which has been existent for the past 13 years is often confused with the cloud computing model. In this section, a comparison is made between the two discussing the similarities and differences. Cloud Computing: To get cloud computing to work, one of the requirement that has to be met is access to Grid computing. Grid computing is actually a way to link various computer units to form one powerful infrastructure, harnessing unused resources. The other requirement is Utility computing where the user pays for what the user uses on shared servers. This can be compared to a public utility e.g. (electricity, gas etc). Cloud computing has essentially evolved out of grid computing and relies on it as a backbone and infrastructure support.
Grid Computing: Unlike cloud computing, it is not necessary for grid computing to be available on the cloud. It is up to the decision of the user to decide. Grid computing requires the use of software that can divide and distribute pieces of a program as one large system image to several thousand computers.
A comparison cloud computing and grid computing on the following characteristics: Business Model Cloud Computing: In a cloud based business model, the customer will pay the provider on a consumption basis. This model relies on the economies of scale in order to drive prices down for users and profits for providers. Grid computing: For grid computing, the business model is project oriented, where the users or the community using it has a fixed number of service units.
Cloud Computing: A four layer of cloud computing architecture is as follows:
Unified Resource Fabric
Fabric Layer: This layer contains the raw hardware resources such as the storage resources, compute resources and network resources. Unified Resource Layer: This layer contains resources that have been abstracted so that they can be exposed to upper layer and end users as integrated resources. Platform Layer: This layer adds on a collection of specialized tools, middleware and services on top of the unified resources to provide a development and/or deployment program. Application Layer: The layer contains the applications that would run in the clouds.
Grid Computing Architecture:
Fabric Layer: At the fabric layer, grids provide access to different resource types such as network, compute and storage resource. Connectivity Layer: This layer defines the core communication and authentication protocols for easy and secure network transactions. Resource Layer: This layer defines the protocols for the publication, discovery, negotiation, monitoring, accounting and payment of sharing resources on individual resources. Collective Layer: This layer captures the interactions across collection of resources and directory services. Application Layer: This layer contains the user applications based on the above protocols. Application Model Cloud Computing: It caters to a number of applications most of which is high thorough computing (HTC). As cloud computing is still in infancy, the applications that will run on clouds are not well defined but they can be characterized as loosely coupled transaction oriented and interactive. Grid Computing: This model supports many applications which range from high performance computing (HPC) to high throughput computing (HTC). HPC applications are efficient at executing a tightly coupled parallel job within a particular machine with low latency interconnects and are not executed to a wide area network Grid.
Security Model Cloud Computing: In cloud computing, the model is based on the assumption is that the resources are homogenous to a particular organization. They comprise of dedicated data centers belonging to the same organization and within each data centre the hardware software and the supporting platforms are in general more homogeneous to each other. Interoperability can become a serious issue for this model in this matter. Grid Computing: However in Grid computing the assumption is that the resources are heterogeneous and hence each different grid may have its own administration domain and operation autonomy. Thus security has been engineered as a key element in the fundamental structure of Grid Computing. The key issues considered are single sign-on so that users can sign in only once and have access to multiple Grid sites. This will also facilitate accounting and auditing, delegation so that a program can be authorized to access resources on a user‟s behalf and it can further delegate to other programs; privacy, integration and segregation, resources belonging to one user cannot be accessed by unauthorized users and cannot be tampered during transfer. As compared to Grid Computing, the security model for clouds is relatively simpler and less secure. Cloud infrastructure mainly rely on web forms to create and manage account information for end users and allow users to receive and change passwords via Email in an unsafe and unencrypted information. To contrast this Grids are much stricter. Apart from filling up of grid forms the grid also requires a person to person conversation to verify the person, perhaps verification from a person who already has an account and apart from that password will only be faxed or mailed, but under no circumstances can it be emailed. The Grid approach to security maybe more time consuming, but it does add an extra level of security
Benefits of cloud computing In order to make the most of cloud computing, developers must be able to redesign their applications so that they can make the best use of architectural and deployment paradigms that cloud computing supports. The basic benefits of cloud computing would include reducing run time and response time, minimizing the risk of deploying physical infrastructure, lowering the cost of entry and increasing the pace of innovation. 1. Reducing Run Time and Response Time: For enterprises running batch jobs, cloud computing makes it straight forward to use 1000 servers to th accomplish a task in 1/1000 of a time a single server would require. Apart from that enterprises that would need to offer a good response time to the user, reallocating responses so that any CPU intensive tasks are farmed to worker” virtual machines which can help to optimize response time while scaling in demand to meet customer needs. 2. Minimizing Infrastructure Work: With increase in cloud computing, the dependency on infrastructure decreases. Users need not purchase software or hardware to get their work done. IT organizations are investing heavily on the cloud computing model.
3. Lower cost of entry: There are a number of attributes of cloud computing that help to reduce the cost to enter new markets. Firstly because the infrastructure is rented not bought the cost is controlled and the minimum capital investment can even be zero. In addition to the lower costs of purchase cycles, storage “by the sip” and the “pay on demand” scheme the massive amount of cloud providers helps to minimize cost, helping to further reduce the cost of inventory. Secondly applications are developed by assembly rather than programming. This rapid development application is the norm thereby reducing the time to market. This results in potential organizations deploying applications in a cloud environment a head start against the competition. 4. Increased pace of innovation: Cloud computing can help increase the pace of innovation. The low cost of entry to new markets helps to level the playing field allowing startup companies to deploy new products quickly and at low cost. This allows small and new companies to compete more effectively with traditional organizations whose deployment process in enterprise centers can be significantly longer. An increased competition thus leads to an increase in the pace of innovation.
Concerns of cloud computing: While the benefits of cloud computing are many there are significant threats of cloud computing that needs to be addressed. Privacy and security are the two major issues Privacy: If a client can login from any location to access his data and applications, there is a possibility of clients‟ privacy getting compromised. The cloud computing companies will need to find ways to protect the privacy of the clients. One of the ways could be to authentication techniques where a username and password is required to access the data or applications. Another way could be an authorization format where each user can only access the data and application relevant to his job. Security: while using cloud computing there are significant security issues that need to be addressed. One of the aspect of cloud computing is that it blurs the natural perimeter between the protected inside and the hostile outside. Listed below are some of the concerned that need to be addressed while using cloud computing: Where’s the data? : Different countries have different requirements and controls placed on access. Since the data exists in a cloud the user tends to forget that the data is physically stored at some place. Hence the cloud consumer should give it in writing to provide the level of security as desired by the user. Who has access? : Access control is a key concern, because insider attack is a huge concern. A potential hacker is someone who has been entrusted with approved access to the cloud. Anyone considering using the cloud needs to look at who is managing their data and what type of requirements are applied to these individuals. What are the regulatory requirements? : Organizations operating in the United States, Canada and the European Union have many regulatory requirements that have to abide. Some of them include ISO20072, Safe Harbor, ITIL and COBIT. The user using the cloud computing model
must ensure that the cloud provider is willing to meet these requirements and is willing to undergo certification, accreditation and review. Does the user have the right to audit? : The particular issue is no small matter. The cloud provider should agree in writing to the terms of the audit. What type of training does the cloud provider offer their employees? : This is a rather important issue. The weakest link in security will always be the people employed. Knowing what type of training what types of training the providers provide to their employees is an important aspect to review. What type of data classification does the Cloud provider provide? Questions that should be in concern for the user are: Is my data classified? How is my data separated from the other users? The encryption should also be discussed. Is it being used while the data is at rest or in transit? What type of encryption is being used? What are the service level agreement terms? : The service level agreement (SLA) serves as a level of guaranteed experience between the cloud provider and the user. It specifies the level of what type of services will be provided. What is the long term viability of the provider? How long has the cloud provider been in business? What is the track recorder of the provider? If they go out of business, what happens to the data? Is it lost or retained? If it is retained in what format is it retained? If there is an outage what is time taken for the data to be retained? These are some of the major concerns that a user should consider while approaching a cloud provider. What happens if there is a security breach? : If a security breach occurs, what support will the cloud provider provide? While many services are promoted as unhackable, cloud computing is a soft target for the hackers. What is the disaster recovery/business continuity plan (DR/BCP)? : Though the information is available on the cloud the user needs to understand that the data is physically stored at some location. All these physical locations face the threats such as fire, storms, natural disasters and loss of power. In case of any these events have to occur what would be the response of the cloud provider and what guarantee of continued services are they providing? These are the two major concerns of cloud computing. Apart from these two factors there are always the philosophical questions. Does the user or the company which subscribe to the cloud computing service own the data? Does the cloud computing company which provides storage own the data? Is it possible for a cloud computing company to deny a client access to that clients‟ data? Several law companies, business firms are debating these and the nature of cloud computing. Cloud computing attacks As many more companies are moving up to cloud computing, the look of hackers tends to follow. Some of the potential attack vector criminals include: Denial of Service (DoS) Attacks: Some cloud computing professionals argue that cloud computing is more vulnerable to DoS attacks, since it is shared by many users. This makes the Dos attacks more damaging. Side channel attacks: An attacker could to attempt to compromise a cloud by placing a malicious virtual machine in close proximity to a target cloud server and then launching a side channel attack. Authentication Attacks: Authentication is a weak point in hosted and virtual services and is frequently targeted.
Man-in-the middle cryptographic Attacks: This occurs when an attacker places himself between two users. By placing himself between the communication paths of two users the attacker has the ability to intercept and modify communications. The bright future of cloud computing is becoming much clearer now. The cloud computing model may still have not materialized as much but looking at the players using it, it at can be said that it has great potential in the future. This was recently proved in the bidding deal between H-P and Dell over 3Par Inc. HP emerged the winner by acquiring the deal for $2 billion. This battle had been brewing between the two tech giants as both wanted to increase their cloud computing capabilities. In July 2007 H-P bought Ospware, a data center automation start-up for $ 1.6 billion. In the beginning of 2010, this company acquired 3Com Corp., a network maker for $2.7 billion. And in the beginning of September the company ArcSight Inc. for $1.5. ArcSight makes security software identifies suspicious activity on corporate networks hence it would help in making HP‟s cloud secure. Meanwhile Dell acquired EqualLogic Inc. for $1.4 as the foundation for its data storage product. Apart from these deals, VMware Inc which is a virtualization software maker has announced to buy Integrien, a provider of network analysis for undisclosed amounts. While the cloud computing model is gaining great momentum in The United States, Europe is lagging behind. This is mainly to stringent privacy laws of EU which limits the flow of information beyond the EU borders. Only US, Argentina and Canada are allowed to provide cloud-computing services. Israel and Andorra have applied for approval to be designated as computing centers while India and Malaysiagrowing hubs for cloud computing data centers- have to negotiate and enter into binding legal agreements with data processors called Service Level Agreements (SLAs). Summary: To summarize, this paper has made an attempt to describe in detail A Cloud Computing Model, the characteristics of the Model, and the various enabling technologies behind the model. Based on the services, the model has been classified into three categories namely SaaS, PaaS, IaaS. It has also been further divided into the three different types of clouds on the basis of the users using the cloud. The current major players today haven been described in detail which includes Microsoft‟s Azure, Amazon‟s EC2, Zoho and Salesforce. As cloud computing is the current buzzword many times it is confused with other computing paradigms like Grid Computing and Utility Computing. Cloud Computing Model and the Grid Computing Model has been compared on the basis of their architecture, business model and security model. Then the benefits of the Cloud Computing Model has been described and the reason it has great potential for today‟s users as well as for enterprises. An attempt has been made to list out the concerns of cloud computing and the reasons which may result in the cloud computing model not being successful. Finally the present current scenario has been discussed with the major ongoing deals between the Tech Giants of today. Conclusion: Cloud computing as a model has great potential in the future. The trend of the cloud computing model is greatly catching on and has already been implemented, in several enterprises. Multinational companies greatly stand to get an advantage of it. The benefits of this model are many, speed and agility being the main important ones. But the drawbacks it faces like security and privacy may turn out to be a hindrance in the success of the Cloud Model. But no matter what the drawbacks are, Cloud Computing is here to stay and we will be no doubt hearing great success stories of this model in the near future. A light in the cloud can surely be seen.
http://moneymorning.com/2010/09/23/cloud-computing/ http://www.windowsecurity.com/articles/Cloud-Computing-Past-Present-Future-Part1.html http://whitepapers.zdnet.com/abstract.aspx?docid=1625559 http://whitepapers.zdnet.com/abstract.aspx?docid=1625557&promo=100511&tag=zd-left http://whitepapers.zdnet.com/abstract.aspx?tag=zd-left&docid=1827981&promo=100511 http://www.salesforce.com/ http://aws.amazon.com/ec2/ http://thecloudtutorial.com/zoho-products.html http://www.ibm.com/developerworks/web/library/wa-cloudgrid/ http://web2.sys-con.com/node/640237 http://whitepapers.techrepublic.com.com/abstract.aspx?docid=1198679 http://whitepapers.techrepublic.com.com/abstract.aspx?docid=1188463 http://communication.howstuffworks.com/cloud-computing3.htm http://communication.howstuffworks.com/cloud-computing2.htm
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.