‘The organization uses its own Infrastructure for normal usage, but cloud Is. sed for peak loads, cost reduction; speed to ase of IT procurement/ SW loss of control; ata loss and privacy risks; risk of IP theft. ‘Atomicity Consistency isolation Durability. RDB: Must design up front; painful to evolve; transaction slow on multiple machines; storage expensive. Basically Available (always read write) Soft State Eventually Consistent. NoSOL databases reject overhead of ACID ‘transactions; complexity of SQL; burden of up front schema design; declarative query expression; programmer responsible for step by step procedural language. ‘Mexweltzatiop: abstraction of computer resour allows computer to do job of multiples, by sharing resour of a HW across multiple envs. Cost: instruction cause interruption (need to be emulated); Frequent context switch. ‘Equivalence: A software operating under the ‘MM should behave like it does on an equivalent computer directly. ‘Resovreescontrol: VMM must control virtualized resources completely. Efficiency: Most machine instructions must run without VMM interference. In Popetcand:Goldberg terminology, VMM must present all three properties. Today's terminology, VMM needs to satisfy equivalence and resource control properties. AnstrvtionSet Arcitecture(iSA}: Privileged instructions: Instructions that trapif processor in user mode but not in sys. mode. Control sensitive instructions: Changers ofthe configuration of resources inthe system (e., change RAM) (PUSHF). Behavior sensitive instructions: behavior or result depends on the ‘configuration of resources (POP, PUSH). (Guffcienti3. VMM may be constructed ifthe set of sensitive instructions for that computer is a subset ofthe set o¥ privileged instructions, |T2: A computer is recuysively virtualizable if it is virualizable and a VMM without any timing, dependencies can be constructed for it. FullVirtvalization: Oynamic binary translatior The emulation layer talks to an OS which talks to hardware: # emulation layer isolates VM; # VM portability; perf. Paravirtualization: Guest 0S is modified and run kernel operations at Ring 1 or 3.2 approaches: Recompling the OS kernel; Installing parevrtualized drivers. Hardwaresassisted virtualization: Guest OS runs at Ring 0. VMM runs in a more privileged Ring, @ virtual -1 Ring is created, erun ‘unmodified OS; eSpeed & Flexibility, Desktors¥: VMM running on a physical desktop. Servenside workspace’: workspace (desktop with custom conf) running on VM hosted on a server. Clientside:wpiV: wp running on VM hosted on desktop. application isolation: app packaged with its own virtual copies of the OS resources it needs to change (registries, filesystems). application Streaming: Justin time delivery ofa server hosted app to the desktop; the desktop app can execute before the entie ile has been downloaded. Docker: Intrinsic security of containers. Portab. + Isolation. Limit resource usage. Copy on ‘write mechanism. Version control. Component reuse. Docker Swarm enables multi container hosts to behave like a single, virtual host. ther parts; scale horizontally + vertically; Message driven; Efficient computation; Fault tolerant and self-healing; Supports batch and real time processing. Mapfeduce: prog model: Inspired b functional prog. Allows expressing distrib. computations! ‘on massive amounts of data. execution FW: for large scale data processing. Idea behind: scale Cut, not up. failures are norm not exception: ‘move processing to data. hide sys level details. seamless scalability. shared nothing approach. Eno order. Stateless. All maps need to compl. Slow. Spark: Resilient Distributed Datasets. Massive computation, in memory engine. // processing and functional programming. Data Locality: Process of moving computation to the node where that data resides. Parttioner: oversees assigning intermediate keys to reducers. Hash based partitioner computes the hash ofthe key modulo the numberof reducers r (even partitioning) Combiners: optional optimization: Allow local aggregation before the shuffle and sort phase. ‘Speculative execution: When @ task is running. slower than expected, an equivalent task is launched as @ backup. Distributed Filesystem (Colocate date and coriputation): Abandon the separation between compute and storage nodes. Write once, read many workloads, Does not handle concurrency but allow replication. Optimized for throughput, not latency. DFS: Divide user data into blocks (64/128 MB). Replicate blacks across the local disks of nodes. Master slave architecture. HOFS stores 3 copies of each block in # racks (reliability, availability, performance). NameNode: Master maintains: (1) namespace (metadata, ile to block mapping, location of blocks}; (2) overall heath ofthe filesystem, | DateNode: slaves manage the data blocks. Task Attempt: instance of an attempt to ‘execute a task. Task attempted at least once, possibly more. Multiple attempts may occur ir parallel (speculative execution) | Hadoop Failure Management: : map or reduce task throws a runtime exception; 2: Hanging tasks. JobTracker is notified of 2 failec task. |Hadoop Scheduling: FIFO: Each job uses the whole cluster; Fair: user gets a fair share of thi cluster capacity over time; Capacity: Jobs are submitted to queues (Jobs can be prioritized; No preemption) ATLAS: Adapt. Failure Aware. Context object: Allows the Mapper to interact with the rest of the Hadoop system. Includes configuration data for the job as well as interfaces which allow it to emit output. Used to report progress; set app level status. Maps: driven by the total size ofthe inputs. #¥ Reduce: 0.95/1.75* HNodes * ReduTasksMax. | securityimanagement: Availabilty, Access control, Monitoring, Vulnerability, patching, configuration, Incident response. ‘Customer/eroviderresponsibiliies: AWS ‘manages the infrastructure, but you must secure anything you put on it. » | comingted ataissues Multi tenancy. App wuinerabilties may allow unauthorized access. ‘Shrarechinfraissues: Reputation fate sharing. ‘Cross VM attacks. |tineage: tracing data flows in cloud is dificult ensure Proverancis difficult. Remanence: Residual data may be accessible by other user. | Privatyrchallenges: Protect Personally Identifiable Information (Pl). Conformance to Federal Information. Compliance with laws an regulations. Mult jurisdictional requirements. | Enicryptionkey:managementisystem: Bring, Your Own Key: enterprises encrypt their data and retain control and management of their keys. Hold Your Own Key: gives organizations full control over their keys. Data is encrypted before it is sent to the cloud. ; Pat, (availability, SLA): Control the consumption of resources. P: Load on cloud varies over time. Autoscaling and provisioning are not instantaneous. S: Allow apps to use resources only up to some soft limit, and then throttle them when this limit is reached. C: considered early; needs monitoring. Competing Consumers Pat. (throughput, scalability, availabilty): Enable concurrent