Cloud Computing - Some terms
• Term cloud is used as a metaphor for internet • Concept generally incorporates combinations of the following
– Infrastructure as a service (IaaS) – Platform as a service (PaaS) – Software as a service(SaaS)

• Not to be confused with
– Grid Computing – a form of distributed computing • Cluster of loosely coupled, networked computers acting in concert to perform very large tasks – Utility Computing – packaging of computing resources such as computing power, storage, also a metered services – Autonomic computing – self managed

Grid Computing
• • • • • Share Computers and data Evolved to harness inexpensive computers in Data center to solve variety of problems Harness power of loosely coupled computers to solve a technical or mathematical problem Used in commercial applications for drug discovery, economic forecasting, sesimic analysis and back-office Small to big – Can be confined to a corporation – Large public collaboration across many companies and networks Most grid solutions are built on – Computer Agents – Resource Manager – Scheduler Compute grids – Batch up jobs – Submit the job to the scheduler, specifying requirements and SLA(specs) required for running the job – Scheduler matches specs with available resources and schedules the job to be run – Farms could be as large as 10K cpus Most financial firms has grids like this Grids lack automation, agility, simplicity and SLA guarantees

• •

storage. computing power and network • Requires cloud like infrastructure • Pay by the use model – Similar to electric service at home • Pay for extra resources when needed – To handle expected surge in demand – Unanticipated surges in demand • Better economics .Utility Computing • More related to cloud computing – Applications.

Cloud computing – History • Evolved over a period of time • Roots traced back to Application Service Providers in the 1990’s • Parallels to SaaS • Evolved from Utility computing and is a broader concept .

for application developers and IT • Allows develop. retire resources – Dynamically update infrastructure elements without affecting the business . PAAS. work fast (performance). and offer good reliability • Without concern for the nature and location of underlying infrastructure – Activate. SAAS • Dynamic provision of services/resource pools in a co-ordinated fashion – On demand computing – No waiting period – Location of resource is irrelevant • May be relevant from performance perspective.Cloud computing • Much more broader concept • Encompasses – IAAS. data locality • Applications run somewhere on the cloud – Web applications fulfill these for end user – However. deploy and run applications that can easily grow capacity (scalability).

if not all of the resources in a single request – Middleware approach takes federation as a first principle – Resources are exposed.Clouds Versus Grids • Clouds and Grids are distinct • Cloud – – – – Full private cluster is provisioned Individual user can only get a tiny fraction of the total resource pool No support for cloud federation except through the client interface Opaque with respect to resources • Grid – Built so that individual users can get most. often as bare metal • These differences mandate different architectures for each .

the term grid was coined to describe technologies that would allow consumers to obtain computing power on demand.” • Clouds and Grids are equivalent – “In the mid 1990s.Cloud Mythologies • Cloud computing infrastructure is just a web service interface to operating system virtualization. – “I won’t be able to run a private cloud because my users will not tolerate the performance hit.” . • Cloud computing imposes a significant performance penalty over “bare metal” provisioning.

Commercial clouds .

Microsoft Azure Platform. Google Appengine IBM Blue house. connectivity etc AWS. HR. CRM etc IBM Lotus Live Middleware. Messaging. Amazon EC2. Intergation. CastIron. IBM Virtual images. VMWare. GoogleCalender Payroll. Information.Cloud Anatomy • Application Services(services on demand) – – – Gmail. Boomi. Sun Parascale and more • • Platform Services (resources on demand) – – – Infrastructure as services(physical assets as services) .


2010 Gartner “IT Hype Cycle” for Emerging Technologies 2009 2010 2008 2007 .

Cloud Computing .layers Layers Architecture .

Billing. Payment Resources Services Storage Network OS . Security.What is a Cloud? Individuals Corporations Non-Commercial Cloud Middle Ware Storage Provisioning OS Provisioning Network Provisioning Service (apps) Provisioning SLA (monitor).

and miscellaneous communications between nodes on a network.Why cloud computing • Data centers are notoriously underutilized. SMBs and enterprises alike. Forrester. • Cost effective solutions to key business demands • Move workloads to improve efficiency • Server Message Block (SMB. and IDC— agree that this new model offers significant advantages for fastpaced startups. . where it is often known as "Microsoft Windows Network". also known as Common Internet File System. often idle 85% of the time – Over provisioning – Insufficient capacity planning and sizing – Improper understanding of scalability requirements etc • including thought leaders from Gartner. CIFS) operates as an application-layer network protocol mainly used to provide shared access to files. Most usage of SMB involves computers running Microsoft Windows. printers. It also provides an authenticated inter-process communication mechanism. serial ports.

How do they work? • Public clouds are opaque – What applications will work well in a cloud? • Many of the advantages offered by Public Clouds appear useful for “on premise” IT – Self-service provisioning – Flexible resource allocation • What extensions or modifications are required to support a wider variety of services and applications? – Data assimilation – Multiplayer gaming – Mobile devices .

without compromising privacy and security of each of the customer’s data • Service-oriented – compose applications out of loosely coupled services. and synchronization . Data – Distributing. Expose these services as API’s • Virtualized – decoupled from underlying hardware. Multiple applications can run in one computer • Data. Data.Cloud computing Characteristics • Agility – On demand computing infrastructure – Linearly scalable – challenge • Reliability and fault tolerance – Self healing – Hot backups. One service failure will not disrupt other services. security. etc – SLA driven – Policies on how quickly requests are processed • Multi-tenancy – Several customers share infrastructure. partitioning.

Private and Hybrid clouds .Public.

scalability. corporations and others – Amazon's Web Services and Google appEngine are examples • Offers startups and SMB’s quick setup. Pay as you go model helps startups to start small and go big • Security and compliance? • Reliability concerns hinder the adoption of cloud – Amazon S3 services were down for 6 hours .Public clouds • Open for use by general public – Exist beyond firewall. flexibility and automated management. fully hosted and managed by the vendor – Individuals.

etc.g. refunds. . kvm) provides CPU isolation – “Roll-your-own” network provisioning provides network isolation – Locally specific storage abstractions • Fully customer self-service – Service Level Agreements (SLAs) are advertized – Requests are accepted and resources granted via web services – Customers access resources remotely via the Internet • Accountability is e-commerce based – Web-based transaction – “Pay-as-you-go” and flat-rate subscription – Customer service. Xen.Public Clouds (Now) • Large scale infrastructure available on a rental basis – Operating System virtualization (e.

Private Clouds • Within the boundaries (firewall) of the organization • All advantages of public cloud with one major difference – Reduce operation costs – Has to be managed by the enterprise • • • • • • Fine grained control over resources More secure as they are internal to org Schedule and reshuffle resources based on business demands Ideal for apps related to tight security and regulatory concerns Development requires hardware investments and in-house expertise Cost could be prohibitive and cost might exceed public clouds .

Clouds and SOA • SOA Enabled cloud computing to what is today • Physical infrastructure like SOA must be discoverable. manageable and governable • REST Protocol widely used (Representational State Transfer) .

deploy.Clouds for Developers • Ability to acquire. configure and host environments • Perform development unit testing. prototyping and full product testing .

and adoption • Easy – To install => system administration time is expensive – To maintain => system administration time is really expensive . experimentation. unstable.Open Source Cloud Infrastructure • Simple – Transparent => need to “see” into the cloud – Scalable => complexity often limits scalability – Secure => limits adoptability • Extensible – New application classes and service classes may require new features – Clouds are new => need to extend while retaining useful features • Commodity-based – Must leverage extensive catalog of open source software offerings – New. and unsupported infrastructure design is a barrier to uptake.

Reservoir – European open cloud project – Many layers of cloud services and tools – Ambitious and wide-reaching but not yet accessible as an implementation Eucalyptus – Cloud Computing on Clusters – Amazon Web Services compatible – Supports kvm and Xen Open Nebulous Joyent – Based on Java Script • • • • .Microsoft and Amazon face challenges • • Globus/Nimbus – Client-side cloud-computing interface to Globus-enabled TeraPort cluster – Based on the Globus Virtual Workspace Service – Shares upsides and downsides of Globus-based grid technologies Enomalism (now called ECP) – Start-up company distributing open source – REST APIs(Representational State Transfer (REST) is a style of software architecture for distributed hypermedia systems such as the World Wide Web.

Open Source Cloud Ecosystem Tools • RightScale – Startup focused on providing client tools as SaaS hosted in AWS – Uses the REST interface • Canonical – Ubuntu 9.10 (Karmic Koala) – Includes KVM and Xen Hypervisors .

Open Source Cloud Anatomy
• Extensibility
– Simple architecture and open internal APIs

• Client-side interface
– Amazon’s AWS interface and functionality (familiar and testable)

• Networking
– Virtual private network per cloud – Must function as an overlay => cannot supplant local networking

• Security
– Must be compatible with local security policies

• Packaging, installation, maintenance
– system administration staff is an important constituency for uptake

Open Source Cloud Anatomy .. cntd
• Private clouds are really hybrid clouds
– Users want private clouds to export the same APIs as the public clouds

• In the Enterprise, the storage model is key
– Scalable “blob” storage doesn’t quite fit the notion of “data file.”

• Cloud Federation is a policy mediation problem
– No good way to translate SLAs in a cloud allocation chain – “Cloud Bursting” will only work if SLAs are congruent

• Customer SLAs allow applications to consider cost as first-class principle
– Buy the computational, network, and storage capabilities that are required

Open Source Clouds contd.

Eucalyptus (Elastic Utility Computing Architecture Linking Your Programs To Useful Systems) .

The SLA records a common understanding about services.Clouds and Virtualization • Operating System virtualization (Xen. VMWare. Memory.A service level agreement (SLA) is a negotiated agreement between two parties where one is the customer and the other is the service provider.Kernel based Virtual Machine . and warranties • Monitoring KVM. and local device access as a single virtual machine (VM) • IaaS Cloud allocation is – Set of VMs – Set of storage resources – Private network • Allocation is atomic • SLA. guarantees. HyperV) is only apparent for IaaS – AppEngine = BigTable • Hypervisors virtualize CPU. priorities. responsibilities. KVM. This can be a legally binding formal or informal "contract" .

Cloud Infrastructure • Network operations center  Physical Infrastructure .

Cloud Infrastructure ..contd • Physical Security  Cooling .

Cloud Infrastructure ..contd
• Power infrastructure, Network Cabling, Fire safety

Cloud computing open issues
• Governance – Security, Privacy and control – SLA guarantees – Ownership and control – Compliance and auditing • Sarbanes and Oxley Act Reliability – Good servive provider with 99.999% availability Cloud independence – Vendor lockin? – Cloud provider goes out of business Data Security Cloud lockin and Loss of control – Plan for moving data along with Cloud provider Cost? Simplicity? Tools Controls on sensitive data? – Out of business Big and small – Scalability and cost outweigh reliability for small businesses – Big businesses may have a problem

• • • • • • • • •

Battle in the cloud
• Amazon Web Services • Google App Engine
– Free upto 500 MB, • Free for small scale applications?

• Universities? – Pay when you scale

• GoGrid • .. Some more Hosting companies - HP, IBM, Oracle (+sun) and Dell

consistent distributed systems. shared relational databases. .• Cloud computing entails building massive distributed systems – They use replicated data. . parallelism – Brewer’s “CAP theorem:” Must sacrifice Consistency for Availability & Performance • Cloud providers believe this theorem • Key to scalability is decoupling (Modules should communicate as less as possible with one another ). we knew how to build reliable.loosest possible synchronization (Any synchronized mechanism is a risk) • We gave up on consistency too easily Long ago.

thrashing . etc – But modern computers often become unreliable as a symptom of overload… so these consistency mechanisms will make things worse. oscillations (up and down). by increasing the load just when we want to ease off! • So consistency (of any kind) is a “root cause” for meltdowns. any reliability property forces a system to retransmit lost messages.• A consistent distributed system will often have many components. but users observe behavior indistinguishable from that of a single-component reference system • They reason this way: – Systems that make guarantees put those guarantees first and struggle to achieve them – For example. use acks.

however IETF republished the protocol in RFC 1142 for the Internet community. The protocol was defined in ISO 2002 as an international standard within the Open Systems Interconnection (OSI) reference design.• Thus application developers are urged to not assume consistency and to avoid anything that will break if inconsistency occurs • To reintroduce consistency we need – A scalable model • Should this be the Isis model? – A high-performance implementation • Can handle massive replication for individual objects • Massive numbers of objects • Won’t melt down under stress • Not prone to instabilities or resource exhaustion problems • Intermediate System To Intermediate System (IS-IS). is a protocol used by network devices (routers) to determine the best route for datagrams through a packet-switched network. . IS-IS is not an Internet Standard.

Cloud Programming .

but also a better parallel programming model – Performance / correctness isolation – Well-defined points of interaction – Scalable model More difficult to use – Little language support • Erlang integrates message with pattern matching Message passing libraries • Fundamental mismatch: asynchronous strange in a synchronous world Open problems – Control structures for asynchronous messages – Communications contracts – Integration of messages in type system and memory model .Message Passing Not only fundamental to distributed systems.

Distribution Distributed systems are rich source of difficult problems – Replication – Consistency – Quorum Well studied field produced good solutions – Outsider’s perspective: research is focused on fundamental problems and used in real systems How can these techniques be incorporated into programming model? – Libraries – Language integration – New models .

Availability Services must be highly available – Blackberry outage gets national media attention – Affect millions of people simultaneously – Service can become part of national infrastructure High availability is challenge – Starts with design and engineering – Hard to eliminate all “single points of failure” – Murphy’s law rules (Anything that can go wrong. will go wrong ) Programming models provide little support of systematic error handling – Disproportionate fraction of software defects in error handling code • Run in inconsistent state • Difficult to test – Erlang has systematic philosophy of fail and notify – Could lightweight transactions simplify rollback ? .

… ..g. defer low-priority tasks. provision more machines. simplify home page when load spikes. observe. pray Performance should be specified as part of behavior – SLAs as well as pre-/post-conditions Need scalability – Grow by adding machines.Performance Performance is system-level concern – Goes far beyond the code running on a machine – Most performance tools focus on low-level details – Automatic optimization (compilers) is very granular Current approach is wasteful and uncertain – Build. not rewriting software Architecture should be the starting point – Model and simulate before building a system Adaptivity – Systems need to be introspective and capable of adapting behavior to load – e. tweak. overprovision.

compiled for server and client .. battery) – Move computation to data. client and server are two fundamentally different applications – Evolution around interfaces • Single program model. particularly when communications constrained – Code mobility • Exists in data center (VMs) Currently.Application Partitioning Static partition of functionality between client and server – Difficult to support range of clients with different architectures and capabilities – Difficult to adapt to changing constraints (e.g.

failure.High-Level Abstractions Map-reduce and dataflow abstractions simplify large-scale data analysis in data centers – Convenient way to express problems – Hide complex details (distribution. restart) – Allow optimization (speculation) Need more abstractions for wider range of problems – Not appropriate for services .

Conclusive outcomes Cloud computing is more than VMs. web services. data centers. … – New way of performing computation New opportunity to correct problems with existing computing models – Cost. reliability. complexity. … .

speeding MIPR process Cultural inertia – Sharing the vision Controlling expectations – “Why can’t it…. networks – Access • • • Business processes – Flexible funding.Challenges and Barriers Current • Balancing Security and Usability – User Validation – Virtualization. Procurement $ verses Operating $ .” Future • Security optimization – – – – “Shared” accreditation Validation of customer applications Integrating Software as a Service Accessing federated and shared services • Business streamlining – Each Service and Agency has unique processes – Funding hurdles. credit cards. servers. firewalls..

networks. servers. applications. known between 1901 and 1988 as the National Bureau of Standards (NBS). storage. (NIST defn) • This cloud model promotes availability and is composed of five essential characteristics. • The National Institute of Standards and Technology (NIST).. and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. and four deployment models. .A Working Definition of Cloud Computing • Cloud computing is a model for enabling convenient.g. three service models. is a measurement standards laboratory which is an agency of the United States Department of Commerce. ondemand network access to a shared pool of configurable computing resources (e.

5 Essential Cloud Characteristics • On-demand self-service • Broad network access • Resource pooling – Location independence • Rapid elasticity • Measured service .

3 Cloud Service Models • Cloud Software as a Service (SaaS) – Use provider’s applications over a network • Cloud Platform as a Service (PaaS) – Deploy customer-created applications to a cloud • Cloud Infrastructure as a Service (IaaS) – Rent processing. and other fundamental computing resources • To be considered “cloud” they must be deployed on top of cloud infrastructure that has the key characteristics . storage. network capacity.

Service Model Architectures Cloud Infrastructure Cloud Infrastructure PaaS SaaS SaaS Cloud Infrastructure IaaS PaaS SaaS Software as a Service (SaaS) Architectures Cloud Infrastructure PaaS Cloud Infrastructure IaaS PaaS Platform as a Service (PaaS) Architectures Cloud Infrastructure IaaS Infrastructure as a Service (IaaS) Architectures .

4 Cloud Deployment Models • Private cloud – enterprise owned or leased • Community cloud – shared infrastructure for specific community • Public cloud – Sold to the public. mega-scale infrastructure • Hybrid cloud – composition of two or more clouds .

Common Cloud Characteristics • Cloud computing often leverages: – – – – – – – Massive scale Homogeneity Virtualization Low cost software Geographic distribution Service orientation Advanced security technologies .

The NIST Cloud Definition Framework Hybrid Clouds Deployment Models Service Models Essential Characteristics Private Cloud Software as a Service (SaaS) Community Cloud Platform as a Service (PaaS) On Demand Self-Service Broad Network Access Resource Pooling Massive Scale Common Characteristics Homogeneity Virtualization Low Cost Software Rapid Elasticity Measured Service Resilient Computing Geographic Distribution Service Orientation Advanced Security Public Cloud Infrastructure as a Service (IaaS) .

Cloud Computing Security .

Security is the Major Issue .

compliance • Clouds are massively complex systems can be reduced to simple primitives that are replicated thousands of times and common functional units • Cloud security is a tractable problem – There are both advantages and challenges .Analyzing Cloud Security • Some key issues: – trust. encryption. multi-tenancy.

General Security Advantages • Shifting public data to a external cloud reduces the exposure of the internal sensitive data • Cloud homogeneity makes security auditing/testing simpler • Clouds enable automated security management • Redundancy / Disaster Recovery .

General Security Challenges • • • • • • Trusting vendor’s security model Customer inability to respond to audit findings Obtaining support for investigations Indirect administrator accountability Proprietary implementations can’t be examined Loss of physical control .

and Virtual Networks . Processing.Security Relevant Cloud Components • • • • • • Cloud Provisioning Services Cloud Data Storage Services Cloud Processing Infrastructure Cloud Support Services Cloud Network and Perimeter Security Elastic Elements: Storage.

Provisioning Service • Advantages – Rapid reconstitution of services – Enables availability • Provision in multiple data centers / multiple instances • Challenges – Impact of compromising the provisioning service .

Data Storage Services • Advantages – – – – – Data fragmentation and dispersal Automated replication Provision of data zones (e..g. by country) Encryption at rest and in transit Automated data retention • Challenges – Isolation management / data multi-tenancy – Storage controller • Single point of failure / compromise? – Exposure of data to foreign governments .

Cloud Processing Infrastructure • Advantages – Ability to secure masters and push out secure images • Challenges – Application multi-tenancy – Reliance on hypervisors – Process isolation / Application sandboxes .

logging. authentication.g. firewalls…) • Challenges – Additional risk when integrated with customer applications – Needs certification and accreditation as a separate application – Code updates ..Cloud Support Services • Advantages – On demand security controls (e.

firewall.Cloud Network and Perimeter Security • Advantages – Distributed denial of service protection – VLAN capabilities – Perimeter security (IDS. authentication) • Challenges – Virtual zoning with application mobility .

Cloud Security Advantages Part 1 • • • • • • Data Fragmentation and Dispersal Dedicated Security Team Greater Investment in Security Infrastructure Fault Tolerance and Reliability Hypervisor Protection Against Network Attacks Possible Reduction of C&A Activities (Access to PreAccredited Clouds) .

Cloud Security Advantages Part 2 • Simplification of Compliance Analysis • Data Held by Unbiased Party (cloud vendor assertion) • Low-Cost Disaster Recovery and Data Storage Solutions • On-Demand Security Controls • Real-Time Detection of System Tampering • Rapid Re-Constitution of Services • Advanced Honeynet Capabilities .

Cloud Security Challenges Part 1 • – – – Data dispersal and international privacy laws EU Data Protection Directive and U.S. Safe Harbor program Exposure of data to foreign government and data subpoenas Data retention issues • • • • • Need for isolation management Multi-tenancy Logging challenges Data ownership issues Quality of service guarantees .

Cloud Security Challenges Part 2 • • • • • – – – – Dependence on secure hypervisors Attraction to hackers (high value target) Security of virtual OSs in the cloud Possibility for massive outages Encryption needs for cloud computing Encrypting access to the cloud resource control interface Encrypting administrative access to OS instances Encrypting access to applications Encrypting application data at rest • • Public cloud vs internal cloud security Lack of public SaaS version control .

Additional Issues • – Issues with moving sensitive data to the cloud Privacy impact assessments • – – Using SLAs to obtain cloud security Suggested requirements for cloud SLAs Issues with cloud forensics • Contingency planning and disaster recovery for cloud implementations .

Secure Migration Paths for Cloud Computing .

power savings.The ‘Why’ and ‘How’ of Cloud Migration • There are many benefits that explain why to migrate to clouds – Cost savings. increased agility in software deployment • Cloud security issues may drive and define how we adopt and deploy cloud computing solutions . green savings.

• Massive public clouds may be more cost effective than large community clouds which may be more cost effective than small private clouds.Balancing Threat Exposure and Cost Effectiveness • Private clouds may have less threat exposure than community clouds which have less threat exposure than public clouds. • Doesn’t strong security controls mean that I can adopt the most cost effective approach? .

Cloud Migration and Cloud Security Architectures • Clouds typically have a single security architecture but have many customers with different demands – Clouds should attempt to provide configurable security mechanisms • Organizations have more control over the security architecture of private clouds followed by community and then public – This doesn’t say anything about actual security • Higher sensitivity data is likely to be processed on clouds where organizations have control over the security model .

Putting it Together • Most clouds will require very strong security controls • All models of cloud may be used for differing tradeoffs between threat exposure and efficiency • There is no one “cloud”. • How does one choose? . There are many models and architectures.

Migration Paths for Cloud Adoption
• Use public clouds • Develop private clouds
– Build a private cloud – Procure an outsourced private cloud – Migrate data centers to be private clouds (fully virtualized)

• Build or procure community clouds
– Organization wide SaaS – PaaS and IaaS – Disaster recovery for private clouds

• Use hybrid-cloud technology
– Workload portability between clouds

Possible Effects of Cloud Computing
• Small enterprises use public SaaS and public clouds and minimize growth of data centers • Large enterprise data centers may evolve to act as private clouds • Large enterprises may use hybrid cloud infrastructure software to leverage both internal and public clouds • Public clouds may adopt standards in order to run workloads from competing hybrid cloud infrastructures

Cloud Standards Mission
• Provide guidance to industry and government for the creation and management of relevant cloud computing standards allowing all parties to gain the maximum value from cloud computing

and hardware providers – We want to promote government and industry adoption of cloud standards . software.NIST and Standards • NIST wants to promote cloud standards: – We want to propose roadmaps for needed standards – We want to act as catalysts to help industry formulate their own standards • Opportunities for service.

Goal of NIST Cloud Standards Effort • Fungible clouds – – – – – (mutual substitution of services) Data and customer application portability Common interfaces. programming models Federated security services Vendors compete on effective implementations • Enable and foster value add on services – Advanced technology – Vendors compete on innovative capabilities . semantics.

A Model for Standardization and Proprietary Implementation • Advanced features Proprietary Value Add Functionality • Core features Standardized Core Cloud Capabilities .

Proposed Result • Cloud customers knowingly choose the correct mix for their organization of – standard portable features – proprietary advanced capabilities .

application portability. and data portability – Avoid over specification that will inhibit innovation – Separately addresses different cloud models 84 .A proposal: A NIST Cloud Standards Roadmap • We need to define minimal standards – Enable secure cloud integration.

Towards the Creation of a Roadmap (I) • Thoughts on standards: – Usually more service lock-in as you move up the SPI stack (IaaS>PaaS->SaaS) – IaaS is a natural transition point from traditional enterprise datacenters • Base service is typically computation. and networking – The virtual machine is the best focal point for fungibility – Security and data privacy concerns are the two critical barriers to adopting cloud computing . storage.

SaaS . encourage collaboration in addressing these standards as soon as possible – Identify common needs for security and data privacy standards across IaaS.Towards the Creation of a Roadmap (II) • Result: – Focus on an overall IaaS standards roadmap as a first major deliverable – Research PaaS and SaaS roadmaps as we move forward – Provide visibility. PaaS.

g.g.g. Azure Storage. EBS.. S3. ??) Persistent storage (e. GFS.. DMTF OVF) VM provisioning and control (e..g. ??) – machine readable • uptime. resource guarantees. Atmos) VM SLAs (e. EC2 API) Inter-cloud VM exchange (e.g. SCAP) .g. storage redundancy – Secure VM configuration (e....A Roadmap for IaaS • Needed standards – – – – – VM image distribution (e.

g..A Roadmap for PaaS and SaaS • More difficult due to proprietary nature • A future focus for NIST • Standards for PaaS could specify – Supported programming languages – APIs for cloud services • Standards for SaaS could specify – SaaS-specific authentication / authorization – Formats for data import and export (e. XML schemas) – Separate standards may be needed for each application space .

SaaS • Many existing standards • Identity and Access Management (IAM) – IdM federation (SAML. in-flight). Key Management – PKI. TOTP) – Entitlement management (XACML) • Data Encryption (at-rest.Security and Data Privacy Across IaaS. PKCS. OCRA. WS-Federation. PaaS. EKMI • Records and Information Management (ISO 15489) • E-discovery (EDRM) . KEYPROV (CT-KIP. Liberty ID-FF) – Strong authentication standards (HOTP. DSKPP).

Cloud Computing Publications .

Planned NIST Cloud Computing Publication • NIST is planning a series of publications on cloud computing • NIST Special Publication to be created in FY09 – What problems does cloud computing solve? – What are the technical characteristics of cloud computing? – How can we best leverage cloud computing and obtain security? .

Cloud Resources. and Security Models . Case Studies.

Thoughts on Cloud Computing • Galen Gruman.” . and Eric Knorr. or licensing new software. InfoWorld Editor in Chief – “A way to increase capacity or add capabilities on the fly without investing in new infrastructure. training new personnel. InfoWorld Executive Editor.” – “The idea of loosely coupled services running on an agile. scalable infrastructure should eventually make every enterprise a node in the cloud.

CEO O’Reilly Media • “I think it is one of the foundations of the next generation of computing” • “The network of networks is the platform for all computing” • “Everything we think of as a computer today is really just a device that connects to the big computer that we are all collectively .Thoughts on Cloud Computing • Tim O’Reilly.

Billions of people will be wirelessly interconnected. and the only way to achieve that kind of massive scale usage is by massive scale.Thoughts on Cloud Computing • Dan Farber. Editor in Chief CNET News • “We are at the beginning of the age of planetary computing. brutally efficient cloud-based infrastructure.” .

Core objectives of Cloud Computing • • Amazon CTO Werner Vogels Core objectives and principles that cloud computing must meet to be successful: – – – – – – – – – – Security Scalability Availability Performance Cost-effective Acquire resources on demand Release resources when no longer needed Pay for what you use Leverage others’ core competencies Turn fixed cost into variable cost .

security. service levels.A “sunny” vision of the future • Sun Microsystems CTO Greg Papadopoulos – Users will “trust” service providers with their data like they trust banks with their money – “Hosting providers [will] bring ‘brutal efficiency’ for utilization. power. and idea-to-deploy time” –CNET article – Becoming cost ineffective to build data centers – Organizations will rent computing resources – Envisions grid of 6 cloud infrastructure providers linked to 100 regional providers .

Foundational Elements of Cloud Computing 98 .

0 • Web application frameworks • Service Level Agreements 99 .Foundational Elements of Cloud Computing Primary Technologies • • • • • • • Virtualization Grid technology Service Oriented Architectures Distributed Computing Broadband Networks Browser as a platform Free and Open Source Software Other Technologies • Autonomic Systems • Web 2.

Eric Schmidt • Web 2.0 is the trend of using the full potential of the web – – – – – Viewing the Internet as a computing platform Running interactive applications through a web browser Leveraging interconnectivity and mobility of devices The “long tail” (profits in selling specialized small market goods) Enhanced effectiveness with greater human participation • Tim O'Reilly: “Web 2.0 is the business revolution in the computer industry caused by the move to the Internet as a platform. and an attempt to understand the rules for success on that new platform.” .0 Consumer Software Revolution • Is not a standard but an evolution in using the WWW • “Don’t fight the Internet” – CEO Google.Web 2.

CTO of Kaplan Test Prep on SaaS – “I love the fact that I don't need to deal with servers. version maintenance.Software as a Service (SaaS) Enterprise Software Revolution • SaaS is hosting applications on the Internet as a service (both consumer and enterprise) • Jon Williams. staging. performance” • Eric Knorr with Computerworld says that “[there is an] increasing desperation on the part of IT to minimize application deployment and maintenance hassles” . security.

Three Features of Mature SaaS Applications • Scalable – Handle growing amounts of work in a graceful manner • Multi-tenancy – One application instance may be serving hundreds of companies – Opposite of multi-instance where each customer is provisioned their own server running one instance • Metadata driven configurability – Instead of customizing the application for a customer (requiring code changes). one allows the user to configure the application through metadata .

MultiTenant-Efficient Source: Microsoft MSDN Architecture Center . Configurable.SaaS Maturity Levels • Level 1: Ad-Hoc/Custom • Level 2: Configurable • Level 3: Configurable. Multi-Tenant-Efficient • Level 4: Scalable.

John McCarthy.Utility Computing • “Computing may someday be organized as a public utility” .g. plugging into an outlet) 104 .. MIT Centennial in 1961 • Huge computational and storage capabilities available from utilities • Metered billing (pay for what you use) • Simple to use interface to access the capability (e.

Service Level Agreements (SLAs) • Contract between customers and service providers of the level of service to be provided • Contains performance metrics (e.. throughput.g. response time) • Problem management details • Documented security capabilities • Contains penalties for non-performance 105 . uptime.

self-configuration. The number of computers is growing at 38% each year. self-optimization. and self-protection IT labor costs are 18 times that of equipment costs. 106 . Adaptive. Aware IBM’s 4 properties: self-healing. Automatic.Autonomic System Computing • • • • Complex computing systems that manage themselves Decreased need for human administrators to perform lower level tasks Autonomic properties: Purposeful.

Grid Computing • Distributed parallel processing across a network • Key concept: “the ability to negotiate resource-sharing arrangements” • Characteristics of grid computing – – – – – – Coordinates independent resources Uses open standards and interfaces Quality of service Allows for heterogeneity of computers Distribution across large geographical boundaries Loose coupling of computers 107 .

Steve Herrod.Platform Virtualization • “[Cloud computing] relies on separating your applications from the underlying infrastructure” . CTO at VMware • Host operating system provides an abstraction layer for running virtual guest OSs • Key is the “hypervisor” or “virtual machine monitor” – Enables guest OSs to run in isolation of other OSs – Run multiple types of OSs • Increases utilization of physical servers • Enables portability of virtual servers between physical servers • Increases security of physical host server 108 .

SOAP..” . legos) .. rather than delivering full-blown applications.g.g.Infoworld – Standards based interfaces (WS-I Basic Profile) • e. WSDL. Choreography – Many loosely coupled interacting modules form a single logical system (e.Web Services • Web Services – Self-describing and stateless modules that perform discrete units of work and are available over the network – “Web service providers offer APIs that enable developers to exploit functionality over the Internet. WS-Security • Enabling state: WS-Transaction.

Service Oriented Architectures • Service Oriented Architectures – Model for using web services • service requestors. service registry. customizable. service providers – Use of web services to compose complex. distributed applications – Encapsulate legacy applications – Organize stovepiped applications into collective integrated services – Interoperability and extensibility 110 .

and Role Based Access Control (RBAC) – Unified APIs for SQL DB interactions – Session management – URL mapping • Wikipedia maintains a list of web application frameworks 111 .Web application frameworks • Coding frameworks for enabling dynamic web sites – Streamline web and DB related programming operations (e. web services support) – Creation of Web 2.g.g. Model-view-controller architecture) – Authentication. Authorization.0 applications • Supported by most major software languages • Example capabilities – Separation of business logic from the user interface (e...

Free and Open Source Software • External ‘mega-clouds’ must focus on using their massive scale to reduce costs • Usually use free software – Proven adequate for cloud deployments – Open source – Owned by provider • Need to keep per server cost low – Simple commodity hardware • Handle failures in software 112 .

Public Statistics on Cloud Economics 113 .

• Number of servers doubled from 2001 to 2006 114 .8 million servers in data centers • Servers are used at only 15% of their capacity • 800 billion dollars spent yearly on purchasing and maintaining enterprise software • 80% of enterprise software expenditure is on installation and maintenance of software • Data centers typically consume up to 100 times more per square foot than a typical office building • Average power consumption per server quadrupled from 2001 to 2006.Cost of Traditional Data Centers • 11.

6% worldwide in 2000 and 1% in 2005 • Green technologies can reduce energy costs by 50% • IT produces 2% of global carbon dioxide emissions 115 .5% of our Nation’s electricity (EPA) – .Energy Conservation and Data Centers • Standard 9000 square foot costs $21.3 million to build with $1 million in electricity costs/year • Data centers consume 1.

” – Brian Gammage.C. • IT resource subscription pilot saw 28% cost savings .Cloud Economics • Estimates vary widely on possible cost savings • “If you move your data centre to a cloud provider. it will cost a tenth of the cost.CTO of Washington D.Alchemy Plus cloud (backing from Microsoft) • Preferred Hotel – Traditional: $210k server refresh and $10k/month – Cloud: $10k implementation and $16k/month 116 . Gartner Fellow • Use of cloud applications can reduce costs from 50% to 90% .

founder Valtira and enStratus – Using cloud infrastructures saves 18% to 29% before considering that you no longer need to buy for peak capacity 117 .Cloud Economics • George Reese.

Cloud Computing Case Studies and Security Models 118 .

C.000 desktops from Microsoft Office to Google Apps and then migrated them to Zoho for privacy concerns • • 119 .000+ organizations use Google Apps GE moved 400.”. • • • Vivek Kundra.000 employees to Google Apps Replace office software – – – – Gmail Google Docs (word processing and spreadsheets) Google video for business Google sites (intranet sites and wikis) • “It's a fundamental change to the way our government operates by moving to the cloud. Rather than owning the infrastructure. CTO for the District (now OMB e-gov administrator) Migrating 38. Kundra 500. Mr. we can save millions.Google Cloud User: City of Washington D.

..“ • VMWare VCloud – “Federate resources between internal IT and external clouds” 120 .Are Hybrid Clouds in our Future? • OpenNebula • Zimory • IBM-Juniper Partnership – "demonstrate how a hybrid cloud could allow enterprises to seamlessly extend their private clouds to remote servers in a secure public cloud.

vCloud Initiative • Goal: – “Federate resources between internal IT and external clouds” – Application portability – Elasticity and scalability. service level management • vServices provide APIs and technologies 121 . disaster recovery.

Manuvir Das 122 . A Lap Around Windows Azure.Microsoft Azure Services Source: Microsoft Presentation.

Manuvir Das 123 . and Roles n Web Role Worker Role LB m Cloud Storage (blob. table. A Lap Around Windows Azure. queue) Source: Microsoft Presentation. Storage.Windows Azure Applications.

Give me one CPU. Facebook's vice president of technical operations 80 million users + 250. We are solving the redundancy problem in software. PHP. I don't care. If it fails. AJAX Memcached (Open source caching) MySQL (Open source DB) • • Thousands of DB instances store data in distributed fashion (avoids collisions of many users accessing the same DB) “We don't need fancy graphics chips and PCI cards.” 124 ." he said.000 new users per day 50. 10.Case Study: Facebook’s Use of Open Source and Commodity Hardware (8/08) • • • • Jonathan Heiliger.000+ servers Built on open source software – Web and App tier: – Middleware tier: – Data tier: Apache. “We need one USB port and optimized power and airflow. a little memory and one power supply.000 transactions per second.

scalable.Case Study: IBM-Google Cloud • “Google and IBM plan to roll out a worldwide network of servers for a cloud computing infrastructure” – Infoworld • Initiatives for universities • Architecture – Open source • Linux hosts • Xen virtualization (virtual machine monitor) • Apache Hadoop (file system) – “open-source software for reliable. distributed computing” – IBM Tivoli Provisioning Manager 125 .

Case Study: Amazon Cloud • Amazon cloud components – Elastic Compute Cloud (EC2) – Simple Storage Service (S3) – SimpleDB • New Features – Availability zones • Place applications in multiple locations for failovers – Elastic IP addresses • Static IP addresses that can be dynamically remapped to point to different instances (not a DNS change) 126 .

used a credit card! Used EC2 and S3 to convert 15 million scanned news articles to PDF (4TB data) Took 100 Linux computers 24 hours (would have taken months on NYT computers “It was cheap experimentation. and the learning curve isn't steep. Nasdaq • Nasdaq – Uses S3 to deliver historic stock and fund information – Millions of files showing price changes of entities over 10 minute segments – “The expenses of keeping all that data online [in Nasdaq servers] was too high.Amazon Cloud Users: New York Times and Nasdaq (4/08) • • Both companies used Amazon’s cloud offering New York Times – – – – Didn’t coordinate with Amazon.” – Derrick Gottfrid.” – Claude Courbois. Nasdaq VP – Created lightweight Adobe AIR application to let users view data 127 .

com Ideas application – – – – – Concept to Live in Three Weeks 134.015 Ideas Peak traffic of 149 hits per second • US Census Bureau Uses Salesforce.000+ Public Sector and Nonprofit Customers use Salesforce Cloud Computing Solutions President Obama’s Citizen’s Briefing Book Based on for 2010 decennial census – Allows projects to scale from 200 to 2.Case Study: Salesforce.4 M Votes 52.000 users overnight to meet peak periods with no capital expenditure 128 .com Cloud Application – Project implemented in under 12 weeks – 2.500+ partnership agents use in Government • • 5.077 Registered Users 1.

Case Study: Salesforce. 129 . Army needed a new tool to track potential recruits who visited its Army Experience Center. Army uses Salesforce CRM for Cloud-based Recruiting – to run their call in Government • New Jersey Transit Wins InfoWorld 100 Award for its Cloud Computing Project – Use Salesforce. complaint tracking. and service portal – 600% More Inquiries Handled – 0 New Agents Required – 36% Improved Response Time • to track all core recruitment functions and allows the Army to save time and resources.S.S. incident management. – Use Salesforce.

Information Technology Laboratory • Computer Security Division • Tim Grance • NIST.htm 130 . Information Technology Laboratory • Computer Security Division Contact information is available from: http://www.Questions? • Peter Mell •


What is this buzzword? Hype? .

The hype Cluster Computing Cloud Computing Grid Computing  .


Data Centers • Large server and storage farms – Used by enterprises to run server applications – Used by Internet companies • Google. Facebook. Youtube. Amazon… – Sizes can vary depending on needs .

VM mapped onto physical servers – Provides flexiblility in mapping from virtual to physical resources .Data Center Architecture • Traditional: applications run on physical servers – Manual mapping of apps to servers • Apps can be distributed • Storage may be on a SAN or NAS – IT admins deal with “change” • Modern: virtualized data centers – App run inside virtual servers.

Virtualized Data Centers • Resource management is simplified – Application can be started from preconfigured VM images / appliances – Virtualization layer / hypervisor permits resource allocations to be varied dynamically – VMs can be migrated without application down-time .

Workload Management • Internet applications => dynamic workloads • How much capacity to allocate to an application? – Incorrect workload estimate: over.or under-provision capacity – Major issue for internet facing applications • Workload surges / flash crowds cause overloads • Long-term incremental growth (workload doubles every few months for many newly popular apps) – Traditional approach: IT admins estimate peak workloads and provision sufficient servers • Flash-crowd => react manually by adding capacity – Time scale of hours: lost revenue. bad publicity for application .

Dynamic Provisioning • Track workload and dynamically provision capacity • Monitor -> Predict -> Provision • Predictive versus reactive provisioning – Predictive: predict future workload and provision – Reactive: react whenever capacity falls short of demand • Traditional data centers: bring up a new server • Borrow from Free pool or reclaim under-used server • Virtualized data center: exploit virtualization to speed up application startup time – How is this done? .

Energy Management in Data Centers • Energy: major component of operational cost of data centers – Large data centers have energy bills of several million $. – Where does it come from? • Power for servers and cooling • Data centers also have a large carbon footprint • How to reduce energy usage? • Need energy-proportional systems – Energy proportionality: energy use proportional to load – But: current hardware not energy proportional .

Energy Management • Many approaches possible • Within a server: – Shut-down certain components (cores. disks) when idling or at low loads – Use DVFS for CPU • Most effective: shutdown servers you don’t need – Consolidate workload onto a smaller # of servers – Turn others off • Thermal management: move workload to cooling or move cooling to where workloads are – Requires sensors and intelligent cooling systems .

cooling vent .Container-based Data Centers • Modular design • No expensive buildings needed • Plug and play: plug power. network.

Example: Container DC • Courtesy: Dan Reed. Microsoft – Talk at NSF workshop • Benefits of MS Gen 4 data ctr – – – – – Scalable Plug and play Pre-assembled Rapid deployment Reduced construction .

Azure.Cloud Computing • Data centers that rent servers/ storage • Cloud: virtualized data center with self-service web portal • Any one with a “credit card” can rent servers • Automated allocation of servers • Use virtualized architecture • Examples: Amazon EC2. New servers . .Cloud Models • Private clouds versus Public Clouds – Who owns and runs the infrastructure? • What is being rented? – Infrastructure as a service (rent barebone servers) – Platform as a service (google app engine) – Software as a service (gmail. online backup.

Pricing and Usage Model • Fine-grain pricing model – Rent resources by the hour or by I/O – Pay as you go (pay for only what you use) • Can vary capacity as needed – No need to build your own IT infrastructure for peaks needs .

Amazon EC2 Case Study • Virtualized servers – Different sizes / instances • Storage: Simple storage service (S3) – Elastic block service (EBS) • Many other services – Simple DB – Database service – Virtual private cloud .