1 / 35

A day in the cloud

A day in the cloud. An Introduction to Cloud. Dr David Wallom, Associate Director ( Oxford e-Research Centre) Thanks to NIST Clouds Introduction & Bob Jones (CERN, Helix Nebula). Outline. What is Cloud…? Using Cloud (technically) Using cloud (non-technical) Available resources.

avak
Télécharger la présentation

A day in the cloud

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A day in the cloud

  2. An Introduction to Cloud Dr David Wallom, Associate Director (Oxford e-Research Centre) Thanks to NIST Clouds Introduction & Bob Jones (CERN, Helix Nebula)

  3. Outline • What is Cloud…? • Using Cloud (technically) • Using cloud (non-technical) • Available resources

  4. What is cloud?

  5. A Working Definition of Cloud Computing • Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. • This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models. WallomsDef: If a user speaks to a person to get access to resources, its virtualisation, if the user gets access through a computational interface, expanding and contracting their available resources at will, it’s a Cloud! Courtesy of NIST

  6. 5 Essential Cloud Characteristics • On-demand self-service • High performance networkaccess • Resource pooling Location independence • Rapid elasticity/service scalability • Measured service/usage is accounted for Courtesy of NIST

  7. 3 Cloud Service Models

  8. 3 Cloud Service Models • SaaS: Software as a Service –> Google Apps, salesForce.com, Facebook, Microsoft Office 365; use deployed SaaS provider

  9. 3 Cloud Service Models • SaaS: Software as a Service –> Google Apps, salesForce.com, Facebook, Microsoft Office 365; • PaaS: Platform as a Service–>Google App Engine, Force.com, Azure Platform, Oracle Fusion; use deployed Application package PaaS provider

  10. Microsoft Azure Azure™ Services Platform .NET PHP Python Ruby … Web Standards + Industry Standards Visual Studio and Eclipse

  11. 3 Cloud Service Models • SaaS: Software as a Service –> Google Apps, salesForce.com, Facebook, Microsoft Office 365; • PaaS: Platform as a Service–>Google App Engine, Force.com, Azure Platform; • IaaS: Infrastructure as a Service–>Amazon Web Services, EGI Fed Cloud, 100%IT use instantiated OS image IaaS provider

  12. Amazon AWS

  13. 4 Deployment Models • Private cloud • enterprise owned or leased, e.g operated by your institutional IT support • Community cloud • shared infrastructure for specific community, e.g. provided only to specific sectors, e.g. EBI • Public cloud • Sold to the public, mega-scale infrastructure, e.g. Amazon • Hybrid cloud • composition of two or more clouds, e.g. what it says on the tin! Courtesy of NIST

  14. Common Cloud Characteristics • Cloud computing often leverages: • Massive scale (beyond a single projects scaling) • Homogeneity • Virtualization • Resilient computing • Low cost software • Geographic distribution • Service orientation • Advanced security technologies Courtesy of NIST

  15. The NIST Cloud Definition Framework Deployment Models Hybrid Clouds Service Models Community Cloud Public Cloud Private Cloud Essential Characteristics Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Massive Scale Resilient Computing On Demand Self-Service Homogeneity Geographic Distribution Common Characteristics High PerfNetwork Access Rapid Elasticity Virtualization Service Orientation Resource Pooling Measured Service Low Cost Software Advanced Security Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com

  16. Usage Models of Cloud

  17. Private/Public Multiple Clouds • Amazon cloud • NGS cloud • Azure cloud • Eduserv cloud • Users • Globally distributed; • different resources/cost; • different applications; • non standardised: different AAA and UI. • EGI cloud

  18. Mediated Private/Public Multiple Clouds • Amazon cloud • UK NGS cloud • Management • Interface • Users • Automation; • load balancing; • costs reduction; • usability. • Eduserv cloud • EGI cloud

  19. Hybrid Multiple Clouds • NGS cloud • Institutional cloud • Amazon cloud • Users • Eduserv cloud • Federation of Local and Global resources • Elasticity managed by local cloud not user • different resources/cost; • different applications; • non standardised: different AAA but single UI through private provider • EGI cloud

  20. Migration Paths for Cloud Adoption • Use public clouds • Develop private clouds • Build a private cloud • Procure an outsourced private cloud • Migrate data centers to be private clouds (fully virtualized) • Build or procure community clouds • Organization wide SaaS • PaaS and IaaS • Disaster recovery for private clouds • Use hybrid-cloud technology • Workload portability between clouds

  21. Using an IaaS • Users retains (full) control on: • operating system: • create, modify or use existing OS images; • VM instantiation and management (start, stop, #VMs); • networking: • elastic IP, virtual firewalls, isolation (security groups); • data: • create and manage EBS devices; • snapshotting. Great flexibility vs. extra effort

  22. Cloud Infrastructure for Research Centralisation VsFederation Centralisation: one large, dedicated datacentre that serves the national HEI demand Federation: heterogeneous set of infrastructures coordinated in order to satisfy the HEI demand Criteria for evaluation Funding Scalability Flexibility Maintenance Support Accountability Obsolescence Competitiveness Security

  23. Client Tools Command Line Interface HybridFox RightScale Gems RightAws

  24. Cloud Computing Security

  25. Security is the Major Issue

  26. Analyzing Cloud Security • Some key issues: • trust, multi-tenancy, encryption, compliance • Cloud security is a tractable problem • There are both advantages and challenges

  27. General Security Advantages • Shifting public data to a external cloud reduces the exposure of the internal sensitive data • Cloud homogeneity makes security auditing/testing simpler • Clouds enable automated security management • Redundancy / Disaster Recovery

  28. Cloud Security Advantages • Data Fragmentation and Dispersal • Dedicated Security Team • Greater Investment in Security Infrastructure • Fault Tolerance and Reliability • Greater Resiliency • Hypervisor Protection Against Network Attacks • Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds) • Simplification of Compliance Analysis • Data Held by Unbiased Party (cloud vendor assertion) • Low-Cost Disaster Recovery and Data Storage Solutions • On-Demand Security Controls • Real-Time Detection of System Tampering • Rapid Re-Constitution of Services • Advanced HoneynetCapabilities

  29. General Security Challenges • Trusting someone else'ssecurity model • Customer inability to respond to audit findings • Limitations in obtaining support for investigations • Indirect administrator accountability • Proprietary implementations can’t be examined • Loss of physical control

  30. Cloud Security Challenges • Data dispersal and international privacy laws • EU Data Protection Directive and U.S. Safe Harbor program • Exposure of data to foreign government and data subpoenas • Data retention issues • Need for isolation management • Multi-tenancy • Logging challenges • Data ownership issues • Quality of service guarantees • Dependence on secure hypervisors • Attraction to hackers (high value target) • Security of virtual OSs in the cloud • Possibility for massive outages • Encryption needs for cloud computing • Encrypting access to the cloud resource control interface • Encrypting administrative access to OS instances • Encrypting access to applications • Encrypting application data at rest • Public cloud vs internal cloud security • Lack of public SaaS version control

  31. Examples of using cloud in research

  32. Cloud Resources Available • Private Cloud – Various universities and STFC • Community Cloud – Eduserv, EBI, Magelium • Public Cloud – Amazon, Elastic-hosts, Microsoft Azure IaaS, CEMS, 100% IT

More Related