CLOUD COMPUTING

(1)

CLOUD COMPUTING

ALEKHYA P

(2)

Delivery models

Infrastructure as a Service (IaaS) Software as a Service (SaaS)

Platform as a Service (PaaS)

Deployment models Private cloud Hybrid cloud Public cloud Community cloud Defining attributes Massive infrastructure

Accessible via the Internet Utility computing. Pay-per-usage

Elasticity Cloud computing

Resources

Networks

(3)

THE CONCEPTUAL REFERENCE

MODEL



presents an overview of the NIST cloud

computing reference architecture, which

identifies the major actors, their activities

and functions in cloud computing. The

diagram depicts a generic high-level

architecture and is intended to facilitate the

understanding of the requirements, uses,

(4)

NIST CLOUD REFERENCE MODEL

Cloud Computing - RCIS May 2013 4

Carrier S e c u r i t y P r i v a c y Service

Consumer Service Provider Broker

(5)



The NIST cloud computing reference

architecture defines five major

actors/entities:



cloud consumer/service consumer



cloud provider



cloud carrier

(6)

(7)

(8)

(9)

(10)

(11)

CLOUD AUDITOR



It perform an independent examination of

cloud service controls.



It is a systematic evaluation of cloud system

(12)

Facilities Hardware C or e co nn ec tiv ity A bs tra cti on API

Software as a Service

Facilities Hardware C or e co nn ec tiv ity A bs tra cti on API Integration and middleware Data Metadata Applications API Presentation

Infrastructure as a Service

Facilities Hardware C or e co nn ec tiv ity A bs tra cti on API Integration and middleware

(13)

ETHICAL ISSUES



Paradigm shift with implications on computing ethics:

 _{the control is relinquished to third party services;}

 _{the data is stored on multiple sites administered by several organizations;}

 _{multiple services interoperate across the network.}

Examples like ::online data storage (e.g., Mozy.com, Carbonite.com); Internet-based e-mail (e.g., AOL, Yahoo or Gmail); and Software as a service

(“SaaS”),Comparing Cloud Storage to Offline File Storage, How sensitive are the documents in question? Who will have access to these documents in the cloud? What happens if these documents are not maintained securely? What can I do to improve the security of my clients' files on the cloud?



Implications unauthorized

_access;  data corruption;

 infrastructure failure, and service unavailability.

(14)

DE-PERIMETERISATION



Systems can span the boundaries of multiple organizations and

cross the security borders.



The complex structure of cloud services can make it difficult to

determine who is responsible in case something undesirable

happens.



Identity fraud and theft are made possible by the unauthorized

access to personal data in circulation and by new forms of

dissemination through social networks and they could also pose a

danger to cloud computing.

(15)

PRIVACY ISSUES



Cloud service providers have already collected petabytes of

sensitive personal information stored in data centers around the

world. The acceptance of cloud computing therefore will be

determined by privacy issues addressed by these companies and

the countries where the data centers are located.



Privacy is affected by cultural differences; some cultures favor

privacy, others emphasize community. This leads to an

ambivalent attitude towards privacy in the Internet which is a

global system.

a unit of information equal to one thousand million million (1015)

(16)

CLOUD VULNERABILITIES



Clouds are affected by malicious attacks and failures of the

infrastructure, e.g., power failures.



Such events can affect the Internet domain name servers and

prevent access to a cloud or can directly affect the clouds

 in 2004 an attack at Akamai caused a domain name outage and a major

blackout that affected Google, Yahoo, and other sites.

 in 2009, Google was the target of a denial of service attack which took

down Google News and Gmail for several days;

 in 2012 lightning caused a prolonged down time at Amazon.

(17)



Vulnerable- Susceptible to attack



Malicious –Intended to do harm

Attack can be physical or electronic action

taken with intent to acquiring destroying,

(18)



An attack at Akamai Technologies on June

15 ,2004

It a leading CC service & content

delivery network

DDos –Distributed Denial of Service

-

A

malicious hacker uses a DDoS attack to

(19)

(20)



In May 2009, Google was the target of a

(21)



Lightning caused a prolonged downtime at

Amazon.com Inc. on June 29 and 30, 2012.

The Amazon Web Services (AWS) cloud in the

Eastern region of the United States, which

consists of 10 datacenters across four

(22)

(23)

2. CLOUD INFRASTRUCTURE



IaaS services from Amazon



Open-source platforms for private clouds



Cloud storage diversity and vendor lock-in



Cloud interoperability; the Intercloud



Energy use and ecological impact large datacenters



Service and compliance level agreements



Responsibility sharing between user and the cloud service provider

(24)

EXISTING CLOUD INFRASTRUCTURE



The cloud computing infrastructure at Amazon, Google, and Microsoft



(as of mid 2012)

 Amazon is a pioneer in Infrastructure-as-a-Service (IaaS)

 Google's efforts are focused on Software-as-a-Service (SaaS) and

Platform-as-a-Service (PaaS)

 Microsoft is involved in PaaS



Private clouds are an alternative to public clouds. Open-source cloud

computing platforms such as

 Eucalyptus  OpenNebula  Nimbus

 _OpenStack

(25)

(26)

(27)

(28)



Eucalyptus

Eucalyptus is a free &Open source Computer s/w for

building Amazon Web Server (AWS)-compatible private and

hybrid cloud computing environments marketed by the company Eucalyptus Systems

Eucalyptus enables pooling compute, storage, and network resources that can be dynamically scaled up or down as

application workloads change.



OpenNebula

OpenNebula is a cloud computing toolkit for managing

heterogeneous distributed data center infrastructures. The

OpenNebula toolkit manages a data center's virtual infrastructure to build private, public and hybrid implementations

of infrastructure as a service OpenNebula is free and open-source software subject to the requirements of the Apache License

(29)



Nimbus

Nimbus is a toolkit that, once installed on a cluster, provides an infrastructure as a service cloud to its client

via WSRF-based or Amazon EC2 WSDL web service APIs. Nimbus is free and open-source software subject to the requirements of the Apache License,version 2

A computer cluster consists of a set of loosely or tightly connected computers that work together so that, in many respects, they can be viewed as a single system. Unlike grid

computers, computer clusters have each node set to perform the same task, controlled and scheduled by software.



OpenStack

It is a set of software tools for building and managing cloud computing Platform for Public and Private Clouds.

Backed by some of the biggest companies in software development and hosting, as well as thousands of individual

(30)

(31)

(32)

(33)

(34)

AWS REGIONS AND AVAILABILITY ZONES



AWS-Amazon Web Services.



Amazon offers cloud services through a network of data centers on

several continents.



In each

region

there are several availability zones interconnected by

high-speed networks.



An

availability zone

is a data center consisting of a large number of

servers.

(35)

(36)

Internet

Cloud interconnect

AWS storage servers

S3 S3 S3 S3 EBS EBS SDB SDB SDB Simple DB Compute server EC2 instance Compute server EC2 instance Compute server Instance_EC2 instance

Servers running AWS services SQS Cloud watch AWS management console Elastic beanstalk Cloud front Elastic cache

Elastic load balancer Cloud formation

NAT

(37)

Amazon Web Services. Amazon was the first provider of cloud computing

It announced a limited public beta release of its Elastic Computing platform called EC2 in August 2006.

 Route s3 - low-latency DNS service used to manage user's DNS public

records.

 Elastic MapReduce (EMR) - supports processing of large amounts of

data using a hosted Hadoop running on EC2. (Hadoop distributed data processing environment)

 Simple Workflow Service (SWF) - supports workflow management;

allows scheduling, management of dependencies, and coordination of multiple EC2 instances.

 ElastiCache - enables web applications to retrieve data from a

managed in-memory caching system rather than a much slower disk-based database.

(38)

 DynamoDB - scalable and low-latency fully managed NoSQL database

service

Amazon DynamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale. It is a fully managed database and supports both document and key-value data models. Its flexible data model and

reliable performance make it a great fit for mobile, web, gaming, ad-tech, IoT, and many other applications.

 CloudFront - web service for content delivery.

 Elastic Load Balancer - automatically distributes the incoming requests

across multiple instances of the application.

 Elastic Beanstalk - handles automatically deployment, capacity

provisioning, load balancing, auto-scaling, and application monitoring functions.

 CloudFormation - allows the creation of a stack describing the

infrastructure for an application.

 Amazon CloudWatch is a monitoring service for AWS cloud resources

and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, and set

(39)

 _{Elastic Compute Cloud (EC2)15 is a web service with a simple interface for}

launching instances of an application under several operating systems

 such as several Linux distributions, Microsoft Windows Server

2003 and 2008, OpenSolaris, FreeBSD, and NetBSD

 An instance is created either from a predefined Amazon Machine Image (AMI)

digitally signed and stored in S3, or from a user-defined image.

 A user can:

 (i) launch an instance from an existing AMI and terminate an instance;

 (ii) start and stop an instance;

 (iii) create a new image;

 (iv) add tags to identify an image; and

 (v) reboot an instance.

 Simple Storage System (S3) is a storage service designed to store large

objects.

(40)



Retrieve the user input from the front-end.



Retrieve the disk image of a VM (Virtual Machine) from a

repository (AMI – Amazon Machine Image).



Locate a system and requests the VMM (Virtual Machine

Monitor) running on that system to setup a VM.



Invoke the Dynamic Host Configuration Protocol (DHCP) and

the IP bridging software to set up a MAC and IP address for the

VM.

(41)

Autoscaling CloudWatch S3 EBS Simple DB EC2 Linux, Debian, Fedora,OpenSolaris, Open Suse, Red Hat, Ubuntu, Windows, Suse

Linux

SQS -Simple Queue Service

AWS Management Console EC2

Linux, Debian, Fedora,OpenSolaris, Open Suse, Red Hat, Ubuntu, Windows, Suse

Linux

Virtual Private Cloud

(42)

(43)

Scope:

1. Platform as a Service (PaaS)

2. What

is Google App Engine.

• _Overview

• _{Programming languages support}

• _{Data storage}

• _{App Engine services}

• _Security

3. When

to use Google App Engine.

4. How

to use Google App Engine.

(44)

(45)

1. Platform as a Service (PaaS)

•_{Cloud computing service which provides a computing platform and a}

solution stack as a service.

• Consumer creates the software using tools and/or libraries from the provider.

(46)

2. What is Google App Engine.

• Overview

Google App Engine (GAE) is a Platform as a Service (PaaS) cloud computing platform for developing and hosting web applications in Google-managed data centers.

Google App Engine lets you run web applications on Google's infrastructure.

Easy to build. Easy to maintain.

Easy to scale as the traffic and storage needs grow.

Free ???

(47)

• Programming languages support

Java:

• App Engine runs JAVA apps on a JAVA 7 virtual machine (currently

supports JAVA 6 as well).

• Uses JAVA Servlet standard for web applications:

• WAR (Web Applications ARchive) directory structure.

• Servlet classes

• Java Server Pages (JSP)

• Static and data files

• Deployment descriptor (web.xml)

• Other configuration files

• Getting started :

(48)

• Programming languages support

Python:

• Uses WSGI (Web Server Gateway Interface) standard.

• Python applications can be written using:

• Webapp2 framework

• Any python code that uses the CGI (Common Gateway Interface) standard.

PHP (Experimental support):

• Local development servers are available to anyone for developing

and testing local applications.

• Only whitelisted applications can be deployed on Google App Engine.

(https://gaeforphp.appspot.com/).

• Getting started:

(49)

• _{Programming languages support}

Google’s Go:

• Go is an Google’s open source programming environment.

• Tightly coupled with Google App Engine.

• Applications can be written using App Engine’s Go SDK.

• Data storage

Google cloud SQL:

• Provides a relational SQL database service.

• Similar to MySQL RDBMS.

Google cloud store:

• RESTful service for storing and querying data.

• Fast, scalable and highly available solution.

• Provides Multiple layers of redundancy. All data is replicated to multiple

data centers.

• Provides different levels of access control.

(50)

• App Engine services

App Engine also provides a variety of services to perform common operations when managing your application.

• URL Fetch:

• Facilitates the application’s access to resources on the internet, such as web services or data.

• Mail:

• Facilitates the application to send e-mail messages using Google infrastructure.

• Memcache:

• High performance in-memory key-value storage.

(51)

• Security

All hosted applications run in a secure environment that provides limited access to

the underlying operating system.

• Sandbox isolates the application in its own secure, reliable environment that is independent of hardware, operating system and physical location of a web server.

• Limitations imposed by sandbox (for security):

• An application can only access other computers over internet using the provided URL fetch and email services. Other computers can only connect to the application through HTTP/ HTTPS requests on the standard ports (80).

• Applications cannot write to local file system in any of the runtime environments.

• Application code runs only in response to a web request, a queued task or a scheduled task and must return the response data within 60 seconds. A request handler cannot spawn a sub-process or execute code after the response has been sent.

(52)

OVERVIEW



_{Google App Engine supports apps written in a}

variety of programming languages.



_Java:

_{Using App Engine’s Java runtime}

environment, you can build your application using

standard Java technologies.



_Python:

_{App Engine features a fast Python}

interpreter and standard Python libraries.



_PHP:

_{App Engine uses Google's Cloud Platform}

services under the hood when you call standard

PHP functions.



_Go:

_{App Engine features a Go runtime}

(53)

MICROSOFT AZURE

Microsoft Azure services platform is a group of cloud technologies where each providing a specific set of services to services to

(54)

MICROSOFT DATA CENTERS

Vision Go Inside Containers Energy Efficient

San Antonio Chicago

Dublin

Amsterdam

Hong Kong Singapore

(55)

MAIN COMPONENTS



Cloud Fabric



Web Roles



Worker Roles



Storage (Including SQL Azure)



Dev Fabric

(56)

WINDOWS AZURE CLOUD FABRIC



Multiple virtual instances



Easy provision of applications



Detect failures



Spin up new instances to replace the failed ones



How many instances and what role they will play



Load balances and DNS

(57)

(58)

STORAGE



Blobs – Large Data Store



Queues – Background work processing



Tables – Very Fast / Scalable Storage



Drives – NTFS Formatted Page Blobs

(59)

WINDOWS AZURE APPFABRIC



Service Bus



Access Control Service



Management

(60)

WINDOWS AZURE DEVFABRIC

LOCAL DEVELOPER SIMULATION OF APPFABRIC



Simulated “Cloud Experience” for

Development



Routes cloud requests to local machine



Simulates data storage with local SQL server

database



Azure SQL simulated with local SQL Server

database

(61)

DEVELOPER EXPERIENCE



Leverage Existing Skills in .NET, SQL Server, WCF



Use Familiar tools – Visual Studio, SSMS



RESTful HTTP cloud services, supports PHP,

Python



Cloud apps can be developed locally / offline



SDK Cloud Simulator – Dev Fabric, Dev Storage



Other tools (CodePlex)



Azure Storage Manager



SQL Azure Explorer Add in for VS2010

(62)

CLOUD STORAGE DIVERSITY AND

VENDOR LOCK-IN



Risks when a large organization relies on a single cloud service

provider:

 cloud services may be unavailable for a short, or an extended period of

time;

 permanent data loss in case of a catastrophic system failure;  the provider may increase the prices for service.



Switching to another provider could be very costly due to the large

volume of data to be transferred from the old to the new provider.



A solution is to replicate the data to multiple cloud service

providers, similar to data replication in RAID.

(63)

RAID (REDUNDANT ARRAY OF

INDEPENDENT DISKS)



RAID (redundant array of independent disks; originally

redundant array of inexpensive disks) is a way of storing

the same data in different places (thus, redundantly) on

multiple hard disks. By placing data on multiple disks, I/O

(input/output) operations can overlap in a balanced way,

improving performance



A RAID appears to the operating system to be a single

logical hard disk. RAID employs the technique of disk

striping, which involves partitioning each drive's storage

space into units ranging from a sector (512 bytes) up to

several megabytes The stripes of all the disks are

(64)

d1

d3

a1 a2 a3

b2 dP c1 b1 d2 d3 c3 b3 c2 d1 aP bP cP

Disk 1 Disk 2 Disk 3 Disk 4

RAID 5 controller

Proxy a2 c1 b2 a3 bP c2 d2 a1 dPc1 b1 b3 cP d3 c3 Client (a) (b) d1 aP

Cloud 1 Cloud 2

Cloud 4

(65)

CLOUD INTEROPERABILITY; THE

INTERCLOUD



An Intercloud a federation of clouds that cooperate to

provide a better user experience.



Is an Intercloud feasible?



Not likely at this time:



There are no standards for either storage or processing.



The clouds are based on different delivery models.



The set of services supported by these delivery models is

large and open; new services are offered every few

months.



CSPs (Cloud Service Providers) believe that they have a

competitive advantage due to the uniqueness of the added

value of their services.



Security is a major concern for cloud users and an

(66)

ENERGY-PROPORTIONAL SYSTEMS



An energy-proportional system consumes no power

when idle, very little power under a light load and,

gradually, more power as the load increases.



By definition, an ideal energy-proportional system is

always operating at 100% efficiency.



Humans are a good approximation of an ideal energy

proportional system; about 70 W at rest, 120 W on

average on a daily basis, and can go as high as 1,000 –

2,000 W during a strenuous, short time effort.



Even when power requirements scale linearly with the

load, the energy efficiency of a computing system is

not a linear function of the load; even when idle, a

(67)

(68)

SERVICE LEVEL AGREEMENT (SLA)



SLA - a negotiated contract between the customer and

CSP; can be legally binding or informal. Objectives:

Identify and define the customer’s needs and constraints

including the level of resources, security, timing, and QoS.

Provide a framework for understanding; a critical aspect

of this framework is a clear definition of classes of service and the costs.



Simplify complex issues; clarify the boundaries between

the responsibilities of clients and CSP in case of failures.

 Reduce areas of conflict.

 Encourage dialog in the event of disputes.

Eliminate unrealistic expectations.

(69)

(70)