Introduction to Cloud Computing - 02

(1)

Platform as a Service Security in Cloud Computing Research with Cloud

Introduction to Cloud Computing - 02

Iván Carrera

Institute of Informatics - UFRGS September 2013

(2)

Outline

Platform as a Service

Characteristics

PaaS Architecture - Problem* PaaS NIST Recommendations PaaS Providers

Security in Cloud Computing

IaaS Threats and Security Challenges IaaS Security Challenges

(3)

Section 1

(4)

References

I Badger, Lee, et al. "Cloud computing synopsis and

recommendations."NIST special publication 800 (2012): 146.

I Barr, Je. Host Your Web Site in the Cloud: Amazon Web

Services Made Easy. Sitepoint. 2010

I Ciurana, Eugene. Developing with Google App Engine.

Firstpress. 2009

I An Overview of the Amazon PaaS. Transcend Computing.

2012

I Google's Approach to IT Security - A Google White Paper.

(5)

Security in Cloud Computing Research with Cloud

Characteristics

References

I Gillen, Rob. A Comparison of AWS and Azure. Codestock

2011.

I A Java Developer's Guide to PaaS InfoQ

I Google App Engine vs Windows Azure - Geeknizer

I The great debate: Windows Azure vs. Amazon Web Services

-Gigaom

I Technical comparisons of AWS and Azure

I To Azure or not to Azure - ideaNotion

(6)

Characteristics

I Service Model for Cloud Computing

I provides a toolkit for conveniently developing, deploying, and

administering application software

I to support large numbers of consumers, process very large

quantities of data, and potentially be accessed from any point in the Internet.

(7)

Characteristics

I a set of development tools such as programming languages

and supporting run-time environments

I Deploying a new application in PaaS is not much more dicult

than uploading a le to a Web server.

I PaaS will also generally provide and maintain the required

computing resources.

I PaaS clouds are similar to any computing system in that

software applications can be developed for them and run on them.

(8)

Characteristics

Consumers

I App developers,

I App testers (cloud-based testing environments),

I App deployers (publish into the cloud and manage conicts

from multiple versions),

I App administrators,

I App end users (subscribe to the applications deployed on a

(9)

Characteristics

PaaS Component Stack and Scope of Control

(10)

Characteristics

Usage fees

I based on the number of consumers,

I storage, processing, or network resources consumed by the

platform,

(11)

Characteristics

PaaS Consumer/Provider Interaction Dynamics

(12)

Benets

I A cloud provider is free to locate cloud infrastructure in

low-cost areas

I Providers are able to manage the lower layers

I Infrastructure charges are implicitly present in PaaS oerings

(e.g., CPU, bandwidth, storage).

I PasS shares many of the benets of SaaS:

I Centralized Management and Data, I Savings in Up-front Costs

(13)

Characteristics

Benets

Scalable deployment

I Toolkits for developing apps and for their support at the server

side

I Server-side processing frameworks

I Provide organizations centralized control over app operation

and the processed data

I Provide support to a high level of scalability

I Enabling apps to operate smoothly through large uctuations

in demand.

I In on-site, scalability will be limited

I In outsourced scenarios more resources may be available

(14)

Issues

I As with SaaS clouds:

I Browser-based risks I Network Dependence I Isolation vs. Eciency

I Lack of Portability between PaaS Clouds

I Event-based Processor Scheduling

(15)

Subsection 2

(16)

(17)

Characteristics

PaaS Architecture - Problem*

PaaS NIST Recommendations

PaaS Providers

NIST Recommendations

I Generic Interfaces

I Standard Languages and Tools

I Data Access

I Data Protection

I Application Frameworks

I Component Testing

I Security

I Secure Data Deletion

(18)

(19)

Section 2

(20)

References

I Panorama du Cloud Computing, Didier Donsez, Noël de

Palma, Alain Tchana, LIG ERODS. ICAR 2013 Cloud Computing.

I Badger, Lee, et al. "Cloud computing synopsis and

recommendations."NIST special publication 800 (2012): 146.

I IaaS Clouds: Which Security for VMs and Hypervisors?, Marc

Lacoste - Orange Labs, ICAR Summer School. Grenoble, August 28th, 2013.

(21)

Subsection 1

(22)

(23)

Research with Cloud

IaaS Threats and Security Challenges

IaaS Security Challenges

(24)

(25)

Research with Cloud

(26)

10 Biggest Cloud Outages Of 2012

I Tumblr - down for several hours Dec. 3 by a bug, aected

more than 8,600 users

I GoDaddy - on Sept. 10 lost service for six hours by a series of

internal network events (Anonymous) - One month later, GoDaddy announced it would close its cloud business

I Salesforce.com - on July 10, some services interrupted by a

power outage in their data centers, for up to two days

I Dropbox - on Oct. 26 experienced an outage for several hours.

Interruptions led many to link the issues to an undetermined slowdown of Internet availability

"Error: Something went wrong. Don't worry, your les are still safe and the Dropboxers have been notied."

(27)

Research with Cloud

10 Biggest Cloud Outages Of 2012

I Google App Engine - on Oct. 26 lost service for about four

hours, 50 percent of requests to the App Engine failed.

I Microsoft Oce 365 - twice in November by outages that

knocked out their email service

I Microsoft Windows Azure - down for about 2.5 hours on July

26, cutting service to the company's Western European customers

I Microsoft Windows Azure, Again - on Feb.28-29, a worldwide

outage that lasted more than 24 hours, caused by leap year

(28)

10 Biggest Cloud Outages Of 2012

I Amazon, Again And Again - two outages in 2012, and one in

2011

I On Oct. 22, down in its Northern Virginia market, causing

website outages in an unknown number of companies

I On June 14, data centers stopped operations for about six

hours

I On April 21, 2011, down for several hours, and in some cases

(29)

Subsection 2

(30)

Challenges

I Endpoint Security - Hypervisor Security I Network Security - Network Security

I Data Protection - Identity, Traceability and Privacy

(31)

Section 3

(32)

High Performance Computing

I Virtualization introduces a considerable overhead

I Virtualization does not separate well all types of resources I HPC apps tend to take full advantage from resources, but not

virtualized

(33)

Platform as a Service Security in Cloud Computing

Research with Cloud

High Performance Computing

Some clues

I Reduction of VMMs to reduce overhead

I Build lightweight VMs

I Allocate virtual resources over physical resources I Hardware assisted virtualization

I Gauge hardware resources for each VM

(34)

Performance Evaluation

I Distributed Platform - System Under Test

I Workload modelling

(35)

Research with Cloud

Performance Evaluation

I Dynamic allocation of VMs

I Exploit Cloud advantages

(36)

VM Consolidation

I VMs do not use all of their resources

I Un-used VMs form holes in servers

I Consolidate to reduce the number of physical servers

I Hot migration of VMs is necessary

(37)

Research with Cloud

VM Consolidation

Some clues I When to consolidate? I Prediction I Planning I On the y I How to consolidate?

(38)

Big Data

(39)

Research with Cloud

Green IT - FaaS

I Failure management

I Power outages, failures I Cooling systems optimization

(40)