COM 444 Cloud Computing

1

Prof. Dr. Halûk Gümüşkaya

[email protected]

[email protected] http://www.gumuskaya.com

Computing Engineering Department

COM 444 Cloud Computing

Lec 5: Cloud Platform Architecture over

Virtualized Data Centers:

Cloud Computing Service Models

2

1. Cloud Computing Services Stack

3. Platform as a Service (PaaS) 4. Software as a Service (SaaS) 5. Today’s Cloud Services Stack 6. Public, Private & Hybrid Clouds 7. Market-Oriented Cloud Architecture 8. Inter-Cloud Resource Management 9. Cloud Security and Trust Management

Cloud Computing Service Models

3 Cloud Services: The Cloud Computing Reference Model

4

5

The Cloud Stack: Applications

 Cloud applications can range from Web applications to scientific computational jobs

Examples:

 Netflix, Office,

 GoogleDocs, iDrive,

 Livechat, Web2 etc

6

The Cloud Stack: Data

 Data Management

 New generation cloud specific databases and management systems

Examples:

 Hbase, Cassandra,

 Hive, Pig etc.

The Cloud Stack: Runtime Environment

 Runtime platforms to support cloud programming models

Examples:

 MPI, MapReduce, Hadoop

 Pregel etc

The Cloud Stack: Middleware for Clouds

 Management platforms that enable:

 Resource Management

 Monitoring

 Provisioning

 Identity Management and Security

9

The Cloud Stack: Operating Systems

 Standard Operating Systems used in Personal Computing

 Packaged with libraries and software for quick deployment and provisioning Examples:

 Amazon Machine Images (AMI) contain OS as well as required software packages as a “snapshot” for instant deployment

10

The Cloud Stack: Virtualization

 Key Component

 Resource Virtualization

Examples:

 Amazon EC2 is based on the Xen virtualization platform

11

Cloud Stack Layers in Service Levels

12 1. Cloud Computing Services Stack

2. Infrastructure as a Service (IaaS)

4. Software as a Service (SaaS) 5. Today’s Cloud Services Stack 6. Public, Private & Hybrid Clouds 7. Market-Oriented Cloud Architecture 8. Inter-Cloud Resource Management 9. Cloud Security and Trust Management

13

IaaS: Most Basic Cloud Service Model

 Cloud providers offer

 computers, as physical or more often as virtual machines

 other resources.

 Virtual machines are run as guests by a hypervisor, such as Xen or KVM.

 Cloud users deploy their applications by then installing operating system images on the machines as well as their application software.

 Cloud providers typically bill IaaS services on a utility computing basis, that is, cost will reflect the amount of resources allocated and consumed.

14

IaaS Examples

 Amazon CloudFormation (and underlying services such as Amazon EC2)

 Rackspace Cloud

 Terremark

 Google Compute Engine.

Some IaaS Offerings from Public Clouds

1. Cloud Computing Services Stack 2. Infrastructure as a Service (IaaS)

3. Platform as a Service (PaaS)

5. Today’s Cloud Services Stack 6. Public, Private & Hybrid Clouds 7. Market-Oriented Cloud Architecture 8. Inter-Cloud Resource Management 9. Cloud Security and Trust Management

17

Platform as a Service (PaaS)

 Cloud providers deliver a computing platform typically including

 operating system

 programming language execution environment

 database, and

 web server

 Application developers develop and run their software on a cloud platform without the cost and complexity of

buying and managing the underlying hardware and software layers.

18

Examples of PaaS

 Amazon Elastic Beanstalk

 Microsoft Azure

 Google App Engine

 Heroku  Aneka  …  Force.com  Cloud Foundry  EngineYard  Mendix  OrangeScape 19

PaaS Offerings from Public Clouds

20 1. Cloud Computing Services Stack

2. Infrastructure as a Service (IaaS) 3. Platform as a Service (PaaS)

4. Software as a Service (SaaS)

6. Public, Private & Hybrid Clouds 7. Market-Oriented Cloud Architecture 8. Today’s Cloud Services Stack 9. Inter-Cloud Resource Management 10.Cloud Security and Trust Management

21

Software as a Service (SaaS)

 Cloud providers install and operate application software in the cloud and cloud users access the software from cloud clients.

 The pricing model for SaaS applications is typically a monthly or yearly flat fee per user, so price is scalable and adjustable if users are added or removed at any point. 22

SaaS Examples

 Limelight Video Platform

 Salesforce.com

Service Models at Different Service Levels

25 1. Cloud Computing Services Stack

2. Infrastructure as a Service (IaaS) 3. Platform as a Service (PaaS) 4. Software as a Service (SaaS)

5. Today’s Cloud Services Stack

7. Market-Oriented Cloud Architecture 8. Inter-Cloud Resource Management 9. Cloud Security and Trust Management

Cloud Computing Service Models

26 A Stack of 6 Layers of Cloud Services and Their Provides

Cloud Services Major Providers

27

Today’s Cloud Services Stack

Network Cloud Services Co‐Location Cloud Services Compute & Storage Cloud Services Platform Cloud Services Application Cloud Services Hardware/Virtualization Services (HaaS) 28

Collocation Services(LaaS) : Savvis

 The company sellscollocation services and managed hosting with 50 data centers (approximately 1.54 million square feet) in North America, Europe, and Asia,

automated management and provisioning systems, and information technology consulting.

 Colocation services -- provides services to house, power and secure all the physical and network resources of a data center.

 It also provides managed hosting, a type of Internet hosting in which the client leases an entire server not shared with anyone.

29

Network Cloud Services(NaaS) : AT&T

 AT&T has a flexible and scalable suite of on-demand cloud which offers a cost-saving alternative to many conventional hosting services.

 Its robust portfolio of mobile apps, voice, and data

services can be delivered as a total cloud solution under security protection.

 AT&T has a good track record of serving corporate and

government clients and enterprise hosting clients.

 It has security capabilitiesthat are embedded and integrated into the core of its network, with physical and network authentication, firewall management, intrusion detection and protection, denial of service mitigation, and encryption capabilities.

30

Network Cloud Services(NaaS) : AT&T

 One can buy access to cloud computing and cloud storageusing AT&T services.

 With up to 99.99 percent availability and the enterprise-class security of AT&T Internet Data Centers, they can provide the performance and network bandwidth needed for most demanding cloud solutions.

Virtualization Services (HaaS) : Vmware

more than 80%. The company was acquired by EMC in 2004

for $625 million.

 VMware Workstation:This software suite allows users to run

multiple instances of x86 or x86-64 -compatible OS on a single physical PC.

 VMware Fusion:This provides similar functionality like the VMware Workstation for users of the Intel Mac platform, along with full compatibility with virtual machines created by other VMware products.

 VMware Server:It is provided as freeware for non-commercial

use, and it is possible to create virtual machines with it. It is a "hosted" application, which runs within an existing Linux or Windows operating system.

Virtualization Services (HaaS) : Vmware

greater performance than the freeware VMware Server, due to lower system overhead. VMware ESX is a "bare-metal"

product, running directly on the server hardware, allowing virtual servers to also use hardware more or less directly.  VMware vSphereis a "cloud OS" capable of managing large

pools of infrastructure, including software and hardware from networks.

33

Cloud Services and Providers

34 1. Cloud Computing Services Stack

2. Infrastructure as a Service (IaaS) 3. Platform as a Service (PaaS) 4. Software as a Service (SaaS) 5. Today’s Cloud Services Stack

6. Public, Private & Hybrid Clouds

8. Inter-Cloud Resource Management 9. Cloud Security and Trust Management

Cloud Platform Architecture over Virtualized Data Centers

35

Clouds based on Ownership and Exposure

Private/Enterprise Clouds

Cloud computing model run within a company’s

own Data Center / infrastructure for internal and/or partners use. Public/Internet Clouds 3rd party, multi-tenant Cloud infrastructure & services: * available on subscription basis

(pay as you go)

Hybrid/Mixed Clouds

Mixed usage of private and public

Clouds: Leasing public cloud services when private cloud

capacity is insufficient

36

Public, Private & Hybrid Clouds

Characteristics _{Public Clouds Private Clouds}

Technology leverage and ownership

Owned by service providers

Leverage existing IT infrastructure and personnel; owned by individual organization

Management of provisioned resources

Creating and managing VM instances within proprietary infrastructure; promote standardization, preserves capital investment, application flexibility

Client managed; achieve customization and offer higher efficiency

Workload distribution methods and loading policies

Handle workload without communication dependency; distribute data and VM resources; surge workload is off-loaded

Handle workload dynamically, but can better balance workloads; distribute data and VM resources

Security and data privacy enforcement

Publicly accessible through remote interface

Access is limited; provide pre-production testing and enforce data privacy and security policies

Example platforms

Google App Engine, Amazon AWS,

Microsoft Azure IBM RC2

Community Clouds: Shared among several or organizations

37

Public, Private & Hybrid Clouds

Figure 4.1 Public, private, and hybrid clouds illustrated by functional architecture and connectivity of representative clouds available by 2011.

38

Cloud Ecosystems for Building Private Clouds

Business Models Salesforce.com

 Salesforce.com'sCRM solutionis broken down into several cloud service models: Sales Cloud, Service Cloud, Data Cloud (Jigsaw), Collaboration Cloud (Chatter) and Custom Cloud (Force.com).

 Sales Cloud:A SaaS provider allows user to access anywhere

through an Internet-connected mobile device or computer. The service include real-time sales collaborative tool called Chatter provides sales representatives with a complete customer profile and account history, manages marketing campaign spending, tracks all opportunity-related data including

milestones, decision makers, customer communications, etc. Automatic email reminders are scheduled to keep teams up to date on the latest information.

Business Models Salesforce.com

 Service Cloud:The Service Cloud provides companies with a

call center-like view that enables companies to create and track cases coming in from every channel, and automatically route and escalate what’s important. The Salesforce CRM-powered customer portal provides customers the ability to track their own cases 24 hours a day.

 Force.com platform:Salesforce.com'sPaaS platform allows

external developers to create add-on applications that integrate into the main salesforce.com application and are hosted on salesforce.com's infrastructure.

41 1. Cloud Computing Services Stack

2. Infrastructure as a Service (IaaS) 3. Platform as a Service (PaaS) 4. Software as a Service (SaaS) 5. Public, Private & Hybrid Clouds 6. Today’s Cloud Services Stack

7. Market-Oriented Cloud Architecture

9. Cloud Security and Trust Management

Cloud Computing Service Models

42

Realizing the ‘Computer Utilities’ Vision:

What Consumers and Providers Want?

 Cloud Service Consumers –minimize expenses, meet QoS

 How do I express QoS requirements to meet my goals?  How do I assign valuation to my applications?

 How do I discover services and map applications to meet QoS needs?  How do I manage multiple providers and get my work done?

 How do I outperform other competing consumers?

 …

 Cloud Service Providers –maximise ROI, retain customers

 How do I decide service pricing models?  How do I specify prices?

 How do I translate prices into resource allocations?  How do I assign and enforce resource allocations?  How do I advertise and attract consumers?

 How do I perform accounting and handle payments?

 …

 Mechanisms, tools, and technologies

 value expression, translation, and enforcement

43

Market-based Systems =

Self-managed and self-regulated Systems

 Manage  Complexity  Supply and Demand  Enhance Utility

1

3

2

Autonomic Cloud Management

Develop methodologies and tools to automate the process of cloud management in 4 objectives

Resource Management Power Management Autonomic Cloud Management Reliability Management Admission Control Load Balancing 1. Manage resources to provisioning of service quality assurance and adaptation 2. Automate the configuration process of VMs and virtual clusters 3. Manage energy consumption under SLA constraints 4. Develop fault prediction models for proactive failure management Capacity Management

45

Market-Oriented Cloud Architecture:

QoS Negotiation and SLA-based Resource Allocation

Dispatcher VM Monitor Service Request Monitor Pricing Accounting

Service Request Examiner and Admission Control - Customer-driven Service Management - Computational Risk Management - Autonomic Resource Management Users/ Brokers SLA Resource Allocator Virtual Machines (VMs) Physical Machines 46

A (Layered) Cloud Architecture

Cloud resources

Virtual Machine (VM), VM Management and Deployment QoS Negotiation, Admission Control, Pricing, SLA Management, Monitoring, Execution Management, Metering, Accounting, Billing

Cloud programming: environments and tools

Web 2.0 Interfaces, Mashups, Concurrent and Distributed Programming, Workflows, Libraries, Scripting

Cloud applications

Social computing, Enterprise, ISV, Scientific, CDNs, ...

Adaptive Management Core Middleware User-Level Middleware System level User level

Autonomic / Cloud Economy

Apps Hosting Platforms

Many Cloud Offerings: Good, but new issues-“vendor lock in”, “scaling” across clouds

Complex decisions to make?

Manjrasoft Aneka

InterCloud: Global Cloud Exchange and Market Maker

Storage Cloud Compute Cloud Storage Cloud Compute Cloud Directory Bank Auctioneer Global Cloud Exchange Enterprise Resource Manager (Proxy) Broker 1 Enterprise IT Consumer Publish Offers Request Capacity Negotiate/Bid Broker N . . . .

49 1. Cloud Computing Services Stack

2. Infrastructure as a Service (IaaS) 3. Platform as a Service (PaaS) 4. Software as a Service (SaaS) 5. Today’s Cloud Services Stack 6. Public, Private & Hybrid Clouds 7. Market-Oriented Cloud Architecture

8. Inter-Cloud Resource Management

Cloud Computing Service Models

50

Three Cases of Cloud Resource Provisioning without Elasticity

51

Three Cases of Cloud Resource Provisioning without Elasticity

52

53

Interaction among VM Managers

54

The InterGrid Test Bed over the French Grid’5000

Cloud Loading Results at 4 Gateways

1. Cloud Computing Services Stack 2. Infrastructure as a Service (IaaS) 3. Platform as a Service (PaaS) 4. Software as a Service (SaaS) 5. Today’s Cloud Services Stack 6. Public, Private & Hybrid Clouds 7. Market-Oriented Cloud Architecture 8. Inter-Cloud Resource Management

9. Cloud Security and Trust Management

57

Security and Trust Barriers in Cloud Computing

 Protecting datacenters must first secure cloud

resources and uphold user privacy and data integrity.

 Trust overlay networks could be applied to build reputation systems for establishing the trust among interactive datacenters.

 A watermarking technique is suggested to protect shared data objects and massively distributed software modules.

 These techniques safeguard user authentication and tighten the data access-control in public clouds.

 The new approach could be more cost-effective than using the traditional encryption and firewalls to secure the clouds.

58

Cloud Service Models Security Measures

59

Physical and Cyber Security Protection at

Cloud/Data Centers

60

Security Aware Cloud Platform

… built with a cluster of VMs, storage, and networking resources over the data-center servers operated by providers.

61

Security Issues on VMs

 Access Controlis discretionary. Fine-grained multilevel controls are needed (Iitegrity lock architecture)

 Secure Boot– The boot process needs to be secured.

Proper attestation methods desired. More robust logging is needed.

 Component Isolation – Dom0 in XEN supports networking,

disk I/O, VM boot loading, hardware emulation and workload balancing, all need to be decomposed into components

 Logging–Introspection – a VM running security software is

allowed to look inside the memory of another VM. Software such as IPS and antriviruses, using introspection should be safe from tampering.

 Avoiding man-in-the-middle attack on VMs during VM

migration.

62

Man-in-the-middle Attack on VMs during VM Migration

Fine-Grained Access Control with Hive

 Hive is a data warehouse infrastructure built on top of Hadoop that provides tools to enable easy data

summarization, adhoc querying and analysis of large datasets stored in Hadoop files.

 It provides a mechanism to put structure on this data with a simple query language called Hive QL based on SQL.

 Policies include content dependent access control, association based access control, time-dependent access control

Fine-Grained Access Control with Hive

 Table/View definition and loading,

 Users create tables as well as load data into tables. Further, they can also upload XACML policies for the table they are creating.

 Users can also create XACML policies for tables/views.

 Users define views only if they have permissions for all tables

 Specifing in the query to create the view, they can create XACML policies for the views defined.

65

Key Security Issue 1

(Courtesy of Hai Jin, 2012) 66

Key Security Issue 2

(Courtesy of Hai Jin, 2012)

67

Key Security Issue 3

(Courtesy of Hai Jin, 2012) 68

Researches on Cloud Computing

69

Reputation Systems for Social Networks and

Cloud Systems

70

PowerTrust Built over A Trust Overlay Network

Look-ahead Random Walk Distributed Ranking Module v_n ... ... ... ... v₃ v₂ v₁

Global Reputation Scores V

Regular Random Walk Initial Reputation

Aggregation Reputation Updating

Local Trust Scores

Power Nodes

Trust Overlay Network

(Courtesy of R. Zhou and K. Hwang, “PowerTrust : A scalable and robust reputation system for structured P2P networks”, IEEE-TPDS, May 2007)

73

Clouds vs. Job Opportunities

 Clouds forming a major industry thrust that IDC estimates will grow to $44.2 billion investment in 2013 while 15% of IT investment in 2011 was related to cloud systems.

 Gartner rates cloud computing high on list of critical emerging technologies that are transformational (their highest rating for impact) in the next 2 - 5 years.  There are many opportunities for new jobs in cloud

computing with a recent European study estimating 2.4 million new cloud computing jobs in Europe alone by 2015.  Cloud computing spans research and economy and so

attractive component of curriculum for students that mix “going on to PhD” or “graduating and working in industry”

74

Conclusions

 Computing clouds are changing the whole IT , service industry, and global economy. Clearly, cloud computing demands ubiquity, efficiency, security, and trustworthiness.  Cloud computing has become a common practice in

business, government, education, and entertainment leveraging 50 millions of servers globally installed at thousands of datacenters today.

 Private clouds will become widespread in addition to using a few public clouds, that are under heavy competition among Google, MS, Amazon, Intel, EMC, IBM, SGI, VMWare, Saleforce.com, etc.

 Effective trust management, guaranteed security, user privacy, data integrity, mobility support, and copyright protection are crucial to the universal acceptance of cloud as a ubiquitous service.

75

Basic Papers to Read

 M. Armbrust, et al, “Above the Clouds: A Berkeley View of Cloud Computing”, Technical Report, UCB/EECS-2009-28, Feb.2009.

 K. Hwang and D. Li, “ Trusted Cloud Computing with Secure Resources and Data Coloring”, IEEE Internet Computing, Sept. 2010.

 M. Rosenblum and T. Garfinkel, “Virtual Machine Monitors: Current Technology and Future Trends”, IEEE Computer, May 2005, pp.39-47.

 B. Sotomayor, R. Montero, and I. Foster, “Virtual

Infrastructure Management in Private and Hybrid Clouds”, IEEE Internet Computing, Sept. 2009

76

Acknowledgements

The slides have been based in-part upon original slides of a number of books and Professors including:

 Distributed and Cloud Computing: From Parallel Processing to The Internet of Things, K. Hwang, G. Fox and J. Dongarra, Morgan

Kaufmann Publishers, 2012.

 Mastering Cloud Computing: Foundations and Applications Programming, R. Buyya, C. Vecchiola, S. T. Selvi, Morgan Kaufmann, 2013.