Introduction to Cloud Computing

Mohamed Rahal
[email protected]
ENIT 2018
 Agenda
• Pre-requisites
• Course objectives
• What you will learn in this course?
• Brief history – Is cloud computing new?
• Why cloud computing?
• Cloud Computing Definition and Principles
 Pre-requisites (1)
• Understanding of basic computer
architecture
– CPU
– Memory
– Storage (Volatile and Non-volatile)
• Understanding of basic networking principles
– Ethernet Switching
– Basic Routing principles
– Basic Network security
 Pre-requisites (2)
• Understanding of basic security principles
– Application security
– Operating system security
– Device security
• Understanding basics of Virtualization
– Virtual Machines
– Hypervisors
What you will learn in this course?
• Basic Cloud computing principles
• Deployment Models
• Service Models
• Economic Considerations
• Operational Characteristics
• Service Agreements including Service Level Agreements
• Cloud Security
• Cloud Risks & compliance
• Recommendations
• How to select a Cloud Provider?
• Conclusion
Brief history: Is cloud Computing New?
• Utility Computing: 1961
• Time Sharing: 1970s
• Large Distributed Data Centers 1980s-1990s
• Internet Computing 2000-Present
• What is new in cloud computing today?
– Faster data communication
– Faster and more reliable computing
– Denser and cheaper storage
– Newer Programming paradigms
• Comprehensive Computational resource sharing
 Why Cloud Computing is needed?
• Value to Consumers
• Value to Vendors
• New Revenue and
Jobs
NIST Cloud Computing Definition

Cloud computing is a model for enabling

ubiquitous, convenient, on-demand network
access to a shared pool of configurable computing
resources (e.g. networks, servers, storage,
applications, and services) that can be rapidly
provisioned and released with minimal
management effort or service provider interaction
 NIST Cloud Computing Model
• Model Organization
– Five essential
characteristics
– Three Service
Models
– Four Deployment
Models
NIST Cloud Computing Model
Value of NIST Cloud Computing
Model
• Why do we need a cloud computing model ?
• Value of the model
– Cloud Networks configurations and its use
• Major benefits to provider and users
– Precision
– Clarity
CLOUD COMPUTING PRINCIPLES
 What is Cloud Computing?

• Cloud Computing is a on demand model

• Shared pool of computing resources
– Servers
– Storage
– Applications
– Services
 What is Cloud Computing?
(contd.)

• Rapidly provisioned
• Rapidly released
• Minimal Management Effort of Service
Providers
• Other definitions also exist
 Five Essential Characteristics of
Cloud Computing
On Demand
Self-Service

Measured Broad Network

Service Access

Cloud Computing

Rapid Resource
Elasticity Pooling
 Key Features of Cloud Computing
Cloud computing provides key features such as:
Speed and Agility
The required resources are just one click away, which saves time and provides agility.
We can also easily scale up or down, depending on our need.
Cost 
It reduces the up-front cost to set up the infrastructure, and allows us to focus on
applications and business. Cloud providers have features to estimate the cost, which
helps us plan better.
Easy Access to Resources 
As users, we can access our infrastructure from any place and device, as long as we
can connect to the provider.
Maintenance 
All the maintenance work for the resources is done by the provider. As end users, we
do not have to worry about this aspect.
Multi-tenancy 
Multiple users can use the same pool of resources.
Reliability 
Resources can be hosted in different data center locations, to provide increased
reliability.
 Cloud Service Models

Software as a Service Platform as a Service Infrastructure as a Service

SaaS
PaaS IaaS
 Deployment Models
Private Cloud Public Cloud

Private cloud the cloud public cloud infrastructure is

infrastructure is 1) provisioned for open use
1) provisioned for exclusive use by public
by a single organization with 2) Owned, managed and
multiple consumers, operated by a business,
for example individual government or
business units. university
2) owned, managed, and 3) Mostly in the premises of
operated by the organization a cloud provider
 Deployment Models
Community
Hybrid Cloud
Cloud

community cloud for use by a Hybrid cloud infrastructure is

community
1. Owned by specific 1) Consists of two or
community of consumers more distinct cloud
from organizations that infrastructures
have shared concerns , 2) Can be private, public, or
missions of security etc. community based
2. owned, managed, and 3) Can be proprietary or
operated by the standardized
organization in the 4) More complex
community integrated systems
5) Subject to implications
and constraints
Cloud Infrastruct ure
Cloud Infrastruct ure
General Cloud/Consumer
View
General Cloud/Consumer
View
 Cloud Security and the
Customer
• Assumed the customer/consumer will
relinquish
– Control
– Visibility
• Actually it
depends:
– Cloud
Model
Adapted
– What is
Cloud Security and the
CustomerRights and Control
Onsite Private Cloud
Scenario
Outsourced Private Cloud
Scenario
Onsite Community Cloud Scenario
Outsource Community Cloud Scenario
Public Cloud Scenario
Hybrid Cloud Scenario
 Hybrid Cloud Possibilities
• Disaster Recovery
• Role Specific Deployment
• Multi Cloud Configurations
• Cloud Bursting
 Assumptions
• Network dependency
• Consumer’s IT skills
• Transparent workload assignment
• Risks from multi-tenancy
• Data import/export and
performance limitations
 Terms of Service
• Service agreement
• Service Level Agreement (SLA)
• Internal agreement
• Memorandum of Understanding (MOU)
• Quality of Service (QoS)
• Provider promises
• Published agreement
 Promises
• Availability
• Remedies for failure to perform
• Data preservation
• Legal care of consumer
information
 Limitations
• Scheduled Outages
• Force Majeure Events
• Service Agreement Changes
• Security
• Service API Changes
 Obligations
• Acceptable Use Policies
• Licensed Software
• Timely Payments
 Recommendations
• Terminology
• Remedies
• Compliance
• Security, Criticality and
Backup
• Negotiated Service Agreement
• Service Agreement Changes
 Cloud Computing Implications
• Network Dependency
• IT Skills reduction
• Risks from Multi-tenancy
• Data Import/Export and performance
limitations
Scope and Control for the
Consumer
SaaS Abstraction Interaction
Dynamics
SaaS Software Stack Control
 SaaS Benefits
• Reduced Disruption
• Efficient use of Software Licenses
• Centralized Management of Data
• Platform Responsibilities managed by
providers
• Up front cost savings
 SaaS issues and concerns
• Browser based risks
• Network dependence
• Lack of Portability
 SaaS Application Suitability
• Business Logic
• Collaboration
• Office Productivity
• Software Tools
• Not suitable for any of the
following:
– Real time software
– Bulk consumer data
– Critical Software
 SaaS Recommendations
• Data Protection
• Client Device/Application
protection
• Encryption
• Secure data deletion
PaaS Abstract Interaction
Dynamics
PaaS Software Stack
Control
 PaaS Benefits
• Reduced Disruption
• Efficient use of Software Licenses
• Centralized Management of Data
• Platform Responsibilities managed by
providers
• Up front cost savings
 PaaS Issues and Concerns
• Browser based risks and risk
remediation
• Network Dependence
• Isolation vs. Efficiency
• Lack of Portability
• Event based Processor Scheduling
• Security Engineering
• Multiple Languages
 Paas Application Suitability
• PaaS implemented as
SaaS
• Application Classes
– Business Logic
– Collaboration
– Office Productivity
– Software tools
 PaaS Recommendations
• Generic Interfaces
• Standard Languages and
Tools
• Data Access
• Data Protection
• Application Frameworks
• Component Testing
• Security
• Secure Data Deletion
IaaS Abstract Interaction
Dynamics
IaaS Software Stack Control
IaaS Operational Overview
Operation of the Cloud
Manager
Operation of the Cluster
Managers
Operation of Computer
Managers
 IaaS Issues and Concerns
• Compatibility with legacy security vulnerabilities
• Virtual Machine Sprawls
• Verifying Authencity
• Robustness of VM level isolation
• Features for dynamic network configuration
• Data Erase practices
 IaaS Recommendations
• Multi-tenancy
• Data Protection
• Secure Data Deletion
• Administrative Access
• VM Migration
• Virtualization best practices
– NIST guide to security for full virtualization
technologies
Cloud Service Models
SWOT Analysis for Migrating to
Cloud
SWOT Analysis: Migrating to
Cloud
SWOT Analysis: Migrating to
Cloud
SWOT Analysis: Migrating to
Cloud
SWOT Analysis: Migrating to
Cloud
 General Value Proposition
• Technical
• Human
• Relational
 SaaS Value Proposition
• Typical
Customers
– Organizations
– End Users
– Administrators
• Consumer value
• Usage fees
 PaaS Value Proposition
• Typical Consumers
– Application developers
– Application testers
– Application deployers
– Application administrators
– Application end users
• Consumer Value
• Usage Fees
 IaaS Value Proposition
• Typical Consumers
– Small and Medium Business
– Enterprises
– Startups
– Communities
• Consumer Value
• Usage Fees
 General Cloud Computing Risks
• Complexity
 General Cloud Computing Risks
• Complexity
• Exposure of Critical Data
 General Cloud Computing Risks
• Complexity
• Exposure of Critical Data
• Technical and Economic
Concerns
 Risks: Computing
• Performance
Latency
– Not under control of Consumer
– Not under the control of Cloud Provider
– Decision to determine which applications will be cloud
based
 Risks: Computing
•
Performance
Offline Data synchronization
– When Consumer is offline (Requires version
control)
 Risks: Computing
• Performance
Scalable Programming
– For high performance computing needs for data
analytics
– For scientific studies etc.
– Many of the above environments requires a
careful rs implementation and
examination of cloud provide
environment
 Risks: Computing
• Performance
Data Storage Management poses
challenges
– Provisioning
– Local restriction
– Erasure verification
– Secure disposal
– Access control
 Risks: Cloud Reliability
• Reliability
– Hardware and Software
– Cloud providers personnel
– Connectivity
– Consumer’s personnel
• Measurement
– Composition
– Environment
– Intractable
 Risks: Network Dependence
• Continuous Service
• Complexity
– Health
– Contention
– Force Majeure
• Denial of Service
Attacks
 Risks: Cloud Provider
•
Outages
Inevitable downtime
– Attacks
– Errors
– Disasters
• Outage Frequency
• Frequency
• Resiliency
 Risks: Safety Critical
•
Processing
Loss of life or property
• Regulated by
government
• Pedigree
 Risks: Compliance
• Lack of visibility
• Physical Data
location
• Regulation
• Jurisdiction
• Forensics
 Risks: Information Security
• Risks of unintended disclosure
• Data Privacy
• System Integrity
• Multi-Tenancy
• Browsers
 Value/Risk: Open Source
• Software
Easy deployable
• Interoperability and
Standards
• Openness = vulnerability
• Loss of control
• Licensing risks
Up front costs
Operational costs
Annual Disinvestment Costs
Total Cost of Ownership
Selecting an IaaS provider
 IEEE P2301 Standard
• Portability and Interoperability
Standards
• Standards based choices
• Different Cloud personalities
 IEEE P2302 Standard
• Intercloud Interoperability and
Federation
• Requirements
• Advantages
• Participants
Intercloud Interoperability
 Management
• Recommendations
Data Migration
– Continuity of Operations
– Compliance
– Administrator staff
• Legal
– Operating process
– Acceptable use policies
– Licensing
– Patch Management
 Data Governance Recommendations
• Data Access
Standards
• Data Separation
• Data Integrity
• Data Regulations
• Data Disposition
• Data Recovery
 Security and Reliability
Recommendations
• Consumer side
vulnerabilities
• Encryption
• Physical
• Authentication
• Identity and access
management
• Performance
Requirements
 Virtual Machine Recommendations
• VM Vulnerabilities
– Other VMs
– Host
– Network
• VM Migration
 Software and Application
Recommendations
• Time Critical Software
• Safety Critical Software
• Application Development
Tools
• Application Run time
support
• Application configuration
• Standard programming
languages
 Success Factors
• Trust
• Core Competency
• Relational, Technical and
managerial
capabilities
 Course - Summary
• Critical
• Rigorous Decision Making process
• Comply with standards
• Compare all alternatives
• Use Best Practices