Docstoc

Cloud Computing Certification

Document Sample
Cloud Computing Certification Powered By Docstoc
					Cloud Computing Foundation




An Introduction to Could Computing Training by Simplilearn
Agenda

• Introduction
• History of Cloud computing
• Foundational Elements of Cloud Computing
• Principles of Cloud Computing
• Cloud Computing Security
• Secure Cloud Migration Paths
• Using the Cloud
• Implementing and Supporting the Cloud
• Managing Cloud Computing
• Evaluation of Cloud Computing
• Cloud Computing Case Studies and Security Models
1. Introduction
Course objectives

• Fundamental concepts of the cloud computing platform:
   – Deployment
   – Architecture
   – Design
• What made cloud possible
• Pro’s and cons, benefits and risks
• Standards and best practices
What you will learn?

After completing this course, you will be able to:
•Identify essential elements
•Describe the pros and cons
•Understand the business case for going to the cloud
•Describe how to build a cloud network
•Understand virtualization architecture
•Describe security and privacy issues
•Understand federation and presence
•Describe cloud computing standards and best practices
•Describe how mobile devices can be used in the cloud
Overview




           6
  The NIST Cloud Definition Framework

                                      Hybrid Clouds
Deployment
Models            Private              Community
                                                                                        Public Cloud
                  Cloud                  Cloud

Service           Software as a               Platform as a                             Infrastructure as a
Models            Service (SaaS)             Service (PaaS)                               Service (IaaS)

                                       On Demand Self-Service
Essential
                      Broad Network Access                                Rapid Elasticity
Characteristics
                        Resource Pooling                               Measured Service


                            Massive Scale                            Resilient Computing

Common                      Homogeneity                           Geographic Distribution
Characteristics             Virtualization                            Service Orientation
                        Low Cost Software                              Advanced Security
                                                 Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com
                                                                                                                                 7
History of Cloud Computing


Objective:
•Exploring the history of shared computing and the technological,
 economic, organizational enablers for Cloud Computing
•To learn about how technologies evolved from cluster , grid and
 virtualization into cloud computing
•To learn about datacenter architectures of grid, utility and
 virtual machines




                                                        8
            History of Cloud computing

    In principle, there were
    Cluster Computing
        for load balancing

    Grid computing
        many computers in a network solve a single problem

    Utility computing
        packaging of computing resources, such as computation, storage
         and services, as a metered service

    Virtualization
        decouple software and hardware
Trends
* distributed
                                   * grid computing        * utility computing              * cloud computing
computing




         * distributed computing       * grid computing   * utility computing   * cloud computing




                                                                                                    10
EXAMPLES

• Amazon
   • Elastic Compute Cloud (EC2)
   • Simple Storage Service (S3)
• Google’s App Engine
• Microsoft
   • Windows Azure
   • Microsoft SQL Services
   • Microsoft .NET Services
   • Live Services
   • Microsoft SharePoint Services and Microsoft Dynamics CRM
     Services


                                                         12
Example 1: Amazon Cloud


 • Amazon cloud components
    • Elastic Compute Cloud (EC2)
    • Simple Storage Service (S3)
    • SimpleDB
 • New Features
    • Availability zones
        • Place applications in multiple locations for failovers
    • Elastic IP addresses
        • Static IP addresses that can be dynamically remapped to point to
          different instances (not a DNS change)



                                                                        13
   Amazon Cloud Users:
   New York Times and Nasdaq (4/08)
• Both companies used Amazon’s cloud offering
• New York Times
   – Didn’t coordinate with Amazon, used a credit card!
   – Used EC2 and S3 to convert 15 million scanned news articles to PDF (4TB data)
   – Took 100 Linux computers 24 hours (would have taken months on NYT
     computers
   – “It was cheap experimentation, and the learning curve isn't steep.” – Derrick
     Gottfrid, Nasdaq
• Nasdaq
   – Uses S3 to deliver historic stock and fund information
   – Millions of files showing price changes of entities over 10 minute segments
   – “The expenses of keeping all that data online *in Nasdaq servers+ was too high.” –
     Claude Courbois, Nasdaq VP
   – Created lightweight Adobe AIR application to let users view data

                                                                                     14
   Example 2: IBM-Google Cloud

• “Google and IBM plan to roll out a worldwide network of servers for a cloud
  computing infrastructure” – Infoworld
• Initiatives for universities
• Architecture
    – Open source
        • Linux hosts
        • Xen virtualization (virtual machine monitor)
        • Apache Hadoop (file system)
            – “open-source software for reliable, scalable, distributed computing”
    – IBM Tivoli Provisioning Manager




                                                                                     15
Example 3: Microsoft Azure Services




Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das
                                                                          16
Windows Azure Applications,
Storage and Roles


                                  n                           m
           LB


                      Web Role                  Worker Role




                Cloud Storage (blob, table, queue)



 Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das
                                                                           17
     Grid Computing

• Distributed parallel processing across a network
• Key concept: “the ability to negotiate resource-sharing arrangements”
• Characteristics of grid computing
   – Coordinates independent resources
   – Uses open standards and interfaces
   – Quality of service
   – Allows for heterogeneity of computers
   – Distribution across large geographical boundaries
   – Loose coupling of computers




                                                                          18
Grid Computing
20
Utility computing



•Originally, time-sharing access to mainframe (1960’s)
•“Rediscovered” in late 1990’s as alternative to building and running your
own datacenter – build large datacenter and rent access to customers
    Sun, IBM, HP, Intel, and many others built datacenters and rented
    access to servers
•1990’s usage model:
    Long legal negotiations with strong service guarantees
    Long-term contracts (monthly/yearly)
    Approx. $1/hour pricing per physical computer
•Overall, this model was not commercially viable!
Utility Computing

• “Computing may someday be organized as a public utility” - John
  McCarthy, MIT Centennial in 1961
• Huge computational and storage capabilities available from utilities
• Metered billing (pay for what you use)
• Simple to use interface to access the capability (e.g., plugging into an
  outlet)




                                                                             22
Virtualization


  • Creation of a virtual (rather than actual) version of something, such as
     a hardware platform, operating system, a storage device or network
     resources.
    o Abstraction layer that decouples computation from physical
       resource
  • Motivations
    o Resource sharing with security and isolation
          Similar to multi-user/multi-programming
    o Ease of management
          Virtual machines (bits) vs.. physical resources (hardware)
          E.g.: start/stop, clone, migrate, suspend an entire virtual
           machine
     As flour is to a cookie, virtualization is to a cloud



                                                                               23
Cloud Enabling Technology: Virtualization


                Traditional and Virtualized stack

                                      App      App       App

    App     App      App              OS       OS        OS

      Operating System                      Hypervisor

          Hardware                          Hardware

      Traditional Stack                 Virtualized Stack
Many Types of Virtualization

• Full virtualization
• Hardware-assisted virtualization (IBM S/370, Intel VT, or AMD-V)
• Para-virtualization
• Operating System virtualization
Modern OS Virtualization

• Hardware-assisted virtualization is a key technological enabler for Cloud
  Computing
   – Provides complete isolation on commodity (low-cost) platforms
   – Enables multiplexing of many users onto single server
• Key contribution is minimal performance overhead (few percent) versus
  non-virtualized
   – However, high I/O applications incur many VM traps (high CPU
     overhead), limiting scalability and efficiency
• Challenge: true performance isolation for multiple applications
   – Many dimensions! (more in research discussion)
                                        Enterprise Software Revolution

Software as a Service (SaaS)

• SaaS is hosting applications on the Internet as a service (both
  consumer and enterprise)

• Jon Williams, CTO of Kaplan Test Prep on SaaS
    – “I love the fact that I don't need to deal with servers, staging,
      version maintenance, security, performance”

• Eric Knorr with Computerworld says that “*there is an+ increasing
  desperation on the part of IT to minimize application deployment and
  maintenance hassles”




                                                                          27
Three Features of
Mature SaaS Applications

• Scalable
    – Handle growing amounts of work in a graceful manner
• Multi-tenancy
    – One application instance may be serving hundreds of companies
    – Opposite of multi-instance where each customer is provisioned their
      own server running one instance
• Metadata driven configurability
    – Instead of customizing the application for a customer (requiring code
      changes), one allows the user to configure the application through
      metadata



                                                                         28   28
SaaS Maturity Levels

• Level 1: Ad-Hoc/Custom
• Level 2: Configurable
• Level 3: Configurable,
  Multi-Tenant-Efficient
• Level 4: Scalable,
  Configurable, Multi-
  Tenant-Efficient




                                                                 29     29
                           Source: Microsoft MSDN Architecture Center
  Examples of Companies offering SaaS

There are dozens of companies offering SaaS.
•Intuit QuickBooks
    •conventional application for tracking business accounting. With the
    addition of QuickBooks online, accounting has moved to the cloud.

•Google Apps
   •suite of applications that includes Gmail webmail services, Google
   Calendar shared calendaring, Google Talk instant messaging and Voice
   over IP
QUESTIONS


1.   What is cloud computing?
2.   What are the differences between grid, virtualization and
     cloud computing.




                                                        31
 Foundational Elements of Cloud Computing
Objective: To learn about the Technological enablers and Economic
enablers of cloud computing




                                                              32
Foundational Elements
of Cloud Computing

       Primary Technologies            Other Technologies
• Virtualization                   • Autonomic Systems
• Grid technology                  • Web application frameworks
• Service Oriented Architectures   • Service Level Agreements
• Distributed Computing
• Broadband Networks
• Browser as a platform
• Free and Open Source Software




                                                                  33
Service Level Agreements (SLAs)

• Contract between customers and service providers of the level of service to
  be provided
• Contains performance metrics (e.g., uptime, throughput, response time)
• Problem management details
• Documented security capabilities
• Contains penalties for non-performance




                                                                                34
Autonomic System Computing

• Complex computing systems that manage themselves
• Decreased need for human administrators to perform lower level tasks
• Autonomic properties: Purposeful, Automatic, Adaptive, Aware
• IBM’s 4 properties: self-healing, self-configuration, self-optimization, and
  self-protection




        IT labor costs are 18 times that of equipment costs.
        The number of computers is growing at 38% each year.


                                                                                 35
Platform Virtualization

• Host operating system provides an abstraction layer for running virtual
  guest OSs
• Key is the “hypervisor” or “virtual machine monitor”
    – Enables guest OSs to run in isolation of other OSs
    – Run multiple types of OSs
• Increases utilization of physical servers
• Enables portability of virtual servers between physical servers
• Increases security of physical host server




                                                                            36
Web Services


• Web Services
   – Self-describing and stateless modules that perform discrete units of
     work and are available over the network
   – “Web service providers offer APIs that enable developers to exploit
     functionality over the Internet, rather than delivering full-blown
     applications.” – Info world
   – Standards based interfaces (WS-I Basic Profile)
       • e.g., SOAP, WSDL, WS-Security
       • Enabling state: WS-Transaction, Choreography
   – Many loosely coupled interacting modules form a single logical system
     (e.g., legos)


                                                                     37   37
   Service Oriented Architectures


• Service Oriented Architectures
   – Model for using web services
       • service requestors, service registry, service providers
   – Use of web services to compose complex, customizable, distributed
     applications
   – Encapsulate legacy applications
   – Organize stove piped applications into collective integrated services
   – Interoperability and extensibility




                                                                             38
   Web application frameworks


• Coding frameworks for enabling dynamic web sites
   – Streamline web and DB related programming operations (e.g., web services
     support)
   – Creation of Web 2.0 applications
• Supported by most major software languages
• Example capabilities
   – Separation of business logic from the user interface (e.g., Model-view-
     controller architecture)
   – Authentication, Authorization, and Role Based Access Control (RBAC)
   – Unified APIs for SQL DB interactions
   – Session management
   – URL mapping
• Wikipedia maintains a list of web application frameworks



                                                                                39
Free and Open Source Software

• External ‘mega-clouds’ must focus on using their massive scale to reduce
  costs
• Usually use free software
   – Proven adequate for cloud deployments
   – Open source
   – Owned by provider
• Need to keep per server cost low
   – Simple commodity hardware
       • Handle failures in software




                                                                             40
Public Statistics on Cloud Economics




                                       41
Cost of Traditional Data Centers

• 11.8 million servers in data centers
• Servers are used at only 15% of their capacity
• 800 billion dollars spent yearly on purchasing and maintaining enterprise
  software
• 80% of enterprise software expenditure is on installation and maintenance
  of software
• Data centers typically consume up to 100 times more per square foot than a
  typical office building
• Average power consumption per server quadrupled from 2001 to 2006.
• Number of servers doubled from 2001 to 2006




                                                                          42
  Energy Conservation and Data Centers

• Standard 9000 square foot costs $21.3 million to build with $1 million in
  electricity costs/year
• Data centers consume 1.5% of our Nation’s electricity (EPA)
    – .6% worldwide in 2000 and 1% in 2005
• Green technologies can reduce energy costs by 50%
• IT produces 2% of global carbon dioxide emissions




                                                                              43
Cloud Economics


• Estimates vary widely on possible cost savings
• “If you move your data Centre to a cloud provider, it will cost a tenth of the
  cost.” – Brian Gammage, Gartner Fellow
• Use of cloud applications can reduce costs from 50% to 90% - CTO of
  Washington D.C.
• IT resource subscription pilot saw 28% cost savings - Alchemy Plus cloud
  (backing from Microsoft)
• Preferred Hotel
    – Traditional: $210k server refresh and $10k/month
    – Cloud: $10k implementation and $16k/month




                                                                                   44
2. Principles of
   Cloud Computing
2.1

THE CONCEPT OF CLOUD
COMPUTING
Overview




           47
Cloud Computing: Examples

• Examples
   – webmail, web based office tools
   – customer relation management tools (CRM), backup
    services
   – drop box, slide share, Wikispaces, social media
   – online games
What is Cloud Computing




“Clouds are a large pool of easily usable and accessible virtualized resources
(such as hardware, development platforms and/or services).
These resources can be dynamically reconfigured to adjust to a variable load
(scale), allowing also for an optimum resource utilization.
This pool of resources is typically exploited by a pay-per-use model in which
guarantees are offered by the Infrastructure Provider by means of customized
SLAs.”

                                 (ACM, Association of Computing Machinery)
Key notions in Cloud Computing

• Service based
• Uses internet technologies
• Scalable and elastic
• Shared
• Metered by use
• Virtualized resources


           “Cloud computing is not a product you buy. It’s not a SKU. It’s not
           a technology. It’s an IT delivery model.”

                     (Mike Martin, Director of Cloud Computing for Logicalis)
Virtualization




    It does not matter where hardware, applications
    or data is located in the cloud, as long as we can
    access and use it.
Key Features of Virtualization

• Flexibility
• Deployability
• Elasticity
• Centralization of resources
• Memory and processor requirements

• Failover capabilities

• Features continue to emerge
The Cloud and Collaboration

• Reach extender
   – to suppliers and customers

• Communication enabler, enhancing communication with:
   – suppliers
   – customers
   – employees

• Employee enabler
   – less travel time
   – virtual office access
   – just-in-time access
Public, Private and Hybrid Clouds
2.2

THE EVOLUTION OF
CLOUD COMPUTING
Overview
Standalone Mainframes


Benefits                     Limitations
• Dedicated Hardware for     • Limited memory
  single tasks               • Limited storage
• Multitasking and time-     • Expensive
  sharing                    • Difficult deployment
• Early virtualization and
  multi-processing
Communication Systems


Two forms                 Uses
• Dedicated leased line   • Time sharing services
• Dial-up                 • Multitasking operating
                            systems
                          • Dumb tubes
                          • Communication controllers
                          • Remote terminal access
                          • Remote Job Entry
Minicomputers

                • Smaller
                • Less expensive
                • Multi-user
                • Mulri-tasking
                • Proprietary and
                  ‘standard’ operating
                  systems (UNIX)
                • Expanded
                  communication
                  (including LANs)
Local Area Networking
Microcomputers



                 • Even smaller
                 • Single user
                 • Rudimentary operating
                   system
                 • Limited memory and
                   storage
Internet

• Initial goals
    – Reliable communication
     • Even in the event of partial equipment or network failure
  – Connectivity
     • With different types of computer and operating systems
  – Cooperative effort
     • Not a monopoly
• International, world-wide network
Virtualization

• Virtualization is not a new concept
• Around since the 1970s in mainframe environments




                 Example: 1972 IBM VM/370
The Cloud
Internet Vision




 “As of now, computer networks are still in their infancy. But as they
 grow up and become more sophisticated, we will probably see the
 spread of computer utilities which, like present electric and telephone
 utilities, will service individual homes and offices across the country’’
                                         Leonard Kleinrock, 1969
Managed Services Provider Model
to Cloud Computing and SaaS

Early managed networks    Evolution
• Frame Relay             • High-speed
• ATM                     • High-bandwidth internet
• Proprietary protocols   • Standard protocols
                          • Standard services
What’s Next in Cloud Computing?

• The cloud may never mature

• Thin client based access

• General purpose applications in the cloud
2.3

CLOUD COMPUTING
ARCHITECTURES
Overview
Cloud Computing Architecture
Single Purpose Architectures Migrate to
Multipurpose Architectures

Single-purpose            Multipurpose
• Mainframe               • Any application on any
• General applications      server
• Time-sharing            • Interface to large storage
• Airline reservations    • Interface to large
                            computers
Service-Oriented Architectures

• Single service functions
• Services loosely coupled
• Services can be used by different applications
Cloud Services

Cloud service offerings:
   – CaaS
     (Communication-as-a-Service)
   – SaaS
     (Software-as-a-Service)
   – PaaS
     (Platform-as-a-Service)
   – IaaS
     (Infrastructure-as-a Service)
   – MaaS
     (Monitoring-as-a-Service)
Communication-as-a-Service



                        • Offsite communications
                          service provider
                        • Voice over IP
                        • Instant messaging
                        • Video teleconferencing
Software-as-a-Service

• Software hosted offsite   • Little or no change to
• As-is software package      application
• Vendor has high           • User has little flexibility
  knowledgeable level       • User locked into
• Mash-up or plug-in          vendor
• External software used
  with internal
  applications (hybrid
  cloud)
Platform-as-a-Service

• Remote application
  development
• Remote application
  support
• Portability among
  vendors
• Lower cost of
  development
Infrastructure-as-a-Service

                              • Hardware service
                                providers (HaaS)
                              • Rent what you need
                              • Servers
                              • Network equipment
                              • (Virtual) CPU
                                availability
                              • Storage
                              • Hosting companies
Monitoring-as-a-Service



• External monitoring
  services
• Servers
• Disk utilization
• Applications
• Networking
• Specialized skill set
Tiered Architecture
Server Virtualization Architectures

• The Hypervisor
• Virtualization as the Operating System
• Virtualization with a host Operating System
The Hypervisor

• AKA: Virtual Machine Monitor (VMM)
• The foundation of virtualization
• Interfaces with hardware
    – Replace the operating system
    – Intercept system calls
    – Operate with the operating system
    – Hardware isolation
    – Multi-environment protection
Virtualization as the ‘Operating System’



            Application       Application       Application
            Programs          Programs          Programs
          Guest Operating   Guest Operating   Guest Operating
             System            System            System

                              Hypervisor
                    Virtual Operating Environment

                             Hardware




   Type 1 Hypervisors are seen as the principle operating system.
Virtualization with a Host Operating System



          Application          Application         Application
          Programs             Programs            Programs
        Guest Operating      Guest Operating     Guest Operating
           System               System              System

                               Hypervisor
                          Virtualization Layer

                        Host Operating System


                              Hardware
Data Center Architecture for Cloud

• Communications capacity

• Public Internet
• Private Intranet & Private Cloud

• Routing to the
  datacenter
• Moving data within
  the local datacenter
• Bandwidth

• Security
2.4

BENEFITS AND LIMITATIONS
OF CLOUD COMPUTING
Overview
Cloud Computing Benefits

• Reduced Costs
• Increased storage
• Highly automated
• Flexibility
• More mobility
• Allows IT to shift focus
• Going Green
• Keeping things up to date
Cloud Computing Limitations

• Security
    – Is data adequately protected?
    – Is it hacker proofed?
• Data location and privacy
    – Where is it stored?
    – Regulatory concerns
• Internet dependency
    – Bandwidth and latency
• Availability and service levels
    – SLA requirements
• Enterprise application migration
Exercises – Quiz

1. Which of the following is not a cloud deployment model?
   a) Private
   b) Protected
   c) Public
   d) Hybrid
   e) Community
2. Which of the following is not an essential characteristic of
    cloud computing?
   a) Free
   b) Scalable
   c) Virtualized
   d) On demand
   e) Metered
Exercises – Quiz

3. Which of the following is not a cloud architecture?
   a) IaaS
   b) PaaS
   c) HaaS
   d) SaaS
4. Which of the following is a benefit of using cloud computing?
   a) Security
   b) Availability
   c) Compliance
   d) Bandwidth guarantees
   e) Reduced costs
Exercises – Quiz

5. In this model, formerly known as hardware as a service (HaaS),
an organization outsources business components such as
servers, storage and networking equipment. What is it?
    a) Infrastructure as a Service (IaaS)
    b) Platform-as-a-Service (PaaS)
    c) Software-as-a-Service (SaaS)
    d) None of the above
6. Infrastructure as a Service (IaaS) provides:
    a) Servers
    b) Storage
    c) Network equipment
    d) All the above
Exercises – Quiz
7. What is Cloud Computing replacing?
    a) Corporate data centers
    b) Expensive personal computer hardware
    c) Expensive software upgrades
    d) All of the above

8. The hypervisor is also know as
    a) Virtual Machine Monitor
    b) Middleware
    c) Both of the above
    d) None of the above

9. The "Cloud" in cloud computing represents what?
    a) Wireless
    b) Hard drives
    c) People
    d) Internet
Cloud Computing Security

Objective : to learn about the security risks and advantages of the cloud




                                                               93
Security is the Major Issue




                              94
Cloud Security Challenges
 •     Data dispersal and international privacy laws
     •    EU Data Protection Directive and U.S. Safe Harbor program
     •    Exposure of data to foreign government and data subpoenas
     •    Data retention issues
 •     Need for isolation management
 •     Multi-tenancy
 •     Logging challenges
 •     Data ownership issues
 •     Quality of service guarantees
 •     Dependence on secure hypervisors




                                                                      95
Cloud Security Challenges ..
•     Attraction to hackers (high value target)
•     Security of virtual OSs in the cloud
•     Possibility for massive outages
•     Encryption needs for cloud computing
    •     Encrypting access to the cloud resource control interface
    •     Encrypting administrative access to OS instances
    •     Encrypting access to applications
    •     Encrypting application data at rest
•     Public cloud vs. internal cloud security
•     Lack of public SaaS version control
Cloud Security Advantages

•   Data Fragmentation and Dispersal
•   Dedicated Security Team
•   Greater Investment in Security Infrastructure
•   Fault Tolerance and Reliability
•   Greater Resiliency
•   Hypervisor Protection Against Network Attacks
•   Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds)




                                                                             97
Cloud Security Advantages..

 • Simplification of Compliance Analysis
 • Data Held by Unbiased Party (cloud vendor assertion)
 • Low-Cost Disaster Recovery and Data Storage Solutions
 • On-Demand Security Controls
 • Real-Time Detection of System Tampering
 • Rapid Re-Constitution of Services
 • Advanced Honeynet Capabilities




                                                           98
Security Relevant Cloud Components

•   Cloud Provisioning Services
•   Cloud Data Storage Services
Security Relevant Cloud Components..
  •   Cloud Processing Infrastructure
  •   Cloud Support Services
  •   Cloud Network and Perimeter Security

  Elastic Elements: Storage, Processing, and Virtual Networks




                                                                100
Additional Issues


•     Issues with moving PII and sensitive data to the cloud
    –     Privacy impact assessments
•     Using SLAs to obtain cloud security
    –     Suggested requirements for cloud SLAs
    –     Issues with cloud forensics
•     Contingency planning and disaster recovery for cloud implementations
•     Handling compliance
    –     FISMA
    –     HIPAA
    –     SOX
    –     PCI
    – SAS 70 Audits




                                                                             101
Comparisons
Examples of cloud advantage

• Social networking systems will evolve into collaborative management
  systems.
• Homesourcing becomes mainstream.
• Corporate processes become decentralized.
• Smart phones evolve with cloud apps
    • access to wireless broadband.
    • productivity apps over the cloud for corporate use.
The Business Case for Going to the Cloud -
Examples


•Eli Lilly and Company is one company that has moved to Amazon EC2 as
part of their IT operations.
 Secure Migration Paths
 for Cloud Computing

Objective:
The reasons ‘Why’ migration to cloud is a good idea
and ‘How’ to implement secure Cloud Migration




                                                      105
Balancing Threat Exposure and Cost
Effectiveness

• Private clouds may have less threat exposure than community clouds
  which have less threat exposure than public clouds.
• Massive public clouds may be more cost effective than large community
  clouds which may be more cost effective than small private clouds.




                                                                          106
Cloud Migration and Cloud Security
Architectures
• Clouds typically have a single security architecture but have many
  customers with different demands
    – Clouds should attempt to provide configurable security mechanisms
• Organizations have more control over the security architecture of private
  clouds followed by community and then public
    – This doesn’t say anything about actual security
• Higher sensitivity data is likely to be processed on clouds where
  organizations have control over the security model




                                                                              107
Migration Paths for Cloud Adoption

• Use public clouds
• Develop private clouds
   – Build a private cloud
   – Procure an outsourced private cloud
   – Migrate data centers to be private clouds (fully virtualized)
• Build or procure community clouds
   – Organization wide SaaS
   – PaaS and IaaS
   – Disaster recovery for private clouds
• Use hybrid-cloud technology
   – Workload portability between clouds



                                                                     108
Migration standards

Cloud Standards Mission: Provide guidance to industry and government
  for the creation and management of relevant cloud computing standards
  allowing all parties to gain the maximum value from cloud computing
NIST and Standards



 • NIST wants to promote cloud standards:
    – We want to propose roadmaps for needed standards
    – We want to act as catalysts to help industry formulate their own
      standards
        • Opportunities for service, software, and hardware providers
    – We want to promote government and industry adoption of cloud
      standards




                                                                         110
                                                                         11
Goal of NIST Cloud Standards Effort

 • Fungible clouds
    – (mutual substitution of services)
    – Data and customer application portability
    – Common interfaces, semantics, programming models
    – Federated security services
    – Vendors compete on effective implementations
 • Enable and foster value add on services
    – Advanced technology
    – Vendors compete on innovative capabilities




                                                         111
A Model for Standardization
and Proprietary Implementation


 • Advanced features
                           Proprietary Value
                           Add Functionality
 • Core features



                       Standardized Core
                       Cloud Capabilities


                                               112
 Proposed Result



• Cloud customers knowingly choose the correct mix for their organization of
    – standard portable features
    – proprietary advanced capabilities




                                                                               113
A proposal: A NIST Cloud
Standards Roadmap

 • We need to define minimal standards
    – Enable secure cloud integration, application portability, and data
      portability
    – Avoid over specification that will inhibit innovation
    – Separately addresses different cloud models




                                                                           114
                                                                           11
Towards the Creation of a Roadmap (I)

• Thoughts on standards:
   – Usually more service lock-in as you move up the SPI stack (IaaS->PaaS->SaaS)
   – IaaS is a natural transition point from traditional enterprise datacenters
       • Base service is typically computation, storage, and networking
   – The virtual machine is the best focal point for fungibility
   – Security and data privacy concerns are the two critical barriers to adopting
     cloud computing




                                                                               115
Towards the Creation of a Roadmap (II)

• Result:
   – Focus on an overall IaaS standards roadmap as a first major deliverable
   – Research PaaS and SaaS roadmaps as we move forward
   – Provide visibility, encourage collaboration in addressing these standards
     as soon as possible
   – Identify common needs for security and data privacy standards across
     IaaS, PaaS, SaaS




                                                                                 116
A Roadmap for IaaS



• Needed standards
   – VM image distribution (e.g., DMTF OVF)
   – VM provisioning and control (e.g., EC2 API)
   – Inter-cloud VM exchange (e.g., ??)
   – Persistent storage (e.g., Azure Storage, S3, EBS, GFS, Atmos)
   – VM SLAs (e.g., ??) – machine readable
       • uptime, resource guarantees, storage redundancy
   – Secure VM configuration (e.g., SCAP)




                                                                     117
A Roadmap for PaaS and SaaS

• More difficult due to proprietary nature
• A future focus for NIST

• Standards for PaaS could specify
    – Supported programming languages
    – APIs for cloud services
• Standards for SaaS could specify
    – SaaS-specific authentication / authorization
    – Formats for data import and export (e.g., XML schemas)
    – Separate standards may be needed for each application space




                                                                    118
Security and Data Privacy Across IaaS,
PaaS, SaaS

  • Many existing standards
  • Identity and Access Management (IAM)
      – IdM federation (SAML, WS-Federation, Liberty ID-FF)
      – Strong authentication standards (HOTP, OCRA, TOTP)
      – Entitlement management (XACML)
  • Data Encryption (at-rest, in-flight), Key Management
      – PKI, PKCS, KEYPROV (CT-KIP, DSKPP), EKMI
  • Records and Information Management (ISO 15489)
  • E-discovery (EDRM)




                                                              119
3. Using the Cloud
Overview
3.1

ACCESSING THE CLOUD
Overview
Web Browsers
Web Applications


Applications       Issues
• Google Gmail     • Security
• Yahoo Mail       • Interoperability
• Twitter          • Bandwidth
• Zimbra           • Latency
• Salesforce       • Design
• Dropbox
• Skype
•…
Cloud Access Architecture

• Client software for emulation
• Networking protocol with security features
• Server software to intercept and interpret client requests
• Keyboard access
• Mouse access
• Peripheral device support
   – Sound
   – Printing
   – Others
Thin Clients

• What makes them thin?
• Network connectivity (wired and wireless)
• No moving parts (possibly a fan)
• Keyboard, monitor, and USB connections
• Sound card
• Embedded terminal services client
   – RDP, VNC, etc.
• Green features: Small footprint
   – Low heat; Low power consumption
     (starting at 6 Watt)
   – Low disk space
3.2

MOBILITY IN THE CLOUD
Overview
Smartphones
Collaboration Applications for Mobile platforms

• Text messaging

• iPhone applications

• BlackBerry applications

• Android applications
Text Messaging

• Universal communication path, two forms:
   – SMS
   – MMS
• Communicate:
   – Phone to phone
   – Computer to phone
• Hidden costs:
   – Loss of productivity
   – Loss of security
   – Loss of safety
Basic Mobile Application Issues

• Limited landscape

• Security
   – Data security on the phone
   – Phone access protection
   – Eavesdropping or shoulder surfing
   – Must have application enforced encryption
   – WAP gap
• Similar but not always equal
• Usefulness vs. fun to have
Location Independence

• Don’t care where it is, as long as we can get to it

• Depends on
   – Network
   – Security
   – Vendor or internal IT
   – Application meeting needs
• Location independence promotes
  an environment that is
   – Flexible
   – Fail-save
   – Fail-soft
Exercises – Quiz
1. Example of Web application is
    a) Google mail
    b) Twitter
    c) Skype
    d) All the above

2. Platform as a service is
    a) Google App engine
    b) Salesforce CRM
    c) Rackspace servers
    d) Google mail

3. Which of these companies is not a leader in cloud computing?
   a) Google
   b) Amazon
   c) Blackboard
   d) Microsoft
Exercises – Quiz
4. Which is not a major cloud computing platform?
   a) Google 101
   b) IBM Deep blue
   c) Microsoft Azure
   d) Amazon EC2

5. Which one of these is not a key notion in cloud computing?
   a) Free
   b) Service based
   c) Scalable
   d) shared
   e) Virtualized resources

6. Which of these is not a major type of cloud computing usage?
   a) Hardware as a Service
   b) Platform as a Service
   c) Software as a Service
   d) Infrastructure as a Service
Exercises – Quiz
7. An Internet connection is necessary for cloud computing interaction.
    a) True
    b) False

8. Mobile platforms are supporting
    a) Iphone applications
    b) Blackberry applications
    c) Android applications
    d) All the above

9. What enables Thin Clients to work?
   a) Network connectivity
   b) Keyboard
   c) USB connections
   d) All the above
Exercises – Quiz
10. Location independence promotes an environment that is
    a) Flexible
    b) Fail-save
    c) Fail-soft
    d) All the above
4. Security and Identity Management
Overview
4.1

SECURITY AND THE CLOUD
Overview
Confidentiality, Integrity and Availability

• Confidentiality
    – No unauthorized access
    – Privacy and data protection
    – Encryption
    – Physical security
• Integrity
    – Information is accurate and authentic
• Availability
    – When needed, where needed by authorized users
    – 5 nines standard: 99.999%
Authentication, Authorization and Accountability

• Authentication
   – Authorized user?
   – Prove identity with something you
     • Know (password)
     • Have (RSA token device)
     • Are (fingerprint or retina scan)
• Authorization
   – What can an authorized person do?
• Accountability
   – Audit access and applications
   – Review logs periodically
Virus Infections on Virtualized Environments


Virus infections on
• Type 1 virtualized
  environment

• Type 2 virtualized
  environment

• Client Operating System
Virus Infections on Type 1 Virtualized Environments

• Viruses invade below the hypervisor layer
• Viruses intercept and react with hypervisor request to hardware


            Application       Application       Application
            Programs          Programs          Programs
          Guest Operating   Guest Operating   Guest Operating
             System            System            System

                              Hypervisor
                    Virtual Operating Environment

                                Virus


                             Hardware
Virus Infections on Type 2 Virtualized Environments

• Viruses infect host OS below the hypervisor layer
• Viruses intercept an react with hypervisor requests to hardware


            Application          Application         Application
            Programs             Programs            Programs
          Guest Operating      Guest Operating     Guest Operating
             System               System              System

                                 Hypervisor
                            Virtualization Layer

                                   Virus


                          Host Operating System

                                Hardware
Client Operating System Virus Infections

• Viruses infect Guest OS

• Need Antivirus software
  on each guest

• Benefits:
   – Guests are separated
     from each other
   – No impact to hypervisor
   – No impact to host OS
4.2

IDENTITY MANAGEMENT
Overview
Cloud-based Identity Management

• Federation Management
• Using multi-system identity information for a ‘global’, single-sign-
  on environment
• Based on trust relationships
• Often standards-based
   – Ensure compliance
   – Allows interoperability
Federation: Example




   One federated or trusted login is
   sufficient for all three parties in
   this example: each trust the
   other to identify the user.
Federation: Implementation

• Information card components:
    – Subject is identity holder
    – Digital identities are issued for subject by identity providers
    – Relying parties accept identity
    – Similar to a personal digital credit card
• Using a PKI and Digital Certificate
• Microsoft CardSpace
    – More flexible than username and password
    – Consistent user experience
• OpenID
    – Emerging
Federation Levels

• Permissive: no verification
• Verified: DNS and domain keys verified
   – Not encrypted
   – DNS poison
• Encrypted: TLS and digital certificates
   – Certificates may be self-signed
   – Weak identity verification
• Trusted: TLS and digital certificates from root CA
   – Encrypted
   – Strong authentication
Presence in the Cloud

• Individual presence: Foundation for Information Management
    – Are you here?
    – Are you logged in?
    – Are you busy?
• Hardware services
    – Hardware type
    – Hardware feature
• Location: GPS
• Pub-Sub: Publish and Subscribe
    – Facebook has friends and fans
    – IM has buddies
Leveraging Presence

• Subscribe from anywhere

• Publish from anywhere

• Wide range of options

• Many development possibilities
Presence Protocols

• IMPS
   – Cell phones
• SIP
   – Subscribe
   – Notify
• SIMPLE
   – Messaging
• XMPP
   – XML based
Presence Enabled

• Instant Messaging (IM)

• Soft Phone

• Hard Phone

• Web page logins
The Future of Presence

• Continual development

• Location Centric Cloud Services
   – Access based on where you are
   – Service depending on where you are

• Using standards for full integration
The interrelation of Identity, Presence and Location

• Digital Identity
   – Traits
   – Attributes
   – Preferences



• Digital identity, presence and location determine available
  services and capabilities
Identity Management Solutions

• Claim-based solutions

• Identity-as-a-Service (IDaaS)

• Compliance-as-a-Service (CaaS)
Claim-based Solutions

• Method to introduce a
  claim to a resource
• Recall previous
  information on a claim
• Extended to include
  multiple point of truth
  – Active Directory controller
   for a domain is single point
   of truth for a domain
  – Federated identity is
   multiple points of truth
     • Hotel
     • Airline
     • Rental Car
Identity-as-a-Service

• Provider based identity services

• SSO for web

• Strong authentication

• Across boundary federation

• Audit and compliance
Compliance-as-a-Service

• Regulatory compliance

• Difficult to establish audit compliance in third-party contracts

• New service possibilities:
   – Multi-regulation compliance verification
   – Continuous audit
   – Threat intelligence
Privacy

• Confidentiality of personal information is paramount

• Must comply with laws and regulations
   – HIPAA
   – GLBA
   – EU, Canadian, Australian, … privacy statutes/acts

• Clouds are international in nature, making privacy issues difficult
Personal Identifiable Information (PII)

• Forms of identification
• Contact information
• Financial information
• Health care information
• Online activity
• Occupational information
• Demographic information
Privacy Related Issues

• Notice: The user is given a privacy notice
• Choice: The user can choose which information to enter
• Consent: The use accept terms and conditions

The user should be informed about:
  – Use: What is the intended use of information?
  – Access: Who will have access?
  – Retention: How long is the information stored?
  – Disposal: When and how will the information be disposed?
  – Security: How is security provided?
International Privacy

• European Union
   – EU Data Protection Directive (1998)
   – EU Internet Privacy Law (DIRECTIVE 2002/58/EC, 2002)
   – Laws an privacy standards of the member states

• Japan
   – Personal Information Protection Law
   – Law for Protection of Computer Processed Data Held by
     Administrative Organs (1988)

• Canada
   – Privacy Act (1983)
   – PIPEDA (Bill C-6)
Safeguards

• Effective Access Control and Audit
   – Single Sign On (SSO)
   – Strong authentication
   – Audit log

• Secure Storage
   – Encryption
   – Integrity

• Secure Network Infrastructure
   – Encryption protocols
   – Integrity protocols
Exercises – Quiz
1. Which of these should a company consider before implementing cloud computing
technology?
    a) Employee satisfaction
    b) Potential cost reduction
    c) Information sensitivity
    d) All of the above
2. What is the most important drawback of cloud computing?
    a) Compliance
    b) Regulation
    c) Security
    d) Availability
3. The CIA triangle is made up of
    a) Correctness, Integrity and Availability
    b) Confidentiality, Integrity and Availability
    c) Confidentiality, Infrastructure and Availability
    d) Confidentiality, Integrity and Authentication
Exercises – Quiz
4. The CIA triangle is implemented using
    a) Encryption
    b) Access control lists
    c) Auditing
    d) All the above
5. Which of the following is true about viruses
    a) Viruses invade below the hypervisor layer
    b) Viruses intercept and react with hypervisor request to hardware
    c) Viruses infect Guest OS
    d) All the above
6. Federation is implemented using
    a) PKI and Digital certificate
    b) Biometric login
    c) Username and password
    d) None of the above
Exercises – Quiz
7. Which of the following is not a federation level?
    a) Verified
    b) Signed
    c) Encrypted
    d) Trusted
8. Which of the following is not an Identity Management Solutions
    a) Claim-based solutions
    b) Presence as a Service
    c)   Identity-as-a-Service (IDaaS)
    d) Compliance-as-a-Service (CaaS)
9. Which of the following standards is not used for handling security and compliance
    a) FISMA
    b) HIPAA
    c) X.800 standard
    d) SAS 70 Audits
Exercises – Quiz
10. Cloud computing has the following advantage over in-house computing
    a) Requires little or no capital investment
    b) No need to deploy backup and disaster recovery
    c) Does not require IT staff to attend to servers, applications etc.
    d) All the above
5. Implementing and Managing Cloud Computing
Overview
5.1

BUILDING LOCAL CLOUD
NETWORKS
Overview
Local Database Center-based Cloud

• Standards based
• Independent components
• Message based
• Location independence
• Seamless replication across sites
• Seamless disaster recovery across sites
Independent Components
Message Base

• Assures consistency and portability between components
• Uses messaging protocols
   – Object Oriented: SOAP, JSON, REST
   – Support Websites: HTTP and HTML
   – E-mail: SMTP, POP3, IMAP
• Requires middleware for message protocol conversion
Communications Capacity

• Requires plenty of bandwidth
   – Difficult to measure without detailed analysis

• Measuring network utilization:
   – Transaction-based
   – Process-based
   – Application-based
Private Intranet and Private Cloud

• Under control of the own organization
   – Your own infrastructure
   – Engineered to your needs

• Cost factors
   – Hardware
   – Circuits
   – Global reach
   – Engineering
   – On going support
   – Outages

• Internal Security
Routing to the Data Center

• Sufficient routing hardware
• Sufficient circuits
• High bandwidth
• Low latency
• Advanced routing processes such as MPLS
• Quality of Service
• Data vs. Voice
Moving Data within the Local Data Center

• High-speed internal circuits
• VLAN for traffic isolation and security
• Campus area networks
• Wide area Ethernet
• Wireless
• Internal security
Storage Capacity

• Exactly how much do you need?
• How much can you afford?
• What features do you need?
   – Speed vs. capacity
   – Green is great
   – Lower cost options
     • SAS
     • SATA
     • Virtual (networked) disk
Network Attached Storage

• Disk storage used to store file-based records such as:
   – Documents
   – Pictures
   – Scanned images
• Server software simplified
• Disk access and security
• Multiple access methods:
   – CIFS (Windows)
   – NFS (Unix)
Multi-site

• Multiple sites assists with disaster recovery and avoidance
   – Multiple access routes
   – Streamline user pathways
Monitoring

• Monitoring disk usage and performance
• Build baseline and trend analysis
• Expand as needed
• Consider physical plant requirements
   – Electrical
     • UPS
     • Generator
  – HVAC
  – Floor space
Server Software Environments
That Support Cloud Computing

• Server capacity
• Virtualization
• Clustering and High Availability (HA)
• Expansion
• Server functions
Server Capacity

• Services being provided
   – Applications
   – Processes
• Speed and features
   – Processors: SMP vs. Cores
   – Memory
   – Local disk and Network disk
• Vendor support
Cloud Applications
Open Source Software in Data Centers

• Cost reduction vs. reliability
• Not necessarily for free
   – Free based support
   – Hidden costs
• Server software
   – Apache
   – Jetty
   – Zend
• Databases
   – MySQL
   – postgresSQL
Establishing a Baseline for Cloud Performance

• Connection speed
• Datastore (delete and read times)
• Deployment latency
• Lag time
Connection Speed

• If the network is fast, the cloud succeeds

• Bandwidth: Measure of network throughput
   – bps/Bps: bits/Bytes per second
   – Rating: network capacity or throughput?
   – 54Mbps wireless is really 22 Mbps

• Latency: Delay
   – Firewalls, routers, servers
   – Congestion factors
Public Internet

• Using the public internet can be risky:
   – Target of DDOS
   – Recent attacks show vulnerabilities
   – No way to regulate bandwidth consumption
   – Now way to regulate bandwidth availability
   – Criticality vs. cost
   – External security
Data Protection and Partitioning



Brewer Nash                          Fibre Channel
Security Model                       Security
   • Information barriers                • Zoning
   • Eliminating conflict of             • LUN Masking
     interest



       Protection across operating systems and virtual servers
5.2

SUPPORTING THE USE OF
CLOUD COMPUTING
Overview
Virtual Private Network

• Remote access gives participant full network use
• Tunnel mode
   – Transparent connection, clients not aware of tunnel
   – All traffic encrypted
• Transport mode
   – Requires use of VPN client software
   – IP addresses not encrypted
• Security risks in both modes
Content Management Systems

• Collaboration tool
• Allows large number of people to share stored data
• Controls access to data, based on user roles
• Aids in easy storage and retrieval of data
• Reduces repetitive duplicate input
• Improves the ease of report writing
• Improves communication between users
Scripting Languages
Content Formatting Languages




   HTML           XML          JSON
Backup and Recovery


Backup                     Recovery
   • Short term and           • Frequent planned
     archival storage           exercises
   • Compliance               • Master the process!
   • May use replication
     locations
Disaster Recovery Solutions


Methods                     Coverage Solutions
   • Multi-site locations      • Failover
   • Long distance
     ‘clustering’              • Fail-safe
   • Specialized
     software and              • Fail-soft
     dedicated ‘pipes’
5.3

STANDARDS IN CLOUD
COMPUTING
Overview
Standards and Best Practices

Information Management
   – COBIT, ISO/IEC 38500
   – BiSL
Service Management
   – ITIL
   – ISO/IEC 20000
Security Management
   – ISO/IEC 27001
Application Management
   – ASL
Technical Standards
   – IEEE, OSI, ISO/IEC
The Case for Standards


                       Common
                         ground




                                       Multiple
          General
                      Standards      providers and
          accepted
                       provide         multiple
          practices
                                     applications




                       Portability
Using Industry and International Standards

• Standards assist in
   – Portability
   – Uniformity
• Standards organizations are not standard
   – IEEE and others for physical networks
   – ISO and IETF for logical networking
   – Consortia and others for applications and middleware
   – ISO and others for management and security
• Commonality of standards regardless of source
Open Cloud Consortium

• Supports the development of standards and interoperability
  frameworks
• Develops cloud computing benchmarks
• Supports open source reference implementations
• Manages cloud computing test beds
• Manages infrastructure to support scientific research
Web-based Enterprise Management

• WBEM is a set technologies
   – Unifying management of computing environments

• Core set of standards
   – CIM, CIM-XML, CIM Query Language
   – SLP and URI mapping
• Extensible
   – Facilitating the development of reusable and platform-neutral
     tools and applications
Web Services Management

• WS-MAN specification promotes interoperability between
  applications and resources
• Features:
   – Discover managed devices
   – Get and put information from and to managed devices
   – Create and delete dynamic settings and values
   – Enumerate contents
   – Subscribe to generated log records
   – Execute management processes
Distributed Management Taskforce

• Facilitates a collaborative effort within the IT industry to develop,
  validate and promote standards for systems management
• 4000 active participants from 43 countries
• 160 member companies and organizations
Storage Management Initiative Specification ( SMI-S)

• Solves the problem of managing standardized Storage Area
  Networks (SANs)

• Allows a Web-based enterprise management system to bridge
  the gap among the various vendors and provide a consistent
  management capability regardless of hardware source
System Management Architecture
for System Hardware

• An application suite that consolidates several aspects of data
  center management
• CLP provides standardized server management in the data
  center
• Provides standard-based Web server management, regardless
  of
   – Machine state
   – Operating system state
   – Server system topology
   – Access method
Standards for Application Developers




                                     Content
                                   formatting
                     Scripting
    Protocols       languages
                                    standards
                                       and
                                   languages
Standards for Security in the Cloud

• Privacy regulations
   – HIPAA
   – GLBA
   – International Privacy
• Security protocols

• International laws:
 www.informationshield.com/intprivacylaws.html
•US Federal and state privacy laws and regulations:
 www.informationshield.com/usprivacylaws.html
Health Assurance Portability and Accountability

• HIPAA
• Privacy Rule
   – Allows disclosure of personal health
      information when required
   – Protects personal health information
   – Gives patients rights
• Security Rule
   – Allows implementation of the privacy Rule
   – Specifies safeguards to assure CIA of
     patient information
   – Provides administrative, technical and
     physical security controls
Financial Services Modernization Act

• GLBA, also known as the Financial Services Modernization Act
  of 1999
• Financial Privacy Rule
   – Governs information collection and disclosure
   – Applies to financial and non-financial entities
• Safeguard Rule
   – Receivers of financial information must protect it
   – Design, implement and maintain standards
• Pre-texting protection
   – Protects against deceptive information gathering practices
Payment Card Industry

• Goal of managing the confidential payment card information
    – Debit
    – Credit
    – Prepaid
    – E-purse
    – ATM and POS
    – Associated businesses
• Issue:
  How to secure PCI-based information?
Security Protocols

                     SSH
                                 SSL and TLS




                                        IPSec



                                               VPN



                                      OpenID


                           Kerberos


                     PCI
Internet Protocol Security

• Data encryption in two modes
   – Tunnel
   – Transport
• ESP performs
   – Authentication
   – Encryption
OpenID

• Single credential system
• The goal
   – Simplify multiple website logins
• Adopters
   – Yahoo
   – Google
   – AOL
• OpenID Federation
6. Evaluation of Cloud Computing
Overview
6.1

THE BUSINESS CASE
Overview
Should Your Company Invest in Cloud Computing?


  Does it do what we want or need?       Can we adjust?
  • Provide services we need
  • Appropriate applications available




  Can we accept?                         Is the move justified?
  • Decision makers vs. users            • Economic value
                                         • Operational value
Business Benefits of Cloud Computing

• Operational
   – Efficiency in: servers, workers, power,
     disaster recovery, training
   – Flexibility
• Economic
   – Save money
   – Reduce overhead
   – Become ‘green’
• Staffing
   – Reduce or redeploy staff
Operational Benefits

• Incremental investment
• Storage availability
• Automation
• Flexibility
• Increased mobility
More Operational Benefits

• Optimum use of staff
• Centralization and management of systems and desktops
• Archiving of systems simplified
• Disaster recovery simplified and manageable across sides
Deliver What You Want Quicker

• Can the cloud provide your users the resource being utilized in
  the cloud faster than if the resource was hosted locally at your
  company?

• What do we give up?

• What do we gain?

• Is your organization willing to compromise?
Economical Benefits

• Hardware:
   – Buying less or less complex equipment
• Budget:
   – Pay as you go
   – Improved budget control
   – Buy what you need when you need it
• Time-to-market
   – Quicker deployment using standardized products
More Economical Benefits

• Little or no software installation or maintenance
• Shorter deployment time
• Worldwide availability
• SLA adherence
• Upgrades
• Make life easier on your IT staff
• More money
Meeting Short-term Needs

Are you going to the cloud permanent or for a short term goal?

Example
     •   Need to develop major software package
     •   Need to access to additional development hardware
     •   Budget restrictions exclude buying hardware
     •   Cloud PaaS solution is ideal:
          – Acquire
          – Use
          – Loose
Staffing Benefits

• Optimum use of staff
• People fewer or better deployed
• Accomplishment
• Less stress in operational environment
• Make life easier on your IT staff
Cloud Implementations impact

• Power savings            • Service
• Floor space savings      • Wiser investment
• Network infrastructure   • Security
• Maintenance reductions   • Quick delivery
• Software licensing       • Reduced capital expense
• Time to value            • Meeting shot-term needs
• Trial period
Power Savings

• Reduce overall power requirements
   – Limited servers and data platforms
   – Simpler desktop platforms
• HVAC reduction
   – Server farm
   – Storage farm
   – Workspace cooling and heating
• Simpler UPS and Generator needs
• Offset by cloud provider cost increase
   – Virtualization and shared storage
Floor Space Savings

• Smaller overall footprint in the enterprise
• Displace to Cloud provider
• Reduced lease and rental costs
• Less maintenance
• Less cleaning costs
Maintenance Reductions

• Reduction of maintenance costs:
   – Hardware
   – Software
   – Facility



• New maintenance costs
   – Uploaded and downloaded data
   – Update software if PaaS environment
Software Licensing

• Depending on implementation, a reduction in the number of
  licenses required

• Requires analysis of demand for software

• Per seat vs. per user
6.2

EVALUATING
IMPLEMENTATIONS
Overview
Wiser Investment

• Is the cloud investment smarter than in-house?

• Cost factors
• Performance factors
• Management factors
• Satisfaction factors

• Can the cloud be defended?

• Who are the stakeholders?
Network Infrastructure Changes

• Need high bandwidth Internet connections

• Internal infrastructure may be simplified




• Less complexity in switching and routing network
Reduced Capital Expense

• Reduce inventory

• Reduce taxes (some jurisdictions)

• Cost of money over time

• Recurring costs handled differently than
  capital expenditures for tax and budgeting
  purposes
Vendor Access and Support

• Does the provider support my needs?
• Is the vendor easy to work with?
• What is the vendor’s remote monitoring and management
  strategy?
• Can the vendor provide references?
• Is it easy to access and update the data?
• Can you use the vendor’s dataflow processes?
Time to Value

• How long does it take to get value from the cloud
  implementation?

  OR

• How soon can I start using it to make money?

• If you need ten new servers online tomorrow, consider:
    – What does it take to do it in-house
    – What does it take to provision them in the cloud?
Trial Period

• Make sure you get a ‘try it, then buy it’ clause

• Do not commit until you are sure it works the way you want

• Especially true if you are using a new software package or new
  service you have not seen before!
Service: what you get for the money

• What services are provided?
   – Installation
   – Conversion

• Are the SLA terms reasonable?
• What are the penalties?

• What type of support is provided?

• Do you have alternative or backup plan?

• Do you fully understand the offering and the expected outcome?
Security

• All in-house security requirements must be present in the cloud
• Regulatory and statutory requirements

• Industry accepted practices
• Privacy
• Eliminate data leakage

• Understand the internal server structures
   – One tier
   – Two tier
   – Three tier
Evaluating Cloud Implementations Summary

• Power savings            • Service
• Floor space savings      • Wiser investment
• Network infrastructure   • Security
• Maintenance              • Delivers what you want
• Software licensing         quicker
• Time to value            • Reduced capital
• Trial period               expense
                           • Meeting short-term
                             needs
Cloud Computing examples for migration




                              253
  Google Cloud User:
  City of Washington D.C.

• Vivek Kundra, CTO for the District (now OMB e-gov administrator)
• Migrating 38,000 employees to Google Apps
• Replace office software
   – Gmail
   – Google Docs (word processing and spreadsheets)
   – Google video for business
   – Google sites (intranet sites and wikis)




                                                                     254
Case Study: Facebook’s Use of Open
Source and Commodity Hardware (8/08)

 • Jonathan Heiliger, Facebook's vice president of technical operations
 • 80 million users + 250,000 new users per day
 • 50,000 transactions per second, 10,000+ servers
 • Built on open source software
     – Web and App tier: Apache, PHP, AJAX
     – Middleware tier: Memcached (Open source caching)
     – Data tier:          MySQL (Open source DB)




                                                                          255
Case Study:
Salesforce.com in Government
• 5,000+ Public Sector and Nonprofit Customers use Salesforce Cloud
  Computing Solutions

• President Obama’s Citizen’s Briefing Book Based on Salesforce.com Ideas
  application
   – Concept to Live in Three Weeks
   – 134,077 Registered Users
   – 1.4 M Votes
   – 52,015 Ideas
   – Peak traffic of 149 hits per second

• US Census Bureau Uses Salesforce.com Cloud Application
   – Project implemented in under 12 weeks
   – 2,500+ partnership agents use Salesforce.com for 2010 decennial census
   – Allows projects to scale from 200 to 2,000 users overnight to meet peak
     periods with no capital expenditure                                     256
Case Study:
Salesforce.com in Government

• New Jersey Transit Wins InfoWorld 100 Award for its Cloud Computing
  Project
   – Use Salesforce.com to run their call center, incident management,
     complaint tracking, and service portal
   – 600% More Inquiries Handled
   – 0 New Agents Required
   – 36% Improved Response Time

• U.S. Army uses Salesforce CRM for Cloud-based Recruiting
   – U.S. Army needed a new tool to track potential recruits who visited its
     Army Experience Center.
   – Use Salesforce.com to track all core recruitment functions and allows the
     Army to save time and resources.

                                                                             257

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:4
posted:3/21/2013
language:English
pages:258
Description: Cloud Computing is the trend of the day. Owing to various benefits, organizations are moving towards cloud applications and services. To cope up with the changing market scenario, knowledge on cloud computing has become a necessity. A cloud computing certification is a globally acknowledge credential that validates one’s knowledge on cloud applications and services. Simplilearn brings to you online cloud computing training program that lets you prepare for the Cloud Computing foundation exam at your pace and from your own place. This presentation on Cloud Computing covers all the basic cloud topics. This is prepared by our highly qualified and certified trainers. Each slide covers important topics like types of cloud services, applications and advantages of cloud implementation in industries. Get an understanding of Cloud Computing topics through these slides. Also get better training insights from the cited examples and practice questions. Improve your knowledge on Cloud Computing with Simplilearn and make us a part of your success story.