cloud computing and innovations
TRANSCRIPT
Cloud computing and innovations
Magesh Parthasarathy
Industry Standards Organization• National Institute of Standards and Technology (NIST)• Cloud Security Alliance (CSA)• Distributed Management Task Force (DMTF)• Storage Networking Industry Association (SNIA)• Organization for the Advancement of Structured Information Standards
(OASIS)• The Open Group• Open Cloud Consortium (OCC)• European Telecommunication Standards Institute (ETSI)• Telecommunication Industry Alliance (TIA)• Liberty Alliance• Open Grid Forum (OGF)
Network Connectivity
Data centerService
Provider network
Residential
customers
Enterprise customers
Wireless customers
Data center networks• Web servers• Email servers• Database servers• App servers• DNS servers• Load balancers• Firewalls• Network Intrusion detection/Prevention devices• Web accelerators• Offload engines• Switches• Routers• Wan optimization appliances• Storage servers• ToR switches• Application delivery controllers• VPN gateways• Authentication, Authorization and Accounting servers• Radius servers• NAS devices• SAN devices
Cloud ProviderNIST Reference architecture
Cloud Auditor
Performance audit
Privacy impact audit
Security Audit
Cloud Consumer
Service Orchestration
Physical Resource layer
Facility
Hardware
Resource Abstraction and control layer
Service layer
PaaS
SaaS
IaaS
Cloud service
management
Business Support
Provisioning/
Configuration
Portability /Interoperab
ility
SECU
RITY
PRIV
ACY
Cloud Broker
Service Intermedia
tion
Service Aggregation
Service Arbitrage
CLOUD CARRIER
Actors in Cloud Computing Actor Definition
Cloud Consumer A person or organization that maintains a business relationship with, and uses service from, Cloud Providers.
Cloud Provider A person, organization, or entity responsible for making a service available to interested parties.
Cloud Auditor A party that can conduct independent assessment of cloud services, information system operations, performance and security of the cloud implementation.
Cloud Broker An entity that manages the use, performance and delivery of cloud services, and negotiates relationships between Cloud Providers and Cloud Consumers.
Cloud Carrier An intermediary that provides connectivity and transport of cloud services from Cloud Providers to Cloud Consumers.
Business Support• Business Support entails the set of business-related services dealing with clients
and supporting processes. It includes the components used to run business operations that are client-facing.
• Customer management: Manage customer accounts, open/close/terminate accounts, manage user profiles, manage customer relationships by providing points-of-contact and resolving customer issues and problems, etc.
• Contract management: Manage service contracts, setup/negotiate/close/terminate contract, etc.
• Inventory Management: Set up and manage service catalogs, etc. • Accounting and Billing: Manage customer billing information, send billing
statements, process received payments, track invoices, etc. • Reporting and Auditing: Monitor user operations, generate reports, etc. • Pricing and Rating: Evaluate cloud services and determine prices, handle
promotions and pricing rules based on a user's profile, etc.
Provisioning and Configuration
• Rapid provisioning: Automatically deploying cloud systems based on the requested service/resources/capabilities.
• Resource changing: Adjusting configuration/resource assignment for repairs, upgrades and joining new nodes into the cloud.
• Monitoring and Reporting: Discovering and monitoring virtual resources, monitoring cloud operations and events and generating performance reports.
• Metering: Providing a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts).
• SLA management: Encompassing the SLA contract definition (basic schema with the QoS parameters), SLA monitoring and SLA enforcement according to defined policies.
Service deployment
• Public cloud• Private cloud• Hybrid cloud
Example services available to a cloud consumer
SaaS consum
er
Billing
Sales
CRM
ERP
Human Resources
Social networks
Financials
collaboration
Content managemen
t
Document managemen
t
Email and office
productivity
Example services available to a cloud consumer
PaaS consum
er
Business Intelligence
Development and testing
Database
Application Deployment
Integration
IaaS consum
er
Storage
CDN
Backup recovery
Services managemen
t
Platform
Hosting
Service Oriented Architecture
• Service consumer• Service Provider• SOAP/REST/XML/JSON messaging• WSDL and UDDI specifications for web
services
Regulatory compliances for clouds
• GLBA – Gramm Leach Bliley Act of 1999 also known as Financial Services Modernization Act of 1999
• HIPAA – Health Insurance Portability and Accountability Act of 1996
• HITECH – Health Information Technology for Economic and Clinical Health Act
• PCI-DSS – Payment card industry – Data security standards
• SOX – Sarbanes Oxley Act• ECPA – Electronics Communication Privacy Act
Certifications in cloud computing
• ISO 9000 certifications• ISO 27000 certifications• CMMI certifications
Cloud Audit Framework
• SysTrust• WebTrust• SAS 70 Reports
Cloud networking
• Fiber channel over ethernet (FCOE)• RapidIO• Infiniband• HyperTransport• 40Gb/100Gb ethernet ports• Q-in-Q• MPLS, GMPLS• RSTP• VxLAN• TRILL• NVGRE• Vswitch• ToR switch• EoR switch• Aggregation switch• Core switch
Server
Vswitch
VSwitch
VM1 VM2 VMn
Network Interface
Hypervisor
In a virtualized server, the hypervisor configures and maintains the VMs and vSwitch
ToR Switch
ToR Switch ToR Switch
Server Rack
ToR Switch
Server Rack Server Rack
Aggregation Switch
To core switch
Optics
48 10GbE server ports + 4 40GbE optical uplink ports
Virtualization
• Server Virtualization• Network Function Virtualization• Network Virtualization
Host Server
Server Virtualization – Vmware Vsphere ESXi and Microsoft Hyper-V
Vswitch
VM1 VM2 VMn
Network Interface Hypervisor
Logical Diagram of a Virtualized server
Network Function Virtualization
V-Switch Hypervisor
VM1 VM2 VM3
Firewall Load Balancer
Intrusion detection
Specialized processing cards
Standard high performance server
Moving network functions to standard server platforms.
Network Virtualization
• VxLAN• NVGRE
• IETF standards
Software defined datacenters
• virtualization• Software defined networks• Software defined storage
Software defined networks
Orchestration layer
Open VM controller
Open Storage
Controller
Open network
controller
TOR switch
Storage
Servers
AppApp App App App
Simplified view of software defined data center
OpenStack Operating system
OpenStack• Free open source Linux based controller software that provides orchestration layer for
cloud data centers.• Openstack has dashboard called Horizon through which administrators can control all
aspects of data center operation• Nova – plugin to manage pool of server resources.It can also be used to manage and
configure virtual machines and has support support for several hypervisors including vmware vsphere and Microsoft Hyper-V.
• Swift – plugin supporting object storage which allows objects to be stored across multiple servers ( data replication to insure data integrity in case of server or hard drive failure) in the data center
• Cinder – plugin that provides block storage capabilities .It manages creation,attachment and detachment of block storage devices to servers for performance sensitive applications.
• Neutron – plugin for managing data center networking functions.It provides a framework for providing various functions such as server load balancing, firewalls and intrusion detection.
OpenFlow SDN controller and protocol
• Open networking Foundation generates OpenFlow specifications
OpenFlow Controller ( centralized control plane)
Switch
Forwarding Table
Switch
Forwarding Table
From Orchestration layer
OpenFlow API
OpenFlow API
Cloud security• Cybersecurity• Privacy• Hacking • Denial of service attacks• Network security• Application security• Nessus vulnerabilities• Penetration testing• Keyloggers, rootkits,bots, botnets, viruses• Syslogs• Identity management• Authentication and Authorization• NTLM, Kerberos• Single Sign On• Metasploit• Smartphone PenTest Frame work
Internet of Things• M2M communications• ITU standards• 6LoPWAN• IEEE standards• LoRA alliance, Industrial Internet Consortium, IPSO Alliance• Sensors/IoT gateways/uIP stack• Edge computing/analytics• MQTT, COAP protocols• Smart City, Smart grid, Smart metering, Connected Vehicle,
Fleet management, Water and sewage disposal, Traffic control
Fog computing
• Edge computing• Grid computing
Big data analytics
• Apache software foundation• Hadoop / MapReduce Technique
Artificial intelligence
• Video analytics• Text analytics• Deep science• Machine learning