1

Cloud Computing – Basics

-Navin Malhotra

2

Cloud Computing Basics•Cloud computing is a construct that allows you to access applications that actually reside at a location other than your computer or other internet connected device, most often this will be a distant datacenter.

Internet

Your company doesn’t pay for h/w and maintenance

The service provider pays for equipment and maintenance

The beauty of cloud computing is that another company hosts your application (or suite of applications) This means they handle the costs of servers, they manage the s/w updates and depending on how you craft your contract, you pay less for the service. For instance, if you need to install MS word in your PC, you need to either find a CD to install it or you set up your s/w distribution servers to automatically install the application in your PC. And every time MS issues a service pack you have to install that pack as well. It all comes with a cost attached to the license. If you use the MS word say once a week, you still pay the same as a person who uses it ten times day. In case of a cloud you can alter your contract in a way that you are asked to pay depending upon your usage of MS word. In addition to that you need not to bother about installing the application, service packs etc in your PC.

3

Cloud Computing Basics

So it sounds great, right? Not so fast. As with everything in IT, there are pros and cons. Cloud computing is not exempt.

Internet

Your companyService Provider

While an internet outage or problems with ISP is rare but in event of one, you will not be able to access your applications and do your work.

Also there may simply be applications or data which you do not want to be located on-site. If you have sensitive or proprietary information your IT security group may simply mandate not to store that in some on-site machines.

4

Cloud Topology

Internet

Client computers

Distributed Servers

Datacenter

Client: Client are in a cloud computing architecture, the exact same things that they are in plain old, everyday LAN. They may be your desktop, laptop, tablet PCs, mobile phones or PDAs.

• Mobile: Mobile devices including PDAs or smart phones.• Thin: Computers without internal hard drives. It just let server do all the work and only

display the information.• Thick: A regular computer.

•Advantages of “thin” client:• Lower h/w & IT cost• Data and information security• Less power consumption• Ease of repair

5

Cloud TopologyDatacenter: The datacenter is the collection servers where the application to which you subscribe is housed. A growing trend in IT industry is virtualizing server. That is s/w can be installed allowing multiple instances of virtual servers to be used. In this way you can have half a dozen1 virtual servers running on one physical server.

Distributed Servers: But server don’t all have to be housed in the same location. Often, servers are in a geographically disparate locations. But to you, the cloud subscriber, these servers act as if they’re humming right away right next to each other.

This gives the service provider more flexibility in options and security. For instance Amazon has it’s cloud solution in servers all over the world. If something were to happen at one site, causing a failure, the service would still be accessed through another site.

Virtualization: It is one of the way you will access services on the cloud. There are different types of virtualizations depending upon your usage of cloud:

• Full Virtualization: Complete installation of one machine is run on another. This sort of deployment not only allow unique applications to run, but also different OS.

• Para virtualization: It allows multiple OS to run on a single h/w device at the same time by more efficiently using system resources like processors and memory.

1 The numbers of virtual server depends on the size and speed of the physical server and what applications will be running on the virtual server.

6

SaaSServices is the concept of being able to use reusable, fine-grained components across a vendor’s network. This is widely know as “as a service”Software as a Service – SaaS: SaaS is a model in which an application is hosted as a service to customers who access it via the Internet. The customer doesn’t have to maintain it or support it. On the other hand, it is out of customer’s hand when the hosting service will decides to change it. The provider does all the maintenance and upgrades as well as keeping the infrastructure up and running.

InternetApplication

ClientsService Provider offering

SaaS

Cost can be a double-edged sword. On one hand you will be billed as often you will use the software, rather than pay for it once and done with it. So it will be an ongoing thing. On the other hand, in some cases you don’t have to pay as much up front and you are only billed based on your use of the application.

SaaS faces obstacles to its implementation and use. The customer might pay a provider to use an application, but once they do, they may be unable to port that application to new vendor. So it’s like an “lock-in” with vendors.

7

PaaS

Platform as a Service – PaaS: PaaS is another application delivery platform. PaaS supplies all the resources required to build applications and services completely from the Internet, without having to download or install software. PaaS service include application design, development, testing, deployment and hosting. Other services include database integration, security, scalability and storage to name a few.

A downfall of PaaS is a lack of interoperability and portability among providers. That is, if you create an application with one cloud provider and decide to move to another, you may not be able to do so- or you’ll have to pay a high price. Also, if the provider goes out of business2, your applications and data will be lost as it is all stored there.

Factors influencing adoption of PaaS include:• The ability of geographically isolated development teams to work together.• The ability to merge web services from multiple sources.• The ability to realize cost savings from using built-in infrastructure services for security, scalability

and failover, rather obtaining them and test them separately.

2 This was the case with Zimki. It started in 2006 and by mid 2007 was out of business, causing applications and client data they hosted to be lost.

8

HaaS

Hardware as a Service – HaaS: HaaS offers the hardware so that your organization can put whatever they want onto it. It is sometimes also called as Infrastructure as a Service (IaaS). Whereas SaaS and PaaS were providing applications to customers, HaaS doesn’t. We only talk about hardware in the cloud here.

Internet

ClientsService Provider

offering HaaS

-Memory-Storage

-Data processing-CPU Cycle

Rather than purchase servers, s/w, racks and having to pay for the datacenter space for them, the service provider rents those resources. Additionally, the infrastructure can be dynamically scaled up and down, based on the application resource needs. Further multiple tenants can be on the equipment at the same time. Resources are typically billed based on usage factor. As much as you use, you will be billed.

9

System Architecture

H/W - CPU cycles - Processor speed

O/SWeb Server App Server DB

Application

Cloud is everywhere

10

First movers in the cloud

It is one of the first companies to offer cloud services to public. They offer a number of cloud services:• Elastic Compute Cloud (EC2): Offers virtual machines and extra CPU cycles.• Simple Storage Service (S3): Allows you to store items up to 5GB in size in Amazon’s virtual storage

service• Simple Queue Service(SQS): Allows machines to talk to each other using this message passing API.• Simple DB: A web service for running queries on structured data in real time. This service works in close

conjunction with S3 and EC2, collectively providing the ability to store, process and query datasets in the cloud.

These services needs to be done on command line, so you may find it difficult to use it if you are not used to working in command line environment. Amazon’s virtual machines are versions of Linux distributions, so those who are experienced with Linux will find no difficulty in using the Amazon cloud platform. Applications can be written on your own machine and then uploaded to the cloud.

You can see more about Amazon’s cloud services at http://aws.amazon.com

Google offers online documents and spreadsheets and encourages developers to build features for those and other online s/w, using it’s Google App Engine. To store data you need to use Google database. Groups and individuals will likely get the most out of App Engine by writing a layer of Python that sits between the user and database. You can also have a look at the app engine at http://code.google.com/appengine/

11

First movers in the cloud

Microsoft cloud computing solution is called Windows Azure, an OS that allows organizations to run Windows applications and store files and data using Microsoft’s datacenters. Key components of Azure service platform include:

• Windows Azure: Provides service hosting and management and low level scalable storage, computation and networking.

• MS SQL Service: Provides database services and reporting.• MS .NET Service: Provides service based implementation of .NET framework.• Live Services: Used to share, store and synchronize documents, photos and files across PCs,

phones, PC apps and websites.• MS SharePoint services and Dynamics CRM services: Used for business content, collaboration and

solution development in the cloud.MS plans the next version of Office to offer a browser based option so that users can read and edit documents online as well as offer the ability to users to collaborate using web, mobile and client versions of Office.

MS cloud offerings can be found at http://www.microsoft.com/azure/default.mspx

12

When to go for Cloud

• Cost / benefit ratio• Speed of delivery• How much capacity you will use•Whether your data is regulated•Your organization’s corporate and IT structure

13

Implementations of Cloud

•Compute Cloud – Amazon’s EC2, Google App engine

•Cloud Storage – Amazon’s S3

•Cloud Applications – Google Apps, Bit Torrent, YouTube

14

Compute Cloud

•Compute cloud allows access to highly scalable, inexpensive, on-demand computing resources that run the code that they’re given.

• Amazon’s EC2 - http://en.wikipedia.org/wiki/Amazon_Elastic_Compute_Cloud • Google App Engine - http://en.wikipedia.org/wiki/Google_App_Engine

•Compute clouds are most flexible in it’s offerings; it simply depends on the application the user wants to access. It allows you to access application maintained on a provider’s equipment.

•These applications are good for any size organizations, but larger organizations may have disadvantage as these applications don’t offer management, monitoring and governance capabilities.

15

Cloud Storage•It is one of the first cloud offerings and still remains a popular solution. It is a big world. There are already close to 100 vendors offering cloud storage.

•This is an ideal solution if you want to maintain your files off-site.

• Amazon S3 - http://en.wikipedia.org/wiki/Amazon_S3

•It allows you to store your data on vendor’s equipment.

•Security and costs are the top issues in this field and vary greatly, depending upon the vendor you choose.

16

Cloud Applications

•Cloud applications differ from compute clouds in that they utilize s/w applications that rely on cloud infrastructure. Cloud applications are versions of SaaS and include such things as web applications that are delivered via browser or application like MS Online Services. These applications offload hosting and IT management to the cloud.

• Cloud applications eliminate the need to install and run the applications on the customer’s own computer, thus alleviating the burden of s/w maintenance, ongoing operations and support.

• Peer-to-peer computing (like Bit Torrent and Skype)• Web applications (MySpace and YouTube)• SaaS (like Google Apps)

17

Deployment Models

•Private cloud (private’ refers to use by one organization, it does not have to be owned by or located on that organization’s premises),

•Community cloud (use by a group with similar requirements, e.g. support or security),

•Public cloud, and

•Hybrid cloud (the mixing of deployment models)

18

When No to Cloud Computing•Regulated environments - If you have data that is regulated like HIPAA or SoX - you are well advised to be very careful in your plans to place data on the cloud.

• Geopolitical concerns – If you are in Canada then you can’t put your data on an America cloud. European union forbid any of their documents to be stored in servers outside their geography. Also you probable don’t know the laws governing your privacy and protection in a foreign country.

• Hardware dependencies – If you have an application that require specific h/w, chips or drivers, a cloud solution might not be a good fit for you.

•Server control – A cloud solution may not be right for you, if your application demands complete control over everything that is running. In some cloud, you are not even allowed root access.

•Cost – Overtime it may cost more to pay the cloud subscription than to have simply bought the servers yourself, so it is important to factor in everything from facilities, staff, s/w and h/w.

•Lack of Need – If your current solution is getting the job done, do not get into the cloud, just for the name as it is new trend or fashion as many call it.

•Integration – If you have multiple applications / dbs which needs to be integrated then it is not advisable to have few of them on cloud and few on-site. It may lead to security, speed and reliability issues. Ex: If you have two dbs-one with sensitive data housed locally and one with non-sensitive data on a cloud-the chances that the sensitive data will find its way to the cloud are very good.

• Latency concern – The data and application resides in series of servers geographically disparate from your own site, so if we require data instantaneously say less than a second, cloud may not be the best solution as it takes some time for data to travel, though it is said that the data will travel @ speed of light, thanks to the optical fibers where the data travels with the help of electrons.

•Throughput demands – Cloud computing is generally billed on pay per use. That’s great and it seems fair, until you deploy applications that use lot of throughput and costs start to rise up. Ex: If you are streaming a HD video over 100 sources, your costs are going to spike sharply.

19

Benefits

•Scalability – If you are anticipating huge upswing in computing needs, cloud computing can help you manage. Rather than having to buy, install and configure new equipment, you can buy additional CPU cycles or storage from a third party by click of a button and let them handle the installation and configuration for you. Since you will asked to pay per use, so your actual costs will be lesser than when you would have opted to buy the equipments as a whole.

•Simplicity – The cloud solution makes it possible to get your application started immediately and it costs a fraction of what it would cost to implement an in-site solution.

•Knowledgeable Vendors – The first comers to the cloud computing are very reputable companies. Amazon, Google, Microsoft, IBM, Yahoo and lately Apple. They have offered reliable services, plenty of capacity and we get some brand familiarity with these well-known names.

•More internal resources – By shifting your non-mission-critical data needs to a cloud, resources are freed up to work on important, business-related tasks. Network outages are a nightmare for the IT staff, this burden in offloaded onto cloud service provider.

•Security – There are security risks when using a cloud, but the reputable companies strive to keep you safe and secure. Vendors have strict privacy policies and are auditable by external auditors. They have in place proven cryptographic methods to authenticate users.

Cloud

Cloud-Security

20

Cloud Security - Concerns

Security is one of the top most concern in the cloud environment. Though reliable and reputable cloud service providers can be trusted to provide us safe and secure service, but still concerns are growing and we need to seriously look upon them before getting our data into cloud. Though data in our servers is also not secure if those servers can be connected via internet or VPN. We can our self take some actions to assure that our data is secure in cloud:

• Encrypt the data before sending that to cloud. This is not valid for applications using flat files like word, excel, XML as these files needs to be updated online and may not be encrypted.•Before signing the contract with the cloud service provider, make sure they are doing all they can to protect your data.

But doing all this didn’t assure that the data is secure there are ways that their cloud and your data can be compromised. Hackers and boot attackers are a big risk. Even cloud could be a big attraction to malicious attackers as they will get data of different organizations stored in one place.

Contrary to this there are added benefits in terms of your data security:

21

Cloud Security - Benefits

This is not to suggest that the data cannot be secure in a cloud. Providers do endeavor to ensure security, otherwise, word of mouth publicity and repeat business will shrivel up. But the very nature of cloud lends it to needing some very strong security practices.

• Centralized data• Reduced data loss• Monitoring• Instant Swap over• Security testing

22

Regulations for Cloud

Without some rules in place, it’s too easy for service providers to be unsecure or even shifty enough to make off with your data. So regulations needs to be in place for cloud. Sadly there is no existing regulation, but should be.

Even there is no third party insuring anyone’s cloud data, and if the provider decides to close up shop, then that data can be lost.

But there are service providers like Microsoft who are audited externally by SSAE and ISO auditors. But regulations specific to cloud are missing.

23

Cloud - Quality

?

24

Cloud Attributes

Scalability

Availability

Reliability

Adaptability

Security

Accountability

25

Cloud Control

Cloud should comply to the regulations and control environment. In typical IT scenario, though the datacenters may not be on premise and handled by third party vendors, but those are complied to our controls and standards. This is not the case with the cloud service provider. So there is the challenge of how to bring those resources which we just hire (read NOT OWNED) into the control environment as per our organization. This could be a good question which any client may ask us when we show them a plate full of cloud solutions.

XYZ Cloud

Client

External Auditors

RegulatorsOther

Stakeholders

26

Cloud Controls

Data

Availability

Logical

Security

Environmental

Controls

Physical

Security

Regulatory

Controls

Backup & Disaster

Recovery

Background

Checks

SLA

27

Thank You