cloud operating system unit 13 cloud system management ii m. c. chiang department of computer...
TRANSCRIPT
Cloud Operating System
Unit 13Cloud System Management
IIM. C. Chiang
Department of Computer Science and Engineering National Sun Yat-sen University
Kaohsiung, Taiwan, ROC
Cloud Operating System
Outline Data Management
Data Integration Data Security Data Redundancy Data Ownership
Network Management OpenStack Nova-Network OpenStack Quantum Network Security
Summary
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-2
Data Management
What can be taken as data? Uploaded files (Documents, Videos, Music) Program Codes User personal information (Name, Age, Location,
etc.) User surfing history etc.
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-3
Data Integration
There are no existing standards for moving data in the cloud.
The methods of each manufacture’s cloud data storage is different.
Here are some issues for enterprises to treat their data for integration: Backup Data movement (from/to) the Cloud
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-4
Data Security (1)
Data security can be considered from three aspects: Physical Layer
Touchable things such as machines, devices. As mentioned in “IDC Management”.
Network Layer The behaviors through network. This will be discussed later.
Management Layer Can data be recognized by the Cloud?
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-5
Data Security (2)
With the rise of cloud computing, there are some new problems. Data analysis
Google advertisement, e.g., the righ side of the letter when using Gmail.
Mash-up authorization Facebook utilizes both sensitive and non-sensitive data to
present to other users. Third-party applications on Facebook can also utilize the
data.
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-6
Data Security (3) Increased authentication demands
Pros Software piracy becomes difficult. Centralize monitoring on software. Prevents sensitive data spread on untrustworthy clients.
Cons Phishing for stealing access credentials.
Cost-effective defense Cloud Computing encourages single points of failure. Protect productivity and trust from attackers.
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-7
Data Security (4)
Data shouldn’t be recognized by the Cloud provider/maintainer.
The simplest way to protect the data is performing encryption. AES RSA Blowfish IDEA
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-8
Data Security – Examples (1)
Amazon S3 2011/10/04 announced Encryption
When writing the object, add an additional request header.
Decryption Automatically happens when the data retrieved.
Encryption Algorithm AES-256
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-9
Data Security – Examples (2)
Google Docs Google Docs doesn’t provide any server side
encryption methods. For data security, users can
encrypt the document before uploading set the group who can view the document
Encrypted document can not be viewed on Google Docs.
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-10
Data Security – Before Using the Cloud Users should confirm service providers’
response for the following three questions Are files transferred securely to/from the servers? Are files stored on the servers encrypted by default? How will the provider react to the file request from
law? If the provider could decrypt the file, what will the provider
do?
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-11
Data Redundancy
The idea is simple; copy multiple data across different “zones”.
Example: The Ring in OpenStack Review:
Ring records the physical address of data.
When creating a ring, administrator must supply how many replicas through the zones, and the minimum interval of copying data in command.
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-12
Data Ownership
Cloud service provider provides a free/non-free disk space and computing ability for users to handle the data.
After all, who owns the data? Provider?
I provide the disk space!!
User? I upload the data!!
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-13
Network Management Network is a fundamental part of Cloud Computing. Network is an infrastructure which is
easy to access stable high transfer rate low latency
for users. Network in a cloud can be classified into two parts.
Internal network External network
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-14
OpenStack Nova-Network
OpenStack network controller (nova-network) The operations:
Allocate fixed IP addresses. Configuring VLANs for projects. Configuring networks for compute nodes.
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-15
OpenStack Nova-Network - Concepts Fixed IPs
An IP address will be assigned to an instance after instance creation.
The assigned IP will be remained until the instance is explicitly terminated.
Floating IPs An IP address can be dynamically associated with
an instance. An IP address can be disassociated and associated
with an instance at any time.
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-16
Fixed IPs Implementation (1)
There are three strategies available for implementing fixed IPs. Flat Mode
The simplest networking mode.
Flat DHCP Mode Similar to flat mode.
VLAN DHCP Mode The default networking mode.
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-17
Fixed IPs Implementation (2) Flat Mode
By default, all instances attach to the same bridge (br100). Before the instance is booted, the network configuration
will be injected into the instance. So far, this only works on linux-style systems. The network configuration is in /etc/networking/interfaces.
Flat DHCP Mode Nova will attempt to bridge into an ethernet device. A DHCP server (dnsmasq) will respond to instance’s
dhcpdiscover operation.
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-18
Fixed IPs Implementation (3) VLAN DHCP Mode
Requires a switch which supports host-managed vlan tagging.
A vlan will be created with a range of private ips. Cloudpipe helps user access the instances. Nova generates a key and certificate for user. One vpn per project. Illustration is shown in next page.
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-19
Fixed IPs Implementation (4)
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-20
OpenStack Quantum (1)
Isolated from Nova to serve “Network Connectivity as a Service”.
Help user to establish their own network services.
Three components: REST API Layer
Directly connect to Nova.
Authentication and Authorization Layer Pluggable Backend
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-21
OpenStack Quantum (2)
REST API Layer Implement Quantum API and redirect API requests
to where they should.
Authentication and Authorization Layer Validate API requests and ensure them from the
authorized users.
Pluggable Backend Enhance REST API Layer.
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-22
Network Security
Even though it might be safe in the cloud, but the network is complicated.
The traditional methods still work for cloud. Sniffer ARP Poison XSS SQL Injection etc.
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-23
Summary
Users should confirm the agreement before using the service.
Quantum helps users to create the ideal network.
04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-24