Cloud Operating System

Unit 13Cloud System Management

IIM. C. Chiang

Department of Computer Science and Engineering National Sun Yat-sen University

Kaohsiung, Taiwan, ROC

Cloud Operating System

Outline Data Management

Data Integration Data Security Data Redundancy Data Ownership

Network Management OpenStack Nova-Network OpenStack Quantum Network Security

Summary

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-2

Data Management

What can be taken as data? Uploaded files (Documents, Videos, Music) Program Codes User personal information (Name, Age, Location,

etc.) User surfing history etc.

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-3

Data Integration

There are no existing standards for moving data in the cloud.

The methods of each manufacture’s cloud data storage is different.

Here are some issues for enterprises to treat their data for integration: Backup Data movement (from/to) the Cloud

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-4

Data Security (1)

Data security can be considered from three aspects: Physical Layer

Touchable things such as machines, devices. As mentioned in “IDC Management”.

Network Layer The behaviors through network. This will be discussed later.

Management Layer Can data be recognized by the Cloud?

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-5

Data Security (2)

With the rise of cloud computing, there are some new problems. Data analysis

Google advertisement, e.g., the righ side of the letter when using Gmail.

Mash-up authorization Facebook utilizes both sensitive and non-sensitive data to

present to other users. Third-party applications on Facebook can also utilize the

data.

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-6

Data Security (3) Increased authentication demands

Pros Software piracy becomes difficult. Centralize monitoring on software. Prevents sensitive data spread on untrustworthy clients.

Cons Phishing for stealing access credentials.

Cost-effective defense Cloud Computing encourages single points of failure. Protect productivity and trust from attackers.

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-7

Data Security (4)

Data shouldn’t be recognized by the Cloud provider/maintainer.

The simplest way to protect the data is performing encryption. AES RSA Blowfish IDEA

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-8

Data Security – Examples (1)

Amazon S3 2011/10/04 announced Encryption

When writing the object, add an additional request header.

Decryption Automatically happens when the data retrieved.

Encryption Algorithm AES-256

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-9

Data Security – Examples (2)

Google Docs Google Docs doesn’t provide any server side

encryption methods. For data security, users can

encrypt the document before uploading set the group who can view the document

Encrypted document can not be viewed on Google Docs.

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-10

Data Security – Before Using the Cloud Users should confirm service providers’

response for the following three questions Are files transferred securely to/from the servers? Are files stored on the servers encrypted by default? How will the provider react to the file request from

law? If the provider could decrypt the file, what will the provider

do?

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-11

Data Redundancy

The idea is simple; copy multiple data across different “zones”.

Example: The Ring in OpenStack Review:

Ring records the physical address of data.

When creating a ring, administrator must supply how many replicas through the zones, and the minimum interval of copying data in command.

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-12

Data Ownership

Cloud service provider provides a free/non-free disk space and computing ability for users to handle the data.

After all, who owns the data? Provider?

I provide the disk space!!

User? I upload the data!!

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-13

Network Management Network is a fundamental part of Cloud Computing. Network is an infrastructure which is

easy to access stable high transfer rate low latency

for users. Network in a cloud can be classified into two parts.

Internal network External network

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-14

OpenStack Nova-Network

OpenStack network controller (nova-network) The operations:

Allocate fixed IP addresses. Configuring VLANs for projects. Configuring networks for compute nodes.

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-15

OpenStack Nova-Network - Concepts Fixed IPs

An IP address will be assigned to an instance after instance creation.

The assigned IP will be remained until the instance is explicitly terminated.

Floating IPs An IP address can be dynamically associated with

an instance. An IP address can be disassociated and associated

with an instance at any time.

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-16

Fixed IPs Implementation (1)

There are three strategies available for implementing fixed IPs. Flat Mode

The simplest networking mode.

Flat DHCP Mode Similar to flat mode.

VLAN DHCP Mode The default networking mode.

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-17

Fixed IPs Implementation (2) Flat Mode

By default, all instances attach to the same bridge (br100). Before the instance is booted, the network configuration

will be injected into the instance. So far, this only works on linux-style systems. The network configuration is in /etc/networking/interfaces.

Flat DHCP Mode Nova will attempt to bridge into an ethernet device. A DHCP server (dnsmasq) will respond to instance’s

dhcpdiscover operation.

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-18

Fixed IPs Implementation (3) VLAN DHCP Mode

Requires a switch which supports host-managed vlan tagging.

A vlan will be created with a range of private ips. Cloudpipe helps user access the instances. Nova generates a key and certificate for user. One vpn per project. Illustration is shown in next page.

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-19

Fixed IPs Implementation (4)

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-20

OpenStack Quantum (1)

Isolated from Nova to serve “Network Connectivity as a Service”.

Help user to establish their own network services.

Three components: REST API Layer

Directly connect to Nova.

Authentication and Authorization Layer Pluggable Backend

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-21

OpenStack Quantum (2)

REST API Layer Implement Quantum API and redirect API requests

to where they should.

Authentication and Authorization Layer Validate API requests and ensure them from the

authorized users.

Pluggable Backend Enhance REST API Layer.

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-22

Network Security

Even though it might be safe in the cloud, but the network is complicated.

The traditional methods still work for cloud. Sniffer ARP Poison XSS SQL Injection etc.

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-23

Summary

Users should confirm the agreement before using the service.

Quantum helps users to create the ideal network.

04/19/23 Cloud Operating System - Unit 12: Cloud Management U12-24