228-4 enterprise systems

8/12/2019 228-4 Enterprise Systems

1/36

Cloud Computing


2/36

Definition

Cloud computing is a pay-per-use model for enabling

available, convenient, on-demand network access to a

shared pool of configurable computing resources (e.g.,

networks, servers, storage, applications, services) that

can be rapidly provisioned and released with minimal

management effort or service provider interaction. This

cloud model promotes availability.


3/36

What is cloud computing?

I dont understand what we would do differently in

the light of Cloud Computing other than change the

wordings of some of our adsLarry Ellision, Oracles CEO

I have not heard two people say the same thingabout it [cloud]. There are multiple definitions out

there of the cloudAndy Isherwood, HPs Vice President of European Software Sales

Its stupidity. Its worse than stupidity: its amarketing hype campaign.

Richard Stallman, Free Software Foundation founder

3


4/36

Business attributes Access resources from cloud of available computing

resources

Is always available and scales automatically to meet demand

Is pay per use: Based on resources consumed

Enables full customer self-service

Note: Can be provided by 3rdparty (e.g. Amazon) or on own network for

v. large organisations (a.k.a private cloud)

Acquire resources on demand Release resources when no longer needed

Turns capital investment/fixed cost into operating costs/variable costs

Reduced costtake advantage of economies of scale across users of

cloud


5/36


6/36

The NIST Cloud Definition Framework

6

Community

CloudPrivate

Cloud

Public

Cloud

Hybrid

CloudsDeployment

Models

Service

Models

Essential

Characteristics

Common

Characteristics

Software as a

Service (SaaS)

Platform as a

Service (PaaS)

Infrastructure as

a Service (IaaS)

Resource Pooling

Broad Network Access Rapid Elasticity

Measured Service

On Demand Self-Service

Low Cost Software

Virtualization Service Orientation

Advanced Security

Homogeneity

Massive Scale Resilient Computing

Geographic Distribution

Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com


7/36

OS Virtualisation leads directly to resilient computing,rapid elasticity and advanced security

In case of VM based cloud, facilitates measured service as

hypervisor tracks usage

Multi-tenancy provides rapid elasticity


7

Essential

Characteristics

Common

Characteristics

Resource Pooling


Measured Service


Low Cost Software


Advanced Security

Homogeneity





8/36

A number of other attributes rely on the scale of

investment undertaken by cloud providers

Early cloud promoters (e.g. Amazon & Google) had to build

massive scale for their main businesses

Use of open source software and commodity hardware

reduces overall cost to cloud provider


8

Essential

Characteristics

Common

Characteristics

Resource Pooling


Measured Service


Low Cost Software


Advanced Security

Homogeneity





9/369

4 Cloud Deployment Models Private cloud

Cloud infrastructure is operated solely for an organization. It may

be managed by the organization or a third party and may exist on

premise or off premise

Typically only large organisations

Public cloud

Cloud infrastructure is made available to the 3rdparties but is

owned by an organization selling cloud services

Cloud services designed to be generic and suitable to allcustomers

E.g. Amazon, Google, Microsoft, BM etc


10/3610

4 Cloud Deployment Models

Community cloud

Cloud infrastructure is shared by several organizations and

supports a specific community that has shared concerns (e.g.,

mission, security requirements, policy, and compliance

considerations) May be managed by the organizations or a third party and may

exist on premise or off premise

Hybrid cloud composition of two or more clouds that remain unique and

separate entities but are bound together by standardized or

proprietary technology that enables data and application

portability

Cloud bu rst ingis the term used to describe the process where

an organisation extend from a private to public cloud


11/36

Client access architecture

Client access via browser of Web Services

Independent of type of cloud computing

11

Server

OS

Database

App Server

Storage

Network

App 1

ClientsAccess via

Browser

Orweb-service

(SOAP or REST) Network

App 1

Or

Storage

VM

App

server

DB

OS

Platform


12/36

Service model architecture

Four main service model architectures Datastore as a service is not always included although currently

the most popular use of cloud

Significant differences in the technical and commercial

architectures 12

Infrastructure As A Service (IaaS)

Platform As A Service (PaaS)

Software As A Service (SaaS)

Datastore

asaservice


13/36

Service model architecture:

Datastorage as a servce

Functional: Data storage interfaces can be used by any of the othertypes or accessed directly

Examples of direct usage: Amazons really simple storage

Commercial: Charged on basis of amount of storage used13




Datastore

asaservice


14/36

Characteristics of cloud

datastore Cloud based datastore is massively distributed and scalable

Utilises large number of commodity servers (a.k.a. nodes)

This implies that the chance of system failure across a large number

of nodes is high

Therefore, cloud datastore must cope with node failure

Cloud datastores are typically non-relational

Distribution across a large number of nodes not a good fit to the

relational model of databases. Relational databases support joins

which are hard to implement in a massively distributed way

To address requirement for relational database capabilities

Either provide relational interfaces to non-relational infrastructure

Allow relational databases to run on a small number of nodes as part of

the virtualisation14


15/36

Characteristics of cloud

datastore

Cloud datastores are optimised for large scale data search

E.g. Googles MapReduce (and hadoop an open source

implementation) which divide the processing into multiple blocks (Map)

and then process each block on one or more nodes (reduce)

Cloud datastores are also appropriate to business intelligence

applications which require column based processing

E.g. Summing sales in a particular region

In contrast, relational databases are efficient for record/row level

read/write

15


16/36


IaaS

Functional: Virtual server instances available for provisioning Examples: Amazons EC2,

Commercial: Charged on basis of number /scale of instances as

well as usage profile16




Datastore

asaservice


17/36

Example: Amazon EC2

Amazon provides a range of

general purpose support

services accessible via VMs

Examples of these servicesinclude

Simple Queue Service: Limited

messaging system for

communications between VMs

S3: Cloud storage service

17


18/36

Example: Amazon EC2

Other examples of these services (cont)

SimpleDB: Non-relational database

Elastic MapReduce: large scale search and text processing

infrastructure

Flexible payment service: enabling website payments

Mechanical Turk: outsourcing marketplace

18


19/36

Amazon EC2 options and

pricing

Aws.amazon.com/ec2

19


20/36


PaaS

Functional: Application development and deployment environment Provides programming APIs as well as underlying infrastructure

Commercial: Metering and billing based on application usage

typically CPU consumption/datastore consumption20




Datastore

asaservice


21/36

Example: Google AppEngine

Platform uses multiple tenancy on

the single infrastructure

Benefit of charging only on usage and

not on number of instance (as with IaaS)

Provides general purpose supportservices

Includes infrastructure services such as

database

Also includes application level interfacessuch as video conferencing

Provides both server and client side

APIs to develop Google AppEngine

applications

Provides a platform which is proprietary21


22/3622

Example: Microsoft Azure Services

Access to the Microsoft platform as a cloud based

platform

Provides a platform which is proprietary

Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das


23/36


SaaS

Functional: End user interaction with the Applications function Allows for customisation of UI and workflows

Often uses mult-tenancy databases

Commercial: typically billing based on number of users23




Datastore

asaservice


24/36

Example: Salesforce.com

Provides complete application accessible

from the cloud

Infrastructure is hidden from the user

Software can be configured to supportcustomer specific requirements

Supports customisation through configuration

driven language

Scope for customisation is limited

Uses multi-tenancy architecture

Essential a platform for a specific class of

application

Configuration results in a change to both UI andunderlying database schema for that customer

24


25/36

Examples of configuration

UI actions (such as entering an email address) can have customised scripts

associated with them which perform workflow or validation logic

Workflow defines the sequence of steps through the UI screens

Validation logic enforces rules about information entered based on customerspecific standards or context specific restraints (i.e. What can be entered given

the current workflow)

These may not effect the database schema definition and therefore can be

deployed only to that customers UI25


26/36

Examples of configuration

UI definitions (or associated workflows) may also require

modifications/extensions to the database schema

Through multi-tenancy/multi-schema approach, the metadata defining

the schemas specific to that customer is modified without impacting on

the baseschema or the other customers deployed schemas

26


27/36

27

Different types of SaaS

Type 1: Ad-Hoc/Custom

Type 2: Configurable

Type 3: Configurable, Multi-

Tenant-Efficient

Type 4: Scalable,

Configurable, Multi-Tenant-

Efficient

27Source: Microsoft MSDN Architecture Center


28/36

28

Different types of SaaS Type 1: Ad-Hoc/Custom Each customer (or tenant) has

there own instance of the

application which can be

customised on an individual basis

Level 1 SaaS is equivalent to

application hosting

28


29/36

29

Different types of SaaS Type 2: Configurable A single application base is

customised for each

customer/tenant

Customisation is deployed within

each instance of the application

Deployment of upgrades across the

instance will require roll-out to each

instance

29


30/36

30

Different types of SaaS Type 3: Configurable, Multi-

Tenant-Efficient

A single application base and

instance is customised for each

customer/tenant

Customisation is deployed at run-

time within each instance of the

application

Single instance is more resource

efficient than multiple instances

Deployment of upgrades made to a

single instance

30


31/36

31

Different types of SaaS Type 4: Scalable,

Configurable, Multi-Tenant-

Efficient

Uses a tenant load balancer to

balance load between multiple

instances

Similar to a hypervisor

Should provide superior scalability

and efficiency

Requires deployment of upgradesto made to multiple instances

31


32/36

Conclusions: Understanding the

different service model architectures

Different levels of abstraction

OS: Amazon EC2

Application development framework : Google AppEngine

Applicaton customisation: Salesforce

Similar to languages

Higher level abstractions can be built on top of lower ones

EC2 Azure AppEngine

Lower-level,

More flexibility,

More managementScalability through configuration

Higher-level,

Less flexibility,

Less managementAutomatically scalable

32

Salesforce.com

IAAS PAAS SAAS


33/36

Cloud and security

33


34/36

34

General Security Challenges

Security/data control is the most often cited issue with

migration to the cloud

Issues include:

Trusting vendors security model

Customer inability to respond to audit findings

(dependent on service provider to modify service)

Obtaining support for investigations Indirect administrator accountability

Proprietary implementations cant be examined

Loss of physical control


35/36

35

Cloud Security Challenges Part 1

Data dispersal and international privacy laws EU Data Protection Directive and U.S. Safe Harbor program

Exposure of data to foreign government and data subpoenas

Data retention issues

Mostly addressed by cloud vendor providing geographicspecific services

Clear data ownership

Quality of service guarantees Reliability of cloud service providers service in the context of

enterprise level quality of service commitments (typically withrequired recovery times in seconds or minutes)

Potential for massive outages


36/36

Cloud Security Challenges Part 2

Dependence on secure hypervisors (for IaaS) or Multi-

tenancy (in both PaaS and SaaS) Attraction to hackers (high value target)

Security of virtual OSs in the cloud

Encryption needs for cloud computing Encrypting access to the cloud resource control interface

Encrypting administrative access to OS instances

Encrypting access to applications

Encrypting application data at rest

Lack of public PaaS/SaaS version control Changes to the service may occur with out explicit agreement

from the customerunlike tightly controlled lifecyclemanagement within an enterprise

228-4 enterprise systems

Documents