228-4 enterprise systems
TRANSCRIPT
-
8/12/2019 228-4 Enterprise Systems
1/36
Cloud Computing
-
8/12/2019 228-4 Enterprise Systems
2/36
Definition
Cloud computing is a pay-per-use model for enabling
available, convenient, on-demand network access to a
shared pool of configurable computing resources (e.g.,
networks, servers, storage, applications, services) that
can be rapidly provisioned and released with minimal
management effort or service provider interaction. This
cloud model promotes availability.
-
8/12/2019 228-4 Enterprise Systems
3/36
What is cloud computing?
I dont understand what we would do differently in
the light of Cloud Computing other than change the
wordings of some of our adsLarry Ellision, Oracles CEO
I have not heard two people say the same thingabout it [cloud]. There are multiple definitions out
there of the cloudAndy Isherwood, HPs Vice President of European Software Sales
Its stupidity. Its worse than stupidity: its amarketing hype campaign.
Richard Stallman, Free Software Foundation founder
3
-
8/12/2019 228-4 Enterprise Systems
4/36
Business attributes Access resources from cloud of available computing
resources
Is always available and scales automatically to meet demand
Is pay per use: Based on resources consumed
Enables full customer self-service
Note: Can be provided by 3rdparty (e.g. Amazon) or on own network for
v. large organisations (a.k.a private cloud)
Acquire resources on demand Release resources when no longer needed
Turns capital investment/fixed cost into operating costs/variable costs
Reduced costtake advantage of economies of scale across users of
cloud
-
8/12/2019 228-4 Enterprise Systems
5/36
-
8/12/2019 228-4 Enterprise Systems
6/36
The NIST Cloud Definition Framework
6
Community
CloudPrivate
Cloud
Public
Cloud
Hybrid
CloudsDeployment
Models
Service
Models
Essential
Characteristics
Common
Characteristics
Software as a
Service (SaaS)
Platform as a
Service (PaaS)
Infrastructure as
a Service (IaaS)
Resource Pooling
Broad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost Software
Virtualization Service Orientation
Advanced Security
Homogeneity
Massive Scale Resilient Computing
Geographic Distribution
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com
-
8/12/2019 228-4 Enterprise Systems
7/36
OS Virtualisation leads directly to resilient computing,rapid elasticity and advanced security
In case of VM based cloud, facilitates measured service as
hypervisor tracks usage
Multi-tenancy provides rapid elasticity
The NIST Cloud Definition Framework
7
Essential
Characteristics
Common
Characteristics
Resource Pooling
Broad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost Software
Virtualization Service Orientation
Advanced Security
Homogeneity
Massive Scale Resilient Computing
Geographic Distribution
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com
-
8/12/2019 228-4 Enterprise Systems
8/36
A number of other attributes rely on the scale of
investment undertaken by cloud providers
Early cloud promoters (e.g. Amazon & Google) had to build
massive scale for their main businesses
Use of open source software and commodity hardware
reduces overall cost to cloud provider
The NIST Cloud Definition Framework
8
Essential
Characteristics
Common
Characteristics
Resource Pooling
Broad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost Software
Virtualization Service Orientation
Advanced Security
Homogeneity
Massive Scale Resilient Computing
Geographic Distribution
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com
-
8/12/2019 228-4 Enterprise Systems
9/369
4 Cloud Deployment Models Private cloud
Cloud infrastructure is operated solely for an organization. It may
be managed by the organization or a third party and may exist on
premise or off premise
Typically only large organisations
Public cloud
Cloud infrastructure is made available to the 3rdparties but is
owned by an organization selling cloud services
Cloud services designed to be generic and suitable to allcustomers
E.g. Amazon, Google, Microsoft, BM etc
-
8/12/2019 228-4 Enterprise Systems
10/3610
4 Cloud Deployment Models
Community cloud
Cloud infrastructure is shared by several organizations and
supports a specific community that has shared concerns (e.g.,
mission, security requirements, policy, and compliance
considerations) May be managed by the organizations or a third party and may
exist on premise or off premise
Hybrid cloud composition of two or more clouds that remain unique and
separate entities but are bound together by standardized or
proprietary technology that enables data and application
portability
Cloud bu rst ingis the term used to describe the process where
an organisation extend from a private to public cloud
-
8/12/2019 228-4 Enterprise Systems
11/36
Client access architecture
Client access via browser of Web Services
Independent of type of cloud computing
11
Server
OS
Database
App Server
Storage
Network
App 1
ClientsAccess via
Browser
Orweb-service
(SOAP or REST) Network
App 1
Or
Storage
VM
App
server
DB
OS
Platform
-
8/12/2019 228-4 Enterprise Systems
12/36
Service model architecture
Four main service model architectures Datastore as a service is not always included although currently
the most popular use of cloud
Significant differences in the technical and commercial
architectures 12
Infrastructure As A Service (IaaS)
Platform As A Service (PaaS)
Software As A Service (SaaS)
Datastore
asaservice
-
8/12/2019 228-4 Enterprise Systems
13/36
Service model architecture:
Datastorage as a servce
Functional: Data storage interfaces can be used by any of the othertypes or accessed directly
Examples of direct usage: Amazons really simple storage
Commercial: Charged on basis of amount of storage used13
Infrastructure As A Service (IaaS)
Platform As A Service (PaaS)
Software As A Service (SaaS)
Datastore
asaservice
-
8/12/2019 228-4 Enterprise Systems
14/36
Characteristics of cloud
datastore Cloud based datastore is massively distributed and scalable
Utilises large number of commodity servers (a.k.a. nodes)
This implies that the chance of system failure across a large number
of nodes is high
Therefore, cloud datastore must cope with node failure
Cloud datastores are typically non-relational
Distribution across a large number of nodes not a good fit to the
relational model of databases. Relational databases support joins
which are hard to implement in a massively distributed way
To address requirement for relational database capabilities
Either provide relational interfaces to non-relational infrastructure
Allow relational databases to run on a small number of nodes as part of
the virtualisation14
-
8/12/2019 228-4 Enterprise Systems
15/36
Characteristics of cloud
datastore
Cloud datastores are optimised for large scale data search
E.g. Googles MapReduce (and hadoop an open source
implementation) which divide the processing into multiple blocks (Map)
and then process each block on one or more nodes (reduce)
Cloud datastores are also appropriate to business intelligence
applications which require column based processing
E.g. Summing sales in a particular region
In contrast, relational databases are efficient for record/row level
read/write
15
-
8/12/2019 228-4 Enterprise Systems
16/36
Service model architecture:
IaaS
Functional: Virtual server instances available for provisioning Examples: Amazons EC2,
Commercial: Charged on basis of number /scale of instances as
well as usage profile16
Infrastructure As A Service (IaaS)
Platform As A Service (PaaS)
Software As A Service (SaaS)
Datastore
asaservice
-
8/12/2019 228-4 Enterprise Systems
17/36
Example: Amazon EC2
Amazon provides a range of
general purpose support
services accessible via VMs
Examples of these servicesinclude
Simple Queue Service: Limited
messaging system for
communications between VMs
S3: Cloud storage service
17
-
8/12/2019 228-4 Enterprise Systems
18/36
Example: Amazon EC2
Other examples of these services (cont)
SimpleDB: Non-relational database
Elastic MapReduce: large scale search and text processing
infrastructure
Flexible payment service: enabling website payments
Mechanical Turk: outsourcing marketplace
18
-
8/12/2019 228-4 Enterprise Systems
19/36
Amazon EC2 options and
pricing
Aws.amazon.com/ec2
19
-
8/12/2019 228-4 Enterprise Systems
20/36
Service model architecture:
PaaS
Functional: Application development and deployment environment Provides programming APIs as well as underlying infrastructure
Commercial: Metering and billing based on application usage
typically CPU consumption/datastore consumption20
Infrastructure As A Service (IaaS)
Platform As A Service (PaaS)
Software As A Service (SaaS)
Datastore
asaservice
-
8/12/2019 228-4 Enterprise Systems
21/36
Example: Google AppEngine
Platform uses multiple tenancy on
the single infrastructure
Benefit of charging only on usage and
not on number of instance (as with IaaS)
Provides general purpose supportservices
Includes infrastructure services such as
database
Also includes application level interfacessuch as video conferencing
Provides both server and client side
APIs to develop Google AppEngine
applications
Provides a platform which is proprietary21
-
8/12/2019 228-4 Enterprise Systems
22/3622
Example: Microsoft Azure Services
Access to the Microsoft platform as a cloud based
platform
Provides a platform which is proprietary
Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das
-
8/12/2019 228-4 Enterprise Systems
23/36
Service model architecture:
SaaS
Functional: End user interaction with the Applications function Allows for customisation of UI and workflows
Often uses mult-tenancy databases
Commercial: typically billing based on number of users23
Infrastructure As A Service (IaaS)
Platform As A Service (PaaS)
Software As A Service (SaaS)
Datastore
asaservice
-
8/12/2019 228-4 Enterprise Systems
24/36
Example: Salesforce.com
Provides complete application accessible
from the cloud
Infrastructure is hidden from the user
Software can be configured to supportcustomer specific requirements
Supports customisation through configuration
driven language
Scope for customisation is limited
Uses multi-tenancy architecture
Essential a platform for a specific class of
application
Configuration results in a change to both UI andunderlying database schema for that customer
24
-
8/12/2019 228-4 Enterprise Systems
25/36
Examples of configuration
UI actions (such as entering an email address) can have customised scripts
associated with them which perform workflow or validation logic
Workflow defines the sequence of steps through the UI screens
Validation logic enforces rules about information entered based on customerspecific standards or context specific restraints (i.e. What can be entered given
the current workflow)
These may not effect the database schema definition and therefore can be
deployed only to that customers UI25
-
8/12/2019 228-4 Enterprise Systems
26/36
Examples of configuration
UI definitions (or associated workflows) may also require
modifications/extensions to the database schema
Through multi-tenancy/multi-schema approach, the metadata defining
the schemas specific to that customer is modified without impacting on
the baseschema or the other customers deployed schemas
26
-
8/12/2019 228-4 Enterprise Systems
27/36
27
Different types of SaaS
Type 1: Ad-Hoc/Custom
Type 2: Configurable
Type 3: Configurable, Multi-
Tenant-Efficient
Type 4: Scalable,
Configurable, Multi-Tenant-
Efficient
27Source: Microsoft MSDN Architecture Center
-
8/12/2019 228-4 Enterprise Systems
28/36
28
Different types of SaaS Type 1: Ad-Hoc/Custom Each customer (or tenant) has
there own instance of the
application which can be
customised on an individual basis
Level 1 SaaS is equivalent to
application hosting
28
-
8/12/2019 228-4 Enterprise Systems
29/36
29
Different types of SaaS Type 2: Configurable A single application base is
customised for each
customer/tenant
Customisation is deployed within
each instance of the application
Deployment of upgrades across the
instance will require roll-out to each
instance
29
-
8/12/2019 228-4 Enterprise Systems
30/36
30
Different types of SaaS Type 3: Configurable, Multi-
Tenant-Efficient
A single application base and
instance is customised for each
customer/tenant
Customisation is deployed at run-
time within each instance of the
application
Single instance is more resource
efficient than multiple instances
Deployment of upgrades made to a
single instance
30
-
8/12/2019 228-4 Enterprise Systems
31/36
31
Different types of SaaS Type 4: Scalable,
Configurable, Multi-Tenant-
Efficient
Uses a tenant load balancer to
balance load between multiple
instances
Similar to a hypervisor
Should provide superior scalability
and efficiency
Requires deployment of upgradesto made to multiple instances
31
-
8/12/2019 228-4 Enterprise Systems
32/36
Conclusions: Understanding the
different service model architectures
Different levels of abstraction
OS: Amazon EC2
Application development framework : Google AppEngine
Applicaton customisation: Salesforce
Similar to languages
Higher level abstractions can be built on top of lower ones
EC2 Azure AppEngine
Lower-level,
More flexibility,
More managementScalability through configuration
Higher-level,
Less flexibility,
Less managementAutomatically scalable
32
Salesforce.com
IAAS PAAS SAAS
-
8/12/2019 228-4 Enterprise Systems
33/36
Cloud and security
33
-
8/12/2019 228-4 Enterprise Systems
34/36
34
General Security Challenges
Security/data control is the most often cited issue with
migration to the cloud
Issues include:
Trusting vendors security model
Customer inability to respond to audit findings
(dependent on service provider to modify service)
Obtaining support for investigations Indirect administrator accountability
Proprietary implementations cant be examined
Loss of physical control
-
8/12/2019 228-4 Enterprise Systems
35/36
35
Cloud Security Challenges Part 1
Data dispersal and international privacy laws EU Data Protection Directive and U.S. Safe Harbor program
Exposure of data to foreign government and data subpoenas
Data retention issues
Mostly addressed by cloud vendor providing geographicspecific services
Clear data ownership
Quality of service guarantees Reliability of cloud service providers service in the context of
enterprise level quality of service commitments (typically withrequired recovery times in seconds or minutes)
Potential for massive outages
-
8/12/2019 228-4 Enterprise Systems
36/36
Cloud Security Challenges Part 2
Dependence on secure hypervisors (for IaaS) or Multi-
tenancy (in both PaaS and SaaS) Attraction to hackers (high value target)
Security of virtual OSs in the cloud
Encryption needs for cloud computing Encrypting access to the cloud resource control interface
Encrypting administrative access to OS instances
Encrypting access to applications
Encrypting application data at rest
Lack of public PaaS/SaaS version control Changes to the service may occur with out explicit agreement
from the customerunlike tightly controlled lifecyclemanagement within an enterprise