introduction au cloud computing
DESCRIPTION
Cours donné dans le cadre d'infosafe en mars 2013TRANSCRIPT
Cloud ComputingCloud ComputingTransversale du 22/3/2013Transversale du 22/3/2013
Cloud ComputingCloud ComputingTransversale du 22/3/2013Transversale du 22/3/2013
Jean-Noël Colin
[email protected] Folon
Definition “A style of computing where scalable and elastic IT-related capabilities are provided “as-a-service” using internet technologies to multiple external customers.” (Gartner)
“Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” (National Institute of Standards and Technology)
3© 2009 IDC
Cloud Services Definition - updatedCloud Services Definition - updated
Consumer and Business products, services and solutions delivered and consumed in real-time over the Internet
Cloud Services
Public - open to a largely unrestricted universe of potential users; designed for a market, not a single enterprise
Private - designed for, and access restricted to, a single enterprise (or extended enterprise); an internal shared resource, not a commercial offering; IT Org is the “vendor” of the shared/std service to its users
DeploymentModels
[Note: large gray zones between these
two broad categories]
Shared, standard service – built for a market (public), not a single customer Solution-packaged – a “turnkey” offering, integrates required resources Self-service – admin, provisioning; may require some “on-boarding” support Elastic scaling – dynamic and fine-grained Use-based pricing – supported by service metering Accessible via the Internet/IP – ubiquitous (authorized) network access Standard UI technologies – browsers, RIA clients and underlying technologies Published service interface/API – e.g., web services APIs
Key Attributes
Five key characteristics, explained by the Gartner (Plummer, et al., 2009) and the National Institute of Standards and Technologies (Mell, et al., 2009):¢ • A service-oriented technology, where consumer concerns are abstracted
from provider concerns, and that is ready-to-use SERVICE BASED;¢ • Services scale on-demand to add or remove resources as needed RAPID
ELASTICITY AND SCALABILITY;¢ • Services share a pool of resources to build economies of scale SHARED
RESOURCES;¢ • Services are tracked with usage metrics to enable the “pay-as-you-go
model” PAY PER USE;¢ • Services are delivered through use of Web identifiers, standards, formats
and protocols and with an identical access UBIQUITOUS NETWORK ACCESS;
Cloud Computing in France – A model that will transform companies, Thesis by Cedric Mora, http://www.slideshare.net/cedricmora/cloud-computing-in-france
3 types of services
Cloud Computing in France – A model that will transform companies, Thesis by Cedric Mora, http://www.slideshare.net/cedricmora/cloud-computing-in-france
Software as a service (SAAS) The service provided makes use of the provider’s
applications accessible through a client interface, such as a web browser (ex: Gmail).
The consumer doesn’t manage or control the infrastructure, the network, the servers, the operating system, the storage and cannot add specific development (even if there are limited user specific application configuration settings).
Offers: Billing, Financials, Legal, Sales, Desktop productivity, Human Resources, Content Management, Backup & Recovery, CRM (Customer Relationship Management), Document Management, Collaboration Tools, Social Networks.
Cloud Computing in France – A model that will transform companies, Thesis by Cedric Mora, http://www.slideshare.net/cedricmora/cloud-computing-in-france
Platform as a service (PAAS)
The service provided consists in the deployment of consumercreated applications on the provider’s infrastructure and the use of programming languages and tools supported by the platform (ex: Java or Python available on Google App Engine).
The consumer doesn’t manage or control the infrastructure, the network, the servers, the operating system and the storage but he has control over the deployed applications, and occasionally application hosting environment configurations.
Offers: General purpose, Business intelligence, Integration, Development & Testing, Database.
Cloud Computing in France – A model that will transform companies, Thesis by Cedric Mora, http://www.slideshare.net/cedricmora/cloud-computing-in-france
Platform as a Service (PaaS)
Now you don’t need to invest millions of $$$ to get that development foundation ready for your developers.
The PaaS provider will deliver the platform on the web, and in most of the cases you can consume the platform using your browser, i.e. no need to download any software.
It has definitely empowered small & mid-size companies or even an individual developer to launch their own SaaS leveraging the power of these platform providers, without any initial investment.
PaaS Examples
Google App Engine and Windows Azure are examples of Cloud OS. OrangesScape & Wolf PaaS are cloud middleware.
http://www.techno-pulse.com/
INFRASTRUCTURE AS A SERVICE (IAAS)
The service provided gives the possibility to rent resources, such as processing, storage or bandwidth, and allows the consumer to deploy and run anysoftware (operating systems and/or applications).
The consumer doesn’t manage and control the infrastructure but he controls the operating system, the storage, the deployed applications, and occasionally networking components (firewall, load balancing).
Some providers offer to manage the application if the latter is not too specific and is compatible with the perimeter of their offer.
o Offers: Storage, Compute, Services Management.
Cloud Computing in France – A model that will transform companies, Thesis by Cedric Mora, http://www.slideshare.net/cedricmora/cloud-computing-in-france
Different type of cloud
•Public clouds•External private clouds•Private clouds•Hybrid clouds•Community clouds
Public clouds
Cloud Computing in France – A model that will transform companies, Thesis by Cedric Mora, http://www.slideshare.net/cedricmora/cloud-computing-in-france
Infrastructures are shared with a “Pay-as-you-go” model. This off-premise virtualized infrastructure is easily accessible and can be managed through a portal of the provider. The provider can make economies of scale: the homogeneous infrastructures are shared with all the consumers and managed and updated by the Cloud provider.Consumer can choose the infrastructure they need, and choose all the security elements and the uptime (SLA).
External private cloud We are also seeing an increase number of External
Private Clouds offerings (off-premises): This provides a way for companies to create a logically
separated set of virtual machines, a secure VPN connection to their own networks (Virtual Private Network is a secure tunnel through the Internet from a corporate network to provider’s servers).
It also enables the use of existing security and management policies.
Cloud Computing in France – A model that will transform companies, Thesis by Cedric Mora, http://www.slideshare.net/cedricmora/cloud-computing-in-france
Private clouds
Internal pool of resources inside the Date Centers of a company. Internal Private Clouds are sometimes seen as a simple
evolution of the classic Information System of an organization but have some characteristics of Public Clouds (they use the virtualization and dynamic provisioning).
Private Clouds are companies who only want to use services that are hosted in-house and do not want to share their infrastructure.
This type of Cloud respect the standard process and security policy of the company but doesn’t not offer as much benefits and flexibility to the CIO: he always have to invest in the hardware and software.
Hybrid cloud
Combination of different clouds (for example Public and Private Clouds) that allow for transitive information exchange and possibly application compatibility and portability across disparate Cloud service offerings and providers utilizing standard or proprietary methodologies regardless of ownership or location.
Cloud Computing in France – A model that will transform companies, Thesis by Cedric Mora, http://www.slideshare.net/cedricmora/cloud-computing-in-france
COMMUNITY CLOUD
Infrastructures, shared by several organizations, support a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations).
The US Government and NASA created a community cloud for all US government agencies.
This type of cloud combines two worlds: Public Cloud (different entities sharing their infrastructure) and Private Cloud (specific organizations use their own Data Centers and know with whom they share their infrastructure).
Cloud Computing in France – A model that will transform companies, Thesis by Cedric Mora, http://www.slideshare.net/cedricmora/cloud-computing-in-france
Impact on the organization
Impact on the organizationStrategy: What are the impacts on the strategy when it goes from controlling an infrastructure to controlling a process? What new strategies are possible now?
• Systems: What happen to the processes of the IT department? (ITIL, Build versus Run, contract management)
• Structure: How can the IT department be aligned with the business strategy? Does a company need a new organization? What happens to the CIO and the decision making?
• Shared values: Can an organization be still working in silos? A key element will be developed in the corporation culture
• Style: Does the managers have to behave differently?
• Staff: What happens to the actual employees? New jobs created?
• Skills: What skills does the employees need in this new model?
18
InfoSafe 2012-2013
Cloud Computing
• Le système d’information, un modèle en couches
Analyste
Architecte
Testeur
ProjectManager
Utilisateur
Infrastructure (matériel/réseau)
Système d'exploitation
Logiciel de service
Application
Données
19
InfoSafe 2012-2013
Cloud Computing
• Gestion du système d’information★ Recourir à des services externes
‣ Manque de compétences internes‣ Maîtrise des coûts‣ Manque de flexibilité interne
★ Outsourcing‣ Sous-traiter une activité à un partenaire
- Développement- Gestion SI- …
★ On-demand computing/Utility computing
20
InfoSafe 2012-2013
Cloud Computing
• Modèles de gestion IT★ IT Interne
‣ Entièreté du SI est sous la gestion directe de l’organisation
- Équipement, logiciel, hébergement, personnel
★ Colocation‣ Entièreté du SI est sous la gestion directe de
l’organisation, MAIS hébergement confié à un partenaire★ Managed services
‣ Couches hautes du SI sous la gestion directe de l’organisation, MAIS infrastructure (évt. Logiciel système) et hébergement confiés à un partenaire
★ Cloud Computing‣ Idem managed services, mais en incluant des
mécanismes de flexibilité, virtualisation, automatisation…
21
InfoSafe 2012-2013
Cloud Computing
• Modèles de gestion – coûts ★ CAPEX: Capital expenses – investissements★ OPEX: Operational Expenses
22
InfoSafe 2012-2013
Cloud Computing
• Définition★ « Environnement dans lequel les services d’infrastructure
(calcul, stockage…) et applicatifs sont fournis au travers d’Internet et accédés via un navigateur. » (Information Systems, Stair & Reynolds, Cengage, 2012)
• Principes★ Pool de ressources★ Virtualisation★ Elasticité★ Automatisation★ Per-usage business model
23
InfoSafe 2012-2013
Cloud Computing
• Résultat d’un processus d’évolution★ Evolution du paradigme
‣ Du mainframe au C/S au Web au Grid au Cloud★ Evolution du matériel
‣ Performances accrues (CPU, stockage, réseau)‣ Baisse du coût‣ Partage, mutualisation
★ Evolution du logiciel‣ Accès à distance‣ Virtualisation‣ SOA, approche ‘composants’ du logiciel
24
InfoSafe 2012-2013
Virtualisation
25
InfoSafe 2012-2013
Virtualisation
• Avantages★ Flexibilité
‣ Provisioning rapide (comparé à des machines physiques)‣ Ajustement des ressources
★ Sécurité‣ Isolation‣ DRP
★ Reporting★ Facturation
‣ Pay-per-usage
• Hyperviseurs★ VMWare, MS HyperV, KVM, Xen, IBM…
26
InfoSafe 2012-2013
Cloud Provider
Business
IT
Cloud Computing
Infrastructure
Système d’exploitation
Logiciels de service
Applications
27
InfoSafe 2012-2013
Cloud Computing
28
InfoSafe 2012-2013
Cloud Computing
Platform IaaS Paas Saas
SalesForce.com (http://www.salesforce.com/)
Amazon Elastic Compute Cloud (http://aws.amazon.com/ec2/)
Google App Engine (http://cloud.google.com/appengine/)
DropBox (https://www.dropbox.com/)
Microsoft Dynamics Online (http://crm.dynamics.com/)
WorkXpress (http://www.workxpress.com/)
Office 365 Online (http://office365.microsoft.com)
Google Docs (http://docs.google.com)
29
InfoSafe 2012-2013
Cloud Computing
Platform IaaS Paas Saas
SalesForce.com (http://www.salesforce.com/) ✔
Amazon Elastic Compute Cloud (http://aws.amazon.com/ec2/) ✔
Google App Engine (http://cloud.google.com/appengine/) ✔
DropBox (https://www.dropbox.com/) ✔
Microsoft Dynamics Online (http://crm.dynamics.com/) ✔
WorkXpress (http://www.workxpress.com/) ✔
Office 365 Online (http://office365.microsoft.com) ✔
Google Docs (http://docs.google.com) ✔
30
InfoSafe 2012-2013
Cloud Computing
Avantages Inconvénients
Intérêt économiqueModèle ‘pay as you go’CAPEX ➟ OPEX
One size fits all?
Flexibilité/Agilité Perte de maîtrise/contrôle
Sécurité (as a Service) Sécurité et protection des données
Efficacité/RentabilitéCoût de migration vers un modèle Cloud (adaptation, transfert de données)
Complexité contractuelle (SLA)
Dépendance vis-à-vis de tiers
Mécanisme de sortie?
31
InfoSafe 2012-2013
Cloud Computing
• Sécurité★ Aujourd’hui, premier frein à l’adoption du Cloud (IDC Study,
2009)★ Lié au partage des ressources★ Impératifs légaux et réglementaires
‣ Auditabilité: SOX, HIPAA‣ Accès par les autorités: USA Patriot Act‣ Localisation des données: EU Directive
★ Des solutions techniques existent‣ VPN, VLAN, DB Chiffrées…
Source: Wikipedia
Risques et opportunités du Cloud
Cloud Computing in France – A model that will transform companies, Thesis by Cedric Mora, http://www.slideshare.net/cedricmora/cloud-computing-in-france
Domaines critiques à étudier pour la gouvernance
Choc culturel - Résistance au changement Gestion des risques de l’entreprise Problèmes légaux
Fuites de données Accès aux données par les organismes gouvernementaux Protection de la vie privée
Mise en conformité et audit Gestion du cycle de vie de l’information
Création, identification, stockage, utilisation, partage, archivage et destruction
Définition des responsabilités
Portabilité et interopérabilité
106
Gouvernance et Sécurité dans le Cloud Computing : Avantages et Défis. Yves LE ROUX
Domaines critiques à étudier pour la sécurité
Plan de continuité et de reprise d’activités Opérations du ou des centre(s) informatique(s) Réponse, notifications et traitement des incidents Sécurité des applications Chiffrement et gestion des clés Identités et contrôle d’accès Technologie de virtualisation
107
Gouvernance et Sécurité dans le Cloud Computing : Avantages et Défis. Yves LE ROUX
Les avantages du Cloud Computing du point de vue sécurité & gouvernance (1/2)
Possibilité de mettre les données publiques dans un Cloud et de mieux protéger les données sensibles
Fragmentation et dispersion des données Equipe de sécurité dédiée Plus grand investissement dans l’infrastructure de
sécurité Tolérance aux fautes et fiabilité améliorées Meilleure réaction aux attaques
108
Gouvernance et Sécurité dans le Cloud Computing : Avantages et Défis. Yves LE ROUX
Les avantages du Cloud Computing du point de vue sécurité & gouvernance (2/2)
Réduction possible des activités de mise en conformité et d’audit Statement on Auditing Standards No. 70: Service Organizations Automated Audit, Assertion, Assessment, and Assurance API (A6)
Données détenues par un tiers impartial Solutions de stockage et de récupération de données à
moindre coût Contrôles de sécurité à la demande Détection en temps réel des falsifications du système
(System Tampering) Reconstitution rapide des services Possibilité accrue de créer des réseaux leurres (honeynet)
La capture d’une machine virtuelle ne compromet pas l’hôte
109
Gouvernance et Sécurité dans le Cloud Computing : Avantages et Défis. Yves LE ROUX
Les défis du Cloud Computing du point de vue sécurité & gouvernance (1/4)
Confiance dans le modèle de sécurité du fournisseur souvent opaque
Réponse par le client aux recommandations des audits Aide aux enquêtes après incidents Responsabilité des administrateurs appartenant au
fournisseur Perte du contrôle physique Gestion de l’isolement des machines virtuelles Présence de multi-location (multi-tenancy) Gestion des versions de logiciels
110
Gouvernance et Sécurité dans le Cloud Computing : Avantages et Défis. Yves LE ROUX
Les défis du Cloud Computing du point de vue sécurité & gouvernance (2/4)
Protection des données personnelles Traitement dans l’E.E.E. ou la Suisse, le Canada, l’Argentine,
Guernesey, Jersey, Man et le Safe Harbour (US) Règles internes d’entreprise / Corporate Binding rule Clauses contractuelles types Autorisation de transfert
Droit d’accès des organismes gouvernementaux Patriot Act, Regulation of Investigatory Powers Act,
LOPPSI, etc.
Conservation légale des documents et leur production Garantie de la qualité de service
111
Gouvernance et Sécurité dans le Cloud Computing : Avantages et Défis. Yves LE ROUX
Les défis du Cloud Computing du point de vue sécurité & gouvernance (3/4)
Attirance des hackers Possibilité d’une panne massive Intégration avec l’informatique interne Besoins de chiffrement
Problèmes légaux (import, export, utilisation) Accès chiffré à l’interface de contrôle du Cloud Accès chiffré aux applications Chiffrement des données stockées
Permanence / rémanence des données Agrégation et inférence des données
Gouvernance et Sécurité dans le Cloud Computing : Avantages et Défis. Yves LE ROUX
Les défis du Cloud Computing du point de vue sécurité & gouvernance (4/4)
Sécurisation des OS virtuels dans le Cloud Dépendance de la sécurité des hyperviseurs Gestion des identités dans le Cloud
Provisioning / déprovisioning Authentification Fédération Gestion des profils utilisateurs et des autorisations d’accès
Gouvernance et Sécurité dans le Cloud Computing : Avantages et Défis. Yves LE ROUX
Sources & credits Some material adapted from
slides by Christophe Bisciglia, Aaron Kimball, & Sierra Michels-Slettvet, Google Distributed Computing Seminar, 2007
Jimmy Lin, The iSchool, University of Maryland B.Singh, www.technopulse.com http://www.andyharjanto.com Gouvernance et sécurité dans le Cloud Computing : avantages et
défis, Yves LE ROUX, CISSP CISM, Principal Consultant; [email protected] Cloud Computing in France – A model that will transform
companies, Thesis by Cedric Mora, http://www.slideshare.net/cedricmora/cloud-computing-in-france