Introduction to Cloud Computing

Grid Computing
Def

combination of computer resources from multiple administrative domains applied to a common task* distributed parallel computation

Core idea

super virtual computer

* http://en.wikipedia.org/wiki/Grid_computing

Utility Computing
Def

The packaging of computing resources (computation, storage etc.) as a metered service similar to a traditional public utility* not a new concept

Observation

" f computers of the kind have advocated become the computers of the future, then computing may someday be organi!ed as a public utility "ust as the telephone system is a public utility... The computer utility could become the basis of a ne# and important industry." $ %ohn &c'arthy, & T 'entennial in ()*(
* http://en.wikipedia.org/wiki/Utility_computing
3

Cloud Computing
Is cloud computing?

grid computing + utility computing ?? difficult to define

means different things to different parties

arious definitions

!I"# $ !ational Institute of "tandards and #echnology

%universally& accepted definition

Cloud Computing NIST

Definition

'loud computing is a model for enabling convenient, on$demand net#ork access to a shared pool of configurable computing resources (e.g., net#orks, servers, storage, applications, and services) that can be rapidly provisioned and released #ith minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.*

* http://csrc.nist.gov/groups/S S/cloud!computing/cloud!de"!v#$.doc

'

Cloud Computing NIST

Definition

'loud computing is a model for enabling convenient, on$demand net#ork access to a shared pool of configurable computing resources (e.g., net#orks, servers, storage, applications, and services) that can be rapidly provisioned and released #ith minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.*

* http://csrc.nist.gov/groups/S S/cloud!computing/cloud!de"!v#$.doc

Cloud Computing NIST

Definition

'loud computing is a model for enabling convenient, on$demand net#ork access to a shared pool of configurable computing resources (e.g., net#orks, servers, storage, applications, and services) that can be rapidly provisioned and released #ith minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.*

* http://csrc.nist.gov/groups/S S/cloud!computing/cloud!de"!v#$.doc

Cloud Computing NIST

Definition

'loud computing is a model for enabling convenient, on$demand net#ork access to a shared pool of configurable computing resources (e.g., net#orks, servers, storage, applications, and services) that can be rapidly provisioned and released #ith minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.*

* http://csrc.nist.gov/groups/S S/cloud!computing/cloud!de"!v#$.doc

Cloud Computing NIST

Definition

'loud computing is a model for enabling convenient, on$demand net#ork access to a shared pool of configurable computing resources (e.g., net#orks, servers, storage, applications, and services) that can be rapidly provisioned and released #ith minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.*

* http://csrc.nist.gov/groups/S S/cloud!computing/cloud!de"!v#$.doc

Cloud Computing NIST

Definition

'loud computing is a model for enabling convenient, on$demand net#ork access to a shared pool of configurable computing resources (e.g., net#orks, servers, storage, applications, and services) that can be rapidly provisioned and released #ith minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.*

* http://csrc.nist.gov/groups/S S/cloud!computing/cloud!de"!v#$.doc

,-

NIST Essential Characteristics

On.demand self.service

a consumer can unilaterally provision computing capabilities #ithout human interaction with the service provider computing capabilities

server time/ networ0 storage/ number of servers etc1

,,

NIST Essential Characteristics

2road networ0 access

capabilities are

available over the networ0 accessed through standard mechanisms heterogeneous thin or thic0 client platforms

promote use by

,2

NIST Essential Characteristics

3ulti.tenancy 4 5esource pooling

provider6s computing resources are pooled to serve multiple consumers computing resources

storage/ processing/ memory/ networ0 bandwidth and virtual machines no control over the e7act location of the resources performance/ scalability/ security
,3

location independence

has ma8or implications

NIST Essential Characteristics

5apid elasticity

capabilities can be rapidly and elastically provisioned unlimited virtual resources predicting a ceiling is difficult

,4

NIST Essential Characteristics

3easured service

metering capability of service4resource abstractions

storage processing bandwidth active user accounts

OK so what happened to utility computing pay as you go model??

more on this later when we discuss deployment models

,'

Relevant Technologies
9ccess

heterogeneous set of thic0 : thin clients

;Cs <enterprise/ home=/ mobile devices/ hand.held devices wired : wireless large computing capacity distributed direct access storage devices s1 storage area networ0s

high speed broadband access

data centres

,(

Relevant Technologies
irtuali>ation

decoupling from the physical computing resources

irtuali>ation types

hardware

emulation $ 3 emulates4simulates complete hardware

?@3A Ben

paravirtuali>ation . software interface to virtual machines

full virtuali>ation . complete simulation of the underlying hardware

3Care/ ;arallels
,)

Relevant Technologies
irtuali>ation types

memory virtuali>ation

decouples volatile random access memory <593= resources from individual systems aggregates these resources into a virtuali>ed memory pool available to any computer in the cluster abstracting logical storage from physical storage !9" . networ0 attached storage data as an abstract layer/ independent of underlying database systems/ structures and storage

storage virtuali>ation

data virtuali>ation

,*

Relevant Technologies
irtuali>ation types

networ0 virtuali>ation

virtuali>ed networ0 addressing space within or across networ0 subnets ;!s

?uestion?

how do we measure virtual resources

9ma>on @CA <elastic compute unit=

@C2 Compute Anit eDuals ,1-.,12 EF> 2--) Opteron or 2--) Beon processor
,+

Relevant Technologies
9;Is

reDuired for various operations and applications

administration application development resource migration

no standards

2-

SPI Services
"aa" <"oftware.as.a."ervice=

vendor4provider controlled applications accessed over the networ0 characteristics

networ0 based access multi.tenancy single software release for all "alesforce1com/ Eoogle Docs

"aa" @7amples

2,

SPI Services
"aa" : 3ulti.tenancy

"aa" applications are multi.tenant applications application data

Eoogle docs

"aa" 9pplication Design

"aa" applications are Gnet nativeG configurability/ efficiency/ and scalability "O9 : "aa"

22

Net Native Application

Characteristics

cloud specific design/ development : deployment multi.tenant data builtin metering : management browser based client : client tools customi>ation via configuration

23

SPI Services
"aa" Disadvantages

dependency on

networ0/ cloud service provider limited client bandwidth goodH better security than personal computers badH C"; is in charge of the data uglyH user privacy

performance

security

24

SPI Services
;aa" <;latform.as.a."ervice=

vendor provided development environment

tools : technology selected by vendor control over data life.cycle

9dvantages

rapid development : deployment small startup cost

reDuired s0ills set money

2'

SPI Services
;aa" $ 9rchitectural Characteristics

multi.tenancy

data load balancing : fail.over performance resource consumption4utili>ation load

native scalability

native integrated management

2(

SPI Services
;aa" Disadvantages

inherits all from "aa" choice of development technology is limited to vendor provided4supported tools and services Eoogle app engine

;aa" @7amples

Eoogle "ite + Eoogle Docs

2)

SPI Services
Iaa" <Infrastructure.as.a."ervice=

vendor provided and consumer provisioned computing resources

processing/ storage/ networ0/ etc1 consumer is provided customi>ed virtual machines consumer has control over

O"/ memory storage servers : deployment configurations limited control over networ0 resources

2*

SPI Services
Iaa" I utility computing??

maybe $ !I"# does not tal0 about JJ infrastructure scalability native integrated management

9dvantages

performance/ resource consumption4utili>ation/ load hardware/ I# support

economical cost

2+

SPI Services
Iaa" @7amples

9ma>on @lastic Compute Cloud $ @C2

3-

SPI Services

3,

SPI Services & Control

In!house
)eployment

-osted
)eployment

IaaS
Cloud

(aaS
Cloud

SaaS
Cloud

)ata '(( %& Server Storage etwork

)ata '(( %& Server Storage etwork

)ata '(( %& Server Storage etwork

)ata '(( Services Server Storage etwork

)ata '(( Services Server Storage etwork

*rgani+ation controlled

*rgani+ation , service Service (rovider provider share control controlled

.#/ Visualizing the Boundaries of Control in the Cloud. Dec 2009. http://kscottmorrison.com/0112/#0/1#/visuali+ing!the!3oundaries!o"!control!in!the!cloud/

32

XaaS
Baa" <@verything.as.a."ervice=

composite second level services

"ecurity.as.a."ervice

3c9feeK 3c9fee "aa" @mail 9rchiving 3c9fee "aa" @mail Inbound Liltering 3c9fee ulnerability 9ssessment "aa" <;@! #ests= oI;/ private ;2B

Caa" $ Communication.as.a."ervice

*http://www.mca"ee.com/us/enterprise/products/hosted_security/

33

A Simple Reference Model

applications management monitoring service service service service SaaS

metering

security

(aaS

cloud runtime virtuali+ation storage

in"rastructure

IaaS

34

Amazon Web Services

http://aws.ama+on.com/

3'

NIST Cloud Deployment Models

4 Deployment 3odels

private cloud

infrastructure is operated solely for an organi>ation managed by the organi>ation or by a third party supports a specific community infrastructure is shared by several organi>ations

community cloud

3(

NIST Cloud Deployment Models

4 Deployment 3odels

public cloud

infrastructure is made available to the general public owned by an organi>ation selling cloud services infrastructure is a composition of two or more clouds deployment models enables data and application portability

hybrid cloud

3)

NIST Cloud Computing

http://www.katescomment.com/images/CloudCu3e.png

3*

Cloud Distributed Storage

Distributed "torage

#wo approaches to scaling

vertical $ bigger hardware hori>ontal $ more hardware

functional partitioning hori>ontal partitioning shardingK

http://4ueue.acm.org/detail.c"m5id6#728#09

*http://en.wikipedia.org/wiki/Shard_:09data3ase_architecture:02

3+

Cloud Distributed Storage

C9; #heoremK

web services cannot ensure all three of the following properties at once

consistency

set of operations has occurred all at once an operation must terminate in an intended response operations will complete/ even if individual components are unavailable

availability

partition tolerance

* ;ric <rewer= University o" Cali"ornia= <erkeley

4-

Cloud Distributed Storage

Fori>ontal "torage "caling

any hori!ontal scaling strategy is based on data partitioning*

forced to decide between consistency : availability

9CID

provides strong data consistency guarantees

at the cost of availability 2;C availability I product of availability of each

* http://4ueue.acm.org/detail.c"m5id6#728#09

4,

Cloud Distributed Storage

29"@ $ an 9CID alternative

basically available/ soft state/ eventual consistency characteristic

optimistic and accepts that the database consistency #ill be in a state of flu+* supports partial failures leads to levels of scalability that cannot be obtained #ith ,' -*

scalability promise

* http://4ueue.acm.org/detail.c"m5id6#728#09

42

Cloud Distributed Storage

@ventual Consistency

consistency across functional groups is easy to rela7 we encounter this on daily basis some scenarios

update of online user profile online master card payment 9#3 cheDue deposit permit partial failures

idempotent operations

43

Cloud Distributed Storage

Eeneral Characteristics

simplified data model built on distributed file systems

EL" . Eoogle Lile "ystem FDL" $ Fadoop Distributed Lile "ystem rela7ed consistency replication

highly available

fault.tolerant

44

Cloud Distributed Storage

Eeneral Characteristics

eventual consistency

all replicas will be updated at different times and in different order Eoogle 2ig#able Mahoo ;!A#" 9ma>on "3

e7amples

4'

Cloud Distributed Computation

3otivation

distributed computing

many thousands of computers

large datasets fault.tolerant easy to configure : manage

4(

Cloud Distributed Computation

2asic Idea

functional programming functional decomposition

large problem bro0en into a set of small problems each small problem

can be solved by a functional transformation of input data remember pipes : filters?? can be e7ecuted in complete isolation parallel computing

server <tas0= farm

to solve the big problem

4)

Cloud Distributed Computation

Distributed grep
grep matches solution

concat

4*

Cloud Distributed Computation

Distributed wc
count counts solution

merge

4+

MapReduce
grep matches solution

concat

count

counts

solution

merge

&'(

)'?' >;)UC; ('>?I?I* I G

'-

MapReduce
3ap

inputH 0ey4value pair outputH intermediate 0ey4value pair inputH intermediate 0ey4value pair outputH final 0ey4value pair

5educe

',

MapReduce
@7amples

distributed grep

map

if match<value/pattern= emit<value/,= emit<0ey/sum<valueK==

reduce

distributed wc

map

for all w in value do emit<w/,= emit<0ey/sum<valueK==

'2

reduce

Security in Cloud
"ecurity

#echnology/ provides assurance

confidentiality integrity/ authenticity

;rivacy

5ight/ provides control

anonymity primary : secondary use

'3

Information Security Concerns

Confidentiality

safe from prying eyes

communication/ persistence

9uthenticity

data is from a 0nown source data has not been tampered with

Integrity

provenance <computation= persistence

'4

Information Security Concerns

!on.repudiation

assurance against deniability access : modification by privileged users

9ccess control

individual vs1 group access multi.tenancy <;aa"/ "aa"=

''

Information Security Concerns

Nong term security

change in authentication4authori>ation proof of possession confidentiality

crypto systems do not provide long term guarantees

intersection attac0s

'(

Security Enhancing Techniques

@ncryption

symmetric encryption <data= public 0ey cryptography <identity, authentication=

secret private 0ey/ published public 0ey

hash 4 3essage 9uthentication Code <integrity= digital signatures <authentication, non$repudiation= #N"4""N <communication=

')

Security Enhancing Techniques

@ncryption

homomorphic encryptionK

allow for arbitrary computing over encrypted data

if @<p= I c then D<2c= I 2p <multiplication operation= allows for data processing without decryption

promising but not practical so farKK increase as the access control granularity increases

0ey management challenges

* Gentry= C. 0112. @ully homomorphic encryption using ideal lattices. In (roceedings o" the 8#st 'nnual 'C& Symposium on theory o" Computing A<ethesda= &)= US'= &ay 7# ! Bune 10= 0112C. S?*C D12. 'C&= ew Eork= E= #F2!#G9. ** <ruce Schneier. Schneier on Security. http://www.schneier.com/3log/archives/0112/1G/homomorphic_enc.html

'*

Security Enhancing Techniques

"ecure Duery : search

;I54";I5 <;rivate Information 5etrieval=

allo#s a user to retrieve an item from the server #ithout revealing the item to the database* under research

more effort reDuired to be adopted by mainstream

* Chor= <.= Hushilevit+= ;.= Goldreich= *.= and Sudan= &. #229. (rivate in"ormation retrieval. B. 'C& 8$= F A ov. #229C= 2F$!29#.

'+

Security Enhancing Techniques

"ecure Duery : search

encrypted data search

matching with encrypted 0eywords

meta.data driven single party Duery multi party Dueries

secure anonymous database search <"9D"=K

not easy/ may reDuire trusted third parties

* >aykova= &.= %o= <.= <ellovin= S. &.= and &alkin= ?. 0112. Secure anonymous data3ase search. In (roceedings o" the 0112 'C& Iorkshop on Cloud Computing Security AChicago= Illinois= US'= ovem3er #7 ! #7= 0112C. CCSI D12. 'C&= ew Eork= E= ##$! #0F.

(-

Security Enhancing Techniques

5emote data chec0ing

client side preprocessing

data in chun0s along with 39C for each chun0 server stores data chun0 + 39C combinations forward error correction

long term recoverability

(,

Security Enhancing Techniques

Data 5emanence

%5esidual representation of data after purge& Fow to purge data in cloud?

ris0 at all levels <"aa"/ ;aa"/ and Iaa"= encrypt the data in the cloud data deletion I 0ey destruction

"ecure deletion

(2

Security in Cloud
C"9 <Cloud "ervice 9lliance=

httpH44www1cloudsecurityalliance1org4 various introductory publications

C"9 Euide ver 21inline with !I"#

(3