Documente Academic
Documente Profesional
Documente Cultură
Copyright 1996, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 , 2014, 2015 EMC
Corporation. All Rights Reserved. EMC believes the information in this publication is accurate as of its publication date. The information is
subject to change without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF
ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC2, EMC, Data Domain, RSA, EMC Centera, EMC ControlCenter, EMC LifeLine, EMC OnCourse, EMC Proven, EMC Snap, EMC SourceOne,
EMC Storage Administrator, Acartus, Access Logix, AdvantEdge, AlphaStor, ApplicationXtender, ArchiveXtender, Atmos, Authentica, Authentic
Problems, Automated Resource Manager, AutoStart, AutoSwap, AVALONidm, Avamar, Captiva, Catalog Solution, C-Clip, Celerra, Celerra
Replicator, Centera, CenterStage, CentraStar, ClaimPack, ClaimsEditor, CLARiiON, ClientPak, Codebook Correlation Technology, Common
Information Model, Configuration Intelligence, Configuresoft, Connectrix, CopyCross, CopyPoint, Dantz, DatabaseXtender, Direct Matrix
Architecture, DiskXtender, DiskXtender 2000, Document Sciences, Documentum, elnput, E-Lab, EmailXaminer, EmailXtender, Enginuity,
eRoom, Event Explorer, FarPoint, FirstPass, FLARE, FormWare, Geosynchrony, Global File Virtualization, Graphic Visualization, Greenplum,
HighRoad, HomeBase, InfoMover, Infoscape, Infra, InputAccel, InputAccel Express, Invista, Ionix, ISIS, Max Retriever, MediaStor,
MirrorView, Navisphere, NetWorker, nLayers, OnAlert, OpenScale, PixTools, Powerlink, PowerPath, PowerSnap, QuickScan, Rainfinity,
RepliCare, RepliStor, ResourcePak, Retrospect, RSA, the RSA logo, SafeLine, SAN Advisor, SAN Copy, SAN Manager, Smarts, SnapImage,
SnapSure, SnapView, SRDF, StorageScope, SupportMate, SymmAPI, SymmEnabler, Symmetrix, Symmetrix DMX, Symmetrix VMAX,
TimeFinder, UltraFlex, UltraPoint, UltraScale, Unisphere, VMAX, Vblock, Viewlets, Virtual Matrix, Virtual Matrix Architecture, Virtual
Provisioning, VisualSAN, VisualSRM, Voyence, VPLEX, VSAM-Assist, WebXtender, xPression, xPresso, YottaYotta, the EMC logo, and where
information lives, are registered trademarks or trademarks of EMC Corporation in the United States and other countries.
All other trademarks used herein are the property of their respective owners.
Copyright 2015 EMC Corporation. All rights reserved. Published in the USA.
Revision Date: 30/01/2015
Revision Number: MR-5WN-CLDFDS 2.0
This course covers cloud computing fundamentals including its characteristics, benefits, service
models, and deployment models. It details the elements that commonly exist in a cloud
environment including their functions and interactions. The course also describes emerging cloud
standards for portability, interoperability, and security. It gives you an overview of the integration
of social, mobile, and big data with cloud computing. It also touches upon EMCs products,
solutions, and services for cloud computing. The course follows the U.S. National Institute of
Standards and Technology as a guide for all definitions of cloud computing.
This module focuses on the definition, characteristics, and benefits of cloud computing.
In this course, we will use the U.S. National Institute of Standards and Technology definition of
cloud computing, as it has become the de facto definition of cloud computing. The National
Institute of Standards and Technology defines cloud computing as a model for enabling
convenient, on-demand network access to a shared pool of configurable computing resources that
can be rapidly provisioned and released with minimal management effort or service provider
interaction.
A cloud infrastructure is built, operated, and managed by a cloud provider. The provider is an
organization that provides cloud services to the cloud users or consumers. The consumer is an
individual or an organization that is a customer of a cloud. The provider may be an external
provider or internal to the consumer organization; for example the IT department. The provider
maintains shared pools of IT resources, and the resources are made available to consumers from
the pool. Consumers access resources over a network, such as the Internet or an intranet. In
general, a cloud and its consumers employ the client-server model. In this model, the consumers
(the clients) send requests over a network to the servers in a cloud. The servers then perform
operations in response to the received requests.
The following slides will further elaborate cloud computing.
Business executives cite the business agility as a key to achieve success in the fast paced and
rapidly evolving IT market. Business agility ensures quick time-to-market and improved
competitive advantage. The other key success factors regarded by the businesses are reduction of
IT infrastructure investment, improved resource utilization, and reduction of IT management
complexity and cost.
Traditionally, IT resources such as hardware and software are often acquired by the businesses to
support their business applications. The acquisition and provisioning of new resources commonly
follow a rigid procedure that includes approvals from the concerned authorities. As a result, they
may take up a considerable amount of time. This can delay operations and increase the time-tomarket. Additionally, to the extent allowed by budget, the IT resources required for an application
are sized based on peak usage. This results in incurring high up-front capital expenditure (CAPEX)
even though the resources remain underutilized for a majority of the time. As workloads
continue to grow and new technologies emerge, businesses may not afford for investments
to increase proportionally. Further, a significant portion of the IT budget goes to support and
maintain the existing IT infrastructure, leaving little left to provide innovative solutions to
business.
These long standing pain points can be mitigated by the adoption of cloud computing.
In cloud computing, users rent IT resources such as storage, processing, network bandwidth,
application, or a combination of them as cloud services. Cloud computing enables on-demand
resource provisioning and scalability. IT resources are provisioned by the users using a selfservice portal backed by an automated fulfillment process. These provide quick time-to-market,
and potentially, competitive advantage. Resource consumption is measured by using a metering
service which may help in billing users as per consumption. Users can de-provision the rented
resources when resources are no longer needed. This reduces investment in IT infrastructure and
improves resource utilization. This also reduces expenses associated with IT infrastructure
management, floor space, power, and cooling. Further, reduction of IT maintenance tasks can
drive new business initiatives, discovery of new markets, and innovation.
Traditionally, both the businesses and the individuals have been facing several challenges.
From a business perspective, each advancing wave of technology and business sophistication
changes the way IT works. Businesses must adopt new IT products and solutions rapidly to stay
competitive in the market. This may enforce organizations to periodically upgrade their IT
infrastructure and acquire new software and hardware resources. As an organizations capital
expenditure (CAPEX) rises, the risk associated with the investment also increases. For small and
medium sized businesses, this may be a big challenge, which eventually restricts their ability to
grow. As an individual, it may not be sensible or affordable to purchase new applications every
time, if you need them only for a brief period.
This slide shows various requirements and constraints from a business perspective as well as an
individual perspective. The following slide describes the way a cloud can address these constraints
and requirements.
The cloud model is similar to a utility service, such as an electricity service. In the case of an
electricity service, a consumer plugs in an electrical appliance to a socket and turns it on. The
consumer is typically unaware of how the electricity is generated or distributed. The consumer
only pays for the amount of electricity consumed. Similarly, to the cloud consumers, the cloud is
an abstraction of IT infrastructure, from which they rent IT resources as services, without any
accompanied risks or associated costs of owning the resources. The consumers only pay for the
services they use either based on a subscription or based on resource consumption.
Many organizations now view cloud as an extension of their IT resource procurement strategy. In
the future it may become a predominant way for organizations to use computing technology.
Through cloud computing, even smaller organizations can get the required IT resources and
compete with larger organizations, which seemed expensive and often cost-prohibitive earlier.
The U.S. National Institute of Standards and Technology specifies that the cloud model is
composed of five essential characteristics. These are on-demand self-service, broad network
access, resource pooling, rapid elasticity, and measured service. These characteristics are
described in the following slides.
In cloud computing, the consumers have the ability to provision the required IT resources on
demand from a cloud, at any time they want. Self-service means that the consumers themselves
carry out all the activities required to provision the cloud resources.
To enable on-demand self-service provisioning, a cloud provider makes a simple and userfriendly self-service portal available. The self-service portal is a website that allows consumers to
view and order cloud services. The cloud provider publishes a service catalog on the self-service
portal. The service catalog offers customers a limited and standardized set of service offerings
that have been pre-defined based on the providers expertise, technology, skill of personnel, and
on market demand. A consumer may view the service catalog to know what cloud services are
available, their features and price, and consumer-specific values of the services. Additionally, a
service catalog allows a consumer to request or order a service from the catalog in a self-service
way. The request gets processed automatically, without human intervention from the cloud
providers side. This considerably reduces the time needed to provision new or additional IT
resources.
10
Consumers access cloud services using any client or end-point device from anywhere over a
network, such as the Internet or an organizations private network. For instance, a cloud
application, such as a word processing software, can be accessed and used at any time over the
Internet. Users can access and edit documents from any Internet-connected device, eliminating
the need to install the application on the device. Client devices may have heterogeneous
underlying hardware and software platforms.
Cloud services are usually accessed using web services. Web services allow a client application to
request data and computations to a web server in a cloud and the web server to return the
responses. The client application could be a web browser or any web service application. Web
services enable clients to communicate with web servers in a cloud through the use of standard
web protocols, commonly Hypertext Transfer Protocol (HTTP). Web services are primarily based
on either the Simple Object Access Protocol (SOAP) specification or the Representational State
Transfer (REST) architectural style. The discussion on Simple Object Access Protocol and
Representational State Transfer are beyond the scope of this course.
11
12
Rapid elasticity refers to the ability of the consumers to quickly request, receive, and later release
as many resources as needed up to a limit defined for each cloud service. The characteristic of
rapid elasticity gives the consumers a sense of availability of unlimited cloud resources that can
be provisioned at any time. It enables consumers to adapt to the variations in workloadsby
quickly expanding or reducing resourcesas well as maintain the required performance level
proportionately. For example, to handle an increased workload, an organization requires double
the processing capacity for a specific duration. For the remaining period, the organization might
want to release the idle resources to save costs. The workload variations may be seasonal or
transient. The consumers can leverage the rapid elasticity characteristic of a cloud infrastructure
when they have such variations in workloads and IT resource requirements.
13
A cloud has a metering system that measures the resource consumption and helps in generating
bills for the consumers, based on the resources used by them. It measures the number of units of
service usage per consumer and reports the price for the consumed units. Examples of a service
unit are: per GB of storage, per transaction, and per hour of application usage. The billing reports
are generated, based on the price per unit and the number of units consumed of a service. The
billing report is visible to consumers through the self-service portal. The metering system also
provides information about the current demand on the cloud, and helps the cloud providers with
capacity and service planning.
14
Let us understand the benefits of cloud computing from a consumers perspective, beginning with
the business agility.
Cloud computing provides the capability to provision IT resources quickly and at any time,
thereby considerably reducing the time required to deploy new applications and services. This
enables businesses to reduce the time-to-market and to respond more quickly to market changes.
Cloud computing enables the consumers to rent any required IT resources based on the pay-peruse or subscription pricing. This reduces a consumers IT capital expenditure as investment is
required only for the resources needed to access the cloud services. Further, the consumer rents
only those resources from the cloud that are required, thereby eliminating the underutilized
resources. Additionally, the expenses associated with IT infrastructure configuration,
management, floor space, power, and cooling are reduced.
Cloud computing has the ability to ensure availability at varying levels, depending on the
providers policy towards service availability. Redundant infrastructure components enable fault
tolerance for cloud deployments. Moreover, data in a cloud can be broken into small pieces and
distributed across a large cluster of nodes in such a manner that an entire data set can be
reconstructed even if there is failure of individual nodes. Additionally, cloud-based applications
may be capable of maintaining limited functionality even when some of their components,
modules, or supporting services are not available. A service provider may also create multiple
service availability zones both within and across geographically dispersed data centers. A service
availability zone is a location with its own set of resources. Each zone is isolated from the other
zone so that a failure in one zone does not impact the other. If a service is distributed among
several zones, consumers of that service can fail over to other zones in the event of a zone
failure.
15
In cloud computing, consumers can unilaterally and automatically scale IT resources to meet the
workload demand. This is significantly more cost-effective than buying new IT resources that are
only used for a short time or only during specific periods.
In cloud computing, applications and data reside centrally and can be accessed from anywhere
over a network from any device such as desktop, mobile, and thin client. This eliminates a
consumers dependency on a specific end-point device. This also enables Bring Your Own Device
(BYOD), which is a recent trend in computing, whereby employees are allowed to use noncompany devices as business machines.
Moreover, when an organization uses cloud services, their infrastructure management tasks are
reduced to managing only those resources that are required to access the cloud services. The
cloud infrastructure is managed by the cloud provider and tasks such as software updates and
renewals are handled by the provider.
16
Cloud computing enables collaboration between disparate groups of people by allowing them to
share the resources and information and access them simultaneously from wide locations. For
example, employees in an organization can place a document centrally in the cloud, enabling
them to access it at the same time. This eliminates the need to send files back and forth via
email.
A cloud can also be leveraged to ensure business continuity. It is possible for IT services to be
rendered unavailable due to causes such as natural disasters, human error, technical failures, and
planned maintenance. The unavailability of IT services can lead to significant financial losses to
organizations and may also affect their reputations. However, having a remote secondary site for
disaster recovery involves additional capital expenditure and administrative overheads. Through
the use of cloud business continuity solutions, an organization can mitigate the impact of
downtime and recover from outages that adversely affect business operations. For example, an
organization may use cloud-based backup for maintaining additional copies of their data, which
can be retrieved in the event of an outage. An organization can also save on the capital expenses
required for implementing a backup solution for their IT infrastructure.
17
This module covered the definition, characteristics, and benefits of cloud computing.
18
This module focuses on cloud service models and cloud deployment models.
19
The U.S. National Institute of Standards and Technology defines three cloud service models and
four cloud deployment models as listed on the slide. A cloud service model specifies the services
and the capabilities that are provided to the consumers. A cloud deployment model provides a
basis for how cloud infrastructure is built, managed, and accessed. Each cloud deployment model
may be used for any of the cloud service models. These service models and deployment models
are described in the following slides.
20
Let us have a look at cloud service models, beginning with infrastructure as a service.
In the infrastructure as a service model, the capability provided to the consumer is to provision
processing, storage, networks, and other fundamental computing resources where the consumer
is able to deploy and run arbitrary software, which can include operating systems and
applications. The consumer does not manage or control the underlying cloud infrastructure but
has control over operating systems, storage, and deployed applications; and possibly limited
control of select networking components (e.g., host firewalls).
21
In the platform as a service model, the capability provided to the consumer is to deploy
onto the cloud infrastructure consumer-created or acquired applications created using
programming languages, libraries, services, and tools supported by the provider. The
consumer does not manage or control the underlying cloud infrastructure including
network, servers, operating systems, or storage, but has control over the deployed
applications and possibly configuration settings for the application-hosting environment.
22
In the software as a service model, the capability provided to the consumer is to use the
providers applications running on a cloud infrastructure. The applications are accessible from
various client devices through either a thin client interface, such as a web browser (e.g., webbased email), or a program interface. The consumer does not manage or control the underlying
cloud infrastructure including network, servers, operating systems, storage, or even individual
application capabilities, with the possible exception of limited user-specific application
configuration settings.
23
levels for all consumers of the public cloud. Public cloud services may be free,
subscription-based, or provided on a pay-per-use model. Public cloud provides the
benefits of low up-front expenditure on IT resources and enormous scalability. However,
some concerns for the consumers include network availability, risks associated with
multi-tenancy, limited or no visibility and control over the cloud resources and data, and
restrictive default service levels.
24
In the private cloud model, the cloud infrastructure is provisioned for exclusive use by a
single organization comprising multiple consumers (for example, business units). It may
be owned, managed, and operated by the organization, a third party, or some
combination of them, and it may exist on or off premises.
A private cloud is a cloud infrastructure that is set up for the sole use of a particular organization.
The cloud services implemented on the private cloud are dedicated to consumers, such as the
departments and business units within the organization. Many organizations may not wish to
adopt public clouds as they are accessed over the open Internet and used by the general public.
When compared to a public cloud, a private cloud offers an organization a greater degree of
privacy, and control over the cloud infrastructure, applications, and data. The private cloud model
is typically adopted by larger-sized organizations that have the resources to deploy and operate
private clouds.
There are two variants of a private cloud: on-premise and externally-hosted. These are described
in the subsequent slides.
25
26
27
In the community cloud model, the cloud infrastructure is provisioned for exclusive use
by a specific community of consumers from organizations that have shared concerns, for
example, mission, security requirements, policy, and compliance considerations. It may
be owned, managed, and operated by one or more of the organizations in the
community, a third party, or some combination of them, and it may exist on or off
premises.
In a community cloud, the organizations participating in the community typically share
the cost of the community cloud service. As the costs are shared by a smaller number of
consumers compared to a public cloud, this option may be more expensive. However, a
community cloud may offer a higher level of control and protection against external
threats than a public cloud.
There are two variants of a community cloud: on-premise and externally-hosted. These
are described next.
28
29
In the externally-hosted community cloud model, the participant organizations of the community
outsource the implementation of the community cloud to an external cloud provider. The cloud
infrastructure is hosted on the premises of the external cloud provider and not within the
premises of any of the participant organizations. The provider manages the cloud infrastructure
and facilitates an exclusive community cloud environment for the participant organizations. Unlike
an on-premise community cloud, the participant organizations can save on the up-front costs of
IT resources.
30
In the hybrid cloud model, the cloud infrastructure is a composition of two or more
distinct cloud infrastructures such as private, community, or public that remain unique
entities, but are bound together by standardized or proprietary technology that enables
data and application portability (for example, cloud bursting for load balancing between
clouds).
There can be several possible compositions of a hybrid cloud as each constituent cloud may be of
one of the five variants discussed previously. As a result, each hybrid cloud has different
properties in terms of parameters such as performance, cost, security, and so on. A hybrid cloud
may change over time as component clouds join and leave. In a hybrid cloud environment, the
component clouds are combined through the use of open or proprietary technology, such as
interoperable standards, architectures, protocols, data formats, application programming
interfaces (APIs), and so on. The use of such technology enables data and the application
portability between clouds. The figure on the slide depicts a hybrid cloud that is composed of an
on-premise private cloud deployed by enterprise Q and a public cloud serving enterprise and
individual consumers in addition to enterprise Q.
31
This module covered infrastructure as a service, platform as a service, and software as a service.
It also covered public cloud, private cloud, community cloud, and hybrid cloud.
32
This module focuses on the actors or entities in a cloud environment and cloud infrastructure of a
cloud provider.
33
A cloud environment consists of a set of actors that have key roles in the realm of cloud
computing. The U.S. National Institute of Standards and Technology (NIST), in its special
publication 500-291, version 2, defines five major actors in a cloud environment. They
are cloud consumer, cloud broker, cloud auditor, cloud carrier, and cloud provider. Each
actor is an entity such as a person or an organization that performs specific functions in
cloud computing. These actors and their interactions with each other are detailed in the
following slides.
34
The figure on the slide shows the interactions between the actors in a cloud environment. A cloud
consumer may request cloud services from a cloud provider directly or via a cloud broker. A cloud
auditor conducts independent audits and may contact the others to collect necessary information.
The cloud carrier is the organization that provides connectivity and access to cloud services. The
subsequent slides will provide detailed information about each actor.
35
A cloud consumer browses the service catalog from a cloud provider, requests the appropriate
service, sets up service contracts with the cloud provider, and uses the service. The cloud
consumer may be billed for the service provisioned, and needs to arrange payments accordingly.
Depending on the service model used by the cloud provider, the services available to and
requested by the consumers can be different as shown on the slide.
For infrastructure as a service, consumers access virtual machines, network-accessible
storage, network infrastructure components, and other fundamental computing
resources, on which consumers can deploy and run arbitrary software. The consumers of
infrastructure as a service can be system developers, system administrators, and IT
managers who manage services for IT infrastructure operations. Consumers are billed for
the amount of infrastructure resources consumed.
For platform as a service, cloud consumers employ the tools and execution resources
provided by the cloud providers for the purpose of developing, testing, deploying, and
managing applications hosted in a cloud. Platform as a service consumers can be
application developers who design and implement application software, application
testers who run and test applications in various clouds, application deployers who publish
applications into a cloud, and application administrators who configure and monitor
application performance on a platform. Consumers can be billed by the number of
consumers, the type of resources consumed by the platform, or the duration of the
platform usage.
The software as a service consumers can be organizations that provide their members
with access to software applications, end users who directly use software applications, or
software application administrators who configure applications for end users. The
consumers access and use applications on demand, and can be billed on the number of
consumers, the time in use, the network bandwidth consumed, or the amount of data
stored.
36
Let us have a look at the steps followed by a cloud consumer to request or order cloud services.
A service catalog typically provides a link such as a hypertext or hyperlink button to request a
service. After clicking the designated link, a consumer is commonly asked to submit a web form
with a few drop-down menus, check boxes, radio buttons, and text boxes to describe the required
resources, their configurations, usage of service, and so on. The providers usually make effort to
simplify the form for consumer use, abstracting the underlying resource allocation details. For
example, a platform as a service consumer may specify consumers application requirements and
database usage while requesting a database service from a provider. This high-level service
request is translated into its constituent resource requests such as number of virtual machines,
amount of memory, operating system, and database configuration. A consumer must also agree
to the contract terms associated with the selected service before submitting the form to complete
the service ordering.
The slide shows a partial view of the web form for ordering EMCs private cloud database service.
37
The U.S. National Institute of Standards and Technology defines a cloud broker as an entity
that manages the use, performance, and delivery of cloud services, and negotiates
relationships between cloud providers and cloud consumers. A cloud consumer may
request cloud services from a cloud broker, instead of contacting a cloud provider
directly. The cloud broker acts as an intermediary between cloud consumers and
providers, helps the consumers through the complexity of cloud service offerings, and
may also create value-added cloud services.
The National Institute of Standards and Technology states that a cloud broker provides services in
three categories: service intermediation, service aggregation, and service arbitrage.
In service intermediation, a cloud broker enhances a given service by improving some specific
capability and providing value-added services to cloud consumers. Some improvement in the
capability include access management of cloud services, identity management, performance
reporting, and security enhancement.
In service aggregation, a cloud broker combines multiple cloud services into one or more new
services. The broker provides data and service integration and ensures the secure data movement
between the cloud consumer and multiple cloud providers. Once established, such brokered
services are usually fixed and do not change often.
Service arbitrage is similar to service aggregation, with the exception that the services being
combined may vary. A cloud broker has the flexibility to choose services from multiple service
providers. For example, a broker may provide multiple e-mail services through a common
interface, wherein the number and type of e-mail services may vary.
38
According to the U.S. National Institute of Standards and Technology, a cloud auditor is a party
39
A cloud carrier acts as an intermediary that provides connectivity and transport of cloud services
between cloud consumers and cloud providers. Cloud carriers provide access to consumers
through network, telecommunication, and other access devices. The distribution of cloud services
is normally provided by network and telecommunication carriers or a transport agent. A transport
agent refers to a business organization that provides physical transport of storage media such as
high-capacity hard drives. For example, a cloud carrier organization may be responsible for
enabling private or virtual private network connections between cloud consumers and cloud
providers or between a cloud providers data centers. Further, if consumers use the Internet to
connect to cloud services, then the cloud carrier is the Internet Service Provider (ISP). A cloud
provider may establish an agreement with a cloud carrier to provide services consistent with the
service level offered to cloud consumers.
40
A cloud provider builds and manages the cloud infrastructure required for providing the cloud
services, provisions the services at agreed-upon service levels, and protects the security and
privacy of the services. Let us have a look at the structure of a generalized cloud infrastructure.
A cloud infrastructure can be partitioned into five logical layers in which the upper layer has a
dependency on the lower layer. The five layers in the cloud infrastructure are physical layer,
virtual layer, control layer, service orchestration layer, and service layer. Each of these layers
groups a set of elements that may exist in a cloud computing environment, their
continuity, security, and service management. Business continuity and security functions specify
various activities and processes that are required to offer reliable and secure cloud services to the
consumers. Service management function specifies various activities and processes that enable
the cloud administrations to meet the business requirements and the service level objectives
(SLO) of the provider. These layers and cross-layer functions of cloud infrastructure are described
in the following slides.
41
The physical layer comprises compute, storage, and network resources, which are the
fundamental physical computing resources that make up a cloud infrastructure. Physical compute
systems may host the applications that a provider offers as services to consumers. The compute
systems also run the software used by the provider to manage the cloud infrastructure and to
deliver services. A cloud provider may also offer compute systems to consumers for hosting their
applications in the cloud. Storage systems store business data and the data generated or
processed by the applications deployed on the compute systems. Storage capacity may be offered
along with a compute system or separately. Networks connect compute systems with each other
and with storage systems. A network, such as a local area network (LAN), connects physical
compute systems to each other, which enables the applications running on the compute systems
to exchange information. A storage area network (SAN) connects the compute systems to the
storage systems, which enables the applications to access data from the storage systems. If a
cloud provider uses physical computing resources from multiple cloud data centers, then the
distributed computing resources are connected over a network. Networks also enable connections
among clouds as in the case of the hybrid cloud modelto enable them to share cloud
resources and services.
42
Virtual layer is deployed on the physical layer. It comprises virtual compute systems known as
virtual machines (VMs), virtual storage such as LUN, and virtual networks such as virtual LAN
(VLAN). Virtual machines may host the applications that a provider offers as services to
consumers. They also run the software used by the provider to manage the cloud infrastructure
and to deliver services. A cloud provider may also offer virtual machines to consumers for hosting
their applications in the cloud. LUNs store business and consumers data. LUNs may be offered
along with a virtual machine or separately as a storage service. Virtual LANs function as
independent networks and enable or restrict communication between the virtual machines.
Note: While deploying cloud infrastructure, organizations may choose not to deploy virtual layers.
In such an environment, the control layer is deployed over the physical layer and it can directly
request the physical layer to perform an operation. Further, it is also possible that part of the
infrastructure is virtualized and the rest is not virtualized.
43
The control layer comprises the control software that are responsible for managing and controlling
the underlying cloud infrastructure resources. The control software provide the management
interface for configuring, provisioning, and monitoring resources. On receiving the provisioning
requests from the orchestration layer, it interacts with appropriate virtual and physical layer
components. Through the interaction, the control software enable provisioning of IT resources for
cloud services. It also enables the sizing of resource pools and the allocation of resources from
the pools to fulfill the service requests. Additionally, it provides information about provisioned or
consumed resources by services, which is required to generate bills.
44
45
46
The service layer comprises the self-service portal, which is the access (usually web-based) point
to a cloud. The self-service portals are hosted on one or more (for redundancy and workload
balancing) compute systems, called portal servers. Portals are created using specialized
development tools, called portal software. The portal software enables a provider to design and
publish the self-service portal. A consumer may use the uniform resource locator (URL) of the
self-service portal to logon to the portal.
The self-service portal presents the service catalog and the cloud interfaces. The service catalog
lists and describes the service offerings along with their attributes, service level, terms and
conditions for provisioning, and prices. It allows a consumer to request or order a service
in a self-service way. Cloud interfaces are the management interface and the functional
interface of rented services. The management interface is a self-service interface that
enables consumers to control their use of rented services. For example, a consumer can
monitor, modify, scale, start, and stop rented services using the management interface. The
functional interface enables consumers to perform computing activities using service functions.
The graphical user interface (GUI) of a business application offered as a service is an example of
the functional interface. The self-service portal is also accessed by the cloud administrators to
manage the cloud infrastructure.
47
Deploying redundancy at both the cloud infrastructure component level and at the site (data
center) level to avoid single point of failure.
Deploying data protection solutions such as backup and replication and automating them as
much as possible.
Implementing an automated cloud service failover from one service availability zone to
another.
Architecting resilient cloud applications so that they are immune against failure of one or more
application modules and continue the operation without any downtime.
48
Cloud security includes all the administrative and technical mechanisms that are necessary for
mitigating security threats and providing a secure cloud environment. Administrative mechanisms
include security and personnel policies or standard procedures to direct the safe execution of
various operations. Technical mechanisms are usually implemented through security tools or
devices deployed on the cloud infrastructure. The technical mechanisms are detailed in the
following slides.
49
Let us have a look at some of the technical security mechanisms. These mechanisms are
implemented at compute, storage, network, and application levels.
Identity and access management is the process of managing user authentication and
authorization. Cloud consumers are authenticated and authorized by the web servers at the cloud
which communicate with the cloud internal or external directory servers to collect user
information. Cloud provider may also use federated identity management (FIM) for
authentication. Federated identity management involves exchanging identity attributes between a
cloud provider and an identity provider in a secure way. This enables the cloud providers to offer
services without implementing their own authentication system. Furthermore, the implementation
of multi-factor authentication helps authenticating a consumer with more than one factor.
Consumers access to the cloud is granted only when all the required factors are validated.
Role based access control helps restricting access to authorized users, based on their
respective roles. A role may represent a job function. For example, a user having tenant
admin role can create and remove tenant users within a tenant organization. However, a user
having tenant user role can only access the assigned cloud services. Cloud administrators too,
depending on their role, can monitor tenant resource configuration and status and may change
the settings.
An intrusion detection and prevention system (IDPS) detects and stops events that can
A virtual private network (VPN) can be used to provide a consumer a secure connection
to the cloud resources. It is also used in a hybrid cloud, externally hosted private cloud,
or community cloud environment to provide a secure site-to-site connection.
Firewalls can be used in a DMZ configuration which filters information based on IP address, port
ID, protocol, etc.
50
representations may still reside in the cloud infrastructure. An attacker may perform
unauthorized recovery of consumers data to gain confidential information. Shredding
techniques such as overwriting and degaussing help in mitigating such a risk.
Port binding limits the devices that can be attached to a specific switch port. In an
Ethernet network, for example, port binding maps the MAC address and IP address of a
compute system to a specific switch port. The switch forwards a packet received from the
port only if the source MAC address and IP address carried in the packet have been
bound to the port.
VLAN and VSAN ensure security by providing isolation of data over a shared infrastructure. They
ensure secure separation of network traffic of a consumer from other consumers.
Hypervisor, virtual machine, operating systems, and application can be hardened by installing
current updates or patches and eliminating non-essential utilities which are vulnerable to attacks.
51
The U.S. National Institute of Standards and Technology describes that the cloud service
management includes all of the service-related functions that are necessary for the management
and operation of those services required by or proposed to cloud consumers.
The cloud service management aligns the creation and delivery of cloud services to the providers
business objectives and to the expectations of consumers. It is performed by the administrators
of providers organization. Cloud service management performs two key functions service
portfolio management and service operation management.
Service portfolio management defines the suite of service offerings, aligning it to the providers
strategic business goals. Cloud administrators responsible for service portfolio management make
decisions to deliver those services that provides value and strategic advantage to the provider.
They provide guidelines on how these services will be designed, implemented, supported, and
priced. They also make investment decision on services and ensure that services are delivered in
the most cost-effective manner and as quickly as possible.
Service operation management maintains cloud infrastructure and deployed services, ensuring
that services and service levels are delivered as committed. Ideally, service operation
management should be automated. To enable zero-touch service operation management,
organizations typically deploy cloud service management tools. These tools automate many
service operation management activities and their functions are programmatically integrated
through orchestrated workflows.
52
53
This module focuses on various cloud standards for portability, interoperability, and security.
54
Cloud computing has been a matter of concern to many, largely because of portability and
interoperability constraints and security worries. The presence of numerous cloud providers doing
different tasks differently makes it difficult for consumers to compare and evaluate cloud
offerings. Standardization enables buyers, sellers, consumers, and regulators to have confidence
that products, services, processes, and systems meet specific requirements. It establishes
conformity to specific feature set or quality level, which helps mitigating the portability,
interoperability, and security concerns. The following slides describe various portability,
interoperability, and security standards in cloud computing.
55
Portability in cloud means the ability to migrate data and application from one cloud to another
without the need to recreate data and modify applications significantly. Standardization of cloud
interface helps porting applications and data from one cloud provider to another without vendor
lock-in issues and at an acceptable cost. Let us discuss some of the portability standards,
beginning with Topology and Orchestration Specification for Cloud Applications or TOSCA.
The Topology and Orchestration Specification for Cloud Applications is developed by Organization
for the Advancement of Structured Information Standards (OASIS). It standardizes the language
to define a cloud service. The standard defines both service structure and operational behavior of
the service independent of any particular cloud provider or hosting technology. The structure of a
service is modeled in a topology graph, which includes nodes or service components and their
relationships. For example, a business application is hosted on a web server, the web server is
hosted on an operating system, which in turn is hosted on a virtual machine. The operational
behavior of a service is specified as plans, which are workflows for orchestrating operations such
as deployment, modification, patching, and termination of services. Both the topology and plans
are portable and can be interpreted by compliant cloud environments. This facilitates portable
deployment of services to any compliant cloud.
56
Open Virtualization Format or OVF defined by the Distributed Management Task Force (DMTF) is
an open standard for packaging and distribution of virtual appliances. Virtual appliances are
preconfigured virtual machines that are ready to run on a hypervisor and typically includes a
preinstalled guest operating system and an application software to be run in the virtual machine.
The standard enables packaging and deployment of services as virtual appliances and facilitates
portability between various cloud platforms. The package includes metadata about virtual
machines such as the number of processors and amount of memory required to run applications,
and network configuration information. Metadata information can be used by a cloud platform to
deploy a service. The package may also contain digital signatures to ensure the integrity of the
virtual machines being deployed along with licensing information in the form of a End User
License Agreement.
57
Interoperability in cloud means the ability to communicate, run software, and transfer data
among multiple clouds. Standardization of cloud interface allows consumers to use their data and
applications across multiple clouds. Let us discuss some of the interoperability standards,
beginning with Open Cloud Computing Interface.
The Open Cloud Computing Interface (OCCI) defined by the Open Grid Forum is a set of
specifications for infrastructure-as-a-service management interface. The specifications can be
applied to implement a vendor neutral interface for managing compute, network, and storage
resources provided as a service. The specification can also be extended to support platform-as-aservice and software-as-a-service management interfaces.
Cloud Infrastructure Management Interface (CIMI) defined by Distributed Management Task Force
specifies a standard management interface for infrastructure-as-a-service offerings that allows
consumers to manage their resource usage. The standard allows interoperability between
consumers and multiple providers that offer compliant interface for managing cloud infrastructure,
thereby helps avoiding vendor lock-in.
58
Cloud Data Management Interface (CDMI) defined by the Storage Networking Industry
Association (SNIA) provides standard for both the management interface as well as the functional
interface of a storage service. The functional interface enables an application to create, retrieve,
update, and delete data from the cloud. The management interface can be used for managing
containers of data, user accounts, access control, and billing.
Cloud Application Management for Platforms (CAMP) defined by the Organization for the
Advancement of Structured Information Standards (OASIS) is under development. It defines a
management interface standard for platform-as-a-service that can be used to package, deploy,
and manage applications onto any compliant cloud platform.
59
Let us have a look at some of the cloud security standards, beginning with Cloud Controls Matrix
(CCM).
The Cloud Controls Matrix defined by the Cloud Security Alliance (CSA) provides a controls
framework that gives detailed understanding of security concepts and principles that are aligned
to the Cloud Security Alliance guidance. The foundations of the Cloud Controls Matrix is based on
other industry-accepted security standards, regulations, and controls frameworks such as the ISO
27001, ISO 27002, ISACA COBIT, PCI, and NIST. The Cloud Controls Matrix, published in Excel
spreadsheet format, provides the organizations the needed structure related to information
security in a cloud. It seeks to normalize security expectations, cloud taxonomy and terminology,
and security measures implemented in the cloud.
60
The U.S. National Institute of Standards and Technology, in its special publication
Guidelines on Security and Privacy in Public Cloud Computing (NIST SP 800-144)
provides an overview of public cloud computing and the security and privacy challenges. The
document discusses the threats, technology risks, and safeguards for public cloud environments,
and provides the insight needed to make informed decisions on their treatment. The guidelines
provided in the document are aimed at the cloud consumers which states what consumers should
consider of a potential cloud provider.
Carrying on with its cloud mission, the National Institute of Standards and Technology
released its special publicationCloud Computing Security Reference Architecture (NIST SP 500299)in draft form for public comments. The document defines a cloud computing security
reference architecture. The reference architecture identifies a set of security components that can
be implemented in a cloud environment to secure the environment, the operations, and the data
migrated to the cloud.
61
The European Network and Information Security Agency or ENISA has published several
documents that provide guidelines and key requirements towards cloud security.
They published Procure Secure: A Guide to Monitoring of security service levels in cloud
contracts to provide guidelines on the procurement and the governance of cloud services. It
breaks down key requirements that a consumer should look for in a cloud provider to ensure strict
adherence to security rules.
They also published a report on governmental clouds with the aim to:
Assist member states in implementing a national cloud strategy
Establish an understanding of current barriers and suggest solutions to overcome
those barriers
Share the best practices
Moreover, the European Network and Information Security Agency published a paper that
analyses how cloud providers, consumers, and government authorities can set up cloud
security incident reporting schemes.
62
This module covered various cloud standards for portability, interoperability, and security.
63
This module focuses on the integration of social networking, mobile computing, and big data
analytics with cloud computing.
64
The IT industry is in the midst of a massive technological and structural shift toward what
industry analyst IDC calls the third platform. The first platform was based on the mainframe
computers. The second was personal computers and client/server model which dominated the IT
landscape over the past few decades. The third Platform is built on mobile computing, social
networking, cloud services, and big data analytics technologies. Among the four pillars: cloud,
mobile, social, and big data, cloud is the core and key enabler of the third platform
computing. Cloud provides the platform that supports the accessibility, agility, and scale
required by the rise of social, mobile, and big data applications. Although, these
technologies are disruptive on their own, together they are revolutionizing business and
creating new value. According to Gartner: Without cloud computing, social interactions
would have no place to happen at scale, mobile access would fail to be able to connect to
a wide variety of data and functions, and information would be still stuck inside internal
systems. The following slides describe the integration of social, mobile, and big data
with cloud computing.
65
A social network interconnects users through a variety of relationships such as friends and
followers. Through these relationships users share content and messages, and create
communities with similar interests. Social networking means forming connections between one
user with another online using social networking websites. There exist a number of social
networking websites such as the popular Facebook, LinkedIn, and Twitter. Social networks have
seen massive growth, with millions of users participating across various social networking
websites. As the social networks grow, the amount of IT resources needed to provide social
networking services also grow and cloud computing remains as a viable solution to meet those
needs.
66
Cloud computing and social networking can be used together. Their integration helps social
networking services to take advantages of cloud computing. Let us discuss a few scenarios where
cloud computing and social networking have intermingled.
First, social networking websites can be hosted on a cloud platform.
Second, a cloud can provide storage space for storing and sharing media uploaded by the users.
Third, social applications related to social networking services can be developed and hosted on a
cloud. These applications are created by third-party developers. They can be integrated to your
page in a social networking site and users who come to your page can also access them. Social
applications cater to specific users interests and create a social media framework for the
applications.
Finally, cloud infrastructure can be created through social network constructs. The cloud
infrastructure in a social network environment is called social cloud. A social cloud provides a
resource and service sharing framework that uses relationships established between users of a
social network. For example, a social storage cloud can be used to store and share information
among friends.
67
68
Mobile computing combined with cloud computing creates a new architecture called mobile cloud
computing. In this architecture, data processing and data storage happen outside of mobile
devices. A cloud infrastructure is used to perform computing-intensive activities and to store data
of cloud-based mobile applications. Cloud-based mobile applications are accessible to mobile
users through applications mobile interface.
Mobile devices connect with a base station or a hotspot by a radio link such as 3G, 4G, Wi-Fi, and
GPRS. The base station establishes the connections between the mobile devices and the mobile
network. The mobile network delivers mobile user requests to a cloud through the Internet. Users
requests are processed in the cloud that provides requested cloud services to the users.
Mobile cloud computing provides benefits to the resource-constraint mobile devices to utilize
cloud resources. It also helps mobile devices to access centrally placed data from wide locations
and scale their resource usage on-demand. Technologies such as HTML5, CSS3, hypervisor for
mobile devices, and web 4.0 are expected to drive adoption of mobile cloud computing.
69
Big data is commonly characterized by four Vs: Volume, Variety, Velocity, and Value.
According to Gartner, big data is high-volume, high-velocity, and high-variety information assets
that demand cost-effective, innovative forms of information processing for enhanced insight and
decision making. Big data technologies are designed to economically extract value from a very
large volumes of a wide variety of data by enabling high-velocity capture, discovery, and analysis.
Big data analytics involves capturing, organizing, and analyzing big data that can reveal insights
hidden previously because of the amount of effort and spending required to extract them. With
the right big data analytics tools in place, an organization can uncover hidden patterns, unknown
correlations, market trends, customer preferences, and other useful information. This helps the
organization to make informed decisions to boost its sales, increase efficiency, and improve
operations, customer service, and risk management.
70
The cloud is an enabler for big data analytics. It can offer analytics tools, storage, compute, and
database that support processing of large volume, high velocity, and varied types of big data.
Cloud-based data analytics provide capabilities to capture and prioritize big data from trusted
sources, perform data integration and analysis in real-time or near real-time, and manage data as
per governance policies.
Cloud computing is a natural fit for big data analytics. Big data environments require clusters of
nodes that can scale up, down, out, or in as needed to support the processing of big data. A cloud
supports rapid elasticity and on-demand resource provisioning. It can offer massive databases
and advanced analytics tools that can drive business value. As a result, IT organizations are
increasingly looking to cloud computing as a solution to support their big data projects.
71
This module covered the integration of social networking and cloud computing, the integration of
mobile computing and cloud computing, and the integration of big data analytics and cloud
computing.
72
This module focuses on EMCs hybrid cloud solution, EMCs cloud advisory services, VCE Vblock,
VMware vCloud Suite, VMware vCloud Air, and RSA security solutions.
73
The EMC hybrid cloud solution unites the full strengths of private and public cloud. It integrates
the best of EMC and VMware products and services, and empowers IT organizations to accelerate
implementation and adoption of hybrid cloud infrastructure. The solution caters to customers who
want to preserve their investment and make better use of their existing infrastructure and to
those who want to build out new infrastructures dedicated to a hybrid cloud.
The hybrid cloud solution enables:
On-demand access to and control of network bandwidth, servers, storage, and security
Provisioning of backup, continuous availability, and disaster recovery services as part of the
cloud service provisioning process
The figure on the slide shows the key components of the solution.
74
EMC cloud advisory services help organizations to accelerate journey to the cloud. With the EMC
cloud advisory services, an organization can achieve the right mix of private, public, and hybrid
cloud models for their key application workloads. EMC provides a cloud application strategy that is
specific to the needs and activities of an organization. By providing the strategy, the advisory
services perform the following activities:
Highlight the business process support and service level requirements for key application
workloads
75
VCE company, formed by Cisco and EMC with investments from VMware and Intel, accelerates the
adoption of converged infrastructure. A converged infrastructure combines multiple hardware and
software components into a single package. The package is pre-configured and offers centralized
management of all components within the package.
VCE, through Vblock systems, delivers the converged infrastructure that provides a platform for
building a cloud. Vblock systems combine compute, storage, network, virtualization, security, and
management components into a single package. Vblocks are pre-architected, preconfigured,
pretested and have defined performance and availability attributes. Rather than customers buying
and assembling individual IT infrastructure components, Vblock provides a validated solution and
is factory-ready for deployment and production. This saves significant cost and deployment time
associated with building a cloud infrastructure.
The figure on the slide shows key components of a Vblock 720 system that are integrated into a
single package. VCE also provides various cloud services as listed on the slide. These services
accelerate the planning, design, and implementation of private, public, or hybrid clouds. VCE
proven methodologies help to reduce cost, risk, and complexity of the transformation journey to
the cloud.
76
VMware vCloud Suite is an integrated offering for building and managing a VMware vSphere
private cloud. It provides operational efficiency, infrastructure agility, and operational control,
which can lower cost, reduce downtime, and increase productivity for businesses.
The vCloud Suite contains several products, such as:
vCloud Networking and Security that provides networking and security for a virtualized
compute environment
vCenter Operations Management Suite that helps in performance, capacity, and configuration
management
IT Business Management Suite that enables financial management and budget analysis
77
vCloud Air is a hybrid cloud service operated by VMware. It is built on the VMware vSphere
platform. vCloud Air makes it possible for users to migrate virtual machines and workloads both in
and out of VMwares public cloud using vSphere tools. It enables users to extend their on-premise
private cloud into the public cloud with ease.
vCloud Air is available in three primary infrastructure-as-a-service types, with more expected in
future. The primary service types are dedicated cloud, virtual private cloud, and disaster recovery.
78
RSA, the security division of EMC, offers several security solutions that help organizations to
mitigate the risk of operating in a cloud environment. Let us have a look at some of the
key security solutions.
79
RSA Data Loss Prevention (DLP) solution discovers and monitors the location and flow of sensitive
data such as credit card data, personally identifiable information (PII), and corporate intellectual
property. Once it locates sensitive data, it can alert and educate designated personnel and
enforce controls to prevent loss of sensitive data through email, web, PCs, smartphones, and so
on, based on customizable policy.
RSA Security Analytics helps security analysts to detect and investigate threats often missed by
other security tools. It combines big data security collection, management, and analytics; full
network and log-based visibility; and automated threat intelligence. This enables security analysts
to better detect, investigate, and understand threats that they often could not easily see or
understand before.
RSA ECAT is an endpoint threat detection solution. It exposes malware and other threats,
highlights suspicious activity for investigation, and instantly determines the scope of a
compromise. These help security teams to stop advanced threats faster.
80
This module covered EMCs hybrid cloud solution, EMCs cloud advisory services, VCE Vblock,
VMware vCloud Suite, VMware vCloud Air, and RSA security solutions.
81
This module focuses on cloud computing forecasts and CIO sentiment survey conducted by IDC.
82
Cloud computing has proven to be one of the disruptive technology and its adoption is expected
to grow in future. Here, we have some cloud computing forecasts and market estimates.
Industry analyst Gartner says cloud computing will become the bulk of new IT spend by 2016.
According to Gartner, 2016 will be a defining year for cloud as private cloud begins to give way to
hybrid cloud, and nearly half of large enterprises will have hybrid cloud deployments by the end of
2017.
According to IDC, worldwide spending on public IT cloud services will reach nearly $108 billion by
2017. Over the forecast period of 2013 to 2017, public IT cloud services will have a compound
annual growth rate (CAGR) of 23.5 percent, which is five times that of the IT industry as a whole.
McKinsey and Company in its report Disruptive technologies: Advances that will transform life,
business, and the global economy projects that the total economic impact of cloud technology
could be $1.7 trillion to $6.2 trillion annually in 2025. It says that by 2025 most IT and web
applications and services could be cloud delivered or enabled, and most businesses could be using
cloud facilities and services for their computing resources.
According to Forrester Research, the public cloud market is expected to reach $191 billion by
2020, which is a huge leap from the $58 billion in 2013.
83
In IDCs CIO sentiment survey conducted during 2012, IDC identified a range of investment
priorities for 2013 and beyond. The chart on the slide shows eleven highest rated investment
categories. Of those, five are third platform technologies that include cloud computing. These
technologies are highlighted on this chart with the arrows on the right. Clearly, CIOs have
prioritized third platform technologies by their spending projections.
84
This module covered cloud computing forecasts from industry analysts and position of cloud
computing in IDCs CIO sentiment survey.
85
This course covered the characteristics, benefits, service models, and deployment models of cloud
computing. Next, it covered the entities commonly exist in a cloud environment. Then, it
described the emerging cloud standards for portability, interoperability, and security. It also
covered the integration of social networking, mobile computing, and big data analytics with cloud
computing. Then, it described EMCs products, solutions, and services for cloud computing.
Finally, it covered the prospects of cloud computing.
86