Lecture 1 Intro to Cloud Computing
Cloud Challenges
1. Increased Security Vulnerabilities •Responsibility over data security becomes shared with CSP. •CSP has access to consumer data. •Overlapping trust boundaries from different cloud consumers increases exposure for data loss. •CSP unable to provide higher security mechanisms for both consumers.
Essential Characteristics of Cloud
Ubiquitous Network Access, Rapid Elasticity Location Independant Resource Pooling, Measured Service
Cloud Delivery Models Column Graph
(See Picture)
Cloud Delivery Models Table
(See Picture)
Cloud consumers initiatives in 2020
(See Picture)
Public, Private and Hybrid Clouds
(See Picture)
Relationship between services, uses and types of clouds
(See Picture)
Anything as a Service (XaaS)
Anything as a Service (XaaS) •Collective term that refers to the delivery of the vast number of products, tools and technologies that CSPs deliver to users as a service. •Data as a Service (DaaS) •Desktop as a Service (DaaS) •Disaster Recovery as a Service/Recovery as a Service (DRaaS/RaaS) •Backend as a Service/Mobile Backend as a Service (MBaaS/BaaS) •Backup as a Service (BaaS) •Storage as a Service (STaaS) •Network as a Service (NaaS) •Communications as a Service (CaaS) •Malware as a Service (MaaS) •Security as a Service (SECaaS) •Identity as a Service (IDaaS)
Combined delivery models
CSPs can combine application of the delivery models (IaaS, PaaS, SaaS) for economic reasons or if exceeding capacity or due to legal requirements of data need to be stored in a specific region. E.g., IaaS + PaaS
National Institute of Standards and Technology (NIST) definition of cloud computing:
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."
Evolution of Cloud computing
Cloud represents the knee in the exponential growth curve
Virtualization Software
Hypervisor
Multicloud Model
It is the use of multiple cloud computing services (best-of-breed) in a single heterogeneous architecture. •It aims to eliminate the dependence on any single cloud service provider, by utilizing two or more public and private clouds. •E.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform.
5 Generations of Computer Technology Develoement
Mainframes, Mini-Computers, PCs, Portable/Pervasive Devices and HPC/HTC in Clusters, Grids, and Cloud
Other deployment models:
Multi-Cloud Government Cloud (GovCloud)
Deployment Models of Cloud
Private, Community, Public, Hybrid
Single-tenant
Separate Cloud Storage Devices
Multi-tenant
Shared Cloud Storage Devices
Hybrid Cloud Model
This is a combination of two or more deployment models that use standardized or proprietary technology. •An organization could choose to deploy sensitive data processing to private cloud (on premise /off premise) and less sensitive services to public cloud.
Resiliency
This is another characteristic of cloud computing that provides redundant resources within the same cloud, but in different physical locations, and hence high availability and reliability of applications.
Public Cloud Model
This is the most common deployment model operated by CSPs. •Cloud services are generally offered at a cost or commercialized via advertisements. •CSPs are responsible for the creation and ongoing maintenance of the public cloud and resources.
Enterprise Cloud Strategy
Use Multicloud Model (AWS,GCP,AZURE)
Increased Security Vulnerabilities
Various system attacks and network threats to the cyberspace, resulting 4 types of losses.
Broadband Networks and Internet Architecture
• Cloud must be connected to a network, this inevitable requirement that forms an inherent dependency on the Internet. • Internet Service Provider (ISP) provide the network service that interconnect via routers network that connect to • Transport layer protocols, such as TCP/IP and UDP protocols facilitate Internet access and communication over LANs/WANs via underlying physical networks such as Ethernet, 4G/5G etc. • Application layer protocols such as HTTPS (web) and SMTP (email) enable data packet transfer over the Internet.
Data Center Technology
• Is a specialized IT infrastructure that houses IT resources, such as servers, database, and software systems. • It has higher levels of redundancy to sustain availability, by way of redundant power, cooling, cabling, connectivity and hardware. • Virtualization technology is used along with DAS, SAN, NAS storage etc.
Multitenant Technology
• Multitenant application enables multiple users (tenants) to access the same application logic simultaneously. • Each tenant has its own view of the application it uses, administers, and customize as a dedicated instance. • Tenants can customize the features of the application, such as User Interface, Business Process, Data model and Access Control. • Common characteristics of multi-tenant applications include: • Usage Isolation • Data Security • Recovery • Application Upgrade • Scalability • Metered Usage • Data Tier Isolation
Two type of virtualization
• Operating System-Based Virtualization: is the installation of virtualization software in a pre-existing operating system, which is called the host-operating system. • Hardware-Based Virtualization: is the installation of virtualization software directly on the physical host hardware to bypass the host-operating system, which is engaged with operating system based-virtualization.
Virtualization Technology
• Virtualization is the process of converting a physical resource into a virtual resource. • Virtualization provides: • Hardware independence - by conversion to emulated software based copies and can be moved to other virtual hosts. • Server consolidation - share one physical server with different virtual servers and reduce server footprint. Supports Resource pooling and elasticity, scalability, and resiliency. • Resource replication - virtual server are created as virtual disk image and can be replicated.
Web Technology
• Web technology is used for implementation and management of cloud. • Three fundamentals elements comprise the technology architecture of the web. • Uniform Resource Locator (URL): a standard syntax used as an identifier to point to web based resources. • Hypertext Transfer Protocol (HTTP): is the primary communication protocol used in the Web. • Markup languages (HTML/XML): provide a lightweight means used to expressing Web pages (HTML) and definition of vocabularies used to associate meaning to Web-based data via metadata (XML). • Applications that use Web browser are considered web applications.
Multi-Regional Compliance and Legal Issues.
•CSPs could have a data-center in another country, but consumers may not be aware of where their data resides. •This poses legal concerns if the government regulations specify for data privacy, that data needs to be kept within country. •Accessibility and disclosure of data to certain governments is another issue, as some countries have regulations to access data, if a consumer's data is located in that country.
Cloud Enabling Technologies
1. Broadband Networks and Internet Architecture 2. Data Center Technology 3. Virtualization Technology 4. Web Technology 5. Multitenant Technology 6. Service Technology
Future Trends in Cloud
1. Multicloud •The use of best-of-breed Cloud services across multiple public clouds. 2. Enhanced Security •Improvements in threat detection and prevention capabilities. •Adoption of services such as Identity as a Service (IDaaS) for single-sign-on (SSO), including Malware as a Service (MaaS) and Security as a Service (SECaaS). •Cloud access security brokers (CASBs) that sit between users and Cloud applications, andprovide consolidated multiple types of security and policy enforcement (authentication, single sign-on, authorization, credential mapping, device profiling, data security (content inspection, encryption, tokenization), logging, alerting and malware detection/prevention). 3. Anything as a Service (XaaS) •Rapid adoption of Anything as a Service from Desktop as a Service (DaaS) for virtual-desktops to Unified communications as a service (UCaaS) and more. 4. Increased & centralized storage, Data analytics and AI •CSPs will be offering larger-capacity storage to companies to be able to store large data sets and perform analytics. •This will allow companies to gain valuable insights from the data, which would facilitate informed decision making to improve efficiency and achieve organizational goals. 5. Internet of Things (IoT) to Internet of Everything (IoE) •Exponential development in IoE for machine to machineinteractions, data processes and human interactions. •Imagine RFID, GPS, Sensory and other devices interacting. •This differs from IoT, where dumb-devices were Internet-enabled to be remotely monitored or controlled. E.g.,NestThermostat, Amazon Echo. •This leads to Fog computing. •5G: •Quantum computing:
Benefits of Cloud
1. Reduced Investments and Proportional Costs •No upfront capital expenditure for hardware, software or systems. •No additional electricity costs for powering servers or cooling. •No need to recruit additional IT staff to mange systems •Pay-as-you-go or pay-per-use model. •Common measurable benefits: •Access to computing resources on a short-term basis •Access to unlimited computing resources when needed •Ability to add or remove resources at fine-grained level, such as storage disk space. •Abstraction of infrastructure, so applications are not locked into devices or locations and can be easily moved 2. Increased Scalability •Vertical Scaling is the replacement of an IT resource by another with higher/lower capacity. •This is less common in cloud environments. •Replacing an IT resource with a higher capacity is referred to as scaling up and replacing with a lower capacity is scaling down. •An IT resource (a virtual server with two CPUs) is scaled up by replacing it with a more powerful IT resource with increased capacity for data storage (a physical server with four CPUs). 3. Increased Availability and Reliability •Availability and reliability are directly associated with tangible business outcomes -revenue and customer confidence etc. •Cloud has the ability toincrease availability to minimize or eliminate downtime, andincrease reliability to minimize the impact of runtime failure. •CSPs provide resilient IT resources to guarantee high-availability. •Increased reliability of the cloud environment provides extensive failover.
Five Cloud Characteristics (as per NIST)
1.On-demand self-service: A cloud consumer can unilaterally provision and access cloud-based resources, as needed without requiring CSP assistance. 2.Broad network access: This represents ubiquitous access over the network via thin or thick client from any device (e.g., mobile phones, laptops, desktops). 3.Resource pooling: A CSP pools resources to serve multiple cloud consumers using a multi-tenant model (isolating each from the other), with resources dynamically assigned and reassigned as per consumer demand. 4.Rapid elasticity: The ability to scale resources rapidly outward or inward as required or to meet a demand (horizontal scaling in public clouds). 5.Measured service: Represents the ability to monitor, control and report the usage of the resources for both CSPs and cloud consumer. CPSs charge only the resources actually used -pay-as-you-go or pay-per-use model.
Top Breaches in 2020
2,935 publicly reported breaches in Q3 2020 -8.3 billion records stollen. 1. CAM4 - 10.88 billion records (May 2020) 2. Advanced Info Service (AIS) - 8.3 billion records (May 2020) 3. Keepnet Labs - 5 billion records (March 2020) 4. BlueKai - billions of records (June 2020) 5. Whisper - 900 million records (March 2020) 6. Sina Weibo - 538 million records (March 2020) 7. Estée Lauder - 440 million records (January 2020) 8. Broadvoice - 350 million records (October 2020) 9. Wattpad - 268 million records (June 2020) 10. Microsoft - 250 million records (December 2019, disclosed in January 2020) • Honorable mentions include: •Facebook's data breach -267 million records •Instagram, TikTok, and YouTube breach -235 million records •Cit0Day -226 million records •Unprotected Google Cloud Server breach -201 million records •MGM -142 million records •Barnes & Noble -unknown
2. Broadband Networks and Internet Architecture
Packets traveling through the Internet are directed by a router that arranges them into a message.
Service Technology
Service technology is a keystone foundation of cloud computing that formed the basis of the "as-a-service" cloud delivery models. •Web services (1stgeneration) are represented by the following industry standards. •Web Service Description Language (WSDL) -This is used to create a WSDL definition that define application programming interface (API) of a web service. •XML Schema Definition Language (XML Schema) -These are created to define the data structure of the XML based input/output messages for Web Services. •Simple Object Access Protocol (SOAP) -This is used for request and response messages exchanged by Web services. •Universal Description, Discovery and Integration (UDDI) -This regulates service registries in which WSDL definitions can be published as part of service catalog. •REST Services are designed according to a set of constraints that shape the service architecture to emulate properties of the Web, resulting in the use of core Web technologies. •REST design constrain include, client-server, stateless, cache, Interface/Uniform contrast, Layered system and code on-demand. Service Agents provide even-driven runtime processing than can be applied within functional areas within clouds. •Service middleware, such as enterprise service bus (ESB) and orchestration platforms can be deployed on clouds.
Delivery models of Cloud
Software as a Service(SaaS) , Platform as a Service(Paas) , Infrastructure as a Service (IaaS)
Foundational Elements of Cloud
Virtualization, Grid Technology, Service Oriented Architecture, Browser as a Platform, Distribution Computing, Broadband Networks, Free and Open Source Software, Service Level Agreements, Autonomic Systems, Web 2.0, Web Application Framework, Utility Computing
Platform as a Service (PaaS)
•Cloud service providers offer application or development platforms that customers can install and use to run their own applications •These are pre-defined, "ready-to-use" environments that are already deployed and configured •This ready-made environment has products and tools to support an entire delivery life-cycle of custom applications. •Consumers who want to extend on premise environment or substitute it to the cloud, or those who want to become cloud providers. •A cloud consumer is accessing a ready-made PaaS environment. •The question mark indicates that the consumer is not aware about implementation details of the platform.
Reduced Operational Governance Control
•Consumers are allotted lower level of governance control over the IT resources. •This leads to risks associated with how CSPs operate and external connections required for communications between the cloud and consumer. •Longer geographic distance between consumer and CSP would increase latency and bandwidth constraints.
Fog computing or Edge Computing
•Fog computing extends the concept of cloud computing to the network edge, especially for IoTand other applications that require real-time interactions. •It's another network layer that connects the outer edges of where data is created and analyzed, and to where it will eventually be stored in the cloud.
Government Cloud
•GovCloudrefers to cloud services that are developed specifically for government organizations and institutions, based on a framework and set of guidelines for sourcing and deploying cloud services. •For example, the U.S. facilitates the acquisition and implementation of cloud services under formal standards and procedures, with prime emphasis on security and interoperability. •There are several guidelines under this program such as the Federal Cloud Computing Strategy, the Federal CIO's 25-Point Roadmap plan and the NIST Cloud Computing Technology Roadmap. •CSPs offering cloud services need to be Federal Risk and Authorization Management Program (FedRAMP) compliant, which is an assessment and authorization process used by U.S. federal agencies ensure security.
Limited Portability Between Cloud Providers
•Lack of industry standards prevents consumers from moving from one CSP to an another. •Consumers that have custom built solutions with dependencies to proprietary environments have challenges migrating.
Software as a Service (SaaS)
•Software/applications are hosted by cloud service providers on their infrastructure and offered to customers over the Internet. •This delivery model is used to make a reusable cloud service widely available. •Consumer has very limited control over SaaS implementations. • The cloud service consumer is given access to the cloud service contract, but not to any underlying IT resources or implementation details. • The question mark indicates that the consumer is not aware about implementation details of the platform.
Community Cloud Model
•The cloud infrastructure is shared by several organizations that have shared polices, goals, and missions. •It may be jointly owned by community members or by a third-party CSP that provisions a public cloud with limited access.
Infrastructure as a Service (IaaS)
•This is the same as hardware-as-a-service and is the most popular service for customers. •CSPs offer virtual infrastructure solutions such as memory, CPU, storage, power, and other "raw" IT resources. •IT resources are typically virtualized and packaged into bundles that simplify runtime scaling and customization, but not pre-configured. •This environment provides consumers with high level of control and responsibility, over its configuration and utilization. •Consumer using virtual server in IaaS environment. •Consumer is provided with contractual guarantees, such as capacity, performance and availability
Private Cloud Model
•This model is for organizations that centralize access to IT resources by different parts, locations, or departments and can be on premise or off premise. •The organization is both the cloud consumer and provider, and can be managed by a third party or by the organization.