Cloud Computing
History of computing system
1. Mainframe <--> Terminal (no harddisk / OS)
2. Server <--> Switch <--> Clients
3. Cloud <--> Thin Client(Monitor)
Famous Cloud Provider: Amazon, Google, Microsoft
Service provided by Cloud Provider: computing, storage, software...
Definition
1. a paralleled and distributed computer system consisting of interconnected and virtuallised computers that are dynamically provisioned and presented as one or more unified computing resource based on Service Level Agreement(SLA) between service provider and consumers.
Description: distributed computer->can share between computer, co-operation together.
2. Data center hardware and software that provide service to users.
3. By NIST(National Institute of Standard and Technology). Cloud computer is a pay-per-use model. For convenient, on-demanded network access to a shared pool of computing resource(eg. network, servers, storage, application, services) that can be rapidly provisioned and released with minimum effort or service provider interaction.
4. Financial or Accounting aspect
Cloud computing: Capex --> Opex
Capex: Capital Expenditure
Opex: Operation Expenditure
Dynamical Scaling --> Dynamical Increase / Decrease capacity
Without Cloud: IT manager need plan for peak
With Cloud: IT manager use peak in peak time.
Cloud computing structure
1. Internet technology web service Advanced stage
2. Virtualization hardware Advanced stage
3. Grid computing and utility Begin stage
4. Data center automation/Automatic computing Begin stage
Cloud Advantage
1. No upfront cost. Do not need to setup a LAN, buy hardware, software, etc
2. No need to hire IT staff on site
3. Less space for computing equipment
4. Pay for what you use(shared resource with other cloud user)
5. Data center is different locations, access network from anywhere, anytime
6. Self-service(getting service is easy through cloud, quick access to cloud resources, dynamic reource control)
7. Can use grid computing(take advantage of the entire network processing power)
8. Elasticity, scalability, bandwidth/resource on demand
9. Better failover capability by cloud provider(backup system of something fail)
10. Economy of scale (more servers reduce the unit price)
Cloud Disadvantage
1. Latency going through internet delay
2. Throughput / bandwidth (limited bandwidth on Internet)
3. If VPN used, shared problem if internet busy (availability issue)
4. Many cloud want you to develop your application around their own data center requirement
5. Trust: Independent of cloud user. Have access to your data
6. Primary and security issue
7. Internet not secure (public) security issue(your data is same location as other in provider data center)
8. Vender lock-in, hard to migration
9. Legal issue in various countries for data access (eg. data center)
10. No standard developed;
11. Cost to move from original network to cloud
12. Cloud service at this time delivered on best-effort basic and the only resources for poor service availabaility is a refaund of service fee.
Cloud Service Model
1. SaaS: Software as a service
a. Online application you use. no need to install on your PC. eg. online email
b. Quick access, self-service
c. Generalised service to meet the need of majority of users
d. The customer does not control OS, Servers, Storages, application configuration or etc. Only use the service.
2. PaaS: Platform as a service
a. It is a service provide managed environment(does not control OS, Servers, Storage, but control application configuration)
b. software developer could host and execute their software without the complication of deploying or configuring servers. eg. purchase server space for web server, facebook platform
3. IaaS: Infrastructure as a service
Offers resourcing(computing, storage, communication) provision of virtual servers.
Customer self-service interface quickly.
eg. Amazon Web Server EC2(Elastic Computer Cloud)
a. customise server
b. start / stop it
c. install software package
d. configure access permission
Cloud Development Model
1. Public Cloud
a. for general public
b. pay as you used
c. Internal data center of a businesss not available to this
d. owned by a company and sell service to users
2. Private Cloud
a. owned and managed by user or outsourcing
b. dedicated to meet the need of an organization
3. Hybird Cloud
a. mixed of 2 or more cloud eg. use private cloud for confidestial data; public cloud for non-sensitive data
b. use private cloud of your network handle normal usage, public cloud deal with the peak overflow
c. use private cloud to meet the need of compliance and security
d. use public cloud to meed the need of cost-effective, elasticity and scalability
4. Community Cloud
a. for organizations have same concerns, missions, security, policy, complicance and etc.
b. can create a cloud that suits them
c. security and compliance are as strong as the weakest member.
Data Center
UPS: Uninterrupted Power Supply
PUE: Power Usage Effectiveness
PUE = Total Facilities Power / IT Equipment Power
Normal Data Center is 2
Advanced Data Center is 1.2
Virtualization
Reduce Electroncity
Hypervisor: seperate the software from hardware
Impact of Virtualization:
1. Reduce the number of server
2. Stroage change from DAS to SAN
3. Reduce the number of cables
4. Reduce the facilities number
5. Lower the cost of managing data and simplify the network management
Grid computing
1. to share the computing resources access geographies and organization
2. increase availability, higher bandwidth, higher CPU
3. if resource on one machine not used, other can use it
Virtual Private Network(VPN)
1. Tunnel through Internet to comment sites or users to each other. eg. connect users (companies) to cloud provider via Internet
2. IPsec for VPN security encrypt data as normal Internet traffic not encrypted
3. VPN release tunnel when connection finished , capacity can be used by other
4. VPN used shared Internet and Internet might be busy. --> Private telecom fibre (lease fibre)
Grid computing benefit
1. Exploiting under utilized resource of machine is busy during peak period(seasonal peak) the job can be given to another machine on the grid
a. application should be executable remotely
b. remote machine must meet the hardware/software requirements imposed by application
2. Parallel CPU capacity
a. A cpu-instensive grid application can be thought of many smaller jobs (subjobs) each executing on different machine (computers)
b. not all jobs can be run in parallel on many computer / servers
c. slip job to independently running subjobs
3. Organization collabaration
organization can share resource, such as database, license, files, applications, devices, software on grid
4. Additional Resource
a user needs more bandwidth, job give to different machine on different location each with their own bandwidth to internet
Resource shared in grid computing
a grid is collection of machine(nodes), resources, members, clients, hosts, engines and etc. Some resource can have restriction, other available to all
1. compulation(CPU) seperate parts of jobs run by different machine(computers) with own CPU
2. storage/storage shared can be memory attached to proconer or secondary storage(hard disk)
a. a big database can span storage among several machines. eliminating max size restriction imposed by some OS.
b. database duplicated to provide redunacy in case of failure
3. communication
a. when connection do not share same communication path, they add to total bandwidth for communication
b. need redundant communication paths if on path fail
4. license
some jobs can be send to special machine if for license reasons(cost) since others can not install software.
5. special equipment
only some machines(need specific requirement) can do some specific jobs, eg. medical image, medical research, military application. Jobs are programs that are executed on apporiate point on grid
Finally, the result of this jobs must be collected and appropiately assembled to produce find output.
Management Grid
There is a component that keeps track of resource available of the grid. This will be used on where on grid jobs shoud be assigned.
Denial of service: a computer is flooded with packets by hackers, you cannot access server.
Sharding
1. some data for user A in one database, user B in another
2. database replicated for availability
Cloud Bursting
1. your core business inside firewall and overflow to public cloud when high traffic(seasonl high traffic)
2. redirect to public cloud if your resource depleted
Cloud Security
Risk Assessment (How much risk are you prepared to take?)
Risk: fire/disaster/hack/virus/power failure/equipment failure/link failure
Data Protection is the most important --> can not recovery when really lose
Security in cloud
1. loss of governance
2. responsibility ambiguit
who is responsible for what?
3. isolation failure
public cloud may multi-tenancy and shared resource; failure to seperate the usage of storage, memory, routing and even reputation between tenants
4. vender lock-in
dependency on proprietancy services of a particular cloud provider could lead to consumer being tried to the provider
5. compliance and legal risks
investment in archiving ceritification(eg. industry standard or regulatory requirement may be put at risk by migrating to cloud of cloud provider can not provide evidence of their own compliance or if cloud provider does not allow audit by consumer)
6. handling the security incident
detection, reporting and management of security breaches is a concern from consumer(How is done by provider)
7. management interface
customer interface software user to visit the cloud eg. webbrower
8. data protection (most important)
can not recover lost data, lose business, reputation, legal problem...
a major concern is release of sensitive data loss and unavailability of data
9. malicious behavior of incidents
they have access and authorisation could cause damage, release data, change data, etc.
10. business failure of the provider
unavailability of data and application
11. service and availability
equipment or software failure in providers' data center
12. insecurity or incomplete data deletion
disk might have other tenants.
deleting data is not enough.
ensure your data can not be undeleted if you exit
SLA must meet all your requirement such as security, privacy...
Questions on Handout 1 : Chapter 1: Introduction to cloud computing (hard copy)
1. What are the technologies that advanced and contributed to cloud computing? (p. 5 and diagram on page 6, Fig 1.1), define each of these (page 7 to13).
A. Internet technologies
Web services can glue together applications running on different messaging product platforms, enabling information from one application to be made available to others, and enabling internal applications to be made available over the internet.
B. Grid computing
Grid computing enables aggregation of distributed resources and transparently access to them. Most production grids seek to share compute and storage resources distributed across different administrative domains.
C. Virtualization
Virtualization allows running multiple operating systems and software stacks on a single physical platform.
D. Autonomic computing
Autonomic computing seeks to improve systems by decreasing human involvement in their operation. System should manage themselves with high-level guidance from humans.
2. What are Cloud services (Saas, Paas, IaaS) p. 13-15
A. SaaS: Software as a service
a) Online application you use. no need to install on your PC. eg. online email
b) Quick access, self-service
c) Generalised service to meet the need of majority of users
d) The customer does not control OS, Servers, Storages, application configuration or etc. Only use the service.
B. PaaS: Platform as a service
a) It is a service provide managed environment(does not control OS, Servers, Storage,but control application configuration)
b) Software developer could host and execute their software without the complication of deploying or configuring servers.
C. IaaS: Infrastructure as a service
a) Offers virtualization resources (computing, storage, communication) on demand.
b) Customer self-service interface quickly.
3. What are the development Models (private,….) p. 15
A. Public Cloud
a) For general public
b) Pay as you used
c) Internal data center of a business not available to this
d) Owned by a company and sell service to users
B. Private Cloud
a) Owned and managed by user or outsourcing
b) Dedicated to meet the need of an organization
C. Hybird Cloud
a) Mixed of 2 or more cloud
b) Use private cloud of your network handle normal usage, public cloud deal with the peak overflow
c) Use private cloud to meet the need of compliance and security
d) Use public cloud to meet the need of cost-effective, elasticity and scalability
D. Community Cloud
a) For organizations have same concerns, missions, security, policy, compliance and etc.
b) Can create a cloud that suits them
c) Security and compliance are as strong as the weakest member.
4. What are desired features of the cloud p. 15-17 (Limited)
A. Self-service
Getting service is easy through cloud, quick access to cloud resources, dynamic resource control
B. Per-usage metering and billing
Pay for what you use
C. Elasticity
Scalability, bandwidth/resource on demand
D. Customization
In IaaS, it should allow users to deploy specialized virtual appliances and be given privileged access to the virtual servers. Others should provide a certain level of customization.
5. What is VIM and its features p. 17, 18, 19, 20.
VIM: Virtual Infrastructure Manager.
It works for IaaS providers. It aggregates resources from multiple computers, presenting a uniform view to user and applications.
Features
A. Virtualization support
B. Self-service, on-demand resource provisioning
C. Multiple backend hypervisors
D. Storage virtualization
E. Interface to public clouds
F. Virtual networking
G. Dynamic resource allocation
H. Virtual clusters
I. Reservation and negotiation mechanism
J. High availability and data recovery
6. Features of IaaS (p. 26-28) and case studies
Features
A. Geographic presence
B. User interfaces and access to servers
C. Advance reservation of capacity
D. Automatic scaling and load balancing
E. Service-level agreement
F. Hypervisor and operation system choice
Amazon Web Server EC2 (Elastic Computer Cloud)
A. customise server
B. start / stop it
C. install software package
D. configure access permission
7. Features of PaaS p. 31-32 and case studies
Features
A. Programming models, languages and frameworks
B. Persistence options
Google App Engine
A. Support python and java web application
B. Real time auto-scaling
C. Use specific Google APIs
8. What are challenges and Risks of Cloud computing p.34-38 ? Discuss each.
A. Security, privacy and trust
Security: Internet is not secure and Data is saved with others’ data in the cloud provider.
Privacy: Data saved in cloud provider. They may have access to the data
B. Data lock-in and standardization
Data lock-in: In current form, cloud computing infrastructures and platforms do not employ standard method of storing user data and applications. Therefore, they do not interoperate and user data are not portable.
Standardization: The answer to this concern is standardization. There are efforts to create open standards for cloud computing.
C. Availability, fault-tolerance and disaster recovery
Service Level Agreement (SLA) should be made between cloud provider and customer before moving into cloud. It specifies the details of the service to be provided, including availability and performance guarantees together with the metrics and penalties
D. Resource management and energy-efficiency
Cloud providers should be efficient management of virtualized resource pools. Another challenge concerns the outstanding amount of data to be managed in various VM management activities. Dynamic resource management may solve the problems. Also it may improve utilization and consequently minimize energy consumption in data centres.
Questions on Handout 2 (Hard Copy)- Starting with Evolution of IT leading to cloud computing (p. 9)
1. P.9 draw a diagram of architecture of Cloud showing users and cloud provider’s data centre (DC). Name some servers in DC.
2. P. 10 (Fig 1.6), know names of two public cloud, private cloud and storage providers.
Public cloud: Amazon EC2 / Flexiscale
Private cloud: Nimbus / Eucalyptus
Storage providers: Amazon S3 / Amazon SimpleDB
3. p. 19 What is economy of scale in cloud computing
Cloud data centres
4. p. 20 Discus The structure of data centre and issues, know what is VPN protocol used to connect to Internet.
A. Size: one room, one floor or whole building
B. Servers: 1U to mainframe, storage
C. Power: backup batteries, diesel generators
D. Cooling system: air-conditioner; water cool;
E. Network: connectivity and ample bandwidth to and from the network backbone to handle the input and output from the entire collection of servers and storage units;
F. Security:
a) Physical: Guards, mantraps and state-of-the-art authentication technology
b) Logical: Firewall, VPN gateways, intrusion-detection software
G. Disaster recovery
5. p. 63 Discuss places cloud does not make sense. (you may use private cloud to solve security issue)
A. Legacy system
B. Application involving real-time/mission-critical scenarios
C. Applications dealing with confidential data
6. p. 67 Cloud computing issues in SMB (Small medium business, p. 67-69).
A. Corporate website
a) Use less money to rent a small virtual CPU during start stage
b) When exceeding the capacity, it can add and scale capacity as needed dynamically.
B. Backup and file-storage systems
a) Cloud is remote and located in an offsite third-party location.
b) Before using, make sure the backup does not contain confidential information.
C. New product development
a) Using cloud platform, customer just pay the service fee instead of making investment for the hardware system.
b) Customer may use different web, application and database environment to do the test.
7. Cloud computing use in Enterprises p. 69, 70, 71
A. Large dataset, high-compute scenarios
Customer can get the IT resource from cloud provider immediate instead of speeding time to go through the corporate processes to purchase it.
B. Deadline-driven, large compute problems
Customer use the IT resource from cloud provider to solve the problem which must be finish in short period and need a lot of resources.
C. Online web presence and community
The online website is more reliability, scalability and the customer experience improved thank to the content delivery network (CDN) which provided by Amazon CloudFront
8. What is Sharding? (with a diagram) and Advantages of Sharding (p. 105-106), Why Shard your database ?
Sharding
A. A decomposition of a database into multiple smaller units (called shards) that can handle requests individually.
B. They can run completely independently and in parallel for much higher throughput.
Advantages of sharding
A. High availability: if one box goes down, the others still operate
B. Faster queries: smaller amounts of data in each user group mean faster querying.
C. More write bandwidth: with no master database serializing writes, you can write to many shards in parallel.
The reason for sharding database
When the data which saved in database become bigger, customer may have two options. One is purchasing server with more RAM, CPU and storage capacity while the other is spread data across multiple relatively cheap database servers. If the database type is (online transaction processing) OLTP, which means lots of read and write, the second option will be relatively cheap and bring the better performance comparing with the first option, although it may need to change the structure and implementation.
9. What is Cloud-bursting and business cases (p. 116-118)
Cloud-bursting
A composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.
Business cases
A. Reign.net
The structure of the company is a server running at baseline user load and 10 virtual servers which provided by Amazon cloud handling for two-day spike.
Reasons
a) Cloud computing solutions are generally more expensive when it comes to long term consumption
b) Cloud-bursting is more complex solution
c) Prevent vendor lock-in issue
B. Eventseer.net
The structure of the company is enterprise data centre handle the daily process and cloud provider data centre handle the generation of static pages every night.
Advantages of having an internal data centre (private cloud) and using cloud too (p. 116-117.(Hybrid cloud) Plus know to draw the diagram on page 119.
Advantages
A. Core business processes remain inside the firewall and periodic or overflow processing happens on the cloud.
B. The cloud provides the basic application functionality, whereas more critical functions continue to be served from within the controlled enterprise data centre.
C. Add load balancing into enterprise data centre. It can redirect requests to an external cloud provider data centre when the enterprise data centre is insufficient.
10. Choosing a Vendor, What are the business considerations (1-3 below)?
Business Considerations: Financial viability, Operational viability, Contractual viability
11. Business Considerations: Financial, Operational, and Contractual issues and Qs. P. 170-171.
Financial viability
A. How long has the vender been around?
B. Are they financially stable? Is it a public company or a well-financed privately held company?
C. Is it profitable?
Operational viability
A. Does it have the requisite core assets, such as multiple data centres, and is it reasonably located?
B. Can it provide references of satisfied customers?
C. Does it have an operating history as a service provider?
Contractual viability
A. Are its operations audited and in compliance with best practices for service based operations (SAS 70 Type II)?
B. What are its SLAs, and how are they enforced?
12. Technical Considerations p. 171,
Availability: Whether an application performs its design function
Performance: How fast or slow the application is
13. Cloud Providers SLA (p.179, 180
Service Level Agreement (SLA)
A. Layout specific criteria or service levels that a provider is committing through a contractual obligation to provide.
B. Generally written as quantifiable or measureable metrics, they describe the satisfactory operation of the service.
C. These metrics must be met on a continual basis, and the inability to meet them constitutes an SLA violation.
Availability of Amazon and Microsoft Azure is 99.95%
4.38hour unavailability per year
14. Measuring Cloud Operations p. 181, 182, 183,
Name 3 parameters that can describe the performance (btm page 182)
I/O throughput: The average number of Mbps available for applications
I/O latency: The time it takes for requests to be processed
Processing time: The time it takes for a canonical request to be processed
15. Name a visibility software used and which parameters it can measure (CPU, throughput and Disk Usage) p. 184
Amazon CloudWatch
CPU: The average CPU utilization over the specified time interval, measured in percent
Network throughput: The aggregate amount of inbound and outbound data to the AMI over the specified interval, measured in bytes
Disk usage: The number and size in bytes of disk reads and disk writes over the specific time interval
16. Read summary p. 185
Compare the cloud application with traditional deployment of an application
Traditional: You cede control over physical security, power and network connectivity to a third party, but you retain control over the server hardware, operating systems, and application software.
Cloud: You extend the ceding of control to include the server hardware and the operating system.
Principle for these system: Trust, but verify
Hand-out 3 (Hard copy), Storage
1. Discuss DAS and SAN and reason discuss advantages of using SAN in data centres.
DAS: Direct attached storage. Storage is generally done on the local bus. Not directly accessible to other servers unless you give access to a user or a group of users.
SAN: Storage area network. This is a high-speed network of interconnected storage devices. The architecture is such that all storage devices are accessible by all devices that are on your company’s local area network (LAN) or wide area network (WAN).
Advantage of SAN:
A. All server can access after properly configuration
B. High-speed, especially for HA, CLUSTER system.
Tier 1: refers to data that has been recently accessed or is mission-critical. Generally it stored on high-quality media.
Tier 2: refers to data that’s rarely accessed. It might be backed up on a periodic basis in a corporate environment.
Tier 3: data that’s almost never accessed. This data may e need to be stored for a long period of time for compliance reasons.
Grid Computing Questions
1. What is grid Computing p. xi, 11, and p. 17.
In a nutshell, grid computing is all about virtualization that enables businesses to take advantage of a variety of IT resources in order to be more responsive to demands of the business and increase availability of applications while reducing both infrastructure and management costs.
Grid computing enables organizations (real and virtual) to take advantage of various computing resources in ways not previously possible. They can take advantage of underutilized resources to meet business requirements while minimizing additional costs. The nature of a computing grid allows organizations to take advantage of parallel processing, making many applications financially feasible as well as allowing them to complete sooner.
Grid computing makes more resources available to more people and organizations while allowing those responsible for the IT infrastructure to enhance resource balancing, reliability, and manageability.
2. Discussion of types of resources that can be shared (p. 20-23),
Eg. How computation power can be shared, storage shared, …
..
Computation sharing
A. Use it to run an existing application on an available machine on the grid rather than local
B. Use an application designed to split its work in such a way that the separate parts can execute in parallel on different processors.
C. Use an application that needs to be executed many times, on many different machines in the grid. If there is an limit to scalability, following the limitation. Otherwise, try to split the task in order to increase the efficience.
Storage
A. Each machine on the grid usually provides some quantity of storage for grid use, some temporary.
B. Two types: memory, secondary storage
C. Memory used to save cache data or to serve as temporary storage for running applications
D. Secondary storage can be used to increase capacity, performance, sharing and reliability of data.
Communication
A. Includes communication within the grid, external to the grid and redundant communication.
B. Communications within the grid is used to send jobs and their required data to points within the grid.
C. External communication is used to access to the internet.
D. Redundant communication paths are needed to handle potential network failures and excessive data traffic.
Software and licenses
A. Using a grid, the jobs requiring specific software are sent to the particular machines on which this software has been installed. It can save the expenses of license fee for an organization.
B. If the software license permits limit number of installation, the grid job schedule can be configured to take software licenses issue into account.
Special equipment, capacities, architectures, and policies
A. Platforms on the grid have different architectures, operation systems, devices, capacities, and equipments. Each of these items represents a different kind of resource that the grid can use as criteria for assigning jobs to machines.
B. In some cases, the administrator of a grid may create a new artificial resource type that is used by schedulers to assign work according to policy rules or other constraints.
3. Why Grid computing helps with Cloud computing
Grid computing can archive to combine the capacity of different servers, such as storage, computation and etc, let them work as a group. Depending on this, cloud computing can handle large task and realize the elasticity.
Questions on Security for Cloud Computing
1. What is security risk associated with cloud computing (p. 6, 7)
A. Loss of governance
B. Responsibility ambiguity
C. Isolation failure
D. Vendor lock-in
E. Compliance an legal risk
F. Handling of security incidents
G. Management interface vulnerability
H. Data protection
I. Malicious behaviour of insiders
J. Business failure of the provider
K. Service unavailability
L. Insecure or incomplete data deletion
2. Know the steps that cloud consumers should take to evaluate and manage the security of their cloud environment. ( p. 8, top), know the basic definition of each and the following Qs.
A. Ensure effective governance, risk and compliance processes exist
B. Audit operational and business processes
C. Manage people, roles and identities
D. Ensure proper protection of data and information
E. Enforce privacy policies
F. Access the security provisions for cloud applications
G. Ensure cloud networks and connections are secure
H. Evaluate security controls on physical infrastructure and facilities
I. Manage security terms in the cloud SLA
J. Understand the security requirements of the exit process
3. Compare security and compliance policy of an established company and compare with moving to the cloud (p. 8, 9) and when it is not advisable to move to the cloud.
A. Traditional company make policies to protect their own property. These policies are developed based on risk analysis of attack.
B. Cloud service make policies depending on different risk analysis. Therefore before migration into cloud, customer needs to make sure the contract with cloud provider meet the requirements of them.
4. Compare the responsibilities of cloud provider and consumer in SaaS, IaaS, and PaaS (page 9).
A. IaaS: The cloud provider is responsible for infrastructure. The consumer is responsible for the software stack from the operation system to the application.
B. PaaS: The cloud provider is responsible for infrastructure and platform while the consumer is responsible for the application.
C. SaaS: The cloud provider has total responsibility for security.
5. What problem storing your data in different countries can cause? p.9 btm.
Discuss how security certificate of the cloud provider can help with the security p.9
In order to realize the redundancy or other feature, cloud providers may save data in different countries. If it happens the data leak or data lose issue, consumer need to complain the provider depending on the law of the location where the data is saved.
The most widely recognized international standard for information security compliance is ISO/IEC27001. Currently ISO is developing new standards ISO/IEC 27017 “Security in Cloud Computing” and ISO/IEC 27018 “Privacy in Cloud Computing”. Depending on these certifications, cloud provider may give their potential customer more confidence about security and privacy issue.
6. Discuss the role of auditing in security p. 11-12.
A. Understanding the internal control environment of a cloud provider
B. Access to the corporate audit trail
C. Assurance of the facilities for management and control of cloud service
7. What are the controls for securing data in cloud (Table 2) p 16.
A. Create a data asset catalog
B. Consider all forms of data
C. Consider privacy requirements
D. Apply confidentiality, integrity and availability
E. Apply identity and access management
8. How can you protect the clients (data centre tenant) from one another 1. To 5. (create VLANS, Virtual LAN, logical grouping of resources, and send data down VPNs in WAN (encrypting data using IPSec, and tunnels thru Internet), ……. p. 23-24.
A. Dedicated virtual LANs (VLAN). A technology that makes a collection of ports on a physical Ethernet switch appears to be a separate switch.
B. Virtual Private Networks (VPN). Use to connect a consumer’s dedicated VLAN back to the consumer’s network (site-to-site) or users from anywhere (client-to-site).
C. Per-instance software firewall. Allow consumers to regulate what traffic comes into their instances by configuring the software firewall on the instance itself.
D. Private VLAN.
a) It means a VLAN that is dedicated to a particular consumer
b) It means more technical setting above VLAN.
E. Hypervisor based filters. It can prohibit or allow communication at the “virtual switch” level.
9. Which role SLA plays in security (page 26-27).
It specifies the security responsibilities of both the service consumer and service provider.
10. Why Exit Process is important in security (p. 28).
From a security perspective, it is important that once the consumer has completed the termination process, none of the consumer’s data should remain with the provider.
11. Know some of the Question consumer can ask for item 1 to 10 on top, this helps you understand item 1-10 better (Table 28)
A. Ensure effective governance, risk and compliance processes exist
B. Audit and ensure proper reporting of operational and business processes
C. Manage people, roles and identities
D. Ensure proper protection of data and information
E. Enforce privacy policies
F. Assess the security provisions for cloud applications
G. Ensure cloud networks and connections are secure
H. Evaluate security controls on physical infrastructure and facilities
I. Manage security terms in the cloud SLA
J. Understand the security requirements of the exit process
Qs Microsoft private Cloud
1. Know Microsoft Software used (Windows server 2012 and System centre 2012). Know difference between Standard version and data centre version p. 5
Standard version provides 2 virtual instances with each license
Data centre version offer unlimited virtualization with each license
2. Know management capabilities of System Centre 2012 , first column page 11
Hyper-V delivers fully isolated, multi-tenant clouds, enable high scale and low cost data centres.
Questions on Building a private Cloud (Copenhagen)
1. Know the open source software used and (Ubuntu Enterprise Cloud)
Ubuntu Enterprise Cloud (UEC) is Ubuntu Linux distribution with Eucalyptus cloud software incorporated
2. Know items explained in Figure 5 and Figure 6, What is NC, Cluster Controller, Storage Controller, and Cloud controller) p 13, 14, 15, 16
A. NC: Node Controller. It gathers the data about physical resource availability on the node and their utilization, and the data about instances running on the node, and reports the data to the Cluster Controller
B. CC: Cluster Controller. A cluster is a collection of machines grouped together in the save network broadcast domain. It manages NCs and instances running on them, receives requests from deploying instances from CLS, and deciding about the NCs they will be used for deploying them.
C. WS3: Walrus Storage Controller. It stores the machine images and snapshots.
D. SC: Storage Controller. It provides the persistent storage of instances on the cluster level.
E. CLC: Cloud Controller. It is the entry point to Eucalyptus cloud. Administrator can use web interface to manage the infrastructure.
Questions on Cloud Modules
1. What is the purpose of virtualisation (p.2, 5), and page 17 of Architecture….. (below)
Virtualization allows the logical server (executing program) to be separated cleanly from the physical server (computer hardware).
2. What are the cloud module and explain each (p. 4), Server module, ………
A. Server module is the CPU of the cloud computer
B. Storage module provides data storage for cloud computer
C. Fabric module transfers data between the various cloud computing modules
D. WAN module provide the access to cloud
E. End-user type I - branch office
F. End-user type II - mobile
Questions on Architecture and Technologies
1. What is Hypervisor and which resources VMs share (p. 18)
Hypervisor separate the physical hardware from the guest OS.
Resource: CPU, memory, disks and I/O
2. Discuss Firewall Virtualisation (with a diagram) p. 75
Physical firewall provides various virtual firewalls to the different Virtual Machines. Virtual firewalls fully isolated from each other.
3. Server Load balancing and Virtualisation (p. 76, 77,)
Server load balance present one virtual IP address for service. All clients send the requests to it. Server load balance will distribute the requests across multiple real servers.
Virtual contexts on the SLB allow applications managed by different groups or business units to be handled on the same physical SLB. It makes SLB deployment more flexible and scalable.
4. How different tenants in data centres are isolated (using VLAN (IEEE 802.1q) and VRF, p. 80-83, 87-89 (note each customer can be put in on one VLAN, logical grouping of resources, computers, servers, …)
Virtual LAN (VLAN): Layer 2 based.
Virtual routing and forwarding (VRF): Layer 3 based
Questions on Practical Guide to Cloud Computing
1. Who should be team members when considering setting up a cloud, IT, business, finance, ……….. (p. 12)
Strategic (Vision, Terms of reference, Guidelines) à CEO
Tactical (Business Analysis, Technical Analysis) à CIO, CTO
Operational (Procurement, Implementation, Operations) à IT, Finance, etc..
2. When Private (on site, outsourced) and Public would be appropriate (p. 16-17, table 2)
A. Criticality of cloud services
B. Migration cost
C. Elasticity
D. Security threats
E. Multi-tenancy
3. Compare criticality, migration costs of each, elasticity, security, multi-tenancy).
Private(on-site)
|
Private(outside)
|
Public
| |
Criticality
|
mission critical, security sensitive services
|
mission critical, security sensitive services
|
not mission critical, not security sensitive service
|
Migration cost
|
significant cost
|
lower cost
|
lower cost
|
Elasticity
|
limited resources
|
extensive resource available
|
unrestricted in size
|
Security threats
|
same as non-cloud
|
need to protect on consumer, provider and link
|
Limited visibility and control for consumer.
|
Multi-tenancy
|
all clients are authorized guests
|
same as on site
|
a single machine may be shared by several consumers
|
4. Adoption of IaaS,
Does Small business or big business is likely to adopt IaaS and why ? Parameters to consider whether to go to IaaS (Table 3),
Large organization may consider more.
SMB will be incented to use.
Large organization
a) Analyze IaaS offering in terms of total cost of ownership(TCO) / return on investment (ROI) and risks
b) Define strategy
c) Start with infrastructure virtualization
d) Moving to on-site private
e) Consider outsourced private and public
SMB
a) Analyze IaaS offering in terms of total cost of ownership(TCO) / return on investment (ROI) and risks
b) Define strategy
c) On site private give insufficient ROI
d) Consider public deployment
e) Deploy non-critical application in public
f) Consider outsource private for backup or high demand period
5. Key features of SaaS (p. 21), Compare SaaS adoption for small and big business (p. 22)
SaaS
A. SaaS offerings are easily accessible over the public internet through browser
B. SaaS works on a usage-based pricing model
C. SaaS offers a standard feature set which allow consumers to configure
D. Organization can reduce their investment for software licenses
E. Comparing with other solutions, the implementation time of SaaS is short
F. SaaS update will be handled by provider. The impact of business will be reduced.
G. SaaS offerings are scalable
H. SaaS is maintenance by provider
6. What are the Critical keys to success in cloud computing (Table 8).
A. Establish executive support
B. Address organizational change management
C. Establish commitment
D. Develop a Service Level Agreement which meets the needs of the business
E. Address federated governance
F. Rationalize security and privacy
G. Comply with legal and regulatory requirements
H. Define metrics and a process for measuring impact
Questions: advantages and disadvantages of Cloud computing
1. List 6 advantages and disadvantages of cloud computing
Advantages
A. No upfront cost. Do not need to setup a LAN, buy hardware, software, etc
B. No need to hire IT staff on site
C. Less space for computing equipment
D. Pay for what you use(shared resource with other cloud user)
E. Data center is different locations, access network from anywhere, anytime
F. Self-service(getting service is easy through cloud, quick access to cloud resources, dynamic reource control)
Disadvantages
A. Latency going through internet delay
B. Throughput / bandwidth (limited bandwidth on Internet)
C. If VPN used, shared problem if internet busy (availability issue)
D. Many cloud want you to develop your application around their own data center requirement
E. Trust: Independent of cloud user. Have access to your data
F. Primary and security issue
Comments
Post a Comment