Cloud Computing 101
- 1. CLOUD COMPUTING 101 KAMAL ARORA kamal.arora@gmail.com November 2011
- 2. TABLE OF CONTENTS Cloud Definition, Categorization and Architecture Cloud Security, Key Cloud Pitfalls & Recommendations When & how to move to Cloud? Myths in Cloud
- 3. • How to categorize Cloud Computing? Cloud Understanding • Are there any recommendations or best practices for aspects like Cloud Security, Cloud Economics and Pitfalls? • What are the key things to note for Cloud adoption?
- 4. CLOUD DEFINITION (FROM NIST) AND BENEFITS Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction On-demand Self Service Resource Rapid Pooling Elasticity Cloud Key Benefits Broad Network Measured Access Service
- 5. CLOUD CATEGORIZATION – BY SERVICE MODEL Infrastructure-as-a-Service (IaaS) • Refers to the computing infrastructure over the web as a service in a flexible way. • The service includes all the necessary resources like servers, OS environment (Linux, Windows etc), storage & database services provisioning at runtime. • E.g. Amazon EC2, Amazon S3 Platform-as-a-Service (PaaS) • Set of software and product development tools hosted on the provider's infrastructure. • The development community use these hosted environments to create their applications but the management of these environments is the responsibility of the vendor only • E.g. Force.com and GoogleApps. Software-as-a-Service (SaaS) • The vendor supplies and manages the hardware infrastructure, the software product and interacts with the user through a front-end portal. • E.g. Gmail, Salesforce.com, Rally software etc.
- 6. CLOUD CATEGORIZATION– BY DEPLOYMENT MODEL • Exists outside a company's firewall, offered as a service by a 3rd party Public vendor (eg. Amazon EC2, Google AppEngine) • Hosted & managed by the vendor • Pool of resources behind a company's firewall and includes resource Private management , dynamic allocation, and support for virtualization • Maintenance of this is the responsibility of the organization itself • External services are leveraged to extend or supplement the internal cloud Hybrid – simply put, a mixture of both private and public cloud • Shared infrastructure between several organizations from a specific community with common concerns Community • Managed internally or by a third-party and hosted internally or externally
- 7. INFRASTRUCTURE AS A SERVICE – IAAS • Characteristics – Provision model in which an organization outsources the equipment used to support operations – Service provider owns the equipment and is responsible for housing, running and maintaining it – Users typically pays on a per-use basis – Generally includes multiple users on a single piece of hardware • Advantages – Utility Computing service and billing model – Automation of administrative tasks – Dynamic scaling. • The line between PaaS and IaaS is becoming more blurred as vendors introduce tools as part of IaaS that help with deployment • Examples – Virtual Hardware ( Amazon EC2, GoGrid, Rackspace) – Storage ( AWS S3, AWS Simple DB)
- 8. PAAS – PLATFORM AS A SERVICE • Characteristics – Provides a development platform for developers – Can rent hardware, operating systems, storage and network capacity over the Internet – PaaS providers provide development and testing environment and then hosting in an elastic cloud environment – IDEs present for development • Advantages – Operating system features can be upgraded seamlessly – Geographically distributed teams can work on same development platform thereby reducing costs • Examples – Google App Engine – Python based – Force.com, vForce.com ( Java/J2EE, Spring IDE) – Engine Yard ( ROR) – Microsoft Azure (.Net) – Cloud Foundry (Spring, Java, Grails) for Amazon EC2
- 9. SAAS– SOFTWARE AS A SERVICE • Characteristics – Web access to commercial software – “Vanilla” offerings where the solution is largely undifferentiated for different users – Software is managed from a central location – APIs available for better integration & automation • Advantages – Users not required to handle software upgrades & patches – Able to handle the demand spikes significantly – Web/mobile access for easy use • Examples – GMail – E-mail service – Salesforce – CRM – Rally Software – Agile Project Management
- 10. SAAS – MATURITY MODEL •ASP model. • Customer has own version of hosted application •Runs own instance on host’s servers. •Vendor hosts separate instance for each customer. •Same code base for all. •Configuration options available – configuration metadata •Single instance for all customers (multi-tenant) •Configurable metadata •Efficient use of computing resources •Multiple customers on a load balanced farm •Each customer’s data separate •Configurable metadata •Highly scalable •Easy roll out of fixes Source : http://msdn.microsoft.com/en-us/library/aa479069.aspx
- 11. • What are the main components of Cloud architecture? Cloud Architecture • How are the different components of Cloud inter-related?
- 12. CLOUD ARCHITECTURE Cloud Services Cloud Services Cloud Services Consumer Provider Creator/Enabler Cloud Services Cloud Management Orchestration Platform Self Service Portal Software-as-a- Service Request Virtualization Service Service Management Management Management Platform-as-a- Service Catalog Networks Security Service Management Management Management Infrastructure- Operations & Storage as-a-Service Governance Management Catalog Management Infrastructure
- 13. • How do I ensure my Cloud deployment is secure? • Are the cloud providers using any security standards or best Cloud Security practices? • Can I have a mix of my in-house and Public Cloud Infrastructure?
- 14. CLOUD PROVIDER BEST PRACTICES Cloud Providers Measures for Secure hosting: 14 1. Certifications & Accreditations - ISO27001, SAS70 Type II, HIPAA 2. Physical Security – Nondescript facilities, not even employees allowed in certain parts of data Centers 3. Secure Services – Each service contains a number of capabilities that restrict unauthorized access or usage 4. Continuous Monitoring - Proactive monitoring through a variety of online tools, RCA done for any kind of incidents 5. Hypervisor level security – Use customized versions of hypervisors
- 15. CLOUD USER BEST PRACTICES As a Cloud User What should I do 15 for proper security? 1. Protect data in transit – Configure SSL on your instances 2. Protect data at rest – Use encryption wherever needed 3. Protect your credentials – Change them frequently, use RSA keys based authentication 4. Secure your applications – Configure firewall/security properly
- 16. HYBRID CLOUD MODEL 16 Apps Apps Private Cloud Public Cloud Service Provider Hybrid Cloud Security Cloud Infrastructure Cloud Infrastructure Management
- 17. • Does Cloud Computing save me $$ ? Cloud Economics • What type of costs are involved in Cloud?
- 18. ECONOMICS – WHY MOVE TO PUBLIC CLOUD? • Traditional IT spends 80% of the time in non-core functions. Cloud Computing helps flip this ratio • OpEx is beneficial for the organizations as it gives the flexibility to terminate costs at will • With transparent pricing from Cloud Vendors it is easy to estimate costs • Total Cost of Ownership of owned assets is much higher than resources in the Cloud, as below:
- 19. • What should I know before Key Cloud Pitfalls & adopting Cloud? Recommendations • Can I shift across Cloud Providers?
- 20. KEY CLOUD PITFALLS & RECOMMENDATIONS Vendor lock-in – Due to lack of standards, cloud vendors are creating their own proprietary interfaces that could end up tying a user to a vendor for longer than one would like •If you must write apps that require serious customization, make sure you have a back-up plan and, if you can swing the cost, an alternative cloud running your code as a backup. •Choose the Hybrid Cloud model to avoid too much dependency on Cloud vendor •Choose the right Cloud partner so that you don’t face issues like vendor lock-in Mismanaged Performance & Reliability – Once in the cloud, applications are at the heavily dependent on the platform now carrying them and reliability , performance are key concerns •Diversify across regions/availability zones to avoid location based failures •Failures will happen and so understanding how you’ll be notified and how quickly issues will be resolved is critical – so choosing right cloud partner is very important from this perspective too •Choose the Hybrid Cloud model for mission-citical apps • Rather than merely monitoring the individual components on Cloud such as the network, servers, J2EE Web apps and message operations, take a step back and monitor the entire transaction path.
- 21. • How do I assess if Cloud migration When to move to is a right decision for me? Cloud? • What parameters should be considered before Cloud adoption?
- 22. FACTORS IN CHOOSING PUBLIC/PRIVATE CLOUD Key Question Enterprise Data Cloud Services Key Cloud Benefit 22 Center Better Better Demand Constant Variable Scalable and On- Growth Predictable Unpredictable Demand Users Concentrated Dispersed Globally Dispersed to Reduce Latency Customization High Minimal to none Generic Solution favoring majority of users Data Privacy & Stringent Moderate Hybrid clouds offered Security Requirement Requirement to structure specific requirements Performance Very High Moderate to High Reliability & Scalability can offer higher performance under increased loads too
- 23. • What are the typical perspectives during Cloud migration? Migration to Cloud • Are there any specific stages during Cloud adoption/migration?
- 24. CLOUD: TWO JOURNEYS Reduction in Complexity Business Questions: To a Connected, Mobile, New IT Architecture Information-Centric World and Business Model • How do we adapt? • Get better business value (more efficient, more agile)? • And stay secure? An End-User/ An IT Consumer Journey Journey
- 25. THE IT JOURNEY IT as Cost Quality & Agility Well-Run Business Most customers Platinum % Virtualized Gold Phase 1 Phase 2 Phase 3 IT Owned Apps Mission Critical Apps Automated Ops & Metrics and Services Standardize Services Choice of Cloud Models Start Private Cloud Application Transformation Source: VMware Survey
- 26. END-USER JOURNEY SaaS Apps Native From Any Device Secure Access to All Applications Enterprise Apps Windows Apps
- 28. • Cloud is not secure, reliable – is it true or just a myth? Myths in Cloud • I need a guide to help me differentiate between what’s right and what’s wrong…
- 29. 5 MYTHS IN PUBLIC CLOUD 29 Myth No. 1: The cloud will reduce my workload Truth No.1: In the long run, maybe, but it depends a lot on the implementation strategy as well. If properly adopted, Cloud Computing can indeed reduce certain tasks which the current IT personnel need to take up. Myth No. 2: I am using Virtualization, so I am already doing cloud computing Truth No.2: Virtualization is one of the requirements of cloud computing, but not the only thing. If you have a private Virtualization environment, then it has limited capacity & resources and also cost involved is all up-front. Myth No.3: Reliability is not guaranteed with the cloud Truth No.3: With recent outages in Amazon EC2, this has become a concern area. However, as no system has 100% uptime, and neither does the Cloud, so it’s better to choose a cloud vendor carefully based on their SLAs and reputation. Also, it’s always advisable to create an application architecture involving multiple availability-zones/regions, which increases the reliability and reduces risk.
- 30. 5 MYTHS IN PUBLIC CLOUD (CONTD…) 30 Myth No.4: Performance like an in-house hosting cannot be achieved in the cloud Truth No.4: It depends. There are different types of clouds and use cases. In many instances, performance is higher in the cloud because there is more available capacity and scalability. In other cases, performance may be less than a traditional server. One can consider a hybrid solution that allows you to synergize the best of both worlds. Myth No.5: Inter-Op between different cloud vendors is not possible and customers get locked-in Truth No.5: Even though Cloud computing has reached a level of maturity but this remains an area which still needs some more focus. Most of the cloud vendors do have their propriety formats of creating OS images, but still there is a thrust that they implement a standard technology stack to enable application mobility. Though this may take some time, but this is surely an area where cloud vendors will ultimately have to converge.
- 31. Thanks For any questions, reach– kamal.arora@gmail.com
Editor's Notes
- #5: NIST, itself, has actually come up with the definition of cloud computing. And, again, focuses on these essential characteristics-- of on demand self-service, having broad network access, and-- on the equipment side-- resource pooling, so that now data centers are being built as a pool of resources that can be allocated now to different applications of the different tenants as they are needed. From the service model perspective, this is also talked about. Three major classes of services here. The first is software of the service. This is what most people think of when they think of, for example, salesforce.com. You're able to get the application delivered to you and you're using the application, even though it's hosted from a different service provider. The second is in terms of platform as a service. This is the model that have been followed by, for example, Google App Engine and Heroku and Microsoft's Azure, where you now have a higher level platform in which you're deploying and developing your applications. At the base of all of these is infrastructure of the service. This is where you're taking that pool of resources, virtualizing them, and then making them available on demand as the applications of different services needs. There's different ways now to think about how you deploy these models. The first is most usually exemplified by Amazon's Web Services. That is a public model. Where you'll be able to go and you'll be able to get access resources, along with many different companies that are acting as distant tenets in that public cloud. The second is private. And this requires a little bit of explanation. In a private cloud, we're really talking about that the control over those resources is by single entity, or single company. This is most often expressed as an on-premise solution, but it's important to realize that this is also now a model being able to provided by some of the manage service providers, where they're providing the resources that are under the control of a single entity. The third area is that of hybrid. And this is much more of a usage model. How an individual corporation may use a variety of public and private services to deliver the applications they need for they're internal usage. The last area is one of the more interesting ones, in my view. And that is what's known as community or community of interest. And it's best explained from the point of view of what we see evolving in the class base itself.It’s composed of three main sections:Essential Characteristics – These are the characteristics that make a virtualized (or non-virtualized) data center operation into a cloud serviceService Models – These are the types of cloud services that can be offered under the cloud modelDeployment Models – These are the models in which cloud services can be operated
- #11: Level I: Ad Hoc/CustomThe first level of maturity is similar to the traditional application service provider (ASP) model of software delivery, dating back to the 1990s. At this level, each customer has its own customized version of the hosted application, and runs its own instance of the application on the host's servers. Architecturally, software at this maturity level is very similar to traditionally-sold line-of-business software, in that different clients within an organization connect to a single instance running on the server, but that instance is wholly independent of any other instances or processes that the host is running on behalf of its other customers. Typically, traditional client–server applications can be moved to a SaaS model at the first level of maturity, with relatively little development effort, and without re-architecting the entire system from the ground up. Although this level offers few of the benefits of a fully mature SaaS solution, it does allow vendors to reduce costs by consolidating server hardware and administration.Level II: ConfigurableAt the second level of maturity, the vendor hosts a separate instance of the application for each customer (or tenant). Whereas in the first level each instance is individually customized for the tenant, at this level, all instances use the same code implementation, and the vendor meets customers' needs by providing detailed configuration options that allow the customer to change how the application looks and behaves to its users. Despite being identical to one another at the code level, each instance remains wholly isolated from all the others.Moving to a single code base for all of a vendor's customers greatly reduces a SaaS application's service requirements, because any changes made to the code base can be easily provided to all of the vendor's customers at once, thereby eliminating the need to upgrade or slipstream individual customized instances. However, repositioning a traditional application as SaaS at the second maturity level can require significantly more re-architecting than at the first level, if the application has been designed for individual customization rather than configuration metadata. Similarly to the first maturity level, the second level requires that the vendor provide sufficient hardware and storage to support a potentially large number of application instances running concurrently.Level III: Configurable, Multi-Tenant-EfficientAt the third level of maturity, the vendor runs a single instance that serves every customer, with configurable metadata providing a unique user experience and feature set for each one. Authorization and security policies ensure that each customer's data is kept separate from that of other customers; and, from the end user's perspective, there is no indication that the application instance is being shared among multiple tenants.This approach eliminates the need to provide server space for as many instances as the vendor has customers, allowing for much more efficient use of computing resources than the second level, which translates directly to lower costs. A significant disadvantage of this approach is that the scalability of the application is limited. Unless partitioning is used to manage database performance, the application can be scaled only by moving it to a more powerful server (scaling up), until diminishing returns make it impossible to add more power cost-effectively.Level IV: Scalable, Configurable, Multi-Tenant-EfficientAt the fourth and final level of maturity, the vendor hosts multiple customers on a load-balanced farm of identical instances, with each customer's data kept separate, and with configurable metadata providing a unique user experience and feature set for each customer. A SaaS system is scalable to an arbitrarily large number of customers, because the number of servers and instances on the back end can be increased or decreased as necessary to match demand, without requiring additional re-architecting of the application, and changes or fixes can be rolled out to thousands of tenants as easily as a single tenant.