CHECO 06 April 2010

Cloud Computing

Yvonne Carlson Director of Web Technology University of Denver

Quick Poll ● Quick show of hands: ● How many people have processes deployed to the

cloud? ● Who is planning to deploy to the cloud? ● Who believes this is just another flight of fancy?

●  Larry Ellison on Cloud Computing ●  “We have redefined cloud computing to include

everything we already do.” ● Cloud is not a revolution, it is an evolution.

Roadmap ● Overview ● Cloud Deployment

Models ● Cloud Services ● Cloud Adoption ● Cloud Challenges ● Cloud Predictions ● Q & A

Overview Other Characteristics: ●  Like buying a utility, i.e. water, gas, electricity ● Multi-tenant (shared infrastructure) ● Co-mingled (data) ● Scale-of-economy (beyond enterprise) ● Amazon Web Services estimates 50K new

instances per day ● Cloud Codex -

http://www.451group.com/cloudscape/cloudscape_report_detail.php?icid=869

Overview Grid Utility Cloud

- Applying the resources to many computers in a network to a single problem -  Form of distributed computing -  Usually based on open standards -  High levels of reliability

-  Pre-packaged resources -  Low or not initial cost for hardware -  Typically rented -  Rapid growth of capacity -  Like utilities, i.e. water or electricity

- Customers do not own infrastructure - Access is base on rental - Can be based on the utility model -  Delivered as a service with data stored in the cloud

Cloud Deployment Models Four Major Types: ● Public/External ● Private ● Hybrid ● Community

Cloud Deployment Models Public Cloud: ●  Third-party hosted service such as Amazon's

Elastic Compute Cloud (EC2) or Simple Storage Service (S3).

● On demand and inexpensive capacity ● Access unlimited capacity, as needed, on

demand on a per drink basis

Cloud Deployment Models Private Cloud: ● A corporate or internal cloud ● Proprietary computing architecture that provides

hosted services to a limited number of people behind a firewall.

● Advances in virtualization and distributed computing have allowed corporate network and datacenter administrators to become service providers.

● Better use of internal IT resources

Cloud Deployment Models

Hybrid Cloud ●  Mixture of internal/

external cloud resources

●  Rapid access to extra capacity in public clouds

●  Secure inter-connections between clouds

●  Single system management view across cloud

●  Automated provisions ●  Siemens opens cloud

computing center near Brussels

http://www.slideshare.net/catherinewall/emerging-technology-in-the-cloud-real-life-examples-pol-mac-aonghusa

Cloud Deployment Models Community Cloud: ● Community shares infrastructure, whether public

or private ● Examples: ● Google’s Gov Cloud ● Science Clouds - http://scienceclouds.org/clouds/ ●  Nimbus @ University of Chicago ●  Stratus @ University of Florida ●  Wispy @ Purdue University ●  Kupa @ Masaryk University

Cloud Services As a Service: ●  Software as a Service ● Salesforce.com, Google, NetSuite ● SAP, Oracle, Blackboard

●  Platform as a Service ● Google App Engine, Amazon, RackSpace, NetSuite,

Microsoft ●  Infrastructure as a Service ● Google, IBM, Amazon, RackSpace, SAVVIS

●  Storage as a Service ● Amazon, Iron Mountain Digital, Zetta, Nirvanix, Caringo

●  Security as a Service ● McAfee, Websense, Trend Micro

Cloud Adoption ● Conservatives may not see the value or utility of

moving processes into the cloud ● Don’t sell the concept – meet a need ● Core requirements? ● What pieces are the right fit? ● What problem needs solved? ● What are the risks?

● Evolution ● Fits into a business model that fits into an

architectural model

Cloud Adoption Gartner Hype Cycle for Emerging Technology (2009)

Cloud Adoption Know thy enterprise architecture: ● Cloud computing is an architectural option ●  The approach of service oriented architecture

applies ● Decompose architecture into root components ● Understand the relationships of these

components ● Do your homework…

Cloud Adoption Business & Market Drivers: ●  Pricing Structure – http://cloud-hosting-providers.com/ ●  Pay-as-you-go, metered, monthly subscription

●  The Cost of IT ●  Average 9000 square foot data center costs $21 million to

build and $1 million/year in electricity ●  11.8 million servers; used at 15% capacity ●  Data centers consume 1.5% of our nation’s electricity (EPA) ●  $800 billion/year spent on purchasing/maintaining enterprise

software ●  Green Initiatives ●  Quick Deployment ●  Empowering the Business ●  Don’t Pay for Scability

Cloud Challenges ●  Data Governance

●  Legalities of data in the cloud ●  Privacy ●  Regulatory compliance - HIPPA, FERPA, PCI ●  Data location – Google and China ●  Data segregation

●  Creation of verticals (separation of concerns) ●  Government, Defense, Healthcare

●  Manageability ●  Applications won’t auto-scale

●  Monitoring ●  Measurement of transaction - Hypernic’s CloudStatus

●  Reliability & Availability ●  AWS Outage – 44 minutes on December 9

●  Portability/Interoperability ●  Band-width, Telecommunications and Delivery

http://cloudcomputing.sys-con.com/node/659288

Cloud Challenges Cloud Security: ●  Standard web security issues apply in terms of

external attacks ●  Top 10 threats by the CSA -

http://www.cloudsecurityalliance.org/topthreats ●  Insecure APIs ● Malicious insiders ● Data leakage/loss ● Multi-tenant issues ● Account/service hijacking ● Cross channel, inner cloud attacks

●  Current methods of intrusion detection are IP based

Cloud Challenges VM Environment Security: ● Exploiting issues within the multi-tenant

environment in between instances ● What about the trusted customer? ● Recent study on side channel attacks ●  VMs on the same physical server can monitor shared

resources and make highly educated inferences on the target VM

Cloud Predictions Top 5 Predictions for 2010: ●  The Rise of Standards ●  First Major Outages ● Microsoft ● Consolidation of Existing Providers ● Rapid Rise of Startups

http://www.infoworld.com/d/cloud-computing/top-5-cloud-computing-predictions-2010-188

Q & A ● Contact Information ● Email: yvonne.carlson@du.edu

Books ● David Linthicum – Cloud Computing and SOA

Convergence in Your Enterprise: A Step-by-Step Guide

●  Tim Mather – Cloud Security and Privacy ● Peter Fingar – The 21st Century Business

Platform on Cloud Computing

Websites/Videos ●  Security, Cloud Computing, and the Coming Mobile Environment

– http://csis.org/multimedia/video-security-cloud-computing-and-coming-mobile-environment

●  Cloud Computing Manifesto ●  Cloud Security Alliance - http://cloudsecurityalliance.org/ ●  Cloud Computing Journal - http://cloudcomputing.sys-con.com/ ●  Private Cloud – http://privatecloud.com/

Presentations ● Mark Masterson –

http://www.slideshare.net/mastermark/enterprise-cloud-risk-and-security

● Master Class Online – http://www.slideshare.net/ThoughtWorks0ffshore/cloud-computing-2847268

● Dr. Sosa, University of Virginia - http://www.slideshare.net/awesomesos/exploring-the-cloud

Events/Conference ●  http://cloudcomputingexpo.com/ ●  http://www.thecloudcomputing.org/2010/ (IEEE

Cloud 2010) ●  http://www.cloudwf.com/ (Annual Cloud

Computing World Forum) ●  http://www.cloudcom.org/ (International

Conference on Cloud Computing Technology and Science)

Videos ●  http://www.youtube.com/watch?

v=XdBd14rjcs0http://www.salesforce.com/cloudcomputing/

●  http://www.youtube.com/watch?v=GbNWT8SqcGE&feature=channel

●  http://www.youtube.com/user/mindsinthecloud?feature=pyv&ad=4221724480&kw=cloud%20computing#p/u/0/GBlu9a0kOEE

Articles ● Storage-as-a-Service -

http://www.informationweek.com/news/services/storage/showArticle.jhtml?articleID=217300686

●  7 Cloud Security Risks - http://www.infoworld.com/d/security-central/gartner-seven-cloud-computing-security-risks-853?page=0,1

Cost Analysis Articles ●  http://www.uptimesoftware.com/uptimeblog/cloud-

virtualization/cost-of-cloud-computing-expensive/ ●  http://www.slideshare.net/markusslideshare/do-

clouds-compute-a-framework-for-estimating-the-value-of-cloud-computing-presentation