Cloud Computing 101

Syed Azeem

February 28, 2013

2

Welcome!

• The purpose of this learning session is to raise awareness about Cloud Computing

• Information gained from this session will be valuable in understanding business technology trends that re already affecting and will continue to affect all of us

• It is important to know about this topic because the Federal government, including DHS, is making a big push towards Cloud Computing initiatives

• We’ll try to keep this as interactive as possible, so please stop me when you have a question, or have something interesting to share

3

Cloud Computing

What is it, and why should I care?

Value & Benefits

Implications for DHS and the Federal government

Agenda

4

More Cloud Computing

Definitions, Models, Examples

What does it mean to be “in the cloud”

Video & Demonstration

Agenda (continued)

BACKGROUNDA little bit of perspective and history

6Source: The Singularity is Near (Ray Kurzweil)

7Source: Hewlett Packard Federal Practice (Rick Fleming)

LET’S GET STARTEDPerceptions, views, opinions and myths

9

10

11

Most Americans Confused By Cloud Computing According to National Survey

12

13

14

15

16

17

Survey Highlights

• 95% of those who think they’re not using the cloud, actually are

• 22% pretended to know how the cloud works• 40% believe accessing work information at

home in their “birthday suit” would be an advantage

• After being provided with the definition of the cloud, 68% recognized its economic benefits

18

Overcoming confusion, gaining empowerment and professional development

• This knowledge will set you apart from most– You’ll know what the cloud is, how it works and

what benefits it may provide your organization– At the next job interview, social gathering,

professional event or get together with friends, you won’t have to fake it

• Confusion because it an abstract concept and is not very intuitively understood, but can be easily grasped through gaining knowledge!

19

Cloud isn’t really the best term, so don’t take it literally• We are describing

something abstract

20

Ancient story about blind men and an elephant

21

Ancient story about blind men and an elephant

CLOUD COMPUTINGWhat is it all about?

23

What is Cloud Computing?

• A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Source: The NIST Definition of Cloud Computing

24

Cloud Computing defined in English

• The traditional and legacy IT model of separate IT infrastructures for each system, both within Federal government and industry, must evolve– To meet the growing customer demands within a budget-constrained

environment• A new service-based pattern of distributing computing power, not a

new technology in itself– It is supported by various technologies such as virtualization, service-oriented

architecture (SOA) and the Internet.• End user has much more control than he/she used to over a powerful,

remote server owned by somebody else– That control can extend up to the point where he/she achieves programmatic

control over the server, if desired• The heart of cloud computing is gaining that control while engaging in

one of the lowest-cost forms of computing

Source: DHS CIO; InformationWeek

25

Why is traditional IT on it’s way out?

• Not well positioned to reduce time to market for new services or provide transparency for operational expenses

• Introduces higher risk due to up-front capital expenditures

• Customized applications hosted in traditional data center environments cannot scale fast enough to support urgent demand in real-time

• Potential security vulnerabilities are harder and costlier to fix

Source: DHS CIO, Richard Spires (Congressional Testimony; October 2011)

26

Video: Federal CIO Council (cio.gov)

Source: http://cio.gov/cloud-computing-explained/

Sample uses of Cloud Computing• Websites and web services– DHS.gov, TSA.gov,

FEMA.gov, Ready.gov– Amazon.com,

Google.com• Mobile services– Google Mobile App

engine• Business & Productivity

Applications– Microsoft Office 365,

Google Apps– Quicken Online,

SalesForce.com

• Database & Storage– Google Cloud storage,

Google Cloud SQL (mySQL)

– Amazon Simple Storage Service (Amazon S3)

– Microsoft SQL Database/Reporting (Windows Azure)

• Scientific Uses– Medical research (NIH)– Space Missions (NASA

Jet Propulsion Lab)

28

Traditional IT architecture

29

Traditional IT

SharePoint Server Exchange Server (Email)

Project Server Oracle Financials

Human Capital System Contracts Management System

30

SharePoint Service

Project Service Oracle Financials Service

Exchange Email Service

Human Capital ServiceContracts

Management Service

31Source: Wikipedia

32

Total Cost Of Ownership (TCO)

• Gartner: total cost of ownership (TCO) is a comprehensive assessment of IT (or other) costs across enterprise boundaries over time

• For IT, it includes – hardware and software acquisition– management and support– Communications– end-user expenses– opportunity cost of downtime, training and other

productivity losses.

33

Considering TCO for IT

34

Another View: Cost Elements for IT

35

Benefit: Reduced Costs

• Ability to scale up and down• Maximum Utilization – Server loads approaching 100%

• Pay for only what you use

36

37

38

Cloud computing suitability based on usage patterns

Source: ELEKS R&D

Patterns Benefiting Most from Cloud Deployment

39

Cloud computing suitability based on usage patterns

Source: ELEKS R&D

Will Not Benefit from Utilization Efficiencies of Cloud, but Potential to Still Enjoy other Cloud Benefits

40

Benefit: Agility

• With traditional IT model, “time to market” is usually years, if not many months

• Cloud computing provides agility by:– Enabling significantly faster product launch cycles– Allows agencies to adapt and react to changes

with unprecedented speed– Agencies can focus on their core mission with IT

as an enabler and force multiplier

41

Benefit: Innovation

• Cloud computing is spurring innovation within the private sector and Federal government

• DHS is a key player in Federal cloud computing initiatives

• If not for the cloud, many solutions would not be possible today due to the resources required (time, money and people) were usually owned by large governments or corporations

• The game has changed; It’s a different paradigm; total shift in how IT serves business operations

42

Benefit: Sustainability & Green Government

White House

EPA

GSA

43

Source: sustainablevirtualdesign.wordpress.com

Why is the cloud more energy efficient?

44

Knowledge Check #1

• Cloud Computing = think of a SERVICE– It’s not a product– It’s not a system in the traditional sense• We are not buying hardware or software licenses

– It’s not a network, it’s not pipes, or real clouds, or furry animals!

– If you are unsure whether something is or is not based in the cloud, just see if it possesses the characteristics

HOW CLOUD COMPUTING WORKSBehind the scenes

46

Cloud model is composed of

• 5 essential characteristics• 3 service delivery models• 4 deployment models

Source: The NIST Definition of Cloud Computing

47

5 Cloud computing characteristics

1. On-demand self-service2. Broad network access3. Resource pooling4. Rapid elasticity5. Measured service

Source: The NIST Definition of Cloud Computing

48

Cloud computing is defined by 5 characteristics

Sources: NIST; Forrester; A.T. Kearny analysis

49Source: business2community.com

50

3 Cloud service delivery models

• System administrator• Provisions processing,

storage, networks, and other fundamental computing resources

• Able to deploy and run arbitrary software, which can include operating systems and applications

• Software developer:• Deploys custom or

acquired applications• Has control over the

deployed applications and possibly configuration settings for the application-hosting environment

• Does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage

Infrastructure as a Service (IaaS)

Platform as a Service (PaaS)

Software as a Service (SaaS)

•End-user:• Accesses and works on

applications• Able to configure

application-specific settings

• Does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage

Source: The NIST Definition of Cloud Computing

51

3 Cloud service delivery models (by roles)

52

Level of control and responsibility by cloud service delivery models

53

Risk-based view of Control/Responsibilityin Cloud service delivery models

Source: Enterprise Risk Management for Cloud Computing (COSO/Crowe Horwath LLP)

54

Service Example Cloud Delivery Model

Web applications such as: MyTSA, Gmail, Hotmail, Facebook, Google

Maps, Bing, Yahoo!A Pentium Xeon processor, with 16 gigabyte RAM, 2 terabyte hard disk, connected to a fiber-optic network

connection.A custom DHS online application and

its data stored in a database.Full control of all IT resources

including, servers, storage, networking, operating system, data

and applications.

SaaS

IaaS

PaaS

Traditional IT

Knowledge Check #2: Identify cloud service delivery model

55

Commercial PaaS offerings

• There are quite a few cloud service platforms available, but some of the most notable ones are– Windows Azure Cloud Services– Amazon Elastic Compute Cloud (Amazon EC2)– Google Cloud Platform

• Purchasing cloud services from these platforms, is like online shopping

• Pick the right mix of options for your needs, and start using immediately– No more spending weeks or months, for hardware to arrive, then

spending time and effort installing software and configuring everything

56

4 Cloud deployment models

• Private Cloud– Operated solely for an organization– May be managed by the organization or a 3rd

party (cloud service provider) and may exist on premise or off premise

• Community Cloud– Same as private cloud, except;– Shared by several organizations and supports a

specific community that has shared concerns (e.g., mission, security

– requirements, policy, and compliance considerations).

– may be managed by the organizations or a third party cloud service provider

– May exist on premise or off premiseSource: NIST; DHS CIO

57

4 Cloud deployment models (continued)

• Public Cloud– Made available to the general public (or a

large industry group)– Owned by a cloud service provider (usually

commercial)

• Hybrid Cloud– Composition of two or more clouds

(private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds)

Source: NIST; DHS CIO

58

Challenge/Risk: Security

• Myth: Cloud computing is not secure!• Security is probably the most discussed topic about the cloud, especially

for enterprise IT• Organizations want to leverage cloud benefits, but worried about their

data which sometimes is their biggest asset• Security risks in the cloud are pretty much the same as in your own

data-center• Serious efforts to secure systems is necessary regardless of the fact if its in

the cloud or on premises• Cloud providers continuously improve their security which probably

means that your data center actually might be less secured• Obviously, private cloud should be used for information requiring

increased protection and public information is best suited for public cloud

Source: ELEKS R&D

59

Cloud Security: Federal Government• FedRAMP Program

– Provides a common security risk model that supplies a consistent baseline for cloud-based services, including security accreditation (C&A) designed to vet providers and services for reuse across government

– Applies to both private and public cloud offerings

– Agencies can award contracts to already vetted providers

– Latest update: First few ATO’s to providers authorized; more to follow

60

Availability and Reliability

• Myth: Cloud servers can be often down!• Reliability can be an issue without redundancy• Easily solved by purchasing optional geographical redundancy• Amazon recommends to use it in case you want to deliver reliable

service. – Easy to build reliable application hosted in the cloud – Not a vendor problem if people don't do it– SLA is still 99.95% or close

• Same issue with traditional data center, if it goes down, it’s unavailable.– Imagine some failure happening in your data-center– With cloud you have a mirror setup – Hard to do have the same within your own data-center (unless you build two

of them)

Source: ELEKS R&D

61

Performance

• Myth: Cloud computing is slower than traditional servers

• Cloud providers use hardware virtualization which means that for most operations they have the same performance as bare metal appliances– Caveat: I/O latency is higher, but it matters only for high

performance computing apps, not for most regular business software

– Caveat: Some legacy apps could be slower after migration to the cloud• Relatively easy to get good enough performance in the cloud if you think

about it from the very beginning; it’s a matter of system architecture

62

Virtualization is a key enabler of cloud computing

63

More details on Virtualization

• Masking of server resources, including the number and identity of individual physical servers, processors, and operating systems, from server users

• Server administrator uses a software application to divide one physical server into multiple isolated virtual environments– Commonly known as virtual machines or virtual private servers– Sometimes also called as guests, instances, containers or

emulations• Virtualization is one of the few enabling technologies for

cloud computing, not cloud computing itself!– Cloud computing is a model encompassing the 5 characteristics

64

What are Virtual Machines?

• An abstract computer within a physical computer

• The point is to have multiple virtual machines within a physical server to gain efficiencies and other benefits

65 Source: Gartner

66 Source: Novell; IDC; Gartner

CLOUD COMPUTING WITHIN DHSCloser to home

68

DHS Private Cloud

• DHS has an aggressive commitment towards adapting and embracing cloud computing

• DHS is pursuing 9 current and planned private cloud services

• Private cloud for sensitive but unclassified information

• Public cloud for non-sensitive information

69

DHS Private Cloud (continued)

• "Given DHS's mission, we believe a robust private cloud solution will always be needed for DHS's most sensitive applications and data”

- DHS CIO, Richard SpiresOctober, 2011

70

DHS Cloud Services Categorization

71

DHS Private Cloud

• Email as a Service (EaaS):– Provides a single, enterprise-wide email and calendar infrastructure

that is efficient, secure, and less expensive than maintaining, staffing, and managing multiple environments

– Provides a unified, dependable service that is governed by the Department’s high security standards, including vulnerability analysis, routine vulnerability scanning, patching, and audit support

– Users are authenticated against either their Component-specific Active Directory (AD) domain or their Enterprise Authentication Service (AppAuth) unit for secure, single sign-on access (SSO)

– Components can apply appropriate identity and password policies in their AD. EaaS is a redundant service and removes risk of single points of failure

– Latest update: More than 100,000 users in production

72

DHS Private Cloud (continued)

• SharePoint as a Service (SHPTaaS):– Provides a secure Microsoft SharePoint Server hosted

environment, including tools and services to help DHS users manage information, effectively collaborate, and enhance personal productivity

– Users are able to easily create and manage collaboration, intranet publishing, and basic and custom team and project focused site collections

– Provides the Department’s daily operational needs and supports surge capabilities during national emergencies

– Latest update: 33,000 users on service; HQ, USCIS, CBP completing contract

73

DHS Private Cloud (continued)

• Development and Test as a Service (DTaaS):– Provides a secure development, test, and pre-production

environment that mirrors the production environment, while reducing reserve capacity by sharing infrastructure assets

– Not only provides a simple path to transition from project development to implementation, but also accelerates delivery

– Offers state-of-the-art processes and applications that optimize hardware and software usage

– Shortens time to market, delivers cost savings, and is offered under both private and public cloud deployment models

– Latest update: HQs, TSA, USCIS in operation; rolling to more components

74

DHS Private Cloud (continued)

• Production as a Service (PRDaaS)*:– Provides customers with uniform, cost-effective operating systems

with a security authorization process– Pre-provisioned infrastructure maximizes the effectiveness of best-of-

breed software and hardware– Provides rapid provisioning of a secure virtual operating environment

that furnishes robust hosting services for applications and services, including operating systems, network, and storage consistent with new industry standards and Department-approved technology

– Servers are provisioned in less than a week. This service is offered under both private and public cloud deployment models

– Latest update: pilots in progress for HQ applications; seed money in place for most components

* Basically IaaS with a different name

75

DHS Private Cloud (continued)

• WorkPlace as a Service (WPaaS):– Provides users with secure virtual access to

desktop operating systems and applications anywhere in the world

– Virtual computing replaces traditional desktops and laptops to provide secure access to the DHS information and applications on almost any computer, anywhere – including mobile devices

– Latest update: Current pilots with HQ, FLETC and USCIS

76

DHS Private Cloud (continued)

• Project Server as a Service (PSaaS):– An online project management software that

offers a single-stop website to consolidate projects and gives Components visibility into all requirements

– Provides integration with Microsoft SharePoint 2010 and resource maximization capabilities

– Latest update: HQ, USCIS, CBP, USCG are in live production

77

DHS Private Cloud (continued)

• Authentication as a Service (AuthaaS):– Application Developers and Application Owners can enable

SSO functionality for customers through the use of Authentication as a Service (AUTHaaS)

– Delivers 2-factor authentication and SSO capabilities to the end user community at no charge

– Latest update: Implementing ADFS 2.0 for internal and external requirements; implementing Kerberos, a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography; more than 100 applications; ISAs for HQs and ICE in coordination; ESSA in works

78

DHS Private Cloud (continued)

• Case and Relationship Management as a Service (CRMaaS):– Allows users to manage customer relationships on many

levels– Information regarding interactions with customers is available

throughout the organization, and enables users to make informed decisions and facilitates customer follow-up

– Data concerning interactions with customers is centralized and the information needed for customer service made readily available

– Users can make real-time updates – Latest updates: 5 customers are in live production

79

DHS Private Cloud (continued)• Business Intelligence as a Service (BIaaS):

– Initial capability was piloted from March 2011 through FY12– DHS will leverage this offering to enhance transparency into

departmental programming and expenditures– By the end of FY12, we expect the department will have visibility to

information sources across the investment lifecycle, including IT, financial, human resources, asset management, and other

– information sources– Based on the successful pilot and maturing offerings in service, the– department will look to move to a full Business Intelligence as a Service

offering in FY13– Latest update: Managed Service available across CXOs; ICE, CHCO looking

to leverage service; in production supporting USM, most components

80

DHS Public Cloud

• Enterprise Content Delivery as a Service (ECDaaS):– Ensure its public-facing websites are always available (even

during surges and emergencies)– Used extensively by the private sector, DHS adopted ECDaaS

to protect against denial of service attacks, help manage surge requirements, and significantly reduce hosting costs

– Proved invaluable during the July 4, 2009, denial of service attack on multiple federal Web sites

– Latest update: Operational and rolling to more components; new contract awarded for service and 70% of DHS public facing websites using service

81

DHS Public Cloud (Continued)• Web Content Management as a Service (WCMaaS)*:

– Leverage open source software hosted in the public cloud and consolidate all public facing DHS Web sites

– Based on the Drupal Content Management System, an industry leading open source technology, this solution provides new and innovative capabilities, delivering improved citizen-centric capabilities while ensuring the adoption of solid Content Management System (CMS) services that support timely Web maintenance as well as increased capabilities for accurate content updates

– Provides an integrated platform, multiple environments (staging and production), and a solution stack for content management and hosting for public-facing websites

– Latest update: DHS.gov, TSA.gov, FEMA.gov, Ready.gov operational; six other sites committed to migrate.

* Also known as Web Content Management as a Service

82

Federal Cloud Computing Strategy

• Further Reading:– Link

• Also check out: “25 Point Implementation Plan To Reform Federal Information Technology Management”

• Link

83

DHS Cloud Strategic Plan 2012-2016

• Further Reading:– Link

• Also check out “DHS IT Services Catalog” site

• Link

Thank you!

syed.azeem@tsa.dhs.gov703-635-3558