cloud computing and innovations

Cloud computing and innovations

Magesh Parthasarathy

Industry Standards Organization• National Institute of Standards and Technology (NIST)• Cloud Security Alliance (CSA)• Distributed Management Task Force (DMTF)• Storage Networking Industry Association (SNIA)• Organization for the Advancement of Structured Information Standards

(OASIS)• The Open Group• Open Cloud Consortium (OCC)• European Telecommunication Standards Institute (ETSI)• Telecommunication Industry Alliance (TIA)• Liberty Alliance• Open Grid Forum (OGF)

Network Connectivity

Data centerService

Provider network

Residential

customers

Enterprise customers

Wireless customers

Data center networks• Web servers• Email servers• Database servers• App servers• DNS servers• Load balancers• Firewalls• Network Intrusion detection/Prevention devices• Web accelerators• Offload engines• Switches• Routers• Wan optimization appliances• Storage servers• ToR switches• Application delivery controllers• VPN gateways• Authentication, Authorization and Accounting servers• Radius servers• NAS devices• SAN devices

Cloud ProviderNIST Reference architecture

Cloud Auditor

Performance audit

Privacy impact audit

Security Audit

Cloud Consumer

Service Orchestration

Physical Resource layer

Facility

Hardware

Resource Abstraction and control layer

Service layer

PaaS

SaaS

IaaS

Cloud service

management

Business Support

Provisioning/

Configuration

Portability /Interoperab

ility

SECU

RITY

PRIV

ACY

Cloud Broker

Service Intermedia

tion

Service Aggregation

Service Arbitrage

CLOUD CARRIER

Actors in Cloud Computing Actor Definition

Cloud Consumer A person or organization that maintains a business relationship with, and uses service from, Cloud Providers.

Cloud Provider A person, organization, or entity responsible for making a service available to interested parties.

Cloud Auditor A party that can conduct independent assessment of cloud services, information system operations, performance and security of the cloud implementation.

Cloud Broker An entity that manages the use, performance and delivery of cloud services, and negotiates relationships between Cloud Providers and Cloud Consumers.

Cloud Carrier An intermediary that provides connectivity and transport of cloud services from Cloud Providers to Cloud Consumers.

Business Support• Business Support entails the set of business-related services dealing with clients

and supporting processes. It includes the components used to run business operations that are client-facing.

• Customer management: Manage customer accounts, open/close/terminate accounts, manage user profiles, manage customer relationships by providing points-of-contact and resolving customer issues and problems, etc.

• Contract management: Manage service contracts, setup/negotiate/close/terminate contract, etc.

• Inventory Management: Set up and manage service catalogs, etc. • Accounting and Billing: Manage customer billing information, send billing

statements, process received payments, track invoices, etc. • Reporting and Auditing: Monitor user operations, generate reports, etc. • Pricing and Rating: Evaluate cloud services and determine prices, handle

promotions and pricing rules based on a user's profile, etc.

Provisioning and Configuration

• Rapid provisioning: Automatically deploying cloud systems based on the requested service/resources/capabilities.

• Resource changing: Adjusting configuration/resource assignment for repairs, upgrades and joining new nodes into the cloud.

• Monitoring and Reporting: Discovering and monitoring virtual resources, monitoring cloud operations and events and generating performance reports.

• Metering: Providing a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts).

• SLA management: Encompassing the SLA contract definition (basic schema with the QoS parameters), SLA monitoring and SLA enforcement according to defined policies.

Service deployment

• Public cloud• Private cloud• Hybrid cloud

Example services available to a cloud consumer

SaaS consum

er

Billing

Sales

CRM

ERP

Human Resources

Social networks

Financials

collaboration

Content managemen

t

Document managemen

t

Email and office

productivity

Example services available to a cloud consumer

PaaS consum

er

Business Intelligence

Development and testing

Database

Application Deployment

Integration

IaaS consum

er

Storage

CDN

Backup recovery

Services managemen

t

Platform

Hosting

Service Oriented Architecture

• Service consumer• Service Provider• SOAP/REST/XML/JSON messaging• WSDL and UDDI specifications for web

services

Regulatory compliances for clouds

• GLBA – Gramm Leach Bliley Act of 1999 also known as Financial Services Modernization Act of 1999

• HIPAA – Health Insurance Portability and Accountability Act of 1996

• HITECH – Health Information Technology for Economic and Clinical Health Act

• PCI-DSS – Payment card industry – Data security standards

• SOX – Sarbanes Oxley Act• ECPA – Electronics Communication Privacy Act

Certifications in cloud computing

• ISO 9000 certifications• ISO 27000 certifications• CMMI certifications

Cloud Audit Framework

• SysTrust• WebTrust• SAS 70 Reports

Cloud networking

• Fiber channel over ethernet (FCOE)• RapidIO• Infiniband• HyperTransport• 40Gb/100Gb ethernet ports• Q-in-Q• MPLS, GMPLS• RSTP• VxLAN• TRILL• NVGRE• Vswitch• ToR switch• EoR switch• Aggregation switch• Core switch

Server

Vswitch

VSwitch

VM1 VM2 VMn

Network Interface

Hypervisor

In a virtualized server, the hypervisor configures and maintains the VMs and vSwitch

ToR Switch

ToR Switch ToR Switch

Server Rack

ToR Switch

Server Rack Server Rack

Aggregation Switch

To core switch

Optics

48 10GbE server ports + 4 40GbE optical uplink ports

Virtualization

• Server Virtualization• Network Function Virtualization• Network Virtualization

Host Server

Server Virtualization – Vmware Vsphere ESXi and Microsoft Hyper-V

Vswitch

VM1 VM2 VMn

Network Interface Hypervisor

Logical Diagram of a Virtualized server

Network Function Virtualization

V-Switch Hypervisor

VM1 VM2 VM3

Firewall Load Balancer

Intrusion detection

Specialized processing cards

Standard high performance server

Moving network functions to standard server platforms.

Network Virtualization

• VxLAN• NVGRE

• IETF standards

Software defined datacenters

• virtualization• Software defined networks• Software defined storage

Software defined networks

Orchestration layer

Open VM controller

Open Storage

Controller

Open network

controller

TOR switch

Storage

Servers

AppApp App App App

Simplified view of software defined data center

OpenStack Operating system

OpenStack• Free open source Linux based controller software that provides orchestration layer for

cloud data centers.• Openstack has dashboard called Horizon through which administrators can control all

aspects of data center operation• Nova – plugin to manage pool of server resources.It can also be used to manage and

configure virtual machines and has support support for several hypervisors including vmware vsphere and Microsoft Hyper-V.

• Swift – plugin supporting object storage which allows objects to be stored across multiple servers ( data replication to insure data integrity in case of server or hard drive failure) in the data center

• Cinder – plugin that provides block storage capabilities .It manages creation,attachment and detachment of block storage devices to servers for performance sensitive applications.

• Neutron – plugin for managing data center networking functions.It provides a framework for providing various functions such as server load balancing, firewalls and intrusion detection.

OpenFlow SDN controller and protocol

• Open networking Foundation generates OpenFlow specifications

OpenFlow Controller ( centralized control plane)

Switch

Forwarding Table

Switch

Forwarding Table

From Orchestration layer

OpenFlow API

OpenFlow API

Cloud security• Cybersecurity• Privacy• Hacking • Denial of service attacks• Network security• Application security• Nessus vulnerabilities• Penetration testing• Keyloggers, rootkits,bots, botnets, viruses• Syslogs• Identity management• Authentication and Authorization• NTLM, Kerberos• Single Sign On• Metasploit• Smartphone PenTest Frame work

Internet of Things• M2M communications• ITU standards• 6LoPWAN• IEEE standards• LoRA alliance, Industrial Internet Consortium, IPSO Alliance• Sensors/IoT gateways/uIP stack• Edge computing/analytics• MQTT, COAP protocols• Smart City, Smart grid, Smart metering, Connected Vehicle,

Fleet management, Water and sewage disposal, Traffic control

Fog computing

• Edge computing• Grid computing

Big data analytics

• Apache software foundation• Hadoop / MapReduce Technique

Artificial intelligence

• Video analytics• Text analytics• Deep science• Machine learning