Cloud Computing Basics
Cloud Computing Basics
This is an eBook with a clickable index. Best viewed on your computer. Please do not print it.
COPYRIGHT DISCLAIMER This is an internal document that has no commercial value, and is not intended for sale or promotion. No originality is claimed. The content was developed based on information commonly available in the academic and public domain. A few specific sources have been acknowledged, where applicable. Some of the images have been obtained from the Internet. Items that are posted in the public domain without any copyright notice, require no permission. Other items are obtained under the creative commons license framework that allows free distribution of public images that are not otherwise copyrighted. All possible care has been taken to avoid copyrighted material. Any errors or oversights are exclusively those of the author, and not a liability of ArcelorMittal; and complaints should be addressed to: Probal DasGupta, Email: dasgupta.probal@gmail.com, Phone: +352-661-602-711 or +1-516 -690-6844. ArcelorMittal University, IT Academy
Page 1
Cloud Computing Basics
Click here
Catalog
Readers’ Guide ……………………………………………………………………………………………………………………………………………………. 5 THE BASICS What is Cloud …………………………………………………………………………………………………………………………………………………….. Popular description ……………………………………………………………………………………………………………………………….. Technical description …………………………………………………………………………………………………………………………….. Definition …………………………………………………………………………………………………………………………………………………………... History of Cloud Computing ……………………………………………………………………………………………………………………………….. A Game Changer ………………………………………………………………………………………………………………………………………………… Commoditization of I.T. infrastructure ………………………………………………………………………………………………….. Democratization of Computing ……………………………………………………………………………………………………………... Empowerment of the Small Company ……………………………………………………………………………………………………. Unprecedented Business Agility …………………………………………………………………………………………………………….. Some useful Cloud Solutions ………………………………………………………………………………………………………………………………. Popular applications offered as a service ………………………………………………………………………………………………. Virtual servers as a service ……………………………………………………………………………………………………………………. Desktop as a service ………………………………………………..……………………………………………………………………………. Virtual sandboxes as a service …….………………………………………………………………………………………………………... File storage as a service …………………………………………………………………………………………………………………………. Disaster recovery as a service ……………………………………………………………………………………………………………….. Emails and Office 365 in the Cloud ………………………………………………………………………………………………………... Big Data Analytics in the Cloud ………………………………………………………………………………….………………………….. Industrial Internet ……………………………………………………………………………………………………………… ………………….
6-8 6 7 9 10 12-14 12 12 13 14 15-25 15 17 18 19 19 20 22 23 24
THE BUSINESS PERSPECTIVE Benefits of the Cloud …………………………………………………………………………………………………………………………………………. Market Competitiveness ……………………………………………………………………………………………………………………….. Financial Advantages …………………………………………………………………………………………………………………………….. Operational Advantages ……………………………………………………………………………………………………………………….. Value to Stockholder …………………………………………………………………………………………………………………………….. Barriers to Cloud Adoption ………………………………………………………………………………………………………………………………… Fear of the Unknown …………………………………………………………………………………………………………………………….. Fear of Losing Control ……………………………………………………………………………………………………………………………. Fear of Data Theft and Loss ……………………………………………………………………………………………………………………. Lack of Availability ………………………………………………………………………………………………………………………………… Response Time and Performance Reliability ………………………………………………………………………………………….. The “NIH” Syndrome …………………………………………………………………………………………………………………………….. Point of No Return ………………………………………………………………………………………………………………………………… Vendor lock-in ………………………………………………………………………………………………………………………………………. Lack of Support for Existing Hardware Platform ……………………………………………………………………………………. Threat of Government Snooping …………………………………………………………………………………………………………..
26-28 26 27 28 28 30-33 30 30 31 31 31 32 32 32 33 33
THE TECHNICAL PERSPECTIVE Key characteristics of the Cloud ………………………………………………………………………………………………………………………… 35-39 Understanding Resource Pooling ………………………………………………………………………………………………………….. 35 ArcelorMittal University, IT Academy
Page 2
Cloud Computing Basics
Understanding Elasticity ……………………………………………………………………………………………………………………….. Understanding Broad Network Access ………………………………………………………………………………………………….. Understanding On-demand Self Service ………………………………………………………………………………………………… Understanding Metered Use …………………………………………………………………………………………………………………. Enabling Technologies ……………………………………………………………………………………………………………………………………….. Understanding the Internet …………………………………………………………………………………………………………………… Understanding Web Technology …………………………………………………………………………………………………………… Understanding Data Centers …………………………………………………………………………………………………………………. Understanding Virtualization ………………………………………………………………………………………………………………… Understanding Hypervisor ……………………………………………………………………………………………………………………. Understanding Multi-tenancy ………………………………………………………………………………………………………………. Understanding Service Model ………………………………………………………………………………………………………………. Cloud Service Models ……………………………………………………………………………………………………………………………………….. IaaS: Infrastructure as a Service ……………………………………………………………………………………………………………. PaaS: Platform as a Service ……………………………………………………………………………………………………………………. SaaS: Software as a Service …………………………………………………………………………………………………………………… Cloud Deployment Models ……………………………………………………………………………………………………………………………….. Public Cloud ………………………………………………………………………………………………………………………………………….. Community Cloud …………………………………………………………………………………………………………………………………. Private Cloud ………………………………………………………………………………………………………………………………………… Hybrid Cloud …………………………………………………………………………………………………………………………………………. Virtual Private Cloud ……………………………………………………………………………………………………………………………… Risks and challenges in the Cloud ………………………………………………………………………………………………………………………. Understanding Security ………………………………………………………………………………………………………………………… Understanding Security Mechanisms ……………………………………………………………………………………………………. Understanding IAM (Identity and Access Management) ……………………………………………………………………….. Understanding Presence ……………………………………………………………………………………………………………………….. Understanding Privacy ………………………………………………………………………………………………………………………….. Cloud Architecture …………….………………………………………………………………………………………………………………………………. Workload Distribution Architecture ……………………………………………………………………………………………………… Dynamic Scalability Architecture ………..…………………………………………………………………………………………………. Elastic Resource Capacity Architecture …………………………..…………………………………………………………………….. Cloud Bursting Architecture ………………………………………………………………………………………………………………….. Hypervisor Clustering Architecture ………………………………………………………………………………………………………..
36 37 38 39 40-59 40 45 47 51 56 56 58 60-62 60 61 62 63-66 63 63 64 64 66 68-82 68 74 77 79 81 83-86 83 84 85 85 86
EPILOGUE The Current State of the Cloud …………….…………………………………………………………………………………………………………... Software Defined Data Center ……….………………………………………………………………………………………………………………….. Software Defined Storage ……………………………………………………………………………………………………………………... Software Defined Networking ……………………………………………………………………………………………………………….. Virtualized Data Center …………………...……………………………………………………………………………………………………. The Social Impact of the Cloud …………….…………………………………………………………………………………………………………… One CIO’s Journey to the Cloud …………….……………….……………………………………………………………………………..………….. Journey to the Cloud …………………………………………………………………………………………………………………………….. A CIO Learns how to navigate between the Cloud and a legacy system ………………………………………………... Obsolete already …………….………………………………...……………………………………………………………………………………………….
87 90-95 90 93 95 96 97-99 97 98 100
ArcelorMittal University, IT Academy
Page 3
Cloud Computing Basics
“
The Cloud was imagined by JCR Licklider as early as 1962. He convinced the U.S. Department of Defense to invest in technologies that ultimately gave rise to the Internet and the Cloud.”
“
Instagram, an unknown small business in the Silicon Valley, U.S. launched in 2010, grew from 0 users to 14 million users in just one year without any capital investment in Servers, by using the Amazon Cloud. When Instagram was bought by Facebook in April 2012 — just two years later — for USD 1 billion, it was still a small business with only 13 employees.”
The Cloud: A supercomputer at our disposal
“
As with any change, the common reaction is fear of the unknown, fear of losing control, and fear of being left out. Therefore, the Cloud unsettles many people.”
ArcelorMittal University, IT Academy
“
In future the Cloud… will become our personal assistant whom we will ask questions like “What do you suggest I do this evening?”
Page 4
Cloud Computing Basics
Readers’
Guide
Dear Reader, If you are short of time, just read THE BASICS and the EPILOGUE; and, treat the rest of the eBook as a reference, and keep returning to it whenever you have a question. How to navigate this eBook? How to participate? You can click the little colored square beside each chapter name in the Catalog to jump directly to that topic.
You can click this icon located in the header area at the top of every page to return to the Catalog. This eBook is intended to be published online as a fully featured and cross-referenced eBook, with a discussion forum. This static eBook already provides a mechanism for your comments on every page via this icon: Your remarks will — first of all — assist us in correcting errors and in enriching the content; and, the relevant ones are intended to be imported into the Discussion Forum of the online eBook that is the future of this static version.
Purpose. The eBook has been developed as a non-technical introduction to the Cloud for anyone interested in the subject. The purpose is to demystify the Cloud, and encourage the reader to adopt the Cloud from an informed perspective, aware of both the benefits and the risks.. I thank the IT Academy for giving me the opportunity to develop this eBook. Hope you have a fruitful experience. Sincerely, Probal DASGUPTA Cloud Mentor - Cloud Center of Excellence
probal.dasgupta@arcelormittal.com +352-661-602-711 September 14, 2015
Click here
Some Interesting Topics
What is Cloud … 6 A Game Changer … 12 Benefits of the Cloud … 26 Understanding Elasticity … 36 Understanding Virtualization … 51 ArcelorMittal University, IT Academy
Understanding Service Model … 58 Cloud Service Models (IaaS, PaaS, SaaS) … 60 Public Cloud, Private Cloud, Hybrid Cloud … 63 Risks and Challenges in the Cloud … 68 The Current State of the Cloud ... 87 Page 5
Cloud Computing Basics
The Basics WHAT IS CLOUD? POPULAR DESCRIPTION We have electricity delivered to our homes by the local power generation or distribution company of our choice. We switch on lights, air conditioners, heating systems, microwave ovens, refrigerators, washing machines, computers, TVs, and other home appliances whenever we require them. We switch them off when our need is fulfilled. When we want to buy the next curved 4K TV, we will just go to the store and bring it home – we don’t have to inform our power company about it. When we go on vacation we switch off everything except the bare essentials, and fly off or drive off to the beach, ski-slope, theme park, quiet countryside or bustling megacity of our choice; we don’t have to petition our power company not to charge us for the electricity that we are not going to use. When we return, the whole house is instantly ablaze with lights, noise and action. The power company is never involved in our day to day lives. We might not even know – and might not care – where the power is coming from; whether the source is oil, hydro, nuclear, solar or wind. We take power for granted. We use it as we like. As far as we are concerned, we have virtually unlimited power coming out of the power sockets. That is our humdrum world of electrical power as we know it today.
FIGURE B.01
Now let us consider an analogous situation pertaining to computing power, instead of electricity. Let us imagine a world where virtually unlimited computing power is delivered to us wirelessly everywhere. Instead of spending thousands of dollars on expensive laptops, buy inexpensive Internet devices that connect us to the Internet, because all the power is concentrated somewhere inside the Internet – we no longer need powerful laptops. We can use a slider (or similar) control to instantly demand more power when we need it, and our Internet device can promptly become as powerful as the latest Mac or Windows or Linux machine. We no longer spend hundreds of thousands of dollars or Euros to stock our data center with mega-servers. We don’t even know exactly where our data center is, but we know that our applications are hosted there and can support 1 user or 100,000 simultaneous users with the same speed. When we need to deploy a new application, we just click a button to deploy it, without hesitating FIGURE B.02 a single second to consider what computing power the application might need, or whether it will support 10 users or 10,000, or whether it will need 100 GB or 100 TB storage. We are freed from capacity planning forever. We are freed from performance issues. We are liberated from the unpleasant task of convincing the Management with a real or imaginary ROI for new applications; we just get a small operational budget approved and deploy the application we need without a second thought. If the users don’t use the application, little cost ensues. Whereas if the users enthusiastically start using the application because it makes their work easier, faster, more accurate or otherwise more pleasant, then the company benefits from higher productivity and will be happy to pay for the use of the application. If we want a new server to test an idea, we get it deployed on the Internet in just as much time as it takes to finalize its configuration; and then it is ours to play with, until we ArcelorMittal University, IT Academy
Page 6
Cloud Computing Basics
are satisfied, and decide to delete the server. All charges are metered by usage, not by allocation. We might ask for a 96 GB Server, but if we ended up using only 8 GB of memory, we would be charged only for 8 GB. Operating within a framework of organizational, departmental workgroup and individual budgets, this world of total computing freedom would be protected from runaway spending. That is the world of Cloud Computing that is fast descending on us. Note that we said “fast descending”, because this scenario is not yet fully implemented as of 2015. However, depending in which part of the world we live in, some of us should start living in exactly this world within a matter of years.
TECHNICAL DESCRIPTION SERVER FARM. The Cloud technology is usually delivered from huge data centers hosting large Server Farms (as shown in Figures B.03 and B.04), which are clusters of hundreds and thousands of servers. Each of these servers have Memory, Computing Power (quad core, i7, etc.), Networking capability and — potentially — Storage Capacity. All these individual FIGURE B.03
resources of the Servers in a server farm are combined together into one mammoth Shareable Resource Pool on which a Cloud is established. MEMORY. In simple math, if each server in a 1,000 server strong farm had 96 GB Memory (RAM) each, and if a single Cloud were established on this farm, then the resultant Cloud would have a total shareable memory (RAM) of 96,000 GB. FIGURE B.04
The sum total of the other resources, similarly, would define the maximum size of those shareable resources in the pool. COMPUTE POWER. All CPUs would, for instance, be totaled and referred to as “Virtual CPUs” or “Compute Engine Units”, or often simply “v-core”. Technically, a virtual CPU might be implemented as a single hardware hyper-thread on a 2.6GHz Intel Xeon E5, but details such as these are beyond the scope of this eBook. STORAGE SPACE. All the storage devices attached to each Server in the farm would be similarly totaled to define the maximum shareable storage space of the Cloud. In reality, separate storage devices — like Storage Arrays, NAS (Network Attached Storage) or SAN (Storage Area Network). The sum total of these devices in the server farm would constitute the total storage available to users of that Cloud. Figure B.05 shows a typical data center cabinet in which storage units are installed. FIGURE B.05 VIRTUAL MACHINES. The Cloud provides the space to create Virtual Machines, which could be Virtual Servers, Virtual Desktops, Virtual Storage and other virtual devices such as routers and switches. A virtual machine, by definition, is not a real physical machine, but ArcelorMittal University, IT Academy
Page 7
Cloud Computing Basics
behaves exactly like one. If we bought a server from DELL of a certain configuration, that would be a physical machine we would install in our Computer Room or Data Center. If we bought a Virtual Server in the Cloud of an identical configuration, the only difference would be that the Virtual Server would not be a physical machine that we could touch and feel. In every other respect, the Virtual Server and the Actual Server would serve the exact same purpose (whatever be it that we wanted to do with it), and behave in an identical manner. For instance, we could host the same SAP Application on the Physical Server and on the Virtual Server, and if we connected to these applications from our desktop or laptop computer, we would not be able to tell the difference. The SAP developers sitting in another building could be connected to the physical and the virtual servers alternately, and would not be able to tell which was the real physical machine. ELASTICITY. One huge difference between the physical server and the virtual server would be the latter’s scalability or elasticity. Like the rubber band in Figure B.06 which expands when pull is applied and shrinks when pull is released, the virtual server would have the ability to grow and shrink on demand — instantaneously. This would help ensure at least two goals:
FIGURE B.06
1. The application running on the virtual server would always have the memory and the CPU power it would need to perform at an optimum level. 2. The virtual server would, potentially, utilize only the resources it needed at any point of time, and not hold up unnecessary resources. The physical server, on the other hand, would always have the exact same amount of Memory (RAM), CPU power, and so on regardless of whether the application running on it was utilizing all of it or only 10% of the total resources. To be factually accurate, it could be argued that the physical server could also be made to grow and shrink by inserting or removing chips from or into it, but such growth and shrinkage would be very time consuming, and would not happen dynamically — on-the-fly, on demand. CREATE/DELETE. Another huge difference between the physical server and the virtual server would be that once we bought the server from DELL, we would not be able to return the server whenever we pleased. But the virtual server, on the other hand, could be totally deleted (de-provisioned) on demand, whenever we did not need it. METERED USAGE: PAY PER CONSUMPTION MODEL. Whereas we would have paid in full for the physical server from DELL right upfront, in case of the virtual server, we would pay only for whatever resources (i.e., RAM, CPU, storage, etc.) we actually consumed. So, potentially, with the right Cloud provider, we could be billed for actual resources consumed per minute just like our utility FIGURE B.07 (power, telecom) bill. Figure B.07 is indicative of what a Cloud meter might look like. Some of us who currently utilize Cloud services will immediately recognize that this is probably not how we are currently billed, because most so-called Cloud services are billed per allocation. For instance, even if we paid for 200 GB disk space on DropBox, our actual utilization could be 100 GB. But that is not how the Cloud is supposed to be billed, and the industry will, in course of time, be compelled to align itself with the pay -per-consumption model because of market pressure. HYPERVISOR: A hypervisor or virtual machine monitor (VMM) is a piece of computer software that creates and runs virtual machines. The characteristics of the hypervisor goes a long way towards defining the characteristics of the Cloud itself. For instance, a hypervisor capable of vertical auto-scaling is required for realizing the true promise of a selfscaling virtual machine; but, most hypervisors commercially available today do not have this feature. A relatively unknown company called ESDS in India released the first such hypervisor in the world in 2011, called eNlight. ArcelorMittal University, IT Academy
Page 8
Cloud Computing Basics
DEFINITION WIKIPEDIA The Wikipedia states, not very lucidly, what is Cloud Computing. (We still mention it, because the Wikipedia is often the first source we refer when hunting for definitions and explanations.)
“Cloud computing relies on sharing of resources to achieve coherence and economies of scale, similar to a utility (like the electricity grid) over a network. At the foundation of cloud computing is the broader concept of converged infrastructure and shared services. Cloud computing, or in simpler shorthand just "the cloud", also focuses on maximizing the effectiveness of the shared resources. Cloud resources are usually not only shared by multiple users but are also dynamically reallocated per demand. This can work for allocating resources to users. For example, a cloud computer facility that serves European users during European business hours with a specific application (e.g., email) may reallocate the same resources to serve North American users during North America's business hours FIGURE B.11 with a different application (e.g., a web server). This approach should maximize the use of computing power thus reducing environmental damage as well since less power, air conditioning, rack space, etc. are required for a variety of functions. With cloud computing, multiple users can access a single server to retrieve and update their data without purchasing licenses for different applications.“
OFFICIAL DEFINITION The industry generally accepts the Cloud definition by the Institute of Standards and Technology (NIST), United States Department of Commerce as official. In any event, it is the most commonly quoted one, and thereby the default industry standard.
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” OUR DEFINITION The Cloud is an on-demand, self-serviceable source of computing power established on a server farm that aggregates all available resources (e.g., networks, servers, storage, applications, and services) to provide a huge shareable resource pool, from where resources are dynamically borrowed to create Virtual Machines that appear and behave just like real computers, but with the added advantage of being dynamically elastic, accessible over the Internet, and supporting a utility based metered billing model that charges users only for resources they actually consume. The Cloud derives its name from the Internet, because it delivers all computing power through the Internet.
ArcelorMittal University, IT Academy
Page 9
Cloud Computing Basics
HISTORY OF CLOUD COMPUTING 1961-1962 Considering that Cloud Computing is the latest wave to hit the IT scene, it is surprising to realize that a visionary by the name of JCR Licklider (Figure B.21) had the amazing foresight to imagine such a future paradigm as early as 1962. His vision was for everyone on the globe to be interconnected and accessing programs and data at any site, from anywhere. It was a vision that foretold what has evolved into Cloud Computing today. He demonstrated an amazing prescience repeatedly, and his farFIGURE B.22 sighted ideas outlined many of the features that the Internet offers today, including graphical computing, user-friendly interfaces, digital libraries, ecommerce, online banking, and cloud computing. In 1963, while he was serving as director at the U.S. Department of Defense Advanced Research Projects Agency FIGURE B.21 (ARPA), it was upon Dr. Licklider’s compelling persuasion that the U.S. government established a time-sharing network of computers that ultimately led to the creation of the ARPAnet in 1969, which was the father of the Internet.
FIGURE B.23 ArcelorMittal University, IT Academy
Page 10
Cloud Computing Basics
One of the early visionaries in the cloud concept was also computer scientist John McCarthy (Figure B.22), who is better known for having coined the term AI (Artificial Intelligence) and his subsequent research in the field. In 1961 McCarthy proposed the idea of computation being delivered as a public utility, similar to the service bureaus which date back to the sixties.
1974 Simultaneously, with the gradual evolution of the Mainframe computer that began in the 1950s, multiple users became capable of accessing a central computer through dumb terminals, whose only function was to FIGURE B.24 provide access to the mainframe. This led to the development of the concept of Virtual Machines (VMs) in the 1970s. In particular, the IBM 370 Mainframe used the term for the first time with its VM/370 operating system, which allowed multiple distinct computers (“virtual machines”, akin to what we have defined earlier) to reside in the same physical hardware (the Mainframe), enabling the type of interactions we now call virtualization. This showed companies that they could start adding software applications without actually having to increase their hardware infrastructure, because now they could re-provision the resources they already had inside their Mainframe.
1990s The next use of the term “virtual” probably came from the telecommunication sector. Historically, telecom companies only offered single dedicated point–to-point data connections. In the 1990s, they started offering virtualized private network connections that had the same service quality as their dedicated services at a reduced cost, because instead of building actual physical infrastructure to allow for more users to have their own connections, they started providing users with shared access to the same physical infrastructure. After that events followed in quick succession, as shown in Figure B.23. In these earliest stages, the term “Cloud” was used to represent the computing space between the provider and the end user. In 1997, Professor Ramnath Chellapa (Emory University and the University of South California) defined cloud computing as the new “computing paradigm where the boundaries of computing will be determined by economic rationale rather than technical limits alone.”
FIGURE B.25
1995 Shared Web Hosting hit the market in 1995, followed by dedicated server hosting in 1997, followed in turn by the VPS (Virtual Private Server), which was a true replica of the Cloud Virtual Machine, but in a non-Cloud environment. Figures B.25 and B.26 represents graphics from those times when these were hot topics of debate. It was VMware that led the virtualization revolution, and infrastructure service providers were quick to adopt the technology.
2002-2006 Finally in 2002, a banner year for Cloud Computing, Amazon launched its Cloud services to the public, but only with its release of Elastic Computing in 2006, were the public truly able to rent the modern virtual machines. ArcelorMittal University, IT Academy
FIGURE B.26 Page 11
Cloud Computing Basics
A GAME CHANGER When the horse buggy conceded to cars, the calculator to electronic spreadsheets, and the typewriter to word processors, the world took a giant leap forward and was never the same again. The Cloud ushers in just such a change. Without the Cloud we wouldn’t have heard of DropBox, Netflix, Instagram or a myriad of other tools that define the world we have learned to enjoy. Without the Cloud the IT Department could still tell business that their needs were too expensive, or that they involved complex procurement and provisioning challenges. As with any change, the common reaction is fear of the unknown, fear of losing control, and fear of being left out. Therefore, the Cloud unsettles many people, and the common objection they raise is lack of security, threat of data loss and fear of information leakage. It is the akin to the question that our great-grandparents dealt with: Do we trust the banks to keep our money there? And arguably many might have continued to hoard their cash below the floorboards, under the kitchen sink or behind false walls.
FIGURE B.31
THE CHOICE IS OURS. Do we store our jewels in the perceived safety of our home, or do we trust the bank to store our jewels in a safe deposit box at the bank? Do we store our data on the perceived safety of our hard drive, or do we trust the Cloud provider to store our data in the Cloud? Banks can be robbed, though it is increasingly difficult to do so. Clouds can be violated, though it is increasingly difficult to do so. The choice is ours. REALITY: The entire western world is migrating to the Cloud, because it helps us deal with exploding data volumes, rapid technology obsolescence, limited IT budgets, lack of some of the skills we need, the need to deliver more value to their business at lower cost, and the market demand for an agile enterprise. Those that don’t adjust to this changing world will be left behind. That is the reality.
COMMODITIZATION OF INFRASTRUCTURE ‘Commoditization’ or ‘Consumerization’ refers to the process of:
“
Without the Cloud we wouldn’t have heard of DropBox, Netflix, Instagram or a myriad of other tools that define the world we have learned to enjoy.”
a) Making complex technology so easy to use and so readily available that users no longer require experts to tell them what to buy, because they themselves possess enough knowledge to make those choices. (ABILITY) b) Making the technology affordable for those who need it. (AFFORABILITY)
The Cloud has done just that with I.T. infrastructure by effectively delivering both Ability and Affordability into the hands of the consumer for buying I.T. infrastructure whenever the need arises. Today the average person can independently become a competent user of I.T. Infrastructure in the Cloud delivered as a service (IaaS: Infrastructure as a Service). He or she can choose what servers or desktops or services to deploy, and adjust some simple configuration to meet changing demands. And, equally important, he or she can afford to deploy even a very powerful enterprise-class Server, if needed, on any of the Top 20 Public Clouds.
DEMOCRATIZATION OF COMPUTING The Cloud does not only commoditize I.T. Infrastructure but democratizes computing itself by breaking the common users free of the shacked of the I.T. department and making enormous computing power available independently and ArcelorMittal University, IT Academy
Page 12
Cloud Computing Basics
directly to them. The Cloud is redefining computing as something that is for the first time “of the people, by the people, for the people.” At an increasing scale, the Cloud gives consumers greater access to use and purchase technologically sophisticated products, as well as to participate meaningfully in innovation and in the development of these products. The democratization of computing is also true from the angle that today, instead of passively consuming computing solutions developed by large software companies, the common users have seized control and dictate what they want. This is especially true in the world of journalism. Instead of passively consuming news dished out by the media barons, the common man has taken control through innumerable blogs, forums and media sharing sites. This is aligned with the true democratic principles of the people ruling their own destiny. In IT service management (ITSM), software delivered as a service, such as Service Now, is pushing the process of democratization by giving users the tools they need to find their own answers to FIGURE B.32 problems instead of being dependent on the availability of a limited pool of IT experts. Service Now, launched in 2005 with the aim of being an ERP system for ITSM, implements the vision of a single system of record showing what's happening across the IT organization, and thus empowers the common user to solve their own problems by continuously pushing more and more knowledge their way by features such as knowledgebase article ranking and feedback, integrated chat, and other aids to user participation. The result is democratization of ITSM. With Dryad, Microsoft is trying to democratize Big Data, and leverage Cloud technology to bring enormous data analytics power to the common person. Originated by Microsoft Research, Dryad and DryadLINQ will soon provide researchers and businesspeople around the world a new way to quickly and easily perform massive computations over large quantities of unstructured data -- an end-to-end solution spanning the entire process of data capture, loading, analysis, reporting and visualization. Assisted by the scalability, low cost and easy accessibility of the Cloud, such solutions are moving out of the arena of the I.T. experts into the hands of the common users: to be used by them to build the solutions that meet their needs. Of the people, by the people, for the people. True fulfillment of the principle of democracy.
EMPOWERMENT OF THE SMALL COMPANY
“
The Cloud is redefining computing as something that is for the first time ‘of the people, by the people, for the people.’ ”
The Cloud levels the playing field for the small companies, and is often called the secret weapon for SMB (Small and Medium size Businesses) success. Experts see the Cloud as establishing a “small business revolution” by providing an abundance of benefits that give SMBs: a) Instant availability to enormous computing power without any capital expenditure except laptops. b) Ready access to a wide range of pay-per-use core business solutions delivered as a service. c) Support for anytime-anywhere business that allows start-ups and SMBs to work from homes and cafes as effectively as from corporate offices.
Add to this the enormous agility of SMBs compared to large corporations where decisions need to be signed off by 14 people who might not often see eye-to-eye. The result is that SMBs today truly have the power to outpace large corporations.
ArcelorMittal University, IT Academy
Page 13
Cloud Computing Basics
Instagram, an unknown small business in the Silicon Valley, U.S. launched in 2010. At that time they were renting a single desk @ USD 500/month from Dogpatch Labs on Pier 38, which was so structurally unsound that the City of San Francisco forced tenants to vacate within a year. At 12:05 AM on Oct 6, 2010 their app launched. Kevin Systrom, one of the two founders (on the right in Figure B.33, the other being Kevin Kreiger), recounted:
FIGURE B.33
We figured we'd have at least six hours before anyone discovered the app so we could grab some shut-eye. No problem, we figured. But within minutes, downloads began pouring in from all corners of the globe. We crossed 10,000 users within hours, and I was like, 'this is the best day of my life.' … At the end of the day, it kept growing so much I thought, are we counting wrong? "The night of sleep we were hoping for turned into a few meager hours before we rushed into the office to add capacity to the service. At the end of the first week of the company's launch, Instagram had been downloaded 100,000 times. Another week passed, and another 100,000 people had downloaded the app. By the middle of December, the community had grown to a million users. (Paraphrased from an Inc. Magazine article by Eric Markowitz)
They grew from 0 users to 14 million users in just one year without any capital investment in Servers, by using the Amazon Cloud. Imagine if there was no Cloud. Such growth would be killed by financing, procurement, deployment and manpower challenges. When Instagram was bought by Facebook in April 2012 — just two years later — for USD 1 billion, it was still a small business with only 13 employees. It was only the Cloud that enabled this unknown company to experience exponential growth without any capital investment in Servers in the global photo sharing community where in excess of 40 million photos are shared daily. Another amazing act not possible without the Cloud: After Instagram were procured by Facebook, even as some 200 million people were using Instagram on their smartphones, a small team of engineers moved the photo sharing operation from Amazon’s cloud computing service — where it was built in 2010 — into Facebook’s own Cloud. “The users are still in the same car they were in at the beginning of the journey,” says Instagram founder Mike Krieger, “but we’ve swapped out every single part without them noticing.” DropBox, similarly, grew from obscurity to global dominance using the Amazon Cloud. The examples are countless. Even while we read this booklet, an unknown company somewhere in Silicon Valley would be launching their app, which we will all use one day soon, making the company a household name. Powered by the Cloud, such unique and mind-boggling empowerment of the small business is a purely 21st century phenomenon.
UNPRECEDENTED BUSINESS AGILITY The Cloud enthusiast has always claimed that of all possible benefits from the Cloud for an organization, the top honor goes to business agility. New research by the Harvard Business Review of 527 readers shows that a connection between Cloud adoption and increased business agility does appear to exist.
“
It was only the Cloud that enabled this unknown company to experience exponential growth without any capital investment in Servers…”
A remarkable 74 percent of respondents confirmed that the Cloud had indeed provided their respective organizations with business advantage and resultant competitive advantage. When asked how the Cloud had provided competitive advantage, the enthusiasts said that Cloud has enabled them to be more responsive to changes in the market, helped them get to market faster with new products and services, and shortened the time for new business launches.
ArcelorMittal University, IT Academy
Page 14
Cloud Computing Basics
SOME USEFUL CLOUD SOLUTIONS Here is a quick look at some useful Cloud solutions.
POPULAR APPLICATION OFFERED AS A SERVICE The following is a current list of some of the leading software applications that are offered in the Cloud as a service. Salesforce.com is a popular Customer Relationship Management software offered as a service. It is a global cloud computing company headquartered in San Francisco, California. Though best known for its customer relationship management (CRM) product, Salesforce has also expanded into commercial applications of social networking through acquisition. As of 2015, it is one of the most highly valued American cloud computing companies with a market capitalization of $50 billion, although the company has never turned a GAAP profit since its inception in 1999. Workday, Inc. is an on-demand (cloud-based) financial management and human capital management software vendor. It was founded by David Duffield, the founder and former CEO of the ERP giant PeopleSoft, and former PeopleSoft chief strategist Aneel Bhusri following Oracle's hostile takeover of PeopleSoft in 2005. It targets the customers of rivals Oracle or SAP. In October 2012, it launched a successful initial public offering that valued the company at $9.5 billion. NetSuite Inc. offers a so-called complete range of business solutions that can be used to manage a company’s business operations, as well as its customer relationship management needs. It is an American software company based in San Mateo, California. NetSuite was founded in 1998 by Evan Goldberg as NetLedger, web-hosted accounting software. NetLedger was later renamed to Oracle Small Business Suite and finally NetSuite. NetSuite became a publicly traded company after its initial public offering (IPO) of 6.2 million shares on the New York Stock Exchange in December 2007. Though NetSuite has shown a 149% increase in revenue in the five-year period from 2009 to 2014 it has incurred annual operating losses since inception. ServiceNow touts itself as a platform-as-a-service (PaaS) provider of Service Management (SM) software for the entire enterprise. Specializing in delivering ITSM applications, and thus competing with BMC, Computer Associates, IBM, and Hewlett-Packard, it also provides a platform for formsbased workflow application development and thus competes with SaaS/PaaS providers such as Salesforce.com's Force.com offering. The company was founded in 2003 by Fred Luddy, in Santa Clara, California. After building a generic workflow framework, known as the "Glide" platform, Luddy opted to specialize in IT service management (ITSM) applications based on the ITIL standards. The company became profitable in 2007 and has attracted a number of large enterprises and organizations, including TIAA-CREF, Intel, and Staples. AstraZeneca discussed rolling out "self-service IT" based on ServiceNow in August 2014. Besides running the work of IT on ServiceNow, NetApp describes how its finance organization moved the entire Quote-toInvoice process to ServiceNow in a case study on the company's website. In 2008, the University of San Francisco chose to replace their BMC Remedy system with ServiceNow in a well-publicized move. ArcelorMittal University, IT Academy
Page 15
Cloud Computing Basics
AthenaHealth, Inc. is a publicly traded American company that provides cloud-based services for electronic health records, revenue cycle management, patient engagement, care coordination, and population health management, as well as Epocrates and other point-of-care mobile apps. The company was founded in 1997 in San Diego, California, and today is headquartered in Watertown, Massachusetts, USA. Concur Technologies is an American travel management company, providing travel and expense management services to businesses. It is headquartered in Bellevue, Washington. Concur has been acquired by SAP in December 2014 for US$8.3 billion. The company was co-founded by Steve Singh, its CEO and Chairman of the Board. It has grown to more than 20,000 clients and 25 million travelers in over 100 countries. The company completed fiscal 2011 with total revenue of $349 million.
Cornerstone OnDemand is an American company that helps organizations to recruit, train and manage their people. Adopted by hundreds of the world’s largest companies—from Walgreens and Starwood Hotels & Resorts to Deutsche Post DHL and Xerox—and thousands of smaller ones to help them engage their workforces and empower their people, the software impacts every aspect of the employee experience, helping people to make their best work even better – which ultimately translates into greater business results. As of 2015, the solution is in use by over 19.1 million people in 191 countries, and in 42 languages. LinkedIn is a business-oriented social networking service, headquartered in Mountain View, California, launched on May 5, 2003. It is mainly used for professional networking. As of March 2015, LinkedIn reports more than 364 million acquired users in more than 200 countries and territories. The service is available in 24 languages, and as of 2013, LinkedIn had 65.6 million monthly unique U.S. visitors and 184 million globally. LinkedIn filed for an initial public offering in January 2011 and traded its first shares on May 19, 2011, under the NYSE symbol "LNKD". Marketo Inc. makes marketing automation software for companies. In 2012, Marketo was reportedly ranked #1 among marketing software companies. Headquartered in San Mateo, CA, Marketo was founded in 2006 by Phil Fernandez, Jon Miller and David Morandi. In 2008, Marketo introduced its first product, Marketo Lead Management, followed by Marketo Sales Insight in 2009 and Marketo Revenue Cycle Analytics in 2010. The company’s customer base has grown to over 2,000 at the end of 2012. QuickBooks is an accounting software package developed and marketed by Intuit, founded in 1983 by Scott Cook and Tom Proulx in Mountain View, California, USA. Intuit offers a cloud solution called QuickBooks Online (QBO). As of May, 2014, QuickBooks Online was the global leader in online accounting software, with 624,000 subscribers. That's double the number of its nearest competitor, New-Zealand based Xero, which reported 284,000 customers as of July, 2014. QuickBooks Point of Sale is software that replaces a retailer's cash register, tracks its inventory, sales, and customer information, and provides reports for managing its business and serving its customers. Intuit's Lacerte and ProLine tax preparation software for professional accountants who prepare tax returns for a living integrates with QuickBooks in this way. Microsoft Office also integrates with QuickBooks. ArcelorMittal University, IT Academy
Page 16
Cloud Computing Basics
VIRTUAL SERVERS AS SERVICE A virtual server is a virtual machine in the Cloud that is rented to a user as a service. Since it is not a real physical machine, but merely shared “space” inside a Cloud, it costs the user much less than if he or she were to rent real physical server with the service provider. But since the virtual server looks like a real server and behaves like a real server, the user hardly cares, and enjoys the lower cost with additional benefits. For instance, today it would be almost impossible for a user to get a server with only 1 GB RAM. But in a virtual server we can get anything we ask for — instantly. This service is usually sold as a “Virtual Private Server” (VPS). A VPS can run any operating system that can run on the hardware platform on which the Cloud is built, the most popular platform being the Intel x86 (compatible) instruction set on which Windows, Mac and Linux servers normally operate. So when we rent a virtual server from a Cloud provider, we can choose our operating system. As customers, we would have superuser-level access to that operating system. Then we would be able to install almost any software that runs on that operating system. Hence, if we rented a Windows VPS, we would be able to run any Windows software on it. So for most purposes, a virtual server is functionally equivalent to a dedicated physical server, and being software-defined, is able to be much more easily created and configured. There are two main types of virtual hosting: Name-based and IP-based. Name-based virtual hosting uses the host name presented by the client. This saves the provider IP addresses, and also saves the associated administrative overhead. But there are significant difficulties in providing name-based virtual hosting with Secured Socket Layer (SSL) and/or Transport Layer Security (TLS), because the protocol being served must supply the host name at an appropriate point.
IP-based virtual hosting can be performed with any protocol and uses a separate IP address for each host name, and requires a dedicated IP address per domain name served. Port-based virtual hosting is not very friendly to users, but is also possible in principle, though rarely used. Name-based and IP-based virtual hosting can be combined: FIGURE B.41 It is possible to assign multiple IP addresses to a single server, and then that server can serve multiple names on some or all of those IP addresses. This approach is useful when using SSL/TLS with wildcard certificates. For instance, if a server operator had two certificates, one for *.hamatama.com and one for *.hamatama.net, he could serve rat.hamatama.com and mouse.hamatama.com off the same IP address but would need a separate IP address for rodent.hamatama.net. PROS They are priced much lower than equivalent physical servers. They are much more configurable than physical servers. CONS Since all virtual servers share the underlying physical hardware with other virtual servers, performance may be lower. There will be dependency on the workload of the other virtual servers running on the same hardware node. TYPICAL USE: Hosting of web servers, particularly static websites.
ArcelorMittal University, IT Academy
Page 17
Cloud Computing Basics
DESKTOP AS A SERVICE Today we no longer need to buy a new laptop (or desktop) when we want to upgrade to a faster processor or to more Memory than your current laptop can possibly support. We can keep our existing laptop (or desktop) and — instead — rent a virtual desktop from a Cloud provider who offers “Desktop as a Service”. Also variously referred to as VDI, Virtual Desktop, Hosted Desktop, Online Desktop, Remote Desktops, Virtual Remote Computer, Internet Hosted Computer, Online Computer, or Internet Desktop (sometimes with slightly different meanings), these terms today normally refer to what is officially called “desktop as a service”. It is the virtualization of our laptop or desktop computer in the Cloud. It is hosted in the Cloud, and is available online through the Internet 24x7x365 from anywhere. It is not Team Viewer or GoToMeeting, but our own virtual workstation hosted in the Cloud for us to access it anytime from anywhere. It is our Windows, Mac or Linux PC (as we want it), configured to our choice, and accessible at all times through any Internet device (laptop, Chromebook, tablet, mobile phone, SmartTV, thin client, thick client, etc.). PROS It can be made faster or slower depending on my needs. The faster we made it go, the more would we have to pay. So no more performance issues. Much, much easier to upgrade to more memory, more hard drive or higher CPU power. Upgrades are instant. On demand. Possible to downgrade, if it is too fast for us, and we want to pay less. It is much more secure than a traditional physical desktop or laptop. We can’t lose it, or accidentally leave it behind on the train. Nobody can steal it from us. There is no separate maintenance cost for software or hardware that comes bundled. The chances of your machine crashing can be eliminated by purchasing automatic failover protection. The chances of hard drive failure is eliminated in the Cloud by the use of virtual storage. We get device independence. Windows apps, which were never ported to the Mac, will now work on our Mac iPAD, and iPhone. Mac software will work automatically on our Android, Linux and Windows devices. FIGURE B.42 Employers and the Management can implement the Bring -Your-Own-Device (BYOD) trend securely in the office, and stay ahead of the competition. A BIG PLUS for corporations is the ease of on-boarding new team members, as well as decommissioning their desktops when they leave the organization. Another big plus for corporations is the complete control over desktop policy implementations. Great security for corporate data is yet another advantage for corporations. The data is never resident on the local machine, and — therefore — nobody can run away with it. CONS The only significant drawback is that our virtual desktop is not available offline. There are solutions for that as well, but such details are beyond the scope of this introductory document. Some difficulties exist in using devices on the local machine. Cumulative cost over time is likely to exceed the cost of physical desktops and laptops.
ArcelorMittal University, IT Academy
Page 18
Cloud Computing Basics
VIRTUAL SANDBOXES AS A SERVICE Sandboxing is an important security and isolation technique that places untested and/or experimental and/or unproven software in a secluded area (“the sandbox�) where whatever mess this software creates will not impact anything outside the sandbox. The Cloud, based on its fundamental concept of virtualizing everything, is a place where virtual sandboxes can be easily created for testing ideas. A virtual sandbox is no different from a virtual machine, technically equivalent to a virtual server and a virtual desktop, but functionally different in purpose. So unlike the greater permanence of a virtual server, a virtual sandbox might be created for shorter durations, and then destroyed, Sandboxes might also make enormous demands on the Cloud during their short lifespan, because the testers might wish to throw all kinds of FIGURE B.43 unrealistic challenges at the software being evaluated. For instance, load testing and stress testing plans might simulate enormous and extraordinary load and stress for the software to deal with. Virtual Sandboxes are most commonly used for software quality assurance. As Figure B.43 shows, it is easier to test software on multiple operating systems in the Cloud, because we can quickly create the environments we want for the test, and then destroy them afterwards, thereby retaining no cost liability.
FILE STORAGE AS A SERVICE This is one of the most popular uses of the Cloud or Cloud-like services. File storage as a service is a model of data storage where the digital data is stored in the Cloud owned and managed by a hosting company. These Cloud storage providers are accountable for the upkeep, safety and continued availability of the data. Individuals and organizations buy or lease storage capacity from these providers to store user, organization, or application data. Cloud storage services may be accessed through the web, or through a small software installed on the local machine, or through a web service application programming interface (API) or by applications that utilize the API, and in a number of other ways. Almost all of us are putting our documents, photos, music, and other data into the Cloud, thereby allowing us to access our files no matter which computer or mobile device we are using. It is also a convenient way to back up our data in the Cloud, and sync it with multiple local FIGURE B.44
ArcelorMittal University, IT Academy
Page 19
Cloud Computing Basics
devices, while the master copy of the data remains in the Cloud. Some of the top Cloud-like storage solutions that are readily available are Dropbox, OneDrive, Google Drive, Copy, Box, Amazon Cloud Drive, and SugarSync. These variously interact well with other apps and services to make the experience of doing something with our files relatively seamless to us. Some of these services are niche; for instance, offering e-signatures, so our collaborators can sign all those documents that we are storing and sharing via the Cloud. File-syncing has become an integral part of such online services. Business professionals love the huge usefulness of file-syncing. Imagine bad weather preventing us from getting to work, but we badly needed to finish a project to meet a deadline. Imagine if the latest copy of the halfdone project only lived on our office PC. With a file -syncing service in place, we can grab that project in seconds. It also eliminates the need to carry a clunky laptop with us, and ensures all our files are available to us no matter where and when we log in. If we were in the habit of emailing files to ourselves so that they were saved online for easy access, file syncing unshackles us from such chores forever.
FIGURE B.44
DATA BACKUP AS A SERVICE. Cloud backup services offered as a service in the Cloud are a related offering, but are different in that they focus — not necessarily on giving us real-time access to data stored in the Cloud — but on giving our scanned and digital treasures a place to live that is safe from theft, disaster and the all-too-common reality of hard drive failure. Some of the well established Cloud backup services at this time are Carbonite, IDrive and CrashPlan, each distinguishing themselves by providing a wide range of automatic backup features, powerful restore functions and unlimited or near-unlimited storage capacity. Barracuda, reputed for their storage devices, is amongst several other companies jumping into the fray with attractive offerings, as shown in Figure B.44.
DISASTER RECOVERY AS A SERVICE Disasters can and do happen at the best of places, and at the worst of times. Figure B.45 shows Manhattan’s midtown tunnel under water during Hurricane Sandy (2012). Disaster Recovery as a Service (in the Cloud) is a fast-growing area of disaster preparedness. Alan Berman, president of the Disaster Recovery Institute International is quoted in SearchCIO.com as saying, “We’ve already seen more and more use of cloud disaster recovery on a personal level, and we’re going to be seeing more and more on a business level.”
FIGURE B.45 ArcelorMittal University, IT Academy
In general, the Cloud delivers faster recovery times and multi-site availability at a fraction of the cost of conventional disaster recovery. So what Changes in the Cloud to make such a sea change possible? The answer is quite simple. The fundamental concept of Cloud computing is virtualization. This allows us to take a very different approach to disaster recovery. With Page 20
Cloud Computing Basics
virtualization, the entire server set-up — including the operating system, applications, patches and data — can be replicated on a Virtual Machine in the Cloud in a different seismic zone (so as to provide isolation from natural disasters). Virtual Machines at the DR site would be lying nearly dormant all the time, consuming very little resources, and therefore costing us very little — until disaster struck, at which time the Virtual Machines could be quickly spun up to Production Strength, and go into action.
Figure B.47 shows how the traditional disaster recovery setup usually requires the same or a similar cost to the primary server setup, thereby entailing (1+1=2) twice the cost of the primary site. But when disaster recovery is delivered as a service in the Cloud, the cost dramatically reduces because: a) No hardware to buy. Ever. b) Backup servers are only "provided for" (i.e., fully defined) but not scaled up to production strength until a disaster actually strikes. So operational cost FIGURE B.46 during non-disaster times is quite minimal. c) Only when actual disaster were to strike, would the DR virtual machines operate at full strength and the company would have to shell out the full cost of the servers.
The resultant cost savings projected for deploying Disaster Recovery as a service in the Cloud could be as much as 85% over traditional cost of disaster recovery. (See Figure B.48) COLD SITE DISASTER RECOVERY. The cloud renders antiquated the concept of Cold Site Disaster Recovery. WARM SITE DISASTER ECOVERY. As elucidated above, Cloud computing makes Warm Site Disaster Recovery a very cost -effective option where backups of critical servers can be spun up within seconds within Virtual Machines In the Cloud. HOT SITE DISASTER RECOVERY. In additional to choosing to utilize Disaster Recovery as a Service in the Cloud, if we were to set up SAN-to-SAN replication of data between the primary site and the disaster recovery site, the result would be full-fledged Hot Site Disaster Recovery with very short recovery times in terms of both RTO (Recovery Time
FIGURE B.47 ArcelorMittal University, IT Academy
Page 21
Cloud Computing Basics
Why does a Cloud Solution cost a lot less? #1: No Hardware to buy. Ever. #2: Backup Servers are only “provided for” and not launched unless there is a failure. #3: Only in the case of an actual disaster you pay Full Price for your backup servers.
Objective) and RPO (Recovery Point Objective), at a very attractive, viable and cost-effective option. Such capability at such a low cost was never possible until the advent of Cloud computing. SAN-toSAN replication would not only provide rapid failover protection to the disaster recovery site, but also the capability of returning to the primary production site when the DR test or disaster event is over.
Results in approx. 85% savings in your Disaster Recovery cost over time.
Using the Cloud, smart Disaster Recovery Service Providers are able to provide full disaster recovery services that not only replicate the servers between data FIGURE B.48 centers, but also replicate the entire network configuration in a way that recovers the network as quickly as the backed up Cloud servers. Figure B.49 graphically compares the Traditional Disaster Recovery scenario (Black Arrow) with the Disaster Recovery as a Service scenario (Red Arrow). In the modern service framework the following services have been rendered obsolete:
Local tape backup. Offsite tape backup. Cold Site DR.
The recovery speed of all of the following has significantly improved:
Online Backup. Warm Site Backup. Hot Site Backup. FIGURE B.49
At the same time, the cost of delivering the above was dramatically reduced.
Source: Online Tech (www.onlinetech.com)
EMAILS AND OFFICE 365 IN THE CLOUD These are easy, and easily understood utilization models for the Cloud. Instead of our organization buying and maintaining an email server (like Microsoft Exchange) entailing hardware, license and manpower costs, email and Exchange-like collaboration is now available in the Cloud as a service, where the organization pays only a small cost per user per month. Google’s Gmail for Business, VMware’s Zimbra and Microsoft’s own Office 365 offering are the typical choices in this category. The return-on-investment is easy to compute, and the benefits are enjoyed almost immediately in the same fiscal year. Office 365 not only provides email services, but also full Microsoft Office functionality on the basis of a low annual per user license rather than a one-time license fee. Success stories abound dating back several years already.
ArcelorMittal University, IT Academy
Page 22
Cloud Computing Basics
When Chicago wanted to usher in the digital age, the CIO Brett Goldstein moved 30,000 city employees to Microsoft Office 365, thereby reportedly saving US$ 400 million in the first year itself. (Source: InformationWeek, January 4, 2013). The previous year, the Environmental Protection Agency (EPA) moved 25,000 employees to Office 365, and announced that it expected to save US$ 12 million over the next four years. (Source: InformationWeek, November 1, 2012.).
BIG DATA ANALYTICS IN THE CLOUD The term Big Data is used to describe a massive volume of both structured and unstructured data that is too voluminous to process using traditional databases. The quotation in Figure B.51 illustrates the enormity of the problem.
FIGURE B.51 Source: Huffington Post, Oct 5, 2010
Almost everything we do today, and everything we use, generates data. We make a phone call — there is data generated inside the phone, at the telephone company, at the network hubs along the way, in the outsourced billing system… We drive our car to work — there is data generated inside the engine, in various digital and analog devices, inside the GPS device, some of these may be transmitted selectively to the car company and/or to the garage… The heavy machinery at the manufacturing plants are tagged with numerous sensors and devices that are constantly collecting data and transmitting them to data acquisition and control systems, to the MES (Manufacturing Engineering Systems), to the ERP system, to the business warehouse, to dashboards, reports… Toll booths, shopping carts, credit cards, Smart TVs, emails, voicemails, meetings — anything FIGURE B.52 and everything today generates a constant flow of data. According to some estimates, the United States alone generates 7 million pieces of event data per second, which adds up to a few tens to hundreds of petabytes of data per month (without compression). The New York Stock Exchange reportedly generates 1 TB of trading data every single day. Tweeter is supposed to produce 7 TB of data every day.
ArcelorMittal University, IT Academy
Page 23
Cloud Computing Basics
As Figure B.52 shows, this data is being generated not just in large volume, but at an ever increasing velocity, in a wide variety of formats, and with various levels of trustworthiness (which means, we might trust less the accuracy of a Tweeter feed than the equivalent information from our company’s verifiable ERP system). In most enterprise scenarios the volume of data is too big and/or it moves too fast that it exceeds traditional processing capacity. But at the same time Big Data has the potential to help companies improve operations and make faster, more intelligent decisions through computational analysis to reveal patterns, trends, and associations, especially relating to machine behavior, human behavior and man-machine interactions… — IF somehow such massive data can be harnessed and processed. THE CLOUD MAKES IT POSSIBLE. Massive computations and statistical analysis in real-time over enormous data items requires computing power that must be capable of handling up to millions of events per second, and making an immediate judgment without failing to respond to unexpected generation or rapid variation in the number of events. In a traditional IT scenario, we would need an unpredictable number of servers running in parallel, with the possibility of distributed parallel processing with thousands of Servers. Without the Cloud, such capabilities would be beyond the reach of most organizations. Big Data Analytics in the Cloud is a technology that has the possibility to transform business in all sorts of ways. EXAMPLES OF BIG DATA ANALYTICS IN THE CLOUD. Orange is one of the biggest mobile carriers in the world. In France Orange launched a project called “Data for Development” project by releasing subscriber data for customers in Ivory Coast. The 2.5 billion records, which were made anonymous, included details on calls and text messages exchanged between 5 million users. Big Data analytics enabled researchers to devise Big Data Analytics proposals for Orange as to how the data could serve as the foundation for in the Cloud is development projects to improve public health and safety. Proposed projects included one that showed how to improve public safety by tracking cell phone technology that has data to map where people went after emergencies; another showed how to use the possibility to cellular data for disease containment.
“
transform business in all
Netflix credits Big Data for the commercial success of its hit series “The House of sorts of ways.” Cards”. Reportedly, the company mined its subscriber data to put the essential ingredients together for the hit series. Likewise, Netflix also reportedly broth back “Arrested Development” back from the dead based on Big Data analysis of subscriber data. Big Data analytics is also enabling researchers to:
Decode the human DNA within minutes, and predict individual vulnerability to diseases. Analyze millions of unstructured events gathered from global online buzz in real-time, and predict where terrorists might plan to attack.
According to a survey by QuinStreet, a survey of 540 enterprise decision-makers involved in Big Data enterprise purchases revealed that the most common applications of the technology were to improve operations and increase customer retention.
INDUSTRIAL INTERNET General Electric coined this term to refer to the integration of physical machinery with sensors and software that are networked together. It is similar to IoT (Internet of Things), but applied specifically to industrial applications. Today both the term and the movement have caught on, and the Industrial Internet Consortium, a global non-profit partnership of industry, government and academia, was established in 2014 by the founding members: GE, IBM, Cisco, Intel and AT&T under the sponsorship of the Object Management Group (OMG).
ArcelorMittal University, IT Academy
Page 24
Cloud Computing Basics
General Electric, according to a headline in FastCompany, “is pushing to turn jet engines, locomotives and other giant machines into data-spewing computer.” A good example is the GE Evolution, a locomotive engine measuring 73 feet long and weighing 436,000 pounds that hauls good all over the United States. What is notable is that it is a veritable computer on wheels with innumerable devices measuring virtually every aspect of its operation. The purpose? So that General Electric’s suite of Industrial Internet tools can continuously improve its efficiency. With around 24,000 locomotives in operation, GE estimates that even a 1% improvement in overall locomotive efficiency can result in US$ 2.8 billion in savings by positively impacting (a) trip optimization, (b) remote diagnostics, (c) movement planning, and so on. By adopting the Industrial Internet, the Union Pacific Railroad has mounted infrared thermometers, microphones and ultrasound scanners alongside its tracks. These sensors scan every train as it passes, and send readings to the railroad’s data centers, where pattern-matching software identifies equipment at risk of failure. The falling prices for computing power and networked sensors has enabled companies like Union Pacific to THINK BIG and implement a vision of an all encompassing Industrial Internet.
“
What would take three weeks on a standard laptop can now be delivered in a fraction of a second by the Cloud.”
These examples are impressive proof of the potential of Industrial Internet to transform the world. But how will the industry harness the enormous computing power needed for such applications? THE CLOUD IS ESSENTIAL FOR INDUSTRIAL INTERNET. Because only through the Cloud can we obtain the enormous scalable processing power we require on demand to process tons of information. Let’s take the example of the gas turbines, which are generally so efficient that any attempt at improvement requires a "hyper-sophisticated approach," says Paul Rogers, GE’s Chief Development Officer talking to CIO.com, which entails running models with "incredibly complex algorithms." On a standard laptop, for instance it would take three weeks for a typical query to be answered; but distributing the same query among cloud-based processors performs a calculation in a fraction of a second.
More information on he Industrial Internet may be found under EPILOGUE, “The Current State of the Cloud”.
ArcelorMittal University, IT Academy
Page 25
Cloud Computing Basics
The
Business
Perspective
BENEFITS OF THE CLOUD MARKET COMPETITIVENESS
GREATER ORGANIZATIONAL SCALABILITY. The Cloud provides almost instant scalability of IT infrastructure.
If we needed more resources this week to process some government mandated arrears payment for our workforce, we would have that additional computing power on demand — today. When the need was fulfilled and over with, we would instantly release those additional resources and not have to pay for them one second longer than necessary. If we needed a new SAP Finance system today to manage the finances of a new subsidiary, we would have that SAP instance today, rather than go through a month-long procurement and deployment process under a non-Cloud traditional I.T. scenario.
RAPID RESPONSE CAPABILITY. Such instant scalability and agile I.T. infrastructure enables the company to react rapidly to changes, whether internal (such as a new policy) or external (such as a new government legislation). GREATER BUSINESS AGILITY. This rapid response capability directly leads to greater business agility for the organization as a whole.
“
It is all about BUSINESS AGILITY. The agile enterprise wins almost every time.”
HIGHER MARKET ADVANTAGE. Greater business agility leads to greater market competitiveness, because it enables the organization to adapt to real or anticipated changes and to implement new ideas, faster than the competition. LOWER OPPORTUNITY COST. The instant availability of I.T. resources on demand enables organizational units to test and/or implement their ideas much more quickly than would be possible in a non-Cloud traditional I.T. environment. This should translate into much better utilization of opportunities, and lower opportunity cost. The ability of a firm or individual to produce goods and/or services at a lower opportunity cost than other firms or individuals leads to greater comparative advantage, which gives a company the ability to sell goods and services at a lower price than its competitors and realize stronger sales margins. Thus, having a comparative advantage — or ArcelorMittal University, IT Academy
Page 26
Cloud Computing Basics
disadvantage — can indeed shape a company's entire focus. (Technically, it is important to note that a comparative advantage is not the same as an absolute advantage, but greater elucidation of such financial nuances is beyond the scope of this handbook.)
FINANCIAL ADVANTAGES INCREASED REVENUES. Increased market competitiveness can usually lead to increased revenues. REDUCED CAPEX. CONSERVATION OF CAPITAL. The Cloud will eliminate the need to buy most of the hardware by transferring that responsibility —- including full hardware lifecycle management (procurement, maintenance, and obsolescence handling) — to the vendor. So no more would we have to buy Server and associated backend hardware that typically resides in the Data Center or the computer room. Thus the expense of infrastructure and its management to become an operational expense (OpEx) rather than capital investment (CapEx). The organization will conserve capital that can be used for other purposes. COSTS BECOME VARIABLE. Costs will be tied to various levels of actual resource allocation, usage or consumption.
Ideally, the true Cloud is required to charge only by true consumption. But as of 2015, Cloud providers still utilize billing models that are associated with variables that involve resources asked for an allocated, such as: - 64 GB RAM, or Lower cost from - 99 users, or - 3 TB of disk storage, or Cloud adoption is - 10,000 SAPS of computing power for our SAP application. Although these methods violate the true spirit of Cloud Computing, they do convert costs from fixed monthly costs to variable.
Subscription-based model reflects the operations of an organization more realistically than incurring costs on hardware in a disconnected manner.
“
not always guaranteed, but should be the case, and is always a strong possibility.”
POSSIBLE TAX BENEFITS. Instead of having more depreciating assets, the hardware costs can be expensed. STRONG POSSIBILITY OF LOWER COSTS. The Cloud that implements the true spirit of providing a “metered service” based on actual resource consumption, not resource allocation, should normally lower costs, because idle capacity is no longer paid for.
The key here is having realistic prices from the Cloud provider. Costs in the Cloud can sometimes be difficult to understand. For instance, a seemingly attractive cost of 50 cents per GB of Memory (RAM) per minute might add up to a monthly cost of US$ 22,500. That is why, even though a lay user can click and buy Cloud resources, expert advice is quite indispensable for major purchases.
ArcelorMittal University, IT Academy
Page 27
Cloud Computing Basics
If the Cloud is priced realistically, and metered by actual consumption, we can usually expect to pay less than we can expect to pay in a non-Cloud environment. ECONOMIES OF SCALE. The Cloud will facilitate the creation of a centralized, remote facility for computing, thereby promoting further economies of scale, and the net impact of lower costs. REDUCTION IN RESOURCES. Reduction in resources required for administrative management and for keeping the lights on in the data center and/or computer room will eventually translate into lower costs.
OPERATIONAL ADVANTAGES LITTLE NEED FOR CAPACITY PLANNING. Since Clouds scale up to meet elevated demands, and scale down in response to demand depletion, there is little need to engage in old style capacity planning, hardware, and so on. This leads to greater operational convenience, and also largely releases the users from the shackles of having to prove a real or imagined ROI (return on investment) for new applications. ANYTIME-ANYWHERE BUSINESS. The Cloud, by making applications accessible over the Internet whenever required, makes it easier to establish the Anytime-Anywhere business paradigm better suited to 21st century work style and lifestyle. The anytimeThis should lead to:
More agile business. More satisfied customers (whether external or internal). A happier workforce, resulting in improved employee retention. Higher overall productivity.
IMPROVED BUSINESS CONTINUITY.
“
anywhere business paradigm made possible by the Cloud bestows multiple benefits across the enterprise.”
The Cloud improves business continuity and sustainability because of easier Disaster Recovery offered by the Cloud, and much lower cost of DR consumed as a service. EASIER COMPLIANCE AND STANDARDIZATION.
Using a pre-certified Public or Community Cloud can mean easier regulatory compliance. Greater standardization due to abstraction of application from hardware to hypervisor.
VALUE TO STOCKHOLDERS The Strategy Map in Figure C.10 graphically illustrates how the various business outcomes of the Cloud — whether direct or indirect — ultimately aim to increase shareholder value.
ArcelorMittal University, IT Academy
Page 28
Cloud Computing Basics
FIGURE C.10
In the strategy map, the ORANGE boxes show the direct outcomes of adopting the Cloud, while the GREEN boxes indicate indirect outcomes. The direct benefits are as follows (not necessarily in the right order or priority — but in the order of appearance on the diagram): 1. 2. 3. 4. 5. 6. 7.
Better business continuity & sustainability. Centralization of resources. Instant scalability. Metered billing. Eliminate wasted capacity. Anytime-anywhere business. OpEx, not CapEx.
The diagram argues:
Centralization of resources leads to economies of scale, which leads to increased market competitiveness, which leads to Increased stockholder value. Instant scalability of the Cloud leads to greater business agility, which leads to increased market competitiveness, which leads to increased stockholder value. Metered billing should lead to lower cost, which leads to increased market competitiveness, which leads to increased stockholder value. Elimination of wasted capacity leads to lower cost, which leads to increased market competitiveness, which leads to increased stockholder value. And so on.
ArcelorMittal University, IT Academy
Page 29
Cloud Computing Basics
BARRIERS TO CLOUD ADOPTION Before we discuss some obvious barriers, let us look at two important points that might not be discussed too often in the corporate meeting rooms. These are, however, actual realities that often cloud human decision making.
FEAR OF THE UNKNOWN Fear of the unknown is quite universal. Successful people routinely rise above it. In today’s world we are surrounded by the unknown, and it is important to recognize this fear as a reality that impacts almost everyone of us, so that we can avoid succumbing to this fear that can ruin our lives, careers, happiness and health. According to psychologists, a number of different attitudes and triggers can lead to the fear of the unknown. Worldwide, people are becoming increasingly concerned about economic factors, results of elections, jobs, retirement planning, and health issues and so on. Fear of the unknown phobia also goes hand in hand with the fear of loss, fear of death etc. The advent of the Cloud, like most new technologies, scares people who have something to protect, and therefore might prefer ‘status quo’ over change. Whereas those who want to break the ‘status quo’, typically welcome disruptive technologies as a way to rise to prominence. Ultimately, although corporate decisions are supposed to be imbued in unemotional rationality and objective logic, in reality it is “people” who take decisions, and people are emotional beings. Fear is a strong and often compelling emotion. As managers and individuals whose choices and decisions impact the fate of the organization, we have to be cognizant of this reality. Yes, fear of the unknown can make some of our team members put up barriers and destructive argument to thwart the march of the Cloud into our organization. Let us not shy away from the possibility that this could be an unpleasant reality even in parts of our own organization. The best antidote to the fear of the unknown is the realization that while change is often difficult, not changing could be fatal.
FEAR OF LOSING CONTROL Psychologists have determined that one of the most prevalent fears people have is that of losing control. This is the fear that if we do not manage to control the outcome of future events, something terrible might happen to our detriment. The root of the problem is the demand for certainty in a world that is perpetually uncertain and changing. We — especially those of us who are doing well at work and successfully climbing the corporate ladder — might sometimes tend to think that we must accurately predict and manage the future, in order to control what happens to us. It is this contradiction between the demand for certainty and the reality of uncertainty that can persuade otherwise rational individuals to put up undue and unnecessary barriers against adopting the Cloud in the organization. In a more physical sense, this can impact Systems Administrators who are generally used to working in the same ArcelorMittal University, IT Academy
Page 30
Cloud Computing Basics
building as “their” servers. With the Cloud eliminating “their” servers, Systems Administrators can feel they have been demoted to users on a Cloud system that they do not control or “own” at a physical level.
FEAR OF DATA THEFT AND LOSS. The fear of data loss and theft are a genuine concern. According to a past survey conducted by Symantec titled, “What’s Yours is Mine: How Employees Are Putting Your Intellectual Property At Risk”, reportedly half of the people who left or lost their jobs in the 12 months prior to the survey, kept confidential corporate data on their devices, and 40 percent planned to use it in their new jobs. (Reported by Stout Risius Ross, a premier global advisory firm that specializes in Investment Banking, Valuation & Financial Opinions, and Dispute Advisory & Forensic Service.) Riding on this fear, the Management may be inclined to restrict employee access to the Internet in some manner, thereby impacting Cloud usage as well. But this kind of policing alone is ineffective, because almost everyone has access to emails at the workplace, and can always attach company-proprietary documents to themselves as attachments. So the solution to this fear is not to deny access to the Internet and to the Cloud, but to control access better. As we have argued elsewhere in this eBook: Do we store our jewels in the perceived safety of our home, or do we trust the bank to store our jewels in a safe deposit box at the bank? Do we store our data on the perceived safety of our hard drive, or do we trust the Cloud provider to store our data in the Cloud? Banks can be robbed, though it is increasingly difficult to do so. Clouds can be violated, though it is increasingly difficult to do so. The choice is ours. The answer is not in giving in to our fear, but implementing the best safety measures possible, and ushering in the future that is anyway unstoppable.
LACK OF AVAILABILITY In the western world, we tend to take for granted many services that may not be as prevalent or robust in developing or underdeveloped countries. Internet connectivity is one such item. Therefore, the weakest link in a Cloud system could be the lack of robust Internet connection at the point of service consumption where the Cloud user is located. Even the best architected Cloud with the lowest latency and the strongest security can be useless if the users can not access it when they need it.
RESPONSE TIME AND PERFORMANCE RELIABILITY Predictable response time is a major requirement for mission-critical web-facing applications (e.g., electronic commerce) in Cloud environments, because a key aspect of any software user experience is the response time from submission of a request until the result is returned. Response times could vary for different types of transactions, such as creating an invoice, opening a web page, downloading a file, or sending an e-mail, under a variety of workloads. These are system response times. Such requirements are often specified as service level agreements (SLA) such as “95% of queries will return meaningful results within 1 second.” More generally, we might use the term “performance reliability” to refer to a wider range of quality of service properties that denote predictable and/or guaranteed performance such as SLA-specified response time. The traditional view of performance ArcelorMittal University, IT Academy
Page 31
Cloud Computing Basics
reliability was related to a stable workload running on a stable hardware and software configuration. These stability assumptions may no longer hold for the Cloud, thereby making performance reliability a serious challenge and users are resorting to requirements such as SLA-specified response time. The Cloud being accessible only over the Internet can be vulnerable to response time challenges and performance reliability issues., and 25% of respondents in the 4th Annual Survey conducted by North Bridge Venture partners mentioned NETWORK BANDWIDTH as a barrier to Cloud adoption.
THE “NIH” SYNDROME “NIH” stands for Not Invented Here. It is the psychological foundation of not using third party solutions to a problem because they originate outside the organization. People sometimes experience “false pride” in using their own solution and utilize every possible valid and invalid reasons to justify sticking to their own solutions rather than incorporating obviously superior solutions developed by others. It is a genuine social phenomenon, and psychologists often describe it as the “NIH syndrome”. This attitude manifests as an unwillingness to adopt an idea or product because it originates from another culture, a form of tribalism. Here is a real-life example of NIH that pushed back the U.S. automobile industry by a few decades. Michelin in France invented and patented the radial tire in 1946. But the U.S. automobile industry resisted the technology and called it "a freak product that isn’t going anywhere." (Source: “What we know about Tires: A Historical Background” by John Thomson in the JAG Magazine on May 5th, 2001.) Only in 1968, Consumer Reports (an influential trade journal) acknowledged the radial technology as superior. But even then the U.S. industry continued fighting the radial technology by introducing their own “bias belted tire”. It finally took the gasoline crisis of 1973 (when gas went from 30 cents per gallon to $1.00 in the U.S.) to finally accept the radial technology because of its superior oil economy. By the 1980s, radial tires had 100% of the U.S. market. It took 34 years for the U.S. automobile industry to break the NIH syndrome. Question: What does it have to do with Cloud adoption? Answer: A lot. IT departments have serviced their organizations for many years, sometimes working on weekends and deep into the night in response to emergencies or to fix things. The I.T. staff often develop — quite rightfully — a deep emotional attachment to their systems and to their servers. A Cloud can feel nebulous and remote, almost like it belongs to someone else. The first reaction of IT could be resistance partially caused by NIH.
POINT OF NO RETURN The Cloud is often viewed by both business and I.T. as a one-way street, where — once moved to the Cloud — one can never bring an application back in-house (on-premise). This tends to make the Cloud adoption decision heavier than it should be. The “no return” is a fallacy, and applications can be migrated out of the Cloud to in-house hardware without much trouble if industry best practices are followed in the first place while migrating applications to the Cloud.
VENDOR LOCK-IN Vendor lock-in is a genuine concern, as Cloud providers readily propose use of their custom APIs for enhancing, optimizing and automating our Cloud experience, and that could indeed lead to a tighter coupling with the Cloud in question than one would objectively advise. Vendor lock-in can be quite easily avoided with the right strategic and tactical decisions. As Cloud providers embrace open technologies like OpenStack, this concern will fade. ArcelorMittal University, IT Academy
Page 32
Cloud Computing Basics
LACK OF SUPPORT FOR EXISTING HARDWARE PLATFORM This is a genuine concern, because most Cloud providers only provide the Intel x86 platform, which can run Windows, Mac and Linux/Unix applications without modification, but not a plethora of other legacy applications that are also widely in use on the IBM Mainframe, the IBM AS/400, the IBM Power platform, VAX VMS platforms, PDP platforms, and so on. Many Cloud providers would offer to re-platform our non-compatible software to the Intel x86 platform. It is a problem that merits attention, but does not exist for the vast majority of organizations that are firmly embedded on Windows, Mac or Linux/Unix.
THREAT OF GOVERNMENT SNOOPING Edward Snowden, the ex-CIA employee, leaked U.S. government secrets, particularly of the activities of their National Security Agency (NSA) in mass surveillance within the U.S. perimeter, as well as numerous global surveillance programs in cooperation of telecommunication companies and European governments. Such revelations naturally make organizations worry about who will have access to their data if it is processed in a Cloud — especially if that Cloud is located off-shore. Organizations can exercise control over the physical location of the data by putting it in the contract with the Cloud provider that the Cloud should be hosted within named geographies. This is easy to incorporate, and should alleviate some of the concerns quite immediately. SNOWDEN
Another option could be privacy-friendly countries. Luxembourg, already known for a high degree of maturity in management of sensitive and confidential data, claims to be one of the first countries in the world to have passed Cloud-friendly legislation to protect the privacy of companies’ data. However, interestingly, an industry survey conducted in 2014 by a well established private advisory firm called “Find Accounting Software” discovered the only half the IT professionals surveyed, reported that the Snowden revelations have in any way impacted their likelihood to recommend cloud hosting. 70% of IT professionals reported that the “revelation of NSA communications surveillance” had only a “minor” or “no effect” on whether they would recommend “cloud hosted business software,” and only 18% reported that they had completely ruled the cloud out for business software deployments. (Source: “Study: Will the NSA Scandal Slow Cloud Software Adoption?” published online by Find Accounting Software on march 5, 2014. ) The study concluded as follows: “The NSA surveillance story is clearly impacting attitudes toward the cloud. Specifically, our data shows that 30% of IT professionals reported that the story had either a “Moderate” or “Major” effect on their likelihood to recommend cloud hosting of business software. ArcelorMittal University, IT Academy
Page 33
Cloud Computing Basics
But while the story is having some impact, it does not appear to be the type of impact likely to turn back the overall trend toward increasing cloud adoption rates. Overall, we found that even in the wake of the NSA scandal, only 18% of IT professionals indicated that they would not recommend hosting business software in the cloud.� Here is another view from the Cloud Industry Forum, which was set up in 2009 by the Federation against Software Theft, is a non-profit body that champions the adoption of cloud services. The CIF research using 250 respondents was conducted among UK senior IT staff and business executives. A report in September 2014 revealed that when specifically asked about keeping corporate data in the cloud in light of the publicity over Snowden, 59% of the respondents expressed concern ranging from mild to extreme; 33% of them said the Snowden revelations had indeed changed the way they secured information, with 17% changing where they put their data. Despite these high levels of concern about data security, only 2% of Cloud users reported ever having experienced a breach when using a cloud service. "This should be seen as a solid reinforcement that the fear of a security issue is more exaggerated than the reality of incidents," the report concluded. "Businesses are right to be concerned about their data, but this applies as much to cloud environments as to onpremise," CIF chief executive Alex Hinton said in a statement. Interestingly, in spite of all the concerns, Cloud adoption appears to be progressing at a rapid clip. A 2015 survey of the same 250 respondents revealed the following statistics about increased Cloud adoption (Figure C.11).
FIGURE C.11
ArcelorMittal University, IT Academy
Page 34
Cloud Computing Basics
The
Technical
Perspective
KEY CHARACTERISTICS OF THE CLOUD UNDERSTANDING RESOURCE POOLING
We have earlier defined the Cloud as a “source of computing power established on a server farm that aggregates all available resources (e.g., networks, servers, storage, applications, and services) to provide a huge shareable resource pool, from where resources are dynamically borrowed”. The resources fall into four categories. COMPUTE (CPU). This is a collection of all CPU capabilities. In other words, all the Servers in the Server Farm or Cloud Data Center are part of this compute group. Compute pool represents the total capacity for executing code and running virtual machines. The process to construct a compute pool is to first inventory all servers, and identify virtualization candidates, followed by implementing server virtualization. The total compute power is typically measured as units of “vCore” (virtual core). By using hyper threading and time slicing techniques, a processor with ‘n’ physical cores can be made to look like ‘2n’ or ‘4n’ virtual cores. For instance, if we have a server with "Intel Xeon CPU E5-2620 0 @ 2.00GHz" CPU, this processor has 6 physical cores, but with hyper-threading enabled for the processor, we get 12 virtual cores, although we actually have only one CPU here. Additional time slicing techniques can potentially make this single CPU appear to be 24 virtual cores or more. The sum-total of all vCores in the resource pool constitutes the total shareable CPU power that can be assigned to the virtual machines running in the Cloud. MEMORY. The sum total of all the RAM (Random Access Memory) of all the Servers constitutes the total MEMORY resource pool that can be assigned to the virtual machines running in the Cloud. Unlike the complicated computation for CPU resources, Memory is measured in straight arithmetic. NETWORK (INTERCONNECT). In the seven-layer OSI (Open Systems Interconnect) model of computer networking, the network layer is layer 3, which is responsible for packet forwarding and routing through intermediate routers. The physical and logical devices that connect resources in a Data Center, and isolate resources from layer 3 and below, are gathered into the network resource pool.
ArcelorMittal University, IT Academy
Page 35
Cloud Computing Basics
STORAGE.
All storage in the Cloud Data Center, whether connected to individual Servers, or part of a separate storage array, are aggregated into a single shareable resource pool. The sum total of all storage is the total storage available to the virtual machines running in the Cloud.
FIGURE D.11
Figure D.11 diagrammatically illustrates the shared resource pool. KEY TO MULTI-TENANCY. Different physical and virtual IT resources are dynamically assigned and reassigned according to cloud consumer demand, typically followed by execution through statistical multiplexing. Thus, resource pooling enables the Cloud to service multiple virtual machines, software instances, and clients at the same time, and service the requirements of each client equally. This is multi-tenancy. KEY TO COST SAVINGS. The cost savings in a Cloud is fundamentally based on the concept of resource pooling, because resource pooling leads to reuse of the same resources for multiple clients, and also minimizes idle (unutilized) resources. KEY TO ELASTICITY. The elasticity characteristic that is key to the Cloud concept is rendered possible by resource pooling. When a virtual machine is scaled up, additional resources are borrowed from the resource pool, and when a virtual machine is scaled down, the unrequired resources are returned to the resource pool.
UNDERSTANDING ELASTICITY In cloud computing, elasticity is the degree to which a component of the Cloud autonomously adapts its capacity to the workload over time, where ″capacity″ refers to the maximum workload that a Cloud component can handle. If we have ArcelorMittal University, IT Academy
Page 36
Cloud Computing Basics
a web-facing eCommerce application running in the Cloud, and the application’s demand for Memory increases as more and more potential buyers log in to the system, the Cloud should be able to provide more and more memory to the application — autonomously. That is elasticity. Similarly, the application should not run out of disk space; the potential buys should not run out of available connections to the application. Elasticity is a defining characteristic that differentiates cloud computing from similar computing paradigms, such as grid computing. Scalability is a prerequisite for elasticity, and is not the same as elasticity, because scalability only indicates the total availability of resources; scalability is not concerned with how fast or how soon or how often the resources can scale up or down. For instance, the Cloud might have a huge resource pool providing enormous salability, but if a virtual machine must be re-booted each time the VM’s resource size changes, then the VM cannot make practical use of the additional resources immediately. Thus there would be high scalability but little elasticity. In the Open Source Developers’ Conference 2013, one of the presenters — Nicholas Mailer — recounted that he once launched an app on the Amazon Cloud for a TV game show where viewers could use the app to play along with the show host in real-time. But during the first show itself the app failed because the Amazon Loan Balancers did not FIGURE D.12 work. When they called Amazon desperately, first of all Amazon would not give an answer until they upgraded their support plan to Silver, and then said that next time they would have to warn Amazon an hour before the show to “warm up” their loan balancers. A prime example of scalability without elasticity. Figure D.12 dramatizes the fact that by borrowing resources from the shared resource pool, the Cloud can enable an application to support one user or a million users.
UNDERSTANDING BROAD NETWORK ACCESS The Cloud should be reachable over the Internet and accessed through any Internet device. In simple terms it sounds like if users can reach services and applications from the corporate network, this criteria is accomplished. But in reality, the significance is much broader and also covers the enablement of heterogeneous devices, as well as device independence. Our office intern should be able to use her Word and Excel documents on a Mac, PC, Chromebook or Linux machine. Our salespeople out in the field should be able to get into our CRM system from the road using any mobile device. Our CFO should be able to review financials and conclude agreements from his smartphone. Broad network access eliminates platform lock-in, and throws open Cloud services beyond our network, our desktop, and our choice of supported browser, making Cloud solutions accessible from any network, from any desktop, laptop, or computing device, from any browser, whether Chrome, IE, Firefox, Opera, or Safari — any browser that conforms to HTML standards. Cloud solutions are designed to be accessed by a new generation of users who may never be ArcelorMittal University, IT Academy
Page 37
Cloud Computing Basics
provided a company laptop or phone and who were never told which operating system to run. Figure D.13 illustrates the basic concept in a nutshell.
FIGURE D.13
UNDERSTANDING ON-DEMAND SELF SERVICE Cloud services are meant to be on-demand self service. Cloud users should be able to provision of Cloud resources whenever they want, and do whatever they want, on their own. Typically the user accesses cloud services through an online control panel. Clouds also have APIs (Application Programming Interfaces) that allow users to automate the interaction with the Cloud hypervisor. This is one of the basic requirements of a Cloud, and users typically scale up or down their virtual infrastructure in the Cloud, such as provisioning computing power, storage, networks and software.
The notable features — dramatized in Figure D.14 — are as follows: Completely automated. Users abstracted from the implementation. Near real-time delivery (seconds or minutes). Services accessed through a self-serve web interface.
FIGURE D.14 ArcelorMittal University, IT Academy
Page 38
Cloud Computing Basics
UNDERSTANDING METERED USE Metered services (also called pay-per-use) refers to any type of payment structure where the customer has access to potentially unlimited resources but only pays for what he/she actually uses. Just like electricity! In the Cloud, we should be charged only for services and resources we actually use, when we use it, and pay nothing when no resources are utilized. The Cloud is meant to be paid for like utility services: pay-per-use, better defined as pay-per-consumption, as opposed to pay-per-allocation, which is still followed by a wide range of so-called Cloud service providers like DropBox and Salesforce.com, which do not strictly qualify to call themselves Cloud providers. In DropBox, for instance, if you pay for 1 TB storage space but utilize only 50 GB, you still pay for 1 TB. That is not what the Cloud is meant to be. The fundamental principles are: Services are metered, like a utility. Users pay only for services used. Services can be cancelled at any time. Figure D.15 provides one example of how Cloud metering might be made to work based on a measure of IOPs (InputOutput Operations per second) and other resources (RAM in this example).
FIGURE D.15
ArcelorMittal University, IT Academy
Page 39
Cloud Computing Basics
ENABLING TECHNOLOGIES UNDERSTANDING THE INTERNET WHAT IS THE INTERNET? The Internet is a global communication network consisting of thousands of computer networks all over the world. Definition according to the U.S. Federal Networking Council resolution 1024-95: The word "Internet" refers to a global information system GII that: 1) Is logically linked together by a globally unique address space based on Internet Protocol (IP) or its subsequent extensions & follow on; 2) Is able to support communications using the Transmission Control Protocol/Internet Protocol (TCP/IP) or its subsequent extensions & follow-ons and/or other IP compatible protocols; and, 3) Provides users or makes accessible, either publicly or privately, infrastructure described therein. HOW IS THE INTERNET CONNECTED? The Internet is connected via the INTERNET BACKBONE, which may be FIGURE D.21 defined as the principal data routes between large, strategically interconnected computer networks and core routers on the Internet that constitute a conglomeration of multiple, redundant networks, which are owned and hosted by many commercial, government, academic and other highcapacity network organizations. The Internet Backbone carries and interchanges Internet traffic between the countries, continents and across the oceans (via submarine cables). The Internet Backbone also consists of Internet exchange
FIGURE D.22 ArcelorMittal University, IT Academy
Page 40
Cloud Computing Basics
points and network access points. It is typically a fiber optic trunk line. The trunk line consists of mainly FIBER OPTIC CABLES bundled together to increase the capacity. The backbone is able to reroute traffic in case of a failure. Figure D.21 is a partial depiction of the active Internet Backbone in 2011. Figure D.22 is a world map showing the 460 Million IP addresses that responded to ICMP ping requests or port scans between June and October 2012. (Source: Internet Census 2012). Figure D.23 is a map of the world’s fiber optic cables. (Source: TeleGeography, June 17, 2015)
FIGURE D.23
The Internet Service Providers participate in Internet backbone exchange traffic by privately negotiated interconnection agreements, primarily governed by the principle of settlement-free peering. The largest Internet Service Providers, known as Tier 1 providers, have such comprehensive networks that they never purchase transit agreements from other providers. As of 2013 there were only seven Tier-1 providers in the telecommunications industry: Level 3 Communications, TeliaSonera International Carrier, CenturyLink, Vodafone, Verizon, Sprint, and AT&T Corporation. A BRIEF HISTORY OF THE INTERNET. 1957: The United States Department of Defense formed a small agency called ARPA (Advanced Research Projects Agency) to develop military science and technology. 1961-1965: The Massachusetts Institute of Technology (MIT) started to research sharing information in small, phonelinked networks. ARPA was one of their main sponsors. 1966: The first ARPANET plan was unveiled by Larry Roberts of MIT. 1969-1973: The Department of Defense commissioned the ARPAnet for network research. The first official network nodes were University of California in LA (UCLA), Stanford Research Institute, University of California in Santa Barbara (UCSB), and the University of Utah. The first node to node message was sent from UCLA to Stanford. More nodes, including NASA and Harvard University, joined the network in 1971. The University College of London and Norway's Royal Radar Establishment joined in 1973. 1982: The TCP/IP (Transmission Control Protocol and Internet Protocol) standard was developed. ArcelorMittal University, IT Academy
Page 41
Cloud Computing Basics
1985: The first domain name was registered by Symbiolics Computer Corporation, a company from Cambridge, Massachusetts (USA) on the now historic day, March 15, 1985. The domain name was Symbolics.com, and is still in existence — the first of 275 million domain names in existence in early 2015. The company once very successful in Artificial Intelligence, did not survive, although reportedly the United States Department of Defense continues to pay Symbiolics some maintenance fees for the machines and software it still uses, and the current owner — a small investor group called XF.com in Dallas, Texas (USA) — continues to sell and maintain the Open Genera Lisp system and the Macsyma computer algebra system of the original company. (Source: Wikipedia). 1987: The number of Internet Hosts crossed the 10,000 mark. 1991: Tim Berners-Lee developed and introduced the World Wide Web. 1995-1997: Dial-up systems emerged (America Online, Compuserve). RealAudio introduced Internet streaming technology. Netscape introduced the first WWW browser. HOW DO WE FIND THINGS ON THE INTERNET? Participants in a network (such as the Internet) are located through their respective addresses. The most common network addressing architecture is IPv4 (Internet Protocol version 4) and its successor IPv6 that has been increasingly deployed since 2006. The difference between these two protocols is in their addressing range. The IPv4 address consists of 32 bits, whereas the IPv6 address consists of 128 bits. Therefore, since a longer address can contain more variations of details, the IPv6 can address a far larger number of participants on a network, and is replacing the IPv4. IP Addresses. Every computer on the Internet has a unique identifier called the Internet Protocol address (shortened to “IP Address”), which is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication. Figure D.24 shows the use of IP Addresses in a familiar screenshot that most of us will recognize. An IP address serves two principal functions: host or network interface identification and FIGURE D.24 location addressing. Every computer on the Internet is uniquely identified on the Internet by its IP Address. For instance, the main server at Amazon.com has the IP address: 72.21.211.176 (at the time of writing this eBook). Subnets. Subnetting an IP network separates a big network into smaller multiple networks for reorganization and security purposes. Subnetting is achieved by applying a Subnet Mask. A Subnet Mask has to be understood in terms of something we probably remember from our school days as “logical conjunction” which dealt in AND, OR and NOT logical operations; and, TRUE and FALSE outcomes. When this concept is applied in computer engineering to bitwise operations, the following rules apply (think of it as a kind of binary arithmetic, with “AND” instead of the + sign): ArcelorMittal University, IT Academy
Page 42
Cloud Computing Basics
0 AND 0 0 AND 1 1 AND 0 1 AND 1
= = = =
0 0 0 1
The operation is called an AND Operation. Here is an example. If we AND the following two binary strings below we get the third string: 1101 1000 1111 1111 ————— 1101 1000 Every IP address has a Subnet Mask, which is a 32-bit number that divides the IP address into network address and host address. Applying a subnet mask to an IP address separates network address from host address. The network bits are represented by the 1's in the mask, and the host bits are represented by 0's. Performing a bitwise logical AND operation on the IP address with the subnet mask produces the network address. Here is an example: IP: 1101 1000 . 0000 0011 . 1000 0000 . 0000 1100 (216.003.128.012) Mask: 1111 1111 . 1111 1111 . 1111 1111 . 0000 0000 (255.255.255.000) --------------------------------------------———————————————1101 1000 . 0000 0011 . 1000 0000 . 0000 0000 (216.003.128.000) THE ROLE OF DOMAIN NAMES. It is much easier to remember the name “Amazon” than its IP Address 72.21.211.176 (as of the time of writing this eBook). That is why domain names (such as, amazon.com) were invented. But when we type in “www.amazon.com” into our browser, it must first be translated into Amazon’s IP address so that our computer can find the Amazon server on the Internet. This translation is done by Domain Name Servers (DNS). Figure D.24 shows a simplistic view of the steps required to reach the Amazon website: Step-1: We type in the letters “www.amazon.com” into our laptop, and our laptop sends those letters (the domain name) to the DNS Server. Step-2: The DNS Server looks up the domain name in its translation table. Sometimes that particular DNS Server might not have the translation for the domain name we have provided, and it might refer to another DNS Server. The simplified diagram skips those details. FIGURE D.25 What is important is that ultimately the DNS Server will have the IP address corresponding to “amazon.com” in its translation table, and will return Amazon’s IP address to our browser. Step-3: Our browser then uses that IP address to reach the Amazon Server. ArcelorMittal University, IT Academy
Page 43
Cloud Computing Basics
TO SUMMARIZE: If we have ever used the Internet, we have already used the Domain Name System (DNS) without even realizing it. The DNS is a protocol within the TCP/IP protocol suite which runs the Internet, and its basic job is to turn a user-friendly domain name like "amazon.com" into an Internet Protocol (IP) address like 72.21.211.176 that computers use to identify each other on the network. Instead of typing “www.amazon.com� on our browser, we can directly type in 72.21.211.176. This is similar to dialing a phone number to connect to the person we are trying to reach. Thanks to DNS we do not need to maintain an address book of IP addresses. Instead, we simply type in the name of the site (such as amazon.com or ebay.com) and the DNS (domain name server, also called a DNS server or a name server) system which manages a massive worldwide database that maps domain names to IP addresses, will translate the name into the required IP address. URL. We have already used URLs while navigating the Internet. A uniform resource locator (URL) is a way of uniquely identifying any particular resource on a computer network (such as the Internet), and is, therefore, also a mechanism for reaching that particular resource. Although in our daily use, URLs most commonly reference web pages, that is not their only function. An URL can also be used for identifying a range of other artifacts, including but not limited to file transfer (ftp), email (mailto), and database access (JDBC). A URL has two main components: (a) a Protocol Identifier, and (b) a Resource Identifier. In the URL example below, the first part (http) identifies the protocol to be used, and the second part (www.amazon.com/index.html) identifies where the domain name (or IP address) resource is located, with a colon and two forward slashes separating the two. http://www.amazon.com Below are some other examples of the use of URLs.
Tim Berners-Lee THE INVENTOR OF THE WEB
ftp://eau.ww.eesd.gov.calgary/home/smith/budget.wk1 gopher://gopher.voa.gov file:/data/letters/to_mom.txt mailto:admin@example.com
(Space left blank on purpose)
ArcelorMittal University, IT Academy
Page 44
Cloud Computing Basics
UNDERSTANDING WEB TECHNOLOGY We sometimes use the word “Internet” and “Web” interchangeably. That is wrong, because they are not one and the same thing. THE DIFFERENCE BETWEEN THE INTERNET AND THE WEB. What is the Internet? The Internet is a massive networking infrastructure — a network of networks — which connects millions of computers globally, and uses the Internet Protocol as its technical premise for connecting computers. What is the Web? The World Wide Web — also often simply called the Web — is an information infrastructure built on top of the Internet that contains countless documents and other web resources, all interlinked together. When we access Amazon, which is an online bookshop and much more, we access a resource on the Web). When we access a web page FIGURE D.26 on Amazon that talks about a certain book, as in the URL below, we access one particular document on the Internet that looks like what is shown in Figure D.26. http://www.amazon.com/Levels-Leadership-Proven-Maximize-Potential-ebook/dp/B004QZ9P7O/ref=sr_1_1? s=books&ie=UTF8&qid=1437940239&sr=1-1&keywords=leadership The World Wide Web is a full-blown information-sharing model that is built on top of the Internet, and uses the HTTP (Hyper Text Protocol) protocol to transmit data between communicating computers. The commonest activity on the Web is the use of a browser (such as Chrome or the Internet Explorer) to access Hypertext documents called Web pages that are linked to each other via hyperlinks. Hypertext documents are formatted and annotated with the Hypertext Markup Language (HTML), and may contain links to images, video, and software components that are presented to users of a web browser running on the user's computer, as orderly pages of multimedia content. Users are able to navigate between web pages using embedded hyperlinks permit. When a collection of hypertext documents are published for a common purpose with a common theme and FIGURE D.27 ArcelorMittal University, IT Academy
Page 45
Cloud Computing Basics
within a common domain name, the collection is usually called a web site.
The Web is just one of many ways whereby information may be distributed over the Internet, and is just a part (albeit a large part) of the Internet. It is not the same thing as the Internet. HTML. XHTML. The full form of HTML is HyperText Markup Language, which is the standard language used to coding web pages. The code uses different HTML elements consisting of tags enclosed in angle brackets (e.g., <html>), and most commonly coming in pairs (e.g., <h1> and </h1>), the first tag being called the start tag (or opening tag), and the second being called the end tag (or the closing tag). All Web browsers can interpret HTML files and present them as web pages. Figure D.27 shows a small part of the HTML code that results in the wonderfully rendered web page shown in Figure D.28. HTML elements form the building blocks of all websites. HTML not only allows images and a range of other objects to be embedded, but also enables the creation of interactive forms. HTML provides structural semantics for headings, paragraphs, lists, links, quotes and other items, thereby enabling the creation of visually aesthetic and functionally useful pages and forms of FIGURE D.28 almost any nature. HTML even allows the embedding of scripts such as JavaScript which allows the behavior of web pages to change dynamically. Since HTML describes the structure of a website semantically along with hints for presentation, it is called a markup language, rather than a programming language. XHTML is Extensible Hypertext Markup Language (XHTML) uses XML (explained elsewhere in this document) to extend the capabilities of HTML. With the release of HTML5, which also uses XML, the difference between HTML and XHTML has blurred, though still existing. CSS. Cascading Style Sheets (CSS) is a mechanism that can be effectively used to describe the look and formatting of a document written in a markup language. Although it is most often utilized to alter the style of web pages and UI (user interfaces) developed in HTML and XHTML, CSS can be applied to any kind of XML document. CSS is a powerful design mechanism for creating visually appealing websites and online documents, including mobile applications. CSS enables separation of document content from document presentation concerns, including elements such as the layout, colors, and fonts. It is advisable to place all style information in CSS, and to avoid using any styling features of the markup language, so that all our document's style information is in one place. This separation generally improves flexibility in the programmerâ&#x20AC;&#x2122;s ability to dynamically change the look and feel of ArcelorMittal University, IT Academy
Page 46
Cloud Computing Basics
what is being presented. In particular, this separation of formatting and content enables the application to present the same information in different styles for different rendering methods, such as on-screen, in print, by voice (a text-tospeech reader) and on tactile devices, as well as dynamically display the web page differently depending on the screen size or device on which it is being viewed. XML. XML is the short-form of Extensible Markup Language for defining documents. It is a markup language much like HTML. It was designed to describe data, not to display data. XML tags are not predefined; we must define our own tags. Unlike HTML, which was designed to display data, XML was designed to describe data. With HTML the focus is on how the data looks, whereas with XML the focus is on what the data is. XML is designed to be self-descriptive, and is the recommended tool for data definitions. Although the design of XML focuses on documents, it is widely used for defining data that is used by web services that exchange data between applications. WEB 3.0 As the Web developed through the years, beginning in 1991 when it was first announced to the world by its inventor Tim Berners-Lee, it has been transformed FIGURE D.29 from just a place for publishing information (called Web 1.0) to a vibrant social media platform for instant global interaction (called Web 2.0). Web 3.0 is the vision of a Semantic Web where the web will acquire intelligence and bring relevant meaning into our lives without asking. In effect, the web will become our personal assistant whom we can ask questions like â&#x20AC;&#x153;What would you suggest I do this evening?â&#x20AC;?
This is a rather speculative definition, because Web 3.0 is still in the future (at the time of writing this eBook when even the promise of Web 2.0 has not yet been fully realized). In more technical terms, and according to the guidelines of the W3C (World Wide Web Consortium), the Semantic Web (or Web 3.0) will promote common data formats and exchange protocols on the Web, most fundamentally the Resource Description Framework (RDF). "The Semantic Web provides a common framework that allows data to be shared and reused across application, enterprise, and community boundaries". (Source: "W3C Semantic Web Activity". World Wide Web Consortium (W3C). November 7, 2011.) The term itself was first coined by Tim Berners-Lee referring to a web of data that be processed by machines. While there are critics and sceptics who theorize that the Semantic Web can never be realized, by 2013 there were already 4 million domains that contained Semantic Web readiness markup.
UNDERSTANDING DATA CENTERS A data center is a facility used to house computer systems and associated components, such as telecommunications and storage systems. It generally includes redundant or backup power supplies, redundant data communications connections, environmental controls (e.g., air conditioning, fire suppression) and various security devices. Large data centers are industrial scale operations using as much electricity as a small town. The major components that make up a data center are as follows: 1. Building Shell ArcelorMittal University, IT Academy
Page 47
Cloud Computing Basics
2. IT Equipment 3. Electrical Infrastructure 4. Cooling Infrastructure BUILDING SHELL. The architectural and structural components of a data center are pretty basic, consisting of four walls and a roof. A data centers is very similar to a warehouse where the middle of the building is empty (but will be filled up with IT equipment instead of boxes). Data centers are built using the same techniques and materials as typical office buildings, however the two structures differ in robustness. Data Center structural components will be bigger and stronger in order to sustain natural disasters or explosives. The most critical data centers, such as those used by defense departments for national security, might even be located within a mountain or deep underground for protection. The typical data center looks much like normal office buildings or warehouses from the outside. Figure D.30 shows three data centers in the United States: the first one is the Vantage data center in Quincy, Washington; the second is the building, a large part of which is occupied by Alchemy Communications data center in Los Angeles, California; while, the third is the Internap data center in New Jersey. By looking at them, we wouldnâ&#x20AC;&#x2122;t even know they housed critical data centers. I.T. EQUIPMENT. The three main types of IT equipment in a data center are: 1. Servers 2. Communication equipment 3. Storage equipment Servers.
FIGURE D.30
Servers run software applications and are almost exactly like our desktop or laptop computer, except much faster and more powerful. Servers are mounted in racks, as shown in Figure D.31. A large Data Center might have over 100,000 servers. Communication equipment. Communication and networking gear manages how data is transferred in and out of the data center and between the IT equipment housed inside the data center. Typically, data centers contain a set of routers and switches that transport traffic between the servers and to the outside world. Redundancy of the Internet connection is often provided by using two FIGURE D.31 or more upstream service providers. Some of the servers at the data center are used for running the basic Internet and intranet services needed by internal users in the organization, e.g., e-mail servers, proxy ArcelorMittal University, IT Academy
Page 48
Cloud Computing Basics
servers, and DNS servers.
Network security elements are also usually deployed, such as firewalls, VPN gateways, intrusion detection systems, and so on. Also common are monitoring systems for the network and some of the applications. Additional off site monitoring systems are also typical, in case of a failure of communications inside the data center. Earlier, data centers, with heavy dependence on the older Cat-5 cables, used to present problems such as the one depicted in FIGURE D.32 Figure D.32, but today, with the prevalence of fiber optics and wireless, data center communication equipment are integrated into a much more elegant solution as shown in Figure D.33. Storage equipment. Storage equipment is where all the data â&#x20AC;&#x201C; SAP databases, Emails, -- are stored. Storage arrays are also mounted in racks, and look much like rack-mounted servers. Typically, storage racks are clustered separately from server racks. ELECTRICAL INFRASTRUCTURE. FIGURE D.33
The purpose of the electrical infrastructure in a data center is to take power from the utility grid and deliver it to the IT equipment without interruption. Power losses are very bad and costly. Therefore the design and operation of the electrical infrastructure is based on one thing: Redundancy. The electrical distribution is designed and built so that if one system fails or a power connection is lost, there is another energy source to keep the power flowing and the IT equipment up and running. Data center staff spend a lot of time managing the health of the electrical infrastructure to prevent any failures. Figure D.34 provides a general line diagram of the electrical infrastructure showing how power gets from the utility grid to the IT equipment. In practice this is more complex and may include further layers of redundancy, but the concept is the same. The utility grid provides the ultimate source of power for the data center. Some facilities are connected to two separate utility grids for redundancy if one goes down. Backup generators are diesel powered electrical generators that produce electricity in the FIGURE D.34 event the utility grid goes offline. Automatic Transfer Switches (ATS) are able to switch the source of power from the utility grid to the backup generators without interruption. Figure D.34 shows a typical set of diesel generators in a data center. Normally, the data center also builds underground storage for the fuel to run these generators for several days in the event of a ArcelorMittal University, IT Academy
Page 49
Cloud Computing Basics
failure of the electrical grid. In the event of a sudden utility outage, Uninterrupted Power Supplies or Uninterruptible Power Source (UPS) â&#x20AC;&#x201D; shown in Figure D.35 â&#x20AC;&#x201D; provide power to the IT equipment for the minute or two that it takes to startup the backup generators. It is an electrical apparatus that provides emergency power to a load when the input power source fails. A UPS differs from an auxiliary or emergency power system or standby generator FIGURE D.34 in that it will provide nearinstantaneous protection from input power interruptions, by supplying energy stored in batteries, super capacitors, or FIGURE D.35 flywheels. The on-battery runtime of most uninterruptible power sources is relatively short (only a few minutes) but sufficient to start a standby power source or properly shut down the protected equipment. Reportedly, the world's largest UPS, the 46-megawatt Battery Electric Storage System (BESS), in Fairbanks, Alaska, powers the entire city and nearby rural communities during outages. [Source: Wikipedia] COOLING INFRASTRUCTURE. The purpose of the cooling infrastructure is to remove the heat generated by the IT equipment. If this heat is not removed, the IT equipment will get too hot and shut down. Just like the IT infrastructure, cooling redundancy is extremely important in order to provide ongoing cooling operation. The cooling infrastructure consists of air conditioning units called Computer Room Air Conditioners (CRAC) or Computer Room Air Handlers (CRAH). Newer data centers are using more advanced cooling technology such as evaporative cooling and free cooling. Data center cooling equipment is deployed in the same physical space as the IT equipment. See Figure D.36 for a typical example of a cooling unit. Most cooling units consist of two components: a fan to move the air and a cooling coil to remove the heat. FIGURE D.36
centers because they are more efficient at removing heat than direct expansion (DX) units. Chiller plants create cold water that is delivered to the cooling unit within the data center. Figure D.37 shows what a typical chiller plant looks like. It is basically a mechanical device used to facilitate heat exchange ArcelorMittal University, IT Academy
Chiller plants are often used as a cooling source for larger data
FIGURE D.37 Page 50
Cloud Computing Basics
from water to a refrigerant in a closed loop system. The refrigerant is then pumped to a location where the waste heat is transferred to the atmosphere. DATA CENTER TIERS. The Telecommunications Industry Association is a trade association accredited by ANSI (American National Standards Institute). The ANSI/TIA-942:Data Center Standards describes the requirements for the data center infrastructure.
The simplest is a Tier 1 data center, which is basically a server room. The most stringent level is a Tier 4 data center.
The Uptime Institute -- a think tank in Santa Fe, New Mexico (USA) -- has defined its own four levels, and this categorization is more commonly used in identifying the sophistication of a data center.
UNDERSTANDING UPTIME. Whilst no down-time is ideal, the tier system allows for unavailability of services as listed below over a period of one year (525,600 minutes). While 99.671% uptime sounds very impressive, the table below shows that it means the data center could be down for more than 28 hours in a year.
Tier 1 (99.671%) status would allow 1729.224 minutes or 28.817 hours. Tier 2 (99.741%) status would allow 1361.304 minutes or 22.688 hours. Tier 3 (99.982%) status would allow 94.608 minutes. Tier 4 (99.995%) status would allow 26.28 minutes.
“
99.671% uptime sounds very impressive… (but) the data center could be down for more than 28 hours in a year.”
UNDERSTANDING VIRTUALIZATION The Merriam-Webster dictionary defines the word “virtual” as “very close to being something without actually being it”. Virtualization in Cloud computing means simulating computer environments that look like the real environment and behave like the real environment so that it can be fully used just like the real environment it is simulating. For instance, we could create a virtual desktop with 4 CPU cores (quad core), 32 GB RAM and 1 TB hard drive with Windows 10 operating system running on it — and to the user, it would look and behave just like a real desktop with that configuration. Whatever we could do on a real machine of that configuration could be done on the virtual desktop ArcelorMittal University, IT Academy
Page 51
Cloud Computing Basics
of the same configuration. How does this happen? Let us take a deeper dive into the topic. VIRTUALIZATION WITHIN A SINGLE SERVER. Figure D.38 shows a hardware server (actual server) with certain resources. If we wanted to simulate a two servers inside this single server, the total resources that could be distributed to these two simulated servers would be as follows:
128 GB RAM (Memory). 1 TB disk storage space. 8 cores x 16 threads = 128 virtual cores of CPU.
This would be the total shareable resource pool that would be available for distributing amongst all the simulated machines we might want to create within the physical server. Now, armed with virtualization software, we could simulate inside this Server, two virtual servers (Server– and Server-2, respectively) of the following configuration:
FIGURE D.38
SERVER-1
32 GB RAM (Memory). 400 MB disk storage space. 48 virtual cores of CPU.
SERVER-2
96 GB RAM (Memory). 600 MB disk storage space. 80 virtual cores of CPU.
Each of these simulated servers would look and behave just like a real server with these respective configuration.
FIGURE D.39 ArcelorMittal University, IT Academy
If we did the above simulation, then the FREE resource pool would be zero. Typically what we would do would be to allocate smaller servers and leave some resources in the FREE resource pool, so that each server could borrow more resources from the free pool — as needed — and scale up and down depending on the then-current workload. Figure D.39 shows such a scenario, where the FREE resources are 72 GB RAM, 104 virtual cores of CPU and 800 GB disk storage. Page 52
Cloud Computing Basics
The problem with virtualization within a single server is that the total size of resource pool would be limited by the maximum size of the hardware server we could buy. The Cloud solves that problem. VIRTUALIZATION IN THE CLOUD. In the Cloud, we combine the resources of many servers to build our Resource Pool, and the different servers in a Cloud need not be of the same size. So we have the flexibility of combining the resource of a diverse set of servers into one Cloud. So, for instance, Figure D.40 shows how 12 servers could be combined into a single Free Resource Pool in a Cloud. A single Cloud could have thousands of servers supporting it based out of massive server farms. A non-technical way of looking at virtualization would be to think of a bunch of different computers pretending to be One Large Computer with massive CPU power, lots of memory, and tons of storage, as graphically depicted in Figure D.41. This single massive computer does not actually exist, but virtualization technology makes this possible, and makes a Cloud appear equivalent to a massively huge computer. Of course, how massive or huge depends entirely
FIGURE D.40
on the individual servers that collectively give birth to this large virtual computer (â&#x20AC;&#x153;the Cloudâ&#x20AC;?). The Cloud now becomes the platform for creating Virtual Machines, as an extension of the same concept explained under the section VIRTUALIZATION WITHIN A SINGLE SERVER, with the sole exception that the same techniques are now applied on this virtual computer called the Cloud. MANY BECOME ONE. ONE BECOMES MANY. FIGURE D.41
Virtualization makes one computer behave like many smaller computers. When virtualization is extended across many computers clustered together and organized as a Cloud, the Cloud then behaves like many smaller computers. So ironically, the Cloud consists of many computers pretending to be One Large Computer; and what does this One Large ArcelorMittal University, IT Academy
Page 53
Cloud Computing Basics
Computer (the Cloud) do? In turn, it pretends to be many smaller computers, each is called a Virtual Machine (VM).
So the smaller virtual computers (VMs) live inside one Huge Virtual Computer called the Cloud which is made up of many smaller real machines. But there is one HUGE DIFFERENCE between these virtual computers and the real computers that lie beneath the Cloud: these virtual computers in the Cloud can grow and shrink as they wish; the real computers can not do that. EACH HIS OWN MASTER. Each virtual machine is a separate and independent space inside the Cloud, and one can decide what operating system (such as Windows 10, Linux, Mac OS X, etc.) to run on each virtual machine. THE ONLY THREE RESTRICTIONS. The Cloud and its virtual machines live in a world of only three hard restrictions: 1. All computers making up the Cloud must offer the same FIGURE D.42 instruction set. All Intel computer chips, for instance, run the x86 Instruction Set. So we can build a Cloud on top of a bunch of computers that run the x86 instruction set, even if some of these are built on Intel chips, while others are built on AMD chip, because both these chips run the x86 instruction set. But we wouldn’t be able to include any computer in that group that used, for instance, the Motorola 68000 chip, because that runs a different instruction set altogether. 2. No virtual machine can be larger than the largest single computer amongst the tens or hundreds or thousands of computers that make up the Cloud. 3. All operating systems running inside the individual virtual machines must run on the instruction set on which the Cloud is built. So, for instance, we wouldn’t be able to run Windows 10 (which runs on x86 instruction set) and IBM AIX 7.1 (which runs on the IBM PowerPC instruction set) in different virtual machines on the same Cloud. CPU VIRTUALIZATION. Under the surface of these easy explanations lies some very complex technology that was first commercially solved by VMware. Let us take a brief look using the x86 hardware as a case study. x86 operating systems are designed to run directly on the bare-metal hardware, so they naturally assume they fully ‘own’ the computer hardware. The x86 architecture offers four levels of privilege known as Ring 0, 1, 2 and 3 to operating systems and applications to manage access to the computer hardware. While user level applications typically run in Ring 3, the operating system needs to have direct access to the memory and hardware and must execute its privileged instructions in Ring 0. Virtualizing the x86 architecture requires placing a virtualization layer under the operating system (which expects to be in the most privileged Ring 0) to create and manage the virtual machines that deliver shared resources. Further complicating the situation, some sensitive instructions can’t effectively be virtualized as they have FIGURE D.43 different semantics when they are not executed in Ring 0. The difficulty in trapping and translating these sensitive and privileged instruction requests at runtime was the challenge that originally made x86 architecture virtualization look impossible. VMware engineers resolved the challenge in 1998, developing binary translation techniques that allow the VMM to run in Ring 0 for isolation and performance, while moving the operating system to a user level ring with greater privilege than applications in Ring 3 but less privilege than the virtual machine monitor in Ring 0. ArcelorMittal University, IT Academy
Page 54
Cloud Computing Basics
Technique-1: Full Virtualization using Binary Translation.
This technique uses a combination of binary translation and direct execution techniques. It translates kernel code to replace non-virtualizable instructions with new sequences of instructions that have the intended effect on the virtual hardware. User level code is directly executed on the processor for high performance virtualization. Each virtual machine monitor provides each Virtual Machine with all the services of the physical system, including a virtual BIOS, virtual devices and virtualized memory management. This combination of binary translation and direct execution provides Full Virtualization as the guest OS (i.e., Virtual Machine) is fully abstracted (completely decoupled) from the underlying hardware by the virtualization layer. The guest OS (VM) is not aware that it is being virtualized and requires no modification. Full virtualization is the only option that requires no hardware assist or FIGURE D.44 operating system assist to virtualize sensitive and privileged instructions. The hypervisor translates all operating system instructions on the fly and caches the results for future use, while user level instructions run unmodified at native speed. Technique-2: OS-assisted Virtualization (Paravirtualization). Paravirtualization refers to communication between the guest OS and the hypervisor to improve performance and efficiency. Paravirtualization involves modifying the OS kernel to replace nonvirtualizable instructions with hypercalls that communicate directly with the virtualization layer hypervisor. The hypervisor also provides hypercall interfaces for other critical kernel operations such as memory management, interrupt handling and time keeping. Paravirtualization is different from full virtualization, where the unmodified OS does not know it is virtualized and sensitive OS calls are trapped using binary translation. The value proposition of paravirtualization is in lower virtualization overhead, but the performance advantage of paravirtualization over full virtualization can vary greatly depending on the workload. Paravirtualization can also introduce significant support and maintainability issues in production environments as it requires deep OS kernel modifications. FIGURE D.45
While it is very difficult to build the more sophisticated binary translation support necessary for full virtualization, modifying the guest OS to enable paravirtualization is relatively easy. VMware has used certain aspects of paravirtualization techniques across the VMware product line for years. Technique-3: Hardware-assisted Virtualization. One of the principle problems with managing virtualization through the software alone is that the x86 architecture uses the concept of privilege levels (or privilege rings) for machine instructions. The most privileged operations, which are reserved for the host operating system, have a privilege level of 0. A virtual system running on top of the host can't access the 0 privilege level directly and therefore instructions passed down to the host much undergo a time-consuming conversion known as ring deprivileging. Although some ingenious techniques have developed through the years for passing privileged instructions to the host, even in the best case, this technique incurs significant system overhead. Hardware-assisted virtualization provides three key performance enhancements over softwarebased solutions: ArcelorMittal University, IT Academy
FIGURE D.46 Page 55
Cloud Computing Basics
1. Faster transfer of platform control between guest OSs and the VMM. 2. Secure assignment of specific I/O devices to guest OSs. 3. An optimized network for virtualization with adapter-based acceleration. These enhancements result in lower CPU utilization, reduced system latency, and improved networking and I/O throughput.
UNDERSTANDING HYPERVISOR The software that manages all the Virtual Machines in a Cloud is the Virtual Machine Monitor (VMM), which is most often called the Hypervisor, a name which is probably drawn from the early days of computing when the Operating System was called the Supervisor. The most prevalent hypervisors at this time are VMware, Hyper-V, Xen and KVM.
TYPE-I HYPERVISOR. This type of hypervisor (shown in Figure D.47) is deployed as a bare-metal installation (It is the first thing to be installed on a server.) The benefit of this is that the hypervisor will communicate directly with the underlying physical server hardware. This is the preferred method for many production systems. TYPE-II HYPERVISOR This type of hypervisor (shown in Figure D.48) is also known as a hosted hypervisor. The software is not installed onto the bare-metal, but instead is loaded on top of an already live operating system. Although there is an extra hop for the resources to take when they pass through to the VM – the latency is minimal and with today’s modern software enhancements, the hypervisor can still perform optimally.
FIGURE D.47
UNDERSTANDING MULTI-TENANCY Let us understand multi-tenancy using an analogy: Office space. Let us imagine 52 companies — large and small — that occupy their own separate office buildings. Some of those buildings have unused space for growth, while some others are crammed and experiencing lack of space. Each building has its own grounds, parking lot, security, grounds maintenance crew, janitorial service, and general maintenance crew to attend to civil, electrical and mechanical failures of the infrastructure (building, elevators, electrical wiring and appliances, plumbing, heating & cooling systems, etc.). Now let us imagine that these 52 companies decide to move to a single 12 story office building (owned by a real estate company), where each ArcelorMittal University, IT Academy
FIGURE D.48 Page 56
Cloud Computing Basics
company gets to choose the amount of space they need. Additionally, the office building will provide all parking facilities, security, maintenance, upkeep and janitorial services from a central “support organization”, the cost of which will be shared by the 52 companies in proportion to how much space they occupy. As a result of such a move, each company will save cost — perhaps significant cost — and gain in terms of convenience, greater efficiency and enhanced value. The central support organization operating the building can also be tasked to provide a cafeteria, a gymnasium and even a crèche for use by the tenants; employees. The benefits keep piling on at an affordable cost. Now consider that after these 52 companies move in, they will experience their own disparate FIGURE D.49 fortunes of success and failure, growth and shrinkage. As a result, there will be constant dynamic movement in the availability of space, as some companies will want more space some will want to give up space or move out altogether, and so on. As a result, this dynamism will offer every tenant some ability to grow and shrink in accordance with their changing requirement. The benefits are: 1. 2. 3. 4.
Improved resource utilization. Minimized cost. Greater facilities. Improved flexibility.
Multitenancy applies this same concept to the world of computing.
FIGURE D.50 ArcelorMittal University, IT Academy
Let us imagine 52 servers — large and small — that are currently housed in different data centers and/or data rooms of individual companies. Some of those servers have unused space for growth, while some others are crammed and experiencing lack of space. Each server has its own support staff, license cost, annual maintenance contract, and so on. Each data center and computer has to be separately serviced by Page 57
Cloud Computing Basics
adequate electric power, heating and cooling systems, security, access control, and so on.
Now let us imagine that the owners of these 52 servers decide to move their respective servers to a single Cloud (owned by a Cloud hosting company), where each server gets to choose the amount of memory, storage space and computing power it needs. No company now needs to maintain their own data centers or computer rooms, or worry about heating and cooling, power supply, access control systems, and so on. Additionally, the Cloud will provide all servers with the ability to grow or shrink dynamically as required. The benefits are just the same: 1. 2. 3. 4.
Improved resource utilization. Minimized cost. Greater facilities. Improved flexibility.
UNDERSTANDING SERVICE MODEL The service model simply involves providing something as a service to be utilized as and when required, rather than as a product to be purchased upfront. The objective is to transform CapEx (capital expenses) into OpEx (operational expenses). Here are some extreme, as well as common, examples. JET ENGINE AS A SERVICE. Instead of selling a jet engine to an aircraft manufacturer for USD 15 million, one or more jet engine manufacturers have started providing the engine for free, and even providing all spare parts (where, in the past, the jet engine manufacturers made most of their money) for free, and charging the end-user on a pay-perconsumption model with the unit of measure being the thrust generated by the engine (often measured as “lbf”: pounds of force). So it now lowers the initial cost of the aircraft, and aligns the operating cost of the aircraft with its actual usage. The more it flies, the more revenues it earns, and more will it have to pay for the jet engine(s) running the aircraft. When the aircraft is sitting on the ground, neither the airline makes money, nor the jet engine manufacturer. That defines the innate partnership of the customer and the vendor, with both dependent on the same parameter for survival: usage. New emerging service models such as this are beginning to crop up in the manufacturing industry, and revolutionizing the service landscape. ADVERTISING AS A SERVICE. End-user companies do not need to pay for blocks of advertising space, like billboards or pages in newspapers and magazines. They can advertise their products and services on different electronic billboards, websites and search engines that will automatically display their advertisements depending on what the user is searching for. All for FREE. Only when a user clicks on their advertisement, they pay a certain amount of money — ranging from a few cents to a few hundred dollars — to the advertising agency. This service model was first released in the U.S. in 1996 in a web directory called Planet Oasis, which was a desktop application (developed by Ark Interface II, a division of Packard Bell NEC Computers) that provided links to informational and commercial web sites. The initial reactions from companies was skeptical, but by the end of 1997, ArcelorMittal University, IT Academy
Page 58
Cloud Computing Basics
over 400 major brands were paying between $.005 to $.25 per click plus a placement fee. In February 1998 Jeffrey Brewer of Goto.com, a 25-employee startup company (later Overture, now part of Yahoo!), finally presented a pay per click search engine proof-of-concept to the TED conference in California. This presentation finally created the Pay-PerClick (PPC) advertising system. Credit for the concept of the PPC model is generally given to Idealab and Goto.com founder Bill Gross. [Source: Wikipedia]
Pay per per Use Use Cafe Cafe Pay
CAFE AS A SERVICE.
Ziferblat (free space) is an international coffeehouse chain, at which customers pay for the time spent there, rather than the food – offering unlimited free WiFi, tea and biscuits. The innovative pioneer of this unique concept is Ivin Mitin. He is quoted on Wikipedia as follows: "The main concept of Ziferblat is not only to use an unusual pay system, but to create a space cushy as home where it’s comfortable for you to work and to entertain as well, a place where it’ll be easy to meet new people. One of the main Ziferblat’s features is a tendency to allow the guest to be autonomous, if you want you can become a part of the process: cook food and make drinks at the common kitchen, organize events. People aren’t paying for consumption; we pay for the space and they pay for the time, so it’s about participation." As of 2015, Ziferblat has opened in four countries: Russia (Moscow, Saint Petersburg, Kazan, Nizhny Novgorod, and Rostov-on-Don), Ukraine (Kiev), Great Britain (Manchester and London) and Slovenia (Ljubljana). In an article titled "Pay-per-minute cafe opens in London", The Telegraph reported on Jan 9, 2014: "Customers must take an alarm clock from a cupboard upon arrival, note the time, and then keep it with them until they leave. A flat fee of three pence per minute means that an hour-long stay will set you back just £1.80 – no matter how many cups of Earl Grey and custard creams you manage to tuck away. There is no minimum time, either, meaning a hastily drunk coffee can be had for mere pennies. Guest must serve themselves using a coffee machine and kettles. Other ‘complimentary’ snacks, including fruit and vegetables, can be prepared in the kitchen – punters can even choose to wash their own dishes. There’s also a piano, a record player and unlimited Wi-Fi to provide entertainment." ELECTRICITY AS A SERVICE. This is a the age-old utility model we are all familiar with. When we build a house, the local power grid provides a connection to the house at no cost. We are charged based on the amount of electricity we consume, If we consume nothing, we pay nothing. If we consume a lot, we pay a lot. The same holds true more or less for gas and water coming into our houses, and has earned this model the name called Utility Billing Model. COMPUTING AS A SERVICE. The Cloud brings the service model to the computer industry. The vision is to transform most computing costs from CapEx into OpEx. Companies need no longer invest in hardware or software, but draw computing power from a wall outlet or through wireless transmission as and when required, as much or as little required, of the exact nature required. This has revolutionized the industry, but as of 2015, the full potential and the value of the “computing as a service” model is still far from realized. With everyone and his mother labeling their services as a “Cloud service”, and a confused clientele stuck in the maze of technological acronyms, the true service model is still largely unrealized.
ArcelorMittal University, IT Academy
Page 59
Cloud Computing Basics
CLOUD SERVICE MODELS The Cloud delivers computing power as a service. It helps companies move from the CapEx model of IT — where heavy investment in servers, computer rooms (or data centers) and support personnel is required to support — to an OpEx model where most of these headaches can be transferred to the Cloud provider, and the end-user company can focus on using computing power as a service. The complete stack of components that deliver computing power to the end-user is as follows, and illustrated in Figure D.51 bottom-up, which may be called the computing power delivery stack: HARDWARE COMPONENTS Base hardware: CPU, RAM, motherboard, ROM, etc. Networking: To be able to connect to the Server, to the Local Area Network, and to the Internet. Local storage: SSD (Solid State Drive) or Traditional Drive — at least to run the operating system. Servers that host corporate applications and data. SYSTEMS SOFTWARE COMPONENTS Operating System: Such as Windows 10, Mac OS X, Linux, AIX, etc. Middleware: Different kinds of software riding on the Operating System, delivering necessary functionality, such as additional security, antivirus, VPN (Virtual Private Network) connections to remote resources, software development tools (compilers, debuggers, linkers, Integrated Development Environment tools) etc. Virtualization could be installed as a middleware or directly on the FIGURE D.51 physical hardware, depending on whether Type-I or Type-II hypervisor is used. Runtime: Runtime libraries designed to implement functions built into a programming language, such as .NET framework, J2EE runtime components, etc. APPLICATION SOFTWARE COMPONENTS Application software: SAP, Salesforce, Accounting software, Email software, Word processors, executive dashboards, etc. Corporate data: SAP databases, word processing files, email repositories, presentations, etc. All of the above components have to be delivered to an end-user like us in order for us to be able to use the computer for doing tasks like writing an email, typing a document, preparing a presentation, processing an invoice, watching a video, connecting to a WebEx meeting, using Skype, an so on. The Cloud delivers all of those components at three different levels, which define the three Cloud Service Models.
IaaS: INFRASTRUCTURE AS A SERVICE MOST BASIC LEVEL OF SERVICE. The hardware components comprise the most basic layer of the computing power delivery stack — the bare hardware infrastructure, on which everything else rides. When a Cloud provides only components from that layer as a service, that service is formally called Infrastructure as a Service, shortened to IaaS. Figure D.52 shows the entire computing power component stack and indicates exactly which components are delivered ArcelorMittal University, IT Academy
Page 60
Cloud Computing Basics
by a Cloud provider specializing in Infrastructure as a Service:
HARDWARE COMPONENTS Base hardware Networking Storage Servers Virtualization
Infrastructure as a Service (IaaS), is typically a self-service model for provisioning, accessing, using, monitoring, and managing hardware infrastructure that is located in the Cloud. When we buy a IaaS product — such as a Server — we have to order it almost the same way as we would place for the order for an equivalent computer from a hardware vendor’s website using their Custom Build (build your own machine) feature. We would have to select the power of the CPU, choose the amount of RAM we needed, specify the storage space, and select the operating system we would like on it. In return, we would get a working machine delivered in the Cloud and accessible from our Internet device (desktop, laptop, Chromebook, etc.). FIGURE D.52
In slightly more technical language IaaS could be stated as a self-service model for managing remote datacenter infrastructures, such as compute (virtualized or bare mental), storage, networking, and networking services (e.g. firewalls). The IaaS users remain responsible for everything they would be responsible for on a head machine, such as managing applications, data, runtime, middleware, and operating systems. INDUSTRY EXAMPLES OF INFRASTRUCTURE-AS-A-SERVICE Amazon Web Services (AWS), Google Compute Engine (GCE), Rackspace, Joyent, Microsoft Azure.
PaaS: PLATFORM AS A SERVICE THE CLOUD FOR BUILDING APPLICATIONS. PaaS is the next level of Cloud functionality offered as a service, and includes not only the hardware components, but also the full systems software components, including the virtualization layer, the operating system, the middleware component and the runtime components ordered by the user.
HARDWARE COMPONENTS Base hardware Networking Storage Servers SYSTEMS SOFTWARE COMPONENTS Operating system Middleware Virtualization Runtime
Figure D.53 shows the entire computing power component stack and indicates exactly which components are delivered by a Cloud provider specializing in Platform as a Service: Platform as a Service (PaaS), typically provides a platform for building applications and other development. In PaaS developers obtain a ready-to-go framework they can build upon quickly ArcelorMittal University, IT Academy
FIGURE D.53 Page 61
Cloud Computing Basics
without worrying about the various components that make up a development platform, which is schematically represented by Figure D.54. A PaaS vendor provides all of these components and some more (that the schematic does not include in order to avoid unnecessary complexity) to the PaaS user on a single integrated platform. So the user can stop addressing development infrastructure issues, and start developing the software or integrating the solution that he or she wants to develop. Applications that are developed using PaaS, more easily inherit cloud characteristic such as scalability, highavailability, multi-tenancy, SaaS enablement, and more. INDUSTRY EXAMPLES OF PLATFORM-AS-A-SERVICE. Microsoft Azure, AWS Elastic Beanstalk, Google App Engine, Heroku, Force.com.
SaaS: SOFTWARE AS A SERVICE THE MOST COMPLETE LEVEL. When the Cloud delivers all the components in the computing power stack, as listed below, it is a Software as a Service.
FIGURE D.54
HARDWARE COMPONENTS Base hardware Networking Storage Servers SYSTEMS SOFTWARE COMPONENTS Virtualization Operating System Middleware: Runtime APPLICATION SOFTWARE COMPONENTS Application software Corporate data
Figure D.55 illustrates the same using the same schematic we have used for IaaS and PaaS. With SaaS, the user consumes all his computing needs from the Cloud. All hosting infrastructure, software development tools and the final usable application software and its related data are in the same Cloud as one integrated deliverable. FIGURE D.55
Most SaaS applications can be run directly from a web browser without any downloads or installations required, although some require plugins. With SaaS, it is easy for enterprises to streamline their maintenance and support, because all IT resources — applications, runtime, data, middleware, operating systems, virtualization, servers, storage and networking — are managed by vendors. Popular SaaS offerings include email systems, groupware (collaboration), customer relationship management, and healthcare-related applications. All the examples given in the section USEFUL CLOUD SOLUTIONS are of SaaS solutions. INDUSTRY EXAMPLES OF SOFTWARE-AS-A-SERVICE. Salesforce, Workday, NetSuite, ServiceNow, Concur, Cornerstone, LinkedIn.
ArcelorMittal University, IT Academy
Page 62
Cloud Computing Basics
CLOUD DEPLOYMENT MODELS Cloud deployment addresses the question: Who shares our Cloud?
PUBLIC CLOUD SHARED BY OTHER ORGANIZATIONS AND INDIVIDUALS. Like a public utility, such as power, water, gas and mobile phone, a Public Cloud may be used by any genuine and authenticated entity, whether an organization or a person. As depicted in Figure D.56, resources of a Pubic Cloud are shared by multiple organizations. It is the most cost effective of all deployment models, while being at the same time enjoying all the advanced security of the Cloud Computing model. A Public Cloud is the best realization of the dream of virtually unlimited and ubiquitous computing power available “on the tap”, with secure logical segregation of computing real-estate for all users, whether a grade-1 school-going kid or a financial corporation. Such a Cloud is a resource available on the Internet, where any customer can create and account and acquire infrastructure and computing assets (the extent depending on whether the Cloud is in the real of IaaS, PaaS or SaaS.
FIGURE D.56
Public Clouds are popularly viewed as security threats, but experts have found such fear to be unfounded, and opine that the security in all Clouds is comparable. However, the exposure of a Public Cloud to all and sundry is conceivably a weakness and a potential threat. Technically, all deployment models are the same, and there is no necessary difference between Public and Private cloud architecture.
COMMUNITY CLOUD SHARED WITHIN A RESTRICTED CIRCLE. A Community Cloud is a Public Cloud that is restricted within a closed community. For instance, a Public Cloud for Banks, a Public Cloud for Schools, a Public Cloud for Auto Dealers, a Public Cloud for New Jersey Government Departments and so on, would be examples of Community Cloud. However, the definition need not be so restrictive. If a Cloud Provider launched a Public Cloud to be used specifically by corporations that are authenticated manually and only then on-boarded into the Cloud, that would also be a Community Cloud because it did not provide open access to the public. A Community Cloud is, therefore, a Public Cloud for a restricted community. It has every characteristic and advantage of a Public Cloud, with the perceived value of lacking open access to the public. Only organizations and/or individuals that have been qualified by the vendor for belonging to this “community” are given accounts on this Cloud to acquire infrastructure and assets. This is expected to eliminate the aberrant user who is likely to be indiscrete. ArcelorMittal University, IT Academy
Page 63
Cloud Computing Basics
The typical use of Community Clouds would be for creating an Enterprise Cloud or a Government Cloud.
PRIVATE CLOUD NOT SHARED BY MORE THAN ONE ORGANIZATION. Private Cloud is Cloud infrastructure operated solely for one single organization. It is a private resource built and maintained for a single tenant (from the ownership perspective). It is analogous to renting a whole office building, instead of renting just the space we need in an office building. So although the Cloud infrastructure will continue to exhibit all the characteristics of a Cloud, we will now be paying for the entire infrastructure just like a hosted service. The organization will still benefit from elasticity (dynamic growth and shrinkage FIGURE D.57 of virtual machines), elimination of capacity planning (hardware sizing), improved and sustained performance under any load, worldwide access to applications and data, device independence for accessing those applications and data, and so on; but the cost advantage may not be realized.
Another advantage is perceived â&#x20AC;&#x153;peace of mindâ&#x20AC;? in terms of feeling safer with regard to data security. The typical use of Private Clouds is for creating Enterprise and Government use. Banks and financial organizations, which have more at stake in case of a security breach, are probably more likely candidates for a Private Cloud.
HYBRID CLOUD ANY COMBINATION OF PUBLIC AND PRIVATE CLOUDS. Whenever the Cloud provider implements a Cloud solution using a mix of Pubic and Private Clouds, the resultant Cloud is called a Hybrid Cloud. A Hybrid Cloud solves many problems. CASE STUDY 1: A client is overly protective about some critical data source, and while they have no issues with their application running in a Public Cloud, they refuse to relinquish control of their critical data that currently resides within their premises. Figure D.58 shows how a Hybrid Cloud could solve this problem, by attaching an ArcelorMittal University, IT Academy
FIGURE D.58 Page 64
Cloud Computing Basics
on premise private device to a Public Cloud through a secured VPN tunnel, so that (a) the data would remain secure, while (b) applications running in the Public Cloud would have access to it. CASE STUDY 2: A client wants to use a Private Cloud but wants to pay for a very limited infrastructure that is not expected to support peak workloads. Figure D.59 shows how a Hybrid Cloud could solve this problem, by using a Public Cloud to add to the Common Resource Pool for the Private Cloud. When the Common Resource Pool of the Private Cloud is exhausted, it will borrow resources temporarily from the Public Cloud. This technique is called Cloud Bursting. Figure D.60 provides another view of the implemented solution. ADVANTAGES OF A HYBRID CLOUD. It is likely that the Hybrid Cloud may be the FIGURE D.59 preferred solution for many future Cloud users, because of a plethora of undeniable advantages that come with this Cloud deployment model. In effect, it gives the best of both worlds: (a) the lower cost of a Public Cloud, and (b) the greater control of a Private Cloud or Dedicated Servers. Combining different architectures result in greater synergistic value that exceeds the value offered by any single architecture.
Wider Architectural Options. The best thing about the Hybrid model is that it enables the architect to place workloads where they make the best sense, addressing stringent security and performance issues creatively. The two case studies showcased above are only two of a million possibilities that are available to the Cloud architect. Improved Security. The hybrid model eases the typical concerns about Cloud security and multitenancy by enabling the architect to choose dedicated servers and network devices that can restrict access and isolate critical assets in a more secure environment. This was the particular solution in Case Study I. Moreover, in this FIGURE D.60 model, our devices can be configured in such a way that the Cloud Servers can communicate with our off-Cloud dedicated servers and network devices on a private network, thereby providing one integrated architecture and a more elegant solution. Instruction Set Flexibility. It is the limitation of a Cloud that all its Virtual Machines can only run operating systems using the same Instruction Set, ArcelorMittal University, IT Academy
Page 65
Cloud Computing Basics
the most common being x86. So if we had an application running on the AIX platform (that requires the PowerPC instruction set), and it becomes impossible to migrate one part of the code to x86, then a Hybrid Cloud solution will allow us to retain that part of the code running on an AIX machine, while the rest of the solution gets re-platformed on x86 and migrated to the Cloud. Increased Technical Oversight. In a Hybrid solution, custom physical level and logical level network segmentation can be defined to empower our client-side IT personnel to have greater access over the platform supporting a solution. Even root access to bare metal can be provided to appropriate personnel, if required. (Not recommended, otherwise we can potentially short-circuit the solution outside the Cloud provider’s control, while they remain accountable for meeting the terms of the Service Level Agreement.) Easier Regulatory Compliance. Auditors who frown at multi-tenancy in a Public Cloud environment can be pleased more easily with a Hybrid solution, because we can remove multi-tenancy from critical data. Also, in general, with better security comes the ability to meet compliance requirements more easily.
VIRTUAL PRIVATE CLOUD A Virtual Private Cloud (VPC) is an architecture that takes the word “public” out of a Public Cloud and replaces it with “private”. A Private Cloud existing virtually within a Pubic or Community Cloud — that is the Virtual Private Cloud. Figure D.61 is a conceptual schematic that explains the basic principle. A pool of shared resources is isolated from the rest of the shared pool within a Pubic Cloud by the use of a Private IP Subnet and a virtual communication mechanism such as a Virtual Local Area Network (VLAN) or a set of encrypted communication channels. This creates, in effect, a private space protected from the multi-tenancy of the Public Cloud, as these particular resources within this private shared pool of resources will never be shared with virtual machines belonging to other FIGURE D.61 companies. This Virtual Private Cloud is accompanied with a VPN function (again, allocated per VPC user) that secures, by means of authentication and encryption, the remote access of the organization to its Virtual Private Cloud. This ensures that each customer's data remains isolated from every other customer's data both inside the Cloud provider’s network, and while in transit. With these various layers of isolation, security, encryption and protection, and secured access through a VPN tunnel the end-user organization effectively have their “virtually” Private Cloud — a cloud infrastructure (albeit within a Public Cloud) that is not shared with other organizations. Hence the name Virtual Private Cloud. CASE STUDY: AMAZON VIRTUAL PRIVATE CLOUD. The Amazon Virtual Private Cloud (Amazon VPC) lets us provision a logically isolated section of the Amazon Web ArcelorMittal University, IT Academy
Page 66
Cloud Computing Basics
Services (AWS) Cloud where we can launch AWS resources in a virtual network that we define. We have complete control over our virtual networking environment, including selection of our own IP address range, creation of subnets, and configuration of route tables and network gateways. CASE STUDY: ISOLATE FROM THE INTERNET. Amazon Virtual Private Network allows us to customize the network configuration for our Amazon VPC in such a way that we can create a public-facing subnet for our webservers that need access to the Internet, and place our backend systems such as databases and application servers in a private-facing subnet with no Internet access. CASE STUDY: VIRTUAL PRIVATE CLOUD AS AN EXTENSION OF CORPORATE DATA CENTER. We can create a Hardware Virtual Private Network (VPN) connection between our corporate datacenter and our Virtual Private Cloud, and thereby use our Virtual Private Cloud as an extension of our corporate datacenter.
ArcelorMittal University, IT Academy
Page 67
Cloud Computing Basics
RISKS AND CHALLENGES IN THE CLOUD UNDERSTANDING SECURITY BASIC CONCEPTS. The basic security concerns are:
Confidentiality Integrity Authenticity Availability Threat Vulnerability Risk Security Controls Security Mechanisms Security Policies.
Confidentiality. Confidentiality is the characteristic of being made accessible only to authorized parties. Within cloud environments, confidentiality primarily pertains to restricting access to data in transit and storage. Integrity. Integrity is the characteristic of not having been altered by an unauthorized party. An important issue that concerns data integrity in the cloud is whether a cloud consumer can be guaranteed that the data it transmits to a cloud service matches the data received by that cloud service. Integrity can extend to how data is stored, processed, and retrieved by cloud services and cloud-based IT resources. Authenticity. Authenticity is the characteristic of something having been provided by an authorized source. This concept encompasses non-repudiation, which is the inability of a party to deny or challenge the authentication of an interaction. Authentication in non-repudiable interactions provide proof that these interactions are uniquely linked to an authorized source.
Availability. Availability is the characteristic of being accessible and usable during a specified time period. The availability of the Cloud is a responsibility that is shared by the Cloud provider and the ISP/carrier. Threat. A threat is a potential security violation that can challenge defenses in an attempt to breach privacy and/or cause harm. Both manually and automatically instigated threats are designed to exploit known weaknesses (or vulnerabilities).
ArcelorMittal University, IT Academy
Page 68
Cloud Computing Basics
Vulnerability.
A vulnerability is a weakness that can be exploited either because it is protected by insufficient security controls, or because existing security controls are overcome by an attack. IT resource vulnerability can have a range of causes, including configuration deficiencies, security policy weaknesses, user errors, hardware flaws, firmware flaws, software bugs, and poor security architecture. Risk. Risk is the potential of loss or harm arising from performing an activity. Risk is typically measured according to its threat level and the number of possible or known vulnerabilities. The two metrics that can be used to determine risk for an IT resource are: The probability of a threat occurring to exploit vulnerabilities. The expectation of loss if the resource is indeed compromised. Security Controls. These are countermeasures used to prevent or respond to security threats and to reduce or avoid risk. The details of how to use security countermeasures are typically outlined in the Security Policy.
FIGURE D.62 ArcelorMittal University, IT Academy
Page 69
Cloud Computing Basics
Security Mechanisms.
Countermeasures are typically defined in terms of security mechanisms. Security Policies. A security policy establishes a set of security rules and regulations. THREAT AGENTS. A threat agent is an entity that poses a threat because it is capable of carrying out an attack. Cloud security threats can originate either internally or externally, from humans or software. The basic threat agents are:
Anonymous attacker Malicious Service Agent Trusted Attacker Malicious Insider
Figure D.62 shows how security policies and security mechanisms are used to counter threats, vulnerabilities, and risks caused by threat agents. Anonymous Attacker. An anonymous attacker is a non-trusted cloud service consumer without permissions in the Cloud. It typically exists as an external software that launches network-level attacks through public networks. When anonymous attackers have limited information on security policies and defenses, it can inhibit their ability to formulate effective attacks. These threat agents often resort to committing acts like bypassing user accounts or stealing user credentials, while using methods that either ensure anonymity or require substantial resources for prosecution. Malicious Service Agent. This type of threat is able to intercept and forward the network traffic that flows within a Cloud. It typically exists as a service agent or as a software pretending to be a service agent with compromised or malicious logic. It may also exist as an external program able to remotely intercept and potentially corrupt message contents. Trusted Attacker. A trusted attacker shares IT resources in the same Cloud as the Cloud consumer, and attempts to exploit legitimate credentials to target cloud providers and cloud tenants. Unlike anonymous attackers (which are non-trusted), trusted attackers usually launch their attacks from within a Cloud’s trust boundaries by abusing legitimate credentials or via the appropriation of information. Malicious Insider. Human threat agents acting on behalf or in relation to the cloud provider. They are typically current or former employees. This category represents huge damage potential. CLOUD SECURITY THREATS. The basic Cloud security threats are: ArcelorMittal University, IT Academy
Page 70
Cloud Computing Basics
Traffic Eavesdropping Malicious Intermediary Denial of Service Insufficient Authorization Virtualization Attack Overlapping Trust Boundaries
Traffic Eavesdropping. Traffic eavesdropping occurs when data being transferred to or within a Cloud (usually from the Cloud consumer to the Cloud provider) is passively intercepted by a malicious service agent for illegitimate information gathering purposes. In Figure D.63, for instance, an externally positioned malicious service agent carries out a traffic eavesdropping attack by intercepting a message sent by the cloud service consumer to the cloud service. The service agent makes an unauthorized copy of the message before it is sent along its original path to the cloud service. The aim of such attack is to directly compromise the confidentiality of the data and, possibly, the confidentiality of the relationship between the cloud consumer and cloud provider. Because of the passive nature of this attack, it can more easily go undetected for extended periods.
Malicious Intermediary. The malicious intermediary threat arises when messages are intercepted and altered by a malicious service agent, thereby potentially compromising the message’s confidentiality and/or integrity. It may also insert harmful data into the message before forwarding it to its destination. The malicious service agent in Figure D.64 intercepts and modifies a message sent by a cloud service consumer to a cloud service (not shown) being hosted on a virtual server. Because harmful data is packaged into the message, the virtual server is compromised. Denial of Service. The objective of the denial of service (DoS) attack is to overload IT resources to the point where they cannot function properly. DoS attacks are usually launched by: Overloading the network with traffic. Overloading the Cloud with artificial workload, e.g., sending repeated service requests designed to consume excessive memory.
ArcelorMittal University, IT Academy
Page 71
Cloud Computing Basics
FIGURE D.64
Insufficient Authorization. The insufficient authorization attack occurs when access is granted to an attacker erroneously or too broadly, resulting in the attacker getting access to IT resources that are normally protected. This is often a result of the attacker gaining direct access to IT resources that were implanted under the assumption that they would only be accessed by trusted consumer programs. Virtualization Attack. This attacks vulnerabilities in the virtualization platform to jeopardize its confidentiality, integrity and/or availability. Since Cloud providers grant administrative access rights to Cloud consumers, there is an inherent risk that Cloud consumers could abuse this access to attack the underlying physical IT resources. In Public Clouds, where a single physical IT resource may be providing virtualized IT resources to multiple Cloud consumers, such an attack can have significant repercussions. Overlapping Trust Boundaries. If physical IT resources within a Cloud are shared by different Cloud service consumers, these Cloud service consumers have overlapping trust boundaries. Malicious Cloud service consumers can target shared IT resources with the intention of compromising Cloud consumers or other IT resources that share the same trust boundary. The consequence is that some or all of the other Cloud service consumers could be impacted by the attack and/or the attacker could use virtual IT resources against others that happen to also share the same trust boundary.
ArcelorMittal University, IT Academy
Page 72
Cloud Computing Basics
ADDITIONAL CONSIDERATIONS.
The most important additional security concerns are:
Flawed Implementation Security Policy Disparity Contracts Risk Management
Flawed Implementations. The substandard design, implementation, or configuration of Cloud service deployments can have undesirable consequences. If the Cloud provider’s software and/or hardware have inherent security flaws or operational weaknesses, attackers can exploit these vulnerabilities to impair the integrity, confidentiality, and/or availability of Cloud resources. Security Policy Disparity. When a Cloud consumer places IT resources with a Public Cloud provider, it may need to accept that its traditional information security approach may not be identical or even similar to that of the Cloud provider. This incompatibility needs to be assessed to ensure that any data or other IT assets being relocated to a Public Cloud are adequately protected. Contracts. Cloud consumer need to carefully examine contracts and SLAs put forth by Cloud providers to ensure that security policies, and other relevant guarantees are satisfactory when it comes to asset security. Risk Management. Risk Assessment: Analyze the Cloud environment to identify potential vulnerabilities and shortcomings that threats can exploit. Risk Treatment: Mitigation policies and plans are designed during the risk treatment stage with the intent of successfully treating the risks that were discovered during risk assessment. Risk Control: This relates to risk monitoring, a three-step process: Surveying related results. Reviewing these events to determine the effectiveness of previous assessments and treatments. Identifying any policy adjustment needs.
ArcelorMittal University, IT Academy
Page 73
Cloud Computing Basics
UNDERSTANDING SECURITY MECHANISMS Large-scale computing and cloud-like infrastructures (whether, grid, Cloud, utility computing, SaaS, etc.), are here to stay. What precise shape these technologies will take tomorrow is still for the markets to decide; yet one thing is certain: Clouds bring with them new untested deployment and associated adversarial models and vulnerabilities. In order to create security mechanisms, the industry and academia are bringing together researchers and practitioners in all security aspects of cloud-centric and outsourced computing, including, but not limited to, the following:
Practical cryptographic protocols for cloud security. Secure cloud resource virtualization mechanisms. Secure data management outsourcing (e.g., database as a service). Practical privacy and integrity mechanisms for outsourcing. Foundations of cloud-centric threat models. Secure computation outsourcing. Remote attestation mechanisms in clouds. Sandboxing and VM-based enforcements. Trust and policy management in clouds. Secure identity management mechanisms. New cloud-aware web service security paradigms and mechanisms. Cloud-centric regulatory compliance issues and mechanisms. Business and security risk models and clouds. Cost and usability models and their interaction with security in clouds. Scalability of security in global-size clouds. Trusted computing technology and clouds. Binary analysis of software for remote attestation and cloud protection. Network security (DOS, IDS etc.) mechanisms for cloud contexts. Security for emerging cloud programming models. Energy/cost/efficiency of security in clouds.
ENCRYPTION. Data, by default, is coded in a readable format known as “plaintext”. When transmitted over a network, plaintext is vulnerable to unauthorized and potentially malicious access. The “encryption” mechanism is a digital coding system dedicated to preserving the confidentiality and integrity of data. It is used for encoding plaintext data into a protected and unreadable format. Encryption commonly relies on a standardized algorithm called a “cipher” to transform original plaintext into encrypted data, called “ciphertext”. Access to ciphertext does not divulge the original plaintext data. During encryption the data is paired with a string of characters called an “encryption key”, a secret message that is established by and shared amongst authorized parties. The encryption key is also used to decrypt the ciphertext back into the original plaintext. Symmetric Encryption. Symmetric encryption uses the same key for both encryption and decryption. Also called “secret key cryptography”, messages that are encrypted by a particular ticket can only be decrypted using the same key. Asymmetric Encryption. Asymmetric encryption relies on the use of two different keys: Private Key (known only to the owner) Public Key (publicly available) ArcelorMittal University, IT Academy
Page 74
Cloud Computing Basics
Also called “pubic key cryptography”, in this method a document that is encrypted with a private key can only be decrypted with the corresponding public key. Conversely, a document that was encrypted with a public key can only be decrypted with a corresponding private key. As a result of two different keys being used instead of just the one, asymmetric encryption is almost always computationally slower than symmetric encryption. The level of security achieved is dictated by whether a private key or public key was used to encrypt the plaintext data. The encryption mechanism, when used to secure Web-based data transmissions, is most commonly applied via HTTPS, which refers to the use of SSL/TLS as an underlying protocol. Hashing. The hashing mechanism is used when a one-way, non-reversible form of data protection is required. Once hashing is applied to a message, it is locked and no key is provided for the message to be unlocked. A common application of this mechanism is the storage of passwords. Hashing technology can be used to derive a hashing code or “message digest” from a message, which is often of a fixed length and smaller than the original message. The message sender can then utilize the hashing mechanism to attach the message digest to the message. The recipient applies the same hash function to the message to verify that the produced message digest is identical to the one that accompanied the message. Any alteration to the original data results in an entirely different message digest, and clearly reveals that tampering has occurred. Digital Signature. The digital signature mechanism is a means of providing data authenticity and integrity through authentication and non -repudiation. A message is assigned a digital signature prior to transmission, which is then rendered invalid if the message experiences any subsequent, unauthorized modifications. A digital signature provides evidence that the message received is the same as the one created by the rightful sender. Both hashing and asymmetrical encryption are involved in the creation of a digital signature, which essentially exists as a message digest that was encrypted by a private key and appended to the original message. The recipient verifies the signature validity and uses the corresponding public key to decrypt the digital signature, which produces the message digest. The hashing technique can also be applied to the original message to produce this message digest. Identical results from two different processes indicate that the message maintained its integrity. Public Key Infrastructure. A common approach for managing the issuance of asymmetric keys is based on the “public key infrastructure (PKI)” mechanism, which exists as a system of protocols, data formats, rules, and practices that enable large-scale systems to securely use public key cryptography. This system is used to associate public keys with their corresponding key owners (known as “public key identification”), while enabling the verification of key validity. PKIs rely on the use of digital certificates, which are digitally signed data structures that bind public keys to certificate owner identities, as well as to related information such as validity periods. Digital certificates are usually digitally signed by a third-party certificate authority. Identity & Access Management. The identity and access management (IAM) mechanism encompasses the components and policies necessary to control ArcelorMittal University, IT Academy
Page 75
Cloud Computing Basics
and track user identities and access privileges for IT resources, environments and systems. Specifically, IAM mechanisms exist as systems comprised of 4 components: Authentication: Username-and-password combinations remain the most common form of user authentication credentials managed by the IAM system. It can also support digital certificates, biometric hardware (fingerprint readers), specialized software (such as voice analysis programs), and locking user accounts to register IP or MAC addresses. Authorization: The authorization component defines the correct granularity for access controls and oversees the relationships between identities, access control rights and IT resource availability. User Management: Related to the administrative capabilities of the system, the user management program is responsible for creating new users identities and access groups, resetting passwords, defining password policies, and managing privileges. Credentials Management: The credential management system establishes identities and access control rules for defined user accounts, which mitigates the threat of insufficient authorization. Although its objectives are similar to that of the PKI mechanism, the IAM mechanism’s scope of implementation is distinct because its structure encompasses access controls and policies in addition to assigning specific levels of user privileges. The IAM mechanism is primarily used to counter the insufficient authorization, denial of service, and overlapping trust boundaries. A later section UNDERSTANDING IDENTITY AND ACCESS MANAGEMENT dives deeper into this topic. Single Sign-On. Propagating the authentication and authorization information for a Cloud service consumer across multiple Cloud services can be a challenge, especially if numerous Cloud services or Cloud-based IT resources need to be invoked as part of the same overall runtime activity. In other words, if a user needed to login to several Cloud services in order to execute one business transaction, that would cause significant inconvenience. The single sign-on (SSO) mechanism enables one cloud service consumer to be authenticated by a security broker, which establishes a security context that is persisted while the cloud service consumer accesses other cloud services or cloud-based IT resources. Otherwise, the cloud service consumer would need to re-authenticate itself with every subsequent request. The SSO mechanism essentially enables mutually independent cloud services and IT resources to generate and circulate runtime authentication and authorization credentials. The credentials initially provided by the cloud service consumer remain valid for the duration of a session, while its security context information is shared. The SSO mechanism’s security broker is especially useful when a cloud service consumer needs to access cloud services residing on different clouds. Cloud-based Security Groups. Similar to constructing dykes and levees that separate land from water, data protection is increased by placing barriers between IT resources. Cloud resource segmentation is a process by which separate physical and virtual IT environments are created for different users and groups. For example:
An organization’s WAN can be partitioned according to individual network security requirements. One network can be established with a resilient firewall for external Internet access. A second is deployed without a firewall because its users are internal and unable to access the Internet.
ArcelorMittal University, IT Academy
Page 76
Cloud Computing Basics
Resource segmentation is used to enable virtualization by allocating a variety of physical IT resources to virtual machines. It needs to be optimized for public cloud environments, since organizational trust boundaries from different cloud consumers overlap when sharing the same underlying physical IT resources. The cloud-based resource segmentation process creates cloud-based security group mechanisms that are determined through security policies. Networks are segmented into logical cloud-based security groups that form logical network perimeters. Each logical cloud-based security group is assigned specific rules that govern the communication between the security groups. Multiple virtual servers running on the same physical server can become members of different logical cloud-based security groups. Virtual servers can further be separated into public-private groups, development-production groups, or any other designation configured by the cloud resource administrator. Hardened Virtual Server Images.
As previously discussed, a virtual server is created from a template configuration called a virtual server image (or virtual machine image). Hardening is the process of stripping unnecessary software from a system to limit potential vulnerabilities that can be exploited by attackers. Removing redundant programs, closing unnecessary server ports, and disabling unused services, internal root accounts, and guest access are all examples of hardening. A hardened virtual server image is a template for virtual service instance creation that has been subjected to a hardening process. This generally results in a virtual server template that is significantly more secure than the original standard image. Hardened virtual server images help counter the denial of service, insufficient authorization, and overlapping trust boundaries threats.
UNDERSTANDING IAM (Identity and Access Management) WHAT IS “IAM”? Gartner rightly says: “Identity and access management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons.” IAM, therefore:
Addresses our mission-critical need: To extend appropriate access to resources spread across increasingly heterogeneous technology environments, and To meet increasingly rigorous compliance requirements. Advocates the use and management of the same identity information service for all applications. Aims to authenticate users and to grant or deny access rights to data and system resources, to ensure appropriate access to enterprise resources.
The IAM practice is becoming increasingly business-aligned, and requires business skills, not just technical expertise. In an earlier section we took a brief look at IAM from the perspective of how it helps eliminate Malicious Intermediary, and Insufficient Authorization. BASIC CONCEPTS. Identification. The verification of the identity of an entity, i.e., user, or service based on credential check against Lightweight Directory Access Protocol. ArcelorMittal University, IT Academy
Page 77
Cloud Computing Basics
Authorization. The evaluation of the Access Rights of an authenticated user or system resource to perform an operation requests against the policies binding the action. Auditing. The task of recording and reviewing authentication and authorization actions to:
Test the competence of the IAM system control, Verify compliance with existing security procedure and policies, Detect security service breaches, and suggests counter measures.
THE OBJECTIVE. IAM has a 4-point objective:
EXTEND. To extend the security control (eg. VPN, Intrusion detection and prevention etc.) to the service provider domain level. COUNTER. To counter the loss of network control and reduce risk vulnerability. STRENGHTEN. To strengthen authentication and authorization based on requests, responses, single sign-on and identity federation. MONITOR. To monitor and audit user and system activities.
WHY ARE ORGANIZATIONS INVESTING IN “IAM”? Improved Operational Efficiency. This is being achieved by automating tasks like employee on-boarding or resetting user password.
Regulatory Compliance Management. This is achieved:
By adherence to regulations surrounding data protection and privacy. By helping defend systems, information and applications from internal and external threats.
OPERATIONAL IMPLMENTATION. Identity Management and Provisioning. To filter access of authorized users to a Cloud. ArcelorMittal University, IT Academy
Page 78
Cloud Computing Basics
1. Registry / LDAP 2. Service Provisioning Markup Language (SPML) 3. Simple Cloud Identity Management (SCIM) Authentication Management. To ensure credentials such as passwords and digital certificates are managed securely through protection policies. Some common threats are: 1. Brute force dictionary based attacks. 2. Phishing attacks. Federated Identity Management. To authenticate cloud-service users using organization's selected identity provider, or ID Provider Credentials and attributes to ensure privacy, integrity and non-repudiation. Authorization Management. To establish the access rights and trust relation to a connecting entity in accordance with the security policies defined by the resource provider. Compliance Management. To ensure that the organization's resource are secure, and accessed in accordance with existing policies and regulation.
UNDERSTANDING PRESENCE BASIC CONCEPT. Presence can be defined as a real time information that broadcasts about the availability of an individual.
It is the ability to detect the electronic presence of users who are connected to the Internet. Presence services are commonly provided through applications like Finger, SMS, instant messaging clients, and discussion forum. Companies are even developing services to detect “presence” through VoiP.
Microsoft Office says in an article:
ArcelorMittal University, IT Academy
Page 79
Cloud Computing Basics
MAIN CONSIDERATIONS.
Identity In a cloud environment, a user's identity is referred to as that user's presentity. Presentity can also refer to a group. Presentities provide information regarding their whereabout so others know how and where to contact them. The Wikipedia has this to say about “presentity”:
Status. Status refers to users' levels of availability, such as whether they're online, offline, on the phone, or away. Location. Location refers to the geographical location of a device or entity, as well as to which computer or device a user is accessing. Location information can include geo-location information, such as GPS co-ordinates, or more abstracted information. COMPONENTS OF A ‘PRESENCE’ SYSTEM. The main components are: 1. Presentity. 2. Watcher. 3. Presence Server. How do they work?
Watchers provide them with presence information, such as whether subscriber is logged on the network. With publish & subscribe (pub-sub) the presentity provides information regarding its network status to a Presence Server. A Presence Server acts as a broker between presence publisher and subscribers. The engine collates information from various data sources, and distributes it to subscribers authorized to receive the information.
ArcelorMittal University, IT Academy
Page 80
Cloud Computing Basics
Presence information must use channel encryption and provide strong authorization, authentication, and access control to ensure secure information exchange. By adding XMPP functionality or using a source built in XMPP functionality, cloud subscribers can discover devices, users and services. Presence information can be very detailed depending on the level a user chooses. It can contain users work or mobile number, home number, and even notes.
When a cloud makes presence information available ,the cloud is described as presence enabled. Presentity Considerations.
Presence sources are authenticated before it can update entity presence information. Only authorized sources can update presence information for presentity. Only presentity can create and modify its own privacy rules. Only authenticated presentities can specify privacy filters Confidentiality and integrity of presence information and privacy filters is maintained
Watcher Considerations.
Can subscribe to presence information only after they have been authenticated? Are authorized based on the privacy filter rules of a presentity they are watching? Can obtain presence information based on a presentity’s privacy filter only if they have been authorized?
UNDERSTANDING PRIVACY DEFINITION.
Privacy is the ability of an individual or group of individuals to seclude themselves or their information; and, only reveal the same selectively.
Data privacy and information security are not the same. Ensuring data access to the client in a secured fashion so that interception can be avoided. Improper implementation of data privacy on cloud may cause negative consequences including financial loss, loss of reputation and litigation.
KEY CONCERNS. The parameters to ensure data privacy in a cloud environment are as follows:
Data Compliance. Adherence to privacy legislation laws & regulations across multiple geographies and jurisdiction. Data Storage. Cloud imposes flexibility in data storage but the challenge remains on keeping the data private. Data Removal. Private data needs to be destroyed properly (i.e. all copies on the cloud are removed) so that no unauthorized user may have access. Data Retention. The Cloud Service Providers to apply data retention policies to avoid any regulatory issues or protect from financial losses. Data Auditing & Monitoring. Assure data owner / stakeholders that relevant privacy requirements are met. Proper auditing and monitoring is required particularly when data is stored in a different geographical location.
ArcelorMittal University, IT Academy
Page 81
Cloud Computing Basics
Breaches.
KEY CONSIDERATIONS. The following considerations are relevant while designing a privacy system.
Authorizations of watchers – receive presence information. Selective notifications. Differential presence information. Local, national, Global rules. Authorization of anonymous subscriptions.
DATA LIFECYCLE MANAGEMENT.
The various stages in Data Lifecycle are as follows:
Create. Storage. Data Use. During data life cycle usage phase shares data by means of distribution method. Archiving. Ensure that privacy of archived data is properly secured. Destruction. Sensitive data has to be destroyed at end of data life cycle.
Figure D.65 illustrates a policy based approach that might be adopted to manage the Data Lifecycle.
FIGURE D.65
DATA SECURITY IN THE CLOUD. The following considerations apply with reference to data security in the Cloud. Backup and Recovery: Transport and backup location. Data Discovery: Assure the relevant authorities that all the relevant data can be retrieved if requested. Data Overlaps: Needs to be kept partitioned because data is often redistributed on the cloud to better utilize storage resources. Data Persistence: Once the life cycle of information expires, the information has to be removed so that it ensures no traces of it are left. Inference and Aggregation: Data may overlap with private or sensitive data if the underlying information is the same. These instances of data inference, or aggregation, need to be secure as well. Location: Assure clients that their data is secured in a secure but accessible location. This includes all replicas of the data, as well as backups. The data can only be stored at geographic locations permitted by the client's contract, license agreement. Security: Ensure data remains confidential. Other challenges involving data security include ensuring the integrity and availability of data, as well as providing client authorization and authentication.
ArcelorMittal University, IT Academy
Page 82
Cloud Computing Basics
CLOUD ARCHITECTURE Cloud Computing Architectures formalize functional domains within Cloud environments by establishing well-defined solutions comprised of interactions, behaviors, and distinct combinations of cloud computing mechanisms and other specialized cloud computing technology components. There appears to be 29 commonly used Cloud Architectures. All are listed below (so that the reader may look them up separately), but only a few of the more relevant ones are expanded on with more information. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29.
Workload Distribution Architecture Resource Pooling Architecture Dynamic Scalability Architecture Elastic Resource Capacity Architecture Service Load Balancing Architecture Cloud Bursting Architecture Elastic Disk Provisioning Architecture Redundant Storage Architecture Hypervisor Clustering Architecture Load Balanced Virtual Server Instances Architecture Non-Disruptive Service Relocation Architecture Zero Downtime Architecture Cloud Balancing Architecture Resource Reservation Architecture Dynamic Failure Detection and Recovery Architecture Bare-Metal Provisioning Architecture Rapid Provisioning Architecture Storage Workload Management Architecture Direct I/O Architecture Direct LUN Access Architecture Dynamic Data Normalization Architecture Elastic Network Capacity Architecture Cross-Storage Device Vertical Tiering Architecture Intra-Storage Device Vertical Tiering Architecture Load Balanced Virtual Switches Architecture Multipath Resource Access Architecture Persistent Virtual Network Configuration Architecture Redundant Physical Connection for Virtual Servers Architecture Storage Maintenance Window Architecture
[Source: Cloud Computing: Concepts, Technology & Architecture By Thomas Erl, Ricardo Puttini, Zaigham Mahmood. Prentice-Hall, 2013]
WORKLOAD DISTRIBUTION ARCHITECTURE Horizontal scaling of IT resources across one or more identical resources through a load balancer (which evenly distributes the workload) is an age-old scaling technique. The resulting workload distribution architecture reduces both over-utilization and under-utilization of IT resources â&#x20AC;&#x201D; to an extent, dependent upon the success of the load balancing algorithms and runtime logic. This common and fundamental architectural model can be applied to any IT resource, including the Cloud. Such workload distribution is quite commonly carried out to support performance issues on distributed virtual servers, cloud storage devices, and cloud services. In addition to the base load balancer mechanism, the following mechanisms can ArcelorMittal University, IT Academy
Page 83
Cloud Computing Basics
also be part of this cloud architecture:
Audit Monitor: When distributing runtime workloads, the type and geographical location of the IT resources that process the data can determine whether monitoring is necessary to fulfill legal and regulatory requirements. Cloud Usage Monitor: Various monitors can be involved to carry out runtime workload tracking and data processing. Hypervisor: Workloads between hypervisors and the virtual servers that FIGURE D.66 they host may require distribution. Logical Network Perimeter: The logical network perimeter isolates cloud consumer network boundaries in relation to how and where workloads are distributed. Resource Cluster: Clustered IT resources in active/inactive mode are commonly used to support workload balancing between different cluster nodes. Resource Replication: This mechanism can generate new instances of virtualized IT resources in response to runtime workload distribution demands.
[Source: Cloud Computing: Concepts, Technology & Architecture By Thomas Erl, Ricardo Puttini, Zaigham Mahmood. Prentice-Hall, 2013]
In Figure D.66, a redundant copy of Cloud Service “A” is implemented on Virtual Server “B”. The load balancer intercepts cloud service consumer requests and directs them to both Virtual Servers “A” and “B” to ensure even workload distribution.
DYNAMIC SCALABILITY ARCHITECTURE This is an architectural model that triggers the dynamic allocation of IT resources from resource pools based on a set of predefined scaling conditions. This enables the Cloud to dynamically respond to usage demand fluctuations with variable utilization. This requires the automated scaling listener to be configured with workload thresholds that trigger actions, such as the addition of new IT resources to the virtual machine. The following types of dynamic scaling are commonly used:
Dynamic Horizontal Scaling: IT resource instances are scaled out and in to handle fluctuating workloads. The automatic scaling listener monitors requests and signals resource replication to initiate IT resource duplication, as per requirements and permissions. Dynamic Vertical Scaling: IT resource instances are scaled up and down when there is a need to adjust the processing capacity of a single IT resource. For example, a virtual server that is being overloaded can have its memory dynamically increased or it may have a processing core added. Dynamic Relocation: The IT resource is relocated to a host with more capacity. For example, a database may need to be moved from a tape-based SAN storage device with 4 GB per second I/O capacity to another disk-based SAN storage device with 8 GB per second I/O capacity.
[Source: Cloud Computing: Concepts, Technology & Architecture By Thomas Erl, Ricardo Puttini, Zaigham Mahmood. Prentice-Hall, 2013] ArcelorMittal University, IT Academy
Page 84
Cloud Computing Basics
Figure D.67 illustrates a situation where the automatic scaling listener notices cloud service instances overloaded with requests, and sends a signal to the resource replication mechanism, which creates more instances of the cloud service to accommodate the extra load.
FIGURE D.67
ELASTIC RESOURCE CAPACITY ARCHITECTURE This architecture utilizes a system of allocating and reclaiming CPUs and RAM dynamically in response to the fluctuating processing requirements of the virtual machines in the Cloud, and takes care of the dynamic provisioning of virtual machines. In Figure D.68, cloud service consumers are actively sending requests to a cloud service, that is monitored by an automated scaling listener. As user requests increase, the automated scaling listener signals the intelligent automation engine to execute the script, which runs the workflow engine that signals the hypervisor to allocate more IT resources from the free resource pools. [Source: Cloud Computing: Concepts, Technology & Architecture By Thomas Erl, Ricardo Puttini, Zaigham Mahmood. Prentice-Hall, 2013]
FIGURE D.68
CLOUD BURSTING ARCHITECTURE Cloud bursting is an architecture where an application runs on a virtual machine in a Private Cloud or data center, and leverages the resources of a Pubic Cloud when it runs out of own resources. In other words, the application â&#x20AC;&#x153;burstsâ&#x20AC;? into a Public Cloud when the demand for computing capacity spikes. Figure D.69 illustrates the concept. [Source: Cloud Computing: Concepts, Technology & Architecture By Thomas Erl, Ricardo Puttini, Zaigham Mahmood. Prentice-Hall, 2013]
ArcelorMittal University, IT Academy
FIGURE D.69
Page 85
Cloud Computing Basics
HYPERVISOR CLUSTERING ARCHITECTURE This architecture enables a virtual machine to survive the failure of its hosting hypervisor or of the underlying physical server. The solution is to cluster hypervisors across multiple physical servers, so that in the event of the failure of any one physical server, the active virtual servers are transferred to another physical server. This is implemented by passing heartbeat messages between clustered hypervisors and a central Virtual Infrastructure Manager (VIM) to maintain status monitoring. Shared storage is provided for the clustered hypervisors and further used to store virtual server disks. Figure D.70 illustrates the concept. [Source: Cloud Computing: Concepts, Technology & Architecture By Thomas Erl, Ricardo Puttini, Zaigham Mahmood. Prentice -Hall, 2013]
ArcelorMittal University, IT Academy
FIGURE D.70
Page 86
Cloud Computing Basics
Epilogue THE CURRENT STATE OF THE CLOUD There appears to be little future in on-premise IT. The world is on the brink of a shift to Cloud Computing for critical business workloads. Industry analysts predict that by the end of 2017, almost half of all enterprise applications will be in the Cloud. Here are some observations (circa 2015).
Infrastructure as a Service (IaaS) is the fastest growing segment of the cloud services market. According to Gigaom Research, the current worldwide cloud market is growing by 126.5% year over year, driven by 119% growth in SaaS and 122% growth in IaaS. Platform as a Service (PaaS) has not gained much traction. Even Microsoft Windows Azure has now stopped being just a PaaS platform for Microsoft Developers, and introduced IaaS. Auto scaling in the Cloud (where the Cloud automatically senses the application’s need for more resources and allocates it dynamically in order to maintain application performance) is in demand by customers, and we are beginning to see more and more Cloud hypervisors addressing the issue, but the patent for vertical auto-scaling is held by a little-known company from India. The three leading Cloud Platforms which host most of the Clouds currently deployed: VMware Hyper-V (from Microsoft) Zen: the platform on which Amazon, RackSpace, GoGrid, Joyent, RedHat, eNlight and other commercially successful Clouds are hosted. The commonly available Clouds are mostly offering only the x86 instruction set. Luckily, Windows, Apple and Linux are all available on the x86 hardware platform. But companies looking to move their IBM Mainframe, AS/400, AIX and other applications running on a non-x86 platform will have a harder time finding a Cloud. IBM: Has introduced a new and proprietary virtualization platform called KVM on the IBM Mainframe instruction-set, which makes the Cloud now possible on the IBM Mainframe (System-Z). IBM’s new Power-series of Servers based on the RISC instruction set brings the Cloud to RS/6000-AIX user base, and the i-series (old name: AS/400) user base. Google has joined the Cloud Infrastructure (IaaS) game with its Google Compute Engine, where everything is priced by the minute, even Static IP Addressing. Open Source Cloud Technology is on the rise, and appears to be unstoppable. OpenStack is the most recent contender in the emerging open source Cloud marketplace. OpenStack is the result of a Screen grab from: www.OpenStack.org large global collaboration
ArcelorMittal University, IT Academy
Page 87
Cloud Computing Basics
amongst developers and cloud computing technologists producing the ubiquitous open source cloud computing platform for Public and Private clouds. OpenStack delivers solutions for all types of clouds by being simple to implement, massively scalable, and feature-rich. Over 200 companies and over 1,400 programmers are collaborating in the OpenStack project. Citrix has launched CloudStack to compete with OpenStack. It is also an open source project under the Apache 2 license. VMware has entered the open source Cloud market with its Cloud Foundry. Oracle Cloud was launched in 2014. A Cloud Storage Gateway is a popular service, where an appliance sits in our data center and provides direct access to a IaaS Cloud for backing up data, with or without deduplication and encryption. Hadoop is the most interesting Cloud company offering a distributed processing framework for processing unstructured data. Another trend that is catching on is the use of MultiClouds. There seems to be more interest in multicloud implementations, which go beyond hybrid cloud offerings. A multi-cloud mixes and matches many types of Private and Public clouds, knitting them together to form the right platform for a specific enterprise. Multicloud strategy is the concomitant use of two or more cloud services to minimize the risk of widespread data loss or downtime due to a localized component failure in a cloud computing environment. Such a failure can occur in hardware, software, or infrastructure. A multicloud strategy can also improve overall enterprise performance by avoiding "vendor lock-in" and using different infrastructures to meet the needs of diverse partners and customers. As customer bases and device types grow increasingly diverse (yet at the same time increasingly specialized), organizations face a complex array of challenges in their quest to satisfy the demands of all end users. In particular, the speed with which a given Website loads, has a huge impact on customer satisfaction. A multi-cloud strategy can help an organization to minimize page loading times for all types of content. A multicloud approach can offer not only the hardware, software and infrastructure redundancy necessary to optimize fault tolerance, but it can also steer traffic from different customer bases or partners through the fastest possible parts of the network. Some clouds are better suited than others for a particular task. For example, a certain cloud might handle large numbers of requests per unit of time requiring small data transfers on the average, but a different cloud might perform better for smaller numbers of requests per unit of time involving large data transfers on the average. Some organizations use a Public cloud to make resources available to consumers over the Internet and a Private cloud to provide hosted services to a limited number of people behind a firewall. A hybrid cloud, may also be used to manage miscellaneous internal and external services. Enterprise use of the cloud is becoming increasingly complex. Typically no longer satisfied with the limitations of a single Public or Private Cloud deployment (or simple hybrids of the two), the enterprise is instead seeking ways to deploy best-of-breed infrastructure that spans multiple Public and Private Cloud instances. This multicloud trend caters to that need. Developments to watch: Internet of Things (IoT): Pressure from shadow IT may reach a tipping point. Due to the Internet of Things, it will become more advantageous for companies to provide hybrid cloud abilities to
ArcelorMittal University, IT Academy
Page 88
Cloud Computing Basics
employees rather than block them. During the Annual Intel Developer Forum in 2015, Intel CEO Brian Krzanich showcased a row of robotic spiders, each of which can be controlled individually by using hand gestures; spoke about vending machines that can remember our face and our order pattern; hypothesized about a full-length mirror with the ability to change the color of a person’s clothing in real-time; and, even hinted at a new Intel smartphone that will be produced in collaboration with Google that will 3D-map its immediate environment. All of these ideas impact the Internet of Things, THE VISION OF THE INDUSTRIAL INTERNET. which will drastically impact the daily Imagine a highway where cars are able to safely navigate lives of everyday consumers. Devices to their destinations without a driver. Imagine a home that can communicate with each other where an elderly patient’s health is closely monitored by and with the world around them in realher hospital physician. Imagine a city that significantly time, require fast and powerful chips, reduces waste through sensor-embedded water pipes, and Intel wants to be the go-to buildings, parking meters and more. company for entrepreneurs looking to These are no longer a part of the distant future. These explore this new breed of technology. scenarios are starting to happen now, through the In this segment the Industrial Internet convergence of machines and intelligent data in what is appears to be taking off solidly, adopted called the Industrial Internet. The Industrial Internet will by industry heavyweights like GE, IBM, transform industry through intelligent, interconnected Cisco and supported by the Object objects that dramatically improve performance, lower operating costs and increase reliability. [Source: Website Management Group (OMG). Please see of the Industrial Internet Consortium] the text boxes for the vision and direction of this movement. Software-defined Everything (SDE): A Dr. Richard Soley, Executive Director of the Industrial Cloud-driven new standard where the Internet Consortium, wrote in THE CUTTER IT JOURNAL, computing infrastructure itself is Nov 2014: “...while (the Internet) has systemized virtualized and delivered "as a service"; business automation, there are countless other systems and, can save large corporations that remain disconnected or even manually driven... millions of dollars by spending less on Why? While the Internet connects people and systems, hardware, and — instead — depending it doesn’t (yet) connect things. And those things have vast amounts of data to share. We’re now on the cusp of on programmable software to drive and the Industrial Internet, a revolution of truly switch data traffic. SDE is a marketing transformational business changes in which machines, phrase that groups together a variety of devices, and common objects become identifiable, software defined computing methods readable, analytical, actionable, and connected. and technologies into one catch-all The Industrial Internet is where the Industrial Revolution term. Under this umbrella moniker we meets the Internet Revolution, the revolution in have — at least — the following: connected devices finally impacting the revolution in Software-Defined Networking (SDN), manufacturing that began long ago. Integrated Software-Defined Computing, Software computing devices — from the minuscule to the gigantic Defined Storage (SDS), Software — interact with machines, devices, and people and feed a continual data stream to which those machines Defined Storage Networks, and — and people can react, thus preempting problems and ultimately — Software Defined Data creating new efficiencies.” Centers (SDDC). In a Software Defined Everything (SDE) environment, management and control of the networking, storage and/or data center infrastructure is automated by intelligent software rather than by the hardware components of the infrastructure. In particular, the following trends are to be watched: Software Defined Data Center. (See separate section on this topic.) Virtualized Networking.
ArcelorMittal University, IT Academy
Page 89
Cloud Computing Basics
SOFTWARE DEFINED DATA CENTER The virtualization technology that led to the virtual machine and the Cloud, has continued its disruptive route into every hardware aspect of information technology, and given birth to a plethora of acronyms such as:
SDN (Software Defined Networking) SDS (Software Defined Storage) SDI (Software Defined Infrastructure) SDDC (Software Defined Data Center) SDA (Software Defined Anything) SDE (Software Defined Everything OR, according to IBM, Software Defined Environment)
The goal of this chapter is to uncover what is a Software Defined Data Center. A Data Center, as we have seen in an earlier chapter, consists of: 1. 2. 3. 4.
Servers, Storage devices, Networking equipment, and Support systems like those that provide power, heating & cooling, and security.
One of the major focus of this document has already been to explain virtualization and virtual servers (#1 from the list above). So let us begin this exploration of Software Defined Data Centers by starting with item #2: storage devices; or, Software Defined Storage.
SOFTWARE DEFINED STORAGE Let’s begin with a quick recap of Virtualization: It is something that appears to be what it is not, but behaves like the real thing so accurately that only true experts can tell the difference. While considering virtualization of storage, it may surprise us to learn that we are probably already quite familiar with the principle, because most of us have partitioned our single hard drive (typically, C: drive) into multiple partitions, each of which (D:, E:, F:) appear to be and act just like real hard drives. Those are all virtual drives; a disk partition with a drive letter is a virtual hard drive. Most of us have already used virtualized storage. So that should make it easier for us to understand the what and the why of Software-defined Storage. TIGTHLY COUPLED. Figure D.21 is a simplified illustration of how a non-virtualized storage system is architected. The hard drive enclosure contains the recording platters, read/write heads and the hydraulics to move the heads; and, that is where the actual recording of data occurs. The disk controller contains the electronic circuit (the hard-wired digital logic) FIGURE D.21 which enables the CPU to communicate with the hard drive, and also provides an interface between the hard drive and the system bus (the hard-wired data highway) connecting it to the rest of the system, which is built on top of the motherboard. This is an example of a tightly-coupled architecture, where there is strong bond and dependency amongst the various components of the working system; and, there is very limited options of swapping out one part and replacing it randomly with another part from a completely different manufacturer. LOOSELY COUPLED. The essence of storage virtualization is to eliminate this tightly-coupled approach (close bonding and heavy dependency amongst components) by a loosely-coupled architecture (freedom to mix-and-match components and technologies) by separating the “control” aspect from the “storage” aspect. The actual recording of data must still ArcelorMittal University, IT Academy
Page 90
Cloud Computing Basics
happen somewhere on a real device, otherwise when power goes off, all data will be lost. But the mechanism that controls where that data is recorded, how that data is retrieved, and how the storage system appears to a human being or machine using the system — all of these being tasks executed by the controller — which is now extracted (removed) from the hardware layer and moved into the software layer. ABSTRACTION. Such an approach is called “abstraction”, where complexities FIGURE D.22 are isolated in different parts of a system, so that someone working in one part of the system does not have to worry about the complexity of the whole system. A good common everyday example is the automobile. A car is an extremely complex system, but when we drive a car, we are given a few essential controls (such as, steering, accelerator, brake, gear, ignition, etc.) which allow us to control this highly complex machine at a higher level of abstraction without bothering about what is happening below the hood. The purpose of abstractions is to simplify; to make complex things more easily understood and used. Hardware abstraction is done by software, and hides the differences between the underlying hardware and the software that operates on it. This assists software development, because now software can execute regardless of the make and model of the hardware it is ultimately addressing though the abstraction layer (which translates generalized software functions into platform-specific hardware functions, and vice versa). As a result, the resultant software can run on (and be re-used endlessly for) a much wider range of hardware without having to be recompiled. Without abstraction, we would remain tightly-coupled with hardware, in which case, all software developed for one hardware would have to be rejected and re-written every time we wished to utilize a new hardware. Wouldn’t it be much more cost-effective and productive to build the Storage Control Mechanism (storage intelligence) once, in a loosely coupled manner, so that it could be utilized with a hardware platform where we could swap disk resources in and out as appropriate for the storage task at hand? Figure D.22 illustrates one quite typical hardware virtualization strategy using two layers of hardware abstraction: (1) the “physical hardware abstraction layer” close to the hardware, and (2) the “virtual hardware abstraction layer” close to ArcelorMittal University, IT Academy
FIGURE D.23 Page 91
Cloud Computing Basics
the operating system. This is the strategy on which server hardware is virtualized for the Cloud. It is an example of loose coupling between the lowermost hardware layer and the virtual machines that ultimately ride on the top of the technology stack. Now let us compare this with Figure D.23, which applies a similar strategy of hardware abstraction to the task of storage virtualization. Here the different layers of abstraction separates (and renders loose-coupling to) FIGURE D.24 the computer hardware layer (the Servers), and the storage layer (the high volume storage systems); and, allows disparate and heterogeneous storage systems from different random manufacturers to be used at will. In this schematic, the example of disk storage arrays from IBM and EMC are provided as examples, but could be from HP, Dell or any other storage vendor. We also note that the Servers may also have disk drives attached to them in the hardware layer. Those are also utilized in this scheme of things along with the virtualized storage systems.
Figure D.24 illustrates how this storage virtualization strategy could result in a loosely coupled and flexible way of using different kinds of storage systems from different manufacturers with a set of servers that could also be from different Server manufacturers. This architecture lays the foundation for software-define storage, and we note that a software defined storage system is based on both software and hardware components. SOFTWARE-DEFINED STORAGE. Software Defined Storage, therefore, isolates the hardware layer from the control layer by utilizing hardware abstraction techniques, and fulfils the dream that it is much more cost-effective and productive to build the Storage Control Mechanism (storage intelligence) once, in a loosely coupled manner, so that it can be utilized with a hardware platform where we can swap disk resources in and out, as appropriate for the storage task at hand. SUMMARIZING: The goals of software-driven storage is to isolate the “control” layer into software and separate it from the hardware layer, thereby creating a storage system which:
Supports all core storage functions. Supports the use of any commodity storage hardware. Works with any commodity server hardware platform. Unifies disparate storage technologies. Provides High Availability. Provides automated data protection on request from users. Provides a set of APIs for applications that need or seek special integration. Allows hot swapping of storage devices without any service interruption. Pools storage resources across physical devices, and thereby provide auto-scalable virtual storage for
ArcelorMittal University, IT Academy
Page 92
Cloud Computing Basics
dynamic capacity planning.
SOFTWARE DEFINED NETWORKING When similar virtualization and abstraction principles (that we have just explored with reference to Software-defined Storage) are applied to the whole Network, we get Software-defined Networking (SDN). The goal is the exact same: To separate the control function from the hardware, and allow software to run separately from the underlying hardware. Let’s look at a problem statement by examining the typical network schematic represented in Figure D.31. Here the network device circled in RED is only aware of data packets flowing through it. It has no knowledge of what is the state of the network devices and of the data packet flow in other parts of this extensive network.
FIGURE D.31
This is what is meant when we say that most of our current networks are hardwired and quite inflexible; that they are internally programmed to forward data packets in a certain way; and, that each network device has only a limited view of the network. This approach to routing based strictly on a local view of the network, and without any understanding of traffic density elsewhere in the network, could have undesirable effects, because in heavy traffic conditions, a hardwired switch might forward a packet right into a “traffic jam” even though less congested routes to the destination might have existed. This is sometimes referred to as a “locally optimized, globally confused” approach to traffic management. Only a device with a global view of the network would be able to choose the most effective route under dynamically changing circumstances. The solution is to separate the network’s control logic from the physical routers and switches that forward traffic, and to implement the control logic at a centralized network control point from where traffic can be managed based upon a real-time view of the entire network. The solution also required a secure and reliable mechanism to reprogram the ArcelorMittal University, IT Academy
Page 93
Cloud Computing Basics
switches by dynamically updating their routing tables. This, then, is one of the promises of SDN: To transform our hardwired and inflexible networks (that almost always result in underutilized resources) into adaptive networks that are dynamically reactive to the changing resource requirements of today’s Cloud computing and High Availability environments. The other promise of SDN is — very much like that of Software-defined Storage — to enable the control intelligence to be written once and be used with a large variety of hardware from different vendors. But unlike Software-defined Storage, Software Defined Networking is not “one thing”; it is slightly different things to different industry groups, depending on what part of networking they are focused on. As a result, we find different phrases being used in the industry to explain SDN, as listed below.
Open Networking Foundation (which is the premier body for standardizing SDN) says: “network control is decoupled from forwarding and is directly programmable”. Wikipedia says: “computer networks that separate and abstract elements of these systems?” SearchSDN says: “control is decoupled from hardware”. WildPackets says: “smart network which will monitor and reconfigure itself based on traffic demands”.
SDN has its foundation in OpenFlow, a new standard communications interface between the control and forwarding layers of a SDN-based network. But with time, that narrow focus on software control over forwarding data packets was expanded to a more global view — an architectural view — that included all of the protocols and technologies that provide for centralized, intelligence-based control of the whole network. BASIC SDN ARCHITECTURE. SDN is a three-layer architecture. The topmost layer is the Application Layer, which includes applications that deliver services, such as switch/network virtualization, firewalls, and flow balancers. These functions are abstracted from the Bottom Layer, which is the hardware layer (the underlying physical network layer). Between these two layers, lies the SDN Controller Layer, which is the most critical component of SDN. In between lies the SDN controller, the most critical element of SDN. Figure D.32 graphically depicts this architecture. The controller removes the control function from the network hardware, and transfers that into control intelligence software that is in that middle layer. OPENFLOW ENABLED SDN. The OpenFlow protocol, originally developed at Stanford University, forms the basis of some networking equipment vendors’ SDN strategy. The OpenFlow specification is managed by the Open Networking Foundation (ONF), and the goal is to create a common "language" for programing network switches. OpenFlow language is used between a controller and a switch to tell the controller about traffic flows and to communicate to the switch how to forward those flows.
FIGURE D.32
Many hardware and software vendors, including Alcatel-Lucent, Brocade, Cisco, Dell, F5, HP, Juniper Networks, NEC, Plexxi, and VMware support OpenFlow. SDN USING APPLICATION PROGRAMMING INTERFACES. SDN can also be implemented by using Application Programming Interfaces (APIs) as an alternate way to provide the ArcelorMittal University, IT Academy
Page 94
Cloud Computing Basics
necessary abstraction. This method creates a highly programmable infrastructure.
SDN THROUGH NETWORK OVERLAY. In this method of creating a SDN, rather than building an entire logical SDN network from scratch, the SDN implementation is built as an overlay in order to leverage a physical network that already exists. The overlay is created using virtual switches inside hypervisors. Several vendors, including VMware, offer SDN through network overlay.
VIRTUALIZED DATA CENTER Quick recap: A Data Center consists of:
1. 2. 3. 4.
Servers (CPU, RAM), Storage devices, Networking equipment, and Support systems like those that provide power, heating & cooling, and security.
#4 belongs to the physical layer wherever real servers exist. We can neither eliminate nor virtualize those equipment. But when the other three components (Servers, Storage and Networks) have been virtualized on an integrated platform by a Unified Data Center Management, what we get is a virtualized data center — in other words, a Softwaredefined Data Center; or, a whole Data Center as a Service. So the essential components making up the SDDC may be summarized as follows: 1. 2. 3. 4.
Virtualized Compute function. Virtualized networking. Virtualized storage. Unified Data Center Management software integrating all of the above on a unified virtual platform.
The term Software-defined Data Centre (SDDC) rose to prominence in 2012 during the annual virtualization conference called VMworld 2012. VMware introduced the term during the event, and defined SDDC as an IT facility where the elements of the infrastructure – networking, storage, CPU and security – are virtualized and delivered as a service. The provisioning and operation of the entire infrastructure is entirely automated by software. WHAT IS THE DIFFERENCE BETWEEN A SOFTWARE DEFINED DATA CENTER AND A PRIVATE CLOUD? The question has been raised in open forums, and the answer is “No”. The software-defined data center is a vision of the future that goes far beyond a mere Cloud. Clouds are hosted in data centers, and the SDDC will also be used to host Clouds, whether Public Cloud, Community Cloud, Private Cloud or Hybrid Cloud. So it is not the same concept as a Cloud, and is a much broader concept and a grander vision.
ArcelorMittal University, IT Academy
Page 95
Cloud Computing Basics
SOCIAL IMPACT OF THE CLOUD ORGANIZATIONAL CULTURE Organizational culture represents the collective vision, values, beliefs, principles, systems (processes), habits, languages and symbols. It is the result of such factors as history, product, market, technology, strategy, type of employees, management style, and national cultures and so on. WHY IS IT IMPORTANT? Organizational culture is important because it guides interpretation and action in organizations by defining appropriate behavior for various situations. It highly influences collective behavior and assumptions that are taught to new members of the organization. Organizational culture affects the way people and groups interact with each other, with clients, vendors, the public and the stakeholders.
HOW THE CLOUD IMPACTS ORGANIZATIONAL CULTURE Any major shift in the way we collaborate with our peers, the way we conduct business, interact with our customers, and impact productivity and performance, is a change in the organizational culture. The Cloud not only takes the whole white collar world online and turns them into a truly mobile workforce, but also unlocks numerous new ways of working, collaborating and interacting; and, enables a whole new style of operation and innovation that ultimately impacts the way people “think”. All of these invariably result in changing the organization culture (the collective vision, values, beliefs, principles, systems (processes), habits, languages and symbols that influence collective behavior). Human behavior and learned patterns when altered over extensive periods of time causes the neurons within the brain to rewire. When the brain is rewired, the thoughts, beliefs, habits, values, and environment changes. In an organization, this not only is a change in the individual’s culture but also the company’s. Once a sales person is more productive and performing better using a new application such as Salesforce.com, their values and beliefs changes which causes an individual cultural change. As a result the individual, colleagues, management, and organization as a whole have a positive cultural change through the process of business performance improvement that was caused by the decision of bringing in a new technology to the organization.
GREAT OPPORTUNITY FOR THE MANAGEMENT The right corporate culture can make a huge difference to organizational outcome. That is why companies like Google and Infosys make massive investment in building a campus and a work environment that promotes innovation, free thinking, collaboration, initiative and accountability. The Cloud is perhaps a brilliant opportunity for a Corporate Management to innovate, plan and implement controlled change in the organizational culture by taking advantage of the new framework.
ArcelorMittal University, IT Academy
Page 96
Cloud Computing Basics
ONE CIO’S JOURNEY TO THE CLOUD The CIO being the bridge between business and IT, the CIO usually leads the Cloud adoption drive. Therefore, the varied Cloud-related experiences of senior executives who have graced this position in large organizations are of especial relevance in the content of this eBook. In this section we follow some of the early real-life Cloud experiences of Niel Nickolaisen, who has been CIO and CTO in a range of organizations, including Franklin Covey, Headwaters, Western Governors University, and most recently, OC Tanner. All material has been gathered from the public domain where Mr. Nickolaisen has generously shared and copiously documented his journey to the Cloud. In the first piece (“Journey to the Cloud”), he writes about the resistance he faced from the IT department, and how he handled it. In the second piece (“A CIO learns how to navigate between the cloud and a legacy system”), he documents his first missteps in moving legacy systems to the Cloud, and how he ultimately prevailed.
JOURNEY TO THE CLOUD Dated: APRIL 23, 2013 AT 11:07 AM As I write this, we are facing a decision that I suspect is not too much different from a decision facing a broad range of organizations—what to do with the cloud and when to do it. To a certain extent, this decision is being made for us. The fairly rapid expansion and adoption of SaaS, PaaS and IaaS services means that we must quickly, but correctly, figure out our own cloud strategies. In our case, we recently decided to replace one of our mission-critical, highly interconnected, on-premise applications with a cloud application. The only place this application runs is in the cloud and, because this application must connect to many of our on-premise applications, our SaaS decision implied a hybrid cloud model. I fully expect that as we replace some of our other legacy applications, our use of the public cloud will increase. In some ways, we have prepared ourselves for our transition to a hybrid cloud and that preparation will service us should we move entirely to the public cloud. Several years ago, we moved major portions of our on-premise infrastructure to an external data center. An element of this move was a wholesale use of virtualization. This external data center/virtualization combination has become our private cloud. Our move to this private cloud required us to be good at remote systems configuration, software upgrades, recovery, patching, software deployment, etc… And we needed to be good at remote system administration because we then extended our private cloud by moving some systems to an additional external data center. In effect, our private cloud now has three nodes: the central office, external data center No. 1, and external data center No.2. We have deployed the full range of virtualization and management tools so that we can respond better to the dynamic nature of our organization and projects. We can scale up and down as needed to support specific initiatives. Our separate nodes make disaster recovery a breeze (at least logistically and geographically). And, our private cloud experience has helped us be somewhat prepared for our newly required hybrid cloud. Why only somewhat prepared? This is because we can exert a certain amount of control over our private cloud. Our hybrid cloud requires us to connect to, share data with and rely on someone that is not us—a frightening prospect for the security, performance and reliability-minded. ArcelorMittal University, IT Academy
Page 97
Cloud Computing Basics
At first, my team, who has spent their lives in an on-premise or private-cloud environment simply would not accept the fact that we are now using the public cloud. First, they wanted to impose the same controls on the SaaS environment they imposed in our on-premise and private world. But, that control does not exist. Next, they wanted to require the software team engage in a wide range of contortions such as data encryption between the SaaS and our legacy applications, databases in the DMZ, and who knows what else. Finally, they tried to convince the organization to change its mind about the SaaS application and implement an on-premise application. When none of these worked, my team resigned itself to a life in a public cloud world. But, they still had reservations and no idea how to manage the data exchange between the private and public elements of our hybrid cloud. So, I did two things. First, I gave everyone a copy of an article from my MIT Alumni magazine. In an article on cloud security, Jeremiah Grossman explains that security in the cloud is better than the security of my private or on-premise environments. How can this be? Because the entire cloud business model depends on superior security, and so it is a higher priority for the provider than it is for my organization. Second, I told them that we did not have to solve how to securely manage the data exchange. Why? Because others have already figured this out. We just need to learn what the others do so we searched for best practices we could implement. As a result, we are now implementing our hybrid cloud. With this cloud in place, we can start to experiment with purely public cloud options. This experience has taught me a few things, including:
If we are aggressively using virtualization, we have already taken big steps toward a private cloud. If we are using an external data center and aggressively using virtualization, we have a private cloud. Shifting to a hybrid or private cloud model is a cultural shift, not a technology or security shift. Given the increasing number and quality of cloud offerings, we CIOs had better be the ones driving this cultural shift—otherwise, we are on the path to obsolescence.
[Source: http://www.xchange-events.com/newsletter-articles/cio-niel-nickolaisens-journey-to-the-cloud/]
A CIO LEARNS HOW TO NAVIGATE BETWEEN THE CLOUD AND A LEGACY SYSTEM Dated: (Undated) The production environment that supports my legacy applications is a Gordian knot of different technologies and different approaches to architecture. There is not a person alive on the earth who fully understands how this legacy environment works. We find this out each time we make a change to a legacy application and then wait to see what else breaks. Interacting with this overly complex environment is such a nightmare that we avoid it whenever we can. Navigating through or around this legacy system slows down everything we do. Any time someone asks for a new application or major enhancement that involves this environment, I have to say that it will take at least six months -and six months is being optimistic. This situation reminds me of what I consider to be two unassailable facts: Complexity is the enemy of agility, and complexity generates risk. In my experience, there is no possible good result from anything complex. As a result, I do all I can to avoid it. I work pretty hard each day to simplify everything I can about IT -- simpler business rules that minimize exception handling, more transparency about everything we do, rigorous standardization and streamlined internal processes. Simplification sounds like a laudable goal, but sometimes my quest for simplicity is in conflict with other goals -- and that legacy system. Over the past two years, we have moved some major workloads to the cloud. Unless or until everything we do is in the cloud, this move to the cloud creates integration complexity. In the good old days, applications exchanged data to an application that resided in the same data center. Now, the data path goes from an ArcelorMittal University, IT Academy
Page 98
Cloud Computing Basics
application, through our internal network, through an external network, to one or more Software as a service (SaaS), Infrastructure as a Service (IaaS) or Platform as a Service (PaaS) providers and back. Such paths can result in some challenges. Our first use of IaaS turned out to be a bit of a nightmare. We moved one of our applications to the IaaS provider. But this application spent its entire life communicating with applications in our data center. In spite of our best efforts, there was simply too much latency in this data exchange, and so we moved the application back into our data center. The legacy system prevailed. We next did a global implementation of an application that is only available as SaaS. This application must exchange data with multiple systems -- with some of the data exchange needed in near real-time. Having learned some lessons from our first foray into the cloud, we completely changed our architecture. Instead of creating a hefty set of point-topoint integrations, we implemented -- also in the cloud -- an enterprise service bus product that acts as our data transformation and integration hub. This data exchange is purpose-built to manage, with low latency, the integration of data services for everything we do. At a minimum, I figured that buying a product, instead of building my own, dramatically reduced project complexity. Even better, the product includes the functionality to align data exchange to business needs. Some of the data gets transformed and processed in near-real-time. Other data is queued in a holding tank and waits for quiet times before it takes its integration path. Thus, the high-priority exchanges don't compete with the low-priority traffic. Given the fact that I accepted a certain level of complexity when I signed up for my version of a hybrid cloud, this has been the most practical way to get the benefits of SaaS, IaaS and PaaS at the lowest possible cost of complexity. [Source: http://searchcio.techtarget.com/opinion/A-CIO-learns-how-to-navigate-between-the-cloud-and-a-legacy-system]
ArcelorMittal University, IT Academy
Page 99
Cloud Computing Basics
OBSOLETE ALREADY By the time you reached this page, some of the information in this eBook would have already become obsolete. Such is the terrific rate of change in the virtualization and Cloud technologies. While that is true, it is also true that the fundamentals of computing have held their ground steadily since 1936 when the Turing Machine was invented by Alan Turing. Even today, our leading general-purpose programming languages (Java, C, Objective-C, C++, Python, C#, R, PHP, JavaScript, Ruby, SQL, Perl, Visual Basic, Matlab and Swift) adhere to the Turing principles. Therefore, a large part of this eBook will also continue to hold its value over time because it focuses on fundamental concepts, not on products. vmWare might be replaced by zmWare, or Hyper-V by Hyper-Z, but the basic virtualization approach based on hardware abstraction (as explained in this eBook) will hold true, even if new paradigms like nested virtualization are piled on top of the core ideas.
SOME NON-OBSOLETE IDEAS What is also unlikely to become obsolete quickly are some of the following Cloud-related trends.
Our ever growing appetite for data on mobile devices, which will continue to stretch all infrastructure towards the bursting point, and keep the scalability of the Cloud essential for the world to function. Mega bandwidth growth in wireless transmission, where most content will ultimately be delivered wirelessly from the Cloud. Pay-per-consumption model will — by consumer demand — overtake existing payment models. Ultimately all Cloud services will be consumed purely on the utility model, solely by usage, and not by a dormant subscription. SaaS vendors will offer corporations transaction-based pricing. So unlike SAP today offering companies Cloud-based SAP based on the number of users, and/or the number of “SAPS” (an archaic 20th century sizing methodology meant for non-scalable physical hardware), SAP will offer companies a price based on actual business transactions. That is the Holy Grail of Cloud pricing, and we wait to see which company has the guts to disrupt the SAP (and other ERP) market(s) by offering transaction based pricing. The white-collar workforce will increasingly become distributed, and start working from home or community environments (like business centers, libraries, community halls, communes, etc.) and not from a formal office — thereby requiring all corporation applications to be necessarily moved to the Cloud. The blue-collar workforce will be impacted by the Internet of Things, and they will be compelled to embrace the Cloud at work. Today we have social networks of people, like Facebook, Instagram, Tumblr. Soon we are going to see Social Networks of Machines in the Cloud, where machines will connect with each other, exchange information, and “like” each others’ posts — these posts being production, performance and maintenance matrices. This revolution, fueled by the Industrial Internet, might create the greatest challenge yet on data storage and bandwidth, thereby making the dynamic scalability of the Cloud so very indispensable. Social State storage systems will replace all other forms of storage for live data, thereby rendering all live data “permanently in memory” and enabling dynamically scalable Cloud supercomputers of the near future an indispensable tool for Big Data analytics. Cloud hypervisors will become intelligent, and automatically align our Cloud resource with our changing needs. Aided by future collaborative hybrid cloud architectures like today’s Cloud Burst, tomorrow’s Clouds will also be much more scalable and upper-powerful compared to today’s puny Community Clouds. With explosive growth in bandwidth, and in data transmission technology, there will be reduced crosscontinental latency, and tomorrow’s intelligent hypervisors will be able to burst into distant Clouds. As a result political boundaries may melt away further, and induce greater cross-border collaboration. The convergence of the Semantic Web and the Cloud will probably put a personal assistant for us in the Cloud, always available to u, and who will answer questions like “What do you recommend I do this evening?”
ArcelorMittal University, IT Academy
Page 100
Cloud Computing Basics ď&#x201A;ˇ
Ultimately, all of these changes may have immense socio-political and cultural impact, and pave the way towards the realization of the One World vision of a borderless economy funded by government-agnostic bitcoins.
This is a vision of the future that is founded on observable evidence that is trending today. However, only the future will tell what actually comes to pass. What is certain is that it is going to an exciting ride into the unknown. Welcome on board!
ArcelorMittal University, IT Academy
Page 101
Cloud Computing Basics
Click here
Liked it? Hated it? Help us improve!
The End ArcelorMittal University, IT Academy
ArcelorMittal University IT Academy
Page 102
Sponsor Daniele Pagani Corporate CIO
Supported by Patrick Esser Head, IT Academy
Subject Matter Expert Wim Le Noir Head of IT Infrastructure Mining CIO Office
Subject Matter Expert Abhishek Chaudhry Lead, Cloud CoE
Assisted by Lise Cascales Training Coordinator
Subject Matter Expert Bernard Buchanan General Manager, IT Solutions ArcelorMittal Dofasco
eBook developed by Probal DasGupta
e-book Cloud Computing basics training