228-4 enterprise systems - lecture 9
TRANSCRIPT
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
1/36
Cloud Computing
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
2/36
Definition
Cloud computing is a pay -per-use model for enabling available, convenient, on-demand network access to ashared pool of configurable computing resources (e.g.,networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This
cloud model promotes availability.
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
3/36
What is cloud computing?I dont understand what we would do differently inthe light of Cloud Computing other than change thewordings of some of our ads
Larry Ellision, Oracles CEO
I have not heard two people say the same thing about it [cloud]. There are multiple definitions out there of the cloud
Andy Isherwood, HPs Vice President of European Software Sales
Its stupidity. Its worse than stupidity: its amarketing hype campaign.
Richard Stallman, Free Software Foundation founder
3
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
4/36
Business attributes Access resources from cloud of available computing
resourcesIs always available and scales automatically to meet demand
Is pay per use: Based on resources consumed
Enables full customer self-serviceNote: Can be provided by 3 rd party (e.g. Amazon) or on own network for v. large organisations (a.k.a private cloud)
Acquire resources on demandRelease resources when no longer needed
Turns capital investment/fixed cost into operating costs/variable costs
Reduced cost take advantage of economies of scale across users of cloud
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
5/36
Technology attributes
Access computing resources via Internet protocols fromany computer
Reduced system administration overhead: automated provisioning
Increased/matched reliability and security
Acquire resources on demandIncreased utilisation through sharing of resources through virtualisation
or multi-tenancyTo minimise the cost to the provider, clouds rely on a large number of commodity processors. These are cheaper to purchase and consumer less power per unit of processing when compared to high power processors
No longer design deployment environment to meet maximum load
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
6/36
The NIST Cloud Definition Framework
6
CommunityCloud
PrivateCloud
PublicCloud
HybridClouds
DeploymentModels
Service
Models
EssentialCharacteristics
CommonCharacteristics
Software as a
Service (SaaS)
Platform as a
Service (PaaS)
Infrastructure as
a Service (IaaS)
Resource Pooling
Broad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost Software
Virtualization Service Orientation
Advanced Security
Homogeneity
Massive Scale Resilient ComputingGeographic Distribution
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
7/36
OS Virtualisation leads directly to resilient computing,rapid elasticity and advanced security In case of VM based cloud, facilitates measured service as
hypervisor tracks usage
Multi-tenancy provides rapid elasticity
The NIST Cloud Definition Framework
7
EssentialCharacteristics
CommonCharacteristics
Resource Pooling
Broad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost Software
Virtualization Service Orientation
Advanced Security
Homogeneity
Massive Scale Resilient ComputingGeographic Distribution
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
8/36
A number of other attributes rely on the scale of investment undertaken by cloud providers Early cloud promoters (e.g. Amazon & Google) had to build
massive scale for their main businesses
Use of open source software and commodity hardwarereduces overall cost to cloud provider
The NIST Cloud Definition Framework
8
EssentialCharacteristics
CommonCharacteristics
Resource Pooling
Broad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost Software
Virtualization Service Orientation
Advanced Security
Homogeneity
Massive Scale Resilient ComputingGeographic Distribution
Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
9/369
4 Cloud Deployment ModelsPrivate cloud
Cloud infrastructure is operated solely for an organization. It maybe managed by the organization or a third party and may exist onpremise or off premiseTypically only large organisations
Public cloudCloud infrastructure is made available to the 3 rd parties but isowned by an organization selling cloud services
Cloud services designed to be generic and suitable to allcustomersE.g. Amazon, Google, Microsoft, BM etc
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
10/3610
4 Cloud Deployment ModelsCommunity cloud
Cloud infrastructure is shared by several organizations andsupports a specific community that has shared concerns (e.g.,mission, security requirements, policy, and compliance
considerations)May be managed by the organizations or a third party and mayexist on premise or off premise
Hybrid cloudcomposition of two or more clouds that remain unique andseparate entities but are bound together by standardized or proprietary technology that enables data and applicationportabilityCloud bu rs t ing is the term used to describe the process wherean organisation extend from a private to public cloud
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
11/36
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
12/36
Service model architecture
Four main service model architecturesDatastore as a service is not always included although currentlythe most popular use of cloud
Significant differences in the technical and commercial
architectures 12
Infrastructure As A Service (IaaS)
Platform As A Service (PaaS)
Software As A Service (SaaS)
D a
t a s
t o r e a s a s e r v
i c e
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
13/36
Service model architecture:Datastorage as a servce
Functional: Data storage interfaces can be used by any of the other types or accessed directly
Examples of direct usage: Amazons really simple storage
Commercial: Charged on basis of amount of storage used13
Infrastructure As A Service (IaaS)
Platform As A Service (PaaS)
Software As A Service (SaaS)
D a
t a s
t o r e a s a s e r v
i c e
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
14/36
Characteristics of clouddatastore
Cloud based datastore is massively distributed and scalableUtilises large number of commodity servers (a.k.a. nodes)
This implies that the chance of system failure across a large number of nodes is high
Therefore, cloud datastore must cope with node failure
Cloud datastores are typically non-relationalDistribution across a large number of nodes not a good fit to therelational model of databases. Relational databases support joinswhich are hard to implement in a massively distributed way
To address requirement for relational database capabilitiesEither provide relational interfaces to non-relational infrastructure
Allow relational databases to run on a small number of nodes as part of the virtualisation
14
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
15/36
Characteristics of clouddatastore
Cloud datastores are optimised for large scale data searchE.g. Googles MapReduce (and hadoop an open sourceimplementation) which divide the processing into multiple blocks (Map)and then process each block on one or more nodes (reduce)
Cloud datastores are also appropriate to business intelligenceapplications which require column based processing
E.g. Summing sales in a particular regionIn contrast, relational databases are efficient for record/row level
read/write
15
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
16/36
Service model architecture:IaaS
Functional: Virtual server instances available for provisioningExamples: Amazons EC2,
Commercial: Charged on basis of number /scale of instances aswell as usage profile
16
Infrastructure As A Service (IaaS)
Platform As A Service (PaaS)
Software As A Service (SaaS)
D a
t a s
t o r e a s a s e r v
i c e
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
17/36
Example: Amazon EC2
Amazon provides a range of general purpose supportservices accessible via VMs
Examples of these servicesincludeSimple Queue Service: Limitedmessaging system for communications between VMs
S3: Cloud storage service
17
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
18/36
Example: Amazon EC2
Other examples of these services (cont)SimpleDB: Non-relational databaseElastic MapReduce: large scale search and text processinginfrastructureFlexible payment service: enabling website paymentsMechanical Turk: outsourcing marketplace
18
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
19/36
Amazon EC2 options andpricing
Aws.amazon.com/ec2
19
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
20/36
Service model architecture:PaaS
Functional: Application development and deployment environmentProvides programming APIs as well as underlying infrastructure
Commercial: Metering and billing based on application usage typically CPU consumption/datastore consumption
20
Infrastructure As A Service (IaaS)
Platform As A Service (PaaS)
Software As A Service (SaaS)
D a
t a s
t o r e a s a s e r v
i c e
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
21/36
Example: Google AppEnginePlatform uses multiple tenancy onthe single infrastructure
Benefit of charging only on usage andnot on number of instance (as with IaaS)
Provides general purpose supportservices
Includes infrastructure services such asdatabase
Also includes application level interfacessuch as video conferencing
Provides both server and client side APIs to develop Google AppEngineapplications
Provides a platform which is proprietary21
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
22/3622
Example: Microsoft Azure Services
Access to the Microsoft platform as a cloud basedplatform
Provides a platform which is proprietary
Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
23/36
Service model architecture:SaaS
Functional: End user interaction with the Applications function Allows for customisation of UI and workflowsOften uses mult-tenancy databases
Commercial: typically billing based on number of users23
Infrastructure As A Service (IaaS)
Platform As A Service (PaaS)
Software As A Service (SaaS)
D a
t a s
t o r e a s a s e r v
i c e
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
24/36
Example: Salesforce.comProvides complete application accessiblefrom the cloud
Infrastructure is hidden from the user
Software can be configured to supportcustomer specific requirements
Supports customisation through configurationdriven languageScope for customisation is limited
Uses multi-tenancy architectureEssential a platform for a specific class of application
Configuration results in a change to both UI andunderlying database schema for that customer 24
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
25/36
Examples of configuration
UI actions (such as entering an email address) can have customised scriptsassociated with them which perform workflow or validation logic Workflow defines the sequence of steps through the UI screens Validation logic enforces rules about information entered based on customer
specific standards or context specific restraints (i.e. What can be entered giventhe current workflow)
These may not effect the database schema definition and therefore can bedeployed only to that customers UI 25
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
26/36
Examples of configuration
UI definitions (or associated workflows) may also requiremodifications/extensions to the database schema
Through multi-tenancy/multi-schema approach, the metadata definingthe schemas specific to that customer is modified without impacting onthe baseschema or the other customers deployed schemas
26
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
27/36
27
Different types of SaaS
Type 1: Ad-Hoc/CustomType 2: ConfigurableType 3: Configurable, Multi-Tenant-EfficientType 4: Scalable,Configurable, Multi-Tenant-Efficient
27Source: Microsoft MSDN Architecture Center
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
28/36
28
Different types of SaaSType 1: Ad-Hoc/CustomEach customer (or tenant) hasthere own instance of theapplication which can becustomised on an individual basisLevel 1 SaaS is equivalent toapplication hosting
28
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
29/36
29
Different types of SaaSType 2: Configurable
A single application base iscustomised for eachcustomer/tenantCustomisation is deployed withineach instance of the applicationDeployment of upgrades across theinstance will require roll-out to eachinstance
29
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
30/36
30
Different types of SaaSType 3: Configurable, Multi-Tenant-Efficient
A single application base andinstance is customised for eachcustomer/tenantCustomisation is deployed at run-time within each instance of theapplicationSingle instance is more resourceefficient than multiple instancesDeployment of upgrades made to asingle instance
30
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
31/36
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
32/36
Conclusions: Understanding thedifferent service model architectures
Different levels of abstractionOS: Amazon EC2
Application development framework : Google AppEngine Applicaton customisation: Salesforce
Similar to languagesHigher level abstractions can be built on top of lower ones
EC2 Azure AppEngine
Lower-level,More flexibility,
More managementScalability through configuration
Higher-level,Less flexibility,
Less managementAutomatically scalable
32
Salesforce.com
IAA S PAA S SAA S
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
33/36
Cloud and security
33
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
34/36
34
General Security ChallengesSecurity/data control is the most often cited issue withmigration to the cloud
Issues include:Trusting vendors security model Customer inability to respond to audit findings(dependent on service provider to modify service)
Obtaining support for investigationsIndirect administrator accountabilityProprietary implementations cant be examined Loss of physical control
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
35/36
35
Cloud Security Challenges Part 1
Data dispersal and international privacy lawsEU Data Protection Directive and U.S. Safe Harbor programExposure of data to foreign government and data subpoenasData retention issues
Mostly addressed by cloud vendor providing geographicspecific services
Clear data ownership
Quality of service guaranteesReliability of cloud service providers service in the context of enterprise level quality of service commitments (typically withrequired recovery times in seconds or minutes)Potential for massive outages
-
7/27/2019 228-4 Enterprise Systems - Lecture 9
36/36
Cloud Security Challenges Part 2
Dependence on secure hypervisors (for IaaS) or Multi-tenancy (in both PaaS and SaaS)
Attraction to hackers (high value target)
Security of virtual OSs in the cloud
Encryption needs for cloud computingEncrypting access to the cloud resource control interfaceEncrypting administrative access to OS instancesEncrypting access to applicationsEncrypting application data at rest
Lack of public PaaS/SaaS version controlChanges to the service may occur with out explicit agreementfrom the customer unlike tightly controlled lifecyclemanagement within an enterprise