Professional Documents
Culture Documents
Contents
Security Challenges
Conclusion
What is a Cloud Computing?
Cloud-resident entities such as data centers have taken the concepts of grid
computing and bundled them into service offerings that appeal to other entities
that do not want the burden of infrastructure but do want the capabilities hoste
d
from those data centers. One of the most well known of the new cloud service
providers is Amazon s S3 (Simple Storage Service) third party storage solution.
Amazon S3 is storage for the Internet. According to the Amazon S3 website, it
provides a simple web services interface that can be used to store and retrieve
any amount of data, at any time, from anywhere on the web. It gives any
developer access to the same highly scalable, reliable, fast, inexpensive data
storage infrastructure that Amazon uses to run its own global network of web
sites. The service aims to maximize benefits of scale and to pass those benefits
on
to developers.
This Architecture illustrates the high level architecture of the cloud
computing platform. It s comprised of a data center, IBM Tivoli Provisioning
manager, IBM Tivoli Monitoring, IBM Websphere Application Server, IBM DB2,
and virtualization components. This architecture diagram focuses on the core
back end of the cloud computing platform; it does not address the user interface
.
Tivoli Provisioning Manager automates imaging, deployment, installation,
and configuration of the Microsoft Windows and Linux operating systems, along
with the installation / configuration of any software stack that the user reques
ts.
Tivoli Provisioning Manager uses Websphere Application Server to
communicate the provisioning status and availability of resources in the data
center, to schedule the provisioning and deprovisioning of resources, and to
reserve resources for future use.
As a result of the provisioning, virtual machines are created using the XEN
hypervisor or physical machines are created using Network Installation Manager,
Remote Deployment Manager, or Cluster Systems Manager, depending upon the
operating system and platform.
IBM Tivoli Monitoring Server monitors the health (CPU, disk, and memory)
of the servers provisioned by Tivoli Provisioning Manager.DB2 is the database
server that Tivoli Provisioning Manager uses to store the resource data.
To approach the architecture in brief it is easy to approach with an example
here I m giving an example of Microsoft azure which is a Microsoft cloud
computing platform
D:\diag-virtmach.jpg
The storage architecture of the cloud includes the capabilities of the Google
file system along with the benefits of a storage area network (SAN). Either
technique can be used by itself, or both can be used together as needed.
Computing without data is as rare as data without computing. The
combination of data and computer power is important. Computer power often is
measured in the cycle speed of a processor. Computer speed also needs to
account for the number of processors. The number of processors within an SMP
and the number within a cluster may both be important.
When looking at disk storage, the amount of space is often the primary
measure. The number of gigabytes or terrabytes of data needed is important. But
access rates are often more important.
Being able to only read sixty megabyes per second may limit your
processing capabilites below your computer capabilites. Individual disks have
limits on the rate at which they can process data. A single computer may have
multiple disks, or with SAN file system be able to access data over the network.
So
data placement can be an important factor in achieving high data access rates.
Spreading the data over multiple computer nodes may be desired, or having all
the data reside on a single node may be required for optimal performance.
The Google file structure can be used in the cloud environment. When
used, it uses the disks inside the machines, along with the network to provide a
shared file system that is redundant. This can increase the total data processin
g
speed when the data and processing power is spread out efficiently.
The Google file system is a part of a storage architecture but it is not
considered to be a SAN architecture. A SAN architecture relies on an adapter
other than an Ethernet in the computer nodes, and has a network similar to an
Etherent network that can then host various SAN devices.
D:\strategic_tech_fig13.gif
Security Challenges:
Although virtualization and cloud computing can help companies
accomplish more by breaking the physical bonds between an IT infrastructure and
its users, heightened security threats must be overcome in order to benefit full
y
from this new computing paradigm. This is particularly true for the SaaS provide
r.
Some security concerns are worth more discussion. For example, in the cloud, you
lose control over assets in some respects, so your security model must be
reassessed. Enterprise security is only as good as the least reliable partner,
department, or vendor. Can you trust your data to your service provider? In the
following paragraphs, we discuss some issues you should consider before
answering that question.
With the cloud model, you lose control over physical security. In a public
cloud, you are sharing computing resources with other companies. In a shared
pool outside the enterprise, you don t have any knowledge or control of where
the resources run. Exposing your data in an environment shared with other
companies could give the government reasonable cause to seize your assets
because another company has violated the law. Simply because you share the
environment in the cloud, may put your data at risk of seizure.
Storage services provided by one cloud vendor may be incompatible with
another vendor s services should you decide to move from one to the other.
Vendors are known for creating what the hosting world calls sticky services
services that an end user may have difficulty transporting from one cloud vendor
to another (e.g., Amazon s Simple Storage Service *S3+ is incompatible with
IBM s Blue Cloud, or Google, or Dell). If information is encrypted while passing
through the cloud, who controls the encryption/decryption keys? Is it the
customer or the cloud vendor?
Most customers probably want their data encrypted both ways across the
Internet using SSL (Secure Sockets Layer protocol). They also most likely want
their data encrypted while it is at rest in the cloud vendor s storage pool. Be su
re
that you, the customer, control the encryption/decryption keys, just as if the d
ata
were still resident on your own servers. Data integrity means ensuring that data
is
identically maintained during any operation (such as transfer, storage, or
retrieval). Put simply, data integrity is assurance that the data is consistent
and
correct. Ensuring the integrity of the data really means that it changes only in
response to authorized transactions. This sounds good, but you must remember
that a common standard to ensure data integrity does not yet exist.
Using SaaS offerings in the cloud means that there is much less need for
software development. For example, using a web-based customer relationship
management (CRM) offering eliminates the necessity to write code and
customize a vendor s application. If you plan to use internally developed code in
the cloud, it is even more important to have a formal secure software
development life cycle (SDLC). The immature use of mashup technology
(combinations of web services), which is fundamental to cloud applications, is
inevitably going to cause unwitting security vulnerabilities in those applicatio
ns.
your development tool of choice should have a security model embedded in it to
guide developers during the development phase and restrict users only to their
authorized data when the system is deployed into production.
As more and more mission-critical processes are moved to the cloud, SaaS
suppliers will have to provide log data in a real-time, straightforward manner,
probably for their administrators as well as their customers personnel. Someone
has to be responsible for monitoring for security and compliance, and unless the
application and data are under the control of end users, they will not be able t
o.
Will customers trust the cloud provider enough to push their mission-critical
applications out to the cloud? Since the SaaS provider s logs are internal and not
necessarily accessible externally or by clients or investigators, monitoring is
difficult. Since access to logs is required for Payment Card Industry Data Secur
ity
Standard (PCI DSS) compliance and may be requested by auditors and regulators,
security managers need to make sure to negotiate access to the provider s logs as
part of any service agreement. Cloud applications undergo constant feature
additions, and users must keep up to date with application improvements to be
sure they are protected. The speed at which applications will change in the clou
d
will affect both the SDLC and security. For example, Microsoft s SDLC assumes
that mission-critical software will have a three- to five-year period in which i
t will
not change substantially, but the cloud may require a change in the application
every few weeks. Even worse, a secure SLDC will not be able to provide a securit
y
cycle that keeps up with changes that occur so quickly. This means that users
must constantly upgrade, because an older version may not function, or protect
the data.
Conclusion:
The future for cloud computing is bright. The big names in computers are
throwing lots of resources into this. Dell sees a huge market for cloud computin
g
in the future, upwards of $1 billion a year in a few more years. HP, Intel and m
ore
are throwing resources into this, and it looks like cloud computing might be the
next big thing after UMPCs.
Cloud computing is the next big wave in computing. It has many benefits,
such as better hardware management, since all the computers are the same and
run the same hardware. It also provides for better and easier management of
data security, since all the data is located on a central server, so administrat
ors
can control who has and doesn't have access to the files.
There are some down sides as well to cloud computing. Peripherals such as
printers or scanners might have issues dealing with the fact that there is no ha
rd
drive attached to the physical, local machine. If there are machines a user uses
at
work that aren't their own for any reason, that require access to particular dri
vers
or programs, it is still a struggle to get this application to know that it shou
ld be
available to the user.
If you're looking to implement this, you have two options. You can host it
all within your network, or you can use a device from a company that provides
the server storage, such as the Cherry Pal. I hope you have learned a lot about
cloud computing and the bright future it has in the coming years.
Thank You