Cloud Computing

Cloud Computing
“Cloud computing is a model for enabling convenient, on-demand network access to a
shared pool of configurable computing resources (e.g., network infrastructures,
servers, storage, applications, etc.)” – NIST
Source: P Mell & T Grance, “A NIST Notional Definition of Cloud Computing”, version 15, 2009.

 It can be envisioned as step on from Utility Computing

 It provides high level generalization (abstraction) of computation and storage
model
 It can be rapidly allocated and released with low management effort
 It has some essential characteristics, service models, and deployment models
 It provides on-demand services, that can be accessed from any place and at
anytime
Evolution of Cloud Computing
1950s 2002 2008
Time- 1970s Amazon Google
shared Virtual 1996-97 Web App Engine
mainframe Machines ‘Cloud Services / Micorsoft
computers by IBM Computing' (AWS) Azure

1969 1990s 1999 2006

ARPANET Expansion Salesforce. Amazon
of the com EC2
Internet.
Inception
of VPNs.
NIST Visual Model of Cloud Computing
Broad Network
Access

Rapid Elasticity
Public
Measured Services Software-as-a-Service
(SaaS) Private
On-demand Self- Platform-as-a-Service
services Hybrid
(PaaS)
Infrastructure-as-a-
Resource Pooling Community
Service (IaaS)

Essential Characteristics Service Models Deployment Models

Business Advantages
 Nearly zero cost for upfront infrastructure investment
 Real-time Infrastructure availability
 More efficient resource utilization
 Usage-based costing
 Reduced time to market
General Characteristics
 Improved agility in resource provisioning.
 Ubiquitous – independent of device or location
 Multitenancy – sharing of resources and costs across a large pool of users
 Dynamic load balancing
 Highly reliable and scalable
 Low cost and low maintenance
 Improved security and access control
Essential Characteristics

 Broad network access

 Cloud resources should be available over the network
 Should support standard mechanisms for information retrieval using
traditional interfaces
 Supported clients: heterogeneous thin or thick client platforms (e.g.,
mobile phones, laptops, and PDAs)
Essential Characteristics

 Measured service
 Resource usage should be recorded and monitored
 Facility to dynamically control and optimize the resource usage
 This facility should be transparent between the service provider and
consumer.
Essential Characteristics

 On-demand self-service
 Provide server time and network storage to users automatically
 This facility should be available as a self-service
Essential Characteristics

 Resource pooling
 Automatically pool the whole available resources
 Serve multiple end-users using a multi-tenant model
 Resources should be allocated according to user’s demand
Components of Cloud Computing
 Clients /end-users: Thick, Thin, Mobile Clients
 Services: Products & solutions (Identity, Mapping, Search, etc.) Services
 Applications: Web apps, SaaS, etc.
Applications
 Platform: Apps/Web hosting using PaaS
Platform
 Storage: Database, Data-Storage-as-a-Service (DSaaS)
 Infrastructure: Virtualization, IaaS, EC2 Storage
Infrastructure
Source: Wikipedia
Service Models Clients
Machine
User Interface
 Software-as-a-Service (SaaS) Interface

Application
 Platform-as-a-Service (PaaS) Components Services

 Infrastructure-as-a-Service (IaaS) Platform

Compute Network Storage

Infrastructure
Servers
Source: Wikipedia
Software-as-a-Service (SaaS)
 Facility to execute service provider’s applications at user’s end
 Applications are available as ‘services’
 Services can be accessed via different types of client devices (e.g.
web browser, app)
 End-users do not posses the control of the cloud infrastructure

Examples: Google Apps, Salesforce, Learn.com.

Platform-as-a-Service (PaaS)
 Facility for the consumer to execute consumer-created or acquired
applications onto cloud infrastructure
 Support for deployment of such applications
 The user does not control the cloud infrastructure
 User can control the deployed applications using given
configurations
Examples: Windows Azure, Google App Engine
Infrastructure-as-a-Service (IaaS)
 Facility to access computing resources such as network, storage,
and operating system
 User can deploy, execute and control any software (Operating
systems and other applications)
 In some case, the user can control selected networking components
(e.g., host firewalls).
Examples: Amazon EC2, GoGrid, iland, Rackspace Cloud Servers.
Deployment Models
 Public cloud
Private/ Public/
 Private cloud Internal Hosted
Hybrid

 Hybrid cloud On-premise Off-premise

 Others: cloud service cloud service

Source: https://en.wikipedia.org/wiki/Cloud_computing
 Community cloud
 Distributed cloud
 Multi-cloud
 Inter-cloud
Public Cloud
 Cloud set-up for the use of any person or industry
 Typically owned by an organization who offers the cloud service.
 Examples: Amazon Web Service (AWS), Google Compute Engine, Microsoft
Azure
 Advantages:
 Easy to set-up at low cost, as provider covers the hardware, application and
bandwidth costs.
 Scalability to meet needs.
 Pay-per-use ensures that from user’s perspective no resources wasted.
Private Cloud
 Cloud set-up functioned only for a single organization
 Typically managed by the organization itself (on-premises) or a third party
(off-premises)
 Advantages:
 Total control over the system and data
 Minimum security concerns
 Disadvantages:
 Regular maintenance
Public Cloud vs Private Cloud
Public Cloud Private Cloud

Virtualized resources Publicly shared Privately shared

Customer types Multiple Limited

Connectivity Over Internet Over Internet/private network

Security Low High

Hybrid Cloud
 Cloud set-up constructed by two or more unique cloud set-up (private,
community, or public)
 Pooled together by standardized tools
 Supports data and application portability (e.g., facility for load-balancing
between clouds)
 Provides multiple deployment models
Other Types of Cloud
 Community cloud
 Shared set-up between several organizations having common concerns (security, compliance,
jurisdiction, etc.)
 Managed by internally or by third party
 Distributed Cloud
 Collection of scattered set of computing devices in different locations, however, connected to
a single network
 Two types – Public-resource Computing and Volunteer Cloud.
Other Types of Cloud
 Multi-cloud
 Multiple cloud computing services offered via single heterogeneous architecture
 Increases fault-tolerance and flexibility
 Inter-cloud
 Unified global ‘cloud of clouds’ based on the Internet
 Supports interoperability between cloud service providers
Comparison of Different Deployment Models

On-premise Off-premise

Dedicated Access Private cloud Hosted private cloud

Shared Access Community cloud Public cloud

Cloud Security - Introduction
 Problem: User loses control of information available on public cloud
 Security concerns:
 Loss of data
 Account seizing
 Service traffic hindrance
 Vulnerable APIs
 Solution: Protection from theft, leakage and deletion by providing
secure policies
Infrastructure Security
 Security of cloud infrastructure must be implicitly assured
 For public or private cloud
 For services SaaS, PaaS, IaaS
 Building Levels for viewing, evaluating and executing infrastructure
security are
 Network level security
 Host level security
 Application level security
Network Level Security
 Public clouds
 Small change severely affects the network topology
 Proper access control for using resources
 Achieving confidentiality and integrity of data-in-transit
to and from the cloud service provider
 Availability of internet resources correctly to genuine
users from cloud service provider
Host Level Security

 Host security at PaaS and SaaS Level:

 Hide the host operating system from end-users
 Security responsibilities are transferred to Cloud service
providers
 Host security at IaaS Level:
 Primary objective is to secure the allocated hosts
 Example of threats: Blue Pill attack on hypervisor
Application Level Security

 Both CSP and the customer are responsible for security at

application level

SaaS Providers PaaS providers IaaS Providers

• Security of deliverable • Security of • Application level
applications • PaaS platform security is not
• Deployed customer provided by IaaS
applications • Customers arrange for
security mechanism
Data Security
Data in transit
 Objectives:
 Confidentiality Data
Provenance
Data at rest

 Integrity Aspects of
 Availability Data Security

 Solution: Data
Remanence
Data
including
Multitenancy
 Identity management
Data Lineage
 Encryption
 Access control
Identity and Access Management (IAM)
 A branch of cloud security that allows the legitimate persons
to retrieve the legitimate resources at the legitimate time for
the legitimate reasons
 User identities and access permissions are instigated, caught,
administered and recorded by IAM
 Authentication, authorization and evaluation of all users are
done according to the terms and conditions and the roles of
users
Features of IAM

 Single Access Control Interface

 Increased security
 Access Control over Resource-level
 Improvement of operational efficiency
 Organizations attain access control and operational security
using IAM
 Improvement of regulatory compliance management
Access Control
 Access control layers in cloud include:
 Cloud access
 Server access
 Service access
 Database access (direct and queries via web services)
 VM access
 Access to objects within a VM
 Management of these layers depends on provider or
consumer, based on the deployment model
Trust and Reputation

 Trust: Independent expectancy between two entities for any

specific context at a given time
 Reputation: Belief of an entity’s standing by the community
 These concepts are needed by the customer to select
appropriate cloud provider
Trust and Reputation Contd.

 Different modes of trust establishment include

 Accomplishment of Service Level Agreement
 Application of audit standards
 Measuring and ratings
 Questionnaires for self-assessment
Risk Assessment

 Categorization of different assessment methodology

 Formal versus informal procedures
 Qualitative (high/moderate/low) versus quantitative (numbers)
techniques
 Consequence versus cause analysis
 Inductive versus deductive techniques
Authentication in Cloud Computing

 User Authentication
 What: User authentication process between new users and service
provider
 When: During the authentication, the properties and safety of process
can be invaded by attack causing severe damages
 Where: User authentication is done at PaaS layer
 Consequence: Threat to authentication process can lead to divulge of
confidential data to a fake user