Introduction to Cloud Services Architecture 1

Cloud Computing Stack 2

Core Services

Discovery Resource Management Replication Load

Balancing

Virtualization Management

Network Hardware Application

Arc

hite

ctur

e SaaS

PaaS

IaaS

Hardware

Data Governance

Interoperability Data Migration

Man

agem

ent S

ervi

ces

Deployment

Configuration

Metering

Billing

Provisioning

Monitoring

Reporting

SLA Management

Secu

rity

Encryption

Privacy

Authentication

Authorization

Identity Federation

Architecture 3

Software as a Service: a multitenant platform that uses common resources and a single instance of both the object code of an application as well as the underlying database to support multiple customers simultaneously

¨  Google apps, Office 365, ZOHO, github, SalesForce.com, Oracle, etc.

Platform as a Service: provides developers with a platform for hosting of web applications as a service

¨  Google AppEngine, Microsoft's Azure, Heroku.com, etc.

Infrastructure as a Service: Delivery of computer infrastructure as a service

¨  GoGrid, Flexiscale, Layered Technologies, AppNexeus, Joyent, and Mosso/Rackspace, Amazon etc.

Arc

hite

ctur

e SaaS

PaaS

IaaS

Hardware

Core Services 4

Discovery

¨  Promotes reusability by allowing service consumers to find the existing services.

¨  RESTful services support discovery and reuse at design time.

Replication

¨  Replication (both Eager and Lazy) keeps all replicas as a part of one atomic transaction.

¨  Replica takes over when a location fails

Load Balancing

¨  Prevents system bottlenecks due to unbalanced loads

¨  Enables app re-provisioning without config change

Resource Management

¨  Manages virtualized resources

Core Services

Discovery Resource Management Replication Load

Balancing

Data Governance Principles that govern data movement outside the client entity

5

Interoperability

¨  Easy migration and integration of applications and data between different vendors' clouds in spite of differing hypervisors, technologies, storage, operating systems, security standards and management interfaces

Data Migration

¨  No data loss or availability loss while migrating data between data centers or cloud systems

¨  User should be able to move their data and applications any time from one to another seamlessly, without any one vendor controlling it

Data Governance

Interoperability Data Migration

Management Services Deployment and Configuration

¨  Config and deployment management tools are needed to reduce the complexity

¨  Configuration management frameworks help software developers and engineers manage server and application configuration by writing code, rather than running commands by hand

Metering and Billing

¨  Transparent metering and billing increases trust

¨  Metrics could include CPU Capacity, Bandwidth (Inbound/Outbound Data Transfer), Storage Space, Software License Fee for example

6

Man

agem

ent S

ervi

ces

Deployment

Configuration

Metering

Billing

Provisioning

Monitoring

Reporting

SLA Management

Management Services Provisioning

¨  Enables users to set up infrastructure without any help

¨  Provisioning helps with resource & workload management, and process automation

Monitoring and Reporting

¨  Monitors the SLA lifecycle

¨  Produce cloud system health reports

Service-Level Agreements Management

¨  Users always want stable/reliable but most cloud vendors do not provide high availability assurances

¨  SLA ensures agreed upon terms to deal with unexpected situations

7

Man

agem

ent S

ervi

ces

Deployment

Configuration

Metering

Billing

Provisioning

Monitoring

Reporting

SLA Management

Information Security 8

Info is not just a competitive asset. Info loss can create liability Encryption/Decryption ¨  Always encrypt before sending out ¨  Protect the keys: avoid recent Sony fiasco Privacy ¨  Cloud holds user PII* so privacy laws apply ID Federation (combining identities across systems) ¨  ID token at a portal: also acceptable at a collaborating portal Authorization and Authentication ¨  Ability to track, pinpoint, control, and manage users who try to

access machines with improper credentials

Secu

rity

Encryption

Privacy

Authentication

Authorization

Identity Federation

* PII = Personally Identifiable Information

Cloud outages 9

Services  and  outage   Dura1on   Date  Microso'  Azure:  malfunc3on  in  Windows  Azure   22  h   13-­‐14-­‐Mar-­‐08  Gmail  and  Google  Apps  engine   2.5  h   24-­‐Feb-­‐09  Google  search  outage:  programming  error   40  m   31-­‐Jan-­‐09  Gmail:  site  unavailable  due  to  outage  in  contacts  system   1.5  h   11-­‐Aug-­‐08  Google  AppEngine  par3al  outage:  programming  error   5  h   17-­‐Jun-­‐08  S3  outage:  authen3ca3on  service  overload   2  h   15-­‐Feb-­‐08  S3  outage:  single  bit  error  leading  to  gossip  protocol  blowup   6-­‐8  h   20-­‐Jul-­‐08  FlexiScale:  core  network  failure   18  h   31-­‐Oct-­‐08  

10

Thank you.