cloud computing - challenges and opportunities - jens nimis
DESCRIPTION
My personal opionion on Trends of Cloud Computing for 2010TRANSCRIPT
Cloud Computing –Challenges and Opportunities
Dr. Jens Nimis
GI-Regionalgruppe Karlsruhe20. Januar 2010
Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB)
2 23.10.2009
www.eOrganization.de= Stefan Tai‘s Joint Research Groups at Karlsruhe
www.kit.edu
www.fzi.de
www.eOrganization.de
ksri.uni-karlsruhe.deaifb.uni-karlsruhe.de
Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB)
3 23.10.2009
Internet as acombined
platform for
CloudComputing
&Cloud Service Engineering
SituationalApplications
&Collaborative
Services Service Value
Networks&
Service Communities
social / organizational,
economical and
technical networks
Research Focus Areas: Challenging Research Problems in the Field of Service Computing
Agenda
• Part 1: What is Cloud Computing?• Definition(s)• A closer look on Cloud technology
• Part 2: Challenges and opportunities for 2010• Potential and status• Some trend indicators• My personal Cloud trends for 2010
• Part 3: Cloud research and activities at eOrganization
4
Some Remarks on Cloud Definitions
• „Definitions“ sometimes influencedby business interests• „[…] unfortunately the marketing people
got hold of the term before the technicianshave knew what Cloud Computing is […]“
• A lot of semi-serious definitions:• Cloud = Grid made right
Cloud = Grid made easy
• Grid: from Science for ScienceCloud: from Business for Business
• Let‘s be serious…
5
Some Serious Definition Attempts
• UCBerkeley RADLabs: “Cloud computing has the following characteristics: (1) The illusion of infinite computing resources… (2) The elimination of an up-front commitment by Cloud users… (3). The ability to pay for use…as needed…” business perspective
• Wikipedia: “.. a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet” technical perspective
• McKinsey: “Clouds are hardware-based services offering compute, network and storage capacity where: Hardware management is highly abstracted from the buyer, Buyers incur infrastructure costs as variable OPEX, and Infrastructure capacity is highly elastic” only one kind of Cloud
[JB]6
Our Understanding and Definition
Common ground:• Virtualisation/abstraction• Scalability• XaaS• Web technologies• Pay per use
How strict?• Clouds are fuzzy things…• E.g.:
• What about monthly fees?
“Building on compute and storage virtualization, cloud computing provides scalable, network-centric, abstracted
IT infrastructure, platforms, and applications as on-demand services that are billed by consumption.”
7
More Fundamental Views Exist:CC as a Disruptive Transformation in IT
Con
cept
AttitudeTechnology
Suitability
CloudComputing
• Simon Wardley: „Cloud Computing- Why IT Matters“, OSCON 09http://www.youtube.com/watch_popup?v=okqLxzWS5R4#t=347
• Compares CC to the (undefineable) industrial revolution:
• His definition: Cloud Computing is a generic term used to describethe disruptive transfomation in IT towards a service based economydriven by a set of economic, cultural and technological conditions
8
Agenda
• Part 1: What is Cloud Computing?• Definition(s)• A closer look on Cloud technology
• Part 2: Challenges and opportunities for 2010• Potential and status• Some trend indicators• My personal Cloud trends for 2010
• Part 3: Cloud research and activities at eOrganization
9
10
Technical Cloud Architecture:Cloud Computing Stack
Generic Approach
Layered architecture
Everything as a Service concept Standard layers
Infrastructure as a Service Platform as a Service Software as a Service
Extra Layers Human as a Service Administration/Business
Support
„What's Inside the Cloud? An Architectural Map of the Cloud Landscape“, A. Lenk, T. Sandholm, M. Klems, J. Nimis, S. Tai (ICSE Cloud 09 Workshop, 25.05.2009)10
Agenda
• Part 1: What is Cloud Computing?• Definition(s)• A closer look on Cloud technology
• Part 2: Challenges and opportunities for 2010• Potential and status• Some trend indicators• My personal Cloud trends for 2010
• Part 3: Cloud research and activities at eOrganization
11
• New York Times: • Bulk PDF production of scanned articles
• Animoto• does not own any IT-infrastructure• Scalability (elasticity) through
Cloud services
12
Well-known Success Stories:NYT, animoto,…
Cloud Computing Opportunities
Creation of new businesses• Faster time-to-market, and cost-effective innovation processes• Dynamic (trans-)formation of open service and business networks• Leveraging the participation Web and mass programming
Internet-scale service computing• Provide and consume sophisticated infrastructure, platforms and
business applications as modular (Web) services• Disrupt traditional industries and offer rich, highly dynamic
experiences
Classical enterprise-grade systems management• Under-utilized server resources waste computing power
and energy• Over-utilized servers cause interruption or degradation of service
levels
13
Cloud Architecture Cloud Ecosystem
Infrastructure SPs
Basic SPs
Intermediaries
High-value SPs
14
Cloud Computing in the Technology Crystal Ball
[Gartner, July 2009]Cloud Computing is on the top of Gartner‘s “Peak of Inflated Expectations“.15
Agenda
• Part 1: What is Cloud Computing?• Definition(s)• A closer look on Cloud technology
• Part 2: Challenges and opportunities for 2010• Potential and status• Some trend indicators• My personal Cloud trends for 2010
• Part 3: Cloud research and activities at eOrganization
16
Berkeley‘s Top 10 Obstacles to Cloud Computing
Above the Clouds: A Berkeley View of Cloud Computing. Armbrust M, Fox A, Griffith R, Joseph A, Katz R, Konwinski A, Lee G, Patterson D, Rabkin A, Stoica I und ZahariaM.
Technical Report No. UCB/EECS-2009-28. Electrical Engineering and Computer Sciences. University of California at Berkeley. USA. 2009 17
Obstacles Perceived by Potential Cloud Consumers
http://idcenterprisepanel.com/index.html18
Research Agendafor the European Cloud Community
• Main Recommendations:• R1: EC should stimulate research and technological development
• R2: EC together with Member States should set up the right regulatory framework to facilitate the uptake of Cloud computing
• Additional Recommendations:• AR1: The EU needs large scale research and experimentation test beds
• AR2: The EC together with industrial and public stakeholders should developjoint programmes encourage expert collaboration groups
• AR3: The EC should encourage the development and production of (a) CLOUD interoperation standards (b) an open source reference implementation
• AR4: The EC should promote the European leadership position in software through commercially relevant open source approaches
19
The Future of Cloud Computing – Opportunities for European Cloud Computing Beyond 2010.Schubert L, Jefferey K., Neidecker-Lutz B.
EU Expert Group Report – Public Version 1.0. http://cordis.europa.eu/fp7/ict/ssai/docs/executivesummary-forweb_en.pdf. 2010
To be published completely on 26.01.2010 in Brussels
Agenda
• Part 1: What is Cloud Computing?• Definition(s)• A closer look on Cloud technology
• Part 2: Challenges and opportunities• Potential and status• Some trend indicators• My personal Cloud trends for 2010
• Part 3: Cloud research and activities at eOrganization
20
My Derived Personal Cloud Trends for 2010
• Security: Rationalization of security discussion
• SLAs: Establishment of useful SLA models
• Ecosystem: Big IT companies will get into focus
• Desktop as a Service: Thin clients+appliances+OS support
• Standardization: The battle goes into the final rounds
• Other candidates:• Pricing: model evolution, e.g. spot markets
• Federation of Cloud infrastructures: distributed VPDC
• …
21
Trend 1: Security
• There is a strong need to rationalize the Cloud Security discussion• What aspects of security are we talking about?
• Confidentiality (Vertraulichkeit)
• Integrity (Integrität)
• Availability (Verfügbarkeit)
• Authenticity (Authentizität)
• Transparency (Zurechenbarkeit)
• Privacy (Pseudonymität)
• What are the real threats in the Cloud?• Data security
• Location of the data
• Data remanence or persistence
• Data backup and recovery schemes for recovery and restoration
• Data aggregation and inference
• Commingling data with other cloud customers22
Amazon AWS: Terms of Use wrt. Security
• “YOU ARE SOLELY RESPONSIBLE FOR APPLYING APPROPRIATE SECURITY MEASURES TO YOUR DATA, INCLUDING ENCRYPTING SENSITIVE DATA.”
• “You are personally responsible for all applications running on and traffic originating from the instances you initiate within Amazon EC2. As such, you should protect your authentication keys and security credentials. actions taken using your credentials shall be deemed to be actions taken by you.”
[MK]
23
Cloud Security Architecture:Aligned Use of Classical Security Approaches
System ResourcesNetwork, Server, Storage
Physical System and Environment
Virtualized Resources Virtual Network, Server, Storage
Operational Support ServicesInfrastructure Provisioning
Instance, Image, Resource / Asset Mgmt
Business Support ServicesOffering Mgmt, Customer Mgmt, Ordering
Mgmt, Billing
Infrastructure as a serviceVirtualized servers, storage,
networking
Platform as a serviceOptimized middleware – application servers,
database servers, portal servers
Application as a serviceApplication software licensed for use as a service provided to customers on demand
Clou
d Pl
atfo
rmCl
oud
Del
iver
ed
Serv
ices
Physical Data Center Securityand Resilience
Data Center Securityand Resilience
Virtualization Security • Instance isolation• Instance integrity• Security VMs• Location awareness• Hardware root of trust
• Isolation and location security policies• Building and provisioning w/ security constraints• IT security compliance for images • Image provenance, confidentiality, integrity
Image Security
Multi-tenancyat all levels
• Identity, Authorization, Entitlements• Log, Audit, Compliance• Intrusion Detection• Confidentiality• Data classification, data redaction, DLP• Enterprise Rights Management• Security can be provided into the cloud by
cloud user, to integrate with enterprise IT, or provided via the cloud
• Requires meta-management of security
• Tenant isolation (processes and data)
Multi-tenant security infrastructure
• Isolation of cloud / tenant security mgmt• Control of privileged user access• Cloud & tenant-level IT operational risk mgmt• Cloud & tenant-level encryption & key mgmt
Cross-domainSOA for security
[IBM]24
Trust: Do you know/care what Google knows about you?
• Google knows…• Google: …your searches
• Gmail: …your emails
• Toolbar / Browser: …your interests
• Google Calendar: …your habits
• Google Docs: … your work
• Google Maps: …your house
• Picasa: …your pictures… and your face
• Youtube …your videos
• Google News: …what happens
• Google Books: …our cultur
• Google gets new senses…• Latitude/nexus: …locator
• Google voice: …ears
• Google goggles … eyes
• Google goes into infrastructures…• Google App Engine …provides PaaS
• Google Public DNS …provides inet svcs
• Google Energy …provides power
• Google is in a conflict of interest…• Adsense …still is cash cow
• Google.cn …must be political
• US company …homeland sec. act
25
OK, Google is not evil! But what if Google would be Microsoft?
Would you trust it?
Trust:Privacy is also a Question of Culture
26
Help in Sight:Legal Regulations will be Reviewed
Current regulations need updates to reflect the technical development:
• Customer data must not leave the country ?!
• Intellectual property and copyright has to be respected ?!
• It must be made possible to delete data from the internet ?!
• Illegal activities in the internet need to be controlled and prevented ?!
• …
27
OK. But do we have the technical means to
enforce such regulations?
Trend 2: SLA Model Establishment
• What happens if your Cloud services are not working satisfactory?• Amazon EC2: http://aws.amazon.com/ec2-sla/
• “commercially reasonable efforts to make Amazon EC2 available with an Annual Uptime Percentage (defined below) of at least 99.95%”more than 4 hours unavailability per year
• “If [availability]drops below 99.95% for the Service Year, the customer is eligible to receive a Service Credit equal to 10% of their bill”
• Customer to claim
• 3Tera (VPDC-provider): http://blog.3tera.com/computing/175/• If, as a result of any Covered Event(s), a Covered VPDC is not Available at
least 99.999% of the time in any full calendar month, 3Tera will issue a credit to your account.
• If the affected VPDC was Available at least 99.9% of that month, the credit will be 10% of the Service Fee for that VPDC for that month; otherwise it will be 25% of that fee.
• This is done proactively by 3Tera28
Trend 2: SLA Model Establishment (2)
• High pressure from bigcustomers
• Lot of ongoing research in thearea of horizontal and verticalSLAs, e.g. SLA@SOI, ValueGrid
• Tool support for monitoring isan established basis
• Blogosphere discussesreputation systems andcertification
29
Trend 3: Cloud EcosystemMaturing and Completion of Cloud Offerings
• Especially the big shots will dominate public attention• Presentation of complete Cloud suites
• Support of Intra, Public and Hybrid Cloud – and the migration
• Caveat: simplicity is one of the Cloud‘s secret of success
• It will become harder for start-ups to find their niche• SME offerings need innovation and specialization
30
Big Shot Domination:Microsoft‘s Coherent Cloud Portfolio
31http://www.microsoft.com/windowsazure/
Big Shot Domination:IBM‘s Cloud Offerings will Attract Large Customers
Products and additional services:• Development and test
• IBM Smart Business Development and Test on the IBM Cloud
• IBM Smart Business Test Cloud
• Information Solutions• IBM Smart Analytics Cloud
• IBM Smart Business Storage Cloud
• IBM Information Archive
• Collaboration• IBM LotusLive™
• IBM LotusLive iNotes™
And:• IBM partners with Amazon
(think about connotation twice!)32
http://www.ibm.com/ibm/cloud/
Trend 4: Desktop as a Service
• Drivers:• Resources in the Internet
• Thin clients/Netbooks as endpoint
Desktop as a Service
• Benefits:• Easy roll-out of applications via appliances
• Highly controlable environments• Context-dependend delivery of applications
• Duplication of tested installations and combinations
33
Trend 4: Desktop as a Service (2)
• Base technologies areavailable and mature, e.g.
• Google Chromium OS:the browser is the OS
• GWT/FLEX/AJAX:powerful frameworks forligthweight client applications
• …
34
Trend 5: Standardization
The race has begun – but on different tracks:• VMAN Initiative (http://www.dmtf.org/initiatives/vman_initiative/)
• DMTF Standards for Virtualization Management
• Supported by: AMD, Cisco, HP, Hitachi, IBM, Intel, Microsoft, Sun, VMware,…
• Specified functionality: OVF images, monitor installations
• OGF Open Cloud Interface Working Group (http://www.occi-wg.org/)• OCCI Open Cloud Computing Interface
• High level functionality required for the life-cycle management of VMs
• Supported by: SAP, RightScale, CloudCentral, GoGrid, Flexiscale, Joyent, Eucalyptus,…
• Specified functionality: management API
• Open Cloud Consortium WG (http://opencloudconsortium.org/)• Standards for interoperating large data clouds
• Supported by: Aerospace, Yahoo, MIT Lincoln Labs, Northwestern University,…
• Specified functionality: storage, performance measurement and rating, sharing
35
Agenda
• Part 1: What is Cloud Computing?• Definition(s)• A closer look on Cloud technology
• Part 2: Challenges and opportunities for 2010• Potential and status• Some trend indicators• My personal Cloud trends for 2010
• Part 3: Cloud research and activities at eOrganization
36
• Business Cases and Cloud TCO• E.g. CC business cases for T-Com (T-Labs)
• Cloud Computing Adoption• CC maturity model incl. online tool (IBM D,…)
• Cloud Value Creation• Cloud offering value creation for intermediairies (EU)
• Architecture of „the Cloud“
• Cloud Engineering• Dev. support for Cloud-patterns (T-Labs)• Business continuity services (IBM Watson)
• Cloud Application Development• „Cloudification“ of existing apps (OpenCirrus/HP)
• Cloud Platforms and Testbeds for Service Networks• EU projects (T-Systems, SAP, IBM,…)
• SAP Landscape Provisioning and Demos• Mgmt and Reliability of VPDC (fluidOps, Zimory)• SLA mgmt for complex systems (SAP Research)
CC @ www.eOrganization.deSome select activities
„The Cloud“
Cloud Management & Provisioning
Cloud Engineering
Business Cases& Perspectives
CloudEcosystem
37
More information:http://cloudwiki.fzi.de
See also http://markusklems.wordpress.com/38
Questions? Some might be answered here ;-) http://tinyurl.com/CloudBuch
Christian Baun, Marcel Kunze, Jens Nimis, Stefan Tai:
Cloud Computing: Web-basierte dynamische IT-Services (Reihe: Informatik Im Fokus)
39
Again: Questions?Thank you!
• Acknowledgement:• [JB] Dr. James Broberg, U. Melbourne, CC-Tutorial at CCGrid 2009
http://www.slideshare.net/jamesbroberg/introduction-to-cloud-computing-ccgrid-2009
• [MM] Michael Maximilien, IBM• [MK] Dr. Marcel Kunze, KIT SCC• Stefan Tai, Alex Lenk, Markus Klems, Sebastian Schmidt ,…
• Contact:
40