Software Acquisition Management Cloud Computing 2 Learning Objectives 3Cloud Computing Describe the basic terms of Cloud Computing Describe the History of Cloud Computing Recognize the Benefits of Consuming Cloud Services Recognize some DoD Concerns of using Cloud Services Describe the Five Essential Cloud Characteristics Identify the Three Cloud Service Models defined by NIST Describe Public, Private, Community and Hybrid Cloud Deployment Models Exercise: For each of the Software Domains, which cloud models would be most appropriate for each of the domains? Explain your selection. Today, we will learn to: 4 Cloud Computing is Changing the Face of All Businesses FORBES Businesses Surveyed say: -66% say Cloud Computing will reduce complexity in their companys IT operations -61% say it will increase employee productivity -53% say it will increase responsiveness to customers -Already a 37% simplification of internal operations -Already a 33% better delivery of internal resources -Already 31% use Cloud for new ways for employees to work, connect, and collaborate -Already a 23% faster rollout of new business initiatives to exploit new opportunities -Already a 23% improved ability to acquire, share, analyze, and act on data *FORBES, July 2014 5 Describe the Basic Terms of Cloud Computing Cloud Computing. Cloud computing means storing and accessing data and application programs over the Internet instead of your computers local hard drive. Cloud computing doesnt access resources (e.g., CPU, memory, network interface) directly, it accesses them through a service and the service figures out which physical resources to use. The service dynamically manages resources across the cloud. Cloud computing (NIST SP ) is the official DoD definition: Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics; three service models, and four deployment models. Cloud is a metaphor for the Internet. Cloud Computing is a marketing concept. Cloud computing services employ Grid computing. Cloud Computing. Cloud computing means storing and accessing data and application programs over the Internet instead of your computers local hard drive. Cloud computing doesnt access resources (e.g., CPU, memory, network interface) directly, it accesses them through a service and the service figures out which physical resources to use. The service dynamically manages resources across the cloud. Cloud computing (NIST SP ) is the official DoD definition: Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics; three service models, and four deployment models. Cloud is a metaphor for the Internet. Cloud Computing is a marketing concept. Cloud computing services employ Grid computing. National Institute of Standards and Technology (NIST) Special Publication (SP) 6 Describe the Basic Terms of Cloud Computing Grid Computing. Grid computing is the collection of computer resources from multiple locations, working together to reach a common goal. The grid can be thought of as a distributed system of systems. Grid computing is where multiple computers coordinate with each other to solve a problem. Grid Computing is a distributed computing model that uses underutilized computer resources in order to process computer-intensive tasks faster Virtualization. Virtualization is the act of creating a virtual (rather than actual) version of something (servers, storage devices, operating systems, computer network resources). Virtualization is accomplished by dividing a physical resource into multiple virtual instances of a resource (e.g., computer, storage and network). These might exist across many actual machines. Virtual machines are enabled by the ability to separate the execution of software from the underlying hardware. Virtualization is the primary enabling technology behind cloud computing. Grid Computing. Grid computing is the collection of computer resources from multiple locations, working together to reach a common goal. The grid can be thought of as a distributed system of systems. Grid computing is where multiple computers coordinate with each other to solve a problem. Grid Computing is a distributed computing model that uses underutilized computer resources in order to process computer-intensive tasks faster Virtualization. Virtualization is the act of creating a virtual (rather than actual) version of something (servers, storage devices, operating systems, computer network resources). Virtualization is accomplished by dividing a physical resource into multiple virtual instances of a resource (e.g., computer, storage and network). These might exist across many actual machines. Virtual machines are enabled by the ability to separate the execution of software from the underlying hardware. Virtualization is the primary enabling technology behind cloud computing. 7 Describe the Basic Terms of Cloud Computing Hypervisor or Virtual Machine Monitor (VMM). The hypervisor creates and manages virtual machines on a single computer. Each Virtual Machine has an Operating System (OS). Software applications are written for one OS. Virtual Machines allow a customer to run multiple applications as if they were all running on the same operating system. The hypervisor is a layer of software that manages multiple operating systems to share physical resources (e.g., CPU, memory, network interfaces) on a single computer. The hypervisor manages physical resources in such a way as to make each operating system think it is running on its own hardware. Since the 1960s, Hypervisors have created and managed virtualization. 8 Describe the Basic Terms of Cloud Computing Bare Metal Server. Bare metal is a single-tenant server. For example, you and your laptop. There is no noisy-neighbor effect in a Bare Metal server design. Bare Metal servers support Hypervisors of multiple operating systems. 9 Describe the Basic Terms of Cloud Computing Multi-tenancy Server. Multi-tenancy allows multiple users or tenants to reside on the same computer. Multi-Tenancy allows for cloud efficiencies. Multi-tenancy can be impacted by the noisy-neighbor effect. Noisy- neighbor effect is one user impacting the performance and stability of other users within the same server. Multi-tenancy is a design principle that provides separate environment to server multiple client organizations. A software application is an example of a shared resource with a co-mingling management capability to ensure each clients data is protected. Single-Tenant ServerMulti-Tenant Server 10 Describe the Basic Terms of Cloud Computing Service-Oriented Architecture (SOA). Service-oriented architecture (SOA) is a software design in which application components provide services to other components via a communications protocol, typically over a network. The principles of SOA are independent of any vendor, product or technology. SOA is the notion of turning functionalities of existing and new applications into a set of discrete components enabling software vendors to provide their products as services from which clients can use/reuse and combine to satisfy business requirements quickly and easily. The primary example of web services via SOA is Web 2.0. Advances in web technologies, such as RSS, Blogs, Portals, Wikis, XML, and Web Services help organizations offer their information as sets of easily accessible services. 11 Describe the History of Cloud Computing 12 Describe the History of Cloud Computing 13 Recognize the Benefits of Consuming Cloud Computing 14 Recognize Some DoD Concerns of using Cloud Services 15 Describe the Five Essential Cloud Characteristics 16 Identify the Three Cloud Service Models defined by NIST You Manage CSP Manage Cloud Service Provider (CSP) You = Your Local Computer 17 Identify the Three Cloud Service Models defined by NIST You Manage CSP Manage INFRASTRUCTURE as a Service (IaaS) NIST Special Publication defines Infrastructure as a Service (IaaS): [Provisioning] processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls). Amazon Web Services (AWS) and Microsoft Windows Azure are two examples of Infrastructure as a Service. 18 Identify the Three Cloud Service Models defined by NIST You Manage CSP Manage PLATFORM as a Service (PaaS) NIST Special Publication defines Platform as a Service (PaaS): [Deploying] onto the cloud infrastructure consumer created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application hosting environment. Oracle Federal Managed Cloud Services, Microsoft Product Suite are two examples of Platform as a Service. 19 Identify the Three Cloud Service Models defined by NIST You Manage CSP Manage SOFTWARE as a Service (SaaS) NIST Special Publication defines Software as a Service (SaaS): [Using] the providers applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web based), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user specific application configuration settings. Google Apps and Dropbox are two examples of Software as a Service. 20 Describe public, private, community and hybrid cloud deployment models (NIST) Exercise Using this slide and the next five slides, analyze each of the DoD Software Domains and decide which cloud models would be most appropriate for each of the domains? Explain your selection. Cloud services can be deployed in different ways depending on the customers specific needs, such as security, privacy, and cost. All cloud deployment models suffer from Noisy Neighbor risk due to the use of virtualization. For example, we know that one physical server is able to support many virtual servers; however, if one of the virtual servers is consuming a large amount of CPU that will likely cause the other virtual servers to receive less capacity from the underlying physical CPU causing a possible Noisy Neighbor situation. The two most prevalent models are Public Cloud and Private Cloud today. Public Clouds are open to all users (multi-tenant) and Private Clouds are closed to all users except the users identified by the Business Entity paying for the service (single-tenant). Community Clouds are private clouds for a designated community. Hybrid Clouds are a mix of the Public, Private, and/or Community. Any two, including two of the same (e.g., two private clouds or, two community clouds) constitute a Hybrid Cloud. 21 Exercise 22 23 Describe public, private, community and hybrid cloud deployment models (NIST) The [Public] cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider. Public cloud infrastructures operate in a multi-tenant environment whose resources are allocated for the general public. Security and privacy concerns are heightened with public clouds because any individual or organization can potentially access the same cloud infrastructure. Only DoD information that has been approved for public release should be placed on a public facing website. 24 Describe public, private, community and hybrid cloud deployment models (NIST) The [Private] cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. Private cloud infrastructures are operated only for an individual organization (single-tenant). The organization can leverage the scalability and performance aspects of cloud computing, but the infrastructure is isolated from that of other organizations, improving security and privacy. Because of their specialized nature, private clouds could potentially be as costly as dedicated data centers. DoD has its own private cloud, called milCloud, which is operated by the Defense Information Systems Agency (DISA) and is isolated to both the SIPRNet and NIPRNet. milCloud is a multi-tenant Infrastructure as a Service cloud service offering. Private Clouds can offer very high levels of security and access control making them better suited for applications and data where impact to the DoD mission is a primary consideration. 25 Describe public, private, community and hybrid cloud deployment models (NIST) The [Community] cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises. A community cloud infrastructure is a private cloud that has been provisioned for a specific community of interest with shared concerns, such as a government- only cloud. The Departments current focus is on leveraging commercial cloud services to the maximum extent possible which argue for investing in Hybrid Cloud rather than attempting to build, operate, and maintain several DoD Private Clouds. 26 Describe public, private, community and hybrid cloud deployment models (NIST) The [Hybrid] cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds; Cloud bursting is an application deployment model in which an application runs in a private cloud or data center and bursts into a public cloud when the demand for computing capacity spikes. There are HUGE security RISKS here!). Hybrid cloud infrastructures are combinations of two or more of any of the other cloud infrastructures. Hybrid clouds will be the most prevalent model for the DoD given its strategy to aggressively pursue the competitive acquisition and use of commercial cloud service offerings. An example of a Hybrid Cloud is the Development Test Production software lifecycle. A commercial/public hybrid cloud service offering could be used for development and limited operational testing prior to hosting the final product in a private cloud, such as milCloud. Combining cloud infrastructures presents a variety of cybersecurity concerns that require careful analysis of how the Cloud Service Offerings are architected, deployed, assessed and authorized. Summary Today, We Learned About Describe the basic terms of Cloud Computing Cloud Computing; Grid Computing; Virtualization; Hypervisor; Bare Metal Server; Multi- tenancy Server; Service Oriented Architecture (SOA) Describe the History of Cloud Computing From mainframes to teams of computers working together to solve problems (Cloud) Recognize the Benefits of Consuming Cloud Services Improved performance, increased utilization of resources, increased security, lower costs Recognize some DoD Concerns of using Cloud Services Data security, Latency of use, unanticipated costs Describe the Five Essential Cloud Characteristics On-demand self-service; broad network access; resource pooling; rapid elasticity; measured service Identify the Three Cloud Service Models defined by NIST IaaS, PaaS, SaaS Describe Public, Private, Community and Hybrid Cloud Deployment Model (NIST) Hybrid of Private and Community will be the competitive, economical choice for DoD Exercise: For each of the Software Domains, describe how Cloud Computing could be employed? Explain your selection. 27