What Is Cloud Computing? - USALearning
What is Cloud Computing?Table of ContentsCloud Computing Security . 2Overview . 3What Is Cloud Computing? -1 . 4What Is Cloud Computing? -2 . 7Cloud Service Provider Features . 10Cloud Computing Strengths . 13Cloud Computing Weaknesses . 18Notices . 20Page 1 of 20
Cloud Computing SecurityCloud Computing Security 2010 Carnegie Mellon University**001 Computing Security.pdfDennis Allen: And this module,we'll talk about Cloud ComputingSecurity.Page 2 of 20
OverviewOverviewWhat Is Cloud Computing? Strengths WeaknessesTechnical RisksOperational RisksMitigation StrategiesDISA Cloud Solutions3**003 So we'll talk a little bit aboutcomputing is. We're not going to get intoa lot of the benefits and whatnot. We'llmaybe cover different aspects of cloudcomputing as we move through thepresentation, a little bit about itsstrengths, as I was mentioning, andcertainly a lot about its weaknesses, andmore than its weaknesses, things thatyou need to consider, things that areimportant for you to understand the risksinvolved, and how we can mitigate someof those risks, and specifically technicalrisks, operational risks, again, somemitigation strategies, and then, finallywe'll touch upon a little bit about DISA,the Defense Information SystemsAgency, some of the cloud computingPage 3 of 20
solutions that they have available to fitthe government needs.What Is Cloud Computing? -1What Is Cloud Computing? -1Cloud computing enables remote access, primarily through the Internet, toshared resources; (e.g., networks, servers, storage, applications, andservices) typically being maintained by a third-party (the cloud provider).Resources are often shared with other cloud provider customers.Cloud provider infrastructures are normally virtualized and the system canusually be dynamically scaled to the customers needs.Resources are normally allocatedon a pay-per-use model.4**004 So what is cloud computing? Well theterm, cloud computing is derived, quitehonestly, very-- if you've ever done anykind of network documentation, or ifyou've seen a diagram of a network, quiteoften the internet is represented as somesort of cloud. So to be honest with you, alot of the whole cloud computingterminology comes from just, sort of, thatbasis of looking at the internet as a cloud.So how are these services beingpresented to the user? Can you accessthese applications, or access yourPage 4 of 20
infrastructure over the internet? It'ssomehow outsourced, and it's out there inthe internet somewhere, or in the cloud.And we'll talk about the different types ofcloud computing here in a second, andthe different kinds of services. Butessentially, there's something out therebeing managed by some cloud provider,some third party provider that's providingthese types of services for you. We'll talkabout infrastructure services, applicationservices, etcetera.The idea that they're shared, often sharedwith other customers, certainly comesinto play. You can-- there are certainlyoptions for private clouds, in which youwould be managing your owninfrastructure. The big thing, really, thedifference between, you know, a classiccomputing thing, versus a cloudcomputing thing, if you will, is thevirtualization aspects of it. So we're usedto the collocation, the managing your ownservices, whether they're physicallyonsite at some collocation facility, but thewhole idea with a lot of these things, withcloud computing, comes into the wholerapidly being able to deploy newmachines, new infrastructure, newapplications, taking advantage of certainvirtual technology.Is that always the case? Depends, there'slots of different variations of cloudcomputing, and what actually a cloud is,what a grid is, and how all those thingsplay together, but for what we're talkingabout, we're generally talking about somesort of virtualized infrastructure that's outthere that you can leverage immediately,Page 5 of 20
or close to immediately through some sortof service provider.The pay-per-use model, in a traditionalcollocation facility, you're usually payingon a monthly basis. You have, like, a flatfee for what you're paying to have aserver. You're paying for space, per rackunit, amount of bandwidth, perhaps, just,you know, for 1Mb bandwidth, it's xamount of dollars. In a cloud computingmodel, most of these services, like,Amazon, GoGrid, Rackspace,actually has collocation, and cloudcomputing modules.You're paying more on the pay-per-usemodel. So it's how much data am Iactually using on disk, how much CPutilization am I averaging on myprocessors that I'm using, what kind ofbandwidth, in terms of people accessing,pulling down data, versus uploading data,so the model changes a little bit, and thatallows people to get into that environmenta lot easier. There's no capitalexpenditure, there's no need to come upwith upfront costs for infrastructure tobuild out servers and put togethernetworking equipment and have theinternet connection, you can simply logon, the accounts are pretty much free,because you're going to log into aresource, provision an instance, and thenbased off of the type of instance it is,there may be licensing requirements if it'sa Windows instance, etcetera, and thenthere will be various bandwidth orutilization pay-per-use models.So that's from an infrastructurestandpoint, but from a softwarestandpoint, it's a little bit different.Page 6 of 20
What Is Cloud Computing? -2What Is Cloud Computing? -2Three main cloud computing service modelsSoftware as aService (SaaS)Platform as a Service Infrastructure as a Service(PaaS)(IaaS)Customer uses provider’sapplications over a networkCustomer deploys their ownapplications to a cloud Google Apps Microsoft Windows AzureCustomer rents processing, storage,network capacity, and other basiccomputing resources Microsoft Hotmail Google AppEngine Amazon EC2 IBM LotusLive LAMP Rackspace SalesForce.com GoGrid Zoho6**006 There are some free things, when wetalk about software as a service, this is the abilityto actually log onto a website and leveragean application.Salesforce.com has a fewdifferent applications in regards to contactmanagement and CRM, Something likeHotmail or even Yahoo! Mail can beconsidered software as a service. It'sproviding that e-mail capability to you.Google Apps, Google Docs, wementioned Google code in our threatsmodule, in terms of people accessing orleveraging a free resource to storemalicious code in some cases. But it's-software as a service is essentially, letPage 7 of 20
me go out there, find an application thatsuits my needs and pay for it on a peruse basis, and that one might be basedoff a per-account, or utilization ofsome other--Has anybody heard of Zoho? All right,well you can do some different things withZoho, too. Think of it as web basedproject management. It will also dodocument management, some otherthings, too, but if you were looking for afree or pay-per-use model for your projectmanagement, you can do some of thosethings in there, project management,change management, you can use thatapplication.The platform as a service, this is a littlebit-- we'll come back to that one. We'llstart with infrastructure as a service. We'llcome to that one next.Infrastructure as a service, now we'relooking to actually provision our machinesfrom scratch. We can log into a webinterface, we can select a template, say,"Hey, I want a Linux machine, I want aWindows machine. I can start that up,and get just a vanilla operating system.And once I get that vanilla operatingsystem, I can configure it as I need to.I may have an IP addressautomatically assigned, or I might beprovided with the IP addresses and Imight have to configure it, depending onyour environment. But essentially it's barebones operating system in capabilities,and then you can build from there.Amazon EC2, they're-- Elastic ComputeCloud, I believe is what it's called,provides you the computing resources todo something like that. They also have anPage 8 of 20
S-3, a Simple Shared Storage, where youcan actually-- or storage service, I shouldsay. Let me make sure I get the rightterminology here. I'm always messing upmy acronyms with these things. But eitherway, you have a storage service that'savailable with Amazon as well.Rackspace has, like I mentioned, thecollocation facility, the traditional, buildyour servers up for you, or you canprovision things in a virtual environment.So if you want to take something inbetween with that, now I want to leveragean existing platform, and I have aplatform as a service, you can take themiddle ground there with a platform as aservice option.Does anybody know what that LAMPstands for? It's sort of---Student: Linux, Apache, MySQL, PHP?Dennis Allen: Yep, you got it.Linux, Apache, MySQL, PHP, Soessentially, it's sort of a coreconfiguration that you can build upon. Ifyou wanted to have a web basedapplication that uses a database, you canget a generic LAMP instance set up, andthen you just configure it with your owncode or something like that. So now we'retalking about having, you know, aplatform already set up for you to justbasically come in and throw yourapplication on. Google's app engine hassome different capabilities within that aswell.So those are really the three differentthings, software as service, platform asservice, infrastructure as service whenPage 9 of 20
you're looking at some of the cloudcomputing models.Cloud Service Provider FeaturesCloud Service Provider e-gogrid-to-ec2-rackspace.php7**007 So what this is, this is actually a coupleof the features off of the GoGrid website,where they actually compare differentthings, compare Amazon's EC2, andRack Space and GoGrid. And I got this inhere because I want to call out some ofthe features. And these are the thingsthat we'll talk a little bit about today, but italso gives you an understanding of thetypes of things that you would want acloud provider to do for you.So do you have VPN options? Can I VPNinto my infrastructure? How do I accessPage 10 of 20
these boxes? Usually you'll access themover SSH or remote desktop, if it's aWindows box, so you're relying on thesecurity within those protocols. Are thereoptions to VPN in, to maybe link mycorporate infrastructure to this cloudcomputing infrastructure, or client VPNfrom a workstation to that environment?Do they allow that? Are there intrusiondetection options? How much of that do Ihave to configure and install myself,versus how much logging and monitoringand infrastructure security infrastructurecapabilities does that service providerprovide? Because those are bigquestions and not all of them do that?What kind of role-based access controlsare there, right? Can I have differentlevels of users, different levels ofadministrators? Who's allowed to actuallyprovision a new instance, or create atemplate, all right? Who's allowed toactually install software in thatenvironment? How are those thingsmonitored? Who logs in and whatchanges were made? What kind ofapplication programming interface isavailable for me to actually link into thatinstance or provide some sort ofprogramming? Those are big things.Do they provide additional services, likemanaged DNS, or how do they managetheir IP addresses? Can I have acontiguous block of IP addresses, or is itjust some sort of hodgepodge IP addressthat they provide me?Persistent storage, what happens whenthis thing gets shut down? Does it keepmy data on there? Can I move that data,can I mount a cloud volume, like IPage 11 of 20
mentioned with Amazon's S3 process?Can I mount a virtual volume to multiplemachines, and move it around to differentmachines? Those are some capabilitiesthat you might be looking at.Other things from a security perspective,is what happens once I go away? Oncemy instance is done, is that data securelywiped in some fashion? Is there theopportunity for me to have dedicatedresources? Maybe I don't want to share aphysical server with any other customers,I want my own dedicated serverresources. Is that an option? Okay,because these are a lot of things that areconcerns when it comes to security andprotecting your information, that come up.Let's see. yeah. And then, of course,there's the support pieces of it, 24-7support, is it e-mail support, is it phonesupport? What kind of engineering ordedicated team resources do I have? Andwhat is the service level agreement?We'll talk more about SLAs toward theend of this, and what is actually going tobe provided to me. Am I guaranteed 100percent uptime? It's a pretty boldstatement. I think Amazon is at 99.9,three nines, with the assumption thatthere's some downtime for maintenanceor what the case might be.And then, of course, what sort of optionsare available, Windows Server 2003,Windows 2008 Server, when you get intotalking about Win-- Linux it's one thing,right, because you've got open source,you've got freely available operatingsystems,. When you talk about Windows,you talk about SQL Server. You've gotdifferent licensing things that work out. SoPage 12 of 20
your pay-as-you-go pricing is more thanjust bandwidth consumption, now you'vegot-- the cloud provider has to somehowbuild into it the licensing for the operatingsystem, and how that's going to work.The good thing about a cloud computingprovider in that case, is, you don't, as acustomer, have to try to figure outwhether it's one CPU, two CPUs or howmany different servers, and-- They'll workwith you. They've got the experience inthat area to understand how it is in a payper-use basis, pay-as-you-go basis.Cloud Computing StrengthsCloud Computing StrengthsBenefits of scale Costs of the entire cloud can be divided among all of the customers;allowing for much greater investment in resources than any oneindividual customer could afford on their own. Cloud computing typically introduces more automation andefficiency to reduce costs. Cost benefits are unique to each individual application or piece ofdata depending on sizes, values, risks, etc.Disaster recovery Multi-location nature of the cloud allows for greater level of disasterrecovery. Customers can easily create any number of redundant environmentsin the cloud.8**008 So there's lots of benefits to cloudcomputing, the first one is benefits ofPage 13 of 20
scale. We can, if we need to, grow andhave more servers, do load balancing, if,as our infrastructure, our needs grow, wecan kind of do that per scale. We don'thave to build it all at once. We don't havethat initial capital expenditure to get theservers and the networking equipment topull that off. So there's, you know, peoplethat are starting up a business that wantto get into having a hosted website orsomething like that, they can get into itpretty easily, with some sort of cloudcomputing options. If they want to accessa CRM database, if they want to do somesort of contact management, there'sapplications that will let them do that. Ifthey can't afford to buy Microsoft Office,or they don't want to buy Microsoft Office,there's Google Apps out there, that will letyou do word processing andspreadsheets and those types of things.The automation piece is neat. Like I said,there's a lot of them have web interfacesthat will let you go through and actuallypoint and click, and deploy a new box,without actually having to physicallyunderstand how to plug things in and dealwith those types of things. I wouldstrongly suggest anybody that's doingsort of that instance deployment, hassome sort of skills and background insystems administration to understand therisks involved with that, and what's going on.So multiple locations in the disasterrecovery option, that's certainly a bigdeal. Certain cloud providers, Amazon, aRackspace, a GoGrid, there's a numberof larger providers out there that have notjust facilities in the United States, butthroughout the word, for being able tohandle disaster recovery.Page 14 of 20
One of the reasons I-- I-- One of thereasons somebody I know-- once went tosome cloud computing technologies, wasthe transference of risk. You see that,when you talk about risk management,one of the options is to transfer that riskto somebody else. I don't want to do thebackups every day, I don't want to haveto worry about what happens from adisaster recovery strategy. I don't want tohave to manage that infrastructure pieceof it. Maybe I'm only doing it part time,maybe I don't have the resources, maybeI'm a small company, a midsizedcompany that just doesn't have the ITresources, but I need to have that sort ofavailability requirement. I can transferthat risk a little bit to a service provider tohandle that for me.Now the trick is, what are the servicelevel agreements? What sort of policiesand things do I need to adhere to, as abusiness, and ensure that my serviceprovider adheres to those same sorts ofpolicies.So the customers can easily create anumber of redundant environments. I'vegot a quote for you, right out of some-the Amazon guides, the security guides.And this is interesting. This is sort of arisk thing as well. So I've got three or fourquotes, so I'll read to you. "Network andapplication level security is yourresponsibility." I like that one. So they'llhandle some of it. There are somesecurity groups that can be configured soyou can-- that are mandatory and youhave to allow certain ports, ordestinations inbound on the firewallfeatures that you can configure throughthe web interface, but in terms of hostPage 15 of 20
based security, application security, ifyou've got a web server on there, makingsure that it's secure code, or you have aweb application firewall or something likethat, is your responsibility. That's kind ofneat, right? They kind of said, it's all you.So there are multiple availability zones,all right, in the Amazon world. Like I said,there's US stuff. They've got locations inGermany and Ireland, in England, inLondon, specifically, Singapore, HongKong, they've got data centersthroughout, for doing different things, butyou have to manually choose to deploy toone of those different things, and oh, bythe way, "your data is not proactivelyreplicated across regions, unless you-unless it's done by the customer."So if you want to take advantage of someof these disaster recovery scenarios inmultiple locations, you can't assume thatthis is something that's magicallyhappening by the cloud provider. It'ssomething that you have to configure inyour environment. You have to provisionmultiple instances, you have to schedulethe backups of your data, thesynchronization of your data, whateverthe case might be."All traffic between regions," for instance,between the US and the European Union,"is over the public internet." So that's alittle caveat there. So in the US, we havemultiple data centers, and this is-- again,this is specifically Amazon related things,but-- so in the United States, there'sseveral data centers. If you were going toreplicate between different data centers,or have instances there, it's going overAmazon infrastructure, and it's semiPage 16 of 20
protected in that regard. If you wanted toreplicate to some o
What Is Cloud Computing? -1 4 What Is Cloud Computing? -1 Cloud computing enables remote access, primarily through the Internet, to shared resources; (e.g., networks, servers, storage, applications, and services) typically being maintained by a third-party (the cloud provider). Resources are often shared with other cloud provider customers.
Chapter 10 Cloud Computing: A Paradigm Shift 118 119 The Business Values of Cloud Computing Cost savings was the initial selling point of cloud computing. Cloud computing changes the way organisations think about IT costs. Advocates of cloud computing suggest that cloud computing will result in cost savings through
Cloud Computing J.B.I.E.T Page 5 Computing Paradigm Distinctions . The high-technology community has argued for many years about the precise definitions of centralized computing, parallel computing, distributed computing, and cloud computing. In general, distributed computing is the opposite of centralized computing.
Mobile Cloud Computing Cloud Computing has been identified as the next generation’s computing infrastructure. Cloud Computing allows access to infrastructure, platforms, and software provided by cloud providers at low cost, in an on-demand fashion. Mobile Cloud Computing is introduced as an int
Cloud Computing What is Cloud Computing? Risks of Cloud Computing Practical Applications Benefits of Cloud Computing Adoption Strategies 5 4 3 2 1 Q&A What the Future Holds 7 6 Benefits of Cloud Computing Reduced Cost for Implementation Flexibility Scalability Disaster Relief Multitenancy Virtualization Pay incrementally Automatic Updates
UNIT 5: Securing the Cloud: Cloud Information security fundamentals, Cloud security services, Design principles, Policy Implementation, Cloud Computing Security Challenges, Cloud Computing Security Architecture . Legal issues in cloud Computing. Data Security in Cloud: Business Continuity and Disaster
Cloud computing "Cloud computing is a computing paradigm shift where computing is moved away from personal computers or an individual application server to a "cloud" of computers. Users of the cloud only need to be concerned with the computing service being asked for, as the underlying details of how it is achieved are hidden.
The rationale of cloud computing (for the customer) is reduced and linearly scaling costs. Cloud computing allows allocating required computing resources dynamically to demand. It scales linearly with the number of users, i.e. incurs no or little capital expenses (capex), only operating expenses (opex). Traditional IT: Cloud computing: Users .
ComponentSpace SAML for ASP.NET Okta Integration Guide 1 Introduction This document describes integration with Okta as the identity provider. For information on configuring Okta for SAML SSO, refer to the following articles.
