2 Origin of the Term “Cloud Computing” “Comes from the early days of the Internet where we drew the network as a cloud… we didn’t care where the messages went… the cloud hid it from us” – Kevin Marks, GoogleFirst cloud around networking (TCP/IP abstraction)Second cloud around documents (WWW data abstraction)The emerging cloud abstracts infrastructure complexities of servers, applications, data, and heterogeneous platformsJeff Bezos’ quote:Kevin Marks quote: video interview
3 A Working Definition of Cloud Computing Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management or configuration effort.The cloud model has the following features:5 essential characteristics,3 service models, and4 deployment models.Underlined key-words are characteristics.Note 1: Cloud computing is still an evolving paradigm. Its definitions, use cases, underlying technologies, issues, risks, and benefits will be refined in a spirited debate by the public and private sectors. These definitions, attributes, and characteristics will evolve and change over time.Note 2: The cloud computing industry represents a large ecosystem of many models, vendors, and market niches. This definition attempts to encompass all of the various cloud approaches.
4 Five Essential Cloud Characteristics On-demand self-serviceBroadband network accessResource poolingLocation transparencyRapid elasticityMeasured serviceSelf-service: user can rent the equipment & S/W to run its own applications
5 Three Cloud Service Models Software as a Service (SaaS)Use cloud’s applications (S/W) over a networkPlatform as a Service (PaaS)Deploy customer-developed applications in a cloudInfrastructure as a Service (IaaS)Rent processing, storage, network, and other fundamental computing resourcesCloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure and accessible from various client devices through a thin client interface such as a Web browser (e.g., web-based ). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created applications using programming languages and tools supported by the provider (e.g., java, python, .Net). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, or storage, but the consumer has control over the deployed applications and possibly application hosting environment configurations.Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly select networking components (e.g., firewalls, load balancers).
6 Service Model Architectures IaaS: suppose you want to start a business of building a website for hotel booking, you can rent the infrastructure (servers, networks, storage, etc) from cloudPaaS: Platforms: unix, Linix, windows, solaris, etc. You have some software that run specifically on some platform, you can rent specific platform. You can even only have a terminal in office and configure a VM as a window system in office.SaaS: you can even run S/W from cloud for your data processing, such as MatLab
7 Four Cloud Deployment Models Private cloudenterprise ownedCommunity cloudshared infrastructure for specific communityPublic cloudSold to the public, mega-scale infrastructureHybrid cloudcomposition of two or more cloudsPrivate cloud. The cloud infrastructure is operated solely by an organization and for the organization. i.e., CityU’s cloud.Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party. Such as HK RGC cloud for all institutions.Public cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services, such as Amazon, IBM Cloud, Google, etc.Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting).
8 Possible Trends of Cloud Computing Small enterprises use public SaaS and public clouds and minimize growth of data centersLarge enterprise data centers may evolve to act as private clouds. They may also use hybrid clouds to leverage both private and public cloudsPublic clouds may adopt standards in order to run workloads from hybrid cloud infrastructuresLarge enterprises: a) use cloud model to provide centralized IT service, no need of IT support at each dept levelb) Use hybrid clouds to out-source part of its IT services8
9 Core objectives of Cloud Computing Core objectives and principles of cloud computing:SecurityScalabilityAvailabilityPerformanceCost-effectiveOn-demand acquire / release resourcesPay for what you useLeverage others’ core competenciesTurn fixed cost into variable costSource:99
10 Analyzing Cloud Security Some key issues:trust, multi-tenancy, encryption, complianceClouds are massively complex systems that consist of standard functional units replicated thousands of timesCloud security is a tractable problemThere are both advantages and challengesData owner and storage server are two different entities
11 Security Advantages of Cloud Computing More resources for security, e.g.,dedicated security team,good security infrastructure,fault tolerance and reliability, …Hypervisor protection against network attacksData held by unbiased partyOn-demand security controlsReal-time detection of system tamperingLow-cost disaster recovery and data storage solutionsRapid re-constitution of services……Hypervisor: also called a virtual machine manager (VMM), is a program that allows multiple operating systems to share a single hardware host. Each operating system appears to have the host's processor, memory, and other resources all to itself. However, the hypervisor is actually controlling the host processor and resources, allocating what is needed to each operating system in turn and making sure that the guest operating systems (called virtual machines) cannot disrupt each other.Hypervisor protection against attacks: hypervisor monitors the guest Oss and isolates the damage of each.11
12 Challenges of Cloud Security Data dispersal and international privacy lawsPossible massive outagesMulti-tenancy (with conflict of business interests)Attraction to hackers (high value target)Difficulties in keep data access loggingData ownership issuesSecurity of virtual OSs in the cloudEncryption needs for cloud computing………..
13 Foundational Elements of Cloud Computing Primary TechnologiesVirtualizationService Oriented ArchitecturesDistributed ComputingBroadband NetworksBrowser as a platformFree and Open Source Software…….Other TechnologiesWeb 2.0Web application frameworksService Level AgreementsAutonomic Systems……
14 The key is the “hypervisor” or “virtual machine manager” VirtualizationCloud computing separates applications from the underlying infrastructureHost operating system provides an abstraction layer for running virtual guest OSsThe key is the “hypervisor” or “virtual machine manager”Enable guest OSs to run in isolation of other OSsRun multiple types of OSsEnable portability (migration) of virtual servers between physical serversIncrease utilization of physical servers
15 Utility Computing“Computing may someday be organized as a public utility” - John McCarthy, MIT Centennial in 1961Huge computational and storage capabilities available from utilitiesMetered billing (pay for what you use)Simple to use interface to access the capability (e.g., plugging into an outlet)Electricity generator at each home -> large power plants + power linesComputer at each home -> clouds + networks
16 Web 2.0 Web 2.0 is the trend of using the full potential of the web Viewing the Internet as a computing platformRunning interactive applications through a web browserInterconnecting mobile devicesEnhanced effectiveness with greater human participation“Web 2.0 is the business revolution in the computer industry caused by the move to the Internet as a platform, and an attempt to understand the rules for success on that new platform.” – by Tim O'ReillyWeb-Browser is a platform for cloud computing. Most of cloud services are offered through browsers.But before web 2.0, Web is only used for information retrieval, not for interaction…Source: Long tail, The Long Tail" by Chris Anderson, Wired, Oct. 2004Source: O’Reilly quote,
17 Web ServicesSelf-describing and stateless modules that perform discrete units of work and are available over the networkWeb service providers offer APIs that enable developers to exploit functionality over the Internet, rather than delivering full-blown applications.Standards based interfacese.g., SOAP, WSDL, WS-Security, WS-TransactionMany loosely coupled interacting modules form a single logical system (e.g., legos)WS (Web Service)SOAP - simple object access protocol, an XML-based protocol that allows applications exchange information through HTTP.Source: ‘Web Services: Principles and Technology’ (Michael Papazoglou) Chapter 1Source: Infoworld quote,Source: Rube Goldberg picture,
18 Major Cloud PlatformsAmazon’s Elastic Compute (EC2) and Simple Storage (S3)Google’s Google AppsMicrosoft’s AzureSaleforce.com’s CRM clouds (e.g., Sales Cloud, Service Cloud and Force.com)IBM’s Smart Business portfolioEC2: exmaple of Infra-structure IaaSGoogle Apps, Azure : examples of platform PaaSSaleforce: example of SaaS (customer relationship management S/W)Source: vCloud press release, 9/15/08,1818
19 Examples of Google Cloud Users The government of City of Washington D.C. moved most of the government functions to Google Cloud:Migrating data of 38,000 employees to Google AppsReplace office software byGmailGoogle Docs (word processing and spreadsheets)Google video for businessGoogle sites (intranet sites and wikis)500,000+ organizations use Google AppsGE moved 400,000 desktops from Microsoft Office to Google Apps and then migrated them to Zoho for privacy concernsThis’s an example of a user using clouds.“It's a fundamental change to the way our government operates by moving to the cloud. Rather than owning the infrastructure, we can save millions.”, Mr. KundraQuote is from1919
20 Facebook’s Use of Open Source and Commodity Hardware (8/08) By Jonathan Heiliger, Facebook's vice president of technical operations:80 million users + 250,000 new users per day50,000 transactions per second, 10,000+ serversBuilt on open source softwareWeb and App tier: Apache, PHP, AJAXMiddleware tier: Memcached (Open source caching)Data tier: MySQL (Open source DB)Thousands of DB instances store data in distributed fashion (avoids collisions of many users accessing the same DB)Use redundancy of simple hardware devices for reliabilityThis’s an example of cloud provider, using simple H/W to build cloud.Data taken from CNET news article and interview 8/18/08
21 Amazon Cloud Amazon cloud components New Features Elastic Compute Cloud (EC2)Simple Storage Service (S3)SimpleDBNew FeaturesAvailability zonesPlace applications in multiple locations for failoversElastic IP addressesStatic IP addresses that can be dynamically remapped to point to different instances (no change of DNS)Source: Infoworld article (availability zones and elastic IP),
22 CityU CSLab Cloud Configuration (a case study) This is one rack (a large DataCenter has rows of these racks). This rack is IBM Blade Center.A rack has many rack-units (server boards inserted into the rack). Each rack-unit has 2 XEON CPUs, memory (16 – 96GB), and disk (~100G). The local disk on each rack-unit is small, only for O/S (no data or FS).Each rack has 3 storage arrays (30TB in total) connected by SAN (Storage Area Network) to all rack-units, i.e., they all share the same disk storage.The disk storages of racks are further interconnected by optical fibers (high speed).1. A rack has several levels. Each level has 14 slots, one for each server board (rack unit).The height of a rack is more or less standard for all different vendors.2. CPU,3. Disk
23 Clusters and VM Configuration All server boards (rack units) are grouped into clusters. In Cslab, 14 boards are configured into 4 clusters (a cluster acts like a big server), each with around 4 rack-units.Usually the same type of svr-boards (with the same CPU platform) are grouped into the same cluster. This configuration is easy for VM automatic migration between svr-boards in the same cluster.VMs are configured on clusters. There can be hundreds VMs configured on a cluster. Sys-Admin uses an interface (supported by VMWare) to create a VM by specifying CPU, memory, storage requirements, and VM platform (i.e., UNIX, Linux, Solaris, MS-Window, etc).ClustersCluster of same type CPUVM configuration
24 VM Configuration / Mornintoring The Sys-Admin can use the interface to monitor the clusters (and svr-boards inside each cluster), VMs on each cluster (and svr-boards), and actual resource usage of VMs.A VM can be for a server, a web-server, database server, etc, or a server for all students to do a course work for a subject. A VM can also be configured for each staff office’s desktop (no PC is needed in staff’s office).The Max number of VMs on a cluster is mainly limited by memory and storage size (they cannot be shared).A VM has its own IP address / domain name, all the same as a physical machine. Users can run all kind of applications on the VM.A VM can work for relatively a long time, from a day to a few years. It can survive the underneath H/W (CPU or storage) replacement.Monitor cluster & VMVM configuration forVM networking, other features
25 VM Auto-MigrationWhen one svr-board needs to stop for maintenance, Sys-Admin can mark the server for maintenance through the admin interface. Then, all VMs on this server can automatically migrate to other servers without stopping the applications running on the server.Applications on the VM may suffer some delay (or packet loss) if they involve network access, because VM migration involves the change of MAC address (from one board to another) and the change of packet routing.This migration can also happens for load balancing purpose. The system software can monitor the load on all servers, and auto-migrate VMs from heavy loaded servers to light ones.VM migration by adminVM migration has delay (not 100% transparent from end-users)VM Auto-migration
26 VM Migration within & across Clusters Another mode for VM management is “energy saving”. If this mode is turned on, the system will try to auto-migrate the VMs to some of the server-boards, and turn off the power of the rest of idle server-boards for energy saving.Since all VMs on the same cluster share the same disk storage (some clusters, particularly connected by SAN, also share the same disk), it is easy to migrate VMs between server-boards and this migration can be done automatically.Each VM is represented as a “folder” in the disk storage system and the files on this VM are all under this “folder”.The migration of VMs across clusters may need Sys-Admin to use the interface to do it manually.The difficulty of VM Migration across clusters is different storage of clusters.
27 Data Center Networks (DCN) This is a floor map of CityU’s data center. It has rows of racks. Each little box of a row is a rack.Data center network is a LAN that inter-connect server farms inside a data center and further connect the data center to the Internet.
28 CISCO’s Architecture of DCN A DCN is in a tree structure, where the top are CRs (core routers) that connect the data center to the Internet.CRs are connected to Layer-2 domains by ARs and ASs.ARs (access router) and ASs (aggregation switch) are duplicated for reliability (a pair for each Layer2 domain).Switches under each pair of ARs (or ASs) form a layer-2 domain.A Layer-2 domain typically has several thousands of servers.The bottom of the tree are rows of ToRs (Top of Rack), each ToR typically has 20 – 40 servers.Paper can be found: “Cisco: Data center: Load balancing data center services”The layers follow the OSI 7-layer standard. Layer-2 is data-link layer switching, layer-3 is network-routing (IP)Terms: CR, AR, AS, S, ToR, layer2-domain (NOTE: each domain has only a pair of AS or AR),…Load-balancing can be done within ToR, under the same Switch, within Layer2 domain (the difficulties increase as the network goes upper layer)!Note: internet is drawn as a cloud
29 F5 Load Balancer in CityU CSC Campus UsersCampus NetworkF5 LTM1500Internet and Home UsersCisco C2950TF5 LTM1500F5 LTM3600F5 LTM1500WBA3600 modulesBlackboard serversCisco C2960GCisco C2970GBanner serversCisco C2960TF5 ASM3600Central Web serversF5 LTM1500 (Switches) are interconnected. All user’s requests go to these LTM1500 first.Servers are duplicated, e.g., 3 Web servers, 4 LDAP servers (for students learning). But all duplicated servers share disk storage, no need to keep data consistent.SMTP serversCentral Web serversLDAP serversSFB Auth serversCentral Wiki serversLibrary serversAMS serversLibrary Auth serversCAP serversHRO Wiki serversPhotoWeb serversBack
30 Thoughts on Cloud Computing…… “A way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software.”“The idea of loosely coupled services running on an agile, scalable infrastructure should eventually make every enterprise a node in the cloud.”“We are at the beginning of the age of planetary computing. Billions of people will be wirelessly interconnected, and the only way to achieve that kind of massive scale usage is by massive scale, brutally efficient cloud-based infrastructure.”……Source: InfoWorld Quote,3030