Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

Published byPreston Strickland Modified over 9 years ago

Similar presentations

Presentation on theme: "An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011."— Presentation transcript:

1 An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011

2 Motivation A secure Cloud Computing architecture model requires a security layer at each design level. We are talking from a provider point of view. Cloud Computing is a broad Subject. We will only focus on the architecture of Infrastructure as a Service layer

3 Cloud Computing Deployment models Private Cloud is concerned with the internal needs of an organization A public Cloud sells services to the general public Hybrid Cloud pools resources from different Clouds. It is a combination of public and private Cloud A community Cloud is a joint effort between different organizations to share resources

4 How does a provider choose a deployment model? Deployment models are driven by: Organization Needs Prospective customers requirement Cloud security concerns Our design approach is based on the Cloud Case Study example we present in the next slide

5 Example: Design a Cloud Computing for FAU with the following requirement On demand secure software development and testing environment for researchers/programmers: example.NET, Java, C++, database development environment Provide secure research laboratory as a service Pool cloud idle resources to run simulations; guaranty a minimum computation at peak time. offload computing to public Cloud such as Amazon EC2

6 What deployment model fit the above FAU Cloud? Choose a private Cloud solution with Amazon EC2 compatible API. Let us Take a closer look at the requirement -- Provision of Simulation for research purpose belongs to the SaaS layer -- The secure development and test environment fit in PaaS layer -- On demand secure research laboratory provision requires a IaaS Layer

7 Security Requirement for FAU Cloud We need to address security at each Level of the design -- IaaS layer Security requirement (this Presentation) -- PaaS layer Security requirement (Future Presentation) -- SaaS layer Security requirement (Future Presentation)

8 Note We will respectively cover Security at the PaaS and SaaS in two future presentations At this point there will be no section reserved for Saas and PaaS

9 FAU Cloud IaaS Security requirement Availability: High throughput network bandwidth Physical Data Center temperature. Restricted physical access to the Data Center Redundant power source in case of power failure.

10 FAU Cloud IaaS Security requirement Hardware maintenance agreement Virtual Data Center policy Compliance with electrical and data wiring Cloud Server configuration Back up and recovery policy Fire prevention policy Administrator Policy

11 IAAS Security Requirement Secure protocol policy Intrusion Detection System Firewall Antivirus Anti malware

12 FAU Private Cloud Server Security Policy All server must have the following packages -- Intrusion Detection System (IDS) -- Firewall -- Antivirus -- Anti malware Secure Protocol such as ssh, sftp, scopy

13 FAU Secure Private Cloud Architecture We choose an Open Source solution: Eucalyptus Cloud -- Complement it with third party power management subsystem and -- Cloud Monitor Controller The following components will be described in the next few slides Node Controller Storage Controller Cloud Controller Cluster controller Walrus Storage Power management Controller Cloud Monitor System

14 Figure 1 shows a rough draft of the Eucalytus model (Courtesy of http://csrdu.org/blog/2010/10/23/introduction-to-private-cloud-computing-with-ubuntu-enterprise-cloud/)

15 Node Controller Runs as a server Control Virtual machine instances Discover hypervisors resources Interfaces with Cluster Controller and Hypervisors Provision resources to the VM Propagate data to Cloud Controller Security measure: -- Apply server security policy as describe above

16 Use case for Node Controller

17 Storage Controller Similar to Amazon elastic block storage services Ability to create snapshots Create and manage persistent block storage device Security measure -- Apply server security policy as describe above

18 Use case for Storage Controller

19 Cloud Controller Monitor the overall cloud infrastructure Monitor Node controller of hypervisor resources Interfaces with Cloud administrator Provide resource arbitration Monitor Virtual machine migrations Run on top OS server

20 Cloud Controller (continued) Security measure -- Apply server security policy as describe above

21 Use case for Cloud Controller

22 Cluster controller Process Cloud Controller to deploy instances Select available hypervisor to deploy virtual machines Audit hypervisors and report to Cloud Controller Security measure -- Apply server security policy as describe above

23 Use case for Cluster Controller

24 Walrus Storage Services Compatible with Amazon S3 Capacity to store virtual machine images Store snapshot Use S3 API to store files Can coexist on the Cloud Controller server Security measure: -- Apply server security policy as describe above

25 Use case for walrus services

26 Power management Controller Monitor power grid for failure Failsafe to backup power subsystem Auto detect grid power to return to normal state Security measure: Use Secure channel to shutdown system Allow trusted host by IP address and Mac Address

27 Use case for Power Management

28 Cloud Monitor System Monitor room temperature Monitor Cloud, Cluster, storage and hypervisors controllers performance Alert system administrator on any abnormality Security measure: Restrict access to admin Patch daily as needed Apply Organization security policy

29 Use case for Cloud Monitor system

30 Cloud administrator Manage Users Manage Roles Create Data Center Manage VMs Create Cloud Security Policy

31 Use case for cloud Administrator

32 The FAU Private Cloud ARchitecture Class diagram for Infrastructure as a service is shown in the next slide.

33 FAU private Cloud Architecture Class Diagram

34 Implementation of IaaS layer for the FAU Private Cloud

35 conclusion We only provide a secure architecture for Infrastructure as a Service in the FAU private Cloud Example. The design was based on security requirement for the respective layer Future presentation will address PaaS and SaaS Secure architecture

Download ppt "An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011."

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.

Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.
Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.

Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.
Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.

Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.
Cloud Computing Imranul Hoque. Today’s Cloud Computing.

Cloud Computing Imranul Hoque. Today’s Cloud Computing.
BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.

BETA!BETA! Building a secure private cloud on Microsoft technologies Private cloud security concerns Security & compliance in a Microsoft private cloud.
What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.

What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.
Virtualization and the Cloud

Virtualization and the Cloud
INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 4.

INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 4.
M.A.Doman 2011. Model for enabling the delivery of computing as a SERVICE.

M.A.Doman Model for enabling the delivery of computing as a SERVICE.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Cloud computing Tahani aljehani.

Cloud computing Tahani aljehani.
An Introduction to Cloud Computing. The challenge Add new services for your users quickly and cost effectively.

An Introduction to Cloud Computing. The challenge Add new services for your users quickly and cost effectively.
Plan Introduction What is Cloud Computing?

Plan Introduction What is Cloud Computing?
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
System Center 2012 Setup The components of system center App Controller Data Protection Manager Operations Manager Orchestrator Service.

System Center 2012 Setup The components of system center App Controller Data Protection Manager Operations Manager Orchestrator Service.
Introduction to Cloud Computing

Introduction to Cloud Computing
Cloud Computing All Copyrights reserved to Talal Abu-Ghazaleh Organization -2013 1.

Cloud Computing All Copyrights reserved to Talal Abu-Ghazaleh Organization
Cloud Computing الحوسبة السحابية. subject History of Cloud Before the cloud Cloud Conditions Definition of Cloud Computing Cloud Anatomy Type of Cloud.

Cloud Computing الحوسبة السحابية. subject History of Cloud Before the cloud Cloud Conditions Definition of Cloud Computing Cloud Anatomy Type of Cloud.

Similar presentations

Ads by Google