1. Networking Technologies for Cloud Computing USTC-INY5316 Instructor: Chi Zhang Fall 2015 Welcome to

2. Part 2: outline Introduction to Cloud Computing –amazon’s story –basic definitions of cloud computing –history of cloud computing –cloud computing techniques –cloud concerns (security…) 2

3. Larry on Cloud Computing The interesting thing about cloud computing is that we‘ve redefined cloud computing to include everything that we already do. ---Oracle CEO Larry Ellison 3 I can't think of anything that isn't cloud computing with all of these announcements

4. ICT as a fashion industry The computer industry is the only industry that is more fashion-driven than women's fashion. 4 ---Oracle CEO Larry Ellison

5. Who is amazon.com? amazon.com’s three businesses 5

6. Amazon web services 6

7. Global AWS infrastructure 7

8. AWS cloud services 8

9. IT usage patterns: tradional 9

10. IT usage patterns: cloud computing 10

11. IT usage patterns: cloud computing 11

12. Business benefits of cloud computing Elastic capacity Quick and easy deployment No CapEx, no initial investment Pay as you go, for what you use Automation and reusable components 12

13. Elastic capacity Scaling up and down in minutes No needto provision Optimize resources based on your needs Can easily manage unexpected peaks 13

14. Quick and easy deployment IT infrastructure is no longer a barrier Easier to test different solutions No need to wait for provisioning Shorter development cycles 14

15. No CapEx, no initial investment No initial investment needed No termination fees No commitments Clear pricing model (on the website) 15

16. Pay as you go, for what you use Pay for servers “by the hour” (on-demand) Pay for storage “per Gigabyte” per month Pay for data transfer “per Gigabyte” Easy to turn resources on/off (running costs) 16

17. Automation and reusable components Automation, less repetitive tasks (70/30 rule) Better management tools Focus on your business No need to build from scratch, but instead “reuse” 17

18. Business benefits of cloud computing: recap 18

19. What do customers run on AWS? Enterprise applications Media and web applications Big data, HPC, analytics Archive, disaster recovery Mobile and games 19

20. Cloud computing in China 20 For individuals: network bandwidth problem For small and medium-sized enterprises: perfect match! For big companies: security & privacy problem

21. Today’s agenda Introduction to Cloud Computing –amazon’s story –basic definitions of cloud computing –history of cloud computing –cloud computing techniques –cloud concerns (security…) 21

22. What is cloud computing? 22

23. Cloud computing word cloud 23

24. My cloud computing definition 24

25. NIST definition of cloud computing Cloud computing is a model for enabling ubiquitous, convenient, on- demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models 25

26. NIST definition of cloud computing NIST cloud model is composed of five essential characteristics, three service models, and four deployment models 26

27. Cloud computing characteristics 27 Common Characteristics: Low Cost Software Virtualization Service Orientation Advanced Security Homogeneity Massive Scale Resilient Computing Geographic Distribution Essential Characteristics: Resource Pooling Broad Network Access Rapid Elasticity Measured Service On Demand Self-Service

28. Essential characteristics 28 NO INTERNET = NO CLOUDING

29. Essential characteristics 29

30. Essential characteristics 30 Rapid Elasticity

31. Scalability To vertically scale up is to increase overall application capacity by increasing the resources within existing nodes. 31

32. Scalability To horizontally scale out is to increase overall application capacity by adding nodes. 32

33. Essential characteristics 33

34. Essential characteristics 34

35. Cloud component 35

36. Infrastructure as a Service (IaaS) 36

37. Platform as a Service (PaaS) 37

38. Software as a Service (PaaS) 38

39. Cloud service models 39 + Network

40. Customer vs. service provider 40

41. Simple service map 41

42. “X” as a Service 42

43. Cloud deployment models 43

44. Public cloud Definition: the services are delivered to the client via the Internet from a third party service provider. Example: Amazon 44

45. Private cloud Definition: these services are managed and provided within the organization. There are less restriction on network bandwidth, fewer security exposures and other legal requirements compared to the public Cloud. Example: HP Data Centers 45

46. Public cloud or private cloud? 46

47. Hybrid cloud Definition: there is a combination of services provided from public and private Clouds. Example: –ERP in Private cloud –Sales & Email on public 47

48. Community cloud Definition: Infrastructure shared by several organizations, targeting a specific community It may be for one organization or for several organizations, but they share common concerns such as their mission, policies, security, regulatory compliance needs, and so on. A community cloud may be managed by the constituent organization(s) or by a third party. 48

49. Summary: 5-4-3 definition 49 5 Essential Characteristics ： 4 Deployment Models: Private cloud Public cloud Community cloud Hybrid cloud 3 Service Models: Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS)

50. Risks and Challenges Increased Security Vulnerabilities 50

51. Risks and Challenges Reduced Operational Governance Control 51

52. Risks and Challenges Limited Portability Between Cloud Providers 52

53. Risks and Challenges Multi-Regional Compliance and Legal Issues 53

54. Today’s agenda Introduction to Cloud Computing –amazon’s story –basic definitions of cloud computing –history of cloud computing –cloud computing techniques –cloud concerns (security…) 54

55. History of ICT techniques 55

56. Cloud, cloud, cloud… 56

57. Something old, something new Cloud computing is a revolutionary way of architecting & providing services based on evolutionary technical changes The cloud is something that you have been using for a long time now; it is the Internet. 57

58. ISP to cloud evolution 58

59. Computing techniques 59

60. Utility computing 60

61. IT does not matter 61

62. Grid computing 62

63. Grid computing 63

64. Grid vs. cloud 64 GridCloud Underlying conceptUtility Computing Main benefitSolve computationally complex problems Provide a scalable standard environment for network- centric application development, testing and deployment Resource distribution / allocation Negotiate and manage resource sharing; schedulers Simple user provider model; pay-per-use DomainsMultiple domainsSingle domain Character / historyNon-commercial, publicly funded Commercial

65. Distributed computing challenges 65 4) Cost 5) Security 2) Availability 3) Maintenance End Users 1) Scalability

66. The birth of cloud computing 66 Once upon a time…  I’m Distributed Computing  I allow computations to run on several networked computers  I’m cool!  I’m Utility Computing  I package computing resources as a metered service  I’m economic Cloud Computing They fell in love, and had a child…

67. Comparison 67 Amazon EC2 (August 2006) Google App Engine (April 2008) Microsoft Azure (Oct 2008) Facebook Platform (May 2007) Amazon S3 (March 2006) Salesforce AppExchange (March 2006)

68. Today’s agenda Introduction to Cloud Computing –amazon’s story –basic definitions of cloud computing –history of cloud computing –cloud computing techniques –cloud concerns (security…) 68

69. Google as an example 69

70. Computing paradigm Computing shifting to really small and really big devices 70

71. Hardware design philosophy Prefer low-end server/PC-class designs –Build lots of them! Why? –Single machine performance is not interesting Even smaller problems are too large for any single system Large problems have lots of available parallelism –Lots of commodity machines gives best performance/$ 71

72. Google 1997 @ Stanford 72

73. Google 1999 73

74. Google data center 2001 74

75. Google data center 2008 75

76. Data center as infrastructures 76 Google’s 36 world wide data centers (2008)

77. Future data center 77

78. Google’s top secrete 78

79. http://www.google.com/about/datacenters/ 79

80. Inter data center communication 80

81. Data center architecture 81 Requirements: High bandwidth Low latency Low power consumption

82. Data center architecture 82 Rack, ToR/Aggregate switch

83. Traditional scale-up model 83

84. Emerging scale-out model 84

85. Today’s production DCN structure 85 Aggregatio n switch (ToR switch) Top-of-Rack Core switch A Production DCN structure adopted from Cisco 1:1 1:5 ~ 1:20 1:240 Communication bottleneck

86. Research community: fattree 86 ToR Aggregation Core 16 Rearrangeably non- blocking, 1:1 provisioning

87. Network traffic characteristics The data centers can be classified in three classes: –university campus data centers –private enterprise data centers –cloud-computing data centers In some cases there are some common traffic characteristics (e.g., average packet size) in all data centers while other characteristics (e.g., applications and traffic flow) are quite different between the data center categories 87

88. Network traffic characteristics Applications: –campus data centers: HTTP traffic –private data centers and in data centers used for cloud computing: HTTP, HTTPS, LDAP, and DataBase (e.g., MapReduce) traffic Traffic flow locality: –data centers used by educational organization and private enterprises: intra-rack traffic ranges from 10 to 40% –data centers that are used for cloud computing: intra- rack communication up to 80% 88

89. Network traffic characteristics Traffic flow size and duration: –Most traffic flow sizes in the data center are considerably small (i.e., less than 10KB) and a significant fraction of these flows last under a few hundreds of milliseconds Concurrent traffic flows: –The average number of concurrent flows is around 10 per server in the majority of the data centers 89

90. Network traffic characteristics Packet size: –a bimodal pattern with most packet sizes clustering around 200 and 1,400 bytes –the packets are either small control packets or are parts of large files that are fragmented to the maximum packet size of the Ethernet networks (1,550 bytes). Link utilization: –link utilization inside the rack and in the aggregate level is quite low, while the utilization on the core level is quite high. –Inside the rack the preferable data rate links are 1 Gbps (in some cases each rack server hosts 2 or more 1 Gbps links), while in the aggregate and in the core network, 10Gbps are usually deployed. 90

91. Server data rate forecast 91

92. Bandwidth trend for networking & server I/O At 10Gb/s speeds and beyond, passive and active copper cables are impractical to use beyond a few meters of reach because of their bulky size, high loss at high data rates, and high required power consumption. 92

93. Power consumption Many data centers consume a tremendous amount of electricity; some consume the equivalent of nearly 180,000 homes The global demand for electricity from data centers was around 330bn kWh in 2007 (almost the same amount of electricity consumed by UK) This demand in power consumption demand is projected to more than triple by 2020 (more than 1,000bn kWh) The servers consume around 40% of the total IT power, storage up to 37% and the network devices consume around 23% of the total IT power Saving 1W from the IT equipment results in cumulative saving of about 2.84Win total power consumption 93

94. Optical interconnects 94

95. Optical network evolution 95

96. Virtualization 96 Hardware Operating System App Traditional Stack Hardware OS App Hypervisor OS Virtualized Stack

97. Virtual servers surpass physical Source: IDC 97

98. vSwitching and vMotion 98

99. Divide and Conquer (MapReduce) 99 “Work” w1w1 w2w2 w3w3 r1r1 r2r2 r3r3 “Result” “worker” Partition Combine

100. East-west traffic pattern 100

101. A very flexible IaaS platform 101

102. NaaS? Cloud Servers –On-demand, Elastic, Measured server provisioning Cloud Storage –Scalable/fault tolerant storage with object stores Cloud Networks –How to do on-demand, elastic, measured networking provisioning ? –How to program the network ? 102

103. Multi-tenancy 103 Physical Network Network Virtualization App Svr OS VM App Svr OS VM App Svr OS VM App Svr OS VM App Svr OS VM App Svr OS VM Tenant B Tenant A Tenant C App Svr OS VM App Svr OS VM Router

104. Capacity mismatch 104 CR AR S S S S S S S S A A A A A A … S S S S A A A A A A …... S S S S S S S S A A A A A A … S S S S A A A A A A … ~ 5:1 ~ 200:1 ~ 40:1

105. Size of the data center While economies of scale suggest that datacenters should be as large as possible, typically restricted by the amount of power available for the site, datacenters should also be distributed across the planet for fault tolerance and latency locality Ronald Coase: –Transaction cost –1937 paper: The Nature of the Firm –1991 Nobel Prize in Economic 105

106. Today’s agenda Introduction to Cloud Computing –amazon’s story –basic definitions of cloud computing –history of cloud computing –cloud computing techniques –cloud concerns (security…) 106

107. 107 Pros and Cons

108. Networking challenges Conceptual model of the Internet supporting cloud computing 108

109. Access network 109

110. Transition network Traditional Internet, what is the problem? Architectural Stability –“Narrow Waist” –Everything over IP/IP over Everything Incremental Deployment –The persistence of the Internet’s architectural deficiencies is not because they are intellectually intractable, but because the current architecture puts them beyond the reach of incrementally deployable changes. Architectural Rigidity –The biggest problem with the current Internet architecture is not a particular functional deficiency, but its inability to accommodate innovation. 110

111. Clean-slate redesigns Clean-slate redesigns typically propose architectures that would be as static as our current one, presumably lasting relatively unchanged for a generation or more. Therefore, these clean-slate designs must not only meet current needs but also any future requirements that might arise in the next few decades. We do not believe we can predict the usage models for the Internet of 50 years hence. What we want: a clean-slate redesign without predicting the future 111

112. Supporting architectural evolvability What is architectural evolvability? –The ability to make gradual (but unlimited) changes in the entire architecture within the current market structure What are barriers to evolvability? –Protocols, formats, and information must be agreed upon by a large number of independent actors in the architecture; –There is no built-in mechanism that supports (and embraces) incremental deployment of new functionality with minimal friction; –ISPs have little incentive to deploy new architectures; –The coupling between architecture and infrastructure means that any significant architectural change involves sizable costs for vendors (for development) and network operators (for deployment). What makes an architecture evolvable? 112

113. Data center networking 113

114. Layer 2 vs. layer 3 114

115. Cloud concerns Yep Security is No 1 ! 115

116. A Cloud Technology Reference Model 116 Your Application Testing, Monitoring, Diagnostics and Verification Architectural Views Governance Life Cycle (Birth, Growth, Failure, Recovery, Death) Web of Metadata Categories, Capabilities, Configuration and Dependencies Resource Management Basic Monitoring Software & Hardware Infrastructure Facilities & Logistics Element Management (Split Responsibility) Element Management (Split Responsibility) Your Problem Their Problem

117. Software as a Service 117 Operating System Hypervisor Application Datacenter (Power, Cooling, Physical Security) Application Server MiddlewareDatabase CPUNetworking Storage YOUR DATA Backup Your Problem Their Problem

118. Platform as a Service 118 Operating System Hypervisor Your Application Datacenter (Power, Cooling, Physical Security) Application Server MiddlewareDatabase CPUNetworkingStorageBackup Your Problem Their Problem

119. Infrastructure as a Service 119 Your Operating System Hypervisor Your Application Datacenter (Power, Cooling, Physical Security) Your Application Server Your Middleware Your Database CPUNetworkingStorageBackup Your Problem Their Problem

120. Privacy in the cloud: encryption Encryption is the key element for privacy in the cloud Different encryption schemes –Symmetric –Asymmetric (PKI) Different encryption implementation –At Cloud provider –At third party –At the access device 120

121. Computing on encrypted data Privacy by design can be reached for cloud storage, but what if you want to process data in the cloud ? (Fully) Homomorphic encryption Searchable encryption Privacy-preserving techniques 121

122. Computing on encrypted data Wouldn’t it be nice to be able to… –Encrypt my data before sending to the cloud –While still allowing the cloud to search/sort/edit/… this data on my behalf –Keeping the data in the cloud in encrypted form Without needing to ship it back and forth to be decrypted 122 I want to delegate processing of my data, without giving away access to it.

123. Outsourcing computation privately 123 ClientServer/Cloud (Input: x )(Function: f) “I want to delegate the computation to the cloud” “I want to delegate the computation to the cloud, but the cloud shouldn’t see my input” Enc [ f( x ) ] Enc( x ) f

124. Alice’s jewelry store Alice’s workers need to assemble raw materials into jewelry But Alice is worried about theft –How can the workers process the raw materials without having access to them? 124

125. Alice’s jewelry store Alice puts materials in locked glovebox –For which only she has the key Workers assemble jewelry in the glovebox Alice unlocks box to get “results” 125

126. Outsourcing computation privately 126 $skj#hS28ksytA@ …

127. Outsourcing computation privately 127 $kjh9*mslt@na0 &maXxjq02bflx m^00a2nm5,A4. pE.abxp3m58bsa (3saM%w,snanba nq~mD=3akm2,A Z,ltnhde83|3mz{n dewiunb4]gnbTa* kjew^bwJ^mdns0

128. Asymmetric encryption 128 Merkle, Hellman and Diffie (1976)Shamir, Rivest and Adleman (1978) Encryption uses a public key, Decryption uses the secret key

129. Homomorphic encryption (Fully) Homomorphic Encryption –Homomorphic encryption: Form of encryption which allows operations on ciphertext without decrypting the ciphertext before –Big breakthrough: First Construction of fully homomorphic encryption (Gentry 09) –For practical implementation currently far too inefficient –High research activity Searchable Encryption –Symmetric searchable encryption –Asymmetric searchable encryption 129

130. FHE performance 130 DimensionKeyGenPK sizeAND 2048 800,000-bit integers 40 sec70 MByte31 sec 8192 3,200,000-bit integers 8 min285 MByte3 min 32768 13,000,000-bit integers 2 hours2.3 GByte30 min Large Medium Small Butler Lampson: “I don’t think we’ll see anyone using Gentry’s solution in our lifetimes…” – Forbes, Dec-19, 2011

131. Searchable encryption 131

132. Searchable encryption 132 Directly search on encrypted data without decryption on server side Encrypt word by word. For word W i –Block_ciphertext X i = E k (W i ), Word key k i = f k (X i ), Pseudorandom sequence T i = –Searchable_ciphertext C i = X i T i Search for a word W –Block_ciphertext X = E k (W), Word key k i = f k (X) –Check ciphertexts one by one to see if C X = (X i T i ) X is of the form for some random value s

133. Credentials 133 Org says Name Alice Address Birthdate Birthplace Citizenship … Alice Organization Service Reveals a lot of info on Alice! Org says Name Alice Address Birthdate Birthplace Citizenship …

134. Anonymous credentials 134 Alice Organization Service “I have a cred from Org saying WA resident Age >21” Cred from Org Name Alice Address Birthdate Birthplace Citizenship … Reveals only what Alice chooses to reveal Need not reveal her name (Need Accountability)

135. Anonymous credentials Alice Service “I have a cred from Org saying WA resident Age >18” Cred from Org Name Alice Address Birthdate Birthplace Citizenship … Organization Cannot Identify Alice (if her name is not provided) Learn anything beyond the info she gives (and what can be inferred) Distinguish two users with the same attributes Link multiple uses of the same credentials 135

136. Anonymous communication 136 User Tunnel Private Address Public Alias Address Real IP Address PNAT MIX1MIX2MIX3

137. Challenges: conflicting goals 137 Existing Services FunctionalityPerformance Confidentiality / Privacy High Low High Many Crypto Systems/Protocols Ideal State

138. 138