Introduction to cloud services architecture

Transcript

1. Introduction to Cloud Services Architecture 1

2. Cloud Computing Stack 2 Core Services Discovery Resource Management Replication

   Load Balancing Virtualization Management Network Hardware Application Architecture SaaS PaaS IaaS Hardware Data Governance Interoperability Data Migration Management Services Deployment Configuration Metering Billing Provisioning Monitoring Reporting SLA Management Security Encryption Privacy Authentication Authorization Identity Federation

3. Architecture 3 Software as a Service: a multitenant platform that

   uses common resources and a single instance of both the object code of an application as well as the underlying database to support multiple customers simultaneously ¨  Google apps, Office 365, ZOHO, github, SalesForce.com, Oracle, etc. Platform as a Service: provides developers with a platform for hosting of web applications as a service ¨  Google AppEngine, Microsoft's Azure, Heroku.com, etc. Infrastructure as a Service: Delivery of computer infrastructure as a service ¨  GoGrid, Flexiscale, Layered Technologies, AppNexeus, Joyent, and Mosso/Rackspace, Amazon etc. Architecture SaaS PaaS IaaS Hardware

4. Core Services 4 Discovery ¨  Promotes reusability by allowing service

   consumers to find the existing services. ¨  RESTful services support discovery and reuse at design time. Replication ¨  Replication (both Eager and Lazy) keeps all replicas as a part of one atomic transaction. ¨  Replica takes over when a location fails Load Balancing ¨  Prevents system bottlenecks due to unbalanced loads ¨  Enables app re-provisioning without config change Resource Management ¨  Manages virtualized resources Core Services Discovery Resource Management Replication Load Balancing

5. Data Governance Principles that govern data movement outside the client

   entity 5 Interoperability ¨  Easy migration and integration of applications and data between different vendors' clouds in spite of differing hypervisors, technologies, storage, operating systems, security standards and management interfaces Data Migration ¨  No data loss or availability loss while migrating data between data centers or cloud systems ¨  User should be able to move their data and applications any time from one to another seamlessly, without any one vendor controlling it Data Governance Interoperability Data Migration

6. Management Services Deployment and Configuration ¨  Config and deployment management

   tools are needed to reduce the complexity ¨  Configuration management frameworks help software developers and engineers manage server and application configuration by writing code, rather than running commands by hand Metering and Billing ¨  Transparent metering and billing increases trust ¨  Metrics could include CPU Capacity, Bandwidth (Inbound/ Outbound Data Transfer), Storage Space, Software License Fee for example 6 Management Services Deployment Configuration Metering Billing Provisioning Monitoring Reporting SLA Management

7. Management Services Provisioning ¨  Enables users to set up infrastructure

   without any help ¨  Provisioning helps with resource & workload management, and process automation Monitoring and Reporting ¨  Monitors the SLA lifecycle ¨  Produce cloud system health reports Service-Level Agreements Management ¨  Users always want stable/reliable but most cloud vendors do not provide high availability assurances ¨  SLA ensures agreed upon terms to deal with unexpected situations 7 Management Services Deployment Configuration Metering Billing Provisioning Monitoring Reporting SLA Management

8. Information Security 8 Info is not just a competitive asset.

   Info loss can create liability Encryption/Decryption ¨  Always encrypt before sending out ¨  Protect the keys: avoid recent Sony fiasco Privacy ¨  Cloud holds user PII* so privacy laws apply ID Federation (combining identities across systems) ¨  ID token at a portal: also acceptable at a collaborating portal Authorization and Authentication ¨  Ability to track, pinpoint, control, and manage users who try to access machines with improper credentials Security Encryption Privacy Authentication Authorization Identity Federation * PII = Personally Identifiable Information

9. Cloud outages 9 Services  and  outage   Dura1on   Date

     Microso'  Azure:  malfunc3on  in  Windows  Azure   22  h   13-­‐14-­‐Mar-­‐08   Gmail  and  Google  Apps  engine   2.5  h   24-­‐Feb-­‐09   Google  search  outage:  programming  error   40  m   31-­‐Jan-­‐09   Gmail:  site  unavailable  due  to  outage  in  contacts  system   1.5  h   11-­‐Aug-­‐08   Google  AppEngine  par3al  outage:  programming  error   5  h   17-­‐Jun-­‐08   S3  outage:  authen3ca3on  service  overload   2  h   15-­‐Feb-­‐08   S3  outage:  single  bit  error  leading  to  gossip  protocol  blowup   6-­‐8  h   20-­‐Jul-­‐08   FlexiScale:  core  network  failure   18  h   31-­‐Oct-­‐08  

10. 10 Thank you.