Cloud Essentials for Architects using OpenStack Course Overview Start Date 5th March 2015 Duration 2 Days Location Dublin Course Code SS15-13 Programme Overview Cloud Computing is gaining increasing attention within enterprises of all shapes and sizes, but few technologists actually know how to properly scope, design, and construct Cloud solutions. Taking standard software applications, databases, and user interfaces and deploying them in a Cloud environment is a recipe for disaster. Proper scoping, usage modeling, and careful design are all essential to success in the Cloud. This two day class begins with an examination of the Cloud Computing concept, the structure and key characteristics of Clouds, and takes a look under the hood at how they operate. From there, delegates are introduced to a Cloud Reference Model and explore various aspects of Cloud solution design from discovery throughout the lifecycle of a Cloud solution all the way to retirement. Special attention is given to requirements and Cloud utilization analysis, Cloud solution design strategies, and deployment scenarios. Course Objectives Upon completion of this course, delegates will have an understanding of the Cloud Computing environment and practical experience in designing, developing, and deploying Cloud-based solutions. This class consists of 25% hands-on labs in an actual OpenStack Cloud Computing development environment, and 75% lecture and discussion. Delegates should have some hands-on experience developing software, but the focus of the course is upon architecture and design considerations within the Cloud. Who should attend Enterprise Architects, Solution Architects, Information Technology Architects, Senior Developers, and Team Leads Prerequisites Foundational Knowledge in distributed computing and Web-based architecture Certification N/A Course Content Chapter 1. Defining the Cloud A Bit of History
Wikipedia Entry Cloud Computing at a Glance Gartner Research on Cloud Electrical Power Grid Service Analogy The NIST Perspective Five Characteristics On-demand Self-Service (NIST Characteristic) Broad Network Access (NIST Characteristic) Resource Pooling (NIST Characteristic) Rapid Elasticity (NIST Characteristic) Measured Service (NIST Characteristic) The Three Cloud Service Models (NIST) The Cloud Computing Spectrum: IaaS, PaaS and SaaS The Four Cloud Deployment Models (NIST) The NIST Cloud Definition Framework A Hybrid Cloud Diagram Cloud Deployment Model Dynamics Chapter 2. The Cloud Enablers The Origin of the Cloud Computing Virtualization Hypervisors Hypervisor Types Type 1 hypervisors Type 2 hypervisors Type 1 vs Type 2 Processing Paravirtualization Applying Virtualization to the Cloud Virtualization Qualities (1/2) Virtualization Qualities (2/2) Grid Computing vs Cloud Computing Myth: Cloud is SaaS SOA and the Cloud Chapter 3. Cloud Reference Model The Need for a Cloud Reference Model Cloud Reference Model Cloud Infrastructure Cloud Infrastructure - Virtual Machines A Bootable OS Image Defining a "Compute Unit" Instance Templates (Flavors) Launching an Instance in OpenStack Block Storage for Instances Cloud Infrastructure - Cloud Object Storage Additional Data Storage Options Cloud Multi-Tenancy Model Common Characteristics of Multi-tenant Applications (1/2) Common Characteristics of Multi-tenant Applications (2/2) The PaaS Platform Google App Engine (GAE) PaaS Overview GAE's Stats Google Cloud Storage The SaaS Platform Cloud Service Model Implementations Google Compute Engine's Simplified Architecture Google Cloud Platform
Chapter 4. OpenStack What is OpenStack OpenStack Main Components/Services Release History (Since the Folsom Release) Compute (Nova) Main Compute (Nova) modules/services Creating OpenStack VM Instances Image (Glance) Object Store (Swift) Components of Swift Dashboard (Horizon) Launching a Virtual Instance in Horizon Block Storage (Cinder) Identity (Keystone) Networking (Neutron, formerly Quantum) OpenStack Networking Telemetry (Ceilometer) Orchestration (Heat) Heat Templates Pulling It All Together Building OpenStack Environments Chapter 5. The Cloud Economics Cloud Value Proposition Coping with Computing Demand the Traditional Way Coping with Computing Demand the Cloud Way Cloud economics You Can Move Your Cloud Apps Closer to Your Clients! Be Aware of What You Ask For! Do Clouds Compute? Total Cost of Ownership (TCO) Cloud Infrastructure Vendor Comparison Select Expected Benefits You Still Need Financial Management and Tracking Calculate initial, simple return Calculate Returns for on-going Usage How to Practically Estimate Your Cloud Bill? Shop Around (Within the Same Shop) Discounted Object Storage: Amazon Glacier Amazon S3 Cost Monitoring Google Compute Engine Per-Minute Billing Chapter 6. Cloud Risks and Risk Mitigation Cloud Risks Failure-As-A-Service in 2009 Service Quality Malicious Insiders Shared Technology Vulnerabilities Data Loss/Leakage Data Loss / Leakage Causes Account, Service & Traffic Hijacking Unknown Risk Profile Mitigating Cloud Security Risks Five Mitigation Strategies
Federated ID Multi-layer Inspection Centralized Management Virtual Desktop Protection Look toward standards Problem Resolution Data Back-up Risks When Supporting Clouds: Provisioning Liability Security Chapter 7. Cloud Security The Heartbleed OpenSSL Bug A Notable Breach (a Spear-phishing Attack Example) Cloud Vendor Security Certifications Google Compute Engine Data Security Cloud Access Security Features Security of Cloud Vendor Networks Insecure Interfaces Top Threats for Cloud Computing The Common Cloud Security Concerns Authorization and Data Access Constraints Cloud Security Domains The CIAs of Security Access Control: Physical Security Access Control: Authentication & Authorization Federated Identity Management Access Control: Auditing Identity Management AWS Identity and Access Management Service Security in the Google Cloud GAE Cloud Security Module Application Security Application Multi-Layer Security Design Access Control List Extensions Information and Data Security Data-at-rest Security Amazon S3 Security Amazon S3 Security (Cont.) Network Security Operational Security DevOps Security Concerns Chapter 8. Cloud Services Defining Cloud Services User-Cloud Interaction Cloud Service Characteristics The Typical Cloud Services Application Services Messaging Application Service Email Application Service Cache Application Service Specialized Application Services AWS Analytics Systems Google App Engine (GAE) MapReduce Service Use Cases for MapReduce Jobs Integration Platform as a Service (IPaaS)
Storage Services Object Storage Archive Storage Relational Storage NoSQL Storage Some AWS Storage Services Data Warehouses in the Cloud Cloud Utility Services Scalability and HA of Your Applications in the Cloud The Auto-scaling Service Monitoring Services Configuring Instance Health Check in AWS Amazon Web Services Integration Diagram Google App Engine (GAE) Services Integration Diagram Microsoft Azure Services Comparing Cloud Service Stacks Chapter 9. Adopting Your Very Own Cloud What Drives Cloud Adoption? What May Go to the Cloud? Capacity Planning Critical Run-time and Storage Parameters The Cloud Adoption Stages (Example) Getting to the Cloud (Example Road Map) Pre-Cloud Stages Cloud Stages Cloud Stages (Cont'd) Cloud Adoption Steps Identify your business drivers (Step #1) Get Educated (Step #2) Get Educated (Things to Avoid... ) Articulate a Value Proposition (Step #3) Define one or more scenarios (Step #4) Produce a Road Map (Step #5) Gain Stakeholder Buy-in (Step #6) Establish Governance (Step #7) Invest in Infrastructure (Step #8) Cloud Pilot (Step #9) Scoping the Pilot Project Pilot Project Scope (Cont d) Enterprise Roll-out (Step #10) Start Small and Grow Incrementally Amazon WS Technical Lessons When Moving To the Cloud Hype Cycle and Technology Adoption Model Chapter 10. OpenStack Security OpenStack Cloud Perimeter Security System Perimeter Security OpenStack Virtual Instance Security OpenStack Security Considerations Linux Kernel-Based Firewall OpenStack Security Groups Nova Client Security Group Commands Nova REST API for Security Group Administration Nova Security Command Examples Identity Management with Keystone Keystone Command-line
Example of a Keystone Command Keystone REST API Example of Keystone RESTful Request Chapter 11. Cloud Design Strategies Implications of Vendor Lock-In Dealing with Vendor-specific Service API Know Your Cloud Application's Needs Data Physics Cloud Design Strategies Designing for Scalability Designing for Cloud Availability Designing for Failure Designing for Cloud Security Designing for Cloud Security - OWASP 10 Designing for Cloud Security - OWASP 10 (Cont'd) Designing for Cloud Security Multi-Factor Security Stepping Across Site Silos Stepping Across Site Silos the SAML Protocol Stepping Across Site Silos t The OpenID Protocol SAML vs OpenID History of OAuth Stepping Across Site Silos OAuth Selecting the Right Storage (Cont'd) Designing for Cloud Management Designing for Cloud Maintainability Other Considerations Designing for Cloud Service Reuse Designing for Cloud Service Reuse (Cont'd) Designing for Cloud Agility Designing for Cloud Usability Additional Usability Considerations Chapter 12. Cloud Governance IT Governance IT Governance (Cont'd) Unmanaged Clouds Defining Cloud Governance Defining Cloud Governance (Cont'd) An Internal Service Registry and Repository IBM WebSphere Service Registry and Repository (Example) Cloud Risks to Consider Top Cloud Computing Consumer Risks Top Cloud Computing Provider Risks Risk Mitigation Governance and Risk Mitigation Cloud Governance Model Roles and Responsibilities Policies and Procedures Governing Cloud Services Business alignment Asset Ownership Contract-driven Services Contract-driven Services (Cont'd) Agile IT in the Cloud
The Cloud Systems Checklist Capacity Planning Concepts and Challenges Governance Best Practices Governance Best Practices (Cont'd) Governance Gotchas Chapter 13. Cloud SLAs What is an SLA? Two SLA Management Phases Some SLA Parameters The Importance of Cloud SLAs Amazon Storage SLAs Understanding your SLA Example of Google Infrastructure Failure Rates Assess Consequences for Your Business Characteristics of a Service Quality Metric Service Quality Metrics SLA Monitoring Components