COSC6376 Cloud Computing Lecture 2. CAP and Challenges

Similar documents
DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud?

Cloud-Security: Show-Stopper or Enabling Technology?

Mitigating Risks with Cloud Computing Dan Reis

Cloud Computing. Ennan Zhai. Computer Science at Yale University

Cloud Computing Briefing Presentation. DANU

Cloud Essentials for Architects using OpenStack

Cloud Computing, SaaS and Outsourcing

COMPTIA CLO-001 EXAM QUESTIONS & ANSWERS

Multi Packed Security Addressing Challenges in Cloud Computing

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Basics of Cloud Computing

Introduction To Cloud Computing

How technology changed fraud investigations. Jean-François Legault Senior Manager Analytic & Forensic Technology June 13, 2011

Data Centers and Cloud Computing

Lesson 14: Cloud Computing

Security Readiness Assessment

Cloud Computing. What is cloud computing. CS 537 Fall 2017

Lecture 09: VMs and VCS head in the clouds

Data Centers and Cloud Computing. Slides courtesy of Tim Wood

Data Security: Public Contracts and the Cloud

Faculté Polytechnique

ADC im Cloud - Zeitalter

SEEM3450 Engineering Innovation and Entrepreneurship

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

Mobile Cloud Computing

Data Centers and Cloud Computing. Data Centers

Cloud Computing Lecture 4

CHALLENGES GOVERNANCE INTEGRATION SECURITY

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

CORPORATE PERFORMANCE IMPROVEMENT DOES CLOUD MEAN THE PRIVATE DATA CENTER IS DEAD?

ECE Enterprise Storage Architecture. Fall ~* CLOUD *~. Tyler Bletsch Duke University

CLOUD COMPUTING ABSTRACT

Community Clouds And why you should care about them

Cloud Computing. Technologies and Types

Cloud Computing and Service-Oriented Architectures

Cloud Infrastructure and Operations Chapter 2B/8 Page Main concept from which Cloud Computing developed

Updated December 12, Chapter 10 Service Description IBM Cloud for Government

CLOUD COMPUTING. Lecture 4: Introductory lecture for cloud computing. By: Latifa ALrashed. Networks and Communication Department

Cisco Services: Towards Your Next Generation IT

Chapter 4. Fundamental Concepts and Models

Introduction to Cloud Computing

The Oracle Trust Fabric Securing the Cloud Journey

Best Practices in Securing a Multicloud World

Business Technology Briefing: Fear of Flying, And How You Can Overcome It

Architectural Implications of Cloud Computing

Securing Cloud Computing

CPSC 426/526. Cloud Computing. Ennan Zhai. Computer Science Department Yale University

Cloud Computing An IT Paradigm Changer

A different approach to Application Security

Best Practices in Securing Your Customer Data in Salesforce, Force.com & Chatter

Building a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Cloud Computing 4/17/2016. Outline. Cloud Computing. Centralized versus Distributed Computing Some people argue that Cloud Computing. Cloud Computing.

Migrating Enterprise Applications to the Cloud Session 672. Leighton L. Nelson

Cloud Computing: Is it safe for you and your customers? Alex Hernandez DefenseStorm

Cloud Computing: Making the Right Choice for Your Organization

SoftLayer Security and Compliance:

Cloud Computing Technologies and Types

INFS 214: Introduction to Computing

Moving to the Cloud. Developing Apps in. the New World of Cloud Computing. Dinkar Sitaram. Geetha Manjunath. David R. Deily ELSEVIER.

1 The intersection of IAM and the cloud

Why the cloud matters?

Embracing a Secure Cloud. Cloud & Network Virtualisation India 2017

Cloud Computing Overview. The Business and Technology Impact. October 2013

Security & Compliance in the AWS Cloud. Amazon Web Services

CLOUD COMPUTING. The Old Ways Are New Again. Jeff Rowland, Vice President, USAA IT/Security Audit Services. Public Information

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

In this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing,

Bringing Business Value to Object Oriented Storage

Security Information & Policies

Securing the Modern Data Center with Trend Micro Deep Security

CASE STUDY: USING THE HYBRID CLOUD TO INCREASE CORPORATE VALUE AND ADAPT TO COMPETITIVE WORLD TRENDS

Managing the risks of cloud computing

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

Transform to Your Cloud

IT your way - Hybrid IT FAQs

Moving to computing are auditors ready for the security challenges? Albert Otete CPA CISA ISACA Uganda Workshop

Security Models for Cloud

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Lecture 7: Data Center Networks

2-4 April 2019 Taets Art and Event Park, Amsterdam CLICK TO KNOW MORE

The Next Opportunity in the Data Centre

Understanding Cloud Migration. Ruth Wilson, Data Center Services Executive

Protecting Your Cloud

Document Cloud (including Adobe Sign) Additional Terms of Use. Last updated June 5, Replaces all prior versions.

NetApp Private Storage for Cloud: Solving the issues of cloud data privacy and data sovereignty

How Credit Unions Are Taking Advantage of the Cloud

CS 6393 Lecture 10. Cloud Computing. Prof. Ravi Sandhu Executive Director and Endowed Chair. April 12,

When you provide personal information to us it will only be used in the ways described in this privacy policy.

Veritas Backup Exec. Powerful, flexible and reliable data protection designed for cloud-ready organizations. Key Features and Benefits OVERVIEW

ETSY.COM - PRIVACY POLICY

How do you decide what s best for you?

Microsoft 365 Business FAQs

The Park Hotel Privacy Statement

Module Day Topic. 1 Definition of Cloud Computing and its Basics

Programowanie w chmurze na platformie Java EE Wykład 1 - dr inż. Piotr Zając

Renovating your storage infrastructure for Cloud era

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Cloud & Virtualization Technologies

Transcription:

COSC6376 Cloud Computing Lecture 2. CAP and Challenges Instructor: Weidong Shi (Larry), PhD Computer Science Department University of Houston

Outline Ecosystem CAP Challenges

Summary Assignment Paper can be downloaded from the class website Due next Tuesday in class

NIST: Interactions between Actors in Cloud Computing Cloud Consumer Cloud Auditor Cloud Broker Cloud Provider The communication path between a cloud provider & a cloud consumer The communication paths for a cloud auditor to collect auditing information The communication paths for a cloud broker to provide service to a cloud consumer

Security Privacy Conceptual Reference Diagram Cloud Consumer Cloud Auditor Security Audit Privacy Impact Audit Performance Audit Service Layer PaaS IaaS SaaS Resource Abstraction and Control Layer Physical Resource Layer Hardware Facility Cloud Service Management Business Support Provisioning/ Configuration Portability/ Interoperability Cloud Broker Service Intermediation Service Aggregation Service Arbitrage 5 Cloud Carrier

Resource Abstraction All problems in computer science can be solved by another level of indirection (abstraction) - David John Wheeler 6

Six Layers of Cloud Services Salesforce.com, Webex, App Engine, Microsoft Azure Amzon AWS, Racksapce, IBM Ensembles Savvis, Intermap, Digital Realty Trust AT & T VMWare, IBM, Xen

Spectrum of Clouds Instruction Set VM (Amazon EC2, 3Tera) Bytecode VM (Microsoft Azure) Framework VM Google AppEngine, Force.com Lower-level, Less management Higher-level, More management EC2 Azure AppEngine Force.com

Amazon EC2 Like physical hardware, users can control nearly the entirely software stack, from the kernel upwards. A few API calls to request and configure the virtualized hardware. No limit on the kinds of applications that can be hosted. Low level of virtualization-raw CPU cycles, IP connectivity-allow developers to code whatever they want. Hard to offer scalability and failover.

Google AppEngine and Force.com Does one thing well: running web apps App Engine handles HTTP(S) requests, nothing else Think RPC: request in, processing, response out Works well for the web and AJAX; also for other services Request-reply based. Not suitable for generalpurpose. Severely rationed in how much CPU time they can use in a request. Automatic scaling and high-availability.

Microsoft s Azure Written using the.net libraries, and compiled to the language independent managed environment. General -purpose computing. Users get a choice of language, but can not control the operating system or runtime. Libraries provide automatic network configuration and failover/scalability but need users' cooperation also.

Spectrum Azure General-purpose Can not control OS A degree of scalability Google appengine/force.com Highly scalable Yet not general-purpose Amazon EC2 General-purpose Hard to offer scalability

Major Cloud Providers and Service Offerings

Public, Private, and Hybrid Clouds

Hybrid Clouds Using multiple clouds for different applications to match needs Moving an application to meet requirements at specific stages in its lifecycle, from early development through unit test, scale testing, pre-production and ultimately full production scenarios Moving workloads closer to end users across geographic locations, including user groups within the enterprise, partners and external customers Meeting peak demands efficiently in the cloud while the low steady-state is handled internally Maintaining confidential data on better protected clouds while allowing distributed computation on more computationally efficient ones.

Cloud Interoperability Standards Open Cloud Computing Interface Infrastructure EC2 API Simple Storage Service (S3) API Windows Azure Storage Service REST APIs Windows Azure Service Management REST APIs Deltacloud API Rackspace Cloud Servers API Rackspace Cloud Files API Cloud Data Management Interface vcloud API GlobusOnline REST API 17

CAP

The CAP Theorem Availability Three properties of a system: consistency, availability and partitions Consistency Partition tolerance

The CAP Theorem Availability Once a writer has written, all readers will see that write Consistency Partition tolerance

Consistency Model A consistency model determines rules for visibility and apparent order of updates. For example: Row X is replicated on nodes M and N Client A writes row X to node N Some period of time t elapses. Client B reads row X from node M Does client B see the write from client A? Consistency is a continuum with tradeoffs For NoSQL, the answer would be: maybe CAP Theorem states: Strict Consistency can't be achieved at the same time as availability and partition-tolerance.

Consistency Case 1 Upload a picture to facebook Send a message to your friend to check out the picture Will your friend see it? Case 2 Post a comment C1 on your friend s page at time t Post another comment C2 10 seconds later Will your friend see two comments with C1 first, followed by C2 22

Eventual Consistency When no updates occur for a long period of time, eventually all updates will propagate through the system and all the nodes will be consistent For a given accepted update and a given node, eventually either the update reaches the node or the node is removed from service

GPS Powered Distributed Database Google Spanner, the Largest Single Database on Earth 24 Spanner allows server nodes to coordinate without a whole lot of communication.

The CAP Theorem Consistency Availability Partition tolerance Every request received by a nonfailing node in the system must result in a response (must terminate) System is available during software and hardware upgrades and node failures

Availability Traditionally, thought of as the server/process available five 9 s (99.999 %). However, for large node system, at almost any point in time there s a good chance that a node is either down or there is a network disruption among the nodes. Want a system that is resilient in the face of network disruption

The CAP Theorem Availability A system can continue to operate in the presence of a network partitions. Consistency Partition tolerance

A Availability C The CAP Theorem Claim: every distributed system is on one side of the triangle. P Partition-resilience You can have at most two of these three properties for any shared-data system To scale out, you have to partition. That leaves either consistency or availability to choose from In almost all cases, you would choose availability over consistency

Challenges

Adoption Challenges Availability Data lock-in Challenge Data Confidentiality, Auditability, and privacy Opportunity Multiple providers & DCs Standardization Encryption, VLANs, Firewalls; Geographical Data Storage; Privacy preserving data outsourcing

Challenges and Opportunities Availability of Service Service Duration Data S3 outage: authentication service overload leading to unavailability S3 outage: Single bit error leading to gossip protocol blowup. AppEngine partial outage: programming error 2hours 2/15/08 6-8hours 7/20/08 5 hours 6/17/08 Gmail. 1.5hours 08/11/08

Adoption Challenges Availability Data lock-in Challenge Data Confidentiality, Auditability, and privacy Opportunity Multiple providers & DCs Standardization Encryption, VLANs, Firewalls; Geographical Data Storage; Privacy preserving data outsourcing

Senior Execs Move Forward with Cloud Investments 34

Legal framework of Cloud Computing Legal compliance issues Service levels and performance Cross-border issues Data protection, rights and usage Privacy and security Termination and transition 35

Compliance of Cloud Computing Auditing requirements Many contracts impose auditing possibilities that include physical inspection how can these auditing requirements be complied with when geographically decentralized cloud services are used? Compliance IaS Data retention obligations Tax related storage requirements Labor law related book keeping requirements SaaS Electronic invoicing legislation Ecommerce legislation Electronic signature legislation 36

HIPPA Compliance? What is HIPPA? Health Insurance Portability and Accountability Act of 1996 a Federal Law What is Regulated? Accountability: Protects health data integrity, confidentiality and availability Reduces Fraud and Abuse Establishes Standards for Protection of Health Information Privacy (Operational, Consumer Control, Administration) Security (Administrative, Physical, Technical, Network) Definition of Privacy Privacy is the right of an individual to keep his/her individual health information from being disclosed

Cross Border Data Transfer/Storage EU Only use cloud provider with data center within EU e.g. Amazon EC2: choice of location (US East, US West or Ireland) Australia Financial services companies must first notify Australian Prudential Regulatory Authority (APRA) of data offshore transfer Make sure that agreement is concluded with the cloud provider 38

Cross Border Data Transfer/Storage Applicable Law & Competent court If outside own country, any litigation can become prohibitively expensive.. Data stored in the U.S. is subject to U.S. law, for example: US Patriot Act US government s authority extends to compel disclosure of records held by cloud providers 39

Challenges of Datasets over Multiple Clouds Interesting datasets might be available in different clouds Different cloud providers Private or public clouds Services mashing up datasets Inevitably crossing clouds Federated cloud architectures

Growth Challenges Challenge Data transfer bottlenecks Performance unpredictability Scalable storage Bugs in large distributed systems Scaling quickly Opportunity FedEx-ing disks, Data Backup/Archival Improved VM support, flash memory, scheduling VMs Invent scalable store Invent Debugger that relies on Distributed VMs Invent Auto-Scaler that relies on ML; Snapshots

Challenges and Opportunities Data Transfer bottlenecks Obstacles: large data transferring is expensive. e.g. Ship 10 TB from UC Berkeley to Amazon Bandwidth: 20 M/s Time: 45 days Money: $1000 Opportunities: Ship disks. Make it attractive to keep data in cloud. Reduce the cost of WAN bandwidth.

Growth Challenges Challenge Data transfer bottlenecks Performance unpredictability Scalable storage Bugs in large distributed systems Scaling quickly Opportunity FedEx-ing disks, Data Backup/Archival Improved VM support, flash memory, scheduling VMs Invent scalable store Invent Debugger that relies on Distributed VMs Invent Auto-Scaler that relies on ML; Snapshots

Real-time Bidding (Ads) 44

Algorithms on Big data Working on Big Data Data mining Machine learning Visualization Traditionally assume data is in flat files or relational databases Distributed data organization puts new challenges Redesign algorithms Redesign frameworks

Policy and Business Challenges Challenge Reputation Fate Sharing Software Licensing Opportunity Offer reputation-guarding services like those for email Pay-for-use licenses; Bulk use sales

Come to the Dark Side Spam as a service Crimeware as a service Password cracking cloud DoS attack as a service How likely is the risk buy services using stolen credit card numbers create ec2 instances using stolen keys attack authentication (SOAP, XML. XML wrapping attacks) hijack cloud infrastructure

Botnet as a Service 48

C & C Activities 2013 GLOBAL THREAT INTELLIGENCE REPORT (GTIR).

Underground E-shop selling access to malware-infected hosts 50

Botnet prices (Trend Micro) DDoS attacks Spamming (e-mail, social networks) Covert channel for information exchange PsyOPS in social networks Bitcoins 51

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback