Cloud Computing Essentials

http://crc.aut.ac.ir
 ITU-T Y3500 (ISO/IEC 17788): Cloud Definition

Paradigm for enabling network access to a scalable and elastic pool of

shareable physical or virtual resources with self-service provisioning and
administration on-demand

2
 Examples of resources

Servers
Operating systems
Networks
Software
Applications
Storage

3
 Characteristics

Broad network access

Measured Service
Multi-tenancy
On-demand self-service
Rapid elasticity and scalability
Resource pooling

4
 Broad network access

Users can access physical and virtual resources from wherever they need to
work, as long as it is network accessible, using a wide variety of clients
including devices such as mobile phones, tablets, laptops, and workstations.

5
 Measured service

Usage can be monitored, controlled, reported, and billed. This is an

important feature needed to optimize and validate the delivered cloud
service. The customer may only pay for the resources that they use.

6
 Multi-tenancy

Within the context of multi-tenancy, the group of cloud service users that
form a tenant will all belong to the same cloud service customer
organization. Multiple tenants and their computations and data are isolated
from and inaccessible to one another.

7
 On-demand self-service

Feature where a cloud service customer can provision computing

capabilities, as needed, automatically or with minimal interaction with the
cloud service provider

8
 Rapid elasticity and scalability

A feature where physical or virtual resources can be rapidly and elastically

adjusted, in some cases automatically, to quickly increase or decrease
resources.

9
 Resource pooling

Physical or virtual resources can be aggregated in order to serve one or

more cloud service customers; to support multi-tenancy while at the same
time using abstraction to mask the complexity of the process from the
customer. This offloads some of the customer's original workload, such as
maintenance requirements, to the provider.

10
 Deployment models
Public
Private
Hybrid
Mobile
Community
Federated
P2P
11
 Many Cloud services categories
Software as a Service: SaaS
Platform as a Service: PaaS
Infrastructure as a Service: IaaS
Compute as a Service:CompaaS
Data Storage as a Service: DSaaS
Network as a Service: NaaS
Communications as a Service: CaaS
Database as a Service: installation and maintenance of the databases are performed by the cloud service provider.
Desktop as a Servic: Service: ability to build, configure, manage, store, execute, and deliver users' desktop functions remotely.
Email as a Service: complete email service including related support services such as storage, receipt, transmission, backup, and recovery.
Identity as a Service: Service: Identity and Access Management that can be extended and centralized into existing operating environments.
Management as a Service: including application management, asset and change management, capacity management, problem management
(service desk), project portfolio management, service catalog, and service level management.
Security as a Service: integration of a suite of security services with the existing operating environment by the cloud service provider. This may
include authentication, anti-virus, anti-malware/spyware, intrusion detection, and security event management, among others.

12
 3 Data categories

Customer Data: Class of data objects under the control, by legal or other
reasons, of the cloud service customer that were input to the cloud service,
or resulted from exercising the capabilities of the cloud service.
Provider Data: Class of data objects, specific to the operation of the cloud
service, under the control of the cloud service provider .
Derived Data: Class of data objects under cloud service provider control that
are derived as a result of interaction with the cloud service by the cloud
service customer (e.g. log data, configuration or customization data, )

13
 Cloud Deployment Models
Community Cloud

Public Cloud

Mobile Cloud
Hybrid Cloud
Private Cloud
Federated Cloud
Mobile Cloud Computing
 Main Cloud Computing Roles
Role that is in a business relationship
for the purpose of using cloud services

Customer Cloud
Cloud service customer (CSC)

Provider service
partner
Partner (CSN)
Cloud service provider (CSP)

Role in support of, or auxiliary to Role that makes

15
activities of either the CSP or the CSC cloud services available
Main Cloud Computing Roles & Sub-Roles
Cloud service Cloud service customer (CSC)
partner (CSN)
CSC: Cloud
CSC: Service CSC: Cloud
CSC: Cloud service
CSN: Administer service
service user business
Cloud and Security integrator
manager
service
developer
Cloud service provider (CSP)

CSN: CSP: Cloud CSP: Cloud CSP: Cloud

CSP: Cloud
Cloud service service service
service
Auditor operations deployment business
manager
manager manager manager

CSN: CSP: Customer CSP: Service

Cloud CSP: Inter- CSP:
support and security and
service care
cloud Network
risk
broker representative provider provider
manager
16
 Sub-Roles Example
ISO/IEC 17789: 2014

Scale
Out

17
CSP:
CSN: Service CSP: Service
Deployment CSP: Operations Manager
Developer Manager
Manager
ISO/IEC 17789: Cloud Reference Architecture

Implementation Deployment
User View Function View
view View

18
 Legend
Party

Role

Sub-Role

Functional
Activity
component

Aspect
19
 User view Functional view

Aspect
Party

Role Multi-Layer
Functional Layer
Role functions
component

Sub- Functional
Sub- Layer
Role component
Role
Functional
component
Activity Functional Layer
Activity Activity component

Activity

20

User View Functional View

 Functional Architecture
Message routing Administration, Business related
and exchange monitoring, management
within the cloud provisioning, dealing with
architecture maintenance customers
Support Customer
activities
Multi-layer functions
User Layer

Access to cloud
services
Access Layer
Operation Business
Provide cloud Security Development
Integration Support Support
services plus Systems Support
Systems Systems
administration and Service Layer
business capabilities

Resource Layer
Resources for the
support of cloud
services
Authentication, Development of service 21

Authorization, implementations, build

Security polices and test management
 CSC: cloud
Example of use a cloud service
service user
Use cloud
service

User Layer Multi-layer functions

User function Integration Security Operation Business Development
Systems Support Support Support
Systems Systems

Access Layer Authentication

and identity
management

Service access

Authorization
and security
Service Layer policy
management

Service
capabilities
Service
Integration

Resource Layer
Resource abstraction
and control
22

Physical resources
 CSC: cloud
Desktop as a Service
service user
Use cloud
service

User Layer Multi-layer functions

DaaS Client

Integration Security Operation Business Development

Systems Support Support Support
Virtual Desktop Delivery Protocol
/ Web based Delivery protocol Systems Systems

Authentication
Access Layer and identity
management
Connection
Manager /
Broker

Authorization
and security
Service Layer policy
management

Virtual Desktop
Delivery
Messaging
Service

Resource Layer
Resource Pool
23
Virtualization
Infrastructure
 Example: Infrastructure as a Service
Computing service User Layer
functions allow CSC to
provision and use Access Layer

processing resources.
storage service functions Service Layer

allow CSC to use storage IaaS

resources. (Computing / Storage / Network)

network service functions Resource Layer

allow CSC to use
networking resources. Physical / Virtual Resources
(Processing, Storage & Networking)
24
 Example: Network as a Service
User Layer

NaaS concept is based on Access Layer

3 capabilities types of service:
Service Layer

NaaS Application (VNF) NaaS

NaaS Platform Application / Platform / Connectivity

NaaS Connectivity (SDN) Resource Layer

Physical / Virtual Resources

(Processing, Storage & Networking)
25
 Cloud Cross Cutting aspects
Cross Cutting: behaviors which need to be coordinated across roles and implemented consistently
in a cloud computing system:

Auditability Privacy
Availability Regulatory
Governance Resiliency
Interoperability Reversibility
Maintenance and versioning Security
Performance Service levels and service level agreement
Portability

26
 Auditability

The capability of collecting and making available necessary evidential

information related to the operation and use of a cloud service, for the
purpose of conducting an audit;

27
 Availability

The property of being accessible and usable upon demand by an authorized

entity. The "authorized entity" is typically a cloud service customer;

28
 Business /
Process

Application S
Governance a
Data a
S
The system by which the provision and use of cloud Runtime / API

services are directed and controlled. Middleware

P
Internal cloud governance: Ensure that cloud computing a
OS
based solutions are designed and implemented, and cloud a
computing based services are delivered, according to S
Virtualization
specified expectations.
External cloud governance: Some form of agreement Hypervisor
between the cloud service customer and the cloud service I
provider concerning the use of cloud services by the cloud Server
a
service customer; a
Storage S
29
Networking
 Interoperability

Ability of a cloud service customer to interact with a cloud service

and
exchange information according to a prescribed method and obtain
predictable results;

30
 Maintenance and versioning

Maintenance refers to changes to a cloud service or the resources it uses in

order to fix faults or in order to upgrade or extend capabilities for business
reasons. Versioning implies the appropriate labelling of a service so that it is
clear to the cloud service customer that a particular version is in use;

31
 Performance

A set of behaviours relating to the operation of a cloud service, and having

metrics defined in a SLA;

32
 Portability

Ability of cloud service customers to move their data or their applications

between multiple cloud service providers at low cost and with minimal
disruption. The amount of cost and disruption that is acceptable may vary
based upon the type of cloud service that is being used;

33
 Protection of PII

Protect the assured, proper, and consistent collection, processing,

communication, use and disposal of Personally Identifiable Information (PII)
in relation to cloud services;

34
 Regulatory

vary by market sector and jurisdiction, and they can change the
responsibilities of both cloud service customers and cloud service providers.
Compliance with such requirements is often related to governance and risk
management activities;

35
 Resiliency

Ability of a system to provide and maintain an acceptable level of service in

the face of faults (unintentional, intentional, or naturally caused) affecting
normal operation;

36
 Reversibility

A process for the cloud service customer to retrieve their cloud service
customer data and application artefacts and for the cloud service provider
to delete all cloud service customer data as well as contractually specified
cloud service derived data after an agreed period;

37
 Security

Ranges from physical security to application security, and includes

requirements such as authentication, authorization, availability,
confidentiality, identity management, integrity, non-repudiation, audit,
security monitoring, incident response, and security policy management;

38
 Service levels and service level agreement

It characterizes quality of the cloud services delivered in terms of:

1) a set of measurable properties specific to cloud computing (business and technical)
and
2) a given set of cloud computing roles (cloud service customer and cloud service
provider and related sub-roles).

39
Main Cloud Computing Roles & Sub-Roles
Cloud service Cloud service customer (CSC)
partner (CSN)
CSC: Cloud
CSC: Service CSC: Cloud
CSC: Cloud service
CSN: Administer service
service user business
Cloud and Security integrator
manager
service
developer
Cloud service provider (CSP)

CSN: CSP: Cloud CSP: Cloud CSP: Cloud

CSP: Cloud
Cloud service service service
service
Auditor operations deployment business
manager
manager manager manager

CSN: CSP: Customer CSP: Service

Cloud CSP: Inter- CSP:
support and security and
service care
cloud Network
risk
broker representative provider provider
manager
40
 User Layer Multi-layer functions
User Business Administrator
function function function Integration Security Operation Business Development
Systems Support Systems Support Systems Support

Access Layer
Service Catalog Product
Developer
Security Authentication catalogue
environment
Integration and identity
Connection management
Access Control Provisioning
management

Access
Monitoring and
management
Reporting
Monitoring
Service Layer Integration Authorization Service policy
management
and security
policy Subscription Build
Service Business Administration management Service management management
capabilities capabilities capabilities automation

Service level
Service management
Service Integration
Orchestration Billing
Incident and
problem
Encryption management
management
Platform and
Resource Layer Peer Service
virtualization Test
management Accounts
Integration management
Resource abstraction
and control Peer service
management

41
Physical resources
 Role

Sub-Role

Activity

Single Layer
Function

Multi Layer
Function

42
 Exercise 1.2

Deep into one of Cloud Services in Exercise 1.1

Identify Service Characterization
Identify Service Category and Service Capabilities
Identify Cross Cutting Aspects
Draw Functional Architecture

43
 Example
Mobile/Tablet Web Portal Fax Device Cross
User Layer
Layer Function

Access Web Server Connection Manager Authentication

Layer PSTN Connection Manager

Service Authorization
SaaS/CaaS: Fax
Layer

Messaging

Resource
Layer
PSTN
Fax Fax
Server Storage