CC

Published on May 2016 | Categories: Documents | Downloads: 59 | Comments: 0 | Views: 390
of 9
Download PDF   Embed   Report

Comments

Content

Cloud computing is the delivery of computing as a service rather than a product, whereby shared resources, software and information are provided to computers an d other devices as a utility (like the electricity grid) over a network (typical ly the Internet). Contents [hide] 1 Overview 1.1 Comparison 1.2 Characteristics 2 History 3 Layers 3.1 Client 3.2 Application 3.3 Platform 3.4 Infrastructure 3.5 Server 4 Deployment models 4.1 Public cloud 4.2 Community cloud 4.3 Hybrid cloud 4.4 Private cloud 5 Architecture 5.1 The Intercloud 5.2 Cloud engineering 6 Issues 6.1 Privacy 6.2 Compliance 6.3 Criticism 6.4 Legal 6.5 Open source 6.6 Open standards 6.7 Security 6.8 Sustainability 6.9 Abuse 7 Research 8 See also 9 References [edit] OverviewCloud computing provides computation, software, data access, and storage services that do not require end-user knowledge of the physical location and configuration of the system that delivers the services. Parallels to this c oncept can be drawn with the electricity grid, wherein end-users consume power w ithout needing to understand the component devices or infrastructure required to provide the service. The concept of cloud computing fills a perpetual need of IT: a way to increase c apacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. Cloud computing encompasses a ny subscription-based or pay-per-use service that, in real time over the Interne t, extends IT's existing capabilities.[citation needed] Cloud computing describes a new supplement, consumption, and delivery model for IT services based on Internet protocols, and it typically involves provisioning of dynamically scalable and often virtualized resources.[1][2] It is a byproduct and consequence of the ease-of-access to remote computing sites provided by the Internet.[3] This may take the form of web-based tools or applications that use rs can access and use through a web browser as if the programs were installed lo cally on their own computers.[4]

Cloud computing providers deliver applications via the internet, which are acces sed from a web browser, while the business software and data are stored on serve rs at a remote location. In some cases, legacy applications (line of business ap plications that until now have been prevalent in thin client Windows computing) are delivered via a screen-sharing technology, while the computing resources are consolidated at a remote data center location; in other cases, entire business applications have been coded using web-based technologies such as AJAX. Most cloud computing infrastructures consist of services delivered through share d data-centers and appearing as a single point of access for consumers' computin g needs. Commercial offerings may be required to meet service-level agreements ( SLAs), but specific terms are less often negotiated by smaller companies.[5][6] [edit] ComparisonCloud computing shares characteristics with: Autonomic computing Computer systems capable of self-management.[7] Client server model Client server computing refers broadly to any distributed applic ation that distinguishes between service providers (servers) and service request ers (clients).[8] Grid computing "A form of distributed and parallel computing, whereby a 'super a nd virtual computer' is composed of a cluster of networked, loosely coupled comp uters acting in concert to perform very large tasks." Mainframe computer Powerful computers used mainly by large organizations for cri tical applications, typically bulk data processing such as census, industry and consumer statistics, enterprise resource planning, and financial transaction pro cessing.[9] Utility computing The "packaging of computing resources, such as computation and storage, as a metered service similar to a traditional public utility, such as electricity."[10] Peer-to-peer Distributed architecture without the need for central coordination, with participants being at the same time both suppliers and consumers of resour ces (in contrast to the traditional client server model). Service-oriented computing software-as-a-service.[11] [edit] CharacteristicsCloud computing exhibits the following key characteristics : Agility improves with users' ability to re-provision technological infrastructur e resources. Application programming interface (API) accessibility to software that enables m achines to interact with cloud software in the same way the user interface facil itates interaction between humans and computers. Cloud computing systems typical ly use REST-based APIs. Cost is claimed to be reduced and in a public cloud delivery model capital expen diture is converted to operational expenditure.[12] This is purported to lower b arriers to entry, as infrastructure is typically provided by a third-party and d oes not need to be purchased for one-time or infrequent intensive computing task s. Pricing on a utility computing basis is fine-grained with usage-based options and fewer IT skills are required for implementation (in-house).[13] Device and location independence[14] enable users to access systems using a web browser regardless of their location or what device they are using (e.g., PC, mo bile phone). As infrastructure is off-site (typically provided by a third-party) and accessed via the Internet, users can connect from anywhere.[13] Multi-tenancy enables sharing of resources and costs across a large pool of user s thus allowing for: Centralization of infrastructure in locations with lower costs (such as real est ate, electricity, etc.) Peak-load capacity increases (users need not engineer for highest possible loadlevels) Utilization and efficiency improvements for systems that are often only 10 20% uti lized.[15]

Reliability is improved if multiple redundant sites are used, which makes well-d esigned cloud computing suitable for business continuity and disaster recovery.[ 16] Scalability and Elasticity via dynamic ("on-demand") provisioning of resources o n a fine-grained, self-service basis near real-time, without users having to eng ineer for peak loads. [17] Performance is monitored, and consistent and loosely coupled architectures are c onstructed using web services as the system interface.[13] Security could improve due to centralization of data, increased security-focused resources, etc., but concerns can persist about loss of control over certain se nsitive data, and the lack of security for stored kernels.[18] Security is often as good as or better than under traditional systems, in part because providers are able to devote resources to solving security issues that many customers cann ot afford.[19] However, the complexity of security is greatly increased when dat a is distributed over a wider area or greater number of devices and in multi-ten ant systems that are being shared by unrelated users. In addition, user access t o security audit logs may be difficult or impossible. Private cloud installation s are in part motivated by users' desire to retain control over the infrastructu re and avoid losing control of information security. Maintenance of cloud computing applications is easier, because they do not need to be installed on each user's computer. [edit] HistoryThe term "cloud" is used as a metaphor for the Internet, based on the cloud drawing used in the past to represent the telephone network,[20] and l ater to depict the Internet in computer network diagrams as an abstraction of th e underlying infrastructure it represents.[21] Cloud computing is a natural evolution of the widespread adoption of virtualizat ion, service-oriented architecture, autonomic, and utility computing. Details ar e abstracted from end-users, who no longer have need for expertise in, or contro l over, the technology infrastructure "in the cloud" that supports them.[22] The underlying concept of cloud computing dates back to the 1960s, when John McC arthy opined that "computation may someday be organized as a public utility." Al most all the modern-day characteristics of cloud computing (elastic provision, p rovided as a utility, online, illusion of infinite supply), the comparison to th e electricity industry and the use of public, private, government, and community forms, were thoroughly explored in Douglas Parkhill's 1966 book, The Challenge of the Computer Utility. The actual term "cloud" borrows from telephony in that telecommunications compan ies, who until the 1990s offered primarily dedicated point-to-point data circuit s, began offering Virtual Private Network (VPN) services with comparable quality of service but at a much lower cost. By switching traffic to balance utilizatio n as they saw fit, they were able to utilize their overall network bandwidth mor e effectively. The cloud symbol was used to denote the demarcation point between that which was the responsibility of the provider and that which was the respon sibility of the user. Cloud computing extends this boundary to cover servers as well as the network infrastructure.[23] After the dot-com bubble, Amazon played a key role in the development of cloud c omputing by modernizing their data centers, which, like most computer networks, were using as little as 10% of their capacity at any one time, just to leave roo m for occasional spikes. Having found that the new cloud architecture resulted i n significant internal efficiency improvements whereby small, fast-moving "two-p izza teams" could add new features faster and more easily, Amazon initiated a ne w product development effort to provide cloud computing to external customers, a nd launched Amazon Web Service (AWS) on a utility computing basis in 2006.[15][2 4] In early 2008, Eucalyptus became the first open-source, AWS API-compatible platf

orm for deploying private clouds. In early 2008, OpenNebula, enhanced in the RES ERVOIR European Commission-funded project, became the first open-source software for deploying private and hybrid clouds, and for the federation of clouds.[25] In the same year, efforts were focused on providing QoS guarantees (as required by real-time interactive applications) to cloud-based infrastructures, in the fr amework of the IRMOS European Commission-funded project, resulting to a real-tim e cloud environment.[26] By mid-2008, Gartner saw an opportunity for cloud compu ting "to shape the relationship among consumers of IT services, those who use IT services and those who sell them"[27] and observed that "[o]rganisations are sw itching from company-owned hardware and software assets to per-use service-based models" so that the "projected shift to cloud computing ... will result in dram atic growth in IT products in some areas and significant reductions in other are as."[28] [edit] LayersOnce an internet protocol connection is established among several c omputers, it is possible to share services within any one of the following layer s. [edit] ClientSee also: Category:Cloud clients A cloud client consists of computer hardware and/or computer software that relie s on cloud computing for application delivery and that is in essence useless wit hout it. Examples include some computers, phones and other devices, operating sy stems, and browsers.[29][30][31] [edit] ApplicationSee also: Category:Cloud applications Cloud application services or "Software as a Service (SaaS)" deliver software as a service over the Internet, eliminating the need to install and run the applic ation on the customer's own computers and simplifying maintenance and support. [edit] PlatformSee also: Category:Cloud platforms Cloud platform services, also known as platform as a service (PaaS), deliver a c omputing platform and/or solution stack as a service, often consuming cloud infr astructure and sustaining cloud applications.[32] It facilitates deployment of a pplications without the cost and complexity of buying and managing the underlyin g hardware and software layers.[33][34] [edit] InfrastructureSee also: Category:Cloud infrastructure Cloud infrastructure services, also known as "infrastructure as a service" (IaaS ), deliver computer infrastructure typically a platform virtualization environme nt as a service, along with raw (block) storage and networking. Rather than purc hasing servers, software, data-center space or network equipment, clients instea d buy those resources as a fully outsourced service. Suppliers typically bill su ch services on a utility computing basis; the amount of resources consumed (and therefore the cost) will typically reflect the level of activity.[35] [edit] ServerThe servers layer consists of computer hardware and/or computer sof tware products that are specifically designed for the delivery of cloud services , including multi-core processors, cloud-specific operating systems and combined offerings.[36][37][38][39] [edit] Deployment models Cloud computing types[edit] Public cloudPublic cloud describes cloud computing i n the traditional mainstream sense, whereby resources are dynamically provisione d to the general public on a fine-grained, self-service basis over the Internet, via web applications/web services, from an off-site third-party provider who bi lls on a fine-grained utility computing basis.[13] [edit] Community cloudCommunity cloud shares infrastructure between several orga nisations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party and hosted i

nternally or externally. The costs are spread over fewer users than a public clo ud (but more than a private cloud), so only some of the benefits of cloud comput ing are realised.[40] [edit] Hybrid cloudHybrid cloud is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together, offer ing the benefits of multiple deployment models.[40] [edit] Private cloudPrivate cloud is infrastructure operated solely for a single organization, whether managed internally or by a third-party and hosted interna lly or externally.[40] They have attracted criticism because users "still have to buy, build, and manag e them" and thus do not benefit from lower up-front capital costs and less hands -on management,[41] essentially "[lacking] the economic model that makes cloud c omputing such an intriguing concept".[42][43] [edit] Architecture Cloud computing sample architectureCloud architecture,[44] the systems architect ure of the software systems involved in the delivery of cloud computing, typical ly involves multiple cloud components communicating with each other over loose c oupling mechanism such as messaging queue. [edit] The IntercloudMain article: Intercloud The Intercloud[45] is an interconnected global "cloud of clouds"[46][47] and an extension of the Internet "network of networks" on which it is based.[48][49][50 ] [edit] Cloud engineeringCloud engineering is the application of engineering disc iplines to cloud computing. It brings a systematic approach to the high level co ncerns of commercialization, standardization, and governance in conceiving, deve loping, operating and maintaining cloud computing systems. It is a multidiscipli nary method encompassing contributions from diverse areas such as systems, softw are, web, performance, information, security, platform, risk, and quality engine ering. [edit] Issues[edit] PrivacyThe cloud model has been criticized by privacy advoca tes for the greater ease in which the companies hosting the cloud services contr ol, and, thus, can monitor at will, lawfully or unlawfully, the communication an d data stored between the user and the host company. Instances such as the secre t NSA program, working with AT&T, and Verizon, which recorded over 10 million ph one calls between American citizens, causes uncertainty among privacy advocates, and the greater powers it gives to telecommunication companies to monitor user activity.[51] While there have been efforts (such as US-EU Safe Harbor) to "harm onize" the legal environment, providers such as Amazon still cater to major mark ets (typically the United States and the European Union) by deploying local infr astructure and allowing customers to select "availability zones."[52] [edit] ComplianceIn order to obtain compliance with regulations including FISMA, HIPAA, and SOX in the United States, the Data Protection Directive in the EU an d the credit card industry's PCI DSS, users may have to adopt community or hybri d deployment modes that are typically more expensive and may offer restricted be nefits. This is how Google is able to "manage and meet additional government pol icy requirements beyond FISMA"[53][54] and Rackspace Cloud or QubeSpace are able to claim PCI compliance.[55] Many providers also obtain SAS 70 Type II certification, but this has been criti cised on the grounds that the hand-picked set of goals and standards determined by the auditor and the auditee are often not disclosed and can vary widely.[56] Providers typically make this information available on request, under non-disclo

sure agreement.[57] Customers in the EU contracting with cloud providers established outside the EU/ EEA have to adhere to the EU regulations on export of personal data.[58] [edit] CriticismThe novelty of the concept of cloud computing has been a subject of dispute, as some have pointed out that much of the technology and infrastruc ture had already been in place long before the term itself existed.[citation nee ded] [edit] Legal An editor has expressed a concern that this article lends undue wei ght to certain ideas, incidents, controversies or matters relative to the articl e subject as a whole. Please help to create a more balanced presentation. Discus s and resolve this issue before removing this message. (September 2011) In March 2007, Dell applied to trademark the term "cloud computing" (U.S. Tradem ark 77,139,082) in the United States. The "notice of allowance" the company rece ived in July 2008 was canceled in August, resulting in a formal rejection of the trademark application less than a week later. Since 2007, the number of tradema rk filings covering cloud computing brands, goods, and services has increased ra pidly. As companies sought to better position themselves for cloud computing bra nding and marketing efforts, cloud computing trademark filings increased by 483% between 2008 and 2009. In 2009, 116 cloud computing trademarks were filed, and trademark analysts predict that over 500 such marks could be filed during 2010.[ 59] Other legal cases may shape the use of cloud computing by the public sector. On October 29, 2010, Google filed a lawsuit against the U.S. Department of Interior , which opened up a bid for software that required that bidders use Microsoft's Business Productivity Online Suite. Google sued, calling the requirement "unduly restrictive of competition."[60] Scholars have pointed out that, beginning in 2 005, the prevalence of open standards and open source may have an impact on the way that public entities choose to select vendors.[61] There are also concerns about a cloud provider shutting down for financial or le gal reasons, which has happened in a number of cases.[62] Most transitions to a cloud computing solution entail a change from a technicall y managed solution to a contractually managed solution. This change necessitates increased IT contract negotiation skills to establish the terms of the relation ship and vendor management skills to maintain the relationship. All rights and r esponsibilities that are associated with the relationship between a client and a cloud computing services provider must be codified in the contract and effectiv ely managed until the relationship has been terminated. The specific risks and i ssues to be addressed in your contract with a cloud provider will vary on a case by case basis, depending upon your specific use needs. Key risks and issues tha t are either unique to cloud computing or essential to its effective adoption ty pically involve service level agreements; data processing and access; provider i nfrastructure and security; and contract and vendor management.[63] It is essent ial to ensure that each of these key risks and issues is effectively evaluated a nd addressed in your contract with a cloud provider. The NIST definition categorizes cloud computing into three service models: softw are as a service (SaaS), infrastructure as a services (IaaS) and platform as a s ervice (PaaS).[64] A key common word here is "service", so one of the key issues to consider when negotiating and managing your contract with a cloud provider i s the level of service that will be required to meet your needs. Since much of t he relationship between an organization and a cloud computing provider will be c ontractually governed, it is important for the contract to include service-level agreements (SLAs) stating specific parameters and minimum levels for each eleme

nt of the service provided. The SLAs must be enforceable and state specific reme dies that apply when they are not met. Aspects of cloud computing services where SLAs may be pertinent include: service availability, performance and response t ime, error correction time; and latency. The specific definitions of pertinent S LA terms in a contract are important as well. Such definitions in standard cloud provider contracts often provide a very narrow way of measuring SLA parameters. For example, these contracts may define "downtime" so as to exclude any time th at service is unavailable due to maintenance that was scheduled or announced in advance. Calculation of downtime might be restricted to a minimum number of cons ecutive minutes or a minimum percentage error rate. Downtime could be measured b y spreading it over a specified time period such as a week or a month. Such clau ses can collectively result in a fairly narrow definition of total downtime. Con tracts should state specific remedies, such as corrections or penalties, for whe n SLAs are not met. Corrections codify what steps a cloud provider must take to prevent a future failure to meet an SLA. Penalties often take the form of a fina ncial credit, so it's important to codify when and how a credit will be provided . The goal of such penalties is not to get credits but to motivate the supplier to provide the required level of service. Other ways to motivate appropriate per formance include reputational penalties (a full-page ad in The New York Times an nouncing missed service levels can be a strong motivator) and rewards for exceed ing service levels. Once you've effectively negotiated your SLA language in the contract and you've adopted the cloud service, your work is not done. You must t hen begin to continually monitor the cloud provider's performance to ensure that they continue to meet those SLAs until such time as the contract is terminated and you move to an alternative solution.[65] The virtual nature of cloud computing makes it easy to forget that the service d epends on a physical data center. All cloud computing vendors are not created eq ual; there are both new and established vendors in this market space, so they do n't all have the same knowledge and infrastructure in place. To ensure that you select a cloud provider that has well run, efficiently structured data centers, it's important that an organization take steps to understand and verify the infr astructure operations management proceses and mechanisms that the cloud provider has in place. A good starting point in gathering this information can be to use a questionnaire. The Cloud Security Alliance's Consensus Assessments Initiative Questionnaire serves as one good example which to leverage to build your own qu estionnaire.[66] Examples of key areas to evaluate include: capacity and resourc e planning; data replications, storage, distribution and recovery; change manage ment policies and procedures; virtual server provisioning and management; asset inventory and management policies and procedures; and software development quali ty assurance. Once you've identified the appropriate practices, you can determin e which address your specific needs, then codify them in the contract. One easy way to do this is to incorporate the cloud provider's responses into the contrac t as the minimum requirements for the cloud provider to meet in providing their service to you.[67] There have been a number of prominent data security breaches recently, all of wh ich serve to demonstrate one of the risks common to any cloud service adoption: The cloud provider may not handle your data as securely as you would like. When you use any cloud computing service, you are trusting it with information, wheth er that be personal, regulated, proprietary or otherwise sensitive information. In doing so, you lose some of the control, or at least perceived control, that y ou had when you did the same things yourself. The first step to take in mitigati ng this risk is reading and understanding the cloud provider s standard terms and conditions. The next step is to obtain as much knowledge as possible about the m echanisms and processes that the cloud provider has in place to keep your inform ation secure. One way to obtain this knowledge is to leverage a questionnaire ap proach as noted above. Another option is to review the cloud provider's own docu mentation of their information security practices and processes. Some key inform ation security issues to consider investigating in this process include: secure

gateway environment; audit/penetration tests & reports; security monitoring syst ems; multitenancy data segregation; identity and access management; and encrypti on. Once you've identified the cloud provider's standard practices, compare thos e to your own needs relative to the type and sensitivity of the information you' ll be entrusting to the cloud. Determine which mechanisms, practices and process es are the most important to meet your specific needs, and negotiate to codify t hem in the contract.[68] [edit] Open sourceSee also: Category:Open source cloud computing Open-source software has provided the foundation for many cloud computing implem entations, one prominent example being the Hadoop framework.[69] In November 200 7, the Free Software Foundation released the Affero General Public License, a ve rsion of GPLv3 intended to close a perceived legal loophole associated with free software designed to be run over a network.[70] [edit] Open standardsSee also: Category:Cloud standards Most cloud providers expose APIs that are typically well-documented (often under a Creative Commons license[71]) but also unique to their implementation and thu s not interoperable. Some vendors have adopted others' APIs and there are a numb er of open standards under development, with a view to delivering interoperabili ty and portability.[72] [edit] SecurityMain article: Cloud computing security As cloud computing is achieving increased popularity, concerns are being voiced about the security issues introduced through the adoption of this new model. The effectiveness and efficiency of traditional protection mechanisms are being rec onsidered as the characteristics of this innovative deployment model differ wide ly from those of traditional architectures.[73] The relative security of cloud computing services is a contentious issue that ma y be delaying its adoption.[74] Issues barring the adoption of cloud computing a re due in large part to the private and public sectors unease surrounding the ex ternal management of security based services. It is the very nature of cloud com puting based services, private or public, that promote external management of pr ovided services. This delivers great incentive among cloud computing service pro viders in producing a priority in building and maintaining strong management of secure services.[75] Security issues have been categorized into sensitive data a ccess, data segregation, privacy, bug exploitation, recovery, accountability, ma licious insiders, management console security, account control, and multi-tenanc y issues. Solution to various cloud security issues vary through cryptography, p articularly public key infrastructure (PKI), use of multiple cloud providers, st andardization of APIs, improving virtual machine support and legal support.[73][ 76][77] [edit] SustainabilityAlthough cloud computing is often assumed to be a form of " green computing", there is as of yet no published study to substantiate this ass umption.[78] Siting the servers affects the environmental effects of cloud compu ting. In areas where climate favors natural cooling and renewable electricity is readily available, the environmental effects will be more moderate. Thus countr ies with favorable conditions, such as Finland,[79] Sweden and Switzerland,[80] are trying to attract cloud computing data centers. [edit] AbuseAs with privately purchased hardware, crackers posing as legitimate customers can purchase the services of cloud computing for nefarious purposes. T his includes password cracking and as a means of launching attacks.[81] In 2009, a banking trojan illegally used the popular Amazon service as a command and con trol channel that issued software updates and malicious instructions to PCs that were infected by the malware.[82] [edit] ResearchMany universities, vendors and government organizations are inves

ting in research around the topic of cloud computing:[83][84] In October 2007 the Academic Cloud Computing Initiative (ACCI) was a multi-university project designed to enhance students' technical address the challenges of cloud computing.[85] On March 23, 2011, a nonprofit organization called Open Networking s founded, focused on providing support for a new cloud initiative re-Defined Networking.[86] announced as knowledge to Foundation wa called Softwa

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close