Cloud Computing PDF

Cloud Computing By Dr. Muath Asmar The Importance of Cloud Computing The cloud refers to software and computing services that run on a remote computer and are available over the internet using a web browser or applications on your computing device. The term cloud is new, but not the concept. The term cloud is new, but not the concept. Actually, it is a twist on an old practice. Remote computing is nothing new. Many organizations operate a data center that provides software and computing services throughout the organization over a virtual private network (VPN). Software resides on an application server—not on local computers throughout the organization. Data resides on a database server in the data center. All computing services are provided by the data center. The Importance of Cloud Computing Cloud computing is provided by a vendor such as Amazon Cloud Drive, Microsoft OneDrive, Apple iCloud, Google Drive, Dropbox, Yahoo Mail, and Netflix. Many cloud computing services offer storage for data and applications. Some offer their own applications such as Microsoft Office and Google Docs, enabling collaboration on projects within and outside the organization. Data and applications are available 24/7 over the internet. The cloud vendor is responsible for maintaining the cloud environment—the data center, servers, network connections, power, and applications. In theory, there is no end to the cloud. The organization can use as much or as little space as necessary—for a fee. The cloud vendor has computing resources ready to meet practically any demand for service. Cloud computing is any pay-per-use service in real-time over the internet that extends an organization’s existing capabilities at a fraction of the cost of expanding a data center. The Importance of Cloud Computing Rather than acquiring new servers, networks, and related applications within the organization’s data center, the organization uses a cloud service. The cloud provider is an aggregator of computing services from other vendors, offering one-stop shopping for an organization. The benefits of the cloud are seen as a viable alternative to operating a data center. It is estimated that every piece of data—voice, data, and images—that is transmitted over a public network at some point is in the cloud. It Can Rain Too The cloud seems to be the utopia to all the organization’s computing needs. However, there is a downside. Cloud-based applications and data require internet access. No internet connection means no access to applications and data. Furthermore, technical issues affecting the cloud vendor’s data center become the organization’s issues too, because when the cloud goes down, the organization no longer has access to applications and data. Compounding the problem is that the organization has no control over rectifying these issues. Unlike with the organization’s data center where the organization controls every facet of resolving technical issues, the cloud provider is responsible for fixing the problem. Organizations that place their data and applications in the cloud are at risk of losing control. Data and applications that reside in the cloud vendor’s data center are out of the organization’s control. The organization must trust the cloud vendor to provide adequate security measures to protect the organization’s data. Furthermore, the organization must determine if the organization itself can be sustained if the cloud vendor denies access to the data and applications. Governmental Access An organization’s data is always at risk for being legally accessed by governmental agencies. The government typically gains access by serving legal notice to the organization that holds the data. The organization itself receives such notice if the data is held in the organization’s data center. What happens if the data is held at the cloud vendor’s data center? Must the cloud vendor hand over the data without notifying the organization? These are much-debated questions. An organization can expect privacy unless data is disclosed to a third party. This is referred to as the third-party doctrine. A cloud vendor providing cloud computing services can be considered a third party; the government may search the organization’s data with the proper legal papers and issue an indefinite gag order to the cloud vendor, preventing the cloud vendor from disclosing that the government searched the data. The Cloud and Data Science Data science, commonly referred to as big data, focuses on making sense out of large amounts of data by finding data patterns that can be used to develop predictions. Data scientists were relatively stifled by technological limitations available to extract, store, process, and analyze huge data sets. The computing power available within an organization lacked the processing power, production environment, memory, and storage to effectively study sizable amounts of data. The cloud radically changed data science by removing the electronic wall that held back the big data revolution that is driving machine-learning and other eye-opening knowledge. The cloud offers practically unlimited scalability, using the most powerful computing environments and technology that is available all at a cost that most organizations can afford. The Cloud Services Cloud technology is the latest in the evolution that began with stand-alone computing. Late in the last century, computing devices were connected to servers using client/server architecture. The computing device, called a client, requested services from a remote server over a local area network, known today as an intranet. Services included applications, data, and processing. In client/server architecture, some processing is performed locally on the computing device while processing required by all clients is processed on one or more common remote servers. Client/server architecture is referred to as two-tier architecture, with the client as one tier and the server as the second tier. Multiple-tier architectures are commonplace today. For example, a client accesses a remote application and the remote application accesses a database. This is three-tier architecture: client, application, and database. Client/server architecture has a major disadvantage (Figure 5.1). There are no economies of scale. Investments in new infrastructure and new software licenses are necessary to expand capacity. Services Offered by a Cloud Provider. Software as a Service (SaaS): With SaaS, the cloud provider offers access to applications hosted by the cloud provider using a web browser point of access. The cloud provider is responsible for deploying, managing, and maintaining applications. Platform as a Service (PaaS): With PaaS, the cloud provider offers the platform that can be used to develop and deploy applications. The cloud provider offers the organization the operating system and related hardware and network infrastructures to develop and run the organization’s own applications. The organization focuses on building the applications. The cloud provider offers the tools and scalability to enable the organization to quickly respond to changing markets by requesting access to additional resources from the cloud provider Services Offered by a Cloud Provider. Infrastructure as a Service (IaaS): With IaaS, the cloud provider offers the basic infrastructure building blocks to the organization, enabling the organization to assemble computing resources on-demand. The cloud provider enables the organization to build a virtual data center. Components of the virtual data center can be accessed by the organization as if it were the organization’s traditional data center. However, there is no need for the organization to invest in the data center. It simply pays for components as needed. The cloud provider is responsible for management and maintenance of the physical data center. IaaS gives the organization virtual control over servers, storage, and processing. The Private Cloud A private cloud is very similar to the traditional data center architecture in that services are provided only to entities within the organization. There are no commercial clients. An entity is a division of the organization, sometimes considered as internal clients to the group that operates the private cloud. Internal clients don’t have control over the cloud environment. Control resides with the group that operates the private cloud. The private cloud operation creates a virtual environment for each internal client using a pool of computing resources. The group operating the private cloud reconfigures computing resources to respond to the needs of internal clients. The private cloud can be created in one of three ways. The organization can own and operate computing resources that create the cloud—the traditional data center environment. The organization can outsource the private cloud to a vendor where computing resources provided by the vendor are solely used by the organization and not shared with other organizations. The Private Cloud A hybrid is another option—referred to as cloud bursting—where primary computing resources are owned and operated by the organization and additional on-demand computing resources are provided by a cloud vendor. Non-sensitive computing assets are moved to the public cloud, freeing private cloud resources for sensitive computing assets. Private clouds are ideal for organizations that require secured processing and storage because the organization is in total control of security. Communication with the private cloud is conducted over private-leased, secured lines with encryption. This offers greater security than is provided in the public cloud—all computing devices in the private cloud operate behind the organization’s firewall and applications and personnel are under the organization’s control. No resources are shared outside the organization. The Private Cloud Private clouds come at a cost because there is one client—the organization—who underwrites the entire operation. Economies of scale are limited to internal clients, compared to the many clients associated with a public cloud operation. The organization can allocate computing resources quickly since it controls cloud resources. Using a public cloud may delay allocation because an agreement to use those resources must be reached between the organization and the cloud vendor. The Public Cloud The public cloud offers computing resources to the public over the internet to individuals and organizations who do not require the security provided by a private cloud. The public cloud offers computing resources on demand for typically a monthly fee. Computing resources can include expensive sophisticated applications, processing devices, and storage devices that otherwise might be out of the financial reach of the client. Access is seamless from anywhere at any time. Clients pay for servers they need for as long as they need those services. The Public Cloud The public cloud offers economies of scale because expensive cloud infrastructure, computing devices, and applications are shared among many organizations. The public cloud vendor can provide state-of-the-art centralized operations with redundant architectures and environments because costs are leveraged among its client base. Redundancy enables the vendor to balance loads, which provides an expected level of services regardless of demand. Multiple computing devices and cloud operation centers located in multiple states and countries guarantee continuous availability of the cloud to all clients as long as the client has internet access. The Public Cloud The cloud vendor accepts the operational risks associated with the cloud. It ensures that services are available; applications and operating systems are updated; and computing resources are maintained to meet the client’s and regulatory requirements. Furthermore, the cloud vendor incorporates sophisticated security measures that might be out-of-reach in a private cloud environment. The cloud vendor also has certified full-time staff with skill sets that that may not be economically available to organizations that operate a private cloud. Hybrid Clouds A hybrid cloud is a combination of a private cloud and a public cloud. The private cloud is used for sensitive processing and the public cloud is used for non-sensitive processing. Access to both clouds is seamless by using a browser. Users gain access through a browser-based portal that redirects requests to either the private or public cloud. A key benefit of a hybrid cloud is the private cloud can be used to satisfy regulatory requirements for secure processing and storage of data, while the public cloud provides the flexibility to meet growing demands. Hybrid Clouds There are a number of ways to implement a hybrid cloud. An organization can use two cloud vendors to supply the cloud—one for the private cloud and the other for the public cloud. Alternatively, a cloud vendor can provide a complete service where the private cloud computing resources are not shared and the public cloud computing resources are shared. Still another option is for the organization to internally provide a private cloud and rely on a vendor to provide a public cloud. The drawback to implementing an internal private cloud is limited scalability. The organization would need to acquire more computing resources to expand. Why Implement a Cloud? The cloud offers many advantages for an organization that is growing and whose computing resource requirements fluctuate. The cloud provides the operational agility to meet growing demands with a sound economic foundation. Easy to increase computing capacity. Scalability both up and down. A competitive advantage by increasing/decreasing computing capacity as needed without incurring long-term financial obligations. Taking advantage of the latest technology without the burden of acquiring scarce resources. Reduced time to market. Start-up time for a new initiative might require nine months to acquire computing resources. The cloud offers computing resources within days. Disaster recovery. The cloud provider has the computing resources and expertise to handle recovery in a disaster. A cloud provider typically has replicated cloud data centers throughout the United States and outside the country. Why Implement a Cloud? Frees real estate. The cloud is off the organization’s premises. Space used for computing resources can be reallocated for other purposes. No upfront investment in computing resources. The organization pays for computing resources using a subscription model. No maintenance. The cloud vendor takes care of software updates and security patches as part of their core business. No longer an information technology organization. Information technology has become a necessary part of the organization’s operation, although information technology is not the organization’s core business. The cloud shifts information technology to a cloud vendor whose core business is the cloud. The cloud vendor’s investment in cloud technology is an investment in the cloud vendor’s core business. Shared resources. The cloud enables the staff to collaborate in real-time, increasing productivity. Why Implement a Cloud? Balanced work schedule. The cloud enables the staff to collaborate from anywhere in real time over the internet. Cloud vendors also offer cloud apps that can be used on mobile computing devices, giving staff access to the organization’s computing resources while on the go. Reduces the carbon footprint. Rather than the organization maintaining computing resources that have a large carbon footprint, the organization shares those computing resources with other organizations in the cloud. Staff focuses on business. In many organizations, the information technology staff account for 25 percent of the employees. The organization frees up headcount by moving to the cloud. Fewer information technology staff are required. Hidden security. Staff can work with cloud-based applications that automatically save files to the cloud rather than on a local computing device. Files are never lost even if the local computing device crashes. Why Not Use the Cloud? The cloud is less than a perfect technological solution to computing. Here are common disadvantages: –– Connectivity. The cloud internally and externally depends on network operations. Internally, the cloud provision connects its data centers located around the world over a network—the same public network that is used to connected everyone else. The organization connects to the cloud over the same network. Any network issues are also a cloud issue. –– Traffic volume. The public network is a multi-lane highway that can handle very high volumes of traffic. An off-ramp is a narrower roadway to a cloud provider’s site. A traffic jam occurs unless the cloud provider manages the load to its sites as demand for its cloud services increase. Failure to do so results in slow response time, which is something an organization doesn’t expect from the vendor. Why Not Use the Cloud? Software incompatibility. The presumption is that applications run on all computing devices, which is not necessarily the case. An organization may be using older applications and databases that are not compatible with computing resources offered by the cloud provider. Support. An advantage of using the cloud is to offload responsibility for most of the organization’s computing responsibilities to the cloud vendor. The presumption is that it is economical for the cloud vendor to hire specialists since the expense can be allocated to other customers who also require those services. Security. Responsibility for providing cybersecurity moves from the organization to the cloud provider. Dependency. By switching computing responsibility from the organization to the cloud vendor, the organization’s sustainability is dependent on the sustainability of the cloud vendor. The organization cannot change cloud vendors quickly. Mitigating Risk Although computing risks seem to be offloaded to the cloud provider, the organization remains at risk. The organization remains exposed. However, steps can be taken to mitigate risk by carefully selecting a cloud provider. Encryption. The organization’s data must be encrypted at all times. Demarcation. The cloud is a multi-tenant environment. All clients can share resources. Therefore, the cloud provider must demonstrate how the organization’s applications and data are segregated from other customer’s applications and data. There should be an electronic or physical wall between clients. Data replication. The cloud provider must show the organization how data is replicated and restored as part of the organization’s and cloud provider’s data recovery plan, should the cloud provider’s facilities experience a catastrophe. Mitigating Risk Termination. Negotiate terms of terminating the relationship prior to engaging the cloud provider. Termination terms clearly define who owns what and the process for moving the organization’s owned resources to another cloud provider. Costs. Identify all costs associated when engaging the cloud provider. There should be no surprises or hidden costs. Security. Be sure that the cloud provider upgrades security to meet the organization’s requirements. The organization should set minimum security requirements and not waiver from them. Limitations. Ensure that the cloud provider has the computing resources and staff that they promise in their sales presentation. Bandwidth. The cloud provider must have sufficient bandwidth today to meet demand for the next five years. Service-level agreement. The service-level agreement defines the relationship between the organization and the cloud provider

Cloud Computing PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue