Cloud Computing Architecture - Deployment Models

Summary

This document describes different cloud computing deployment models, including public, private, hybrid, and community clouds. It details the characteristics, examples, and potential risks associated with each model, covering topics like workload relocation and security considerations.

Full Transcript

**CLOUD COMPUTING**

**ARCHITECTURE - Deployment Models**

- Public Cloud

- Private Cloud

- Hybrid Cloud

- Community Cloud

2

Public Cloud

- Cloud infrastructure is provisioned for open use by the general
public. It may be owned, managed, and operated by a business,
academic, or government organization, or some combination of them.
It exists on the premises of the cloud provider.

- Examples of Public Cloud:

- Google App Engine

- Microsoft Windows Azure

- IBM Smart Cloud

- Amazon EC2

3

Public Cloud

- In Public setting, the provider\'s computing
and storage resources are

4

Public Cloud

- - In the public scenario, a provider may migrate a subscriber\'s
workload, whether processing or data, at any time.

- Workload can be transferred to data centres where cost is low

- Workloads in a public cloud may be relocated anywhere at any
time

- - A single machine may be shared by the workloads of any
combination of subscribers (a subscriber\'s workload may be
co-resident with the workloads of competitors or adversaries)

- Introduces both reliability and security risk

5

Public Cloud

- Organizations considering the use of an on-site
private cloud

- - Subscribers connect to providers via the public Internet.

- Connection depends on Internet's Infrastructure like

- Domain Name System (DNS) servers

- Router infrastructure,

- Inter-router links

6

Public Cloud

- **Limited visibility and control over data
regarding security (public):**

- The details of provider system operation are usually considered
proprietary information and are not divulged to subscribers.

- In many cases, the software employed by a provider is usually
proprietary and not

- A subscriber cannot verify that data has been completely deleted
from a provider\'s systems.

- **Elasticity: illusion of unlimited resource availability
(public):**

- Public clouds are generally unrestricted in their location or
size.

- Public clouds potentially have high degree of flexibility in the
movement of subscriber workloads to correspond with available
resources.

7

Public Cloud

- - **Restrictive default service level agreements (public):**

- The default service level agreements of public clouds specify

8

Private Cloud

- The cloud infrastructure is provisioned for
exclusive use by a single organization comprising multiple consumers
(e.g., business units). It may be owned, managed, and operated by
the organization, a third party, or some combination of them, and it
may exist on or off premises.

- Examples of Private Cloud:

- Eucalyptus

- Ubuntu Enterprise Cloud - UEC

- Amazon VPC (Virtual Private Cloud)

- VMware Cloud Infrastructure Suite

- Microsoft ECI data center.

9

Private Cloud

- Contrary to popular belief, private cloud may exist off premises and
can be managed by a third party. Thus, two private cloud scenarios
exist, as follows:

- On-site Private Cloud

- Applies to private clouds implemented at a customer's premises.

- Outsourced Private Cloud

- Applies to private clouds where the server side is outsourced to
a hosting company.

10

On-site Private Cloud

- The security perimeter extends around both the subscriber's on-site

- Security perimeter does not guarantees control
over the private cloud's resources but subscriber can exercise
control over the resources.

11

On-site Private Cloud

- Organizations considering the use of an on-site
private cloud should consider:

- **Network dependency (on-site-private):**

- **Subscribers still need IT skills (on-site-private):**

- Subscriber organizations will need the traditional IT skills
required to manage user devices that access the private
cloud, and will require cloud IT skills as well.

- **Workload locations are hidden from clients
(on-site-private):**

- To manage a cloud\'s hardware resources, a private cloud
must be able to migrate workloads between machines without
inconveniencing clients. With an on-site private cloud,
however, a subscriber organization chooses the physical
infrastructure, but individual clients still may not know
where their workloads physically exist within the subscriber
organization\'s infrastructure

12

On-site Private Cloud

- - Workloads of different clients may reside concurrently on the
same systems and local networks, separated only by access
policies implemented by a cloud provider\'s software. A flaw in
the software or the policies could compromise the security of a
subscriber organization by exposing client workloads to one
another

- - On-demand bulk data import/export is limited by the on-site
private cloud\'s network capacity, and real-time or critical
processing may be problematic because of networking limitations.

13

On-site Private Cloud

- **Potentially strong security from external threats
(on-site-private):**

- In an on-site private cloud, a subscriber has the option of
implementing an appropriately strong security perimeter to
protect private cloud resources against external threats to the
same level of security as can be achieved for non-cloud
resources.

- **Significant-to-high up-front costs to migrate into the cloud
(on-site-private):**

- An on-site private cloud requires that cloud management software
be installed on computer systems within a subscriber
organization. If the cloud is intended to support
process-intensive or data-intensive workloads, the software will
need to be installed on numerous commodity systems or on a more
limited number of high-performance systems. Installing cloud
software and managing the installations will incur significant

14

On-site Private Cloud

- - An on-site private cloud, at any specific time, has a fixed
computing and storage capacity that has been sized to correspond
to anticipated workloads and cost restrictions.

15

Outsourced Private Cloud

- Outsourced private cloud has two security perimeters, one
implemented

- Two security perimeters are joined by a protected communications
link.

- The security of data and processing conducted
in the outsourced private cloud depends on the strength and
availability of both security perimeters and of the protected
communication link.

16

Outsourced Private Cloud

- Organizations considering the use of an
outsourced private cloud should

- - In the outsourced private scenario, subscribers may have an
option to provision unique protected and reliable communication
links with the provider.

- - **Risks from multi-tenancy (outsourced-private):**

- The implications are the same as those for an on-site private
cloud.

17

Outsourced Private Cloud

- - On-demand bulk data import/export is limited by the network
capacity between a provider and subscriber, and real-time or
critical processing may be problematic because of networking
limitations. In the outsourced private cloud scenario, however,
these limits may be adjusted, although not eliminated, by
provisioning high-performance and/or high-reliability networking
between the provider and subscriber.

- - As with the on-site private cloud scenario, a variety of
techniques exist to harden a security perimeter. The main
difference with the outsourced private cloud is that the
techniques need to be applied both to a subscriber\'s perimeter
and provider\'s perimeter, and that the communications link
needs to be protected.

18

Outsourced Private Cloud

- **Modest-to-significant up-front costs to migrate into the cloud
(outsourced-**

- In the outsourced private cloud scenario, the resources are
provisioned by the provider

- Main start-up costs for the subscriber relate to:

- Negotiating the terms of the service level agreement (SLA)

- Possibly upgrading the subscriber\'s network to connect to the
outsourced private cloud

- Switching from traditional applications to cloud-hosted
applications,

- Porting existing non-cloud operations to the cloud

- Training

19

Outsourced Private Cloud

- - In the case of the outsourced private cloud, a subscriber can
rent resources in any quantity offered by the provider.
Provisioning and operating computing equipment at scale is a
core competency of providers.

20

Community Cloud

- Cloud infrastructure is provisioned for exclusive use by a specific
community of

- Examples of Community Cloud:

- Google Apps for Government

- Microsoft Government Community Cloud

21

On-site Community Cloud

- Community cloud is made up of a set of
participant organizations. Each participant

- At least one organization must provide cloud services

- Each organization implements a security perimeter

22

On-site Community Cloud

- The participant organizations are connected via links between the

- Access policy of a community cloud may be complex

- Ex. :if there are N community members, a decision must be made,
either implicitly or explicitly, on how to share a member\'s
local cloud resources with each of the other members

- Policy specification techniques like role-based access control
(RBAC),

23

On-site Community Cloud

- Organizations considering the use of an on-site community cloud
should consider:

- **Network Dependency (on-site community):**

- The subscribers in an on-site community cloud need to either
provision controlled inter-site communication links or use
cryptography over a less controlled communications media (such
as the public Internet).

- The reliability and security of the community cloud depends on

24

On-site Community Cloud

-

- Organizations in the community that provides cloud resources,
requires IT skills similar to those required for the on-site private
cloud scenario except that the overall cloud configuration may be
more complex and hence require a higher skill level.

- Identity and access control configurations among the participant
organizations may be complex

-

25

On-site Community Cloud

- - The communication links between the various participant
organizations in a community cloud can be provisioned to various
levels of performance, security and reliability, based on the
needs of the participant organizations. The network-based
limitations are thus similar to those of the outsourced-private
cloud scenario.

- - The security of a community cloud from external threats depends
on the security of all the security perimeters of the
participant organizations and the strength of the communications
links. These dependencies are essentially similar to those of
the outsourced private cloud scenario, but with possibly more
links and security perimeters.

26

On-site Community Cloud

- - The up-front costs of an on-site community cloud for a
participant organization depend greatly on whether the
organization plans to consume cloud services only or also to
provide cloud services. For a participant organization that
intends to provide cloud services within the community cloud,
the costs appear to be similar to those for the on-site private
cloud scenario (i.e., significant-to- high).

27

Outsourced Community Cloud


28

Outsourced Community Cloud

- Organizations considering the use of an on-site
community cloud

- - The network dependency of the outsourced community cloud is
similar to that of the outsourced private cloud. The primary
difference is that multiple protected communications links are
likely from the community members to the provider\'s facility.

- - Same as the outsourced private cloud

29

Outsourced Community Cloud

- - Same as the on-site community cloud

- - Same as outsourced private cloud

- - Same as the on-site community cloud

-

- Same as outsourced private cloud

30

Outsourced Community Cloud

- - Same as outsourced private cloud

31

Hybrid Cloud

- The cloud infrastructure is a composition of two or more distinct
cloud

- Examples of Hybrid Cloud:

- Windows Azure (capable of Hybrid Cloud)

- VMware vCloud (Hybrid Cloud Services)

32

Hybrid Cloud

- A hybrid cloud is composed of two or more private, community, or
public

- They have significant variations in
performance, reliability, and security properties depending upon the
type of cloud chosen to build hybrid cloud.

33

Hybrid Cloud

- A hybrid cloud can be extremely complex

- A hybrid cloud may change over time with constituent clouds joining
and leaving.

34

35


**CLOUD COMPUTING**

Virtualization

IaaS -- Infrastructure as a Service
=========================================================

- What does a subscriber get?

- Access to virtual computers, network-accessible storage, network
infrastructure components such as firewalls, and configuration
services.

- How are usage fees calculated?

- Typically, per CPU hour, data GB stored per hour, network
bandwidth consumed, network infrastructure used (e.g., IP
addresses) per hour, value-added services used (e.g.,
monitoring, automatic scaling)

2

#### IaaS Provider/Subscriber Interaction Dynamics

- The provider has a number of available virtual machines

- Client A has access to vm1 and vm2, Client B has access to vm3 and
Client C has access to vm4, vm5 and vm6

- Provider retains only vm7 through vmN

3

#### IaaS Component Stack and Scope of Control

- IaaS component stack comprises of hardware,
operating system,

- Operating system layer is split into two layers.

- Lower (and more privileged) layer is occupied by the Virtual
Machine Monitor (VMM), which is also called the Hypervisor

- Higher layer is occupied by an operating system running within a
VM called a guest operating system

4

#### IaaS Component Stack and Scope of Control

- In IaaS Cloud provider maintains total control over the physical
hardware and administrative control over the hypervisor layer

- Subscriber controls the Guest OS, Middleware and Applications
layers.

- Subscriber is free (using the provider\'s utilities) to load any
supported operating system software desired into the VM.

- Subscriber typically maintains complete control over the operation
of the guest operating system in each VM.

5

#### IaaS Component Stack and Scope of Control

- A hypervisor uses the hardware to synthesize one or more Virtual
Machines (VMs); each VM is \"an efficient, isolated duplicate of a
real machine\".

- Subscriber rents access to a VM, the VM appears to the subscriber as
actual computer hardware that can be administered (e.g., powered
on/off, peripherals configured) via commands sent over a network to
the provider.

6

IaaS Cloud Architecture
=============================================

- Logical view of IaaS cloud structure and operation

7

IaaS Cloud Architecture
=============================================

- Three-level hierarchy of components in IaaS cloud systems

- *Top level* is responsible for *central control*

- *Middle level* is responsible for *management of possibly large
computer clusters* that may be *geographically distant* from one
another

- *Bottom level* is responsible for *running the host computer
systems* on which virtual machines are created.

- Subscriber queries and commands generally flow into the system at
the top and are forwarded down through the layers that either answer
the queries or execute the commands

8

### IaaS Cloud Architecture

- Cluster Manager can be geographically distributed

- Within a cluster manger computer manger is connected via high speed
network.

9

### Operation of the Cloud Manager

- Cloud Manager is the public access point to the cloud where
subscribers sign up for accounts, manage the resources they rent
from the cloud, and access data stored in the cloud.

- Cloud Manager has mechanism for:

- Authenticating subscribers

- Generating or validating access credentials that subscriber uses
when communicating with VMs.

- Top-level resource management.

- For a subscriber's request cloud manager determines if the cloud

10

### Data Object Storage (DOS)

- DOS generally stores the subscriber's metadata like user
credentials, operating system images.

- DOS service is (usually) single for a cloud.

11

### Operation of the Cluster Managers

- Each *Cluster Manager* is responsible for the operation of a
collection of computers that are connected via high speed local area
networks

- *Cluster Manager* receives resource allocation commands and queries
from the *Cloud Manager*, and calculates whether part or all of a
command can be satisfied using the resources of the computers in the
cluster.

- *Cluster Manager* queries the *Computer Managers* for the computers
in the cluster to determine resource availability, and returns
messages to the *Cloud Manager*

12

### Operation of the Cluster Managers

- Directed by the Cloud Manager, a Cluster Manager then instructs the
Computer Managers to perform resource allocation, and reconfigures
the virtual network infrastructure to give the subscriber uniform
access.

- Each Cluster Manager is connected to Persistent Local Storage (PLS)

- PLS provide persistent disk-like storage to Virtual Machine

13

### Operation of the Computer Managers

- At the lowest level in the hierarchy computer manger runs on each
computer system and uses the concept of virtualization to provide
Virtual Machines to subscribers

- Computer Manger maintains status information including how many
virtual machines are running and how many can still be started

- Computer Manager uses the command interface of its hypervisor to
start, stop, suspend, and reconfigure virtual machines

14

### Virtualization {#virtualization-1}

- Virtualization is a broad term (virtual memory, storage, network,
etc)

- Focus: **Platform virtualization**

- Virtualization basically allows one computer to do the job of
multiple computers, by sharing the resources of a single hardware
across multiple environments

15

Virtualization {#virtualization-2}
====================================

- Virtualization is way to run **multiple operating systems** and
**user applications** on the

- E.g., run both Windows and Linux on the same laptop

- How is it different from **dual-boot**?

- Both OSes run **simultaneously**

- The OSes are completely **isolated** from each other


16

- *Equivalence*: The VM should be indistinguishable from the
underlying hardware.

- *Resource control*: The VM should be in complete control of any
virtualized resources.

- *Efficiency*: Most VM instructions should be executed directly on
the underlying CPU without involving the hypervisor.

17

- **privileged** instructions, which cause a trap if executed in user
mode, and

- **sensitive** instructions, which change the underlying resources
(e.g. doing I/O or changing the page tables) or observe information
that indicates the current privilege level (thus exposing the fact
that the guest OS is not running on the bare hardware).

- The former class of sensitive instructions are called **control
sensitive** and the latter **behavior sensitive** in the paper, but
the distinction is not particularly important.

18

#### VMM and VM


- For any conventional third generation computer, a VMM may be
constructed if the set of sensitive instructions for that computer
is a subset of the set of privileged instructions

- A conventional third generation computer is recursively
virtualizable if it is virtualizable and a VMM without any timing
dependencies can be constructed for it.

19


Approaches to Server Virtualization
===================================

20

- 1^st^ Generation: Full

- Software Based

- VMware and Microsoft

- 2^nd^ Generation:

- 3^rd^ Generation: Silicon-

- Unmodified guest

- VMware and Xen on virtualization-aware hardware platforms


Virtualization Logic

21

### Full Virtualization

- 1^st^ Generation offering of x86/x64 server
virtualization

- Dynamic binary translation

- Emulation layer talks to an operating system which

- Guest OS doesn\'t see that it is used in an emulated environment

- All of the hardware is emulated including the CPU

- Two popular open source emulators are QEMU and Bochs

22

### Full Virtualization - Advantages

- Emulation layer

- Isolates VMs from the host OS and from each other

- Controls individual VM access to system resources, preventing an
unstable VM from impacting system performance

- Total VM portability

- By emulating a consistent set of system hardware, VMs have the
ability to transparently move between hosts with dissimilar
hardware without any problems

- It is possible to run an operating system that was developed
for another

- A VM running on a Dell server can be relocated to a Hewlett-Packard
server

23

###### Full Virtualization - Drawbacks

- Hardware emulation comes with a performance price

- In traditional x86 architectures, OS kernels expect to run
privileged code in Ring 0

- However, because Ring 0 is controlled by the host OS, VMs are
forced to execute

- Due to these performance limitations, para-virtualization and
hardware-

24

### Para-Virtualization

- Guest OS is modified and thus run kernel-level operations at Ring 1
(or 3)

- Guest is fully aware of how to process privileged instructions

- Privileged instruction translation by the VMM is no longer
necessary

- Guest operating system uses a specialized API to talk to the VMM
and, in this way, execute the privileged instructions

- VMM is responsible for handling the virtualization

Server virtualization approaches


25

Para-Virtualization
===================

- Today, VM guest operating systems are
para-virtualized using two different approaches:

- ***Recompiling the OS kernel***

- Para-virtualization drivers and APIs must reside in the guest
operating system kernel

- You do need a modified operating system that includes this
specific API, requiring a compiling operating systems to be
virtualization aware

- ***Installing para-virtualized drivers***

- In some operating systems it is not possible to use complete
para-virtualization, as it requires a specialized version of the
operating system

- To ensure good performance in such environments,
para-virtualization can be applied for individual devices

- For example, the instructions generated by network boards or
graphical interface cards can be modified before they leave the
virtualized machine by using para-virtualized drivers

26

Server virtualization approaches

### Hardware-assisted virtualization

- Guest OS runs at ring 0

- VMM uses processor extensions (such as Intel®- VT or AMD-V) to
intercept and emulate privileged operations in the guest

- Hardware-assisted virtualization removes many of the problems that
make writing a VMM a challenge

- VMM runs in a more privileged ring than 0, a

27

Server virtualization approaches

Hardware-assisted virtualization
================================

- **Pros**

- It allows to run unmodified OSs (so legacy OS can be run without

- **Cons**

- Speed and Flexibility

- An unmodified OS does not know it is running in a
virtualized environment and so, it can't take advantage of
any of the virtualization features

28

#### Network Virtualization


29

Why Virtualize ?
--------------------------------------

- Internet is *almost* "paralyzed"

- Lots of makeshift solutions (e.g. overlays)

- A new architecture (aka clean-slate) is needed

- Hard to come up with a *one-size-fits-all* architecture

- Almost impossible to predict what future might unleash

- Why not create an *all-sizes-fit-into-one* instead!

- Open and expandable architecture

- Testbed for future networking architectures and protocols

30

Related Concepts
--------------------------------------

- Virtual Private Networks (VPN)

- Virtual network connecting distributed sites

- Not customizable enough

- Active and Programmable Networks

- Customized network functionalities

- Programmable interfaces and active codes

- Overlay Networks

- Application layer virtual networks

- Not flexible enough

31

Network Virtualization Model
--------------------------------------------------

- Business Model

- Architecture

- Design Principles

- Design Goals

32

Business Model
------------------------------------

- Infrastructure Providers (*InPs*)

- Manage underlying physical networks

- Service Providers (*SPs*)

- Create and manage virtual networks

- Deploy customized end-to-end services

- End Users

- Buy and use services from different service providers

- Brokers

- Mediators/Arbiters

33

Architecture
----------------------------------

34

Design Principles
---------------------------------------

- *[Concurrence]* of multiple

- *[Recursion]* of virtual networks

- *[Inheritance]* of architectural attributes

- *[Revisitation]* of virtual nodes

\
Hierarchy of Roles


35

- Flexibility

Design Goals (1)
----------------

- Service providers can choose

- arbitrary network topology,

- routing and forwarding functionalities,

- customized control and data planes

- No need for co-ordination with others

- IPv6 fiasco should never happen again

- Manageability

- Clear separation of policy from mechanism

- Defined *accountability* of infrastructure and service providers

- Modular management

36

- Scalability

Design Goals (2)
----------------

- Maximize the number of co-existing virtual
networks

- Increase resource utilization and amortize CAPEX and OPEX

- Security, Privacy, and Isolation

- Complete isolation between virtual networks

- *Logical* and *resource*

- Isolate faults, bugs, and misconfigurations

- Secured and private

37

- Programmability

Design Goals (3)
----------------

- Of network elements e.g. routers

- Answer *"How much"* and "*how"*

- Easy and effective without being vulnerable to threats

- Heterogeneity

- Networking technologies

- Optical, sensor, wireless etc.

- Virtual networks

38

Design Goals (4)
----------------

- Experimental and Deployment Facility

- PlanetLab, GENI, VINI

- Directly deploy services in real world from the testing phase

- Legacy Support

- Consider the existing Internet as a member of the collection of
multiple virtual Internets

- Very *important* to keep all concerned parties satisfied

39

Definition
----------

40

Typical Approach
--------------------------------------

- Networking technology

- IP, ATM

- Layer of virtualization

- Architectural domain

- Network resource management, Spawning networks

- Level of virtualization

- Node virtualization, Full virtualization

41


42

#### Introduction to XML:

##### eXtensible Markup Language

1

### XML ??

- Over time, the acronym "XML" has evolved to
imply a growing family of

- How XML data can be represented and processed

- application frameworks (tools, dialects) based on XML

- Most "popular" XML discussion refers to this latter meaning

- We'll talk about both.

#### Presentation Outline

- What is XML (basic introduction)

- Language rules, basic XML processing

- Defining language dialects

- DTDs, schemas, and namespaces

- XML processing

- Parsers and parser interfaces

- XML-based processing tools

- XML messaging

- Why, and some issues/example

- Conclusions

#### What is XML?

- ***A syntax*** for "encoding" text-based data
(words, phrases, numbers, \...)

- ***A text-based syntax.*** XML is written using ***printable
Unicode*** characters (no explicit

- ***Extensible***. XML lets you define your own ***elements***
(essentially ***data types***), within the constraints of the syntax
rules

- ***Universal format***. The syntax rules ensure that all XML
processing software ***MUST***


###### Example Revisited

quantity element

**\

- There are explicit syntax rules for DTD content \-- well-formed XML
must be correct here also.

- The parser then replaces every occurrence of an ***entity
reference*** by the referenced entity (and does so recursively
within entities)

- The "resolved" data object is then made available to the XML
application

XML Processing Rules: External Entities

***Location** given*

- The parser processes the DTD content, identifies the external
entities, and "tries" to

- The parser then replaces every occurrence of an ***entity
reference*** by the referenced entity, and does so recursively
within all those entities, (like with internal entities)

- But.... what if the parser can't find the external entity
(firewall?)?

- That depends on the application / parser type

- There are ***two types of XML parsers***

- one that MUST retrieve all entities, and one that can ignore
them (if it can't find them)

- **Validating parser**

- ***Must*** retrieve all entities and must
process ***all*** DTD content. Will stop processing and indicate
a failure if it cannot

- There is also the implication that it will test for
compatibility with other things in the DTD \-- instructions that
define syntactic rules for the document (allowed elements,
attributes, etc.). We'll talk about these parts in the next
section.

- **Non-validating parser**

- Will try to retrieve all entities defined in the DTD, but will
***cease processing the DTD*** content at the first entity it
can't find, But this is not an error \-- the parser simply makes
available the XML data (and the names of any unresolved
entities) to the application.

**DTD**


#### Special Issues: Characters and Charsets

- XML specification defines what characters can
be used as whitespace in tags: \

- ***You cannot use EBCIDIC character 'NEL' as whitespace***

- Must make sure to not do so!

- What if you want to include characters not defined in the encoding
charset (e.g., Greek characters in an ISO-Latin-1 document):

- Use ***character references***. For example:

- Also, binary data must be encoded as ***printable characters***

### Presentation Outline

- What is XML (basic introduction)

- Language rules, basic XML processing

- Defining language dialects

- DTDs, schemas, and namespaces

- XML processing

- Parsers and parser interfaces

- XML-based processing tools

- XML messaging

- Why, and some issues/example

- Conclusions

#### How do you define language dialects?

- Two ways of doing so:

- **XML Document Type Declaration (DTD)** \-- Part of core XML
spec.

- **XML Schema** \-- New XML specification (2001), which allows
for stronger constraints on XML documents.

- Adding dialect specifications implies ***two classes*** of XML data:

- ***Well-formed*** An XML document that is syntactically correct

- ***Valid*** An XML document that is both well-formed *and*

- What DTDs and/or schema specify:

- Allowed element and attribute names, hierarchical nesting rules;
element content/type restrictions

- Schemas are more powerful than DTDs. They are often used for ***type
validation***, or for relating database schemas to XML models

#### Example DTD (as part of document)

#### Example "External" DTD

- Reference is using a variation on the DOCTYPE:

- Of course, the DTD file must be there, and accessible.


23

#### Introduction to XML:

##### eXtensible Markup Language

1

### XML Schemas

- A new specification (2001) for specifying
validation rules for XML

- Uses ***pure XML*** (no special DTD grammar) to do this.

- Schemas are more powerful than DTDs - can specify things like
integer types, date

- They are often used for ***type validation***, or for relating
database schemas to XML models

- They don't, however, let you declare entities \-- those can only be
done in DTDs.

- The following slide shows the XML schema equivalent to our DTD

#### XML Schema version of our DTD (Portion)

#### XML Namespaces

- Mechanism for identifying different "spaces" for XML names

- That is, ***element*** or ***attribute*** names

- This is a way of identifying different ***language dialects***,
consisting of names that have specific semantic (and processing)
meanings.

- Thus \

- SAX Simple API to XML (event-based)

- DOM Document Object Model (object/tree based)

- JDOM Java Document Object Model (object/tree based)

- Lots of XML parsers and interface software available (Unix, Windows,
OS/390 or Z/OS, etc.)

- SAX-based parsers are fast (often as fast as you can stream data)

- DOM slower, more memory intensive (create in-memory version of
entire document)

- And, validating can be ***much slower*** than non-validating

#### XML Processing: SAX

A. **SAX: Simple API for XML**

-