7/29/2019 Yesha Sivan
1/93
Effectively and Securely Using theCloud Computing Paradigm
Peter Mell, Tim GranceNIST, Information Technology Laboratory
10-7-2009With Minor comments by Dr. Yesha Sivan(As part of the Cloud Panel in Web 2010).
7/29/2019 Yesha Sivan
2/93
NIST Cloud Research Team
Peter MellProject LeadTim Grance
Program Manager
Lee Badger
Contact information is available from:http://www.nist.gov/public_affairs/contact.htm
7/29/2019 Yesha Sivan
3/93
NIST Cloud Computing Resources
NIST Draft Definition of Cloud Computing Presentation on Effective and Secure Use of Cloud
Computing http://csrc.nist.gov/groups/SNS/cloud-computing/index.html
7/29/2019 Yesha Sivan
4/93
Caveats and Disclaimers
This presentation provides education oncloud technology and its benefits to set up adiscussion of cloud security
It is NOT intended to provide official NISTguidance and NIST does not make policy
Any mention of a vendor or product is NOT
an endorsement or recommendation
Citation Note: All sources for the material in this presentation are included within
the Powerpoint notes field on each slide
7/29/2019 Yesha Sivan
5/93
Agenda
Part 1: Effective and Secure Useo Understanding Cloud Computingo Cloud Computing Securityo Secure Cloud Migration Pathso Cloud Publicationso Cloud Computing and Standards
Part 2: Cloud Resources, Case Studies, and SecurityModelso Thoughts on Cloud Computingo Foundational Elements of Cloud Computingo Cloud Computing Case Studies and Security Models
7/29/2019 Yesha Sivan
6/93
Part I: Effective and Secure Use
7/29/2019 Yesha Sivan
7/93
Understanding Cloud Computing
7/29/2019 Yesha Sivan
8/93
Origin of the term Cloud Computing
Comes from the early days of the Internet where wedrew the network as a cloud we didnt care wherethe messages went the cloud hid it from us KevinMarks, Google
First cloud around networking (TCP/IP abstraction) Second cloud around documents (WWW data
abstraction) The emerging cloud abstracts infrastructure
complexities of servers, applications, data, andheterogeneous platformso (muck as Amazons CEO Jeff Bezos calls it)
7/29/2019 Yesha Sivan
9/93
A Working Definition of Cloud Computing
Cloud computing is a model for enablingconvenient, on-demand network access to ashared pool of configurable computing resources
(e.g., networks, servers, storage, applications,and services) that can be rapidly provisioned andreleased with minimal management effort orservice provider interaction.
This cloud model promotes availability and is composedof five essential characteristics, three service models,and fourdeployment models.
7/29/2019 Yesha Sivan
10/93
5 Essential Cloud Characteristics
1.On-demand self-service2.Broad network access3.Resource pooling
1.Location independence4.Rapid elasticity5.Measured serviceThis is the key to what we talkedabout in the meeting.
7/29/2019 Yesha Sivan
11/93
3 Cloud Service Models
Cloud Software as a Service (SaaS)o Use providers applications over a network
Cloud Platform as a Service (PaaS)o Deploy customer-created applications to a cloud
Cloud Infrastructure as a Service (IaaS)o Rent processing, storage, network capacity, and other
fundamental computing resources To be considered cloud they must be deployed on
top of cloud infrastructure that has the keycharacteristics
7/29/2019 Yesha Sivan
12/93
Service Model Architectures
7/29/2019 Yesha Sivan
13/93
4 Cloud Deployment Models
Private cloudo enterprise owned or leased
Community cloudo shared infrastructure for specific community Public cloudo Sold to the public, mega-scale infrastructure
Hybrid cloudo composition of two or more clouds
7/29/2019 Yesha Sivan
14/93
Common Cloud Characteristics
Cloud computing often leverages:o Massive scaleo Homogeneityo
Virtualization
o Resilient computingo Low cost softwareo Geographic distributiono
Service orientation
oAdvanced security technologies
7/29/2019 Yesha Sivan
15/93
The NIST Cloud Definition Framework
CommunityCloud
PrivateCloud
Public Cloud
Hybrid Clouds
DeploymentModels
ServiceModels
EssentialCharacteristics
CommonCharacteristics
Software as a
Service (SaaS)
Platform as a
Service (PaaS)
Infrastructure as a
Service (IaaS)
Resource Pooling
Broad Network Access Rapid Elasticity
Measured Service
On Demand Self-Service
Low Cost Software
Virtualization Service Orientation
Advanced Security
Homogeneity
Massive Scale Resilient Computing
Geographic Distribution
7/29/2019 Yesha Sivan
16/93
Cloud Computing Security
7/29/2019 Yesha Sivan
17/93
Security is the Major Issue
7/29/2019 Yesha Sivan
18/93
Analyzing Cloud Security
Some key issues:o trust, multi-tenancy, encryption, compliance
Clouds are massively complex systems
can be reduced to simple primitives thatare replicated thousands of times andcommon functional units
Cloud security is a tractable problemo There are both advantages and challenges
Former Intel CEO, Andy Grove: only the paranoid survive
7/29/2019 Yesha Sivan
19/93
General Security Advantages
Shifting public data to a external cloudreduces the exposure of the internalsensitive data
Cloud homogeneity makes securityauditing/testing simpler
Clouds enable automated security
management
Redundancy / Disaster Recovery
7/29/2019 Yesha Sivan
20/93
General Security Challenges
Trusting vendors security model Customer inability to respond to audit findings Obtaining support for investigations Indirect administrator accountability Proprietary implementations cant be examined Loss of physical control
7/29/2019 Yesha Sivan
21/93
Security Relevant Cloud Components
Cloud Provisioning Services Cloud Data Storage Services Cloud Processing Infrastructure Cloud Support Services Cloud Network and Perimeter Security Elastic Elements: Storage, Processing, andVirtual Networks
7/29/2019 Yesha Sivan
22/93
Provisioning Service
Advantageso Rapid reconstitution of serviceso Enables availability
Provision in multiple data centers / multiple instancesoAdvanced honey net capabilities
Challengeso Impact of compromising the provisioning service
7/29/2019 Yesha Sivan
23/93
Data Storage Services
Advantageso Data fragmentation and dispersaloAutomated replicationo Provision of data zones (e.g., by country)o Encryption at rest and in transitoAutomated data retention
Challengeso Isolation management / data multi-tenancyo
Storage controller
Single point of failure / compromise?o Exposure of data to foreign governments
7/29/2019 Yesha Sivan
24/93
Cloud Processing Infrastructure
AdvantagesoAbility to secure masters and push out secure
images Challenges
oApplication multi-tenancyo Reliance on hypervisorso Process isolation / Application sandboxes
7/29/2019 Yesha Sivan
25/93
Cloud Support Services
Advantageso On demand security controls (e.g., authentication,
logging, firewalls) Challenges
oAdditional risk when integrated with customer
applicationso Needs certification and accreditation as a
separate applicationo Code updates
Cl d N t k d P i t
7/29/2019 Yesha Sivan
26/93
Cloud Network and PerimeterSecurity
Advantageso Distributed denial of service protectiono VLAN capabilitieso
Perimeter security (IDS, firewall, authentication)
Challengeso Virtual zoning with application mobility
Cloud Security Advantages
7/29/2019 Yesha Sivan
27/93
Cloud Security AdvantagesPart 1
Data Fragmentation and Dispersal Dedicated Security Team Greater Investment in Security Infrastructure Fault Tolerance and Reliability Greater Resiliency Hypervisor Protection Against Network Attacks Possible Reduction of C&A Activities (Access
to Pre-Accredited Clouds)
Cloud Security Advantages
7/29/2019 Yesha Sivan
28/93
Simplification of Compliance Analysis Data Held by Unbiased Party (cloud vendor
assertion) Low-Cost Disaster Recovery and Data
Storage Solutions On-Demand Security Controls Real-Time Detection of System Tampering
Rapid Re-Constitution of Services Advanced Honeynet Capabilities
Cloud Security AdvantagesPart 2
Cloud Security Challenges Part
7/29/2019 Yesha Sivan
29/93
Cloud Security Challenges Part1
Data dispersal and international privacy lawso EU Data Protection Directive and U.S. Safe Harbor
programo Exposure of data to foreign government and data
subpoenaso Data retention issues
Need for isolation management Multi-tenancy
Logging challenges Data ownership issues Quality of service guarantees
Cloud Security Challenges Part
7/29/2019 Yesha Sivan
30/93
Cloud Security Challenges Part2
Dependence on secure hypervisors Attraction to hackers (high value target) Security of virtual OSs in the cloud Possibility for massive outages Encryption needs for cloud computing
o Encrypting access to the cloud resource controlinterface
o Encrypting administrative access to OS instanceso Encrypting access to applicationso Encrypting application data at rest
Public cloud vs internal cloud security Lack of public SaaS version control
7/29/2019 Yesha Sivan
31/93
Additional Issues
Issues with moving PII and sensitive data to the cloudo Privacy impact assessments
Using SLAs to obtain cloud securityo Suggested requirements for cloud SLAso
Issues with cloud forensics
Contingency planning and disaster recovery for cloudimplementations
Handling complianceo FISMAo HIPAAo SOXo PCIo SAS 70 Audits
Secure Migration Paths
7/29/2019 Yesha Sivan
32/93
Secure Migration Pathsfor Cloud Computing
7/29/2019 Yesha Sivan
33/93
The Why and How of Cloud Migration
There are many benefits that explainwhy to migrate to cloudso Cost savings, power savings, green
savings, increased agility in softwaredeployment Cloud security issues may drive and
define how we adopt and deploy
cloud computing solutions
Balancing Threat Exposure and
7/29/2019 Yesha Sivan
34/93
Balancing Threat Exposure andCost Effectiveness
Private clouds may have less threatexposure than community clouds whichhave less threat exposure than public
clouds. Massive public clouds may be more cost
effective than large community clouds whichmay be more cost effective than smallprivate clouds.
Doesnt strong security controls mean that Ican adopt the most cost effective approach?
Cloud Migration and Cloud Security
7/29/2019 Yesha Sivan
35/93
Cloud Migration and Cloud SecurityArchitectures
Clouds typically have a single security architecturebut have many customers with different demandso Clouds should attempt to provide configurable security
mechanisms Organizations have more control over the security
architecture of private clouds followed bycommunity and then publico This doesnt say anything about actual security
Higher sensitivity data is likely to be processed onclouds where organizations have control over thesecurity model
7/29/2019 Yesha Sivan
36/93
Putting it Together
Most clouds will require very strong securitycontrols
All models of cloud may be used for differing
tradeoffs between threat exposure andefficiency
There is no one cloud. There are manymodels and architectures.
How does one choose?
Migration Paths for
7/29/2019 Yesha Sivan
37/93
Migration Paths forCloud Adoption
Use public clouds Develop private clouds
o Build a private cloudo Procure an outsourced private cloudo Migrate data centers to be private clouds (fully virtualized)
Build or procure community cloudso Organization wide SaaSo PaaS and IaaSo Disaster recovery for private clouds Use hybrid-cloud technologyo Workload portability between clouds
Possible Effects of
7/29/2019 Yesha Sivan
38/93
Cloud Computing
Small enterprises use public SaaS and publicclouds and minimize growth of data centers
Large enterprise data centers may evolve to act asprivate clouds
Large enterprises may use hybrid cloudinfrastructure software to leverage both internal andpublic clouds
Public clouds may adopt standards in order to runworkloads from competing hybrid cloudinfrastructures
Cloud Computing
7/29/2019 Yesha Sivan
39/93
p gand Standards
Cl d St d d Mi i
7/29/2019 Yesha Sivan
40/93
Cloud Standards Mission
Provide guidance to industry andgovernment for the creation andmanagement of relevant cloud computing
standards allowing all parties to gain themaximum value from cloud computing
NIST d St d d
7/29/2019 Yesha Sivan
41/93
NIST and Standards
NIST wants to promote cloud standards:o We want to propose roadmaps for needed
standardso We want to act as catalysts to help industry
formulate their own standards Opportunities for service, software, and hardware
providers
o We want to promote government and industryadoption of cloud standards
G l f NIST Cl d St d d Eff t
7/29/2019 Yesha Sivan
42/93
Goal of NIST Cloud Standards Effort
Fungible cloudso (mutual substitution of services)o Data and customer application portabilityo Common interfaces, semantics, programming
modelso Federated security serviceso Vendors compete on effective implementations
Enable and foster value add on servicesoAdvanced technologyo Vendors compete on innovative capabilities
A Model for Standardizationd P i t I l t ti
7/29/2019 Yesha Sivan
43/93
and Proprietary Implementation
Standardized CoreCloud Capabilities
Proprietary ValueAdd Functionality
Advancedfeatures
Core features
P d R lt
7/29/2019 Yesha Sivan
44/93
Proposed Result
Cloud customers knowingly choose thecorrect mix for their organization ofo standard portable featureso proprietary advanced capabilities
A proposal: A NIST Cloud
7/29/2019 Yesha Sivan
45/93
Standards Roadmap
We need to define minimal standardso Enable secure cloud integration, application
portability, and data portabilityoAvoid over specification that will inhibit innovationo Separately addresses different cloud models
Towards the Creation of
7/29/2019 Yesha Sivan
46/93
a Roadmap (I)
Thoughts on standards:o Usually more service lock-in as you move up the SPI
stack (IaaS->PaaS->SaaS)o IaaS is a natural transition point from traditionalenterprise datacenters
Base service is typically computation, storage, andnetworking
o The virtual machine is the best focal point forfungibility
o Security and data privacy concerns are the twocritical barriers to adopting cloud computing
Towards the Creation of
7/29/2019 Yesha Sivan
47/93
a Roadmap (II)
Result:o Focus on an overall IaaS standards roadmap as
a first major deliverableo Research PaaS and SaaS roadmaps as we moveforwardo Provide visibility, encourage collaboration in
addressing these standards as soon as possibleo Identify common needs for security and dataprivacy standards across IaaS, PaaS, SaaS
A Roadmap for IaaS
7/29/2019 Yesha Sivan
48/93
A Roadmap for IaaS
Needed standardso VM image distribution (e.g., DMTF OVF)o VM provisioning and control (e.g., EC2 API)o Inter-cloud VM exchange (e.g., ??)o Persistent storage (e.g., Azure Storage, S3, EBS,
GFS, Atmos)o VM SLAs (e.g., ??) machine readable
uptime, resource guarantees, storage redundancyo Secure VM configuration (e.g., SCAP)
A Roadmap for PaaS and SaaS
7/29/2019 Yesha Sivan
49/93
A Roadmap for PaaS and SaaS
More difficult due to proprietary nature A future focus for NIST Standards for PaaS could specify
o Supported programming languagesoAPIs for cloud services
Standards for SaaS could specifyo SaaS-specific authentication / authorizationo
Formats for data import and export (e.g., XML schemas)
o Separate standards may be needed for each applicationspace
Security and Data Privacy Across
7/29/2019 Yesha Sivan
50/93
y yIaaS, PaaS, SaaS
Many existing standards Identity and Access Management (IAM)
o IdM federation (SAML, WS-Federation, Liberty ID-FF)o Strong authentication standards (HOTP, OCRA, TOTP)o Entitlement management (XACML)
Data Encryption (at-rest, in-flight), Key Managemento PKI, PKCS, KEYPROV (CT-KIP, DSKPP), EKMI
Records and Information Management (ISO 15489)
E-discovery (EDRM)
Cloud Computing Publications
7/29/2019 Yesha Sivan
51/93
Cloud Computing Publications
Planned NISTCloud Computing Publication
7/29/2019 Yesha Sivan
52/93
Cloud Computing Publication
NIST is planning a series of publications on cloudcomputing
NIST Special Publication to be created in FY09o What problems does cloud computing solve?o What are the technical characteristics of cloud
computing?o How can we best leverage cloud computing and
obtain security?
Part II: Cloud Resources, Case Studies,d S it M d l
7/29/2019 Yesha Sivan
53/93
and Security Models
Thoughts on Cloud Computing
7/29/2019 Yesha Sivan
54/93
g p g
Thoughts on Cloud Computing
7/29/2019 Yesha Sivan
55/93
Thoughts on Cloud Computing
Galen Gruman, InfoWorld Executive Editor,and Eric Knorr, InfoWorld Editor in Chiefo A way to increase capacity or add capabilities on
the fly without investing in new infrastructure,training new personnel, or licensing newsoftware.
o The idea of loosely coupled services running onan agile, scalable infrastructure should eventuallymake every enterprise a node in the cloud.
Thoughts on Cloud Computing
7/29/2019 Yesha Sivan
56/93
Thoughts on Cloud Computing
Tim OReilly, CEO OReilly Media
I think it is one of the foundations of the nextgeneration of computing
The network of networks is the platform for all
computing
Everything we think of asa computer today is reallyjust a device thatconnects to the bigcomputer that we are allcollectively building
Thoughts on Cloud Computing
7/29/2019 Yesha Sivan
57/93
Thoughts on Cloud Computing
Dan Farber, Editor in Chief CNET News We are at the beginning of the age of planetary
computing. Billions of people will be wirelesslyinterconnected, and the only way to achieve that
kind of massive scale usage is by massive scale,brutally efficient cloud-based infrastructure.
Core objectives of Cloud Computing
7/29/2019 Yesha Sivan
58/93
Core objectives of Cloud Computing
Amazon CTO Werner Vogels Core objectives and principles that
cloud computing must meet to besuccessful:o Securityo Scalabilityo Availabilityo Performanceo Cost-effectiveo Acquire resources on demando Release resources when no longer neededo Pay for what you useo Leverage others core competencieso Turn fixed cost into variable cost
A sunny vision
7/29/2019 Yesha Sivan
59/93
of the future
Sun Microsystems CTO Greg Papadopouloso Users will trust service providers with their data like
they trust banks with their moneyo Hosting providers [will] bring brutal efficiency for
utilization, power, security, service levels, and idea-to-deploy time CNET article
o Becoming cost ineffective to build data centerso Organizations will rent computing resourceso Envisions grid of 6 cloud infrastructure providers
linked to 100 regional providers
Foundational Elements of CloudComputing
7/29/2019 Yesha Sivan
60/93
Computing
Foundational Elementsof Cloud Computing
7/29/2019 Yesha Sivan
61/93
of Cloud Computing
Virtualization Grid technology Service OrientedArchitectures Distributed Computing Broadband Networks Browser as a platform Free and Open Source
Software
Autonomic Systems Web 2.0 Web applicationframeworks Service Level
Agreements
Primary Technologies Other Technologies
Web 2.0Consumer Software Revolution
7/29/2019 Yesha Sivan
62/93
eb 0
Is not a standard but an evolution in using the WWW Dont fight the Internet CEO Google, Eric Schmidt Web 2.0 is the trend of using the full potential of the
webo Viewing the Internet as a computing platformo Running interactive applications through a web browsero Leveraging interconnectivity and mobility of deviceso The long tail (profits in selling specialized small market
goods)o Enhanced effectiveness with greater human participation
Tim O'Reilly: Web 2.0 is the business revolution in thecomputer industry caused by the move to the Internetas a platform, and an attempt to understand the rules
Software as a Service (SaaS)Enterprise Software Revolution
7/29/2019 Yesha Sivan
63/93
( )
SaaS is hosting applications on the Internetas a service (both consumer and enterprise)
Jon Williams, CTO of Kaplan Test Prep on
SaaS
o I love the fact that I don't need to deal with servers,staging, version maintenance, security, performance
Eric Knorr with Computerworld says that
[there is an] increasing desperation on thepart of IT to minimize application deploymentand maintenance hassles
Three Features ofMature SaaS Applications
7/29/2019 Yesha Sivan
64/93
Mature SaaS Applications
Scalableo Handle growing amounts of work in a graceful manner
Multi-tenancyo One application instance may be serving hundreds of
companieso Opposite of multi-instance where each customer is
provisioned their own server running one instance Metadata driven configurability
o Instead of customizing the application for a customer(requiring code changes), one allows the user to configurethe application through metadata
SaaS Maturity Levels
7/29/2019 Yesha Sivan
65/93
y
Level 1: Ad-Hoc/Custom Level 2: Configurable Level 3: Configurable,
Multi-Tenant-Efficient Level 4: Scalable,
Configurable, Multi-
Tenant-Efficient
Source: Microsoft MSDN Architecture Center
Utility Computing
7/29/2019 Yesha Sivan
66/93
y p g
Computing may someday be organized as apublic utility - John McCarthy, MITCentennial in 1961
Huge computational and storage capabilitiesavailable from utilities Metered billing (pay for what you use) Simple to use interface to access the
capability (e.g., plugging into an outlet)
Service Level Agreements(SLAs)
7/29/2019 Yesha Sivan
67/93
(SLAs)
Contract between customers and serviceproviders of the level of service to beprovided
Contains performance metrics (e.g., uptime,throughput, response time) Problem management details Documented security capabilities Contains penalties for non-performance
Autonomic System Computing
7/29/2019 Yesha Sivan
68/93
y p g
Complex computing systems that manage themselves Decreased need for human administrators to perform
lower level tasks Autonomic properties: Purposeful, Automatic,
Adaptive, Aware IBMs 4 properties: self-healing, self-configuration, self-
optimization, and self-protectionIT labor costs are 18 times that of equipment costs.The number of computers is growing at 38% each year.
Grid Computing
7/29/2019 Yesha Sivan
69/93
Distributed parallel processing across a network Key concept: the ability to negotiate resource-sharing arrangements
Characteristics of grid computingo
Coordinates independent resources
o Uses open standards and interfaceso Quality of serviceoAllows for heterogeneity of computerso Distribution across large geographical boundarieso Loose coupling of computers
Platform Virtualization
7/29/2019 Yesha Sivan
70/93
[Cloud computing] relies on separating yourapplications from the underlying infrastructure -Steve Herrod, CTO at VMware
Host operating system provides an abstraction layer
for running virtual guest OSs Key is the hypervisor or virtual machine monitoro Enables guest OSs to run in isolation of other OSso Run multiple types of OSs
Increases utilization of physical servers Enables portability of virtual servers betweenphysical servers
Increases security of physical host server
Web Services
7/29/2019 Yesha Sivan
71/93
Web Services
Web Serviceso Self-describing and stateless modules that perform discrete
units of work and are available over the networko Web service providers offer APIs that enable developers to
exploit functionality over the Internet, rather than deliveringfull-blown applications. - Infoworld
o Standards based interfaces (WS-I Basic Profile) e.g., SOAP, WSDL, WS-Security Enabling state: WS-Transaction, Choreography
o Many loosely coupled interacting modules form a singlelogical system (e.g., legos)
Service Oriented Architectures
7/29/2019 Yesha Sivan
72/93
Service Oriented Architectureso Model for using web services
service requestors, service registry, service providerso Use of web services to compose complex,
customizable, distributed applicationso Encapsulate legacy applicationso Organize stovepiped applications into collective
integrated serviceso Interoperability and extensibility
Web application frameworks
7/29/2019 Yesha Sivan
73/93
Coding frameworks for enabling dynamic web siteso Streamline web and DB related programming operations
(e.g., web services support)o Creation of Web 2.0 applications
Supported by most major software languages Example capabilities
o Separation of business logic from the user interface (e.g.,Model-view-controller architecture)
oAuthentication, Authorization, and Role Based Access
Control (RBAC)
o Unified APIs for SQL DB interactionso Session managemento URL mapping
Wikipedia maintains a list of web application
Free and Open Source Software
7/29/2019 Yesha Sivan
74/93
External mega-clouds must focus on usingtheir massive scale to reduce costs
Usually use free softwareo Proven adequate for cloud deploymentso Open sourceo Owned by provider
Need to keep per server cost lowo
Simple commodity hardware
Handle failures in software
Public Statistics on Cloud Economics
7/29/2019 Yesha Sivan
75/93
Cost of Traditional DataCenters
7/29/2019 Yesha Sivan
76/93
Centers
11.8 million servers in data centers Servers are used at only 15% of their capacity 800 billion dollars spent yearly on purchasing and
maintaining enterprise software
80% of enterprise software expenditure is oninstallation and maintenance of software
Data centers typically consume up to 100 times moreper square foot than a typical office building
Average power consumption per server quadrupledfrom 2001 to 2006.
Number of servers doubled from 2001 to 2006
Energy Conservation and DataCenters
7/29/2019 Yesha Sivan
77/93
Centers
Standard 9000 square foot costs $21.3 millionto build with $1 million in electricity costs/year
Data centers consume 1.5% of our Nations
electricity (EPA)o .6% worldwide in 2000 and 1% in 2005
Green technologies can reduce energy costs
by 50%
IT produces 2% of global carbon dioxideemissions
Cloud Economics
7/29/2019 Yesha Sivan
78/93
Estimates vary widely on possible cost savings If you move your data centre to a cloud provider, it will
cost a tenth of the cost. Brian Gammage, GartnerFellow
Use of cloud applications can reduce costs from 50%to 90% - CTO of Washington D.C.
IT resource subscription pilot saw 28% cost savings -Alchemy Plus cloud (backing from Microsoft)
Preferred Hotelo Traditional: $210k server refresh and $10k/montho Cloud: $10k implementation and $16k/month
Cloud Economics
7/29/2019 Yesha Sivan
79/93
George Reese, founder Valtira andenStratuso Using cloud infrastructures saves 18% to 29%
before considering that you no longer need to buy
for peak capacity
Cloud Computing Case Studiesand Security Models
7/29/2019 Yesha Sivan
80/93
Google Cloud User:City of Washington D.C.
7/29/2019 Yesha Sivan
81/93
y g Vivek Kundra, CTO for the District (now OMB e-gov
administrator) Migrating 38,000 employees to Google Apps Replace office software
o Gmailo Google Docs (word processing and spreadsheets)o Google video for businesso Google sites (intranet sites and wikis)
It's a fundamental change to the way our governmentoperates by moving to the cloud. Rather than owning theinfrastructure, we can save millions., Mr. Kundra
500,000+ organizations use Google Apps GE moved 400,000 desktops from Microsoft Office to Google
Apps and then migrated them to Zoho for privacy concerns
Are Hybrid Clouds in our Future?
7/29/2019 Yesha Sivan
82/93
OpenNebula Zimory IBM-Juniper Partnership
o "demonstrate how a hybrid cloud could allowenterprises to seamlessly extend their privateclouds to remote servers in a secure publiccloud...
VMWare VCloudo Federate resources between internal IT and
external clouds
vCloud Initiative
7/29/2019 Yesha Sivan
83/93
Goal:o Federate resources between internal IT and
external cloudso
Application portability
o Elasticity and scalability, disaster recovery,service level management
vServices provide APIs and technologies
Microsoft Azure Services
7/29/2019 Yesha Sivan
84/93
Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das
Windows Azure Applications,Storage, and Roles
7/29/2019 Yesha Sivan
85/93
Cloud Storage (blob, table, queue)
Web RoleLB
n
Worker Role
m
Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das
Case Study: Facebooks Use of OpenSource and Commodity Hardware (8/08)
7/29/2019 Yesha Sivan
86/93
Jonathan Heiliger, Facebook's vice president oftechnical operations
80 million users + 250,000 new users per day 50,000 transactions per second, 10,000+ servers Built on open source software
o Web and App tier: Apache, PHP, AJAXo Middleware tier: Memcached (Open source caching)o Data tier: MySQL (Open source DB)
Thousands of DB instances store data in distributedfashion (avoids collisions of many users accessing the
same DB) We don't need fancy graphics chips and PCI cards," hesaid. We need one USB port and optimized power andairflow. Give me one CPU, a little memory and onepower supply. If it fails, I don't care. We are solving the
Case Study: IBM-Google Cloud(8/08)
7/29/2019 Yesha Sivan
87/93
Google and IBM plan to roll out a worldwidenetwork of servers for a cloud computinginfrastructure Infoworld
Initiatives for universities Architecture
o Open source Linux hosts Xen virtualization (virtual machine monitor)Apache Hadoop (file system)
open-source software for reliable, scalable, distributed computingo IBM Tivoli Provisioning Manager
Case Study: Amazon Cloud
7/29/2019 Yesha Sivan
88/93
Amazon cloud componentso Elastic Compute Cloud (EC2)o Simple Storage Service (S3)o SimpleDB
New Features
oAvailability zones Place applications in multiple locations for failovers
o Elastic IP addresses Static IP addresses that can be dynamically remapped to
point to different instances (not a DNS change)
Amazon Cloud Users:New York Times and Nasdaq (4/08)
7/29/2019 Yesha Sivan
89/93
Both companies used Amazons cloud offering New York Times
o Didnt coordinate with Amazon, used a credit card!o Used EC2 and S3 to convert 15 million scanned news articles to PDF
(4TB data)o Took 100 Linux computers 24 hours (would have taken months on NYT
computerso It was cheap experimentation, and the learning curve isn't steep. Derrick Gottfrid, Nasdaq
Nasdaqo Uses S3 to deliver historic stock and fund informationo Millions of files showing price changes of entities over 10 minute
segmentso The expenses of keeping all that data online [in Nasdaq servers] was too
high. Claude Courbois, Nasdaq VPo Created lightweight Adobe AIR application to let users view data
Case Study:Salesforce.com in Government
7/29/2019 Yesha Sivan
90/93
5,000+ Public Sector and Nonprofit Customers useSalesforce Cloud Computing Solutions
President Obamas Citizens Briefing Book Based onSalesforce.com Ideas applicationo Concept to Live in Three Weekso 134,077 Registered Userso 1.4 M Voteso 52,015 Ideaso Peak traffic of 149 hits per second
US Census Bureau Uses Salesforce.com CloudApplicationo Project implemented in under 12 weekso 2,500+ partnership agents use Salesforce.com for 2010 decennial censuso Allows projects to scale from 200 to 2,000 users overnight to meet peak
periods with no capital expenditure
Case Study:Salesforce.com in Government
7/29/2019 Yesha Sivan
91/93
New Jersey Transit Wins InfoWorld 100 Awardfor its Cloud Computing Projecto Use Salesforce.com to run their call center, incident management,
complaint tracking, and service portalo 600% More Inquiries Handledo 0 New Agents Requiredo 36% ImprovedResponse Time
U.S. Army uses Salesforce CRM for Cloud-basedRecruitingo U.S. Army needed a new tool to track potential recruits who visited its
Army Experience Center.o Use Salesforce.com to track all core recruitment functions and allows
the Army to save time and resources.
Questions?
P t M ll
7/29/2019 Yesha Sivan
92/93
Peter Mell NIST, Information Technology Laboratory Computer Security Division Tim Grance NIST, Information Technology Laboratory Computer Security Division
Contact information is available from:http://www.nist.gov/public_affairs/contact.htm
Cloud: 2020 Ala Yesha
7/29/2019 Yesha Sivan
93/93
1.90% of what we will use in computer -- will bebased on cloud. (application)
2.99% of data will be stored in the cloud.3.No such thing as private or public. Just cloud.4.Rate of innovation with cloud.
5.Rate ofcollaboration with cloud.6.Multiple sensors (input and output).7.New ways to pay for services.8.The device is not critical9.No need to fix. Tools that work!10. Security!!! will not be an issue!!!! trust me :-)11. Lock in with your cloud vendor!!!