Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
User Requirements for Cloud Computing Architecture Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Computer Science, ANU and in Cyberspace Law amp Policy, UNSW nd International Symposium on Cloud Computing Melbourne, May http//www.rogerclarke.com/II/CCSA .html,.ppt The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again. Copyright User Requirements for Cloud Computing Architecture AGENDA Copyright Precursors / Related Concepts A Working Definition An Architectural Framework User Benefits Disbenefits and Risks Operational Contingent Security Business Implications The Gartner HypeCycle for Emerging Technologies QuickTime and a TIFF ncompressed decompressor are needed to see this picture. quot ... a snapshot of the relative maturity of technologies ... quotThey highlight overhyped areas against those that are high impact, estimate how long they will take to reach maturity, and help organizations decide when to adoptquot Copyright ..TIFF r QuickTi c r ss t s r ss r t is ictur .bl gs t. r.ist ryt r ug g rt .. v rl b..c ///.y . c Copyright tt // . t l i . Quic Time and a TIFF ncompressed decompressor are needed to see this picture..jpg .lostinthemagicforest...uploads///gartner.com/blog/wpcontent/.. . Copyright http//www. uic Time and a T FF ncompressed decompressor are needed to see this picture.html .mediahistorythroughgartnerhype...blogspot.com///... Copyright . http//adverlab. com/it/page.jspid .Copyright The Gartner HypeCycle http//www.gartner. On the Rise Cloud Services Governance CloudDriven Profl IT Services.Gartner Hype Cycle for Cloud Computing July US .com/DisplayDocumentidamprefgsitelink .gartner. Solutions Cloud Computing/SaaS Integration Cloudbursting/Overdraft Cloud Service Management Tools Teraarchitectures Virtual Private Cloud Computing Application Platform as a Service Cloud Computing for the Enterprise DBMS in the Cloud Private Cloud Computing Business Process Utility Hybrid Cloud Computing Cloud Application Development Tools CloudBased EMail Services CloudEnabled BPM Platforms Cloud Security Concerns Cloud Storage At the Peak Elasticity Enterprise Portals as a Service Cloud/Web Platforms Compute Infrastructure Services In the Cloud Security Services Cloud Computing Public Cloud Computing/the Cloud Sliding Into the Trough RealTime Infrastructure IT Infrastructure Utility SaaS Climbing the Slope SaaS Sales Force Automation Virtualization Cloud Advertising Grid Computing Integration as a Service Copyright http//www. pp. e.g. Salesforce Cluster Computing interconnected standalone computers are managed as a single integrated computing resource Grid Computing computational resources are assigned dynamically PeertoPeer PP architectures ServerVirtualisation Infrastructure as a Service IaaS Platform as a Service PaaS Anything as a Service aaS / AaaS . s Application Service Providers ASPs s working from home / telework s working on the move / road warrior s docking portables to corporate networks portabletodesktop synchronisation Internet Service Providers ISPs late s Web Services ServiceOriented Architecture SOA earlytomids Copyright Software as a Service SAAS late s.Predecessor Terms Related Concepts Computing as a utility / computer service bureaux / data centres s. from anywhere. storage. automated response by servers to direct requests by clients broad network access i.e. dynamicallyscalable. resource usage is metered .Cloud Computing Definitions quota largescale distributed computing paradigm that is driven by economies of scale. resources are scalable according to demand Copyright measured service i.e. . in which a pool of abstracted. October ondemand selfservice i.e. rather than assigning resources to particular clients rapid elasticity i.e. virtualized. managed computing power. at the Grid Computing Environments Workshop five essential characteristics NIST. the provider allocates resources according to demand. using any device resource pooling i.e. and services are delivered on demand to external customers over the Internetquot oster et al. platforms. e. i. at least re the quantum used Copyright . nor where the hosting device is located the service is acquired under a relatively flexible contractual arrangement.The User Organisation Perspective A Working Definition A service that satisfies all of the following conditions it is delivered over a telecommunications network users place reliance on the service for data access and/or data processing the data is under the legal control of the user some of the resources on which the service depends are virtualised. the user has no technical need to be aware which server running on which host is delivering the service. Cloud Computing is a Form of Outsourcing How is it different from earlier forms Scalability there when its needed Flexible Contractual Arrangements pay per use Opaqueness let someone else worry about details which means less user control of the application. through resourcevirtualisation Copyright . through SLA dependence assuming theres an SLA. through commoditisation of service levels. and its negotiable of host location. Sample Architectures Q i Ti TIFF LZW r t r t i r i t r . Toward a Unified Ontology of Cloud Computing Proc. Grid Computing Environments Workshop. amp Da Silva D. April Youseff L. Butrico M.. Copyright . CSA Security Guidance for Critical Areas of Focus in Cloud Computing Cloud Security Alliance. Q i Ti TIFF LZW r t r t i r i t r . S.. Highlevel marketoriented Cloud architecture Copyright Buyya R. amp Brandic I.. Broberg J.QuickTi TIFF c r ss r r t s t is ictur . Yeo C. Fig. and reality for delivering computing as the th utility Future Generation Computer Systems January . hype. Venugopal S.. Cloud computing and emerging IT platforms Vision. WebBrowsers Platform System Sware User Device Intermediating Infrastructure Cloud Manager ClientSide Infrastructure Copyright Cloud Infrastructure .CC Architecture The User Organisation Perspective Organisation Broker Client App Utility Software esp. quot amp quot amp rg i tio ro r Ci t pp quot Co r r pp amp ti ity ot r p ro t or y t r r g r Co r tr t r amp i r Co t or Ho t Ci t i r tr t r t r i ti g r tr t r r r i r tr t r amp amp amp Copyright A Comprehensive CC Architecture t po i y r pi t . CCs Potential Benefits Enhanced Service Accessibility Access to Services that are otherwise unavailable Access to Services from multiple desktop devices Access to Services from scaleddown devices Access to Services from multiple devicetypes Other Technical Benefits Professionalised backup and recovery Scalability Collaboration convenience Copyright convenience Financial Benefits Lower Investment / upfront cost Lower Operational Costs Lower IT Staff Costs Copyright . Downsides The User Perspective Operational Disbenefits and Risks Dependability on a daytoday basis Contingent Risks Low likelihood / Potentially highly significant Security Risks Security in the broad Business Disbenefits and Risks Beyond the merely technical Copyright . mods Copyright .Operational Disbenefits and Risks Fit to users needs. integrity after bugfixes. reliability. and customisability Reliability continuity of operation Availability hosts/server/database readiness/reachability Accessibility network readiness Robustness frequency of un/planned unavailability uptime hrs/wk offline Resilience speed of resumption after outages Recoverability service readiness after resumption Integrity sustained correctness of the service. and the data Maintainability fit. Contingent Risks Major Service Interruptions Service Survival supplier collapse or withdrawal Safeguards include software escrow. data formats Flexibility Customisation orwardcompatibility to migrate to new levels Backward compatibility to protect legacy systems Lateral compatibility to enable escape Copyright . escrow inspection. protocols. versions. rights that are proof against actions by receivers Data Survival data backup/mirroring and accessibility Compatibility software. proven recovery procedures. but chokepoints will exist Copyright . secondparty and thirdparty threats to content. secondparty and thirdparty threats to any aspect of reliability or integrity Data Security Environmental.Security Risks Service Security Environmental. while denying access to imposters Susceptibility to DDOS Multiple. separate servers. both in remote storage and in transit Authentication and Authorisation How to provide clients with convenient access to data and processes in the cloud. Copyright unauthorised disclosure. financial services regulations. Storage in Data Havens India.Business Disbenefits and Risks Acquisition Lack of information. law of confidence. ThirdParty data breach. because of high switching costs Highvolume data transfers large datasets. replication/synchn Service Levels to the Organisations Customers Legal Compliance Data protection law. business continuity. due diligence. Arkansas . risk management Privacy Breach Content Access. Company Directors obligations re asset protection. nonnegotiability of terms of contract and SLA Ongoing Usage Loss of corporate knowledge about apps. Use. costs to deliver Inherent lockin effect. Retention SecondParty serviceprovider abuse. evidence discovery law. IT services. Copyright ..Some Risk Management Strategies Risk Assessment Contract Terms Service Level Agreement SLA MultiSourcing Parallel inhouse service Several compatible suppliers .. g.ITILv SLA Checklist Edited Down . Required types and levels of support . SLA .itprocessmaps. Procedures for announcing interruptions to the service . Onsite support . Estimation of the business impact caused by a loss of service or assets . Customer . Maintenance slots . Duties of the customer contract partner for the service . Service level requirements/ targets . Types of users . Rules for penalties/ charge backs . Identification of businesscritical assets connected with the service . Desired outcome in terms of warranty . Desired outcome in terms of utility . Mandated technical standards and spec of the technical service interface . Responsibilities of service users e. Time within which normal service levels must be restored . Business processes/ activities oncust side supported by the service . Response times from applications . Cost for the service provision . Service and asset criticality . Area/ locations . Service name . Description/ desired customer outcome . Numbers and types of users . Required capacity lower/upper limit for the service. Other critical assets used within the service .g.com/index. weekends. Types of users user groups granted access to the service . Reference to further contracts which also apply e. Requirements for scalability . Rules regarding termination of the agreement . Duties of the service provider . Capacity/ performance targets and commitments . Vital Business unctions VBFs supported by the service . Service Continuity commitments . List of annexes Copyright http//wiki. Requirements regarding capacity and performance reporting . Restrictions on maintenance . weekly and seasonal variations . Contract duration . e. Remote support . Time within which a defined level of service must be reestablished . public holidays .g. Maintainability targets usually defined as MTRS . Availability targets . Reaction and resolution times . Responsibilities .php/ChecklistSLAOLAUC . Conditions under which the service is considered to be unavailable . Hours when the service is available . Service Level Manager . with respect to IT security . Downtimes for maintenance . Area/ locations . Reaction and resolution times . Types of infrastructure to be supported . Clearance information with location and date . Start and end dates . Business cycles daily. Numbers and types of transactions .en. Reliability targets usually defined as MTBF or MTBSI . Service times . Exceptions e. Requirements regarding availability reporting . Availability targets and commitments . Change history . Business justification . . Costs and pricing . Types of infrastructure to be supported .g. IT Security aspects to be observed when using the service . terms of service and SLA if any But who audits and certifies Copyright .User Requirements Essential Features Assured Data Integrity Assured Service Integrity Assured Compliance with legal requirements within jurisdictions to which the user organisation is subject Warranties and indemnities in the contract. UP CC is applicable depending ... and adjuncts to analysis and decisionmaking. can the risks be adequately understood and managed tradeoffs between potential benefits vs. contingent risks against costadvantages. uncontrollable risks Copyright .Categories of UseProfile UP CC is completely inappropriate missioncritical systems systems embodying the organisations core competencies applications whose failure or extended malperformance would threaten the organisations health or survival UP CC is very wellsuited Uses of computing that are highly pricesensitive. convenience. not essential operations Trade off loss of control. uncertain reliability. scalability. etc. Privacy Policy Enforcement Measures. Compliance Assurance Service Security Service Access Controls Data Transmission Security Data Storage Security Data Use by serviceprovider Data Disclosure by others Jurisdictional Locations of Data Storage Service Reliability Levels Service Survival Protections Data Survival Protections Service and Data Compatibility Service and Data Flexibility .User Requirements for CC Infrastructure . Integrity Assurance . Measurement Service Integrity Data Integrity . Declaration. to enable Copyright Server Privacy Policy Statement User Privacy Rqmts Statement Comparison of the two Preclusion of Usage where Requirements are not satisfied . OpenID Jurisdictional Locations of Hosts must be controlled These all depend on CCAs including specs and implementation of multiple specialpurpose components and features Privacy management must go beyond privacy through policy and privacy by design to Privacy through Architecture Copyright .Implications for Cloud Computing Architectures CCAs must be comprehensive. but also the client side and intermediating functions Security Risk Assessments and Solutions must be endtoend rather than limited to the server side CCA designers must address the risks arising from vulnerable user devices and vulnerable clients Client authentication must be achieved through components. encompassing not only the server side. and externallymanaged identities Shibboleth. APIs. UC Berekeley CC may be just another marketing buzzphrase that leaves corporate wreckage in its wake CC serviceproviders need to invest a great deal in many aspects of architecture.. applications.Conclusion quotPast efforts at utility computing failed. and we note that in each case one or two . and terms of contract and SLA Copyright . critical characteristics were missingquot Armbrust et al. .. infrastructure. p. UNSW nd International Symposium on Cloud Computing Melbourne.html. and then open the file again. or the image may have been corrupted. If the red x still appears. Canberra Visiting Professor in Computer Science. Copyright . ANU and in Cyberspace Law amp Policy. Xamax Consultancy.com/II/CCSA . Restart your computer.User Requirements for Cloud Computing Architecture Roger Clarke.ppt The image cannot be displayed. you may have to delete the image and then insert it again.rogerclarke. Your computer may not have enough memory to open the image.. May http//www.