Part 2: Dynamic Interactions and Computing Architectures > Overview > Video
- You have been introduced to the various basic cloud deployment and service models and have seen that these models can be assembled into an immense space of combinations.
- It is important to understand the common benefits and risks in adopting any cloud computing service model from this vast solution space.
- Studying the architecture and dynamic behavior of each service model is critical to this understanding.
- There are specific opportunities and risks to each of the three service models, and these must be well understood before adoption.
Part 2: Dynamic Interactions and Computing Architectures > Service, Deployment, Scope, and Control > Video
- With Platform as a Service, or “PaaS”, the consumer deploys consumer-created or -acquired applications onto the cloud infrastructure using programming languages and tools provided by the provider.
- The consumer does not manage or control the underlying cloud infrastructure such as network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.
- The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications and limited control of certain networking components, such as host firewalls.
- The private cloud may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.
- With a community cloud the infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns, such as shared mission, security requirements, policy, and compliance considerations.
- The cloud may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of these, and it may also exist on or off premises.
- The public cloud exists on the premises of the cloud provider, for example, a university.
- Finally, in a hybrid cloud the infrastructure is a composition of two or more distinct cloud infrastructures, -private, community, or public- which remain unique entities, but are bound together by standardized or proprietary technology.
- Recall from out discussion in Cloud Computing, Part 1, that the private and community deployment models have two variants: on-site, and outsourced.
- The arrows denote the approximate range of the provider’s and consumer’s scope and control over the cloud environment for each service model.
- In general, the higher the level of support available from a cloud provider, the more narrow the scope and control the cloud consumer has over the system.
- The platform architecture layer is composed of compilers, libraries, utilities, middleware, and other software tools and development components needed to implement and deploy applications.
- Finally, the application layer represents deployed software that is targeted towards end-user software clients or other programs, and made available via the cloud.
Part 2: Dynamic Interactions and Computing Architectures > SaaS Interaction Dynamics and Software Stack Control > Video
- The figure depicts a cloud providing services to two clients, C1 and C2. In a private cloud, the clients will belong to a single consumer organization.
- In side I of the figure, client C1 is currently using two applications, B and C. To execute the apps for client C1, the cloud provider has allocated two execution resources, exr1 and exr2, with exr1 supplying the processing power and other resources to run application B and exr2 supplying the processing power and other resources to run application C. An execution resource could be a computer, a virtual machine, or a program that can service client requests, start a virtual machine, or even rent computing cycles and storage from another organization.
- As shown in side II of the figure, when an additional client requests applications from the cloud, the cloud provider allocates extra execution resources to support the requested applications.
- In the center we see a traditional software stack comprising layers for the hardware, operating system, middleware and applications.
- If a provider supplies an email application, the consumer will typically have the ability to create, send, and store email messages.
- A provider is responsible for deploying, configuring, updating, and managing the operation of the application so that it provides expected service levels to consumers.
- Middleware components may provide database services, user authentication services, identity management, account management, and much more.
Part 2: Dynamic Interactions and Computing Architectures > SaaS Benefits, Issues and Concerns, Suitability, and Recommendations > Video
- SaaS clouds provide scalability and shift significant burdens from consumers to providers, resulting in a number of opportunities for greater efficiency, performance, and reduced costs.
- Applications are easier to install, present less configuration interference and have lower software distribution costs than shrink wrapped software.
- Because SaaS providers implement and host new application features and provide the server side hardware that runs them, consumers are less likely to need hardware upgrades to use new features.
- Compared to traditional computing and software distribution solutions, outsourced and public SaaS clouds perform more application-level logic at provider facilities.
- These constraints raise a number of issues and concerns, and affect the types of applications that are good fits for SaaS.
- The availability of a SaaS application depends on a reliable and continuously available network.
- Customized workflow and business rules, user interface and application settings, support scripts, data extensions, and add-ons developed over time can also be provider specific and not easily transferable.
- SaaS applications can work well when there is reliable, low-latency networking with adequate bandwidth to import and export expected quantities of consumer data.
- The performance with respect to latency and data transfer speed varies depending on the type of application.
- Numerous SaaS service offerings exist in the following broad areas: Business logic applications connect businesses with their suppliers, employees, investors, and customers.
- Office productivity applications such as word processors, spreadsheet programs, presentation programs, and database programs often offer collaboration features missing from traditional office productivity applications.
- Unsuitable application classes include, real-time software because of the variable response times that SaaS systems may experience, applications that involve bulk-consumer-data because of difficulties in transferring large amounts of data in a timely fashion and critical software meaning, software in which failure could involve loss of life or significant property.
- To conclude our discussion of software as a service, consider the following recommendations while evaluating any provider’s services: Analyze the provider’s data protection mechanisms, data location configuration and database organization/transaction processing technologies, and determine whether they will meet the confidentiality, compliance, integrity and availability needs of the organization.
- Require that strong encryption be used for Web sessions whenever the subscribed application requires the confidentiality of application interaction and data transfers.
Part 2: Dynamic Interactions and Computing Architectures > PaaS Dynamics and Software Stack Control > Video
- The cloud provider also maintains a set of development tools, and a set of execution environments.
- In figure IV the administrator releases the modified version of application D, and soon after, another client authenticates and begins running application D on execution environment exr3.
- As with the case of a SaaS provider, an execution environment might be a physical computer, a virtual machine, a running server program that can service client requests, the ability to start a virtual machine, or even the ability to rent computing cycles and storage from another organization.
- The provider operates and controls the lowest layers, that is, the operating system and hardware.
- The provider allows consumer access to middleware through programming and utility interfaces.
- These interfaces provide the execution environment within which consumer applications run and provide access to certain resources such as CPU cycles, memory, persistent storage, data stores, data bases, network connections, etc.
- The provider determines the circumstances under which consumer application code gets activated, and monitors the activities of consumer programs for billing and other management purposes.
Part 2: Dynamic Interactions and Computing Architectures > PaaS Benefits, Issues and Concerns, Suitability, and Recommendations > Video
- In the public and outsourced PaaS scenarios a cloud provider can locate cloud infrastructure cost effectively, and consumers can access services over the open Internet.
- PaaS deployments also place significant burdens on consumer browsers or thin clients to maintain reliable and secure connections to provider systems and to maintain separation between different PaaS applications and accounts.
- PaaS clouds thus share SaaS issues and concerns including: Browser-based risks due to vulnerabilities in browsers and cryptographic key strength, the variability of network speed and reliability, and the uncertain inefficiencies of scale when migrating from small, localized execution environments to broad scale distributed cloud environments.
- Portability is a concern for new application development, particularly when platforms require proprietary languages and run-time environments.
- Such a strategy incurs costs and also does not entirely mitigate the risks since a general interface that hides provider-specific variations will likely limit the use of provider-specific value added features, thus resulting in a “Lowest common denominator” for application features.
- PaaS applications must explicitly use cryptography, and must interact with the presentation features of common Web browsers that provide output to consumers.
- PaaS toolkits and services can be used to develop a wide variety of applications that can be used as software services.
- Therefore the application classes that for PaaS are essentially the same as those for SaaS including business logic, collaboration, office productivity and software tools.
- The following other considerations should be made before employing any platform services: Evaluate whether the application infrastructure interfaces provided are sufficiently generic to support portability and interoperability of the application.
- Candidate systems should work with standard data access protocols such as SQL. Analyze the provider’s data protection mechanisms, data location configuration and database organization/transaction processing technologies, and assess whether they will meet the confidentiality, compliance, integrity and availability needs of the organization.
Part 2: Dynamic Interactions and Computing Architectures > IaaS Abstract Interaction Dynamics and Software Stack Control > Video
- Here we see that client A has access to vm1 and vm2, and client B has access to vm3.
- Side II of the figure shows the situation just after a new client, C, has requested and received access to three more VMs. At this point, client C has access to vm4, vm5 and vm6, and the provider now retains only vm7 through vmn.
- Practical IaaS cloud systems also provide persistent data storage and stable network connectivity.
- As shown in the figure, the provider maintains total control over the physical hardware and administrative control over the hypervisor layer.
- The consumer may make requests to the cloud to create and manage new VMs but these requests are honored only if they conform to the provider’s policies over resource assignment.
- The consumer will typically maintain complete control over the operation of the guest operating system in each VM, and all software layers above it.
- While this structure grants very significant control over the software stack to consumers, consumers consequently must take on the responsibility to operate, update, and configure these traditional computing resources for security and reliability.
Part 2: Dynamic Interactions and Computing Architectures > IaaS Operational View > Video
- The top layer, the Cloud Manager is responsible for user accounts and high-level allocation of resources within the overall cloud.
- At the mid-layer are Cluster Managers with responsibility over large numbers of computers and their interconnection, as well as local storage.
- The Cloud Manager includes mechanisms for authenticating consumers, and for generating or validating access credentials that consumers then employ when communicating with their virtual machines.
- The Cloud Manager also performs top-level resource allocation; when a consumer issues a command to rent a number of resources, the Cloud Manager must determine if the cloud has enough free resources to satisfy the request, and if so, which Cluster Manager have some or all the resources.
- If the request can be satisfied, the Cloud Manager must commit to the allocation of the resources at the participating Cluster Managers, and must coordinate the setup of virtual networking so that the consumer can uniformly access all resources.
- These constraints imply a structure with close ties between the DOS and the Cloud Manager, and with wide-area network access from the DOS to running virtual machines as well as external systems.
- A Cluster Manager receives resource allocation commands and queries from the Cloud Manager, and calculates whether part or all of a command can be satisfied using the resources of the computers in the cluster.
- A Cluster Manager queries the Computer Managers for the computers in the cluster to determine resource availability, and returns messages to the Cloud Manager on whether part, or all, of a request can be satisfied in a cluster.
- If subsequently directed by the Cloud Manager, a Cluster Manager then instructs the Computer Managers to perform resource allocation, and reconfigures the virtual network infrastructure to give the consumer uniform access.
- In response to queries from its Cluster Manger, a Computer Manager returns status information including how many virtual machines are running and how many can still be started.
- In response to commands issued from its Cluster Manager, a Computer Manager uses the command interface of its hypervisor to start, stop, suspend, and reconfigure virtual machines, and to set the local virtual network configuration.
Part 2: Dynamic Interactions and Computing Architectures > IaaS Benefits > Video
- In general, IaaS places more system management responsibility on consumers than either SaaS or PaaS since consumers need to manage the VMs and virtualized infrastructure and need to perform system administrator work.
- Access to cloud resources over the network takes essentially three distinct forms: administrative commands to the cloud provider, administrative commands to virtual machines, and user interaction with virtual machines using network services.
- In addition to providing the functionality of raw hardware access, public and outsourced consumers can quickly rent and then release large numbers of VMs or other cloud resources.
- Finally, because consumers can install and run operating systems of their choosing, a high level of compatibility can be maintained between legacy applications and workloads.
Part 2: Dynamic Interactions and Computing Architectures > IaaS Issues and Concerns, and Recommendations > Video
- As with PaaS and SaaS, IaaS clouds depend on a secure and reliable network, and also often depend on a secure and reliable browser for account administration.
- By allowing consumers to run legacy software systems in the providers’ infrastructures, IaaS clouds expose consumers to all of the security vulnerabilities of those legacy software systems.
- IaaS systems allow consumers to create and potentially retain many VMs in various states, such as running, suspended, and off.
- The consumer’s browser will typically use public key encryption to establish a private link to the cloud provider, but it is a consumer’s responsibility to check the identity of the cloud Web site to ensure that the private link is not with an imposter.
- To prevent undesirable interactions between consumers, the cloud network must prevent a consumer from observing any packets sent in the cloud by other consumers, and must also reserve sufficient bandwidth to ensure that each consumer has the expected level of service.
- Analyze the provider’s data protection mechanisms, data location configuration and processing technologies, and assess whether they will meet the confidentiality, compliance, integrity and availability needs of the organization that will be using the provider’s infrastructure.
- Formulate a strategy for future migration of virtual machines and their associated storage among alternate cloud providers.
Part 2: Dynamic Interactions and Computing Architectures > Summary of Part 2 > Video
- Let’s summarize the key points of the course: There are common benefits and risks in adopting any cloud computing service model, and it is important to understand these.
- There are specific opportunities and risks to each of the three service models, and these must be well understood before adoption.