SlideShare una empresa de Scribd logo

Cloud Architecture

Arief Gunawan
Arief Gunawan

Cloud Architecture: An Cloud Computing Course by Arief Hamdani Gunawan

TecnologíaEmpresariales
1 de 81
Descargar para leer sin conexión
Cloud Architecture (half day edition) An Cloud Computing Course IT Telkom, 11 August 2012 Arief Hamdani Gunawan
Scope • The scope of this Course is to define the functional requirements and reference architecture of cloud computing, which includes the functional architecture, functional layers and blocks.
Contents • Cloud architecture • Cloud computing reference requirements architecture – Functional • Cloud computing reference blocks architecture - Layering – User layer framework – Access layer – Cloud architecture layering – Services layer – User layer – Resources and network layer – Access layer – Cross-layer functions – Services layer • Service architecture for – Resources and network layer desktop as a service (DaaS) – Cross-layer functions – Main functions of the DaaS service architecture – Interaction process between client and functional components of the DaaS
Contents • Cloud architecture • Cloud computing reference requirements architecture – Functional • Cloud computing reference blocks architecture - Layering – User layer framework – Access layer – Cloud architecture layering – Services layer – User layer – Resources and network layer – Access layer – Cross-layer functions – Services layer • Service architecture for – Resources and network layer desktop as a service (DaaS) – Cross-layer functions – Main functions of the DaaS service architecture – Interaction process between client and functional components of the DaaS
Cloud architecture requirements • The cloud architecture must meet several requirements to enable sustained innovation and development of cloud services. • With multiple stakeholders involved, the cloud architecture must be flexible to fit the needs of infrastructure CSPs, CSPs and service resellers.
Cloud architecture requirements: 1 The following high-level requirements are broadly envisioned for the cloud architecture: 1. Cloud deployments will have to support many standards within the same cloud infrastructure, e.g. in terms of resource allocation, orchestration, or CSU access. – The cloud architecture must allow and support the evolution of these standards, without requiring disruptive infrastructure changes from the CSP perspective.
Cloud architecture requirements: 2 2. A cloud CSP must be able to support multiple standards within the same architecture and migrate to a newer standard if they so wish, without having to change everything in the CSP network or lose the existing customer base.
Cloud architecture requirements: 3 3. Broadband access is fundamental in making cloud services viable. – The cloud architecture may benefit from integration with the support of network resource reservation and guaranteed QoS capabilities through the network over which services are delivered. – Without the network access guaranteeing bounded delay, jitter, bandwidth, and reliability, the cloud experience for CSUs may be worse than the intranet experience.
Cloud architecture requirements: 4 4. The cloud architecture must enable multiple deployment models, cloud service categories and use cases, some currently known and others to be envisioned in the future. – Currently known cloud service categories include IaaS, PaaS, SaaS, CaaS, and NaaS, and it is possible that these will also co-exist in the same cloud deployment. – The same architecture must allow a CSP to provide either all, or a subset, of these services.
Cloud architecture requirements: 5 5. For private and hybrid cloud operations, cloud services must appear like intranet services. – This means a user must be able to access resources using the same domain names as on the intranet. – Hosts and resources that have been migrated from private to public clouds should be accessed transparently where they are being currently hosted.
Cloud architecture requirements: 6 6. The cloud architecture must enable early detection, diagnosis and fixing of infrastructure or service-related problems.
Cloud architecture requirements: 7 7. CSUs must be able to (request) audit CSP’s services and get assurance that the agreed- upon SLAs are being complied with. – To that end, the cloud architecture must enable, among others, service-level monitoring of resources allocated to a user and generate SLA compliance reports.
Cloud architecture requirements: 8 8. Cloud resource allocations should be invisible to the CSUs, even though services are visible. – A CSP may choose to expose service-operation details without having to share cloud internal infrastructure allocation and provisioning details. – This is important for a CSP for security and business reasons.
Cloud architecture requirements: 9 9. Users consuming cloud services must be able to control cloud resource access to the CSP transparently, and enable IT procedures to work without compromise in legal or organizational mandates. – This includes, for instance, the ability to dynamically add or remove a user from access to a cloud without CSP intervention.
Cloud architecture requirements: 10 10. The cloud architecture must enable intranet- level security on the network. – This may include access records, activity reports, session monitoring, and packet inspections on the network. – It must also include firewalling, access control and malicious attack detection and prevention. – Prevention of one user disrupting others’ services is paramount.
Cloud architecture requirements: 11 11. The cloud architecture must support cloud resource mobility which includes virtual machine mobility within a Performance- Optimized Data centre (POD) or data centre, between PODs or data centres within the same CSP’s infrastructure, or between different CSPs’ infrastructures, or from a CSU to a CSP.
Cloud architecture requirements: 12 12. Resource mobility depends upon being able to treat an entire network as a single entity, which implies the need of the cloud architecture to scale. – With a huge number of computing, storage and network resources, and an even greater number of virtualized resources, the cloud architecture must have scalability as a primary requirement.
Cloud architecture requirements: 13 13. Naming extensions are necessary to meet cloud needs. – Users who move their private resources into the cloud may need to access their resources by the same names as they did prior to those resources being migrated. – Since hosts are associated with user’s domain names, it is necessary to translate the user’s domain names into cloud names.
Cloud architecture requirements: 14 14. Cloud-service deployment needs to be automated in order to support scalable resource operations, including configuration, provisioning, charging, etc. – In a typical scenario, a user would want to specify the computing, storage and virtual machine (VM) resources needed, as well as the network resources. – This includes how the network resources should be reserved, configured and managed during lifetime for optimized connectivity between the distributed computing, storage and VM resources, and finally retired.
Contents • Cloud architecture • Cloud computing reference requirements architecture – Functional • Cloud computing reference blocks architecture - Layering – User layer framework – Access layer – Cloud architecture layering – Services layer – User layer – Resources and network layer – Access layer – Cross-layer functions – Services layer • Service architecture for – Resources and network layer desktop as a service (DaaS) – Cross-layer functions – Main functions of the DaaS service architecture – Interaction process between client and functional components of the DaaS
CC Reference Architecture Layering Framework • Cloud Architecture Layering shows the cloud layering framework that is defining the layers of the cloud functional architecture. • These functional layers in the architecture are derived by grouping cloud related functions.
Cloud Layering Framework
User Layer (1/2) • The User Layer performs interaction between the CSU and the cloud infrastructure. – The User Layer is used to • setup secure mechanism with cloud, • send cloud service requests to cloud and receive cloud services from cloud, • perform cloud service access, • administrate and • monitor cloud resources. – When the cloud receives service requests, it orchestrates its own resources and/or other clouds’ resources (in case of other clouds’ resources via the inter-cloud function) and provides back cloud services through the User Layer.
User Layer (2/2) • The User Layer is where the CSU resides. – The CSU is an essential actor of the cloud ecosystem. It represents the entities that use the services offered by the CSP. – A CSU may use a service directory from a CSP and after setting up appropriate contract would use the services accordingly.
CSU • CSUs demand SLAs. SLAs govern the characteristics of the services provided by CSPs. – SLAs govern many aspects of the services provided, for example QoS, governance, security, performance and data portability. • The CSU typically consumes services in five service categories: – CaaS – SaaS – PaaS – IaaS – NaaS
Access Layer • The access layer provides a common interface for both manual and automated cloud service capabilities and service consumption. • The access layer accepts – CSU’s cloud service consumption requests and/or – CSN’s cloud service consumption requests and/or – other CSP’s cloud service consumption requests using cloud APIs to access CSPs’ services and resources.
Service Layer • The Services Layer is where the CSP orchestrates and exposes services of the five cloud service categories. • It is the entity responsible for making a service available to interested parties. • The Cloud Service Layer manages the cloud infrastructure required for providing the services, runs the software that implements the services, and arranges to deliver the cloud services to the CSU through network access
Service Layer: SaaS and CaaS • For Saas or CaaS, the services layer deploys, configures, maintains and updates the operation of the software or communication applications on a cloud infrastructure so that the services are provisioned at the expected service levels to the layers above.
Service Layer: PaaS • For PaaS, the services layer manages the cloud infrastructure for the platform and runs the software that provides the components of the platform, such as runtime software execution stack, databases, and other middleware components. • The CSP of PaaS services typically also supports the development, deployment and management process of the CSUs of PaaS services by providing tools such as integrated development environments (IDEs), software development kits (SDKs), deployment and management tools. • The CSUs of PaaS services have control over the applications and possibly some of the hosting environment settings, but has no or limited access to the underlying infrastructure .
Service Layer: IaaS • For IaaS, the services layer controls the resources underlying the service, including the servers, networks, storage and hosting infrastructure. • The services layer then runs the software necessary to makes the resources available to the CSUs of IaaS services through a set of service interfaces and resource abstractions, such as virtual machines and virtual network interfaces.
Service Layer: NaaS • For NaaS, the services layer uses the underlying networking and transport facilities to deliver networking services in a cloud environment. • Examples are network virtualization services like VPNs (see Ecosystems NaaS definition).
Resources & Network Layer • The Resources and Network layer is where the physical resources reside. • This includes equipment typically used in a data center such servers, networking switches, storage, etc. • It also represents and houses the cloud core transport network functionality which is required to provide underlying network connectivity between the CSP and the CSUs. • CSUs can obtain cloud services through different network access devices, such as desktop computers, laptops, mobile phones, and mobile Internet devices. • The connectivity to cloud services is normally provided by CSPs. • Note that for a CSP to provide services consistent with the level of SLAs offered to the CSUs, it may require dedicated and/or secure connections between CSUs and CSPs.
Cross-Layer Functions • The Cross-Layer functions perform overall system management (i.e., operations, administration, maintenance and provisioning (OAM&P)) and monitoring, and provide secure mechanisms. • Secure mechanisms provide protections from threats to cloud computing services and infrastructure. – Secure mechanisms are required by both CSUs and CSPs to create a secure cloud environment.
Contents • Cloud architecture • Cloud computing reference requirements architecture – Functional • Cloud computing reference blocks architecture - Layering – User layer framework – Access layer – Cloud architecture layering – Services layer – User layer – Resources and network layer – Access layer – Cross-layer functions – Services layer • Service architecture for – Resources and network layer desktop as a service (DaaS) – Cross-layer functions – Main functions of the DaaS service architecture – Interaction process between client and functional components of the DaaS
CC Reference Architecture: Functional Blocks • Based on the layering framework shows the major functional blocks of the Cloud Computing Reference Architecture. • It is recognized that CSPs will decide which functional blocks are appropriate to their business, and how the chosen functional blocks are implemented.
CC Functional Reference Architecture User Layer Partner Administrator Cross-Layer User Function Function Function Functions Access Endpoint Inter Cloud Layer Function Function Operational Management Function SaaS / CaaS Cloud Services Performance PaaS Service Function Layer IaaS Orchestration NaaS Security & Privacy Function Resource Orchestration Resources & Pooling & VN VS VM Software & Virtual Path Virtualization Platform Assets Virtual Circuit Network Layer Physical Intra Cloud Storage Computing Core Transport Inter Cloud Resources Network Network Network
User Layer The user layer includes the end-user function, the partner function and the administrator function. • User function: The user function supports a CSU to access and consume cloud services • Partner function: The partner function enables the CSN relationship with CSP • Administrator function: The administrator function supports the enterprise administrator to manage and administrate cloud resources and services within business processes
Access Layer • The access layer includes the endpoint function and the inter-cloud function.
Access Layer: endpoint function (1/3) • The endpoint function controls cloud traffic and improves cloud service delivery. – This function, which has some similarity with the NGN border gateway function (located at the edge of the network), can perform traffic classification, packet marking and firewall.
Access Layer: endpoint function (2/3) • This function also provides internet domain names, ports and/or Internet addresses that are “published” to the user as endpoints from where the user can (a) view and (b) request services. – A published endpoint may internally “route” or “transform” the incoming service request to one or more service endpoints, based on CSP policy in effect. – For instance, a published endpoint may forward the request to a location nearest to the requestor.
Access Layer: endpoint function (3/3) • The endpoint function can include a subscription/publication functionality that is a subscribe-notify feature for publishing, and for obtaining notification of different cloud services and resource information from CSPs. • The endpoint function may route the requests to the inter-cloud function to be routed to external CSPs.
Access Layer: Inter-cloud function (1/3) • Cloud services are expected to be offered by CSPs on a global basis. To enable delivery of such services ubiquitously, a CSP will have to establish inter-cloud connections with other CSPs who offer these services in areas that are not within the preview of the original CSP. • Within functional view, the inter-cloud function is used to support the “inter-cloud” role as described in Cloud Ecosystem.
Access Layer: Inter-cloud function (2/3) • The inter-cloud function addresses different aspects of delivering any cloud service across two or more CSPs, including SLAs, resource management, performance, reliability and security; OAM&P; ordering and charging; service brokering and environmental sustainability.
Access Layer: Inter-cloud function (3/3) • The scope of the inter-connection is between two cloud domains (operated by two CSPs). • The inter-cloud function can be implemented in different manners, including inter-cloud peering, inter-cloud service broker and inter- cloud federation.
Inter-cloud function: Inter-Cloud Service Broker (1/3) • The Inter-cloud function can be implemented as inter-cloud service broker (ISB). In this case, it provides brokering service functions to CSPs or CSUs. • According to the requirements of the Inter-Cloud Service Broker (ISB) capability, the Inter-Cloud Service Broker (ISB) provides and execute services of three categories: – Service Intermediation – Service Aggregation – Service Arbitrage
Inter-cloud function: Inter-Cloud Service Broker (2/3) – Service Intermediation: The ISB enhances a given service by improving some specific capability and providing value-added services to CSUs. Examples of capability improvements include management of the access to cloud services, identity management, performance reporting, security enhancements, etc. – Service Aggregation: The ISB combines and integrates multiple services into one or more new services. The ISB provides data integration and ensures the secure movement of data between the CSUs and CSPs. – Service Arbitrage: Service arbitrage is similar to service aggregation except that the services being aggregated are not fixed. In this case, the ISB has the flexibility to choose services from multiple sources. For example, the ISB can use a credit- scoring service to measure and select the source with the best score.
Inter-cloud function: Inter-Cloud Service Broker (3/3) • When a CSP plays the Inter-cloud Service Broker role, the requesting entity (CSU or CSP) continue to access the brokered services via the Endpoint Function, however the implementation of the Access Layer will decide whether to serve the request locally, or route them to external CSPs via the Inter-cloud function. • The Inter-cloud function receives the requests by the Endpoint function, analyses the requests, selects appropriate service logics and function patterns, executes related operations, then invokes the concrete cloud services and resources from external CSPs through cloud service adapters (by sending cloud service adaptation requests to CSPs and receiving cloud service adaptation responses from CSPs).
Inter-cloud function: Inter-Cloud Peering • Inter-cloud peering happens when two CSPs interact with each other using already established interfaces. • Each CSP could invoke the interfaces offered by the other CSP, when needed, to perform the functions that the CSP would like to delegate to its peer CSP.
Inter-cloud function: Inter-Cloud Federation (1/3) • Inter-Cloud federation capability provides an alliance among several CSPs in which mutually trusted clouds join together logically thru agreed-upon interfaces. – Inter-Cloud federation allows a CSP to dynamically outsource resources to other CSP in response to demand variations.
Inter-cloud function: Inter-Cloud Federation (2/3) • Inter-Cloud federation manages the consistency and the access controls when two or more independent CSPs share either authentication, data, computing resources, command and control, or access to storage resources. – Inter-Cloud federation shall provide the identity syndication to support federated authentication across all sources and federated user across the different CSPs.
Inter-cloud function: Inter-Cloud Federation (3/3) • The Inter-Cloud Function supports federation capability and may include federation initiator which initiates operations within a federation relationship and federation target which processes operations within a federation relationship.
Services Layer • The Services Layer includes the service orchestration function and provides cloud services.
Services Layer: Services Orchestration Function (1/2) • Cloud Service Orchestration is the process of deploying and managing “Cloud Services". • “Cloud Services” are implemented using cloud service interfaces; examples are – Simple Object Access Protocol (SOAP), – Representational state transfer (REST), – HyperText Markup Language(HTML) rendered pages, – etc.
Services Layer: Services Orchestration Function (2/3) • This function is required to provide mechanisms for: – composing services (services provided by the CSP as well as services from other CSPs) to create new composite services; • Composing services is the process of generation of the service logic (i.e. the logic of the service to be provided by the CSP). – executing composite services. • Executing composite services includes parsing and running the service logic.
Services Layer: Services Orchestration Function (2/2) • This function also provides message routing and message exchange mechanisms within the Cloud architecture and its different components as well as with external components. – Message routing can be based on various criteria, e.g. context, policies. – The message exchange mechanisms control the message flows between CSUs, CSP (internally) and externally with other CSPs via the Inter-cloud Function.
Services Layer: Cloud Services • The Services Layer provides instances of IaaS, PaaS, SaaS, CaaS, NaaS service categories and any composition of these services. • Examples of such services are: – The ability for users to request, configure, and execute one or more VMs, – The ability for users to invoke a software application from within a web browser, – The ability for developers to invoke programming interfaces through a cloud interface.
Resources & Network Layer: Resource Orchestration • Resource Orchestration is defined as the management, monitoring, scheduling of computing, storage, and network resources into consumable services by the upper layers and users. • Resource Orchestration controls the creation, modification, customization and release of virtualized resources. It holds capability directories about what is possible within a cloud segment, based upon the total resource capacity and the incremental allocations that have been done for currently honoured requests.
Resources & Network Layer: Pooling & Virtualization • Pooling and virtualization of physical resources are essential means to achieve the on-demand and elastic characteristics of cloud computing. Through these processes, physical resources are turned into virtual machines, virtual storages, and virtual networks. These virtual resources are in turn managed and controlled by the Resource Orchestration based on user demand. Software and Platforms assets in Pooling & Virtualization Layer are the runtime environment, applications and other software assets used to orchestrate and implement cloud services. • “Software & platform assets” is the architectural block that represents the use oftraditional software assets to implement the cloud services layer
Resources & Network Layer: Physical Resources • Physical Resources refer to the computing, storage, and network resources that are fundamental to providing cloud services. – These resources may include those that reside inside cloud data centers (e.g., computing servers, storage servers, and intra-cloud networks) and those that reside outside of a data center, typically networking resources such as inter-cloud networks and core transport networks.
Cross-Layer Functions (1/3) • The Cross-Layer functions include – security& privacy, – cloud operational management, and – cloud performance functions.
Cross-Layer Functions (2/3) • This layer caters to a CSP’s need for monitoring of resources, and generates a consolidated view of current resource allocations and how efficiently the resources are being utilized. – Resource monitoring allows the CSP to exercise load balance to ensure the performance of cloud services. It also flags network and service related problems such as hardware or software resource failures, missing SLA targets or if a CSP’s network is experiencing security violations or other forms of compromised situation.
Cross-Layer Functions (3/3) • As the point that collects availability, performance and security information, it is central source of information on a CSP’s service excellence.
Cross-Layer Functions: Security & Privacy (1/3) • This section describes a high-level summary of security and privacy functions with regard to the Reference Architecture. For further details, please refer to the Security output document. • Cloud security and privacy refer to the cross-layer functions responsible for applying security related controls to mitigate the potential threats in cloud computing environments. CSPs (CSPs) need to consider applicable privacy requirements and regulations. • Security threats can be dived into two areas, threats for CSUs and threats for CSPs.
Cross-Layer Functions: Security & Privacy (2/3) Threats for CSUs Threats for CSPs • Responsibility Ambiguity • Responsibility Ambiguity • Loss of Governance • Protection Inconsistency • Loss of Trust • Evolutional Risks • CSP Lock-in • Business Discontinuity • Unsecure Customer Access • Supplier Lock-in • Lack of Information/Asset • License Risks Management • Bylaw Conflict • Data loss and Leakage • Bad Integration • Unsecure Administration API • Shared Environment • Hypervisor Isolation Failure • Service Unavailability • Data unreliability • Abuse Right of CSP
Cross-Layer Functions: Security & Privacy (3/3) • Cloud Security and Privacy use a set of requirements to mitigate the above listed threats. These requirements cover actions and technologies that are deployed for both CSUs and CSPs. (Details of the requirements can be found in the Cloud Security output document) • Security and Privacy tie closely with SLA and service monitoring which often depend on the user identity. The identity information must be propagated in the cloud computing environment, to enable linking SLA and services with identity. For instance, to regulate the consumed network bandwidth to the total bandwidth the user has requested for, the monitoring point must associate the user’s IP address with the identity that comes from user authentication.
Cross-Layer Functions: Cloud Performance Function The Cloud Performance Function serves the following purposes: – Aggregates or summarizes cloud network information for the management node – Used to make service routing decisions by the Published Endpoints – Monitors customer SLAs, and flags SLA violations – Point of monitoring and control for the management node
Cross-Layer Functions: Cloud Operational Management Function • Power Management • Configuration Function • Charging
Cloud Operational Management Function: Power Management • Power Management is to be seen as a part of the Management function and as such it is a cross layer function. • Power management represents a collection of IT processes and supporting technologies geared toward optimizing data center performance against cost and structural constraints. This includes increasing the deployable number of servers per rack when racks are subject to power or thermal limitations and making power consumption more predictable and easier to plan for.
Cloud Operational Management Function: Configuration Function • This function comprises of databases and provisioning information using which cloud services can be customized. It will include user databases for authentication and authorization, policy servers for defining end-user SLAs, geographical or legal customizations on services, name servers for describing virtual and physical hosts along with cloud domain names, automatic configuration servers for devices that can be auto configured when they are powered on and TFTP or HTTP based software servers from where prior loaded images can be downloaded. • Cloud Configuration Databases comprise of configuration information that is necessary to coordinate cloud services.
Cloud Operational Management Function: Charging (1/2) • Charging is critical for an operational cloud service platform. • Detailed logs of the users’ resource consumption should be correctly collected and retained. • The charging records should carry comprehensive information about how customers use the infrastructure resources
Cloud Operational Management Function: Charging (2/2) • Specifically, the resource management system should collect the following charging data: – Computation consumption usage. This should reflect how much computation resources have been used by the customers. Data of computation consumption include the number of CPUs and the corresponding using time. – Storage consumption usage. This should show how much storage resources have been used by the customers. – Network bandwidth usage. This should keep the information of how much bandwidth has been used by the customers. – Other information that may affect charging, such as delivered QoS. – Other information for statistics.
Contents • Cloud architecture • Cloud computing reference requirements architecture – Functional • Cloud computing reference blocks architecture - Layering – User layer framework – Access layer – Cloud architecture layering – Services layer – User layer – Resources and network layer – Access layer – Cross-layer functions – Services layer • Service architecture for – Resources and network layer desktop as a service (DaaS) – Cross-layer functions – Main functions of the DaaS service architecture – Interaction process between client and functional components of the DaaS
Service Architecture for DaaS: Main functions of the DaaS service architecture: Connection Brokering (CB) function The main functions in the DaaS service architecture are given as follows: • Connection Brokering (CB) function – A connection broker is a software program that allows a CSU to connect to an available virtualized desktop. – The connection broker performs tasks which include: user authentication and license verification to validate the user and user’s software; management of a virtual machine (VM) for user assignment; server monitoring to measure the activity level of a given VM, and protocol coordination to coordinate on the protocol to be used between user and server. – The connection broker can also support the connection between a backup storage and virtualized desktop servers.
Service Architecture for DaaS: Main functions of the DaaS service architecture: Resource Pooling function • Resource Pooling function – In order to provide on-demand virtualized desktop services, a resource pool can manage three different types of high-capacity software resources such as operating systems (OS), applications and user profiles. These software resources are transferred to a certain VM in streaming form timely and run on the VM. A resource pool can offer provisioning information regarding the software resources on request by a CB. – A user profile contains individual information about hardware configuration (i.e. CPU, RAM, I/O), used OS, selected applications, and user’s computing environment information (i.e. display resolution, Internet access way).
Service Architecture for DaaS: Main functions of the DaaS service architecture VM Infrastructure function • VM Infrastructure function – The main role of the VM infrastructure is to support hardware resources and create VMs. – In a virtualized desktop server, a virtualization functionality called hypervisor is highly necessary to employ hardware resources efficiently. – A hypervisor can abstract physical hardware resources and assign them to higher level of software dynamically. – Consequently, the VM infrastructure provides VMs – the “virtualized desktops”- on which user’s software is operated. – It is recommended that the VM Infrastructure consists of a cluster environment with high availability features, and within which many running VM instances are created from the same VM template with pre-defined configuration parameters.
Service Architecture for DaaS: Main functions of the DaaS service architecture Virtual desktop delivery function • Virtual desktop delivery function – This function involves encapsulating and delivering either access to an entire information system environment or the environment itself to a remote client device through the network. – The virtual desktop delivery protocol (VDDP) is the core component to realize this function and provides the communication channels between user terminals and servers for DaaS in order to transfer all the interaction information. – This information includes display information, control and configuration information, monitoring information etc.
Conceptual diagram of the DaaS service architecture VM Infrastructure Vir tual Desktop Ser ver User B Virtual Desktop User B VM VM VM VM VM VM VM VM VM visor Hyper VM Hyper visor Hardware Hardware Virtual Desktop Deliver y Protocol (VDDP) Resource Pool Connection Broker User Profile Pool Client Resource Provision User C User D User Authentication User A User B Application Pool License Verification VM M onitoring/ M anagement User B Protocol Coordination OS Pool Windows 7 Service User Service Provider
Interaction process for DaaS (1/2) The various steps of the interaction process for DaaS are as follows: • A user accesses a CB through a security protocol (such as SSH or TLS) and the CB validates the user with a user-ID and associated password. • The CB identifies a corresponding user profile and, in order to assign a VM, a provisioning function helps the CB to search the VM that satisfies user’s hardware configuration and is optimal to computing environment. • In case there is no proper VM, the CB requests the VM infrastructure to create a VM by sending information of hardware configuration. • After a VM is assigned or created, the CB applies the user profile to the VM including installation of OS and applications to construct a virtualized desktop.
Interaction process for DaaS (2/2) • A connection to deliver a corresponding virtualized desktop is created in the VM infrastructure and the information of the connection is dispatched to the CB. • The CB sends the connection information to the user and the user connects to the desktop in the VM infrastructure. • The user communicates with the virtualized desktop through the network using the virtualized desktop delivery protocol (VDDP). • The user does execute a log-off operation to prevent the elimination of user data when he or she terminates a virtualized desktop service. • During the log-off operation, the CB updates the modified user profile in a user profile pool to keep the most recent information and returns the VM whose state becomes available.
Cloud Computing Courses Fundamental Specialization • Cloud Ecosystem • Saas and Web Applications • Cloud Architecture • Virtualization • Cloud Infrastructure • Platform and Storage • Cloud Resource Management Management • Cloud Profiles • Cloud Security • Inter-cloud
Thank You hamdani2@telkom.co.id

Recomendados

Microsoft Azure Overview
Microsoft Azure OverviewMicrosoft Azure Overview
Microsoft Azure OverviewDavid J Rosenthal
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Azure architecture
Azure architectureAzure architecture
Azure architectureAmal Dev
 
Microsoft Azure Overview
Microsoft Azure OverviewMicrosoft Azure Overview
Microsoft Azure OverviewShahriar Hossain
 
Azure Cloud PPT
Azure Cloud PPTAzure Cloud PPT
Azure Cloud PPTAniket Kanitkar
 
What is Virtualization and its types & Techniques.What is hypervisor and its ...
What is Virtualization and its types & Techniques.What is hypervisor and its ...What is Virtualization and its types & Techniques.What is hypervisor and its ...
What is Virtualization and its types & Techniques.What is hypervisor and its ...Shashi soni
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overviewgjuljo
 
Microsoft azure
Microsoft azureMicrosoft azure
Microsoft azureMohammad Ilyas Malik
 

Recomendados

Microsoft Azure Overview
Microsoft Azure OverviewMicrosoft Azure Overview
Microsoft Azure OverviewDavid J Rosenthal
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Azure architecture
Azure architectureAzure architecture
Azure architectureAmal Dev
 
Microsoft Azure Overview
Microsoft Azure OverviewMicrosoft Azure Overview
Microsoft Azure OverviewShahriar Hossain
 
Azure Cloud PPT
Azure Cloud PPTAzure Cloud PPT
Azure Cloud PPTAniket Kanitkar
 
What is Virtualization and its types & Techniques.What is hypervisor and its ...
What is Virtualization and its types & Techniques.What is hypervisor and its ...What is Virtualization and its types & Techniques.What is hypervisor and its ...
What is Virtualization and its types & Techniques.What is hypervisor and its ...Shashi soni
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overviewgjuljo
 
Microsoft azure
Microsoft azureMicrosoft azure
Microsoft azureMohammad Ilyas Malik
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingJim Geovedi
 
Azure Storage
Azure StorageAzure Storage
Azure StorageMustafa
 
Cloud Computing and Data Centers
Cloud Computing and Data CentersCloud Computing and Data Centers
Cloud Computing and Data Centersbega karadza
 
Real Time Data Strategy and Architecture
Real Time Data Strategy and ArchitectureReal Time Data Strategy and Architecture
Real Time Data Strategy and ArchitectureAlan McSweeney
 
Cloud computing
Cloud computingCloud computing
Cloud computingWaseem Ahmed
 
Microsoft azure
Microsoft azureMicrosoft azure
Microsoft azureCharith Suriyakula
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureAptera Inc
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure NetworkingPedro Sousa
 
Cloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesCloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesQBurst
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to AzureRobert Crane
 
IaaS, SaaS, PasS : Cloud Computing
IaaS, SaaS, PasS : Cloud ComputingIaaS, SaaS, PasS : Cloud Computing
IaaS, SaaS, PasS : Cloud ComputingSoftware Park Thailand
 
Microsoft Azure Networking Basics
Microsoft Azure Networking BasicsMicrosoft Azure Networking Basics
Microsoft Azure Networking BasicsSai Kishore Naidu
 
Introduction to Amazon Web Services
Introduction to Amazon Web ServicesIntroduction to Amazon Web Services
Introduction to Amazon Web ServicesAmazon Web Services
 
Introduction to the Microsoft Azure Cloud.pptx
Introduction to the Microsoft Azure Cloud.pptxIntroduction to the Microsoft Azure Cloud.pptx
Introduction to the Microsoft Azure Cloud.pptxEverestMedinilla2
 
Cloud architecture
Cloud architectureCloud architecture
Cloud architectureAdeel Javaid
 
Azure 101
Azure 101Azure 101
Azure 101Korry Lavoie
 
Event Driven Architecture
Event Driven ArchitectureEvent Driven Architecture
Event Driven ArchitectureStefan Norberg
 
Cloud Computing Architecture
Cloud Computing ArchitectureCloud Computing Architecture
Cloud Computing ArchitectureAnimesh Chaturvedi
 
Cloud computing
Cloud computingCloud computing
Cloud computingDebrajKarmakar
 
Cloud Computing - An Introduction
Cloud Computing - An IntroductionCloud Computing - An Introduction
Cloud Computing - An IntroductionRavindra Dastikop
 
Unit-I: Introduction to Cloud Computing
Unit-I: Introduction to Cloud ComputingUnit-I: Introduction to Cloud Computing
Unit-I: Introduction to Cloud ComputingDivya S
 
Data Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtcData Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtcDataTactics
 

Más contenido relacionado

La actualidad más candente

Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingJim Geovedi
 
Azure Storage
Azure StorageAzure Storage
Azure StorageMustafa
 
Cloud Computing and Data Centers
Cloud Computing and Data CentersCloud Computing and Data Centers
Cloud Computing and Data Centersbega karadza
 
Real Time Data Strategy and Architecture
Real Time Data Strategy and ArchitectureReal Time Data Strategy and Architecture
Real Time Data Strategy and ArchitectureAlan McSweeney
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureAptera Inc
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure NetworkingPedro Sousa
 
Cloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesCloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesQBurst
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to AzureRobert Crane
 
Microsoft Azure Networking Basics
Microsoft Azure Networking BasicsMicrosoft Azure Networking Basics
Microsoft Azure Networking BasicsSai Kishore Naidu
 
Introduction to Amazon Web Services
Introduction to Amazon Web ServicesIntroduction to Amazon Web Services
Introduction to Amazon Web ServicesAmazon Web Services
 
Introduction to the Microsoft Azure Cloud.pptx
Introduction to the Microsoft Azure Cloud.pptxIntroduction to the Microsoft Azure Cloud.pptx
Introduction to the Microsoft Azure Cloud.pptxEverestMedinilla2
 
Cloud architecture
Cloud architectureCloud architecture
Cloud architectureAdeel Javaid
 
Event Driven Architecture
Event Driven ArchitectureEvent Driven Architecture
Event Driven ArchitectureStefan Norberg
 
Cloud Computing - An Introduction
Cloud Computing - An IntroductionCloud Computing - An Introduction
Cloud Computing - An IntroductionRavindra Dastikop
 

La actualidad más candente (20)

Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
 
Azure Storage
Azure StorageAzure Storage
Azure Storage
 
Cloud Computing and Data Centers
Cloud Computing and Data CentersCloud Computing and Data Centers
Cloud Computing and Data Centers
 
Real Time Data Strategy and Architecture
Real Time Data Strategy and ArchitectureReal Time Data Strategy and Architecture
Real Time Data Strategy and Architecture
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Microsoft azure
Microsoft azureMicrosoft azure
Microsoft azure
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft Azure
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure Networking
 
Cloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best PracticesCloud Migration Strategy and Best Practices
Cloud Migration Strategy and Best Practices
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to Azure
 
IaaS, SaaS, PasS : Cloud Computing
IaaS, SaaS, PasS : Cloud ComputingIaaS, SaaS, PasS : Cloud Computing
IaaS, SaaS, PasS : Cloud Computing
 
Microsoft Azure Networking Basics
Microsoft Azure Networking BasicsMicrosoft Azure Networking Basics
Microsoft Azure Networking Basics
 
Introduction to Amazon Web Services
Introduction to Amazon Web ServicesIntroduction to Amazon Web Services
Introduction to Amazon Web Services
 
Introduction to the Microsoft Azure Cloud.pptx
Introduction to the Microsoft Azure Cloud.pptxIntroduction to the Microsoft Azure Cloud.pptx
Introduction to the Microsoft Azure Cloud.pptx
 
Cloud architecture
Cloud architectureCloud architecture
Cloud architecture
 
Azure 101
Azure 101Azure 101
Azure 101
 
Event Driven Architecture
Event Driven ArchitectureEvent Driven Architecture
Event Driven Architecture
 
Cloud Computing Architecture
Cloud Computing ArchitectureCloud Computing Architecture
Cloud Computing Architecture
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud Computing - An Introduction
Cloud Computing - An IntroductionCloud Computing - An Introduction
Cloud Computing - An Introduction
 

Similar a Cloud Architecture

Unit-I: Introduction to Cloud Computing
Unit-I: Introduction to Cloud ComputingUnit-I: Introduction to Cloud Computing
Unit-I: Introduction to Cloud ComputingDivya S
 
Data Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtcData Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtcDataTactics
 
CC Notes.pdf of jdjejwiwu22u28938ehdh3y2u2838e
CC Notes.pdf of jdjejwiwu22u28938ehdh3y2u2838eCC Notes.pdf of jdjejwiwu22u28938ehdh3y2u2838e
CC Notes.pdf of jdjejwiwu22u28938ehdh3y2u2838eRamzanShareefPrivate
 
Introduction of cloud computing and aws
Introduction of cloud computing and awsIntroduction of cloud computing and aws
Introduction of cloud computing and awskrishna prasad
 
CloudComputing_UNIT4.pdf
CloudComputing_UNIT4.pdfCloudComputing_UNIT4.pdf
CloudComputing_UNIT4.pdfkhan593595
 
CloudComputing_UNIT4.pdf
CloudComputing_UNIT4.pdfCloudComputing_UNIT4.pdf
CloudComputing_UNIT4.pdfkhan593595
 
Cloud Computing 101
Cloud Computing 101Cloud Computing 101
Cloud Computing 101Kamal Arora
 
An introduction to Cloud computing for MBA
An introduction to Cloud computing for MBAAn introduction to Cloud computing for MBA
An introduction to Cloud computing for MBAkuttus2
 
Cloud Computing Fundamentals
Cloud Computing FundamentalsCloud Computing Fundamentals
Cloud Computing FundamentalsSonia Nagpal
 
Evolution of the Cloud.pptx
Evolution of the Cloud.pptxEvolution of the Cloud.pptx
Evolution of the Cloud.pptxSanjeev Banerjee
 
Cloud + Soa: Enterprise Service Platform
Cloud + Soa: Enterprise Service PlatformCloud + Soa: Enterprise Service Platform
Cloud + Soa: Enterprise Service Platformvictorlbrown
 
CloudComputing_UNIT 3.pdf
CloudComputing_UNIT 3.pdfCloudComputing_UNIT 3.pdf
CloudComputing_UNIT 3.pdfkhan593595
 
CloudComputing_UNIT 3.pdf
CloudComputing_UNIT 3.pdfCloudComputing_UNIT 3.pdf
CloudComputing_UNIT 3.pdfkhan593595
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsGovind Maheswaran
 
Mahika cloud services
Mahika cloud servicesMahika cloud services
Mahika cloud servicesSomnath Sen
 
NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...
NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...
NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...Christian Esteve Rothenberg
 
Cloud Computing and Services | PPT
Cloud Computing and Services | PPTCloud Computing and Services | PPT
Cloud Computing and Services | PPTSeminar Links
 

Similar a Cloud Architecture (20)

Unit-I: Introduction to Cloud Computing
Unit-I: Introduction to Cloud ComputingUnit-I: Introduction to Cloud Computing
Unit-I: Introduction to Cloud Computing
 
Data Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtcData Tactics dhs introduction to cloud technologies wtc
Data Tactics dhs introduction to cloud technologies wtc
 
CC Notes.pdf of jdjejwiwu22u28938ehdh3y2u2838e
CC Notes.pdf of jdjejwiwu22u28938ehdh3y2u2838eCC Notes.pdf of jdjejwiwu22u28938ehdh3y2u2838e
CC Notes.pdf of jdjejwiwu22u28938ehdh3y2u2838e
 
Introduction of cloud computing and aws
Introduction of cloud computing and awsIntroduction of cloud computing and aws
Introduction of cloud computing and aws
 
CloudComputing_UNIT4.pdf
CloudComputing_UNIT4.pdfCloudComputing_UNIT4.pdf
CloudComputing_UNIT4.pdf
 
CloudComputing_UNIT4.pdf
CloudComputing_UNIT4.pdfCloudComputing_UNIT4.pdf
CloudComputing_UNIT4.pdf
 
Cloud Computing 101
Cloud Computing 101Cloud Computing 101
Cloud Computing 101
 
An introduction to Cloud computing for MBA
An introduction to Cloud computing for MBAAn introduction to Cloud computing for MBA
An introduction to Cloud computing for MBA
 
Cloud computing_Final
Cloud computing_FinalCloud computing_Final
Cloud computing_Final
 
Cloud Computing Fundamentals
Cloud Computing FundamentalsCloud Computing Fundamentals
Cloud Computing Fundamentals
 
Evolution of the Cloud.pptx
Evolution of the Cloud.pptxEvolution of the Cloud.pptx
Evolution of the Cloud.pptx
 
Ppt cloud deployment
Ppt cloud deploymentPpt cloud deployment
Ppt cloud deployment
 
Cloud + Soa: Enterprise Service Platform
Cloud + Soa: Enterprise Service PlatformCloud + Soa: Enterprise Service Platform
Cloud + Soa: Enterprise Service Platform
 
CloudComputing_UNIT 3.pdf
CloudComputing_UNIT 3.pdfCloudComputing_UNIT 3.pdf
CloudComputing_UNIT 3.pdf
 
CloudComputing_UNIT 3.pdf
CloudComputing_UNIT 3.pdfCloudComputing_UNIT 3.pdf
CloudComputing_UNIT 3.pdf
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
 
Mahika cloud services
Mahika cloud servicesMahika cloud services
Mahika cloud services
 
NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...
NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...
NECOS Industrial Workshop Technical highlights by Prof. Alex Galis (Universit...
 
Cloud Computing and Services | PPT
Cloud Computing and Services | PPTCloud Computing and Services | PPT
Cloud Computing and Services | PPT
 
Cloud Deployment
Cloud DeploymentCloud Deployment
Cloud Deployment
 

Más de Arief Gunawan

Metaverse - Let's learn to understand when business becomes virtual and when ...
Metaverse - Let's learn to understand when business becomes virtual and when ...Metaverse - Let's learn to understand when business becomes virtual and when ...
Metaverse - Let's learn to understand when business becomes virtual and when ...Arief Gunawan
 
Technology Disruptions
Technology DisruptionsTechnology Disruptions
Technology DisruptionsArief Gunawan
 
Tutorial on Network Management and Security in Wireless Communications (Bandu...
Tutorial on Network Management and Security in Wireless Communications (Bandu...Tutorial on Network Management and Security in Wireless Communications (Bandu...
Tutorial on Network Management and Security in Wireless Communications (Bandu...Arief Gunawan
 
APWiMob 2014 (Bali, 28-30 August 2014) CFP
APWiMob 2014 (Bali, 28-30 August 2014) CFPAPWiMob 2014 (Bali, 28-30 August 2014) CFP
APWiMob 2014 (Bali, 28-30 August 2014) CFPArief Gunawan
 
Prof Ekram Hossain on DLT 2013 in Indonesia
Prof Ekram Hossain on DLT 2013 in IndonesiaProf Ekram Hossain on DLT 2013 in Indonesia
Prof Ekram Hossain on DLT 2013 in IndonesiaArief Gunawan
 
Day one ofdma and mimo
Day one ofdma and mimoDay one ofdma and mimo
Day one ofdma and mimoArief Gunawan
 
Day two 10 november 2012
Day two 10 november 2012Day two 10 november 2012
Day two 10 november 2012Arief Gunawan
 
Day one 09 november 2012
Day one 09 november 2012Day one 09 november 2012
Day one 09 november 2012Arief Gunawan
 
IEEE Background presentation
IEEE Background presentationIEEE Background presentation
IEEE Background presentationArief Gunawan
 
Cloud and Ubiquitous Computing in Today's Era of Tera
Cloud and Ubiquitous Computing in Today's Era of TeraCloud and Ubiquitous Computing in Today's Era of Tera
Cloud and Ubiquitous Computing in Today's Era of TeraArief Gunawan
 
Cloud Computing: Peluang Bisnis dan Tantangan Regulasi
Cloud Computing: Peluang Bisnis dan Tantangan RegulasiCloud Computing: Peluang Bisnis dan Tantangan Regulasi
Cloud Computing: Peluang Bisnis dan Tantangan RegulasiArief Gunawan
 
Mobile Cloud @ Binus
Mobile Cloud @ BinusMobile Cloud @ Binus
Mobile Cloud @ BinusArief Gunawan
 
Small Cell @ IT Telkom
Small Cell @ IT TelkomSmall Cell @ IT Telkom
Small Cell @ IT TelkomArief Gunawan
 
03 Beginning Android Application Development
03 Beginning Android Application Development03 Beginning Android Application Development
03 Beginning Android Application DevelopmentArief Gunawan
 
02 BlackBerry Application Development
02 BlackBerry Application Development02 BlackBerry Application Development
02 BlackBerry Application DevelopmentArief Gunawan
 

Más de Arief Gunawan (20)

Metaverse - Let's learn to understand when business becomes virtual and when ...
Metaverse - Let's learn to understand when business becomes virtual and when ...Metaverse - Let's learn to understand when business becomes virtual and when ...
Metaverse - Let's learn to understand when business becomes virtual and when ...
 
Technology Disruptions
Technology DisruptionsTechnology Disruptions
Technology Disruptions
 
Tutorial on Network Management and Security in Wireless Communications (Bandu...
Tutorial on Network Management and Security in Wireless Communications (Bandu...Tutorial on Network Management and Security in Wireless Communications (Bandu...
Tutorial on Network Management and Security in Wireless Communications (Bandu...
 
APWiMob 2014 (Bali, 28-30 August 2014) CFP
APWiMob 2014 (Bali, 28-30 August 2014) CFPAPWiMob 2014 (Bali, 28-30 August 2014) CFP
APWiMob 2014 (Bali, 28-30 August 2014) CFP
 
Prof Ekram Hossain on DLT 2013 in Indonesia
Prof Ekram Hossain on DLT 2013 in IndonesiaProf Ekram Hossain on DLT 2013 in Indonesia
Prof Ekram Hossain on DLT 2013 in Indonesia
 
M2M Day Two
M2M Day TwoM2M Day Two
M2M Day Two
 
M2M Day One
M2M Day OneM2M Day One
M2M Day One
 
Day two planning
Day two planningDay two planning
Day two planning
 
Day one ofdma and mimo
Day one ofdma and mimoDay one ofdma and mimo
Day one ofdma and mimo
 
Day two 10 november 2012
Day two 10 november 2012Day two 10 november 2012
Day two 10 november 2012
 
Day one 09 november 2012
Day one 09 november 2012Day one 09 november 2012
Day one 09 november 2012
 
Cloud Ecosystem
Cloud EcosystemCloud Ecosystem
Cloud Ecosystem
 
IEEE Background presentation
IEEE Background presentationIEEE Background presentation
IEEE Background presentation
 
Cloud and Ubiquitous Computing in Today's Era of Tera
Cloud and Ubiquitous Computing in Today's Era of TeraCloud and Ubiquitous Computing in Today's Era of Tera
Cloud and Ubiquitous Computing in Today's Era of Tera
 
Cloud Computing: Peluang Bisnis dan Tantangan Regulasi
Cloud Computing: Peluang Bisnis dan Tantangan RegulasiCloud Computing: Peluang Bisnis dan Tantangan Regulasi
Cloud Computing: Peluang Bisnis dan Tantangan Regulasi
 
Mobile Cloud @ Binus
Mobile Cloud @ BinusMobile Cloud @ Binus
Mobile Cloud @ Binus
 
Small Cell @ UI
Small Cell @ UISmall Cell @ UI
Small Cell @ UI
 
Small Cell @ IT Telkom
Small Cell @ IT TelkomSmall Cell @ IT Telkom
Small Cell @ IT Telkom
 
03 Beginning Android Application Development
03 Beginning Android Application Development03 Beginning Android Application Development
03 Beginning Android Application Development
 
02 BlackBerry Application Development
02 BlackBerry Application Development02 BlackBerry Application Development
02 BlackBerry Application Development
 

Último

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

Cloud Architecture

  • 1. Cloud Architecture (half day edition) An Cloud Computing Course IT Telkom, 11 August 2012 Arief Hamdani Gunawan
  • 2. Scope • The scope of this Course is to define the functional requirements and reference architecture of cloud computing, which includes the functional architecture, functional layers and blocks.
  • 3. Contents • Cloud architecture • Cloud computing reference requirements architecture – Functional • Cloud computing reference blocks architecture - Layering – User layer framework – Access layer – Cloud architecture layering – Services layer – User layer – Resources and network layer – Access layer – Cross-layer functions – Services layer • Service architecture for – Resources and network layer desktop as a service (DaaS) – Cross-layer functions – Main functions of the DaaS service architecture – Interaction process between client and functional components of the DaaS
  • 4. Contents • Cloud architecture • Cloud computing reference requirements architecture – Functional • Cloud computing reference blocks architecture - Layering – User layer framework – Access layer – Cloud architecture layering – Services layer – User layer – Resources and network layer – Access layer – Cross-layer functions – Services layer • Service architecture for – Resources and network layer desktop as a service (DaaS) – Cross-layer functions – Main functions of the DaaS service architecture – Interaction process between client and functional components of the DaaS
  • 5. Cloud architecture requirements • The cloud architecture must meet several requirements to enable sustained innovation and development of cloud services. • With multiple stakeholders involved, the cloud architecture must be flexible to fit the needs of infrastructure CSPs, CSPs and service resellers.
  • 6. Cloud architecture requirements: 1 The following high-level requirements are broadly envisioned for the cloud architecture: 1. Cloud deployments will have to support many standards within the same cloud infrastructure, e.g. in terms of resource allocation, orchestration, or CSU access. – The cloud architecture must allow and support the evolution of these standards, without requiring disruptive infrastructure changes from the CSP perspective.
  • 7. Cloud architecture requirements: 2 2. A cloud CSP must be able to support multiple standards within the same architecture and migrate to a newer standard if they so wish, without having to change everything in the CSP network or lose the existing customer base.
  • 8. Cloud architecture requirements: 3 3. Broadband access is fundamental in making cloud services viable. – The cloud architecture may benefit from integration with the support of network resource reservation and guaranteed QoS capabilities through the network over which services are delivered. – Without the network access guaranteeing bounded delay, jitter, bandwidth, and reliability, the cloud experience for CSUs may be worse than the intranet experience.
  • 9. Cloud architecture requirements: 4 4. The cloud architecture must enable multiple deployment models, cloud service categories and use cases, some currently known and others to be envisioned in the future. – Currently known cloud service categories include IaaS, PaaS, SaaS, CaaS, and NaaS, and it is possible that these will also co-exist in the same cloud deployment. – The same architecture must allow a CSP to provide either all, or a subset, of these services.
  • 10. Cloud architecture requirements: 5 5. For private and hybrid cloud operations, cloud services must appear like intranet services. – This means a user must be able to access resources using the same domain names as on the intranet. – Hosts and resources that have been migrated from private to public clouds should be accessed transparently where they are being currently hosted.
  • 11. Cloud architecture requirements: 6 6. The cloud architecture must enable early detection, diagnosis and fixing of infrastructure or service-related problems.
  • 12. Cloud architecture requirements: 7 7. CSUs must be able to (request) audit CSP’s services and get assurance that the agreed- upon SLAs are being complied with. – To that end, the cloud architecture must enable, among others, service-level monitoring of resources allocated to a user and generate SLA compliance reports.
  • 13. Cloud architecture requirements: 8 8. Cloud resource allocations should be invisible to the CSUs, even though services are visible. – A CSP may choose to expose service-operation details without having to share cloud internal infrastructure allocation and provisioning details. – This is important for a CSP for security and business reasons.
  • 14. Cloud architecture requirements: 9 9. Users consuming cloud services must be able to control cloud resource access to the CSP transparently, and enable IT procedures to work without compromise in legal or organizational mandates. – This includes, for instance, the ability to dynamically add or remove a user from access to a cloud without CSP intervention.
  • 15. Cloud architecture requirements: 10 10. The cloud architecture must enable intranet- level security on the network. – This may include access records, activity reports, session monitoring, and packet inspections on the network. – It must also include firewalling, access control and malicious attack detection and prevention. – Prevention of one user disrupting others’ services is paramount.
  • 16. Cloud architecture requirements: 11 11. The cloud architecture must support cloud resource mobility which includes virtual machine mobility within a Performance- Optimized Data centre (POD) or data centre, between PODs or data centres within the same CSP’s infrastructure, or between different CSPs’ infrastructures, or from a CSU to a CSP.
  • 17. Cloud architecture requirements: 12 12. Resource mobility depends upon being able to treat an entire network as a single entity, which implies the need of the cloud architecture to scale. – With a huge number of computing, storage and network resources, and an even greater number of virtualized resources, the cloud architecture must have scalability as a primary requirement.
  • 18. Cloud architecture requirements: 13 13. Naming extensions are necessary to meet cloud needs. – Users who move their private resources into the cloud may need to access their resources by the same names as they did prior to those resources being migrated. – Since hosts are associated with user’s domain names, it is necessary to translate the user’s domain names into cloud names.
  • 19. Cloud architecture requirements: 14 14. Cloud-service deployment needs to be automated in order to support scalable resource operations, including configuration, provisioning, charging, etc. – In a typical scenario, a user would want to specify the computing, storage and virtual machine (VM) resources needed, as well as the network resources. – This includes how the network resources should be reserved, configured and managed during lifetime for optimized connectivity between the distributed computing, storage and VM resources, and finally retired.
  • 20. Contents • Cloud architecture • Cloud computing reference requirements architecture – Functional • Cloud computing reference blocks architecture - Layering – User layer framework – Access layer – Cloud architecture layering – Services layer – User layer – Resources and network layer – Access layer – Cross-layer functions – Services layer • Service architecture for – Resources and network layer desktop as a service (DaaS) – Cross-layer functions – Main functions of the DaaS service architecture – Interaction process between client and functional components of the DaaS
  • 21. CC Reference Architecture Layering Framework • Cloud Architecture Layering shows the cloud layering framework that is defining the layers of the cloud functional architecture. • These functional layers in the architecture are derived by grouping cloud related functions.
  • 23. User Layer (1/2) • The User Layer performs interaction between the CSU and the cloud infrastructure. – The User Layer is used to • setup secure mechanism with cloud, • send cloud service requests to cloud and receive cloud services from cloud, • perform cloud service access, • administrate and • monitor cloud resources. – When the cloud receives service requests, it orchestrates its own resources and/or other clouds’ resources (in case of other clouds’ resources via the inter-cloud function) and provides back cloud services through the User Layer.
  • 24. User Layer (2/2) • The User Layer is where the CSU resides. – The CSU is an essential actor of the cloud ecosystem. It represents the entities that use the services offered by the CSP. – A CSU may use a service directory from a CSP and after setting up appropriate contract would use the services accordingly.
  • 25. CSU • CSUs demand SLAs. SLAs govern the characteristics of the services provided by CSPs. – SLAs govern many aspects of the services provided, for example QoS, governance, security, performance and data portability. • The CSU typically consumes services in five service categories: – CaaS – SaaS – PaaS – IaaS – NaaS
  • 26. Access Layer • The access layer provides a common interface for both manual and automated cloud service capabilities and service consumption. • The access layer accepts – CSU’s cloud service consumption requests and/or – CSN’s cloud service consumption requests and/or – other CSP’s cloud service consumption requests using cloud APIs to access CSPs’ services and resources.
  • 27. Service Layer • The Services Layer is where the CSP orchestrates and exposes services of the five cloud service categories. • It is the entity responsible for making a service available to interested parties. • The Cloud Service Layer manages the cloud infrastructure required for providing the services, runs the software that implements the services, and arranges to deliver the cloud services to the CSU through network access
  • 28. Service Layer: SaaS and CaaS • For Saas or CaaS, the services layer deploys, configures, maintains and updates the operation of the software or communication applications on a cloud infrastructure so that the services are provisioned at the expected service levels to the layers above.
  • 29. Service Layer: PaaS • For PaaS, the services layer manages the cloud infrastructure for the platform and runs the software that provides the components of the platform, such as runtime software execution stack, databases, and other middleware components. • The CSP of PaaS services typically also supports the development, deployment and management process of the CSUs of PaaS services by providing tools such as integrated development environments (IDEs), software development kits (SDKs), deployment and management tools. • The CSUs of PaaS services have control over the applications and possibly some of the hosting environment settings, but has no or limited access to the underlying infrastructure .
  • 30. Service Layer: IaaS • For IaaS, the services layer controls the resources underlying the service, including the servers, networks, storage and hosting infrastructure. • The services layer then runs the software necessary to makes the resources available to the CSUs of IaaS services through a set of service interfaces and resource abstractions, such as virtual machines and virtual network interfaces.
  • 31. Service Layer: NaaS • For NaaS, the services layer uses the underlying networking and transport facilities to deliver networking services in a cloud environment. • Examples are network virtualization services like VPNs (see Ecosystems NaaS definition).
  • 32. Resources & Network Layer • The Resources and Network layer is where the physical resources reside. • This includes equipment typically used in a data center such servers, networking switches, storage, etc. • It also represents and houses the cloud core transport network functionality which is required to provide underlying network connectivity between the CSP and the CSUs. • CSUs can obtain cloud services through different network access devices, such as desktop computers, laptops, mobile phones, and mobile Internet devices. • The connectivity to cloud services is normally provided by CSPs. • Note that for a CSP to provide services consistent with the level of SLAs offered to the CSUs, it may require dedicated and/or secure connections between CSUs and CSPs.
  • 33. Cross-Layer Functions • The Cross-Layer functions perform overall system management (i.e., operations, administration, maintenance and provisioning (OAM&P)) and monitoring, and provide secure mechanisms. • Secure mechanisms provide protections from threats to cloud computing services and infrastructure. – Secure mechanisms are required by both CSUs and CSPs to create a secure cloud environment.
  • 34. Contents • Cloud architecture • Cloud computing reference requirements architecture – Functional • Cloud computing reference blocks architecture - Layering – User layer framework – Access layer – Cloud architecture layering – Services layer – User layer – Resources and network layer – Access layer – Cross-layer functions – Services layer • Service architecture for – Resources and network layer desktop as a service (DaaS) – Cross-layer functions – Main functions of the DaaS service architecture – Interaction process between client and functional components of the DaaS
  • 35. CC Reference Architecture: Functional Blocks • Based on the layering framework shows the major functional blocks of the Cloud Computing Reference Architecture. • It is recognized that CSPs will decide which functional blocks are appropriate to their business, and how the chosen functional blocks are implemented.
  • 36. CC Functional Reference Architecture User Layer Partner Administrator Cross-Layer User Function Function Function Functions Access Endpoint Inter Cloud Layer Function Function Operational Management Function SaaS / CaaS Cloud Services Performance PaaS Service Function Layer IaaS Orchestration NaaS Security & Privacy Function Resource Orchestration Resources & Pooling & VN VS VM Software & Virtual Path Virtualization Platform Assets Virtual Circuit Network Layer Physical Intra Cloud Storage Computing Core Transport Inter Cloud Resources Network Network Network
  • 37. User Layer The user layer includes the end-user function, the partner function and the administrator function. • User function: The user function supports a CSU to access and consume cloud services • Partner function: The partner function enables the CSN relationship with CSP • Administrator function: The administrator function supports the enterprise administrator to manage and administrate cloud resources and services within business processes
  • 38. Access Layer • The access layer includes the endpoint function and the inter-cloud function.
  • 39. Access Layer: endpoint function (1/3) • The endpoint function controls cloud traffic and improves cloud service delivery. – This function, which has some similarity with the NGN border gateway function (located at the edge of the network), can perform traffic classification, packet marking and firewall.
  • 40. Access Layer: endpoint function (2/3) • This function also provides internet domain names, ports and/or Internet addresses that are “published” to the user as endpoints from where the user can (a) view and (b) request services. – A published endpoint may internally “route” or “transform” the incoming service request to one or more service endpoints, based on CSP policy in effect. – For instance, a published endpoint may forward the request to a location nearest to the requestor.
  • 41. Access Layer: endpoint function (3/3) • The endpoint function can include a subscription/publication functionality that is a subscribe-notify feature for publishing, and for obtaining notification of different cloud services and resource information from CSPs. • The endpoint function may route the requests to the inter-cloud function to be routed to external CSPs.
  • 42. Access Layer: Inter-cloud function (1/3) • Cloud services are expected to be offered by CSPs on a global basis. To enable delivery of such services ubiquitously, a CSP will have to establish inter-cloud connections with other CSPs who offer these services in areas that are not within the preview of the original CSP. • Within functional view, the inter-cloud function is used to support the “inter-cloud” role as described in Cloud Ecosystem.
  • 43. Access Layer: Inter-cloud function (2/3) • The inter-cloud function addresses different aspects of delivering any cloud service across two or more CSPs, including SLAs, resource management, performance, reliability and security; OAM&P; ordering and charging; service brokering and environmental sustainability.
  • 44. Access Layer: Inter-cloud function (3/3) • The scope of the inter-connection is between two cloud domains (operated by two CSPs). • The inter-cloud function can be implemented in different manners, including inter-cloud peering, inter-cloud service broker and inter- cloud federation.
  • 45. Inter-cloud function: Inter-Cloud Service Broker (1/3) • The Inter-cloud function can be implemented as inter-cloud service broker (ISB). In this case, it provides brokering service functions to CSPs or CSUs. • According to the requirements of the Inter-Cloud Service Broker (ISB) capability, the Inter-Cloud Service Broker (ISB) provides and execute services of three categories: – Service Intermediation – Service Aggregation – Service Arbitrage
  • 46. Inter-cloud function: Inter-Cloud Service Broker (2/3) – Service Intermediation: The ISB enhances a given service by improving some specific capability and providing value-added services to CSUs. Examples of capability improvements include management of the access to cloud services, identity management, performance reporting, security enhancements, etc. – Service Aggregation: The ISB combines and integrates multiple services into one or more new services. The ISB provides data integration and ensures the secure movement of data between the CSUs and CSPs. – Service Arbitrage: Service arbitrage is similar to service aggregation except that the services being aggregated are not fixed. In this case, the ISB has the flexibility to choose services from multiple sources. For example, the ISB can use a credit- scoring service to measure and select the source with the best score.
  • 47. Inter-cloud function: Inter-Cloud Service Broker (3/3) • When a CSP plays the Inter-cloud Service Broker role, the requesting entity (CSU or CSP) continue to access the brokered services via the Endpoint Function, however the implementation of the Access Layer will decide whether to serve the request locally, or route them to external CSPs via the Inter-cloud function. • The Inter-cloud function receives the requests by the Endpoint function, analyses the requests, selects appropriate service logics and function patterns, executes related operations, then invokes the concrete cloud services and resources from external CSPs through cloud service adapters (by sending cloud service adaptation requests to CSPs and receiving cloud service adaptation responses from CSPs).
  • 48. Inter-cloud function: Inter-Cloud Peering • Inter-cloud peering happens when two CSPs interact with each other using already established interfaces. • Each CSP could invoke the interfaces offered by the other CSP, when needed, to perform the functions that the CSP would like to delegate to its peer CSP.
  • 49. Inter-cloud function: Inter-Cloud Federation (1/3) • Inter-Cloud federation capability provides an alliance among several CSPs in which mutually trusted clouds join together logically thru agreed-upon interfaces. – Inter-Cloud federation allows a CSP to dynamically outsource resources to other CSP in response to demand variations.
  • 50. Inter-cloud function: Inter-Cloud Federation (2/3) • Inter-Cloud federation manages the consistency and the access controls when two or more independent CSPs share either authentication, data, computing resources, command and control, or access to storage resources. – Inter-Cloud federation shall provide the identity syndication to support federated authentication across all sources and federated user across the different CSPs.
  • 51. Inter-cloud function: Inter-Cloud Federation (3/3) • The Inter-Cloud Function supports federation capability and may include federation initiator which initiates operations within a federation relationship and federation target which processes operations within a federation relationship.
  • 52. Services Layer • The Services Layer includes the service orchestration function and provides cloud services.
  • 53. Services Layer: Services Orchestration Function (1/2) • Cloud Service Orchestration is the process of deploying and managing “Cloud Services". • “Cloud Services” are implemented using cloud service interfaces; examples are – Simple Object Access Protocol (SOAP), – Representational state transfer (REST), – HyperText Markup Language(HTML) rendered pages, – etc.
  • 54. Services Layer: Services Orchestration Function (2/3) • This function is required to provide mechanisms for: – composing services (services provided by the CSP as well as services from other CSPs) to create new composite services; • Composing services is the process of generation of the service logic (i.e. the logic of the service to be provided by the CSP). – executing composite services. • Executing composite services includes parsing and running the service logic.
  • 55. Services Layer: Services Orchestration Function (2/2) • This function also provides message routing and message exchange mechanisms within the Cloud architecture and its different components as well as with external components. – Message routing can be based on various criteria, e.g. context, policies. – The message exchange mechanisms control the message flows between CSUs, CSP (internally) and externally with other CSPs via the Inter-cloud Function.
  • 56. Services Layer: Cloud Services • The Services Layer provides instances of IaaS, PaaS, SaaS, CaaS, NaaS service categories and any composition of these services. • Examples of such services are: – The ability for users to request, configure, and execute one or more VMs, – The ability for users to invoke a software application from within a web browser, – The ability for developers to invoke programming interfaces through a cloud interface.
  • 57. Resources & Network Layer: Resource Orchestration • Resource Orchestration is defined as the management, monitoring, scheduling of computing, storage, and network resources into consumable services by the upper layers and users. • Resource Orchestration controls the creation, modification, customization and release of virtualized resources. It holds capability directories about what is possible within a cloud segment, based upon the total resource capacity and the incremental allocations that have been done for currently honoured requests.
  • 58. Resources & Network Layer: Pooling & Virtualization • Pooling and virtualization of physical resources are essential means to achieve the on-demand and elastic characteristics of cloud computing. Through these processes, physical resources are turned into virtual machines, virtual storages, and virtual networks. These virtual resources are in turn managed and controlled by the Resource Orchestration based on user demand. Software and Platforms assets in Pooling & Virtualization Layer are the runtime environment, applications and other software assets used to orchestrate and implement cloud services. • “Software & platform assets” is the architectural block that represents the use oftraditional software assets to implement the cloud services layer
  • 59. Resources & Network Layer: Physical Resources • Physical Resources refer to the computing, storage, and network resources that are fundamental to providing cloud services. – These resources may include those that reside inside cloud data centers (e.g., computing servers, storage servers, and intra-cloud networks) and those that reside outside of a data center, typically networking resources such as inter-cloud networks and core transport networks.
  • 60. Cross-Layer Functions (1/3) • The Cross-Layer functions include – security& privacy, – cloud operational management, and – cloud performance functions.
  • 61. Cross-Layer Functions (2/3) • This layer caters to a CSP’s need for monitoring of resources, and generates a consolidated view of current resource allocations and how efficiently the resources are being utilized. – Resource monitoring allows the CSP to exercise load balance to ensure the performance of cloud services. It also flags network and service related problems such as hardware or software resource failures, missing SLA targets or if a CSP’s network is experiencing security violations or other forms of compromised situation.
  • 62. Cross-Layer Functions (3/3) • As the point that collects availability, performance and security information, it is central source of information on a CSP’s service excellence.
  • 63. Cross-Layer Functions: Security & Privacy (1/3) • This section describes a high-level summary of security and privacy functions with regard to the Reference Architecture. For further details, please refer to the Security output document. • Cloud security and privacy refer to the cross-layer functions responsible for applying security related controls to mitigate the potential threats in cloud computing environments. CSPs (CSPs) need to consider applicable privacy requirements and regulations. • Security threats can be dived into two areas, threats for CSUs and threats for CSPs.
  • 64. Cross-Layer Functions: Security & Privacy (2/3) Threats for CSUs Threats for CSPs • Responsibility Ambiguity • Responsibility Ambiguity • Loss of Governance • Protection Inconsistency • Loss of Trust • Evolutional Risks • CSP Lock-in • Business Discontinuity • Unsecure Customer Access • Supplier Lock-in • Lack of Information/Asset • License Risks Management • Bylaw Conflict • Data loss and Leakage • Bad Integration • Unsecure Administration API • Shared Environment • Hypervisor Isolation Failure • Service Unavailability • Data unreliability • Abuse Right of CSP
  • 65. Cross-Layer Functions: Security & Privacy (3/3) • Cloud Security and Privacy use a set of requirements to mitigate the above listed threats. These requirements cover actions and technologies that are deployed for both CSUs and CSPs. (Details of the requirements can be found in the Cloud Security output document) • Security and Privacy tie closely with SLA and service monitoring which often depend on the user identity. The identity information must be propagated in the cloud computing environment, to enable linking SLA and services with identity. For instance, to regulate the consumed network bandwidth to the total bandwidth the user has requested for, the monitoring point must associate the user’s IP address with the identity that comes from user authentication.
  • 66. Cross-Layer Functions: Cloud Performance Function The Cloud Performance Function serves the following purposes: – Aggregates or summarizes cloud network information for the management node – Used to make service routing decisions by the Published Endpoints – Monitors customer SLAs, and flags SLA violations – Point of monitoring and control for the management node
  • 67. Cross-Layer Functions: Cloud Operational Management Function • Power Management • Configuration Function • Charging
  • 68. Cloud Operational Management Function: Power Management • Power Management is to be seen as a part of the Management function and as such it is a cross layer function. • Power management represents a collection of IT processes and supporting technologies geared toward optimizing data center performance against cost and structural constraints. This includes increasing the deployable number of servers per rack when racks are subject to power or thermal limitations and making power consumption more predictable and easier to plan for.
  • 69. Cloud Operational Management Function: Configuration Function • This function comprises of databases and provisioning information using which cloud services can be customized. It will include user databases for authentication and authorization, policy servers for defining end-user SLAs, geographical or legal customizations on services, name servers for describing virtual and physical hosts along with cloud domain names, automatic configuration servers for devices that can be auto configured when they are powered on and TFTP or HTTP based software servers from where prior loaded images can be downloaded. • Cloud Configuration Databases comprise of configuration information that is necessary to coordinate cloud services.
  • 70. Cloud Operational Management Function: Charging (1/2) • Charging is critical for an operational cloud service platform. • Detailed logs of the users’ resource consumption should be correctly collected and retained. • The charging records should carry comprehensive information about how customers use the infrastructure resources
  • 71. Cloud Operational Management Function: Charging (2/2) • Specifically, the resource management system should collect the following charging data: – Computation consumption usage. This should reflect how much computation resources have been used by the customers. Data of computation consumption include the number of CPUs and the corresponding using time. – Storage consumption usage. This should show how much storage resources have been used by the customers. – Network bandwidth usage. This should keep the information of how much bandwidth has been used by the customers. – Other information that may affect charging, such as delivered QoS. – Other information for statistics.
  • 72. Contents • Cloud architecture • Cloud computing reference requirements architecture – Functional • Cloud computing reference blocks architecture - Layering – User layer framework – Access layer – Cloud architecture layering – Services layer – User layer – Resources and network layer – Access layer – Cross-layer functions – Services layer • Service architecture for – Resources and network layer desktop as a service (DaaS) – Cross-layer functions – Main functions of the DaaS service architecture – Interaction process between client and functional components of the DaaS
  • 73. Service Architecture for DaaS: Main functions of the DaaS service architecture: Connection Brokering (CB) function The main functions in the DaaS service architecture are given as follows: • Connection Brokering (CB) function – A connection broker is a software program that allows a CSU to connect to an available virtualized desktop. – The connection broker performs tasks which include: user authentication and license verification to validate the user and user’s software; management of a virtual machine (VM) for user assignment; server monitoring to measure the activity level of a given VM, and protocol coordination to coordinate on the protocol to be used between user and server. – The connection broker can also support the connection between a backup storage and virtualized desktop servers.
  • 74. Service Architecture for DaaS: Main functions of the DaaS service architecture: Resource Pooling function • Resource Pooling function – In order to provide on-demand virtualized desktop services, a resource pool can manage three different types of high-capacity software resources such as operating systems (OS), applications and user profiles. These software resources are transferred to a certain VM in streaming form timely and run on the VM. A resource pool can offer provisioning information regarding the software resources on request by a CB. – A user profile contains individual information about hardware configuration (i.e. CPU, RAM, I/O), used OS, selected applications, and user’s computing environment information (i.e. display resolution, Internet access way).
  • 75. Service Architecture for DaaS: Main functions of the DaaS service architecture VM Infrastructure function • VM Infrastructure function – The main role of the VM infrastructure is to support hardware resources and create VMs. – In a virtualized desktop server, a virtualization functionality called hypervisor is highly necessary to employ hardware resources efficiently. – A hypervisor can abstract physical hardware resources and assign them to higher level of software dynamically. – Consequently, the VM infrastructure provides VMs – the “virtualized desktops”- on which user’s software is operated. – It is recommended that the VM Infrastructure consists of a cluster environment with high availability features, and within which many running VM instances are created from the same VM template with pre-defined configuration parameters.
  • 76. Service Architecture for DaaS: Main functions of the DaaS service architecture Virtual desktop delivery function • Virtual desktop delivery function – This function involves encapsulating and delivering either access to an entire information system environment or the environment itself to a remote client device through the network. – The virtual desktop delivery protocol (VDDP) is the core component to realize this function and provides the communication channels between user terminals and servers for DaaS in order to transfer all the interaction information. – This information includes display information, control and configuration information, monitoring information etc.
  • 77. Conceptual diagram of the DaaS service architecture VM Infrastructure Vir tual Desktop Ser ver User B Virtual Desktop User B VM VM VM VM VM VM VM VM VM visor Hyper VM Hyper visor Hardware Hardware Virtual Desktop Deliver y Protocol (VDDP) Resource Pool Connection Broker User Profile Pool Client Resource Provision User C User D User Authentication User A User B Application Pool License Verification VM M onitoring/ M anagement User B Protocol Coordination OS Pool Windows 7 Service User Service Provider
  • 78. Interaction process for DaaS (1/2) The various steps of the interaction process for DaaS are as follows: • A user accesses a CB through a security protocol (such as SSH or TLS) and the CB validates the user with a user-ID and associated password. • The CB identifies a corresponding user profile and, in order to assign a VM, a provisioning function helps the CB to search the VM that satisfies user’s hardware configuration and is optimal to computing environment. • In case there is no proper VM, the CB requests the VM infrastructure to create a VM by sending information of hardware configuration. • After a VM is assigned or created, the CB applies the user profile to the VM including installation of OS and applications to construct a virtualized desktop.
  • 79. Interaction process for DaaS (2/2) • A connection to deliver a corresponding virtualized desktop is created in the VM infrastructure and the information of the connection is dispatched to the CB. • The CB sends the connection information to the user and the user connects to the desktop in the VM infrastructure. • The user communicates with the virtualized desktop through the network using the virtualized desktop delivery protocol (VDDP). • The user does execute a log-off operation to prevent the elimination of user data when he or she terminates a virtualized desktop service. • During the log-off operation, the CB updates the modified user profile in a user profile pool to keep the most recent information and returns the VM whose state becomes available.
  • 80. Cloud Computing Courses Fundamental Specialization • Cloud Ecosystem • Saas and Web Applications • Cloud Architecture • Virtualization • Cloud Infrastructure • Platform and Storage • Cloud Resource Management Management • Cloud Profiles • Cloud Security • Inter-cloud