Post on 27-Mar-2015
transcript
© 2012 Open Grid Forum
Simplifying Inter-Clouds
October 10, 2012
Hyatt Regency HotelChicago, Illinois, USA
© 2012 Open Grid Forum
Last June
• Last June, I was at the summer meeting of the NSF Center for Cloud and Autonomic Computing
• I presented some of these slides…
© 2012 Open Grid Forum
Fundamental Cloud Concepts
• Cloud Service Models• IaaS, PaaS, SaaS
• Cloud Deployment Models• Private, Hybrid, Federated/Community, Public
• Determined by Two Fundamental Properties:
Within Trust Boundary Crossing Trust Boundary
Centralized Private Cloud (Commercial) Public Cloud
DistributedFederated, Community
CloudFederated, Hybrid, or Multiple Public Cloud
© 2012 Open Grid Forum
Resulting System Types
• Centralized (stand-alone)
• Many basic functions can/must be deployed
• Distributed
• Distributed versions of most of the above
• Must minimize impact of latency and bandwidth
• Federated – Inter-clouds
• Requires federated identity, resource management
© 2012 Open Grid Forum
The Design Space
Cloud Res MgmtSecurity
Catalog & DiscoveryData Management
Svc/Job/Wkflw MgmtSystem Bldg Tools
CommunicationMonitoring & EventingAccounting & Auditing
APPLICATIONS
Large Scale
Small Scale
Centra
lized
Distrib
uted
Feder
ated
Goal: Identify a development sequence to get fromsmall-scale, private clouds to large-scale, federated clouds
© 2012 Open Grid Forum
Possible Centralized Cloud Topics
• Identity Provisioning
• Attribute-, Role-, and Policy-based Authorization
• Heterogeneous Compute Resources
• Complex, Virtual Applications
• Programming Paradigms
• Workflow Management
• SaaS Portals
• VM Scheduling
• VLAN Management
• Service Level Agreements
• Monitoring
• Policy-Based System Management
• Local Fail-over
• System Integrity
© 2012 Open Grid Forum
Distributed Cloud Topics
• Distributed versions of many centralized cloud functions will be needed• Critical to minimize the impact of reduced bandwidth and increased latency
on these functions when running them across a distributed infrastructure
• If something can be run in a centralized manner, do so!• Avoid distributed execution whenever possible
• Topics• Distributed catalogs and discovery• Distributed workflow management• Distributed programming paradigms• Policy-based data management• Remote fail-over
© 2012 Open Grid Forum
Federated Inter-Cloud Topics
• Federated Identity Management• Semantic interoperability of user attributes, roles
• Trust Federations• Trusting other users and identity providers through compliance certification• Example: International Grid Trust Federation, www.igtf.net
• Virtual Organizations• VO-specific roles/attributes determine what a user can do within that VO• Unilateral policy enforcement by resource owners• A well-defined policy language over user and resource attributes to enable cross-
organizational polices
• Single Sign-On• Reuse of electronic identities
• Delegation of Trust• Secure, third-party operations
© 2012 Open Grid Forum
And Geoffrey Said:
• “You’re making things too complicated.”
© 2012 Open Grid Forum
Why Do We Need Inter-Clouds?
• NIST Requirement #5
• Data access and interoperability and integration• Disaster Response• B to B, Agency to Agency, Sovereign to Sovereign
• R&D groups
• Surge Pools
• Fail-over
• Agile Organizations
• Avoiding non-interoperable cloud “silos”
© 2012 Open Grid Forum
Barriers to Technology Adoption
• Complexity• Number of components
• Scale of Adoption• Necessary ”critical mass” of realize benefits
• Scale of Usefulness; Metcalfe’s law• Market timing, market readiness
• Cost to deploy and operate• Time, money and people• Economic self-sustainability
© 2012 Open Grid Forum
Approaches to Adoption
• Risk mitigation• Unilateral deployments• Incremental deployments• Abstraction – Simplification• Descope – what works for most cases
•Avoid complicating “corner cases”
• Quick-n-dirty• Packaging• Standardized functions and interfaces
© 2012 Open Grid Forum
What Makes Inter-Clouds So Complicated?What Makes Inter-Clouds So Complicated?
And What Can We Do About It?And What Can We Do About It?
Three broad categories:Three broad categories:
Security, Resources, DataSecurity, Resources, Data
© 2012 Open Grid Forum
Security
• Federated Identity Management• Semantic interoperability of user attributes, roles
• Trust Federations• Trusting other users and identity providers through compliance certification,
e.g., IGTF
• Virtual Organizations• VO-specific roles/attributes determining user authorizations• Unilateral policy enforcement by resource owners• A well-defined policy language over user and resource attributes to enable
cross-organizational polices
• Single Sign-On• Reuse of electronic identities
• Delegation of Trust• Secure, third-party operations
© 2012 Open Grid Forum
Resources
• Complex Apps – VM, storage containers and VLANs
• VLAN Management
• Service Level Agreements
• Monitoring & Eventing
• Accounting & Auditing
• Local and Remote Fail-over
© 2012 Open Grid Forum
Data
• Data Access and Integration
• Attribute-, Role-, and Policy-based Authorization
• Policy-based data management
© 2012 Open Grid Forum
Conclusions & Recommendations?
• What adoption and simplification techniques could/should be applied to all of these capabilities?• ??• ??• ??