Cloud Computing 101
Syed Azeem
February 28, 2013
2
Welcome!
• The purpose of this learning session is to raise awareness about Cloud Computing
• Information gained from this session will be valuable in understanding business technology trends that re already affecting and will continue to affect all of us
• It is important to know about this topic because the Federal government, including DHS, is making a big push towards Cloud Computing initiatives
• We’ll try to keep this as interactive as possible, so please stop me when you have a question, or have something interesting to share
3
Cloud Computing
What is it, and why should I care?
Value & Benefits
Implications for DHS and the Federal government
Agenda
4
More Cloud Computing
Definitions, Models, Examples
What does it mean to be “in the cloud”
Video & Demonstration
Agenda (continued)
BACKGROUNDA little bit of perspective and history
6Source: The Singularity is Near (Ray Kurzweil)
7Source: Hewlett Packard Federal Practice (Rick Fleming)
LET’S GET STARTEDPerceptions, views, opinions and myths
9
10
11
Most Americans Confused By Cloud Computing According to National Survey
12
13
14
15
16
17
Survey Highlights
• 95% of those who think they’re not using the cloud, actually are
• 22% pretended to know how the cloud works• 40% believe accessing work information at
home in their “birthday suit” would be an advantage
• After being provided with the definition of the cloud, 68% recognized its economic benefits
18
Overcoming confusion, gaining empowerment and professional development
• This knowledge will set you apart from most– You’ll know what the cloud is, how it works and
what benefits it may provide your organization– At the next job interview, social gathering,
professional event or get together with friends, you won’t have to fake it
• Confusion because it an abstract concept and is not very intuitively understood, but can be easily grasped through gaining knowledge!
19
Cloud isn’t really the best term, so don’t take it literally• We are describing
something abstract
20
Ancient story about blind men and an elephant
21
Ancient story about blind men and an elephant
CLOUD COMPUTINGWhat is it all about?
23
What is Cloud Computing?
• A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Source: The NIST Definition of Cloud Computing
24
Cloud Computing defined in English
• The traditional and legacy IT model of separate IT infrastructures for each system, both within Federal government and industry, must evolve– To meet the growing customer demands within a budget-constrained
environment• A new service-based pattern of distributing computing power, not a
new technology in itself– It is supported by various technologies such as virtualization, service-oriented
architecture (SOA) and the Internet.• End user has much more control than he/she used to over a powerful,
remote server owned by somebody else– That control can extend up to the point where he/she achieves programmatic
control over the server, if desired• The heart of cloud computing is gaining that control while engaging in
one of the lowest-cost forms of computing
Source: DHS CIO; InformationWeek
25
Why is traditional IT on it’s way out?
• Not well positioned to reduce time to market for new services or provide transparency for operational expenses
• Introduces higher risk due to up-front capital expenditures
• Customized applications hosted in traditional data center environments cannot scale fast enough to support urgent demand in real-time
• Potential security vulnerabilities are harder and costlier to fix
Source: DHS CIO, Richard Spires (Congressional Testimony; October 2011)
26
Video: Federal CIO Council (cio.gov)
Source: http://cio.gov/cloud-computing-explained/
Sample uses of Cloud Computing• Websites and web services– DHS.gov, TSA.gov,
FEMA.gov, Ready.gov– Amazon.com,
Google.com• Mobile services– Google Mobile App
engine• Business & Productivity
Applications– Microsoft Office 365,
Google Apps– Quicken Online,
SalesForce.com
• Database & Storage– Google Cloud storage,
Google Cloud SQL (mySQL)
– Amazon Simple Storage Service (Amazon S3)
– Microsoft SQL Database/Reporting (Windows Azure)
• Scientific Uses– Medical research (NIH)– Space Missions (NASA
Jet Propulsion Lab)
28
Traditional IT architecture
29
Traditional IT
SharePoint Server Exchange Server (Email)
Project Server Oracle Financials
Human Capital System Contracts Management System
30
SharePoint Service
Project Service Oracle Financials Service
Exchange Email Service
Human Capital ServiceContracts
Management Service
31Source: Wikipedia
32
Total Cost Of Ownership (TCO)
• Gartner: total cost of ownership (TCO) is a comprehensive assessment of IT (or other) costs across enterprise boundaries over time
• For IT, it includes – hardware and software acquisition– management and support– Communications– end-user expenses– opportunity cost of downtime, training and other
productivity losses.
33
Considering TCO for IT
34
Another View: Cost Elements for IT
35
Benefit: Reduced Costs
• Ability to scale up and down• Maximum Utilization – Server loads approaching 100%
• Pay for only what you use
36
37
38
Cloud computing suitability based on usage patterns
Source: ELEKS R&D
Patterns Benefiting Most from Cloud Deployment
39
Cloud computing suitability based on usage patterns
Source: ELEKS R&D
Will Not Benefit from Utilization Efficiencies of Cloud, but Potential to Still Enjoy other Cloud Benefits
40
Benefit: Agility
• With traditional IT model, “time to market” is usually years, if not many months
• Cloud computing provides agility by:– Enabling significantly faster product launch cycles– Allows agencies to adapt and react to changes
with unprecedented speed– Agencies can focus on their core mission with IT
as an enabler and force multiplier
41
Benefit: Innovation
• Cloud computing is spurring innovation within the private sector and Federal government
• DHS is a key player in Federal cloud computing initiatives
• If not for the cloud, many solutions would not be possible today due to the resources required (time, money and people) were usually owned by large governments or corporations
• The game has changed; It’s a different paradigm; total shift in how IT serves business operations
42
Benefit: Sustainability & Green Government
White House
EPA
GSA
43
Source: sustainablevirtualdesign.wordpress.com
Why is the cloud more energy efficient?
44
Knowledge Check #1
• Cloud Computing = think of a SERVICE– It’s not a product– It’s not a system in the traditional sense• We are not buying hardware or software licenses
– It’s not a network, it’s not pipes, or real clouds, or furry animals!
– If you are unsure whether something is or is not based in the cloud, just see if it possesses the characteristics
HOW CLOUD COMPUTING WORKSBehind the scenes
46
Cloud model is composed of
• 5 essential characteristics• 3 service delivery models• 4 deployment models
Source: The NIST Definition of Cloud Computing
47
5 Cloud computing characteristics
1. On-demand self-service2. Broad network access3. Resource pooling4. Rapid elasticity5. Measured service
Source: The NIST Definition of Cloud Computing
48
Cloud computing is defined by 5 characteristics
Sources: NIST; Forrester; A.T. Kearny analysis
49Source: business2community.com
50
3 Cloud service delivery models
• System administrator• Provisions processing,
storage, networks, and other fundamental computing resources
• Able to deploy and run arbitrary software, which can include operating systems and applications
• Software developer:• Deploys custom or
acquired applications• Has control over the
deployed applications and possibly configuration settings for the application-hosting environment
• Does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)
•End-user:• Accesses and works on
applications• Able to configure
application-specific settings
• Does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage
Source: The NIST Definition of Cloud Computing
51
3 Cloud service delivery models (by roles)
52
Level of control and responsibility by cloud service delivery models
53
Risk-based view of Control/Responsibilityin Cloud service delivery models
Source: Enterprise Risk Management for Cloud Computing (COSO/Crowe Horwath LLP)
54
Service Example Cloud Delivery Model
Web applications such as: MyTSA, Gmail, Hotmail, Facebook, Google
Maps, Bing, Yahoo!A Pentium Xeon processor, with 16 gigabyte RAM, 2 terabyte hard disk, connected to a fiber-optic network
connection.A custom DHS online application and
its data stored in a database.Full control of all IT resources
including, servers, storage, networking, operating system, data
and applications.
SaaS
IaaS
PaaS
Traditional IT
Knowledge Check #2: Identify cloud service delivery model
55
Commercial PaaS offerings
• There are quite a few cloud service platforms available, but some of the most notable ones are– Windows Azure Cloud Services– Amazon Elastic Compute Cloud (Amazon EC2)– Google Cloud Platform
• Purchasing cloud services from these platforms, is like online shopping
• Pick the right mix of options for your needs, and start using immediately– No more spending weeks or months, for hardware to arrive, then
spending time and effort installing software and configuring everything
56
4 Cloud deployment models
• Private Cloud– Operated solely for an organization– May be managed by the organization or a 3rd
party (cloud service provider) and may exist on premise or off premise
• Community Cloud– Same as private cloud, except;– Shared by several organizations and supports a
specific community that has shared concerns (e.g., mission, security
– requirements, policy, and compliance considerations).
– may be managed by the organizations or a third party cloud service provider
– May exist on premise or off premiseSource: NIST; DHS CIO
57
4 Cloud deployment models (continued)
• Public Cloud– Made available to the general public (or a
large industry group)– Owned by a cloud service provider (usually
commercial)
• Hybrid Cloud– Composition of two or more clouds
(private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds)
Source: NIST; DHS CIO
58
Challenge/Risk: Security
• Myth: Cloud computing is not secure!• Security is probably the most discussed topic about the cloud, especially
for enterprise IT• Organizations want to leverage cloud benefits, but worried about their
data which sometimes is their biggest asset• Security risks in the cloud are pretty much the same as in your own
data-center• Serious efforts to secure systems is necessary regardless of the fact if its in
the cloud or on premises• Cloud providers continuously improve their security which probably
means that your data center actually might be less secured• Obviously, private cloud should be used for information requiring
increased protection and public information is best suited for public cloud
Source: ELEKS R&D
59
Cloud Security: Federal Government• FedRAMP Program
– Provides a common security risk model that supplies a consistent baseline for cloud-based services, including security accreditation (C&A) designed to vet providers and services for reuse across government
– Applies to both private and public cloud offerings
– Agencies can award contracts to already vetted providers
– Latest update: First few ATO’s to providers authorized; more to follow
60
Availability and Reliability
• Myth: Cloud servers can be often down!• Reliability can be an issue without redundancy• Easily solved by purchasing optional geographical redundancy• Amazon recommends to use it in case you want to deliver reliable
service. – Easy to build reliable application hosted in the cloud – Not a vendor problem if people don't do it– SLA is still 99.95% or close
• Same issue with traditional data center, if it goes down, it’s unavailable.– Imagine some failure happening in your data-center– With cloud you have a mirror setup – Hard to do have the same within your own data-center (unless you build two
of them)
Source: ELEKS R&D
61
Performance
• Myth: Cloud computing is slower than traditional servers
• Cloud providers use hardware virtualization which means that for most operations they have the same performance as bare metal appliances– Caveat: I/O latency is higher, but it matters only for high
performance computing apps, not for most regular business software
– Caveat: Some legacy apps could be slower after migration to the cloud• Relatively easy to get good enough performance in the cloud if you think
about it from the very beginning; it’s a matter of system architecture
62
Virtualization is a key enabler of cloud computing
63
More details on Virtualization
• Masking of server resources, including the number and identity of individual physical servers, processors, and operating systems, from server users
• Server administrator uses a software application to divide one physical server into multiple isolated virtual environments– Commonly known as virtual machines or virtual private servers– Sometimes also called as guests, instances, containers or
emulations• Virtualization is one of the few enabling technologies for
cloud computing, not cloud computing itself!– Cloud computing is a model encompassing the 5 characteristics
64
What are Virtual Machines?
• An abstract computer within a physical computer
• The point is to have multiple virtual machines within a physical server to gain efficiencies and other benefits
65 Source: Gartner
66 Source: Novell; IDC; Gartner
CLOUD COMPUTING WITHIN DHSCloser to home
68
DHS Private Cloud
• DHS has an aggressive commitment towards adapting and embracing cloud computing
• DHS is pursuing 9 current and planned private cloud services
• Private cloud for sensitive but unclassified information
• Public cloud for non-sensitive information
69
DHS Private Cloud (continued)
• "Given DHS's mission, we believe a robust private cloud solution will always be needed for DHS's most sensitive applications and data”
- DHS CIO, Richard SpiresOctober, 2011
70
DHS Cloud Services Categorization
71
DHS Private Cloud
• Email as a Service (EaaS):– Provides a single, enterprise-wide email and calendar infrastructure
that is efficient, secure, and less expensive than maintaining, staffing, and managing multiple environments
– Provides a unified, dependable service that is governed by the Department’s high security standards, including vulnerability analysis, routine vulnerability scanning, patching, and audit support
– Users are authenticated against either their Component-specific Active Directory (AD) domain or their Enterprise Authentication Service (AppAuth) unit for secure, single sign-on access (SSO)
– Components can apply appropriate identity and password policies in their AD. EaaS is a redundant service and removes risk of single points of failure
– Latest update: More than 100,000 users in production
72
DHS Private Cloud (continued)
• SharePoint as a Service (SHPTaaS):– Provides a secure Microsoft SharePoint Server hosted
environment, including tools and services to help DHS users manage information, effectively collaborate, and enhance personal productivity
– Users are able to easily create and manage collaboration, intranet publishing, and basic and custom team and project focused site collections
– Provides the Department’s daily operational needs and supports surge capabilities during national emergencies
– Latest update: 33,000 users on service; HQ, USCIS, CBP completing contract
73
DHS Private Cloud (continued)
• Development and Test as a Service (DTaaS):– Provides a secure development, test, and pre-production
environment that mirrors the production environment, while reducing reserve capacity by sharing infrastructure assets
– Not only provides a simple path to transition from project development to implementation, but also accelerates delivery
– Offers state-of-the-art processes and applications that optimize hardware and software usage
– Shortens time to market, delivers cost savings, and is offered under both private and public cloud deployment models
– Latest update: HQs, TSA, USCIS in operation; rolling to more components
74
DHS Private Cloud (continued)
• Production as a Service (PRDaaS)*:– Provides customers with uniform, cost-effective operating systems
with a security authorization process– Pre-provisioned infrastructure maximizes the effectiveness of best-of-
breed software and hardware– Provides rapid provisioning of a secure virtual operating environment
that furnishes robust hosting services for applications and services, including operating systems, network, and storage consistent with new industry standards and Department-approved technology
– Servers are provisioned in less than a week. This service is offered under both private and public cloud deployment models
– Latest update: pilots in progress for HQ applications; seed money in place for most components
* Basically IaaS with a different name
75
DHS Private Cloud (continued)
• WorkPlace as a Service (WPaaS):– Provides users with secure virtual access to
desktop operating systems and applications anywhere in the world
– Virtual computing replaces traditional desktops and laptops to provide secure access to the DHS information and applications on almost any computer, anywhere – including mobile devices
– Latest update: Current pilots with HQ, FLETC and USCIS
76
DHS Private Cloud (continued)
• Project Server as a Service (PSaaS):– An online project management software that
offers a single-stop website to consolidate projects and gives Components visibility into all requirements
– Provides integration with Microsoft SharePoint 2010 and resource maximization capabilities
– Latest update: HQ, USCIS, CBP, USCG are in live production
77
DHS Private Cloud (continued)
• Authentication as a Service (AuthaaS):– Application Developers and Application Owners can enable
SSO functionality for customers through the use of Authentication as a Service (AUTHaaS)
– Delivers 2-factor authentication and SSO capabilities to the end user community at no charge
– Latest update: Implementing ADFS 2.0 for internal and external requirements; implementing Kerberos, a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography; more than 100 applications; ISAs for HQs and ICE in coordination; ESSA in works
78
DHS Private Cloud (continued)
• Case and Relationship Management as a Service (CRMaaS):– Allows users to manage customer relationships on many
levels– Information regarding interactions with customers is available
throughout the organization, and enables users to make informed decisions and facilitates customer follow-up
– Data concerning interactions with customers is centralized and the information needed for customer service made readily available
– Users can make real-time updates – Latest updates: 5 customers are in live production
79
DHS Private Cloud (continued)• Business Intelligence as a Service (BIaaS):
– Initial capability was piloted from March 2011 through FY12– DHS will leverage this offering to enhance transparency into
departmental programming and expenditures– By the end of FY12, we expect the department will have visibility to
information sources across the investment lifecycle, including IT, financial, human resources, asset management, and other
– information sources– Based on the successful pilot and maturing offerings in service, the– department will look to move to a full Business Intelligence as a Service
offering in FY13– Latest update: Managed Service available across CXOs; ICE, CHCO looking
to leverage service; in production supporting USM, most components
80
DHS Public Cloud
• Enterprise Content Delivery as a Service (ECDaaS):– Ensure its public-facing websites are always available (even
during surges and emergencies)– Used extensively by the private sector, DHS adopted ECDaaS
to protect against denial of service attacks, help manage surge requirements, and significantly reduce hosting costs
– Proved invaluable during the July 4, 2009, denial of service attack on multiple federal Web sites
– Latest update: Operational and rolling to more components; new contract awarded for service and 70% of DHS public facing websites using service
81
DHS Public Cloud (Continued)• Web Content Management as a Service (WCMaaS)*:
– Leverage open source software hosted in the public cloud and consolidate all public facing DHS Web sites
– Based on the Drupal Content Management System, an industry leading open source technology, this solution provides new and innovative capabilities, delivering improved citizen-centric capabilities while ensuring the adoption of solid Content Management System (CMS) services that support timely Web maintenance as well as increased capabilities for accurate content updates
– Provides an integrated platform, multiple environments (staging and production), and a solution stack for content management and hosting for public-facing websites
– Latest update: DHS.gov, TSA.gov, FEMA.gov, Ready.gov operational; six other sites committed to migrate.
* Also known as Web Content Management as a Service
82
Federal Cloud Computing Strategy
• Further Reading:– Link
• Also check out: “25 Point Implementation Plan To Reform Federal Information Technology Management”
• Link
83
DHS Cloud Strategic Plan 2012-2016
• Further Reading:– Link
• Also check out “DHS IT Services Catalog” site
• Link