Cyber Security and Reliability in a Digital Cloud

7/29/2019 Cyber Security and Reliability in a Digital Cloud

1/95

JANUARY2013


2/95

REPORTOFTHE DEFENSESCIENCEBOARD

TASKFORCEON

CyberSecurityandReliabilityina

DigitalCloud

JANUARY2013

Officeofthe UnderSecretaryofDefense

for Acquisition,Technology,and Logistics

Washington,D.C.203013140


3/95

ThisreportisaproductoftheDefenseScienceBoard(DSB).

TheDSBisaFederalAdvisoryCommitteeestablishedtoprovideindependentadvicetotheSecretaryof

Defense.Statements,opinions,conclusions,andrecommendationsinthisreportdonotnecessarily

representtheofficialpositionoftheDepartmentofDefense(DoD).TheDefenseScienceBoardTask

ForceonCyberSecurityandReliabilityinaDigitalCloudcompleteditsinformationgatheringinMarch

2012.ThereportwasclearedforopenpublicationbytheDoDOfficeofSecurityReviewonJanuary

16,2013.

Thisreportisunclassifiedandclearedforpublicrelease.


4/95

OFFICE OF THE SECRETARY OF DEFENSE3140 DEFENSE PENTAGON

WASHINGTON, DC 203013140

November27,2012MEMORANDUMFORUNDERSECRETARYOFDEFENSEFORACQUISITION,TECHNOLOGY&LOGISTICS SUBJECT: FinalReportoftheDefenseScienceBoard(DSB)TaskForceonCyber

SecurityandReliabilityinaDigitalCloud

IampleasedtoforwardthefinalreportoftheDSBTaskForceonCyberSecurityandReliabilityinaDigitalCloud.ThisstudycomprisesonepartofaDSBCyberInitiative.AstudyonResilientMilitarySystemsistheothercomponentoftheinitiative.TheTaskForceassessedtheimplicationsofusingcloudcomputingresourcesandservicesforDepartmentofDefense(DoD)missionneeds.ThereportoffersimportantrecommendationsfortheDoDfocusedon:identificationandapplicationofcloudcomputingresourcestoDoDmissionareas;improvingDoDsimplementationofcloudcomputing;enhancingcloudresiliencyindegradedoperations;andfinally,areasrequiringfurtherresearchanddevelopment.Particularemphasisisgiventoimprovingcloudcomputingresiliencefordeployedforces.IfullyendorsealloftheTaskForcesrecommendationscontainedinthisreport,andurgetheircarefulconsiderationandsoonestadoption.

Dr.PaulKaminski Chairman

DEFENSE SCIENCE

BOARD


5/95

OFFICE OF THE SECRETARY OF DEFENSE3140 DEFENSE PENTAGON

WASHINGTON, DC 203013140

November27,2012

MEMORANDUM FOR UNDER SECRETARY OF DEFENSE FOR

ACQUISITION, TECHNOLOGY, AND LOGISTICS

Subject: Report of the Defense Science Board Task Force on Cyber Security and

Reliability in a Digital Cloud

The final report of the Defense Science Board Task Force on Cyber Security

and Reliability in a Digital Cloud is attached. The Task Force conducted an

independent assessment of the suitability of cloud computing architectures for DoDapplications. Key factors in the assessment included DoD mission enhancements,

cyber security benefits and risks, and potential cost savings associated with cloud

computing.

The Task Force also investigated the benefits and risks of cloud computing for

the needs of deployed forces. Several enhancements in cloud computing architectures

and training and operational exercising are recommended to improve the access toimportant data and computing resources under degraded operational conditions.

The Task Force recommends that for sensitive, classified, or time-critical

applications, the DoD should pursue private cloud computing to enhance missioncapabilities, provided that strong security measures are in place. This reportrecommends several improvements in cloud computing implementations to

strengthen cyber security and reliability.

Dr. Eric D. Evans Dr. Robert L. Grossman

Co-Chairman Co-Chairman

DEFENSE SCIENCE

BOARD


6/95

TABLE OF CONTENTS

v

TableofContents

ExecutiveSummary...................................................................................................vii

1. ScopeoftheReport................................................................................................1

1.1 TermsofReference............................................................................................... 1

1.2 TaskForceApproach............................................................................................. 1

1.3 OrganizationoftheReport................................................................................... 2

2. OverviewofCloudComputing.................................................................................5

2.1 TheLatestStepinanEvolutionaryProcess.......................................................... 5

2.2 WhatisCloudComputing?.................................................................................... 6

2.3 ManagingCloudComputing................................................................................ 11

3.Cloud

Computing

Architecture

and

Implementation

.............................................

15

3.1 TheBuildingBlocksofCloudComputing............................................................ 15

3.2 TheScaleofCloudComputing............................................................................ 16

3.3 SpecificCloudCharacteristicsAffectingArchitectureandImplementation.......18

3.4 ArchitectureofaModernCloudDataCenter..................................................... 20

4. CloudComputingBenefitstotheDoDMission......................................................25

4.1 Example:CommunicationandNetworking........................................................ 25

4.2 Example:AnalysisofLargeDatasets................................................................... 26

4.3 Example:OperationalSupportfortheWarFighter............................................ 26

4.4

Example:Situational

Awareness

for

Cyber

Security

...........................................

27

4.5 Example:WideareaPersistenceSurveillance.................................................... 27

5. CloudComputingSecurity.....................................................................................29

5.1 SecurityAssessment............................................................................................ 29

5.2 DataCenterSecurity........................................................................................... 35

5.3 SecureCloudComputingSoftware..................................................................... 36

5.4 SecureCloudComputingHardware.................................................................... 38

5.5 SecureDataCenterOperations.......................................................................... 40

6.

The

Economics

of

Cloud

Computing

......................................................................

46

6.1 CloudServiceEconomicDrivers.......................................................................... 47

6.2 BusinessCaseConsiderationsforCloudServiceUse.......................................... 49

6.3 ServiceLevelAgreements................................................................................... 50

6.4 CloudComputingCaseStudies........................................................................... 51


7/95

TABLE OF CONTENTS

vi

7. TechnologyInvestmentandResearchOpportunities..............................................53

7.1 Scalability............................................................................................................. 55

7.2 Security................................................................................................................ 57

7.3 Usability............................................................................................................... 60

7.4 CombiningTechnologies...................................................................................... 61

8. FindingsSummaryandRecommendations............................................................62

8.1 FindingsSummary................................................................................................ 62

8.2 Recommendations............................................................................................... 64

8.3 ConcludingRemarks............................................................................................ 67

TermsofReference....................................................................................................68

TaskForceMembership.............................................................................................70

PresentationstotheTaskForce.................................................................................71

AbbreviationsandAcronyms.....................................................................................76


8/95

EXECUTIVE SUMMARY

vii

ExecutiveSummary

Cloud computing is viewed by many as the next major step in the evolution of

computing infrastructure. Very large commercial cloud computing data centershave

emergedaroundtheworldwithpetaflopsofprocessingcapacity,hundredsofpetabytes

ofdatastorage,andwidebandnetworkaccess.Services,includingelectronicmail,data

storage,databasemanagement,applicationhosting,verylargedatasetprocessing,and

highperformancecomputing,aregloballyavailabletodayfrommanycloudcomputing

datacenters.Cloudcomputingadvocatespromiseondemanddeliveryofthesemassive,

warehousescalecomputingresourcessimplyandeasilythroughanetworkbrowser.

Much of the technology and computer architecture that enable modern cloud

computinghasrootsinthemainframe,clientserver,andearlyinternetcomputingeras.

Whathasemergedinrecentyears,however,differsfromalloftheseinmanyattributes.

Cloudcomputingdata centershavedifferentcapabilities,risks,andsecurityconcernsthanconventionalnetworks,aswellasdifferentcostandefficiencymodels.

Thesedifferencesaresubstantial,andhaveresultedinawidevarietyofrealisticand

unrealisticclaims for cloudcomputing,aswellasa gooddealofhypeandconfusion.

With theproper implementation andoperations, cloudcomputing data centershave

demonstratedasgoodorbettercybersecurity,capabilities,andcostthaniscurrently

availableinDepartmentofDefense(DoD)datacenters.Theseimprovements,however,

arebynomeansguaranteedforeverycaseandverymuchdependonthespecificdetails

oftheimplementationandoperations.

Cloud computing offers theDoDnew, agile computational capabilities to support

increasinglymultifaceted missions. Some DoD missions likely to benefit from cloudcomputingserviceswill involvevaryingorunpredictable computingrequirements, or

the integration of many, highcapacity data feeds from sensor networks and other

sources.Othermissionsmayincludetheanalysisofverylargedatasetsorthosethat

require the ability to move computational resources. An additional benefit is the

productivity gained from a ubiquitous connection to common cloudbased services,

suchasemail,sharedcalendars,unclassifiedtraining,ordocumentpreparation.

This study investigates the suitability of the cloud computing approach for

addressing the DoD enterprise and operational computing needs. Over the past few

years, DoD has transitioned some of its computing needs to cloud computing data

centers.Themainfactorsdrivingthistransitionincludeenhancedmissioncapabilities,

potentialreductionindatacentercosts,andpotential improvementin cybersecurity.

Thisstudyhasinvestigatedthesefactorsindetailandhasanalyzedthecharacteristics

that should be considered when DoD contemplates moving applications onto cloud

computingdatacenters.ThestudyalsoinvestigatedwaysfortheDoDtomanagethe

cybersecurityrisksandbenefitsassociatedwithcloudcomputing.


9/95

EXECUTIVE SUMMARY

viii

ImportantCloudComputingIssuesfortheDefenseUse

Typesof

cloud

computing

service

configurations

An important issue is selecting anappropriateconfigurationofcloud services for

DODcloudcomputingapplications:

Cloudcomputingservicesmaybeprovidedbyacompanythatprovidessimilar

servicestothepublic,adefenseonlycontractor,ortheDoDitself.

Cloudcomputingresourcesmaybesharedamonganumberofcustomers,oronlya

singleorganization.

Thestaffthatmanagesthehardware,software,andservicesmaybeuncleared

employeesofapubliccompany,clearedDoDcontractors,orDoDemployees.

Thecloudcomputinghardwareresourcesmaybelocatedinsharedspacewithother

customers,indedicatedspaceinabuildingwithothercustomers,atadedicated

facility,oronamilitarybase.

Cloudcomputingsoftwareresourcesmaybebasedonastandardormodified

softwarestackusedbyapubliccloudcomputingservicesprovider,standardor

modifiedopensourcesoftwarestack,proprietarysoftwarestack,customsoftware

stack,orsomecombinationofthese.

As is clear from this list, multiple dimensions distinguish how cloud computing

servicesmaybeprovisioned.Simplydistinguishingbetweenpubliccloudscommercial

publiccompaniesoperatingtheirowndatacentersthataresharedamongmanyexternal

customers using their own custom software and their own staffand nonpublic or

private cloudscan causeconfusion. Inthis report, the task forcedescribes the specific

aspectsofthecloudcomputingconfigurationthatarerelevanttoavoidthesimplechoice

ofpublicorprivateclouds.

Nationalsecurityconcernsclearlyprecludeputtingthecomputingresourcesofsome

sensitiveDoDmissionsandcapabilitiesinpublicsharedcloudsoperatedbynoncleared

personnel.Ingeneral,however,thedecisionwhethertohostaparticularapplicationina

particular cloud computing data center depends upon the specific details of the

applicationandthedatacenter.

Detailedmandatesforenhancedcybersecurity

An issue of importance to DoD is the development of a detailed approach for

enhancedcybersecurityacrossbothitsconventionalandcloudcomputingenterprise.

Thehardwareandsoftwareusedincloudcomputing,likeallhardwareandsoftware,

mayhavevulnerabilitiesthatcanbeexploitedbyadversaries.Cloudcomputingprocesses,

fortunately, offer the potential for improved cyber security through a number of

attributes, primarilybetter traffic filteringandmalware scanning,monitoring of usage


10/95

EXECUTIVE SUMMARY

ix

patterns and enddevice configurations, varying provisioning of data resources, and

improvedmanagementofsystemsoperations.Whetherallocatinganexistingapplication

toacloudcomputingdatacenterincreasesordecreasescybersecuritydependsuponthe

specific application, the specific characteristics of the configuration, and the specific

implementation.

Thecybersecurityofcloudcomputingneedsadditionalattentionwhenitisusedto

support missioncritical DoD applications. The task force found that, in many cases,

deploying applications to cloud computing data centers increased cyber security,

especiallyagainstlesssophisticatedthreats.Thetaskforcealsofoundthatmanyriskscan

be managed with available hardware and software measures, but the DoD needs to

carefully implementthesemeasuresbefore transitioningexistingapplications to cloud

computingsystems.

ResearchanddevelopmentworkwithintheMilitaryServices,theDefenseAdvanced

ResearchProjectsAgency(DARPA), andthe intelligencecommunityofferstechnologythatpromisessignificantimprovementsforcloudcomputingcybersecurityinthelong

term,andthisworkshouldbebetterintegratedwithacquisitionplanningforDoDcloud

computing data centers. In some DoD cloud computing implementations currently

underway,alargeremphasisoncybersecuritymeasuresisneeded.

Controlofcloudcomputingtransitionandsustainmentcosts

Realizingthepotentialcostsavingsassociatedwithcloudcomputingisimportantto

DoD. The transition of Federal government applications to cloud computing data

centershave,insomecases,resultedincostsavings.Thetaskforcefoundtheactualcost

benefitstobehighlycasedependent.Thiscostsavingsforthetransitionfromconventionalenterprisecomputingtocloud

computing has been achieved ina number ofways: through staffing, electric power

usage, and computing efficiency. Conventional systems typically require one

professionalstaffpertenstohundredsofservers,whereasmostcloudcomputingdata

centersonlyrequireoneprofessionalstaffforthousandsofservers.Electricpowerisa

largecomponentofdatacentercosts,andcloudcomputingdatacenterscanbelocated

wherepower isrelativelylessexpensive.Finally,throughvirtualizationandimproved

processing management, servers in cloud computing data centers can be more

efficiently used, often achieving greater than five times the server efficiency as

comparedwithconventionalcomputing.

The required cost to enhance cyber security for any cloud computing

implementation will need additional investigation. Some additional hardware and

software will be required, and the cost for these components will need to be

incorporatedintothetransitionandsustainmentcostswhencontemplatingtransition

toacloudcomputingdatacenter.


11/95

EXECUTIVE SUMMARY

x

DoDcloudcomputingdatacenters

Of particular importance to DoD will be finding ways to mitigate risk while

achieving the capability benefits and potential cost reductions that cloud computingpromises. An important aspect of cloud computing is the ability to operate

infrastructureatawarehousescaledatacenterand,thus,toprovidenewcapabilities

andenablecostsavings.Butwarehousesare,bytheirnature,highlyvisible;havingonly

a few,very largeDoD data centersmay create attractive targets for anadversary to

attack.Further, thecentralization impliedbya Fort Knox approachwitha single,

very large data centercannot provide DoD with resilience or lowdata transfer

latenciesrequiredforglobaloperations.

ThetaskforcethereforerecommendsthatDoDdesign,implement,anddeployasetof

geographicallydistributeddatacentersthatcouldbecouldbeoperatedasasinglesystem.

A few tens of such consolidated cloud computing data centers, established across the

UnitedStatesandaroundtheworld,seemslikeagoodstartatcreatingasensiblecloud

capabilityforDoD.Ifappropriatelydesigned,acollectionofmodulardatacenterswould

provideDoDwithrobustandelasticcomputingcapacity.

Commerciallyavailabledatacenters,withserversembeddedinmodularunits,offer

DoD a relatively low cost and rapid way to develop a defense cloud computing

infrastructure.TheDoDcouldsituateclustersofthesemodulardatacentersinphysically

secureareas.Thesemayincludemilitarybasesthathaveaccesstolowcostandreliable

powerandwidebandnetworks.

Thesemodulardatacenterscouldbedesignedasaunitandpurchasedovertime.In

this way, standard best practices could be applied, such that onethird of the

decentralizeddatacentercouldberefreshedeachyeartoensureongoingmodernization.Suchadesigncanalsoprovideagilitybecausecomputinginfrastructurecouldbemoved

betweengeographiclocationswhenneeded.

Resilientcloudcomputingresourcesfordeployedforces

A final issue of importance for the DoD is to provide resilient cloud computing

resources at the warfighter edgelocations and times with scarce bandwidth.

Deployed forces often execute their missions under degraded conditions and

disadvantageddatalinks,andthislimitsawarfighter'saccesstothemostcurrentdata.

Inthesecases,thickclientswithenhanceddatastorageandredundantdatalinks

could ensure limited access to data. When lowlatency processing is needed, cloud

computingdataresourcescouldbedeployedincloseproximitytothedatastreams.

Theavailabilityof secure,modularcloudcomputingresourcescouldprovideDoD

withthecapabilitytoforwarddeploydataandcomputingresourcestomeetwarfighter

needs.


12/95

EXECUTIVE SUMMARY

xi

SummaryofKeyFindingsandRecommendations

TheSignificance

and

Impact

of

Cloud

Computing

Finding1:Althoughcloudcomputingisanoverloadedterm,cloudcomputingproviders

areofferingservicesthatarefundamentallynewanduseful,typicallydeliveringthe:

abilityformassivescaleupofstorageandcomputing

rapid,agile,elasticitywiththeabilitytoincreaseanddecreasestorageand

computingcapacityondemand,whenthecommunityoftenantsdontallrequire

thatcapacityatthesametime

meteredserviceswheretheuserpaysonlyforwhatisused

selfservicestartupandcontrol

Finding2:Modulardatacentersofferanapproachtoquicklysetupcloudcomputing

capacity,toaddadditionalcapabilitytoexistingcloudcomputingdatacenters,andto

easilyrefreshorupdateexistingcapability.ThisconceptisillustratedinFigureF1.

Finding 3: Cloudcomputing servicescan scale todata centers or warehousescale

computing. Elastic, warehousescale cloud computing is fundamentally new and can

provideDoDwithimportantnewcapabilities.

FigureF1.ConceptforageographicdistributionofDoDdatacenters


13/95

EXECUTIVE SUMMARY

xii

TheSecurityofCloudComputing

Finding 4: Cloud computing is not intrinsically more secure than other distributed

computingapproaches,butitsscaleanduniformityfacilitateandenablethewholesaleandconsistentapplicationofsecuritypractices.Secureaspectsincludelargescalemonitoring

andanalysisofdatatodetectattacks,andautomatedandpersistentprovisioningandre

provisioningtofoilintrusions.Forthesereasons,welloperatedcloudcomputingfacilities

can exhibit better security hygiene than conventional data centers. However, the

centralizationofresourcesinahugedatacenteralsoencouragesmoredeterminedattacks,

especiallyoncriticalcomponentsbroadlyaffectingsecurity.Thisissimilartoconventional

systemswhereattacksareobservedtofocusoncentraldirectories.

Finding5:Thescaleofcloudcomputingenablestheanalysisofpacketandlogdatathat

provides new capabilities for event forensics and realtime detection of malicious

behavior. Theability tomanage very large, diverse datasets facilitates a datacentricsecurity model in which users are authorized to work with data based upon their

securitycredentialsandthesecuritymarkingsonthedataratherthantheconventional

enclavecentricsecuritymodelinwhichusersareprovidedaccesstoanenclaveandcan

accessallthedataintheenclave.

Finding6:Nocloudcomputingdeploymentmodelisuniformlysuitableforhostingall

DoD applications. In general, sensitive, classified, and timecritical DoD applications

shouldbedeployedonlyinprivatecloudsorconventionalnoncloudapproaches.

Finding 7: The case for transitioning a DoD application to a cloud computing data

center must include a security assessment detailing the impact of the transition.

Whethersecuritywillbeimprovedbytransitioninganapplicationtoacloudcomputingdatacenterwilldependonfactorsspecifictotheapplication,tothecloudcomputing

datacenter,andtothetransitionprocess.

Finding 8: The DoD has not established effective plans for cloud computing facility

backuporfordealingwithanyanticipateddegradationofcommunicationsbetweenthe

cloudcomputingfacilitiesandtheenduser.

TheCostsAssociatedwithCloudComputing

Finding9:Potentialcostreductionsorincreasesincurredduringthetransitiontoand

sustainment of cloud computing infrastructure depend on the specifics of theimplementation.Potentialcostreductionfactorsincludeahigherutilizationofservers,

lowerprofessionalsupportstaffneeds,economiesofscaleforthephysicalfacility,and

theflexibilitytolocatedatacentersinareaswithlowercostpower.


14/95

EXECUTIVE SUMMARY

xiii

ResearchandDevelopmentforCloudComputingTechnologies

Finding10:TheDoDhasactiveresearchanddevelopmenteffortsintechnologyareas

applicabletocloudcomputingperformanceandsecurity.SustainedDoDinvestmentin

cloudcomputingsecuritytechnologyiscriticallyimportanttoallowDoDdatacentersto

continueimprovingtheirdefensesagainstevolvingthreats.Researchanddevelopment

in softwarestackprotection,monitoring, andforensicsof very large datasets, secure

hypervisors,andadvancedencryptionoffersignificantpossiblesecuritybenefits.

OverarchingRecommendations

Recommendation1:Forsomesensitive,classified,andtimecriticalapplications,theDoD

shouldpursueprivatecloudcomputing,providedthatstrongsecuritymeasuresareinplace.

Inparticular,

cloud

computing

based

solutions

should

be

considered

for

applications

that

require the agility, scaleout, and ability to integrate and analyze massive data that cloud

computingcanprovide.Examplesofsuchapplicationsinclude:bigdataanalysisandallsource

intelligenceintegration;processing,exploitation,anddisseminationofdatagatheredthrough

intelligence,surveillance,andreconnaissance(ISR);largescalemodelingandsimulation;open

sourcedatacollection,storage,andassessment;andadvanceddecisionsupportsystems.

Recommendation2:TheDoDCIOinpartnershipwiththemilitaryServicesshoulddeploy

interconnected,modularcloudcomputingdatacenterslocatedatsecurelocations,such

asmilitarybases.

The

development

of

large,

private

community

clouds

in

DoD

will

enable

greater

computing

and storage elasticity and the improved ability to operate under degraded conditions. The

DoD CIO should guide this development with an eye on both current and future DoD

computingneeds.

A DoD private community cloud may include inhouse, insourced, or outsourced private

clouds.Implementedthroughinterconnected,modularcloudcomputerdatacenters,thiscan

beoperatedasanintegratedunittoimprovethepotentialreducingcosts.

Because largedatacenterscanalsobeattractivetargets,geographicallydistributedmodular

datacentersare recommended thatareoperatedasasingle, largescale,distributedcloud.

Thedesignshouldincludeadistributeddatacenterarchitecturethatallowsaccessbymultiple

Services

and

Agencies.

Cost

savings

would

be

achieved

through

shared

development,

operations,andmaintenancesupport.

These modular data centers could be located on military bases in order to provide good

physicalsecurity.Thelocationshouldalsobeinfluencedbythecostandavailabilityofreliable

electric power. It is anticipated this will be similar to the National Security Agency private


15/95

EXECUTIVE SUMMARY

xiv

cloud models. Shared cyber security event response and rapid forensics would be an

enhancedcapability.

By

designing

and

acquiring

these

data

centers

as

a

system,

the

DoD

can

achieve

theeconomiesofscaletypicallyassociatedwithlargedatacenters.

Recommendation3:TheDoDCIOandDISAshouldestablishclearsecuritymandatesforDoD

cloudcomputing.

Security mandates should be aimed at reducing the number of cloud compromises and to

mitigatethosethatoccur.Someexamplesofpotentialmandatesinclude:

HypervisorshostingDoDoperatingsystemsshouldhaveeffectivecryptographicsealing,attestation,andstrongvirtualmachineisolation.

Dataatrestshouldbestoredinencryptedformwithkeysprotectedusinghardware

attestation,such

as

atrusted

platform

module

(TPM).

Dataintransitoncommunicationlinesshouldbeencryptedwithkeysprotectedusinghardwareattestation,suchasaTPM.

Accesstocloudcomputingsystemsshouldrequiremultifactorauthentication.

Recommendation4:TheDoDCIOshouldestablishacentralrepositorytofullydocument

cloudcomputingtransitionandsustainmentcostsandbestpracticesforprograms

underwayorcompleted.

Becausethecostsavingstobegainedthroughcloudcomputingarecasedependent,acentral

repositorydocumentingDoDcloudcomputingprogramsisneeded.Thegoalofthisrepository

isto

improve

the

understanding

of

the

following:

systemcostsbeforetheswitchtocloudcomputing,costsduringtransition,andsustainmentcosts

enhancedfunctionalityattributabletocloudcomputingarchitectures

bestpracticesforcloudcomputingsecurity

issuessurroundingservicelicenseagreements

metricsforavailabilityandreliability

Thisrepositorywillenable leveragingthe lessons learnedfromseveralDoDcloudcomputing

initiativesunderway,including:

NSAdevelopmentanduseofprivateclouds

DISARapidAccessComputingEnvironment(RACE)

ArmyEnterpriseEmail


16/95

EXECUTIVE SUMMARY

xv

RecommendationstoImproveDoDsImplementationofCloudComputing

Recommendation5:TheDoDUSDAT&LandtheDoDCIOshouldestablishalean,rapid

acquisitionapproach

for

information

technology

infrastructure,

including

cloud

computing

hardwareandsoftware.

Acquisitionguidelinesforallinformationtechnologynotonlycloudcomputinghardwareand

softwareshould strive to create a lean, capabilitiesbased approach with strong, clear

security mandates. Rapid certification and accreditation (C&A) and other characteristics to

streamlineacquisitionofcloudcomputinghardwareandsoftwareshouldbedevelopedand

implementedquickly.

Recommendation6:TheDoDCIOandDISAshouldestablishstandardservicelevel

agreementsforprivateandpubliccloudcomputing.

Key

attributes

that

should

be

included

in

service

level

agreements

include

availability,

authenticationandauthorizationapproaches,dataprocessingandstoragelocations,software

anddatabackupapproaches,cyberattackeventnotification, requiredstaffclearancesand

background checks, software and data disposition, risk disclosure requirements, and

contingencyplan.TransparencyinalloftheseaspectsforDoDserviceproviderswillhelpset

standardsforsecurecloudcomputingacrosstheeconomy.

Recommendation7:TheDoDCIOandDISAshouldparticipateinthepublicdevelopment

ofnationalandglobalstandardsandbestpracticesforcloudcomputing.

Akeyoutcomeofthisactivitywillbetoinformtheprivatesectorandopensourcedevelopers

abouttheagilityandauditabilityrequirementsforDoDcloudcomputing.

RecommendationstoImproveCloudComputingforDegradedOperations

Recommendation8:TheDoDandtheintelligencecommunityleadershipshoulddevelopa

unifiedapproachfortrainingandexercisingwithdegradedinformationinfrastructure,

includingcloudcomputinghardwareandsoftware.

Degradedoperationsinarealisticoperationalexercisemustbeimplementedorganically,i.e.,

beyondsimplyholdingupawhitecardto introduceacybereventtoanexercise.Advanced

cybersecuritythreatsshouldbeexercised, includingagradualrampupofthreatand lossof

disadvantagedcommunicationanddatalinksaswellasprimarycapabilities.Enhancedredand

blueteaming

should

be

established

along

with

operational

exercises

incorporating

degraded

cloud computing infrastructure. Participants should demonstrate a rapid forensics response

andeffectivebackupplans.


17/95

EXECUTIVE SUMMARY

xvi

Recommendation9:TheJointChiefsofStaffandCombatantCommandsshouldestablish

effectivebackupplansforoperationswithdegradedinformationinfrastructure,including

cloudcomputinghardwareandsoftware.

Candidateplanattributesincludeimplementingthickerclientsandforwardcachingofdataas

wellasbackupdatanetworks,processors,andstorage.Eachorganizationshouldalsodevelop

operationalcontingenciesfordegradednetworks.Potentialstrategiesalsoincludeusinglocal

network connectivity for forward clients and narrowband, analog communication links for

situationalawarenessandwarning.

RecommendationsforInvestment

Recommendation10:TheDoDshouldcontinueinvestingsignificantlyininformation

securityresearchanddevelopment,includingresearchanddevelopmentforsecurecloud

computingtechnology.

To best leverage stateoftheart cloud computing technologies for DoD, significant

investmentshouldcontinuefortechnologyresearchanddevelopmentactivitiesinareassuch

as: efficient operations of cloud computing data centers; cloud security; secure, lean

hypervisors; microvirtualization; advanced TPMs; homomorphic computing; and cloud

situationalawarenesssoftware.


18/95

1 SCOPE OF THE REPORT

1

1. ScopeoftheReport

1.1 TermsofReference

Overthepastseveralyears,cloudcomputinghashadamajorimpactoncommercial

informationprocessing.ThisreportexaminesthesuitabilityofcloudcomputingforDoD

infrastructure,supportapplications,andmissionapplications.

Thetermsofreferenceforthisstudyidentifiedthefollowingtopicsforinvestigation:

Characterizetheoperationalpropertiesofcloudsandthequalityofservicethatcan

bedeliveredtoconnectedusers.

Consideralternativedesignsandimplementationsofthesetechnologiesand

evaluatetheiruseforvariedmilitaryandintelligenceapplications. Evaluatethevulnerabilityofacloudinfrastructuretovariousattacks,comparedto

alternativeinfrastructures.

Determinehowtoavoidthedangerofconcentratingdataandcomputation.

Reviewandprojecttheconsequenceofcurrenttrendsindigitaltechnologyoncloud

deployments.

Commentoncustomerpracticesandmodesofinteractionwiththecloudthatmay

aidinincreasingsecurity.

Makerecommendationsonwhataspectsofthesetechnologiesshouldbeconsidered

toincreasereliabilityandtoassuresecurityasthemilitaryandintelligence

communitiesevolvetheirdigitalinfrastructure. Identifyresearchopportunitiesandestimatethelevelofinvestmenttoachieve

resultsconsistentwithDoDneeds.

Thefulltermsofreferencecanbefoundonpage68ofthisreport.

1.2 TaskForceApproach

As shown in Figure 1, the task force investigated in detail cloud computing

definitions, attributes, and service management models, as well as dimensions for

implementation. Proposed motivation that were assessed for transitioning to cloud

computing architectures included potential DoD mission capability enhancement,securityimprovements,andcostreductions.

Thetask force then developed examplesforareaswhere cloudcomputingwould

benefit DoD missions. This resulted in a set of findings and recommendations for

improvingtheDoDsabilitytousecloudcomputingarchitectureseffectively,withcost

reductionsandsufficientlevelsofsecurity.


19/95


2

Ina finalphase, the task forcediscussed in severalmeetingshow theDoD could

improve the implementation of cloud computing systems for DoD missions and

applications.

1.3 OrganizationoftheReport

AnoverviewofcloudcomputingispresentedinChapter2.Thischapteralsodefines

termsandconceptsusedthroughoutthereport.TheNationalInstituteofStandardsand

Technology (NIST) provided a consensus definition of cloud computing that was a

useful starting point for discussions; however, the task force found places where a

broaderdefinitionwasalsouseful.

InChapter2,avarietyofdifferentservicemodelsanddeploymentmodelsforcloud

computing are described. The task force found ithelpful toview a cloud computing

facilityas awarehousescale computing facilitythatsupportscomputing applications

andservicesforremoteusersconnectedusinganetwork.

SomewellknownexamplesofcommercialcloudserviceprovidersincludeGoogle,

Amazon, Yahoo!, and Microsoft, but these services can also be provided by defense

agenciesordefenseonlycontractors.ConfusionregardingDoDuseofcloudcomputing

hasarisen,inpart,becauseofunstatedassumptionsonwhoprovidestheservice.

Chapter 3 looks in some detail at cloud computing architectures and how cloud

computingisimplemented.Acommercialcloudcomputingfacilitycancontainhundreds

of thousands of servers, with applications and services scaled to employing this

capacity.Computingatthisscaleisafundamentallynewcapability.

Figure1.

The

task

force

approach


20/95


3

Onewaythatcommercialcloudcomputingfacilitiesachieveefficienciesisthrough

virtualization. With virtualization, operating systems and applications operate on

independentvirtualmachinesthat share physicalprocessors.By implementingmany

virtual machines entirely in software on a large physicalmachine, the arrangement

more efficiently utilizes physical resources while providing computational isolation.

Because virtual machines can be migrated between computers located in different

geographically distributed data centers, the system experiences improved fault

toleranceandloadbalancing.

Chapter4looksatsomeofthebenefitstoDoDsmissionthatcouldbeenabledby

cloudcomputing.Themobilityofcomputinginfrastructurehasimportantimplications

forDoD.Theabilitytomovecollectionsofvirtualmachinesandthevirtualnetworks

thatconnectthemwillbecriticalforfutureDoDapplicationsandmissions.

Today, commercial cloud computing facilities offer an ability to selfprovision

computinginfrastructureondemandandasneeded,payingjustforwhatthecustomer

uses. This agility is extremely useful for settings where there is widely varying or

unpredictablecomputingneeds.Thetaskforcealsoobservedthatthewideavailability

ofcloudcomputingleadstothereasonableassumptionthatadversariesoftheUnited

Statesmayusecloudcomputingforbothdefensiveandoffensivemissions.

Chapter5discussessecurityof cloudcomputing,which hasbeen questioned ina

numberofstrategiesandstudies.1,2,3,4Thetaskforcefoundthistobeacomplexsubject

whereevolvingobjectivesmakeanalysisparticularlydifficult.Thetask forceobserved

severalsubtletiesthataffectthisanalysis.Thesearehighlightedhere,anddiscussedin

detailinChapter5.

The responsibility for security in most cases is shared between a cloud serviceproviderandacloudserviceclient.Differentcloudcomputingserviceanddeployment

models split this responsibility differently, with manymodels requiring that two or

more parties be involved in managing the computing infrastructure and security

measures. Such sharing can bea problemwhen the providerand client are different

organizationswithoutunrestrictedtwowaycommunication.

Securitycannot bediscussed independently of a defined threat. Protecting against

highlevelthreatsisextremelydifficult;thesafestcourseistoassumethatanycomputing

infrastructure might be compromised, to develop mechanisms that operate in the

1. L. Leong and N. MacDonald, Mitigating Risks in Cloud Infrastructure as a Service (GartnerResearch G00235858, July 11, 2012). Available at time of press at http://goo.gl/oIeq5

2. United States Department of Defense, Cloud Computing Strategy (DoD Chief Information Officer,July 2012). Available at time of press at http://goo.gl/MfFQg

3. IBM. X-Force 2011 Trend and Risk Report, IBM Security Collaboration (March 2012). Available attime of press at http://goo.gl/MW0qH

4. V. Winkler, Securing the Cloud: Cloud Computer Security Techniques and Tactics (April 2011).Available at time of press at http://goo.gl/AVEIO


21/95


4

presenceofsuch compromise,and todesign inaway thatwillmitigatethe impact of

compromises.Cloudcomputingdifferslittlefromconventionalcomputinginfrastructures

inthisregard.

Thescaleofcloudcomputingisvastlydifferentfromconventionalcomputingsystems.

Such scale requires automation for provisioning and management of the computing

infrastructurewithhumansoutoftheloop.Forthisreason,thesecurityhygieneofcloud

computingsystemstendstobebetterthancomputingsystemsofcomparablesize.Thus,

cloudcomputingcanofferequivalentorbetterprotectionagainstlowlevelthreatsthat

tendtoexploitvulnerabilitiescausedbypoorsystemhygiene.

Chapter 6 considers issues and circumstances inwhich cloud computing can be

expected to lower the costs of computing infrastructure. By leveraging scale,

commercialcloudcomputingsupplierscanoffercomputingservicesandapplicationsat

lowercostthanacompanyororganizationcanoftenachieveinternally.

For example, because of the scale and the automation of provisioning and

management of computing infrastructure, commercial cloud computing data centers

generally require far fewer systems administrators. As an example, conventional

enterprisecomputingmightrequireonesystemadministratorpertensorhundredsof

servers, while a commercial cloud service provider might only require one system

administratorperthousandsofservers.

Theseadvantagesmustbeconsideredagainstthehighercoststhatdefensesystems

may incur. These may include DoD acquisition process requirements or specific

certificationandaccreditationprocesses.

Chapter7suggestsareasforresearchanddevelopmentoftechnologythatcouldbeimportanttotheDoDsuseofcloudcomputing.Anemphasisisplacedonresearchthat

improvesthesecurityandcapabilities of cloud computing systems.Payoffs for some

investmentswillbeseeninafewyears;otherproblems,however,willbesolvedonly

withlongertermsustainedresearchsupport.

Finally, Chapter 8 presents the study recommendations that flow from the

assessmentsand findings in the first sevenchapters. The chapter includesproposed

DoDleadstotakeresponsibilityfortherecommendations,andsomeadditionaldetailis

providedtoclarifytheintentoftherecommendations..


22/95

2 OVERVIEW OF CLOUD COMPUTING

5

2.OverviewofCloudComputing

Thephrasecloudcomputinghasevolvedtohavedifferentmeaningsfordifferentpeople. Rather than defining it, this chapter describes some historical background,

various types of cloud computing platforms, and different characteristics of cloud

computing architectures. The task force believes that, over time, cloud computing

modelswillevolve,andthisevolutionmaynotbereflectedintodaysdescriptions.In

thisreport,standarddefinitionsareusedwheretheysufficeandareexpandedwhere

necessary.

2.1 TheLatestStepinanEvolutionaryProcess

Cloudcomputingcanbeviewedasthenaturalevolutionofavarietyofcomputing

technologies, includingvirtualization,clientserverarchitecture,theWorldWideWeb,and networking. The evolution of some computing platform precursors to cloud

computingisshowninFigure2.

Asearly as the 1960s, mainframe computerswere shared amongmultipleusers

acrossanenterprise,whilelogicallyisolatingtheirprocessinganddatafromeachother.

In the 1980s, standardized packet network protocols were developed and widely

deployed,alongwithclientserverarchitecturestoutilizethem.Theabilityto connect

userstocomputinganddataresourcesviastandardizednetworksisakeyenablerof

cloudcomputing.

Figure2.Historicalprecedentsforcloudcomputing


23/95


6

ThedevelopmentoftheWorldWideWebinthe1990s,withitsstandardmarkup

language, transfer protocol, and graphical browsers, made clientserver computing

ubiquitous.Businessbegantoprovideserverstodelivercontentandservicesatatruly

globalscale.

Seen in this historical context, the development of cloud computing is the next

logicalstepintheevolutionofcomputation.Ithasbeenenabledbytheavailabilityof

broadband networks and inexpensive enduser devices, as well as commodity

computingnodesthatcanbesimplyinterconnectedandcontrolled,andvirtualizationto

providetheappearanceofisolatingprocessesthatsharecomputers.

2.2 WhatisCloudComputing?

OnewellknowndefinitionofcloudcomputingwasprovidedbyNIST.5Itbegins:

"Cloud computing is a model for enabling ubiquitous, convenient, ondemand

networkaccess toa shared pool ofconfigurable computing resources (i.e., networks,

servers, storage, applications, and services) that can be rapidly provisioned and

releasedwithminimalmanagementeffortorserviceproviderinteraction."

Thedefinitiongoesonto identifyfiveessentialcharacteristicsofcloudcomputing.

Theseareasfollows:

Ondemandselfservice.Aconsumercanunilaterallyprovisioncomputing

capabilities,suchasservertimeandnetworkstorage,asneededautomatically

withoutrequiringhumaninteractionwitheachserviceprovider.

Broadnetworkaccess.Thecloudscapabilitiesareavailableoverthenetwork

fromawidevarietyofedgedevices,includingworkstations,laptops,tablets,and

mobilephones.

Resourcepooling.Thecloudcomputingprovidersresourcesarepooledtoserve

multipleconsumersusingamultitenantmodel,withdifferentphysicalandvirtual

resourcesdynamicallyassignedandreassignedaccordingtoconsumerdemand.The

customer(ortenant)generallyhasnocontrolorknowledgeabouttheexactlocation

ofallocatedresources,butmaybeabletospecifylocationatahigherlevelof

abstraction(e.g.,country,state,ordatacenter).Examplesofresourcesincludestorage,

processing,memory,andnetworkbandwidth.

Rapidelasticity.Cloudcomputingcapabilitiesallocatedtothecustomercanbe

elasticallyprovisionedandreleasedasrequiredbydemand,insomecasesautomatically.Tothecustomer,thecloudcapabilitiesavailableoftenappeartobe

unlimitedandcanbeappropriatedinanyquantityatanytime.

5. P. Mell and T. Grance, The NIST Definition of Cloud Computing (September 2011). Available at

time of press at http://goo.gl/eBGBk


24/95


7

Measuredservice.Cloudcomputingsystemsautomaticallycontrolandoptimize

resourceusebyleveragingameteringcapabilityappropriatetothetypeofservice

(e.g.,storage,processing,bandwidth,andactiveuseraccounts),typicallyonapay

perusebasis.Resourceusagecanbemonitored,controlled,andreported,providing

transparencyforboththeproviderandconsumeroftheutilizedservice.

Twoaspectsofcloudcomputingareofparticularsignificance.Thescaleofprocessing

andstoragethatbecomesavailablethroughcloudcomputingisunprecedented,withupto

hundredsofthousandsofcomputersactinginconcert.Itisthislargescalesometimes

calledwarehousescaleorinternetscalecomputingthatenablesthedesignofreliable

computingservicesusinglessthanreliablecommoditycomputers.Solvingthischallenge

hasprovidednewcapabilities.

Also new is the easeofuse of cloud computing services. Many cloud computing

serviceprovidersallowausertoconfigureanewcomputinginfrastructurethroughasimplewebformwith instantaneouspaymentbycredit card. Theability toremotely

requesthundredsofserversforafewhoursandtohavethemavailableafewminutes

later is another new capability. This capability has transformed the work of many

scientistsandengineers,aswellastheirinformationtechnologysupportpersonnel.

2.2.1 Data,utility,andothercloudcomputingservices

Different types of cloud computing are provided from large, remotely located,

interconnecteddata centershence, thecommonuseofcloudcomputing todescribe

different uses. Cloud computing servicesareprimarily categorizedasutilityor data

intensive,andalsoincludestorage,highperformancecomputing,andotherspecialized

functions.

Utility computing is a label for cloud service providers that make computing

resources available to consumers, much as electric companies and other utilities

provideservicestoconsumers.Withanelectricpowerutility,ahomeownercan,within

limits, requestelectricity simplyby flipping a switch onadevice, receive thatpower

instantlyfromadistantgeneratingfacility,sharethegeneratingfacilitywiththousands

of other customers, usemore or less power as needed, and pay only for the power

actuallyused.

Utilitycomputingcustomersinclude,forexample,aretailerwhochoosestopurchase

cloudservicesto host aninternetfacingecommerceweb site.In thisway, the retailer

gains increased capacity and geographic presence overwhat could be obtained if theretailer had to buy, operate, maintain, and upgrade their own dedicated computing

resources. Another exampleofa utility computing customerwas demonstrated by the

New York Times in 2008 to process more than a hundred years of digitized archivedimages,articles,andmetadatainordertoproducemorewebfriendlyimagesandmore


25/95


8

accessibleJavaScriptdatafiles.ByusingAmazonWebServices,theTimescompletedthis

enormous task in less than 36 hours.6 In these examples, cloud computing service

providersenabledcustomerstoperformcomputeintensiveprocessesasneededwithout

alargeinvestmentininfrastructure.

Utilitycomputingenablesacloudserviceprovidertoexploiteconomiesofscaleand

uncorrelatedcustomerdemands to share computing capability among a collection of

customers,atanattractiveprice.Individualconsumersperceivethattheyareaccessing

an infinite resource on demand. They also perceive that their computing tasks are

operatinginisolationfromthoseofotherconsumers.

Dataintensivecloudcomputingisatypeofparallelprocessingappliedtoverylarge

datasets. An example of dataintensive computing is the process by which search

enginesindexthedataavailableontheWorldWideWeb.Theunderlyingcomputational

stepsrequiredtoindexdataaresimplesorting,counting,merging,andsoonbutthe

amountofdatatobeprocessedissolargethatitrequiresspeciallyadaptedsoftwarefordataingestion,analysis,databaseoperations,andfilesystemstorage.

Data centers will generally bedesigned and optimized for different requirements.

Utilitycomputingdesignfocusesonsharingresources,loweringthecostofcomputingto

the customer, and providing computing capacity ondemand. The utility computing

customer trades capital costs foroperatingcosts. Dataintensivecomputing focuses on

performing rapidanalysisof largedatasets, and vast amounts of computing resources

maybededicatedtoasingleuserortask.Adataintensivearchitecturewillbeoptimized

forlargescaleparallelization.

2.2.2 Cloudcomputingsoftwarestackandvirtualization

Today, cloud computing infrastructure usually consists of a large number of

interconnected, inexpensive, commodity processors. The software running on each

processorismodularandlayered.Figure3showsatypicallayeredstackof software

runningonasinglecloudcomputingnode,withdescriptionsofeachlayerinthestack.

The hypervisor provides virtualization by providing an interface to the virtual

machines(VMs)thatgiveseachof themtheillusionthattheyhavecomplete,exclusive

accesstotheunderlyinghardwareresources.Theabilitytorunmultiple,isolatedvirtual

machines on a single hardware node is fundamental to cloud computing because it

enablesresourcepoolingandrapidelasticity.Multipleuserscanusethesamephysical

node without interfering with each other, and nodes can be rapidly assigned and

reassignedasuserscomputingdemandsebbandflow.

6. D. Gottfrid, The New York Times Archives + Amazon Web Services = TimesMachine, New York

Times (May 21, 2008). Available at time of press at http://goo.gl/G7uvG


26/95


9

Although virtualization is one of many enablers of cloud computing, cloud

computing ismorethanjustvirtualization,andthereareapplicationsofvirtualization

thatarenotinstancesofcloudcomputing.Forexample,adepartmentaldatacentermay

usevirtualizationtoallowasinglehardwareservertorunmultipleVMs,witheachVM

configured to run only one specific service. Such implementations may offer limited

resourcepoolingandnoelasticitythevirtualizationisusedinthiscasemerelyasa

convenientmechanism forensuringadequateisolationbetweenservices thatismorecosteffectivethanassigningonehardwareserverperservice.

Thevariouscloud softwareservicemodelsassignresponsibility formanagingthe

softwarestackdifferently.Figure4showsthatthecloudserviceproviderprovidesthe

underlyinghardwareandthehypervisorinallservicemodels,andthattheupperlayers

ofthestackcanbeprovidedandmanagedeitherbytheserviceproviderorbythecloud

computingcustomer.

2.2.3 Cloudcomputingservicemodels

Differenttypesofserviceareavailabletocloudcomputingcustomers,dependingon

how much control a customer requires. The NIST definition of cloud computingdescribesthreeservicemodels(asreflectedinFigure4):

Figure3.Themaincomponentsofacloudcomputingsoftwarestack


27/95


10

SoftwareasaService(SaaS).WithSaaS,customersusesoftwareapplicationsthat

aredeveloped,managed,andoperatedbyaprovider.Theapplicationsareaccessible

fromvariousclientdevicesthrougheitherathinclientinterface,suchasaweb

browser(i.e.,webbasedemail),oraspecificallydevelopedprogrammaticinterface.

Thecustomerdoesnotmanageorcontroltheunderlyingcloudinfrastructure,

includingnetworkelements,servers,operatingsystems,storage,orevenindividual

applicationcapabilities,withthepossibleexceptionoflimiteduserspecific

applicationconfigurationsettings.

PlatformasaService(PaaS).WithPaaS,customerscreatetheirapplicationsusing

standardizedprogramminglanguages,libraries,services,andtoolssupportedbythe

provider.Thecustomerdoesnotmanageorcontroltheunderlyingcloud

infrastructure(includingnetworks,servers,operatingsystems,orstorage)thatexecutetheapplications,butthecustomerhascontroloverthedeployedapplications

andpossiblyoverconfigurationsettingsfortheapplicationhostingenvironment.

InfrastructureasaService(IaaS).WithIaaS,thecustomerprovisionsprocessing,

storage,networks,andotherlowlevelcomputingresources.AlsowithIaaS,the

customercandeployandrunarbitrarysoftware,whichcanincludeoperating

systemsandapplications.Thecustomerhassomecontroloveroperatingsystems,

Figure4.Acloudcomputingsoftwarestackresponsibilityasafunctionofservice

model


28/95


11

storage,anddeployedapplications;andpossiblylimitedcontrolofselect

networkingcomponents(i.e.,hostfirewallsorsoftwaredefinednetworks).

In SaaS, customers have limited ability tomake configuration changes,but cannotmodifytheapplication,suchasawebbasedemailsystem.InPaaS,theconsumerisableto

buildanduploadhisownsoftwareapplicationsforrunningontheproviderscomputing

resources,butisconstrainedtousethetoolssupportedbythecloudprovider.Thisgives

the PaaS consumermore flexibility than SaaSwithout all the complexity ofmanaging

lowerlevelcomponents(i.e., theoperatingsystem).InIaaS, consumershavemaximum

control over the software running on the providers hardware, with responsibility for

manyoftheattendantmanagementandsecuritychallenges.

TheseNISTdefinedservicemodelsspanasingledimensionthelevelof software

controlcededbytheprovidertotheconsumer.Anotherimportantdimensionishowthe

computingprovidedbythecloudisused,whichleadstophraseslikedataasaservice

forcloudstorageofdata,andsecurityasaserviceforsecurityservicesprovidedvia

cloudcomputing,suchashostbasedantivirusandfirewallsoftware.

2.3 ManagingCloudComputing

TheNISTdefinitionlistsfourdeploymentmodelsforsharingcloudresources:

Privatecloud.Provisionedforexclusiveusebyasingleorganization,thecloud

infrastructuremightbeowned,managed,andoperatedbytheorganization,athird

party,orsomecombinationofthem,anditmayexistonoroffpremises.

Communitycloud.Provisionedforexclusiveusebyaspecificcommunityof

consumersfromorganizationsthathavesharedconcerns(i.e.,mission,securityrequirements,policy,and/orcomplianceconsiderations),thecloudinfrastructure

canbeowned,managed,andoperatedbyoneormoreoftheorganizationsinthe

community,athirdparty,orsomecombinationofthem,anditmightexistonoroff

premisesofoneoftheorganizations.

Publiccloud.Provisionedforusebythegeneralpublic,thecloudinfrastructure

mightbeowned,managed,andoperatedbyabusiness,academic,orgovernment

organization,orsomecombinationofthem.Itexistsonthepremisesofthecloud

provider.

Hybridcloud.Thecloudinfrastructureisacompositionoftwoormoredistinct

cloudinfrastructures(private,community,orpublic)thatremainuniqueentities,

butareboundtogetherbystandardizedorproprietarytechnologythatenablesdata

andapplicationportability(i.e.,cloudburstingforloadbalancingbetweenclouds).

Consumers of services with the least tolerance for sharing resources and

relinquishingcontrolusuallychooseaprivateclouddeployment,whilethosewithmore

tolerancewillchooseacommunity,hybrid,orpubliccloud.


29/95


12

2.3.1 Cloudmanagementmodels

NISTdefines the four deploymentmodels, but usersofcloudcomputing services

facemanymorechoicesastheydecidewhowillown,manage,operate,andsupportthesiteofthecloudcomputinginfrastructure,whowillown,manage,operate,andsupport

the hardware, who will own, manage, operate, and support the various layers of

software,andsoon.Forallcloudcomputingusers,theseconfigurationoptionsmustbe

weighedagainsteconomics,security,andotherfactors.Thisbalanceisevolving.

Figure 5 lays out a range of possibilities for management and operating cloud

computinginfrastructure.Thefarleftofthetablesuggeststhatverysensitiveapplications

are not suitable for deployment in cloud computing architectures. Such applications

include nuclear weapon security systems, some command and control systems, and

weaponsystemfirecontrol.

Othersensitiveapplicationsarebestreservedforinhouseprivatecloudcomputing.

For the inhouse private approach, the DoD would host the cloud computing

infrastructure, control the hardware and software implementation, and use DoD

employedstaffsupport.

Fortheinsourcedprivatemodel,theDoDhoststhecloudcomputinginfrastructure.

Thehardwareandsoftwarestackandstaffsupportmightbeprovidedbyanexternal

contractor.Fortheoutsourcedprivatemodel,anexternalcloudserviceproviderwould

host hardware to beused exclusively by the DoD. The control of the hardwareand

softwarestack andstaffsupportmightbeprovidedbyboththeDoD and anexternal

contractor.Somelesssensitiveapplicationsmaybeappropriatefortheseapproaches.

Figure5.Cloudcomputingmanagementmodels


30/95


13

For the public cloudcomputingmodel,anexternalcloudserviceprovideremploys

hardwareatitssite.ThehardwaremaynotbeusedexclusivelybytheDoD,andthecloud

service provider controls the software stackand employs the staff support. For some

applications,wheredataorprocessinghasbeenpubliclyreleasedandrequiredlatency

and system availability is consistent with public cloud service providers, public cloud

computingcouldbeacceptablefortheDoD.

Thefollowingclouddatacentermanagementmodelsaredescribedinmoredetail:

Inhouseprivatedesign.DoDprivatelyoperatesthedatacenterwithhighphysical

security.TheDoDdirectlycontrolsthehardwareandsoftwareconfiguration,and

theIToperationalsupportstaffisemployedbytheDoD.Theclouddatacentermay

haveasitstenantsasinglemissionormultiplemissions.

Insourcedprivatedesign.DoDprivatelyoperatesthisdatacenterwithhigh

physicalsecurity.DoDeitherdirectlyorthroughcontractorsassemblestheinfrastructure,withthegoalofmaximizingtheuseofwellvettedinfrastructure

components.However,DoD(oritscontractors)mightthemselvesbuildsome

infrastructureorapplicationcomponentswhenassuranceneedsdictate.The

clouddatacentermighthaveasitstenantsasinglemissionormultiple,shared

missions.

Outsourcedprivatedesign.ADoDcontractoroperatesthedatacenter.AllDoD

applicationsareruninaDoDenclave,physicallysegregatedfromnonDoDtenants

intheclouddatacenter.DatacenterpersonnelwithaccesstotheDoDenclaveare

U.S.citizens,meetingspecifiedpersonnelsecurityrequirements.Allsecuritycritical

componentsintheclouddatacenteraresubjecttoDoDreview.Thesecomponents

arelikelytoincludethoseconcernedwith,dataintegrity,softwareintegrity,key

management,andkeystorage.DoDhasaccesstoincidentandforensicinformation

concerningallcloudtenants.Individualtenantsareresponsibleforbuildingor

integratingapplications,butthoseapplicationsaresubjecttothedatacenters

securityrequirementsforoperationandaudit.

Public,withuserprovenancedesign.Acommercialcontractoroperatesthedata

center.Itprovidesservicesundercommerciallyavailableterms.Securitycritical

componentsintheclouddatacenteraresubjecttoDoDreview,includingcomponents

thataffectdatasecurity,dataintegrity,softwareintegrity,keymanagement,and

storage.DoDhasaccesstoincidentandforensicinformationconcerningallcloud

tenants.Individualtenantsareresponsibleforbuildingandintegratingapplications,andthoseapplicationsaresubjecttocommerciallyestablishedsecurityrequirements

foroperationandaudit.


31/95


14

2.3.2 Cloudcomputingserviceprovidersandproprietarynetworks

Services offered by cloud computing providers may be connected to proprietary

networks to provide services that users require. These services might be deployedaccordingtoanyofthevariousdeploymentandmanagementmodelsdescribedabove.

A salient example is the Global Information Grid (GIG). The GIG is the DoDs

globally interconnected endtoend set of information capabilities, associated

processes, and personnel for collecting, processing, storing, disseminating, and

managing information on demand. Users include warfighters, policy makers, and

support personnel. The GIG includes DoDowned and leased communications,

computing systemsand services, software applications, data, security services, and

otherassociatedsystems.

Figure 6 is a simplified diagram that shows a notional relationship of cloud

computingtosometraditionalfunctionalcomponentsoftheGIG.Asshownhere,cloudcomputingbringsanewcapabilitytotheGIG,butitdoesnotreplacetheGIG.

Figure6.CloudcomputinghardwareandsoftwareascomponentsoftheGIG


32/95

3 ARCHITECTURE AND IMPLEMENTATION

15

3.CloudComputingArchitectureandImplementation

Cloudcomputingarchitectureshavedevelopedtosupportthekeybenefitsofcloud

computing:elasticity,economyofoperation,massivescalingofcomputingresourcesto

solvecriticalproblems,andrealtimeresponsiveness.

3.1 TheBuildingBlocksofCloudComputing

Technology in several key areas has driven cloud computing architecture

development and made cloud computing possible. A few critical developments are

describedhere:

Commoditizationofmicroelectronics.Digitaldeviceshavebecomecheaperand

morecapableovertimeand,asaresult,arenowwidelyavailableanddeployedina

broadsetofcontexts.Computingdevicesthatcostmillionsofdollarsinthe1960s

haveequallypowerfuldescendantscostinghundredsoreventensofdollars.The

explosionofthepersonalcomputingmarketfrom1975through2005represents

oneoutcomeofthisrevolutionincapacityandcost.

Networking.Fast,cheap,ubiquitousnetworkingbetweenpreviouslyunrelated

partiesiscriticalforthesuccessofcloudcomputing.TheInternetfulfillsthisroleby

imposinginteroperabilityrequirementsonitsendhosts.Theseinteroperability

requirements,inturn,haveledtostandardsforprotocolsandservicesthathave

facilitatedtheemergenceofalowcostandwidespreadnetworkinfrastructure.

Virtualization.AhypervisorprovidesaninterfacetoimplementVMs,givingeach

VMtheappearanceofexclusiveaccesstoaphysicalprocessor.Theabilitytorun

multiple,isolatedvirtualmachinesonasinglehardwareprocessorisfundamental

tocloudbecauseitenablesmultipleuserstousethesamephysicalnodewithout

interference,anditenablesnodestoberapidlyassignedandreassignedasuser

computingdemandsebbandflow.Virtualizationfacilitatestheresourcepoolingand

rapidelasticitythatcharacterizecloudcomputing.

Commodityhardware.Softwareisincreasinglytargetedatcommoditycomputer

hardware.Anoteworthyoutcomeofthistrendshapedhighperformancecomputing

(HPC),whereperformanceequaltoorbetterthancustomprocessordesigns(i.e.,supercomputerssuchasCraymachines)hasbeenachievedatmuchlowercostby

usingclustersbuiltfromcommodityprocessorsandhighspeedinterconnects.

Theseclustersaretheforerunneroftodayscloudcomputingdatacenters.

Opensourcesoftware.Unixwasamongthefirstoperatingsystemswithwidely

availablesourcecode.Thisavailabilityfosteredbroadcommunityparticipationin


33/95


16

thedevelopmentofoperatingsystems,applications,andtoolsthatcanbeusedasis,

orcanbeadaptedbyanydeveloper.Opensourcesystemshave,inmanycases,

outstrippedexpensivecommercialsoftwareinfunctionandquality,andmanycloud

computingsystems,developmenttools,infrastructure,andapplicationsarebuilt

fromopensourcecomponents.Cloudprovidersroutinelycontributelaborand

computingcapacitytotheseopensourcedevelopmenteffortsandthecloud

communityhasseveralcompleteopensourceframeworks.

3.2 TheScaleofCloudComputing

Combiningthetechnologydevelopmentslistedabovewouldbeapositivestepbut

would yield only incremental improvements in cost and capacity. The signature

characteristicofcloudcomputingisscale.Scaleisthedifferentiatorthatbroughtagiant

leap incomputational andstoragecapacityin recentyears.Searchenginesandother

massive data applications were initial drivers for the evolution of cloud computing

architectures,asexemplifiedbyGooglesmissiontoorganizetheworlds information

andmakeituniversallyaccessibleanduseful.7Today,cloudcomputinginfrastructures

supportthelargescalestorageandprocessingofmanydifferenttypesofdata.

The scale of a modern cloud computing data center is sometimes difficult to

comprehend.Theyaredesignedtosupporthundredsofthousandsofcentralprocessing

units,manypetabytesofdataonshareddiskdrives,andnearlyapetabyteofdynamic

storageofmemory.

Thus,asisshowninFigure7,cloudcomputingdatacentersareverylargephysical

plants,sometimeswithacresofcomputers.Evenasmallfacilitymightconsumeseveral

megawattsofelectricityforcoolingandpoweringtheelectronics,andsomeofthelarger

datacenterstodayconsumemuchmore.Acommunicationsinfrastructureislikelyto

support tens to hundreds of gigabytes per second of network ingress and egress;

storagerequirementsdictatemanythousandsofdisks.

3.2.1 Benefitsandchallengesofscale

One of the most attractivenew capabilities of cloud computing is elasticitythe

abilitytorapidlyanddramaticallyincreasethecomputingresourcesassignedtosolvea

problem. Elasticity is achieved mainly by designing resilient infrastructure and

applicationsandbydeployinguniformhardwareandstandardizedoperationssothat

taskscanberedistributedandrelocatedwithinthecomputingsubstrate.

7.About Google. Available at time of press at http://www.google.com/about/company/


34/95


17

Theability to scale seamlessly canalso enable rapidprocessingandanalysis of

very large datasets through using highly parallel operations. This is an important

capabilityforDoD.

Usingscaletoachievereliabilityaswellasperformanceleadstoprofoundchangesin

applicationdesignandapplicationmanagement.Manycloudcomputingapplicationsare

longrunning and have thousands of software components that cooperatively and

continuously execute acrossmultiple data centers. In a typical cloud computing data

center, evenwith highqualityparts, hundredsofdisksand electronic components fail

everyday.Homogeneityofhardware,infrastructure,service,deployment,andoperation

ofapplicationsiscrucialforachievingtheefficienciesofacloud.

Assembling a large facilityat anenormouscapitalexpensedictatesthat different

partieswithdifferentgoalsandobjectivesmustbeabletousethefacilityefficientlyand

securely,despitenonehavingphysicalaccesstothefacility.Thisstyleofsharingcouldbeaccomplishedthroughstrictphysical isolationbetween tenants, or throughstrong

butflexibleaccesscontrolstosupportcollaborativeaccesstoshareddata.

Anotherpotentialbenefitofscaleiscostsavings.Applicationsthatmayexperience

themostcostbenefitfromcloudcomputingarchitecturesarethoseusedinthesame

Figure7.Cloudcomputingdatacentercharacteristicsandexamples


35/95


18

way by largenumbers ofpeople, suchasemail.Many, ifnotmost,DoD applications,

however,arenotstandardized.

Designingmorespecialized applicationstooperateefficiently inacloudcomputing

environment canrequire largeupfrontdevelopment costs.Evenslight customizations,

suchastheabilitytofindanderaseanyunintentionallytransmittedclassifiedmaterial,

could quickly and dramatically reduce potential savings of using an existing email

application. However, even addressing all of the technical challenges, large cloud data

centershavebeenshowntoachieveafactoroftencostsavingsoversmallerinstallations.

CostsavingsarediscussedinmoredetailinChapter6.

3.3 SpecificCloudCharacteristicsAffectingArchitectureand

Implementation

Each of the following characteristics informs cloud architecture design tradeoffsthatmateriallyaffectperformanceandsecurity.Thesetradeoffswillbeexploredfurther

inthediscussiononsecurityinChapter5.

3.3.1 Automaticprovisioningandinfrastructuremanagement

Commercial cloud computing data centers have developed an operationalmodel

that requires fewvisits byhumanoperatorsto individual computers ornodes.Many

operationscanbe automated andthe physicalconfiguration forall themachines ina

data center is generally homogeneous. Noapplication can rely on special setup of a

particularmachineorcontinuityofexecutiononthesamecomputer.Someinstallations

simplydisablenodesasindividualcomponentsfail,butmanyprovidershaveexcellentdiagnosticsoftwarethatcanhelptoforecastandavoidhardwarefailuresproactively.

Applications must be packaged to support automated data center operations.

Typicallythisinvolvesexpresslyspecifyingprovisioningrequirementswhatresources

arerequiredtoruntheapplicationanddesigningsoftwaretotoleratethefullrangeof

resource assignment within the scope of the specified requirements. Data center

personnelgenerallydonotknowapplicationbehavioralpatterns;hencetheoperations

staff cannot detect or fix anomalous behaviors except when problems are expressly

registeredwithdatacenter operations software.Whensuchareport ismade,apre

specifiedautomaticprocedureisperformedwithouthumanintervention.

3.3.2 Applicationdevelopment

and

scale

out

Existing application software sometimes does not perform efficiently when it is

simply deployed on a cloud computing system. Wellarchitected cloud computing

applications must detect failures, incorporate failover alternatives, and provide

sufficiently robust diagnostic support to allow remote analysis and debugging of

problems as well as implementing automated contingency planning and


36/95


19

reconfiguration.Conventionalcomputing,conversely,generallydealswithcomponent

failureusing lowerlevelmechanisms,suchas redundanthardware,mirroredstorage,

andautomaticfailover.Thesearemorecostlyandmoretimeconsuming.

Many cloud applications are accessed through Internet browsers, which can be

challengingtosecure.Fortheseapplications,thereisaperformancepremiumonreducing

data exchanged between the browser frontend and the cloud deployed backend.

Network roundtripsmust also be reduced, and ifdisconnected operation is required,

provisionsmaybedesignedtocachedataatclients.

Whenapplicationsdeployedincloudcomputingsharedataandinfrastructure,they

must use standard protocols, which can limit flexibility and can make application

development,debugging,andtestingexpensive.Asaresult,theexpenseofcustomizing

somelegacyapplicationsforclouddeploymentcanbesubstantial.

Redesigning a legacy application so that it benefits from scaling can sometimes

require significant effort. An application developer must carefully consider sharedvolatilestatemanagementandfullsystemeffectssuchaslatency,networkandstorage

failures,andcorrelatedhardwarefailures.

3.3.3 Applicationcentralization

Becauseclouddatacentersinvolvereplicationofhardware,systemssoftware,and

application software elements, care must be exercised to avoid the risks that

monoculturesbring.Fortunately, theuniformityalsomeansthatchangesandsecurity

updates can be installed very quickly. Moreover, one impediment to installing

updatesbackward compatibilityis less of a problem in cloud computing because

datacanbemigratedatthesametimeasthesoftwareupdateisdeployed.Becausecloudbasedapplicationstypicallyarepartitionedbetweena client front

endandacloudbackendserver,securityissuesarisethatdonotoccurwhenclientand

serveraredeployedwithinthesameenclave.Inparticular,inclouddeployments,strong

clientandserverauthenticationmustbeused.

3.3.4 Datacollectionandcentralization

Cloudcomputingisanaturalrepositoryforlargeandcomplexdatasetsthatcannot

beeasilymanagedor accessedusing traditional databasemanagement tools. Indeed,

cloud computing services, such as Facebook, Google, and Amazon, rely on such

centralizeddatarepositories.Centralrepositoriesareattractiveattacktargetsbothbyinsiders and outsiders. For this reason, special attention must be paid to data

provenancefordamagecontrol,forensics,accountability,anddataqualitycontrol.


37/95


20

3.3.5 Clients

Almostallcloudcomputingservicesareaccessedthrougha clientanapplication

or system that accesses a service made available remotely. Client design is thus anintegralpartofanycloudapplication.Manyreportedcloudsecurityfailureshavebeen

attributedtobadorcompromisedclientmachines.

3.4 ArchitectureofaModernCloudDataCenter

Whenbuildingaclouddatacenter,aprospectivedesignermustspecifythemachine

andclusterconfigurations,storagearchitecture,networkconnectivityandmanagement,

andphysicalinfrastructure,suchaspowerandcooling.Oftendatacentersarebuiltnear

hydroelectricfacilitiestoexploitthecheappowerandnearmajorfiberlinkstofacilitate

highbandwidthremoteaccesstothecloud.Sitecharacteristicsconducivetocooling,as

well as access to a trained support staff, are important. The expected frequency ofnatural disasters (i.e., earthquakes, floods, or hurricanes) and proximity to

transportation are also key factors in site selection. In addition, the buildings and

campusthemselvesmustbebuilttoensurephysicalsecurity.

Designingdatacentersoftwaretomanageandmonitormachinesandthenetwork,as

wellasprovidingsoftwareforcommontasks,isjustascriticalasphysicalconstruction

detailsandhardwareprocurementchoices.Infact,howDoDobtains,develops,maintains,

and evaluates software will have a big impact on cloud security, economy, and

performance.Keysoftwareelementsinclude:

storagesystemssoftware,includingaccesscontrol

networkmanagementsoftware

softwaretohelpdetectandcorrectmalfunctionsormaliciousactivity

resourceallocationsoftwaretoassigntaskstohardwareelements

systemsoftwaretoisolatetenants,betheyclientsorclouds,sothatamalicious

tenantcannotaffectanyothertenant

plantsoftwaretomanagepowerandcoolinginthedatacenter

softwareforloadbalancingwithinandbetweendatacenters

AnotionaldesignofsuchadatacenterisdepictedinFigure8.Thisdatacenteruses

virtualization technology,which is common indata centers, but isnot required. KeyelementsinFigure8are:

Networkheadnode:Thesecomponentsprovideexternaldatacenternetwork

access.

Networkforensicsanalytics:Thesecomponentsmonitornetworkbehaviorto

detectattacksandfailures.


38/95


21

Datacenternetwork:Thisisahighperformancenetworkconnectingallmachines

withinadatacenter.

Portal:Thiscomponentregistersnewdatacenterusers,obtainingbillingand

authenticationinformation.Tenantsaccesstheportaltotransfersoftwareanddata

tothecloud,negotiateresourceassignments(e.g.,howmanymachinesareneeded,

when,howmuchstoragecapacity,networkingcharacteristics,andspecial

requirements).

Storage:Ahighspeed,faulttolerantstoragesystemforthedatacenter.

InfrastructureController:Thiscomponentallowsdatacenteroperatorstoassign

physicalresources,monitorhardwareandsoftwarehealthandoperations,and

detectandremedyattacksandfailuresastheyarise.Alldatacentersoftwareis

deployedandmanagedthroughtheinfrastructurecontroller.

Nodeinstances:Thesemachinesruntheapplicationsfortenants.Tensor

hundredsofthousandsofnodesareinatypicalclouddatacenter.Eachnodehasa

hypervisortomanagemachineresourcesandtoisolateandprotectusersoftware

fromothersoftwaresharingthenode.Amanagementpartitionobtains,

configures,andstartsusersoftwareonthemachine,andmonitoringsoftware

monitorsnodeheathandoperations.

Figure8.Exampleofacloudcomputingdatacenterarchitecture


39/95


22

Eachoftheseelementsrepresentsdesignchoicesthataffectcostandperformance.For

example,thenetworkmightallowoneclusterwithinadatacentertobecomepartitioned

from another but will not allow a partitionwithin a cluster.Management software, in

conjunction with usersupplied information, would then be knowledgeable about this

clusteringandallocate toeach applicationonlythoseelements locatedwithinthesame

cluster.Similarly,adatacentermayprovidesomeheterogeneouscomputingelements

powerfulprocessors that can performcomputations such as fast Fourier transforms

muchmorequicklythannormalcomputingunits.Thisheterogeneitywillalsobevisibleto

themanagementsoftwaresothatappropriateresourceallocationswillbemade.

3.4.1 Modulardatacenters

Oneinnovationinthedesignofdatacentersistousepreassembledmodularunits

thattogethercreateadatacenterofvaryingsize,dependinguponthenumberofunits

used.Earlyversionsusedstandardizedshippingcontainersandcontainedracksofcomputers

and allthe associatedpowerdistribution and coolingunits required. Thesecontainers

were simply hooked up topower, chilledwater, andnetworking cables tomake them

readytobeused.AsimpleconceptforsuchamodulardatacenterisshowninFigure9.

Today,newvariantsofmodulardatacentersincludethosethatusecustomracksfor

greaterdensities,separatecontainersfortheassociatedcooling,andcustomcontainers

thatareeasiertomaintain.Newdesignsmayalsoassemblemodularunitsofdifferent

configurations that, as an aggregate, provided all the required computing, power

distributionand coolingrequired.Asanexample,a singlemodulardatacentermight

contain44rackswith7,000serversandrequire1.3megawattsofpower.

Although it would be less expensive to build a fullsize data center rather than

construct itentirely frommodular units, in practice,modular data centers aremuch

faster to install.Theycan alsomake itmuch easier to add incrementalor refreshed

Figure9.ConceptforamodularDoDdatacenter


40/95


23

computingcapacitybybuildingthemacontaineratatime.Modulardatacenterscan

alsobeeasilytransportedtowheretheyareneeded.Forthesereasons,modulardata

centersareoftenusedincloudcomputing.

Alternatives tomodular data centers includedata center designs inwhichentire

rowsofpreconfiguredrackscanbequicklysnappedintoplacebysimplyconnectingthe

appropriateelectricalcablesandcoolinghoses.

3.4.2 Criticalcloudcomputingdesignchoices

Awelldesigned cloud computing data center will reflect its projected uses. The

degreeofautomationandflexibilityinthemanagementsoftwareofacloudcomputing

datacenterwilldependontheapplicationsthatarerunthere.

Forexample,asingle,largeSaaSapplication(suchassearch)maybeoperatedand

usedbyasingleorganization,andassuchwillrequireonlymodestdatasecurity.The

needforahypervisor toprovide isolation betweentenantsbecomes lesscompelling,becauseonlyasingleapplicationisbeingrunwithnoneedtocolocatewithdifferent

andpotentially adversarialapplications.By contrast, when anapplication involving

highlysensitivedataisdeployedinacloudcomputingdatacenterrunningmanyother

programs, the system design will include a hypervisor on each processor to assure

isolation.Ifmultipletenantssharea facility,itbecomesimportanttomanageresource

usagequitestrictlytoassureresponsivenessforall.

Socialnetworkingorsearchapplicationswillinteractalmostexclusivelywithclient

machines through internet browsers. Data center and application design in this case

wouldfocusonprotectingdataleaksfromoneusertoanother,whichmaybeachievedat

theexpenseofavailability.

Insomespecialcases,aclouddatacentermaybeusedforsoftwaredevelopment.

The design will need to allow access and control of running programs to facilitate

debugging,with theunderstanding that speedmaysuffer.Otherdata centersmaybe

designedtominimizelatency,supporthighinteractivity,ormaximizephysicalsecurity.

Thesemay benefit most from locatinga small cloudcomputingdata center near the

user,eitherasthesolesourceofcomputingcapabilitiesorasanintermediary.

Finding

Finding1:Althoughcloudcomputingisanoverloadedterm,cloudcomputingproviders

areofferingservicesthatarefundamentallynewanduseful,typicallyencompassingthe: abilityformassivescaleupofstorageandcomputing

rapid,agileelasticitywiththeabilitytoincreaseanddecreasestorageand

computingcapacityondemand,whenthecommunityoftenantsdontallrequire

thatcapacityatthesametime

meteredserviceswheretheuserpaysonlyforwhatisused


41/95


24

selfservicestartupandcontrol

Finding2:Modulardatacentersofferanapproachtoquicklysetupcloudcomputing

capacity,addadditionalcapabilitytoexistingcloudcomputingdatacenters,andeasilyrefreshorupdateexistingcapability.


42/95

4 BENEFITS TO THE DOD MISSION

25

4.CloudComputingBenefitstotheDoDMission

CloudcomputingofferstheDoDnewwaystoprovidecomputationalcapabilitiesfor

missions.DoDmissionsmostlikelytobenefitfromcloudcomputingserviceswillsatisfy

oneormoreofthefollowing:

Scalable,ondemandcomputing.Theelasticityandresourcepoolingprovidedby

cloudcomputingisusefultoapplicationsthatinvolvevaryingorunpredictable

computingcapacity.Thismodelworkswellforapplicationsthatdonotrequire

highlycorrelatedcomputingcapacity,soitmaynotbeusefulforactivemissionsor

intensiveexercises.

Integrationofmany,highcapacitydatafeeds.TheDoDcollectshighcapacitydata

fromsensornetworksandothersources,anddatacloudshaveproveneffectivefor

thelargescaleingestionandintegrationofthiskindofdata.Ifcloudcomputingdata

centersarenotused,customdesignedlargescalecomputerswouldberequiredto

supporttheseapplications,andtheconstructionofsuchmachinesisfarmorecostly.

Analysisofverylargedatasets.TheDoDhastherequirementtoanalyzelarge

datasets.Overthepastseveralyears,anumberofcloudcomputingapplications

havebeendeveloped,includingHadoop,Accumulo,Cassandra,andHive,thatscale

tomanythousandsofprocessorsandsupporteasytoprogramparallelcomputing

frameworks.Thesemakebigdataanalysisapracticalenterprise.

Connectionstocommonservices.Suchapplicationsasemail,sharedcalendars,

unclassifiedtraining,ordocumentpreparationcanbenefitfromSaaS,PaaS,orIaaS.

Accessingtheseapplicationsthroughcloudcomputingresultsinlowercomputationcost,lowersoftwaremanagementcosts,andenforceduniformityandinteroperability.

DoDhasalreadybeguntomovesomecommonservicesintoprivateandpubliccloud

computingarchitectures.

Inthischapter,fiveexamplesofdefenseapplicationsarediscussedthathaveproven

tobewellsuitedforcloudcomputingdatacenters.

4.1 Example:CommunicationandNetworking

Email, calendars, and contact lists are applications found in many of todays

commercial cloudbased computing services with millions of regular users. Theseapplicationsrelyonredundantstoragetoenablewidespreadavailability,manyidentical

processorsforinteractiveperformance,andasimpleanduniformuserinterfaceacross

differentinternetbrowsers.Therequiredbandwidthfromclientmachinestothecloud

computingdatacenterisrelativelow,sotheinternetsuffices.Theseservicesarealso

easilyaccessedfromhighlyportabledevicescellphonesandtabletsthatareuseful

inmanyDoDscenarios.


43/95

4 BENEFITS TO THE DOD MISSION

26

Technologiesforelearningwillalsobeincreasinglyimportanttothewarfighter.As

applications such as YouTube and Netflix have demonstrated, commercial cloud

computingisareliable,economical,andhighlyscalablewaytoprovidevideotousers.The

abilitytoaccessaYouTubelikesyste

Date post:	14-Apr-2018
Category:	Documents
Upload:	bob-gourley
View:	217 times
Download:	0 times

Cyber Security and Reliability in a Digital Cloud

Documents