2. www.eOrganization.de
= Stefan Tai‘s Joint Research Groups at Karlsruhe
www.kit.edu
www.eOrganization.de
www.fzi.de
aifb.uni-karlsruhe.de ksri.uni-karlsruhe.de
2 23.10.2009 Institut für Angewandte Informatik
und Formale Beschreibungsverfahren (AIFB)
3. Research Focus Areas: Challenging Research Problems
in the Field of Service Computing
Situational
Applications
&
Collaborative
Services
Cloud Service Value
Computing Networks
& &
Cloud Service Service
Engineering Communities
Internet as a
combined
platform for
social / organizational,
economical and
technical networks
3 23.10.2009 Institut für Angewandte Informatik
und Formale Beschreibungsverfahren (AIFB)
4. Agenda
• Part 1: What is Cloud Computing?
• Definition(s)
• A closer look on Cloud technology
• Part 2: Challenges and opportunities for 2010
• Potential and status
• Some trend indicators
• My personal Cloud trends for 2010
• Part 3: Cloud research and activities at eOrganization
4
5. Some Remarks on Cloud Definitions
• „Definitions“ sometimes influenced
by business interests
• „[…] unfortunately the marketing people
got hold of the term before the technicians
have knew what Cloud Computing is […]“
• A lot of semi-serious definitions:
• Cloud = Grid made right
Cloud = Grid made easy
• Grid: from Science for Science
Cloud: from Business for Business
• Let‘s be serious…
5
6. Some Serious Definition Attempts
• UCBerkeley RADLabs: “Cloud computing has the following
characteristics: (1) The illusion of infinite computing resources… (2) The
elimination of an up-front commitment by Cloud users… (3). The ability
to pay for use…as needed…”
business perspective
• Wikipedia: “.. a style of computing in which dynamically scalable and
often virtualized resources are provided as a service over the Internet”
technical perspective
• McKinsey: “Clouds are hardware-based services offering compute,
network and storage capacity where: Hardware management is highly
abstracted from the buyer, Buyers incur infrastructure costs as variable
OPEX, and Infrastructure capacity is highly elastic”
only one kind of Cloud
[JB]
6
7. Our Understanding and Definition
“Building on compute and storage virtualization,
cloud computing provides scalable, network-centric, abstracted
IT infrastructure, platforms, and applications
as on-demand services that are billed by consumption.”
Common ground: How strict?
• Virtualisation/abstraction • Clouds are fuzzy things…
• Scalability • E.g.:
• XaaS • What about monthly fees?
• Web technologies
• Pay per use
7
8. More Fundamental Views Exist:
CC as a Disruptive Transformation in IT
• Simon Wardley: „Cloud Computing- Why IT Matters“, OSCON 09
http://www.youtube.com/watch_popup?v=okqLxzWS5R4#t=347
• Compares CC to the (undefineable) industrial revolution:
Attitude
Technology
Concept
Cloud
Computing
Suitability
• His definition:
Cloud Computing is a generic term used to describe
the disruptive transfomation in IT towards a service based economy
driven by a set of economic, cultural and technological conditions
8
9. Agenda
• Part 1: What is Cloud Computing?
• Definition(s)
• A closer look on Cloud technology
• Part 2: Challenges and opportunities for 2010
• Potential and status
• Some trend indicators
• My personal Cloud trends for 2010
• Part 3: Cloud research and activities at eOrganization
9
10. Technical Cloud Architecture:
Cloud Computing Stack
Generic Approach
Layered architecture
Everything as a Service concept
Standard layers
Infrastructure as a Service
Platform as a Service
Software as a Service
Extra Layers
Human as a Service
Administration/Business
Support
„What's Inside the Cloud? An Architectural Map of the Cloud Landscape“,
10 A. Lenk, T. Sandholm, M. Klems, J. Nimis, S. Tai (ICSE Cloud 09 Workshop, 25.05.2009)
11. Agenda
• Part 1: What is Cloud Computing?
• Definition(s)
• A closer look on Cloud technology
• Part 2: Challenges and opportunities for 2010
• Potential and status
• Some trend indicators
• My personal Cloud trends for 2010
• Part 3: Cloud research and activities at eOrganization
11
12. Well-known Success Stories:
NYT, animoto,…
• New York Times:
• Bulk PDF production of scanned articles
• Animoto
• does not own any IT-infrastructure
• Scalability (elasticity) through
Cloud services
12
13. Cloud Computing Opportunities
Creation of new businesses
• Faster time-to-market, and cost-effective innovation processes
• Dynamic (trans-)formation of open service and business networks
• Leveraging the participation Web and mass programming
Internet-scale service computing
• Provide and consume sophisticated infrastructure, platforms and
business applications as modular (Web) services
• Disrupt traditional industries and offer rich, highly dynamic
experiences
Classical enterprise-grade systems management
• Under-utilized server resources waste computing power
and energy
• Over-utilized servers cause interruption or degradation of service
levels
13
15. Cloud Computing
in the Technology Crystal Ball
[Gartner, July 2009]
15 Cloud Computing is on the top of Gartner‘s “Peak of Inflated Expectations“.
16. Agenda
• Part 1: What is Cloud Computing?
• Definition(s)
• A closer look on Cloud technology
• Part 2: Challenges and opportunities for 2010
• Potential and status
• Some trend indicators
• My personal Cloud trends for 2010
• Part 3: Cloud research and activities at eOrganization
16
17. Berkeley‘s Top 10 Obstacles to Cloud Computing
Above the Clouds: A Berkeley View of Cloud Computing. Armbrust M, Fox A, Griffith R, Joseph A, Katz R,
Konwinski A, Lee G, Patterson D, Rabkin A, Stoica I und ZahariaM.
Technical Report No. UCB/EECS-2009-28. Electrical Engineering and Computer Sciences.
17 University of California at Berkeley. USA. 2009
18. Obstacles Perceived by Potential Cloud Consumers
18 http://idcenterprisepanel.com/index.html
19. Research Agenda
for the European Cloud Community
• Main Recommendations:
• R1: EC should stimulate research and technological development
• R2: EC together with Member States should set up the right regulatory
framework to facilitate the uptake of Cloud computing
• Additional Recommendations:
• AR1: The EU needs large scale research and experimentation test beds
• AR2: The EC together with industrial and public stakeholders should develop
joint programmes encourage expert collaboration groups
• AR3: The EC should encourage the development and production of (a) CLOUD
interoperation standards (b) an open source reference implementation
• AR4: The EC should promote the European leadership position in software
through commercially relevant open source approaches
The Future of Cloud Computing – Opportunities for European Cloud Computing Beyond 2010.
Schubert L, Jefferey K., Neidecker-Lutz B.
EU Expert Group Report – Public Version 1.0.
http://cordis.europa.eu/fp7/ict/ssai/docs/executivesummary-forweb_en.pdf. 2010
19 To be published completely on 26.01.2010 in Brussels
20. Agenda
• Part 1: What is Cloud Computing?
• Definition(s)
• A closer look on Cloud technology
• Part 2: Challenges and opportunities
• Potential and status
• Some trend indicators
• My personal Cloud trends for 2010
• Part 3: Cloud research and activities at eOrganization
20
21. My Derived Personal Cloud Trends for 2010
• Security: Rationalization of security discussion
• SLAs: Establishment of useful SLA models
• Ecosystem: Big IT companies will get into focus
• Desktop as a Service: Thin clients+appliances+OS support
• Standardization: The battle goes into the final rounds
• Other candidates:
• Pricing: model evolution, e.g. spot markets
• Federation of Cloud infrastructures: distributed VPDC
• …
21
22. Trend 1: Security
• There is a strong need to rationalize the Cloud Security discussion
• What aspects of security are we talking about?
• Confidentiality (Vertraulichkeit)
• Integrity (Integrität)
• Availability (Verfügbarkeit)
• Authenticity (Authentizität)
• Transparency (Zurechenbarkeit)
• Privacy (Pseudonymität)
• What are the real threats in the Cloud?
• Data security
• Location of the data
• Data remanence or persistence
• Data backup and recovery schemes for recovery and restoration
• Data aggregation and inference
• Commingling data with other cloud customers
22
23. Amazon AWS: Terms of Use wrt. Security
• “YOU ARE SOLELY RESPONSIBLE FOR APPLYING APPROPRIATE SECURITY
MEASURES TO YOUR DATA, INCLUDING ENCRYPTING SENSITIVE DATA.”
• “You are personally responsible for all applications running on and traffic
originating from the instances you initiate within Amazon EC2. As such, you
should protect your authentication keys and security credentials. actions taken
using your credentials shall be deemed to be actions taken by you.”
[MK]
23
24. Cloud Security Architecture:
Aligned Use of Classical Security Approaches
• Identity, Authorization, Entitlements
• Log, Audit, Compliance
Application as a service • Intrusion Detection
Application software licensed for use as a Cross-domain
service provided to customers on demand SOA for security • Confidentiality
Cloud Delivered
• Data classification, data redaction, DLP
• Enterprise Rights Management
Services
Platform as a service
Optimized middleware – application servers, • Security can be provided into the cloud by
database servers, portal servers cloud user, to integrate with enterprise IT, or
provided via the cloud
Infrastructure as a service • Requires meta-management of security
Virtualized servers, storage,
networking
Multi-tenancy • Tenant isolation (processes and data)
at all levels
Business Support Services • Isolation of cloud / tenant security mgmt
Cloud Platform
Offering Mgmt, Customer Mgmt, Ordering Multi-tenant security • Control of privileged user access
Mgmt, Billing
infrastructure • Cloud & tenant-level IT operational risk mgmt
• Cloud & tenant-level encryption & key mgmt
Operational Support Services Image Security
Infrastructure Provisioning
• Isolation and location security policies
Instance, Image, Resource / Asset Mgmt • Building and provisioning w/ security constraints
• IT security compliance for images
• Image provenance, confidentiality, integrity
Virtualized Resources
Virtual Network, Server, Storage Virtualization Security • Instance isolation
System Resources • Instance integrity
Network, Server, Storage Data Center Security • Security VMs
and Resilience • Location awareness
• Hardware root of trust
Physical System and Environment Physical Data Center Security
and Resilience
24 [IBM]
25. Trust:
Do you know/care what Google knows about you?
• Google knows… • Google gets new senses…
• Google: …your searches • Latitude/nexus: …locator
• Gmail: …your emails • Google voice: …ears
• Toolbar / Browser: …your interests • Google goggles … eyes
• Google Calendar: …your habits
• Google Docs: … your work • Google goes into infrastructures…
• Google Maps: …your house • Google App Engine …provides PaaS
• Picasa: …your pictures • Google Public DNS …provides inet svcs
… and your face
• Google Energy …provides power
• Youtube …your videos
• Google News: …what happens
• Google is in a conflict of interest…
• Google Books: …our cultur
• Adsense …still is cash cow
• Google.cn …must be political
• US company …homeland sec. act
OK, Google is not evil!
But what if Google would be Microsoft?
Would you trust it?
25
26. Trust:
Privacy is also a Question of Culture
26
27. OK. But do we have the
technical means to Help in Sight:
enforce such regulations? Legal Regulations will be Reviewed
Current regulations need updates to reflect the technical development:
• Customer data must not leave the country ?!
• Intellectual property and copyright has to be respected ?!
• It must be made possible to delete data from the internet ?!
• Illegal activities in the internet need to be controlled and prevented ?!
• …
27
28. Trend 2: SLA Model Establishment
• What happens if your Cloud services are not working satisfactory?
• Amazon EC2: http://aws.amazon.com/ec2-sla/
• “commercially reasonable efforts to make Amazon EC2 available with an
Annual Uptime Percentage (defined below) of at least 99.95%”
more than 4 hours unavailability per year
• “If [availability]drops below 99.95% for the Service Year, the customer is
eligible to receive a Service Credit equal to 10% of their bill”
• Customer to claim
• 3Tera (VPDC-provider): http://blog.3tera.com/computing/175/
• If, as a result of any Covered Event(s), a Covered VPDC is not Available at
least 99.999% of the time in any full calendar month, 3Tera will issue a
credit to your account.
• If the affected VPDC was Available at least 99.9% of that month, the credit
will be 10% of the Service Fee for that VPDC for that month; otherwise it will
be 25% of that fee.
• This is done proactively by 3Tera
28
29. Trend 2: SLA Model Establishment (2)
• High pressure from big
customers
• Lot of ongoing research in the
area of horizontal and vertical
SLAs, e.g. SLA@SOI,
ValueGrid
• Tool support for monitoring is
an established basis
• Blogosphere discusses
reputation systems and
certification
29
30. Trend 3: Cloud Ecosystem
Maturing and Completion of Cloud Offerings
• Especially the big shots will dominate public attention
• Presentation of complete Cloud suites
• Support of Intra, Public and Hybrid Cloud – and the migration
• Caveat: simplicity is one of the Cloud‘s secret of success
• It will become harder for start-ups to find their niche
• SME offerings need innovation and specialization
30
31. Big Shot Domination:
Microsoft‘s Coherent Cloud Portfolio
http://www.microsoft.com/windowsazure/
31
32. Big Shot Domination:
IBM‘s Cloud Offerings will Attract Large Customers
Products and additional services:
• Development and test
• IBM Smart Business Development
and Test on the IBM Cloud
• IBM Smart Business Test Cloud
• Information Solutions
• IBM Smart Analytics Cloud
• IBM Smart Business Storage Cloud
• IBM Information Archive
• Collaboration
• IBM LotusLive™
• IBM LotusLive iNotes™
And:
• IBM partners with Amazon
(think about connotation twice!) http://www.ibm.com/ibm/cloud/
32
33. Trend 4: Desktop as a Service
• Drivers:
• Resources in the Internet
• Thin clients/Netbooks as endpoint
Desktop as a Service
• Benefits:
• Easy roll-out of applications via appliances
• Highly controlable environments
• Context-dependend delivery of applications
• Duplication of tested installations and combinations
33
34. Trend 4: Desktop as a Service (2)
• Base technologies are
available and mature, e.g.
• Google Chromium OS:
the browser is the OS
• GWT/FLEX/AJAX:
powerful frameworks for
ligthweight client applications
• …
34
35. Trend 5: Standardization
The race has begun – but on different tracks:
• VMAN Initiative (http://www.dmtf.org/initiatives/vman_initiative/)
• DMTF Standards for Virtualization Management
• Supported by: AMD, Cisco, HP, Hitachi, IBM, Intel, Microsoft, Sun, VMware,…
• Specified functionality: OVF images, monitor installations
• OGF Open Cloud Interface Working Group (http://www.occi-wg.org/)
• OCCI Open Cloud Computing Interface
• High level functionality required for the life-cycle management of VMs
• Supported by: SAP, RightScale, CloudCentral, GoGrid, Flexiscale, Joyent, Eucalyptus,…
• Specified functionality: management API
• Open Cloud Consortium WG (http://opencloudconsortium.org/)
• Standards for interoperating large data clouds
• Supported by: Aerospace, Yahoo, MIT Lincoln Labs, Northwestern University,…
• Specified functionality: storage, performance measurement and rating, sharing
35
36. Agenda
• Part 1: What is Cloud Computing?
• Definition(s)
• A closer look on Cloud technology
• Part 2: Challenges and opportunities for 2010
• Potential and status
• Some trend indicators
• My personal Cloud trends for 2010
• Part 3: Cloud research and activities at eOrganization
36
37. CC @ www.eOrganization.de
Some select activities
• Business Cases and Cloud TCO
Business Cases • E.g. CC business cases for T-Com (T-Labs)
& Perspectives • Cloud Computing Adoption
• CC maturity model incl. online tool (IBM D,…)
• Cloud Value Creation
Cloud
• Cloud offering value creation for intermediairies (EU)
Ecosystem
• Architecture of „the Cloud“
• Cloud Engineering
„The Cloud“
• Dev. support for Cloud-patterns (T-Labs)
• Business continuity services (IBM Watson)
Cloud • Cloud Application Development
Engineering
• „Cloudification“ of existing apps (OpenCirrus/HP)
• Cloud Platforms and Testbeds for Service Networks
• EU projects (T-Systems, SAP, IBM,…)
Cloud Management • SAP Landscape Provisioning and Demos
& Provisioning • Mgmt and Reliability of VPDC (fluidOps, Zimory)
37 • SLA mgmt for complex systems (SAP Research)
38. More information:
http://cloudwiki.fzi.de
See also http://markusklems.wordpress.com/
38
39. Questions? Some might be answered here ;-)
http://tinyurl.com/CloudBuch
Christian Baun, Marcel Kunze,
Jens Nimis, Stefan Tai:
Cloud Computing: Web-basierte
dynamische IT-Services
(Reihe: Informatik Im Fokus)
39
40. Again: Questions?
Thank you!
• Acknowledgement:
• [JB] Dr. James Broberg, U. Melbourne, CC-Tutorial at CCGrid 2009
http://www.slideshare.net/jamesbroberg/introduction-to-cloud-computing-ccgrid-2009
• [MM] Michael Maximilien, IBM
• [MK] Dr. Marcel Kunze, KIT SCC
• Stefan Tai, Alex Lenk, Markus Klems, Sebastian Schmidt ,…
• Contact:
40