Introduction to Cloud Technology slide was prepared for Linux/Unix class lecture at Department of Computer Engineering, Chulalongkorn University in Jan 2013.
3. 3
Cloud in Marketer’s Eyes
• It’s in the Internet – I can access it everywhere
• It’s easy to use – I don’t have to understand it
• It’s new – Everyone will love it
• It’s somehow better than non-cloud – Pay for cloud if you
have money
4. 4
Cloud for Programmers
• Cloud is automated – I don’t need System Engineer
anymore
• Cloud is fast – Nothing is faster than the cloud
• Cloud is reliable – It’s high availability in itself without
changing my code
• Cloud is cheaper than any other solution – Buying server
only if you have more money
5. 5
Cloud for System Engineer
• Cloud is automated – I don’t have to do hard work
anymore
• Cloud is reliable – Now I can sleep along the night
• Cloud is not fast – Speed comes with cost
• Cloud is not flexible – I cannot configure or tune them
6. 6
Cloud for Manager A
• Cloud is cheap – I don’t have to hire System Engineer or
buy any hardware
• Cloud is flexible – I can buy anything in just minutes
• Cloud is reliable – They told me like this
• Business can be competitive with cloud
7. 7
Cloud for Manager B
• Cloud is expensive – I pay the same price every year
• Cloud is service – I pay money and get nothing
• Cloud is unreliable – What if the cloud company bankrupt
• Why should I hire you if cloud is so good?
8. 8
So what is Cloud?
• Cloud has different meaning depended on the role of
each person.
• Gartner defines cloud computing as a style of computing
in which scalable and elastic IT-enabled capabilities are
delivered as a service using Internet technologies.
20. 20
Cloud Data Center – Traditional Hardware
(Service Provider)
Front-end Nodes
Good CPU, Some RAM
High Performance
Nodes
Many CPUs, Many RAM
Management Nodes
Good CPUs, RAM
Storage Nodes
Basic CPU, RAM, Many
Disks
21. 21
Cloud Data Center – Traditional Hardware
(Enterprise)
Cloud Controller
Hypervisor
Servers
SAN Storages
22. 22
Cloud Data Center – Next-Generation
Hardware with Basic Design
Front-end Nodes
Good CPU, Some RAM
High Performance
Nodes
Many CPUs, Many RAM
Storage Nodes
Basic CPU, RAM, Many
Disks
Management Nodes
Good CPUs, RAM
2-8X Space Saving! 4-8X Cable Saving!
35. 35
Cloud Feature Summary
• All features are options for any cloud system.
• Some cloud might have automation but have no reliability or
performance.
• Some cloud might have automation, reliability and performance but
have no security.
• Cloud with all those features are super expensive!
40. 40
Best Practice of Cloud Security (Example
from Catbird)
Zoning to support multiple
Host 1
Host 2
Host N
COI 1
COI 1
COI 1
VM
VM
security policies per COI
VM
VM
VM
VM
VM
VM
VM Introspection and VM
to VM controls
VM
Multi-function network
security: NAC, IDP, IVM …
COI 2
COI 2
COI 2
VM
VM
VM
VM
VM
VM
VM
VM
VM
Enforce least privilege,
implement incident response
Protect hypervisor and
infrastructure management, drive
compliance workflows
Data Center
Operations
Security
Management
41. 41
Best Practice of Cloud Security (Example
from Catbird)
COI 1
VM
VM
VM
COI 2
VM
VM
VM
Secure user
access
COI 1
COI 1
VM
VM
VM
Secure admin
proxies
VM
VM
VM
COI 2
COI 2
VM
VM
VM
O&M admin
access
VM
VM
VM
ISMS admin
access
Protected by
tenant or COI
Data Center
Operations
Storage Layer
Security
Management
42. 42
Best Practice of Cloud Security (Example
from Catbird)
Datacenter 1
Hybrid Cloud
Security
Physical
Analytics
Auth
Audit
CCC
Large regional bank:
2 data centers
B2B and customer portals in cloud
VMs may flow between data
centers
Security policy follows VMs
Datacenter 2
BCP/HA
Virtual
50. 50
Software Defined Anything
• System in the Past
• Install software on the server for service you need. Configure them
one by one with deep knowledge.
• System in the Present
• Install the complete appliance for each service. Configure on the
automated UI.
• System in the Future
• Install cloud appliance image or virtual appliance image on existing
cloud or virtualization infrastructure. Configure on the automated
UI.
• This applies to any service on the network.
51. 51
Software Defined Networking
• Switches are virtualized to the cloud so there will be less required
hardware switches in the cloud infrastructure. Example of this concept
are Nicira and Vyetta.
Community
Of Interest
COI 1
COI N
VM
VM
VM
VM
VM
VM
COI 2
COI …
VM
VM
VM
VM
VM
Virtual
switch
Hypervisor
VM
52. 52
Software Defined Security
• Catbird provides firewall, IDS/IPS, Network Access Control,
Vulnerability Management and Real-time Audit to the Cloud.
Catbird Control
Center
Virtual Machine
Catbird Update
Service
•Signatures
•Defect checks
Catbird Virtual
Machine Appliances
Control
Center Web
Portal
53. 53
Software Defined Data Center
• Nutanix is a hardware with embedded hypervisor and cloud storage.
You can have hypervisors, servers, storages, switches and
security in only one hardware with automation, high availability,
performance and security.
57. 57
What is VDI
• Virtual Desktop Infrastructure = VDI
• Virtual desktop infrastructure (VDI) is the practice of
hosting a desktop operating system within a virtual
machine (VM) running on a hosted, centralized or remote
server.
• From Wikipedia
• VDI = Desktop Virtualization!
60. 60
Application Virtualization
• Virtual application delivery lets IT manage a single instance of each
application in an application hub in the datacenter. Applications are
then delivered via application streaming to Windows PCs for offline
use or run on high-powered servers in the datacenter for online use
on any device or operating system.
• From Citrix XenApp
61. 61
Benefits of VDI Technology
• Cut the operation cost!
• Centralized management for desktop/application
• Dramatically reduce man-hours for maintenance, upgrade, install
applications
• Increase client security
• Daily patch management, upgrade anti-virus, centralized traffic for threat
prevention and monitoring, easy security policy enforcement
• Easy to audit
• Mobility to workforce!
• There is an option for remote to VDI from anywhere
• Flexible endpoint hardware!
• Mobile = Notebook / Netbook / Tablet
• Save cost = Old PC / Thin client / Linux
• High performance = New PC
62. 62
Myths to VDI Technology
• VDI is cheaper than buying PCs / notebooks
• VDI has large cost on servers, storages, networking, VDI licenses
and Windows 7 licenses.
• VDI reduces operation cost, risk and increases flexibility on
deploying any new technology to end users.
• Thin client is the real one who saves the cost in short term! (Save
hardware and license cost)
• Thin client is as same as VDI
• Thin client is just a part of VDI that lacks of security, flexibility and
management features.
63. 63
1. Thin Client Approach
VM Servers
Direct RDP
Client PC
/Thin Client
Virtual Desktops
SAN Storages
64. 64
2. Secured Gateway Approach
VM Servers
Mobile Devices
RDP over HTTPS
Client PC
/Smart
Thin Client
RDP
Broker
with
Local User DB
Virtual Desktops
SAN Storages
65. 65
3. Managed Approach
VM Servers
Mobile Devices
RDP over HTTPS
Client PC
/Smart
Thin Client
RDP
Broker
Virtual Desktops
Joined AD
MS AD
CIFS NAS
for AD
SAN Storages
66. 66
4. Fully Managed Approach
Virtual Deskop
Manager
Mobile Devices RDP/ICA/PCoIP
over HTTPS
VM Servers
RDP
Broker
Client PC
/Smart
Thin Client
Thin/Fat and
Stateful/Stateless
Virtual Desktops
Joined AD
MS AD
CIFS NAS
for AD
SAN Storages
67. 67
5. Fully Managed with Virtual Application
Approach
Virtual Deskop
Manager
Mobile Devices RDP/ICA/PCoIP
over HTTPS
VM Servers
RDP
Broker
Client PC
/Smart
Thin Client
Thin/Fat and
Stateful/Stateless
Virtual Desktops
Joined AD
SAN Storages
MS AD
Virtual Application Application Farm
Manager
CIFS NAS
for AD
68. 68
6. Fully Managed with Remote Access
Approach
Virtual Deskop
Manager
Mobile Devices RDP/ICA/PCoIP
over HTTPS
VM Servers
RDP
Broker
Client PC
/Smart
Thin Client
Thin/Fat and
Stateful/Stateless
Virtual Desktops
Joined AD
SSL-VPN
SAN Storages
MS AD
RDP/ICA/PCoIP
over HTTPS
Virtual Application
Manager
Client PC Mobile Devices
/Smart
Thin Client
CIFS NAS
for AD
Application Farm
69. 69
7. Fully Managed with VDI Security
Approach
Virtual Deskop
Manager
Mobile Devices RDP/ICA/PCoIP
over HTTPS
VM Servers
RDP
Broker
Client PC
/Smart
Thin Client
VDI Security
Thin/Fat and
Stateful/Stateless
Virtual Desktops
Joined AD
SSL-VPN
SAN Storages
MS AD
RDP/ICA/PCoIP
over HTTPS
Virtual Application
Manager
Client PC
/Smart
Thin Client
Mobile Devices
CIFS NAS
for AD
Application Farm
70. 70
8. Fully Managed with Cloud Servers
Approach
Virtual Deskop
Manager
Mobile Devices RDP/ICA/PCoIP
over HTTPS
RDP
Broker
Client PC
/Smart
Thin Client
VDI Security
Thin/Fat and
Stateful/Stateless
Virtual Desktops
Joined AD
SSL-VPN
MS AD
RDP/ICA/PCoIP
over HTTPS
Client PC
/Smart
Thin Client
VM on Cloud Servers
Mobile Devices
CIFS NAS
for AD
72. 72
Who Owns the Data?
• After hosting your business data on the cloud …
• How can you be so sure no one can see your data?
• After stop using the cloud …
• How can you be so sure your data is deleted?
• Data Deletion Certificate might be the answer to this
problem. Maybe.
73. 73
What About Downtime?
• From cloud vendor’s marketing team, cloud has little
downtime.
• In reality, cloud has downtime.
• Data center issue
• Network issue
• Security issue
• Performance issue
• Human issue
• Right now, businesses that use cloud are recommended
to prepare for downtime in the cloud.
74. 74
My Cloud’s Performance?
• Performance of the cloud depends on
• CPU (GHz + Core)
• Memory
• Disk Access (R/W IOPS + R/W Throughput)
• Network (Latency + Bandwidth)
• Other issues
• What if …
• Your CPU is shared
• Your disk access is shared
• Your network is shared
• And other cloud users use the cloud at the maximum performance
• Some software companies migrate from dedicate servers to cloud
services and then come back to build their own clouds / clusters. It’s
hard to guarantee the performance of cloud service.
75. 75
Where is Security of My Cloud?
• Before cloud era, we have to tackle with the attack from
service-side and physical side
• Service-side: We protect our servers from attacks and vulnerabilities of
the services we use.
• Physical-side: We host our servers on the reliable and secure data
center. That’s all.
• Right now, we have to protect more
• Hypervisor-side: If someone attacks the hypervisor successful, the
cloud will be shut down. And we, the user of the cloud, cannot do
anything to protect it.
• Management-side: If someone can hack the management software,
then our servers will be in the hacker’s hands while we cannot help
protect them.
• Virtual Network-side: How can we know that our data and traffic aren’t
being sniffed? And we don’t have any permission to check it.
76. 76
Upgrade? Migrate?
• What if we use PaaS to develop our products and one
day we want to change the cloud provider?
• Recode?
• What if we want to modify our own server image so we
can have the expected level of security and performance?
• Talk to cloud provider?
• Changing cloud provider takes many effort to do so. And
how do we know that the cloud provider we use will not be
bankrupted soon?
77. 77
Cumulative Cost?
• Cloud = Pay every months for every years. Get nothing if
stop using cloud.
• Physical = Pay once and continue maintenance. The
hardware is still a company’s asset.
• In some case, for large size server, 2x 8 Core CPU with
128 – 768 GB Memory and large storage, the capital
expense is almost the same as using a cloud for 6 months
to 1 year.
78. 78
What You Get?
• How can you know what kind of hardware do you get?
• CPU: Different model of CPUs can have different performance
even the GHz and No. of Cores are the same.
• RAM: How much frequency? Non-ECC RAM, ECC RAM or ECC
Registered RAM? UDIMM vs. RDIMM vd. LRDIMM?
• HDD: 5.4K RPM vs. 7K RPM vs. 10K RPM vs. 15K RPM?
Hardware RAID with Cache or Software RAID? No RAID vs. RAID
0 vs. RAID 1 vs. RAID 5 vs. RAID 10 vs. RAID 50 vs. RAID 60?
SAS vs. NL SAS vs. SATA? SAS vs. SAS2? SATA2 vs. SATA3?
• SSD: Different brand of SSDs have different Read/Write
performance and problems.
• Network: Jumbo Frame? TCP offload?
• Hypervisor: Different hypervisor have different performance and
security.
79. 79
Build Your Own Cloud?
• Who provide the maintenance?
• Cloud is very easy to be managed. Anyone can manage cloud via
web or GUI.
• But when any problem occur, you have to use a team of skillful
system engineer to solve the problem as soon as possible because
the problem will effect many users on the cloud.
• Any problem occur on the cloud is harder to solve than on
the physical or old school design.
80. 80
Summary
• You should understand all those risks of using cloud
before making your decision. And the risks are increased
everyday. Always update yourself.
87. 87
Nutanix
High Performance Data Tiering
Performance
Transparent Data Movement
Nutanix
• Performance of SSDs
SS
D
• Capacity (and cost) of
HDD
HD
D
Capacity
91. 91
Nutanix
Converged Architecture Building Blocks
Grow As You Go!
VCE’s vBlock 300
Cisco/NetApp Dell’s vStart 50
“Baby” Cloud
FlexPod
Their Building Blocks
Our Building
Block