Transcription
Cloud ComputingConcepts, Technology & ArchitectureThomas Erl,Zaigham Mahmood,and Ricardo Puttini„ PRENTICEHALLPRENTICE HALLUPPER SADDLE RIVER, NJ BOSTON INDIANAPOLIS SAN FRANCISCONEW YORK TORONTO MONTREAL LONDON MUNICH PARIS MADRIDCAPE TOWN SYDNEY TOKYO SINGAPORE MEXICO CITYService Tec h !"PRESSc
ContentsForeword. . . . . . . . . . . . . . . . . . . . . . . . . . . . xxixAcknowledgments . . . . . . . . . . . . . . . . . . xxxiiiCHAPTER1: lntroduction . . . . . . . . 11.1 Objectives of This Book . 31.2 What This Book Does Not Cover . 41.3 Who This Book ls For . 41.4 How This Book ls Organized . 4Part 1: Fundamental Cloud Computing . . . 5Chapter 3: Understanding Cloud Computing . 5Chapter 4: Fundamental Concepts and Models . 5Chapter 5: Cloud-Enabling Technology . 5Chapter 6: Fundamental Cloud Security . 5Part II : Cloud Computing Mechanisms .5Chapter 7: Cloud lnfrastructure Mechanisms . 6Chapter 8: Specialized Cloud Mechanisms . 6Chapter 9: Cloud Management Mechanisms . 6Chapter 10: Cloud Security Mechanisms . 6Part III: Cloud Computing Architecture . 6Chapter 11: Fundamental Cloud Architectures . . 6Chapter 12: Advanced Cloud Architectures . 7Chapter 13: Specialized Cloud Architectures . . . 7Part IV: Working with Clouds .7Chapter 14: Cloud Delivery Model Considerations . . 7Chapter 15: Cost Metrics and Pricing Models . ·. 8Chapter 16: Service Quality Metrics and SL.As . . 8Part V: Appendices .8Appendix A: Gase Study Conclusions . 8Appendix B: lndustry Standards Organizations . 8Appendix C: Mapping Mechanisms to Characteristics . 8Appendix D: Data Center Facilities (TIA-942) . . 8Appendix E: Emerging Technologies . . . 8Appendix F: Cloud Provisioning Contracts . 9Appendix G: Cloud Business Gase Template . 9
xivContents1.5 Conventions . 9Symbolsand Figures . . . 9Summary of Key Points .91.6 Additional Information . . . 9Updates, Errata, and Resources (www.servicetechbooks.com) . 9Referenced Specifications (www.servicetechspecs.com) . 10The Service Technology Magazine (www.servicetechmag.com) .10International Service Technology Symposium(www.servicetechsymposium.com) . 10What ls Cloud? (www.whatiscloud .com) . 10What ls REST? (www.whatisrest.com) . : . 10Cloud Computing Design Patterns (www.cloudpatterns.org) . 10Service-Orientation (www.serviceorientation.com) . 11CloudSchool.com Certified Cloud (CCP) Professional(www.cloudschool.com) . . . . . 11SOASchool.comil!l SOA Certified (SOACP) Professional(www.soaschool.com) . . . . . . 11Notification Service . 11CHAPTER 2: Case Study Background . . . 132.1 Case Study #1: ATN . 14Technical lnfrastructure and Environment . 14Business Goals and New Strategy . . . . . . . 15Roadmap and Implementation Strategy . 152.2 Case Study #2: DTGOV . . . 16Technical lnfrastructure and Environment . 17Business Goals and New Strategy . 18Roadmap and Implementation Strategy . 192.3 Case Study #3: lnnovartus Technologies lnc„ . . . 20Technical lnfrastructure and Environment . . . . . . . . . . . . . . . . . . 20Business Goals and Strategy. . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Roadmap and Implementation Strategy . 21
ContentsXVPART 1: FUNDAMENTAL CLOUD COMPUTINGCHAPTER 3: Understanding Cloud Computing . . . . 253.1 Origins and lnfluences . . . . . 26A Brief History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Definitions .27Business Drivers . 28Capacity Planning . . 28Cost Reduction . 29Organizational Agility. . , . 30Technology Innovations . . . . 30Clustering . 31Grid Computing . 31Virtualization . 32Technology Innovations vs. Enabling Technologies . . 323.2 Basic Concepts and Terminology . . 33Cloud . 33IT Resource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34On-Premise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Cloud Consumers and Cloud Providers. . . . . . . . . . . . . . . . . . . . 36Scaling . . . . . 37Horizontal Scaling . 37Vertical Scaling . . 37,Cloud Service . 38Cloud Service Consumer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403.3 Goals and Benefits . . . 40Reduced Investmentsand Proportional Costs . 41lncreased Scalability . .42lncreased Availability and Reliability . . . 433.4 Risks and Challenges . 45lncreased Security Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . 45Reduced Operational Governance Control . . . . . . . . . . . . . . . . . 45Limited Portability Between Cloud Providers . .47Multi-Regional Compliance and Legal lssues . . . . . . . . . . . . . . . 48
xviContentsCHAPTER 4: Fundamental Concepts and Models . . 514.1 Roles and Boundaries . 52Cloud Provider .52Cloud Consumer .52Cloud Service Owner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Cloud Resource Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Additional Aales . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Organizational Boundary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Trust Boundary .574.2 Cloud Characteristics . 58On-Demand Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Ubiquitous Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Multitenancy (and Resource Pooling) . 59Elasticity .61Measured Usage . 61Resiliency .614.3 Cloud Delivery Models . 63lnfrastructure-as-a-Service (laaS) . 64Platform-as-a-Service (PaaS) . . 65Software-as-a-Service (SaaS) . 66Comparing Cloud Delivery Models . 67Combining Cloud Delivery Models . . . . . . . . . . . . . . . . . . . . . . . 69laaS PaaS . 69laaS PaaS SaaS . 724.4 Cloud Deployment Models . . 73Public Clouds .73Community Clouds . 74Private Clouds .75Hybrid Clouds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Other Cloud Deployment Models . . . 78
ContentsxviiCHAPTER 5: Cloud-Enabling Technology . . . 795.1 Broadband Networks and Internet Architecture . . 80Internet Service Providers (ISPs) . 80Connectionless Packet Switching (Datagram Networks) . . . 83Router-Based lnterconnectivity . . . . . . . . . . . . . . . . . . . . . . . . . . 83Physical Network . . . . . . . . . . . . 84Transport Layer Protocol . . . . . . . . . . 84Application Layer Protocol . . . . . . . . . . 85Technical and Business Considerations . . . 85Connectivity lssues . . . . . . . . . . 85Network Bandwidth and Latency lssues . 88Cloud Carrier and C/oud Provider Selection . . . . 895.2 Data Center Technology . . . . . 90Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Standardization and Modularity . . . . . . . . . 90Automation . . . . . . 91Remote Operation and Management. . . . . . .92High Availability . .92Security-Aware Design, Operation, and Management . 92Facilities . . . . . . .92Computing Hardware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Storage Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Network Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95Carrier and External Networks lnterconnection . . . . . . 95Web-Tier Load Balancing and Acceleration . . . . 95LAN Fabric . . . . . . . . 95SAN Fabric . . . . . . . . . . . 95NAS Gateways . . . . . . . 95Other Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 965.3 Virtualization Technology . 97Hardware lndependence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98Server Consolidation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98Resource Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98Operating System-Based Virtualization . . . . . . . . . . . . . . . . . . . . 99Hardware-Based Virtualization . . . 101Virtualization Management . . 102Other Considerations . . . . . . . . . 102
xviiiContents5.4 Web Technology . 103Basic Web Technology . . . 104Web Applications . . . 1045.5 Multitenant Technology . 1065.6 Service Technology . 108Web Services . . .109REST Services . . . . . 110Service Agents . 111Service Middleware . . . . . . . . 1125.7 Case Study Example . 113CHAPTER 6: Fundamental Cloud Security . . . 1176.1 Basic Terms and Concepts . . . . 118Confidentiality . 118lntegrity. . . . . 119Authenticity . . . 119Availability . 119Threat . . .120Vulnerability . . . . . 120Risk . . . . 120Security Controls . . . . . 120Security Mechanisms . 121Security Policies . . . . 1216.2 Threat Agents . . . . . . 121Anonymous Attacker . 122Malicious Service Agent . . . . 123Trusted Attacker . 123Malicious Insider . . . . 1236.3 Cloud Security Threats . . . 124Traffic Eavesdropping . 124Malicious lntermediary . 124Denial of Service . . . . . . 126lnsufficient Authorization . 127Virtualization Attack . 127Overlapping Trust Boundaries . 129
xixContents6.4 Additional Considerations . 131Flawed lmplementations . 131Security Policy Disparity . 132Contracts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132Risk Management . 1336.5 Case Study Example . . 135PART II: CLOUD COMPUTING MECHANISMSCHAPTER7: Cloud lnfrastructure Mechanisms . . . 1397.1 Logical Network Perimeter . . . 140Case Study Example . 1427.2 Virtual Server . . . 144Case Study Example .
Cloud Computing Concepts, Technology & Architecture PRENTICE HALL Thomas Erl, Zaigham Mahmood, and Ricardo Puttini UPPER SADDLE RIVER, NJ BOSTON INDIANAPOLIS SAN FRANCISCO NEW YORK TORONTO MONTREAL LONDON MUNICH PARIS MADRID CAPE TOWN SYDNEY TOKYO SINGAPORE MEXICO CITY Service T ec h c !" PRESS
