Cloud Computing 1
Cloud Computing 1
Splitting up the two words makes this term easier to understand. The cloud is generally
understood to be the internet, and in short cloud computing means using the internet for all of
your computer needs. Rather than having disc storage, software, and hardware of your own, you
store all of your information on the internet. If you use a service like Hotmail or Google Mail
(Gmail in the States), you're already doing it. That's because Google and Microsoft's email
services store all of your files for you on their servers. In fact, Google is one of the biggest
players in the game, as they have several software suites that are free for use on the internet, like
Google Docs or Google Calendar.
These services are provided for free, but many companies want to make money off cloud
computing by extending into businesses. Unsurprisingly, Microsoft is one of them, particularly
because cloud computing will take away much of the proprietary benefit they gain from their
many pre-installed Windows programs and operating system. Amazon is another provider; they
already allow users to set up stores and sell items via their own websites without any additional
need for storage, and they plan to expand into other areas of the market as well.
As a business model, users typically rent software and hardware facilities that they previously
had to buy. Start-ups are already taking advantage of cloud computing because it significantly
lowers their initial costs; no longer do they have to buy expensive hardware and software for
each employee. It lowers the barrier for entry, though it may not be a cost-effective service for
the long run. Consider it like renting an apartment before you save up the money for a down
payment on a house.
Similarly, the cloud model doesn't make sense for larger companies who already own the
necessary hardware and software. It would just be too expensive. In the future, however, some
technology enthusiast are already envisioning cloud computing as a common utility like
electricity or gas, completely eliminating the need to run servers or potentially even individual
computers on your own.
How will users benefit from cloud computing when it does fully arrive? Well, for one thing,
everyone would be able to access any of their files at any location. If you do some work from
home, you'll no longer need a laptop or even a flash drive because everything you could access at
home will also be available to you at work. Like webmail services, your information will
automatically sync because it's all stored in the same place. Perhaps information will also be
cheaper, but no one quite knows where this revolution is headed - yet.
Cloud computing is internet computing, whereby shared resources, software, and information
are provided to computers and other devices on demand.
Cloud computing is a paradigm shift following the shift from mainframe to client–server in the
early 1980s. Details are abstracted from the users, who no longer have need for expertise in, or
                                                  1
control over, the technology infrastructure "in the cloud" that supports them. Cloud computing
describes a new supplement, consumption, and delivery model for IT services based on the
Internet. It is a byproduct and consequence of the ease-of-access to remote computing sites
provided by the Internet. This frequently takes the form of web-based tools or applications that
users can access and use through a web browser as if it were a program installed locally on their
own computer. NIST (National Institute of Standards and Technology) provides a somewhat
more objective and specific definition here. The term "cloud" is used as a metaphor for the
Internet, based on the cloud drawing used in the past to represent the telephone network, and
later to depict the Internet in computer network diagrams as an abstraction of the underlying
infrastructure it represents. Typical cloud computing providers deliver common business
applications online that are accessed from another Web service or software like a Web browser,
while the software and data are stored on servers. A key element of cloud computing is
customization and the creation of a user-defined experience.
Most cloud computing infrastructures consist of services delivered through common centers and
built on servers. Clouds often appear as single points of access for all consumers' computing
needs. Commercial offerings are generally expected to meet quality of service (QoS)
requirements of customers, and typically include service level agreements (SLAs). The major
cloud service providers include Microsoft, Hewlett Packard, IBM, Salesforce, Amazon and
Google.
   Cloud computing refers to accessing computing resources that are typically owned and
operated by a third-party provider on a consolidated basis in one, or usually more, data center
locations. They feature on-demand provisioning and pay-as-you go resource billing, with
minimal up-front investment. It is aimed at delivering cost-effective computing power over the
Internet, including virtual private networks (VPN). From the perspective of a reasonable cloud
proponent, cloud services minimize capital expense of computing, tie operating expense to actual
use, and reduce staffing costs.
                                                2
Cloud architecture, emphasizing delivery model, from a "business" standpoint
   Cloud computing is a general term for anything that involves delivering hosted services over
the Internet. These services are broadly divided into three categories: Infrastructure-as-a-Service
(IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). The name cloud
computing was inspired by the cloud symbol that's often used to represent the Internet in
flowcharts and diagrams.
A cloud service has three distinct characteristics that differentiate it from traditional hosting. It is
sold on demand, typically by the minute or the hour; it is elastic -- a user can have as much or as
little of a service as they want at any given time; and the service is fully managed by the provider
(the consumer needs nothing but a personal computer and Internet access). Significant
innovations in virtualization and distributed computing, as well as improved access to high-speed
Internet and a weak economy, have accelerated interest in cloud computing.
Infrastructure-as-a-Service like Amazon Web Services provides virtual server instances with
unique IP addresses and blocks of storage on demand. Customers use the provider's application
program interface (API) to start, stop, access and configure their virtual servers and storage. In
the enterprise, cloud computing allows a company to pay for only as much capacity as is needed,
and bring more online as soon as required. Because this pay-for-what-you-use model resembles
the way electricity, fuel and water are consumed, it's sometimes referred to as utility computing.
Platform-as-a-service in the cloud is defined as a set of software and product development tools
hosted on the provider's infrastructure. Developers create applications on the provider's platform
over the Internet. PaaS providers may use APIs, website portals or gateway software installed on
the customer's computer. Force.com, (an outgrowth of Salesforce.com) and GoogleApps are
examples of PaaS. Developers need to know that currently, there are not standards for
interoperability or data portability in the cloud. Some providers will not allow software created
by their customers to be moved off the provider's platform.
In the software-as-a-service cloud model, the vendor supplies the hardware infrastructure, the
software product and interacts with the user through a front-end portal. SaaS is a very broad
market. Services can be anything from Web-based email to inventory control and database
processing. Because the service provider hosts both the application and the data, the end user is
free to use the service from anywhere.
Characteristics
In general, cloud computing customers do not own the physical infrastructure, instead avoiding
capital expenditure by renting usage from a third-party provider. They consume resources as a
service and pay only for resources that they use. Many cloud-computing offerings employ the
utility computing model, which is analogous to how traditional utility services (such as
electricity) are consumed, whereas others bill on a subscription basis. Sharing "perishable and
intangible" computing power among multiple tenants can improve utilization rates, as servers are
not unnecessarily left idle (which can reduce costs significantly while increasing the speed of
                                                   3
application development). A side-effect of this approach is that overall computer usage rises
dramatically, as customers do not have to engineer for peak load limits. In addition, "increased
high-speed bandwidth" makes it possible to receive the same. The cloud is becoming
increasingly associated with small and medium enterprises (SMEs) as in many cases they cannot
justify or afford the large capital expenditure of traditional IT. SMEs also typically have less
existing infrastructure, less bureaucracy, more flexibility, and smaller capital budgets for
purchasing in-house technology. Similarly, SMEs in emerging markets are typically unburdened
by established legacy infrastructures, thus reducing the complexity of deploying cloud solutions.
Economics
Cloud computing users avoid capital expenditure (CapEx) on hardware, software, and services
when they pay a provider only for what they use. Consumption is usually billed on a utility
(resources consumed, like electricity) or subscription (time-based, like a newspaper) basis with
little or no upfront cost. Other benefits of this approach are low barriers to entry, shared
infrastructure and costs, low management overhead, and immediate access to a broad range of
applications. In general, users can terminate the contract at any time (thereby avoiding return on
investment risk and uncertainty), and the services are often covered by service level agreements
(SLAs) with financial penalties.
Although companies might be able to save on upfront capital expenditures, they might not save
much and might actually pay more for operating expenses. In situations where the capital
expense would be relatively small, or where the organization has more flexibility in their capital
budget than their operating budget, the cloud model might not make great fiscal sense. Other
factors impacting the scale of any potential cost savings include the efficiency of a company's
data center as compared to the cloud vendor's, the company's existing operating costs, the level
of adoption of cloud computing, and the type of functionality being hosted in the cloud.
Among the items that some cloud hosts charge for are instances (often with extra charges for
high-memory or high-CPU instances); data transfer in and out; storage (measured by the GB-
month); I/O requests; PUT requests and GET requests; IP addresses; and load balancing. In some
cases, users can bid on instances, with pricing dependent on demand for available instances.
Architecture
Cloud computing sample architecture
Cloud architecture, the systems architecture of the software systems involved in the delivery of
cloud computing, typically involves multiple cloud components communicating with each other
over application programming interfaces, usually web services. This resembles the Unix
philosophy of having multiple programs each doing one thing well and working together over
                                                4
universal interfaces. Complexity is controlled and the resulting systems are more manageable
than their monolithic counterparts.
The two most significant components of cloud computing architecture are known as the front end
and the back end. The front end is the part seen by the client, i.e. the computer user. This
includes the client’s network (or computer) and the applications used to access the cloud via a
user interface such as a web browser. The back end of the cloud computing architecture is the
‘cloud’ itself, comprising various computers, servers and data storage devices.
Layers
Client
 cloud client consists of computer hardware and/or computer software that relies on cloud
computing for application delivery, or that is specifically designed for delivery of cloud services
and that, in either case, is essentially useless without it. Examples include some computers,
phones and other devices, operating systems and browsers.
Application
Cloud application services or "Software as a Service (SaaS)" deliver software as a service over
the Internet, eliminating the need to install and run the application on the customer's own
computers and simplifying maintenance and support. People tend to use the terms ‘SaaS’ and
‘cloud’ interchangeably, when in fact they are 2 different things. Key characteristics include:
Network-based access to, and management of, commercially available (i.e., not custom) software
   •     Activities that are managed from central locations rather than at each customer's site,
         enabling customers to access applications remotely via the Web
   •     Application delivery that typically is closer to a one-to-many model (single instance,
         multi-tenant architecture) than to a one-to-one model, including architecture, pricing,
         partnering, and management characteristics
   •     Centralized feature updating, which obviates the need for downloadable patches and
         upgrades.
                                                  5
Free services such as Google and and Hotmail are free SaaS, while some well-defined
       business applications, such as customer resource management as provided by
       Salesforce.com, are among the most successful paid SaaS applications. PayPal and
       eBay arguably are SaaS models, paid, at the low-end, on a transaction basis
    Software as a Service appears to the user either as a Web-based graphic user interface, or as
    a data exchange format specific to an application, especially on a mobile device. The most
    general type of application-specific data would be application-specific transactions, such as
    Health Level 7, which use a general data representation such as XML. Alternatively, the file
    format might only be understandable by the vendor's application.
    Free email and search engines are SaaS, with limited customization, and sometimes
    premium offerings with more functionality. Some use an advertising-supported revenue
    model, such as basic webmail services such as Hotmail and Gmail. Free customers have no
    leverage with their cloud providers; there is very little recourse in the event of failures.
    Some vendors, however, have paid versions of these services, with higher levels of support
    and customization.
                                               6
    The second type of SaaS has a subscription-based revenue model', such as to
    Salesforce.com. These customers have more leverage, providing they write their service
    contracts correctly. With both types, the customer depends on the provider for disaster
    recovery capability since the applications only are available on the vendor's servers.
    Quite a few business services are really SaaS, such as PayPal and eBay; they are hybrid
    cloud services that facilitate transactions between users. These services may mix
    subscription-based basic fees with a transaction-based revenue model. The creation of
    various credit card and check payment features are examples of how SaaS can be
    customized without programming. Especially in areas where there are significant
    compliance requirements, such as the Payment Card Industry for credit cards, SaaS
    providers such as Savvis also assume a professional services revenue model. [14] IaaS
    provider Rackspace added professional services offerings. [15]
Platform
PaaS responsibilities
                                               7
         PaaS is like SaaS in that low-level programming is not necessary, but does require
         customer programming at a middleware level, such as Web services, Java Virtual
         Machine, XML or SQL databases, etc. Some are restricted to an business function
         specific set of APIs (e.g., Strike Iron and Xignite) to a wider range of APIs in Google
         Maps, the U.S. Postal Service, Bloomberg, and even conventional credit card
         processing services. Billing for PaaS is most commonly on a per-transaction model.
         A Java Virtual Machine is middleware, not the operating systems or virtual processors
         in IaaS but below SaaS applications. Java is used both for non-interactive and
         interactive applications. Nikita Ivanov describes two basic approaches, which are not
         mutually exclusive, but different products tend to have one or the other dominate. [17]
         The first is much like the way a traditional data center is organized, where the
         developers have little control over infrastructure. "The second approach is something
         new and evolving as we speak. It aims to dissolve the boundaries between a local
         workstation and the cloud (internal or external) by providing relative location
         transparency so that developers write their code, build and run it in exact the same way
         whether it is done on a local workstation or on the cloud thousands miles away or on
         both."
         Google App Engine uses the second model, encouraging testing and development on a
         local workstation, and then uploading the production version to Google's cloud. Its first
         version used a Python virtual machine, but has been extended to Java, both with web
         tools.
         Elastic Grid adds value to a Java virtual machine platform with what they call a "Cloud
         Management Fabric" and a "Cloud Virtualization Layer".[18] The latter provides Elastic
         Grid customers with an overlay onto IaaS providers such as Amazon EC2 and
         Rackspace. The former allows the customer to "dynamically instantiate, monitor &
         manage application components. The deployment provides context on service
         requirements, dependencies, associations and operational parameters."
Infrastructure
                                               8
Cloud infrastructure services, also known as "Infrastructure as a Service (IaaS)", delivers
computer infrastructure - typically a platform virtualization environment - as a service. Rather
than purchasing servers, software, data-center space or network equipment, clients instead buy
those resources as a fully outsourced service. Suppliers typically bill such services on a utility
computing basis and amount of resources consumed (and therefore the cost) will typically reflect
the level of activity. IaaS evolved from virtual private server offerings.
In Infrastructure as a Service, the provider offers the customer the ability to provision processing,
storage, networks, and other fundamental computing resources where the consumer is able to
deploy and run arbitrary software, which can include operating systems and applications. The
consumer does not manage or control the underlying cloud infrastructure but has control over
operating systems, storage, deployed applications, and possibly limited control of select
networking components (e.g., host firewalls).
IaaS responsibilities
Data as a Service (DaaS): The cloud is more a repository than an active programming
environment; often considered a subset of IaaS or sometimes of PaaS
Data as a Service is a subset of IaaS, offering virtual disk storage, sometimes with options such
as encryption, file sharing, incremental backup, etc. It is not a distributed data base; an SQL or
XML interface is at a higher level of abstraction, so that cloud data bases would be PaaS.
Another way to differentiate DaaS and PaaS: filesystem calls are DaaS; database manager calls
are PaaS. DaaS extends to consumer services for the small and home office (SOHO).
                                                 9
Server
The servers layer consists of computer hardware and/or computer software products that are
specifically designed for the delivery of cloud services, including multi-core processors, cloud-
specific operating systems and combined offerings.
Deployment models
Cloud computing types
Public cloud
It sells services to anyone on the Internet. (Currently, Amazon Web Services is the largest public
cloud provider.) Public cloud or external cloud describes cloud computing in the traditional
mainstream sense, whereby resources are dynamically provisioned on a fine-grained, self-service
basis over the Internet, via web applications/web services, from an off-site third-party provider
who bills on a fine-grained utility computing basis.
Public cloud
In public clouds, access is over the Internet, although it may use per-session host-to-host security
and sometimes on-demand VPNs. The physical servers are shared among multiple customers of
the cloud.
Public clouds offer the greatest economy of scale, but also raise security concerns. Public clouds
are more efficient from the service provider standpoint, giving better resource utilization and
potentially giving more opportunities for disaster recovery, but they present additional security
concerns. Sometimes, there may simply be a regulatory requirement, such as HIPAA or PCI,
which requires the application data to be on a server completely under the control, at least
contractually, of the data owner. In other cases, there are technical security concerns, such as the
potential ability of a virtual machine instance to snoop on a paused virtual machine instance of
another computer, the paused image residing on the same physical server disk.
Public clouds have also suffered from availability problems, when compared to enterprise
networks built for reliability.
Community cloud
                                                10
       than a single tenant) this option is more expensive but may offer a higher level of
       privacy, security and/or policy compliance. Examples of community cloud include
       Google's "Gov Cloud".
       Community clouds are variants of private clouds, run by a customer manager such as the
       General Services Administration of the U.S. government, or of a banking cooperative, but
       with multiple trusted, but separately administered, user organizations as tenants in the
       community cloud. Where a single-user private cloud is more an outsourced intranet, a
       community cloud is an outsourced extranet.
       The Department of Defense community cloud, RACE, initially committed 99.999 percent
       uptime, while Google offers 99.9 percent availability. Over a year, that translates to 5
       versus 526 minutes of downtime.
Hybrid cloud
A hybrid cloud environment consisting of multiple internal and/or external providers "will be
typical for most enterprises". By integrating multiple cloud services users may be able to ease the
transition to public cloud services while avoiding issues such as PCI compliance.
Another perspective on deploying a web application in the cloud is using Hybrid Web Hosting,
where the hosting infrastructure is a mix between Cloud Hosting for the web server, and
Managed dedicated server for the database server.
A hybrid storage cloud uses a combination of public and private storage clouds. Hybrid storage
clouds are often useful for archiving and backup functions, allowing local data to be replicated to
a public cloud.
Private cloud
A cloud can be private or public. A private cloud is a proprietary network or a data center that
supplies hosted services to a limited number of people. When a service provider uses public
cloud resources to create their private cloud, the result is called a virtual private cloud. Private or
public, the goal of cloud computing is to provide easy, scalable access to computing resources
and IT services.
Private clouds have attracted criticism because users "still have to buy, build, and manage them"
and thus do not benefit from lower up-front capital costs and less hands-on management,
essentially "[lacking] the economic model that makes cloud computing such an intriguing
concept".
                                                  11
Private clouds dedicate servers to specific customers or customer groups. Access may be by
secure Internet session or over a virtual private network.
Purely from a server standpoint, they cannot offer the same economy of scale as a public cloud.
With good capacity planning for a sufficiently large number of server instances, can still be
cheaper than in-house server farms because the data structure infrastructure is shared.
The servers in a private cloud could actually be located on the customer's premises, but managed
by a third party.
Cloud storage
Cloud Storage is a model of networked computer data storage where data is stored on multiple
virtual servers, generally hosted by third parties, rather than being hosted on dedicated servers.
Hosting companies operate large data centers; and people who require their data to be hosted buy
or lease storage capacity from them and use it for their storage needs. The data center operators,
in the background, virtualize the resources according to the requirements of the customer and
expose them as virtual servers, which the customers can themselves manage. Physically, the
resource may span across multiple servers.
The Intercloud
The Intercloud is an interconnected global "cloud of clouds" and an extension of the Internet
"network of networks" on which it is based. The term was first used in the context of cloud
computing in 2007 when Kevin Kelly stated that "eventually we'll have the intercloud, the cloud
of clouds. This Intercloud will have the dimensions of one machine comprising all servers and
attendant cloudbooks on the planet." It became popular in 2009 and has also been used to
describe the datacenter of the future.
The Intercloud scenario is based on the key concept that each single cloud does not have infinite
physical resources. If a cloud saturates the computational and storage resources of its
virtualization infrastructure, it could not be able to satisfy further requests for service allocations
sent from its clients. The Intercloud scenario aims to address such situation, and in theory, each
cloud can use the computational and storage resources of the virtualization infrastructures of
other clouds. Such form of pay-for-use may introduce new business opportunities among cloud
providers if they manage to go beyond theoretical framework. Nevertheless, the Intercloud raises
many more challenges than solutions concerning cloud federation, security, interoperability,
QoS, vendor's lock-ins, trust, legal issues, monitoring and billing.
The concept of a competitive utility computing market which combined many computer utilities
together was originally described by Douglas Parkhill in his 1966 book, the "Challenge of the
Computer Utility". This concept has been subsequently used many times over the last 40 years
and is identical to the Intercloud.
                                                  12
Privacy
The Cloud model has been criticized by privacy advocates for the greater ease in which the
companies hosting the Cloud services control, and thus, can monitor at will, lawfully or
unlawfully, the communication and data stored between the user and the host company.
Instances such as the secret NSA program, working with AT&T, and Verizon, which recorded
over 10 million phone calls between American citizens, causes uncertainty among privacy
advocates, and the greater powers it gives to telecommunication companies to monitor user
activity. While there have been efforts (such as US-EU Safe Harbor) to "harmonise" the legal
environment, providers such as Amazon still cater to major markets (typically the United States
and the European Union) by deploying local infrastructure and allowing customers to select
"availability zones."
Security
The relative security of cloud computing services is a contentious issue which may be delaying
its adoption. Some argue that customer data is more secure when managed internally, while
others argue that cloud providers have a strong incentive to maintain trust and as such employ a
higher level of security.
The Cloud Security Alliance is a non-profit organization formed to promote the use of best
practices for providing security assurance within Cloud Computing.[
In addition to concerns about security, businesses are also worried about acceptable levels of
availability and performance of applications hosted in the cloud.
There are also concerns about a cloud provider shutting down for financial or legal reasons,
which has happened in a number of cases.
Dark clouds
While conceptual clouds move virtual machine instances among multiple data centers, the reality
is that a number of cloud providers, even those that have multiple data centers, have had
significant outages due to single data center malfunctions and a failure to move the VMIs to
another data center. Rackspace, for example, is paying several million dollars to customers after
a power failure in its Dallas, Texas facility,
Clouds have been affected by other failures. A distributed denial of service attack on specialized
infrastructure provider of Domain Name System (DNS) services, Neustar, was reported, by a
Neustar competor, to have "knocked offline" Amazon and Salesforce. Without independent log
                                                13
analysis, this is hard to assess. Just as a cloud should not be dependent on a single data center,
even a single data center of any appreciable size should not depend on a single DNS provider.
SaaS providers should have internal DNS for their own and customer machines, and would
typically need only infrequent access to external DNS, although IaaS and PaaS would have more
DNS dependency. With two independent DNS providers, degradation but not outage could be
expected on the data center side. Customers and users with only one DNS might be unable to
find the cloud. This is another example where the truth is hard to find.
Disappearing clouds
Cogshead, a Platform-as-a-Service (PaaS) vendor, had financial problems, and had its
technology, but not its customers or cloud, bought by application software vendor SAP. In
February 2009, Cogshead customers were told they had until April to move their data.
Unfortunately, while they could retrieve XML versions of the data, the applications they had
written to process it were dependent on Cogshead technology and could not move.
At least in the Cogshead case, the users had XML available. Had their vendor been IaaS, it
would have been much simpler to move, because their lower-level programming would be more
portable, as, for example, to any other machine or cloud that supported LAMP, Microsoft Server
stacks, or other utilities. SaaS users might or might not be able to get data in machine-readable
format, unlike XML, and would have a longer road to rebuild applications.
Security, including security with third-party add-ons, is a critical part of cloud solutions, but
experience shows the solution can be a problem. Bill Brenner, a senior editor for CSO (Chief
Security Officer) tells of the five mistakes made by one such third-party security vendor.
Mistakes compounded when a buggy update was deployed with neither adequate warning nor
recovery mechanisms:
   1. Updating the SaaS product [with the security update] without telling customers or letting
      them opt out. The update affected endpoint security, so it was visible to surprised users.
   2. Not offering a rollback to the last prior version
   3. Not offering customers a choice to select timing of an upgrade or allowing a period of
      testing
   4. New versions ignore prior configurations or settings, which creates instability in the
      customer environment... it disregarded whitelist and firewall settings programmed into
      the previous version, causing computers to suddenly bog down with pop-up warnings for
      a variety of commonly-used applications, including those built and maintained in-house.
                                                14
   "The client now doesn't trust itself and blocks everything. Integrity between a cloud and
   an endpoint is essential, and this sort of disconnect could be exploited for denial-of-
   service attacks and the like. Vendors need to be thinking about this."
5. Not offering a safety valve
15