Cloud computing perspectives and questions

From WikiContent

(Difference between revisions)
Jump to: navigation, search
(More about benefits, costs)
(Cut down and integrated Cohen cloudbursting proposal)
Line 266: Line 266:
** Compute-cycle measurement [ proposal by Reuven Cohen]
** Compute-cycle measurement [ proposal by Reuven Cohen]
= Cloud Computing / Cyber Defense & Security =
= Security in Cloud Computing =
== Federal CloudBursting & Cyber Defense Contingency Plan ==
* Cloud might provide a recovery strategy for distributed denial-of-service attacks [ Cloudbursting proposal by Reuven Cohen]
A few of the key points I will be presenting at Monday's Federal Cloud Standards summit in Washington DC include;
* Defining how to actually recover from serious Cyber attacks with a minimum level time cost and disruption.
* Focus on limiting the effects that cyber attacks cause.
* A plan to address specific strategies and actions to deal with cyber threats in realtime
* Include a monitoring process and “triggers” for initiating planned actions (GovBursting)
See my complete post here >

Revision as of 21:08, 15 August 2009

The World Economic Forum started a research project at Davos 2009 concerning cloud computing, which they broadly define to include all kinds of remote services, from Software as a Service to virtual machines.

Andy Oram was asked to provide some ideas on the implications of cloud computing for business as well as its future operating environment. This wiki is a discussion forum where anyone with relevant and valid ideas can suggest points for ongoing research into the social and economic issues (as well as relevant technical issues).


Definitions of cloud computing

  • WEF definition is very broad
  • Definitions tend to be complex and controversial
  • Most observers agree on different approaches that define different relationships between client and provider:
    • Software as a Service (Saas)
      • Most computing and often the data storage is performed by vendor. Access by client is through browser or other thin client software.
      • A very old model, called Application Service Providers in the 1990s.
      • Now encompasses:
        • Well-established services such as
      • Popular storage and social networking services such as Google Docs and Flickr
      • Services offered to cell phone users
    • Infrastructure as a Service (Saas)
      • Offers virtual environments where clients can build or load software representations of entire computer systems
      • Also has long history, if one counts time-sharing
      • Now covers platforms such as EC2
      • It's notable that first service was by a large consumer of computing power ( instead of a computer vendor or software company
    • Platform as a Service (Saas)
      • Offers a programming interface where clients can build new applications. More flexible from client point of view than SaaS (which offers a single service, albeit often with plug-ins and APIs) but less flexible than IaaS (which offers the opportunity to run complete operating systems with multiple applications)
      • Recent innovation
      • Best-known example is Google App Engine
  • Data can also be stored in the cloud
    • Replication may be a substitute for back-ups
    • Some services build in replication, often by partitioning data in such a way that a subset of replicas can rebuild the entire data
  • Peer-to-peer systems permit clients to coordinate storage
    • Still at a young stage
    • Relatively well-known examples include:
      • Jesse Vincent's Prophet

Benefits and drawbacks for potential clients

  • Organizations may be formed without cost of creating a systems and communications infrastructure
    • Allows new organizations to be formed with minimal overhead
    • Existing organizations can change personnel, move, experiment, and deploy new services rapidly
    • Less reliance on a central IT group to provision servers
    • May disrupt old centers of power and decision-making, somewhat as the desktop PC did in the 1980s
    • Enables virtual organizations -- with no physical infrastructure, just shared data and processes
  • Total reliance on a cloud service (virtual machine services or SaaS)
    • May be valuable for start-ups and skunkworks
    • For larger organizations, useful for some well-defined functions, particularly non-critical ones. (But note that many companies use services for customer relations management and for paying employees, which could be considered critical functions.)
    • Requires a thorough understanding of the cloud service's operations, the risks involved, and management techniques to handle the service and its risks.
    • SaaS allows vendor to change or remove features capriciously, and clients cannot choose to keep old version by rejecting the upgrade
  • Use of cloud to supplement in-house operations
    • Useful for:
      • Capital-poor companies
      • Companies with growth rates that they can't support
      • Handling peaks and spikes
      • Handling large variations in their normal business volume
      • Handling growth that will eventually be moved in-house
      • Offloading in-house systems for updating, testing and installing major changes
    • Requires skills in both domains (in-house and cloud) as well as strategies for migrating and replicating between them.
    • Best if the cloud supplier can offer strong service level guarantees (SLAs)
    • If clients' system administrators are deskilled by outsourcing system administration, can reduce companies' competence to judge SLAs and negotiate safe contracts.
  • Costs and potential savings
  • Much disagreement over costs of system administration after move to a cloud -- many sysadmin tasks are just as complex and demanding as with stand-alone systems
  • Sunk costs in existing hardware may slow move to cloud computing

Benefits and drawbacks for vendor of offering software as a service or using a development environment

  • Benefits are extremely compelling
    • Project start-up can be faster and cheaper
    • Potential clients can use software simply by visiting a web page--no need to download anything, unless a plugin is desired
    • Updates are immediate and do not require client action
    • Testing can be simplified by simply cloning an instance of the software environment
  • Many free software developers already use a service such as SourceForge or Launchpad to develop and distribute software
  • Drawbacks
    • Main drawback, especially when using cloud service at a relatively high level (development environment or SaaS instead of virtual machines) is delivery through a web browser instead of running with native code
      • Performance impacts (diminishing as technology improves)
      • Lack of access to features of the operating system
      • Restrictions on user interface (diminishing as technology improves)
    • Other drawbacks are the same as for other organizations
      • Administration may be more difficult, at least at current stages of the field's development
      • Costs of using a virtual service may be higher than stand-alone servers for large projects
      • Development tailored to a particular development environment such as Google AppServer or Windows Azure may limit portability


  • The requirement that clients have network access makes cloud services inaccessible or difficult for:
    • People without Internet access (much of the developing world)
    • People with very slow Internet access (many areas in both the developing and developed world)
    • People without continuous Internet access (dial-up, also still common in both the developing and developed world)
  • On the other hand, services that are parsimonious in the use of bandwidth and client-side compute power can (through mobile devices) extend new services to previously cut-off populations.
    • Low computing power requirements on the client side simultaneously lower the cost of the client (e.g. PC, laptop, etc.)
    • SaaS application vendors are viewing mobile devices as an important part of their application stack


  • What degree of geographic distribution offers sufficient safety for:
    • Individuals or small companies
    • Major corporations and organizations with reliability requirements
    • Defense and other sensitive government functions
  • Benefits of automatically distributing files, perhaps among multiple vendors (example; Cleversafe)
  • Potential targets for attack in war or by terror
  • Should there be resilience standards?


  • Importance: Backups are recommended for persistent data to another system or service outside of the cloud.
  • Feasibility: All APIs can be emulated, so in theory organizations can use the same scripts and procedures to replicate operations in multiple services
  • Trends: There are calls for "open cloud computing," referring to standards that would facilitate portability.
    • Standards could lead to automatic, instant migration between cloud vendors.
    • As with all standardization, it's hard to:
      • Get vendors to cooperate on advances that would reduce client lock-in
      • Slow down innovation in an emerging technology enough to produce a standard

Environmental implications

  • Energy trade-offs between concentrated megaservers and smaller systems distributed around the world.
  • Impacts on localities where huge server farms are built.

Software freedom

  • Cloud eviscerates software freedom:
    • New software and patches can be built on free software while still being hidden behind the cloud (except free software under the rarely used Affero GPL).
    • (Mostly in regard to Saas) Even releasing the source code would have little to no effect, because the real lock-in for cloud services is its role as central repository: storing the data and (for sites with community aspects) providing connections among different visitors.
  • Solutions:
    • Open formats so clients can extract data and reuse it elsewhere
    • As alternative to centralized services, promote radically distributed systems
      • Individuals maintain control of their own data and data processing and peer with others to share data and processing.

Government use

  • Use of popular cloud services (such as Google Docs)
    • Benefits
      • Familiar to staff and public alike, and therefore easy to promote use
      • Quick and cheap to set up
      • Allows integration of government message and discussion with other popular forums
    • Drawbacks
      • Often have policies that run counter to government needs:
        • Services may access visitor data in ways that treat privacy cavalierly.
        • Services may force visitors to take on liability requirements that governments cannot do.
      • Lack the reliability, and sometimes the security, that the public has a right to expect of government services.
      • May not have features governments need.
  • Should governments collaborate on producing public-domain or open-source social networks and cloud services tailored to their needs?

Cloud Computing Standards

  • Much talk of "open cloud computing" that would facilitate moving instances of servers or applications between vendors
  • Standards for cloud performance measurement and rating
    • Attempt to support SLAs and permit vendors to compete on price/performance

Security in Cloud Computing

Personal tools