Unit II

S.Thamarai Selvi
Professor
Department of Computer Technology
MIT Campus
Anna University

Mastering Cloud Computing

Primary Technologies for Cloud

Networking Protocols
Distributed Computing
Service Oriented
Architectures
Web 2.0
Virtualization
Grid technology

Distributed Systems(DS)
A distributed system is a collection of
independent computers that appears to its
users as a single coherent system.
- Tanenbaum
A distributed system is one in which
components located at networked
computers communicate and coordinate
their actions only by passing messages.

- Coulouris

Application Layer
Middleware Layer
Operating System Layer
Hardware Layer

Stack of DS

Characteristics of DS

heterogeneity
openness
scalability
transparency
concurrency
continuous availability and
independent failures.

Issues of DS
Architecture for remote access while
sharing
Synchronization
Naming
Sharing memory and shared file system
Security
Transaction - ACID Properties
Scalability

Software Architecture
What is software architecture?
What are the software architectures
available?

5Ds of Software Development

Define - Problem Statement

Devise - Analysis
Design - Architectural Design
Develop- Implementation
Deploy - Install and test

Role of Software Architecture

Source: PPT of David Garlan

Software Architecture Styles

Data Oriented Architecture
Hierarchical Architecture
Call and Return Architecture
Interaction Process Architecture
Service Oriented Architecture
Space based Architecture

Evolution of architectures

Client/Server Architecture
3-Tier
N-Tier
Components based
Services

Two Tier Architecture

3-tier architecture

Service Oriented Architectures (SOA)

Service
Registry

find

Service
Requestor

Publish

Bind

Service
provider

Evolution of Programming Paradigms

Monoliths
Structured
Object based
RPC /RMI
Component based
Service based
Map Reduce

Traditional paradigms for distributed computing

Data-flow control in an RPC application

Data-flow control in an RMI application

Data-flow control in a DCOM application

Data-flow control in a CORBA application

Enabling Technologies
Cloud applications: data-intensive,
compute-intensive, storage-intensive
Bandwidth
WS

Services interface

Web-services, SOA, WS standards

VM0

Storage
Models: S3,
BigTable,
BlobStore, ...

VM1

VMn

Virtualization: bare metal, hypervisor.

Multi-core architectures
64-bit
processor

Wipro Chennai 2011

Thoughts on Cloud Computing

Galen Gruman, InfoWorld Executive Editor,
and Eric Knorr, InfoWorld Editor in Chief
A way to increase capacity or add capabilities on
the fly without investing in new infrastructure,
training new personnel, or licensing new
software.
The idea of loosely coupled services running on
an agile, scalable infrastructure should eventually
make every enterprise a node in the cloud.

25

Thoughts on Cloud Computing

Tim OReilly, CEO OReilly Media
I think it is one of the foundations of the next
generation of computing
The network of networks is the platform for all
computing

Everything we think of as a
computer today is really just
a device that connects to the
big computer that we are all
collectively building
26

Thoughts on Cloud Computing

Dan Farber, Editor in Chief CNET News
We are at the beginning of the age of planetary
computing. Billions of people will be wirelessly
interconnected, and the only way to achieve that
kind of massive scale usage is by massive scale,
brutally efficient cloud-based infrastructure.

27

Core objectives of Cloud Computing

Amazon CTO Werner Vogels
Core objectives and principles that
cloud computing must meet to be
successful:

Security
Scalability
Availability
Performance
Cost-effective
Acquire resources on demand
Release resources when no longer needed
Pay for what you use
Leverage others core competencies
Turn fixed cost into variable cost

28

A sunny vision of the future

Sun Microsystems CTO Greg Papadopoulos
Users will trust service providers with their data
like they trust banks with their money
Hosting providers [will] bring brutal efficiency for
utilization, power, security, service levels, and ideato-deploy time CNET article
Becoming cost ineffective to build data centers
Organizations will rent computing resources
Envisions grid of 6 cloud infrastructure providers
linked to 100 regional providers
29

Origin of the term Cloud Computing

Comes from the early days of the Internet where we drew
the network as a cloud we didnt care where the
messages went the cloud hid it from us Kevin Marks,
Google
First cloud around networking (TCP/IP abstraction)
Second cloud around documents (WWW data abstraction)
The emerging cloud abstracts infrastructure complexities
of servers, applications, data, and heterogeneous
platforms
(muck as Amazons CEO Jeff Bezos calls it)

30

Computer Utilities Vision:

Implications of the Internet
1969 Leonard Kleinrock, ARPANET project
As of now, computer networks are still in their
infancy, but as they grow up and become
sophisticated, we will probably see the spread of
computer utilities, which, like present electric and
telephone utilities, will service individual homes and
offices across the country

Computers Redefined
1984 John Gage, Sun Microsystems
The network is the computer

2008 David Patterson, U. C. Berkeley

The data center is the computer. There are dramatic differences
between of developing software for millions to use as a service
versus distributing software for millions to run their PCs

2008 The Cloud is the computer Buyya!

History
1960 - John McCarthy opined that "computation may
someday be organized as a public utility"
Early 1990s The term cloud comes into
commercial use referring to large networks and the
advancement of the Internet.
1999 Salesforce.com is established, providing an
on demand SaaS (Software as a Service).
2001 IBM details the SaaS concept in their
Autonomic Computing Manifesto
2005 Amazon provides access to their excess
capacity on a utility computing and storage basis
2007 Google, IBM, various Universities embark on a
large scale cloud computing research project
November 18, 2009

32

History
http://www.usaspending.gov, http://www.recovery.gov,
http://www.data.gov, etc.

December 2007: Web 2.0 Team Formed.

2008 Gartner says cloud computing will shape the
relationship among consumers of IT services, those who
use IT services and those who sell them
January 2008: Suggested Matrix of Web 2.0 Technology
Potential @ EPA adopted for White Paper and
eventually by the Federal Web Content Managers
Forum.
February 2008: Web 2.0 Team delivered White Paper to
EPA Senior Management at the Web Workgroup Meeting
where it was enthusiastically accepted.
March 2008: Web 2.0 Team and Work Group continued
to meet, test, and discuss Web 2.0 tools. Realized that
these tools were delivered by cloud computing and
GSA started to enter into service agreements to deliver
new media providers government-wide.

History contd
June 2008: MISD Collaboration Tools Team
formed out of MISD Retreat that collaborated
with the Web 2.0 Team and Web 2.0 Knowledge
Action Team (David Eng, Lead) on meetings,
testing, and discussion of Web 2.0 tools and
delivered a recommendation to support
Telework, etc. (Fall 2008).
October 2008: Started Work on Target
Architecture White Paper on SOA, Web 2.0/3.0,
and Cloud Computing

History contd
October 2008 to present: Series of Cloud Computing
Camps, Meetings, Workshops, Symposiums, etc. (e.g.
July 15, 2009, Federal Symposium featuring Federal
CIO Vivek Kundra)
See http://federalcloudcomputing.wik.is
February 2009: Delivered version 1.0 of the Target
Architecture White Paper (SOA, Web 2.0/3.0, and Cloud
Computing) (at the request of the Acting Chief Architect,
Lisa Jenkins) and series of pilot examples (at the request
of David Eng and others).
July 2009: Request by Tony Studer to present informal
briefing on cloud computing to ITSPB staff with David
Michael.

History contd
May 7, 2009: Improving Innovation, Efficiency, and Effectiveness
in Federal IT .President's FY2010 Budget includes cloud
computing.
May 21, 2009: When Cloud Computing Comes Down to Earth: A
Discussion with Peter Tseronis, DoE Deputy CIO and Chair of
the Federal CIOC Cloud Computing Advisory Council.Mentions
http://federalcloudcomputing.wik.is.
July 13, 2009: Cloud Standards Summit.Provided
recommendations to the July 15th Symposium.
July 15, 2009: Federal Cloud Computing Symposium featuring
Federal CIO Vivek Kundra.See next slide and news story: The
Federal GSA Cloud Storefront may open on Sept 9 .

History contd
August 13, 2009: ArchitecturePlus Seminar- Cloud Computing,
Web 2.0 and Beyond: A Vision of Future Government
Operations.Federal Enterprise Architects should become
involved.
August 21, 2009: Draft NIST Working Definition of Cloud Computing
(version 15):Cloud computing is a model for enabling convenient,
on-demand network access to a shared pool of configurable
computing resources (e.g., networks, servers, storage, applications,
and services) that can be rapidly provisioned and released with
minimal management effort or service provider interaction. This
cloud model promotes availability and is composed of five essential
characteristics, three service models, and four deployment
models.Note: Cloud software takes full advantage of the cloud
paradigm by being service oriented with a focus on statelessness,
low coupling, modularity, and semantic interoperability.

The Cloud (of buzzwords)

Community Private Cloud Regulatory Requirements

Public Cloud
SLAs Private CloudCommodity Public Cloud
Enterprise Public Cloud
Hybrid
Cloud
Closed Private Cloud
ASP Storage as a Service
Cloud Stacks CloudBurstingWeb 3.0Software as a Service
On-premise Inter Cloud Security 1.3a Information as a Service

Elastic Computing Infrastructure as a Service Clustering

Off-premise Portability Management as a Service Security as a Service
Resource Democratization Platform as a Service

Time-Sharing Web 2.0 Integration as a Service Database as a Service

Abstraction of InfrastructureProcess as a Service Interoperability
Grid Computing Testing as a Service

Hybrid Pricing Pay As You Go Hardware Virtualization

Desktop Virtualization
Utility
Based
Consumption
Subscription Pricing Presentation Virtualization
Application Virtualization Virtualization
Source: Gaurav Verma, SAS, OECD Cloud Computing Forum, 14 October 2009

Defining Clouds: There are many views for

what is cloud computing?

Over 20 definitions:

http://cloudcomputing.sys-con.com/read/612375_p.htm
Renting remote storage backup
Renting remote server hosting Web server
Renting remote more servers to manage large workload

Buyyas Scientific definition of Cloud Computing

Cloud is a market-oriented distributed computing system
consisting of a collection of inter-connected and virtualised
computers that are dynamically provisioned and presented as
one or more unified computing resources based on service-level
agreements (SLA) established through negotiation between the
service provider and consumers.

SLA = {negotiated and agreed QoS parameters +

rewards + penalties for violation of agreement....}

Definition
National Institute of Standards and Technology

Cloud computing is a model for enabling convenient,

on-demand network access to a shared pool of
configurable computing resources (e.g., networks,
servers, storage, applications, and services) that can
be rapidly provisioned and released with minimal
management effort or service provider interaction.
(NIST Definition)

This cloud model promotes availability and is composed of

five essential characteristics, three service models, and four
deployment models.

November 18, 2009

41

Cloud Architecture

Web 2.0: Evolution Towards a Read/Write Platform

Web 1.0

Web 2.0

(1993-2003)

(2003- beyond)

Pretty much HTML pages viewed through

a browser

Web pages, plus a lot of other content

shared over the web, with more interactivity;
more like an application than a page

Read

Mode

Write &
Contribute

Page

Primary Unit
of content

Post / record

static

State

dynamic

Web browser

Viewed
through

Browsers, RSS
Readers, anything

Client Server

Architecture

Web Services

Web Coders

Content
Created by

Everyone

geeks

Domain of

mass
amatuerization

Web 2.0
AJAX
Data Formats
JSON -Java Script Object Notation
PO XML - Plain Object XML
RSS/Atom

REST - REpresentational State Transfer

Ajax - Where is it used?

Web 2.0

Web 2.0

Data formats - I
JSON (JavaScript Object Notation, RFC-4627)
Subset of JS object literal notation (does not require
JS)
Data types: number, string, boolean, array, object,
null
Supported by many languages
In Dec 2005, Yahoo! added support for JSON
but
No schema mechanism (validation, code
generation)
Limited type system (no date or time)
No extension or versioning

Other data formats - II

YAML (YAML Aint Markup Language)
All data can be represented by lists, hashes and scalars
Superset of JSON: validate with Kwalify
De facto serialization format in Ruby; support in many
languages
Microformats
Place marked up data in (X)HTML pages
Use HTML attributes: class, rel, and rev
RSS/ATOM (RFC-4287)
Time-stamped uniquely-identified data chunks with metadata
Lucene Web Service API (http://dev.lucene-ws.net/wiki/API)
Google Data (GData) API
(http://code.google.com/apis/gdata/index.html)

Research Activities @ CARE

61

REST is History
REST (REpresentational State Transfer)
Based largely on Roy Fieldings Ph.D. thesis
Architectural style designed to promote
Performance
Scalability
Generality
Simplicity
Modifiability

ReST based Web Service

ReST (Representational State Transfer) is an
architectural style for distributed hypermedia
systems, it is not just a method for building web
services.
Introduced by Roy Thomas Fielding in his
dissertation to become Ph.D. in 2000.
Resource URIInteraction Representation
An application can interact with a resource by
knowing the identifier of the resource (URI), and
the action required (HTTP methods). ReST is
stateless.

Separation of Concerns

HTTP://REST.BLUEOXEN.NET/CGI-BIN/WIKI.PL?RESTTRIANGLE

Noun Space
Resources are an abstraction for what is
available
Files
Generated Content
Computational Results
Concepts/Organizations/People

What comes back can change over time

Think about todays /. Page

Verb Space
Constrained semantics for acting upon
resources
Traditionally
GET
POST
PUT
DELETE

Allows intermediaries to apply

security/caching policies

REST Architecture

H.T.T.P. is just C.R.U.D

Create, Read, Update, Delete
CRUD

HTTP request method

CREATE POST (create a new resource)

READ

GET (Retrieve a representation of a

resource)
UPDATE PUT (modify or overwrite an existing
resource)
DELETE DELETE (delete an existing
resource)
H.T.T.P. is K.I.S.S. too (Keep It Simple Stupid)

What do RESTful services lack?

Format method for describing interface
contract
Reliable messaging
Digital signatures
Message routing
Resource life cycle management
Asynchronous event notification
Other capabilities captured by WS-* specs

Use of Web service - Flickrvision

Flickr photos with Google Maps

Web services for mashups

A mashup is a Web application that

combines data or functionality from one or
more sources into a single integrated
application.
http://www.programmableweb.com

Source: http://blogs.zdnet.com/Hinchcliffe/

Research Activities @ CARE

91

Public Clouds
Google App Engine
Amazon Web Services - EC2, S3
Microsoft Azure

Microsoft Azure Services

Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das

98

Windows Azure Applications,

Storage, and Roles

LB

n
Web Role

m
Worker Role

Cloud Storage (blob, table, queue)

Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das
99

Common Cloud Characteristics

Cloud computing often leverages:
Massive scale
Homogeneity
Virtualization
Resilient computing
Low cost software
Geographic distribution
Service orientation
Advanced security technologies
10

Security is the Major Issue

10

View of Cloud Deployment

Cloud
Application

Client
Infrastructure

Application
Service

PaaS
Platfor
m

IaaS

Storage
Infrastructure

Virtualized Application

SaaS

Security and Data Privacy Across IaaS,

PaaS, SaaS
Many existing standards
Identity and Access Management (IAM)
IdM federation (SAML, WS-Federation, Liberty ID-FF)
Strong authentication standards (HOTP, OCRA, TOTP)
Entitlement management (XACML)

Data Encryption (at-rest, in-flight), Key Management

PKI, PKCS, KEYPROV (CT-KIP, DSKPP), EKMI

Records and Information Management (ISO 15489)

E-discovery (EDRM)
10

3 Cloud Service Models

Cloud Software as a Service (SaaS)

Use providers applications over a network

Cloud Platform as a Service (PaaS)

Deploy customer-created applications to a cloud

Cloud Infrastructure as a Service (IaaS)

Rent processing, storage, network capacity, and other

fundamental computing resources

To be considered cloud they must be deployed

on top of cloud infrastructure that has the key
characteristics

10

Architectural Overview for Multi-tenancy

Client
HTTP
Request

Authentication
Ticket Server

Authentication
Module

Create Ticket()

Session Ticket
Tenant Token
+ Create Ticket()

Tenant Auth
Data

Configuration
Layout Component

Single-tenant
business logic

Configuration Component

Query

Data

File I/O Component

Workflow Component

Database

Query Adjuster

Load Balancer

Record Initializer

Database Pool
Data

Data

Data

Tenant
Config
Data

Public Statistics on Cloud

Economics

10

Cost of Traditional Data Centers

11.8 million servers in data centers
Servers are used at only 15% of their capacity
800 billion dollars spent yearly on purchasing and
maintaining enterprise software
80% of enterprise software expenditure is on
installation and maintenance of software
Data centers typically consume up to 100 times more
per square foot than a typical office building
Average power consumption per server quadrupled
from 2001 to 2006.
Number of servers doubled from 2001 to 2006
10

Energy Conservation and Data Centers

Standard 9000 square foot costs $21.3 million
to build with $1 million in electricity costs/year
Data centers consume 1.5% of our Nations
electricity (EPA)
.6% worldwide in 2000 and 1% in 2005

Green technologies can reduce energy costs by

50%
IT produces 2% of global carbon dioxide
emissions
11

Cloud Economics
Estimates vary widely on possible cost savings
If you move your data centre to a cloud provider, it will
cost a tenth of the cost. Brian Gammage, Gartner
Fellow
Use of cloud applications can reduce costs from 50%
to 90% - CTO of Washington D.C.
IT resource subscription pilot saw 28% cost savings Alchemy Plus cloud (backing from Microsoft)
Preferred Hotel
Traditional: $210k server refresh and $10k/month
Cloud: $10k implementation and $16k/month

11

Cloud Economics
George Reese, founder Valtira and
enStratus
Using cloud infrastructures saves 18% to 29%
before considering that you no longer need to
buy for peak capacity

11

Cloud Computing Case Studies

and Security Models

11

Google Cloud User:

City of Washington D.C.

Vivek Kundra, CTO for the District (now OMB e-gov

administrator)
Migrating 38,000 employees to Google Apps
Replace office software

Gmail
Google Docs (word processing and spreadsheets)
Google video for business
Google sites (intranet sites and wikis)

It's a fundamental change to the way our government

operates by moving to the cloud. Rather than owning the
infrastructure, we can save millions., Mr. Kundra
500,000+ organizations use Google Apps
GE moved 400,000 desktops from Microsoft Office to Google
Apps and then migrated them to Zoho for privacy concerns
11

Are Hybrid Clouds in our Future?

OpenNebula
Zimory
IBM-Juniper Partnership
"demonstrate how a hybrid cloud could allow
enterprises to seamlessly extend their private
clouds to remote servers in a secure public
cloud...

VMWare VCloud
Federate resources between internal IT and
external clouds

11

vCloud Initiative
Goal:
Federate resources between internal IT and
external clouds
Application portability
Elasticity and scalability, disaster recovery,
service level management

vServices provide APIs and technologies

11

Microsoft Azure Services

Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das

11

Windows Azure Applications,

Storage, and Roles

LB

n
Web Role

m
Worker Role

Cloud Storage (blob, table, queue)

Source: Microsoft Presentation, A Lap Around Windows Azure, Manuvir Das
11

Current trend in Cloud

XaaS - Everything as a Service

Scalability and security
Multi-tenant approach
Metadata driven architecture

SaaS Maturity model

Tenant 1

Tenant 2

Instance 1

Tenant 3

Instance 2

Tenant 1

Instance 3

Ad Hoc / Custom

Configurable
Multi Tenant Efficient

Tenant 2

Instance 1

Tenant 2

Instance 3

Configurable
Scalable, Configurable
Multi Tenant Efficient

Tenant 1
Tenant 1

Instance 2

Tenant 3

Tenant 3

Tenant 3

Tenant 2

Tenant LoadBalancer
Instance
Instance

Instance

Instance

Source: Force.com

Source: Force.com

Source: Force.com

How do we design

Multi-tenancy & SaaS

 Introduction
Externalize
Customization by Configuration
SaaS way of hosting and
models

Deployment Considerations

Externalize
STORAGE

Database

Extensible data model

File Storage
Caching (Temp
Store)
Session

INTEGRATION
Component
Service

Database

Externalize Storage

Designing Database Approach

Shared

or

Isolated

data

base

Security & Compliance of

approach design alone isnt multi

data

tenancy support.

Defining data model

Make sure all

Application

Isolate to avoid data

proliferation across client

related

data

are

instances.

captured in application database.

E.g.

Master data ,

look

Up

values/Pick

management,

Search management,

list

Encrypt Data

Externalize Storage
Configured/Extend
ed new fields
/columns data
Transactional data
Vendor holds data
about
configuration
details
tenant profile, and
provision details

Back-Up & recovery of the

data at ease of operation
cost
Taking data while moving
from current SaaS Vendor
to another
Should be able to continue
with the transactional
data. Or able to run the
system on- premise

Externalize Storage (cache)

Cache

Cache server can be clustered.

Data Isolation at Tenant level (But

access with similar queries)

Partial data Refresh/Reload without

affecting other tenants data in cache

Client side session store can be

configured to remote cache server

Externalize Storage (cache)

Due to failover a server change is required
How does the cache server get changed without affecting
the application?
Can it be scaled out with no code change in application?
Cache server can be clustered.

Data Isolation at Tenant level (But access with similar

queries) some

Database approach
Approach :1

Approach :2

Approach :3

Externalize Integration -Dependency Injection /

Inversion of Control
Component Integration

Component Integration DIP /IoC

Service Integration

Service Integration - RoutingService

Externalize Integration -Dependency Injection /

Inversion of Control
Unity Container of Enterprise Library/MEF/ Spring WindsorCastle can be

used to externalize the binding i.e. inject Dependency

Use Pull or Push Mechanism of object instantiation (service locator,DI)

 Sending Message(Email, SMS)

Log
Audit
Import/Export
Communication templates

External Communication

Customization by Configuration

Configurations

On-Off Features, Fields

Extra fields /Extended Attributes (EAV)

Customization (SOA Componentization-Vertical slicing)

On/Off functional features

Configure the code developed as Functional Logical Unit

such as

Functional Modules/Components,

Example : User Management, Order Management

, Document Management

Refer the order of dependent Modules

Version of the service

Modules/Components Feature,
Feature Operation,
Feature Attributes and so on into the system
to allow end users to choose package for their site.
Business Rules and validation Rules of the Functional
unit can be configured
How features can be enabled /disabled for client site
Provision application & Access Rights can provide this
capability

Extended Attributes , Dynamic Validation,

Extended AttributesWhite-Labeling
Each tenant specific requirements
Extended Attributes
Tenant likes to capture additional details, apply
constraint rules on the data capture and customize
the words of display as per their organization
standards. There is no field available in existing

screens to capture that detail.

Extended Attributes , Dynamic Validation,

White-Labeling
Dynamic Validation
One Tenants like s to display a
Field as Customer Name while
another Tenant like to display that
same field as CustName in their
site. White labeling comes for help.

White-Labeling
XXX Client says that in Customer Module ,
the Customer code should be of length 2
While YYY Client says code should be of
length 5. How to implement this in single
codebase
ValidationRuleEngine using Fluent
Validation API can be used to enable
dynamic Validation

Internationalization

Personalization

Search Filter /Display

UI WebParts

Extending the UI fields

Middleware

Client

Customization

Altering features developed in open standards, with specific intentions in

mind (innovative) to create or maintain their Organization culture or identity

or need.Enable tenant company system administrators to customize the site/
application that their end users see.

Developed Functional
Logical Unit
Security
Business Logic
Business rules
Workflows
Business Process flow
Batch Process
Scheduler
Method Hooks

Configuration
Customization by configuration

Meta Data - Configuration

Work Flow

Workflow differs for tenants. Configure below

items of workflow to make them loosely coupled
and Configurable

Actions/Activity,

Rules/Conditions,

Actor,

Status

Associate Action and Condition upon which

actor should act on should be configurable.

Map the pre and post status on action.

Business Process Flow

Any standard systems like ERP, CRM, and

Ecommerce have set of predefined process.

Configure

Predefined process

Choreograph predefined set process

orchestrate the business process flows

as per organization or tenant business

needs

Meta Data Configuration

Batch Process
Any batch process involved in
system should be configurable.

Jobs should be configurable.

Parameter
Batch process mapping to tenant

Scheduler

Scheduler should be available in

system to schedule the Batch

process /Job to execute in
periodic intervals.
Frequency

Duration
Parameter
Job/batch process

Data Security Message Security

Isolation of data from one Tenant Company
to the next.
Encryption of Data

Security
Authorization

Provide a fine set of granular level access control security

Access Control Matrix should be configurable in

Authentication

Externalize Authentication& Authourization.

Support multiple authentication mechanism like email,

userID/Password in LDAP, Database, OpenID access

application

Do not stick to RBAC because all tenant organization

structure wont be alike.

Allow to choose single or multiple authentication mechanism

Allow provision to support single factor, multifactor or

crytofactor

User group segregation (role can one among them) : who

can access. Function logical unit (like modules, module
features, feature activity [CRUD, I/O and so on], feature
attribute, feature page, feature Controls) : what can be
accessed. Permission levels (No-access, Read, Write,
ReadWrite] : which permission is allowed. 3W
combinations will form Access Control Matrix

Provide an authentication mechanism that allow configure

multiple authentication mechanism configuration for single
tenant. There might be chance of having Hired/Contract
employees/augmentation support people working in
company who wont be part of their User Management

System. To provide access rights to this user using some

other Authentication mechanism

Federated Security

WIF Federated Claim-based authentication

can be used for custom authentication

User Experience
Internationalization & Localization
Personalization (Tenant level)

Internationalization & Localization

Im well versed in mother
tongue, regional language only
and my culture . I dont know
English (Site- default
language).

Should our region

employees continue
with their current
paper work? As we
dont know language
in site

How to use the site?

How do I understand my
day-to-day activities as
currency Number format
are not familiar to me?

Tenant Level and user level Localization

Multi-Lingual text is configurable so any text can be support

Logo ??

Personalization

Logo Change is Common across organization.

Due to business/legal need, one of the clients using Your SaaS application Instance
has modified their company logo. As it is branding, legal issue the client approaches
Service provider/Service-vendor seeking help to solve their problem immediately in
their instance with new logo and theme that reflects their logo but with reduced
effort and rate.

How Service provider/Service-vendor solves their problem?

Site meta can be configurable during provisioning in application. Metadataservice of Server application can send this to UI

SAAS Delivery Consideration

Application Instance
Metering
Provisioning (MTP Application)
Maturity Model High

Application Instance - Approaches

Approach 1:
Separate Application Instance & separate
Database for each tenant.

Approach 2:
Same single Application Instance & separate
Database for each tenant.

Approach 3:
Shared single Application Instance & single Database
but separate schema for each tenant.

Approach 4:
Shared single Application Instance & Shared
Database ,Schema for all tenant

Maturity Model - multi tenancy

Model 1/ Ad-Hoc
Host

individual instance of

each clients own

customized version of application

Model 2/ Configurable
Host individually customized (with configuration) each

instance to serve respective tenant

shared code base used for all

but with same

 Model 3/ (Configurable [Model 2] + Multi-tenant Efficient )

Host Single instance that serves every customer, with configurable

meta data providing a unique user experience and feature set for

each one.
Model 4/ Scalable + (Configurable & Multi-tenant Efficient ) [Model 3]

Host identical instances on load-balancer to server multiple

customer with each customer's data kept separate, and with
configurable meta data providing a unique user experience and
feature set for each customer.

Single Code base

Service Provider/Vendor like to introduce a new feature as an offer
to all their clients. Say adding Sidebar in screen of all clients
instance to enable advertising facility like running one liner ADS.

With this facility Client can publish their own advertisements or their
clients advertisements.
How do Service Provider/Vendor change in each clients site?
Is Effort needed = instance X (Development +Testing + deploy)
Single Code base
One Time/Place Effort

Metering SaaS Enablement

How do Usage is Metered and Monitored?
Pre and Post Method hooks can be provided in all exposed APIs to capture the
call Usage. At base point integrate the Metering API to enable it across the
application

OnActivityStart
OnActivityEnd
Events can be implemented across
the product to enable
metering and monitoring

Non functional Qualities

Statelessness
Stateless Fashion (SOA principle ) :
Necessary user and session data stored either on the client browser, or in a
distributed store App-fabric cache that's accessible to any application
instance. Stateless makes it easy to scale.
Appfabric Session State provider
Moves the necessary context data to distributed server configured for
Appfabric Cache

concurrency

Scalability

Operations on Resource (DatastoreDB,Cache,Log) :

Componentization
Cache Cluster - Appfabric

Maximize concurrency (easy to scale)

and minimize exclusive read locking.

Cloud Deployment

Eliminates physical distribution of software to

hundreds or thousands of customer locations

Thanks

Cloud Offerings

Why PaaS?
IaaS only provides limited saving to someone
who needs to outsource their IT functions
SaaS is great when they can be used
They are usually very specific (e.g. email, CRM ..)
If they match, then great, but if they are not, not
much choice for the user.

PaaS stays in the middle ground

Framework to host your apps
Hopefully you can move your apps as it is (well not
the case with Azure or App Engine, but it is possible
with WSO2 Stratos !!!).

What is Multi-tenancy ?

Many Parties share the same set of resources,

while giving each one his own space

Why Multi-tenancy? 1. Increased

sharing

Cloud shares
resources across a
large pool of users.
Now sharing
happens in the
application level as
oppose to sharing at
OS level for multiple
processes and
sharing at HW level
with VMs.
That can bring
greater savings

There is no delight in owning

anything unshared.
Seneca (Roman philosopher, mid-1st century
AD)

photo by Ben Gray on Flickr, http://www.flickr.com/photos/ben_grey/4582294721/,

Licensed under CC

Why Multi-tenancy? 2. Provide pay

for what you use

Often there will be many accounts in

a PaaS or a SaaS, but only a fraction
of them will be in use.
We cannot allocate runtime resource
per account (disk may be ok, as it is
cheap). For example, we cannot run
a VM per account.
By sharing the same server with
many users, Multi-tenancy provides
much reduced runtime cost per
server.

Multi-tenancy vs. Virtual Machines

Multi-tenancy provides much fine

grained sharing by many applications
sharing the same server.
Say there are 100k accounts, but 10k
active users at a time. VM based
model needs 100k VMs, which
means there is a cost incurred per
account.
With Multi-tenancy one server can handle many accounts, and by
mixing and matching heavy and light users, Multi-tenancy can
operate with much less number of servers.
photo by hans s on Flickr,
http://www.flickr.com/photos/archeon/2359334908/

Motivating Usecases

To fulfill Cloud Promise:

Implementing PaaS
As discussed it is
crucial in supporting
Pay as you go in a
Platform as a Service
(PaaS)
For example (within Stratos)
Web Service Hosting as a Service ,Web Application
Hosting as a Service, Message Mediation Execution as a
Service (ESB), Governance as a Service, Workflow as a
Service

SMBs (Small and Medium size

Business)
Most SMBs can not afforded

to run their own SOA

technologies.
This stops them from going
to the next level.
Workflow, Service and Web
hosting as a service can
enable multiple SMBs to
share the same
infrastructure.

This will lower the bar of SOA/ Middleware

use, and enable SMBs to move to the next
level.
photo by Olaf on Flickr http://www.flickr.com/photos/okreitz/3073783437/,
Licensed under CC

How Good is this MultiTenancy implementation?

Multi-tenancy Maturity Models

Model is Defined by Chong et al.

(F. Chong and G. Carraro, Architecture strategies for catching the long tail, MSDN
Library, Microsoft Corporation, 2006.)

Provide a way to understand Multi-tenant

implementations.

Level1: Instance per Client

Level 2: Configurable instance per Client
Level 3: Single instance can serve multiple Clients
Level 4: Scaling up Level 3 by running multiple
instances and distributing the load.

Implementing MultiTenancy

Goals of Multi-tenancy

Sharing maximize the

resource sharing across
multiple tenants.

Isolation hide the fact other users are also in the same
server.
o Execution enforce security. Make sure one tenant cant call
other tenants executable logic.
o Data make sure one tenant cant see others data
o Performance - make sure performance is not affected by
existence of other tenants.

Scale
o Server is distributed and it can handle larger load by adding more
nodes.
photo by John Trainoron Flickr http://www.flickr.com/photos/trainor/2902023575/,
Licensed under CC

It is about trading off Isolation vs.

Sharing

As often the case in research, implementing Multitenancy is a tradeoff

photo by Todd Anderson on Flickr,
http://www.flickr.com/photos/toddography/12034661/, Licensed under CC

WSO2 Carbon Platform

WSO2 Platform Architecture

We break multi-tenancy into three parts (Based on Chang et al.).

Execution: Business Processes, Workflows and Mashups

Security: ownership and authorization of both data, as well as
executions in the framework
Data : User data and system runtime data

Multi-tenancy Architecture

Achieving Tenant Isolation

Each Tenant is given a Security Domain

Each domain may have its own User Store and Permissions, thus have a
set of users and permissions enabling users to access resources
Each domain is isolated and do not have access to other domains

Implementing Data Multi-tenancy

Separate DB
Separate Schema
Shared Schema

Separate Databases
If you have no control
over the code, then
this is the only
Tenant 4
Tenant 8
Tenant 1
solution
Horizontally scalable,
but relatively
expensive
Vertical scaling is challenging but solvable
WSO2 Relational Storage Service uses this models
to provide users with DBs
21-Jan-16

179

Separate Schema
Relatively easy to
implement
Some databases have
ways to support this
directly but many
dont
Failure difficult to
handle
Scales reasonably
well

21-Jan-16

180

Shared Databases, Shared Schema

Most efficient storagewise and scales very
well for large number
of tenants
Requires all accesses to
qualify with tenant
Failure is global
(Stratos uses this
approach internally for
all provide isolation
within WSO2 Registry)

21-Jan-16

181

Implementing Execution Isolation

All executions are based on Axis2

Axis2 have stateless executions and keep all state in a
Context.
So if we create different context for each tenant, they are
isolated.

Implementing Execution Isolation

(Contd.)

Implementing Execution Isolation

(Contd.)

We use Java Security

to make sure one
tenant cannot access
or temper with other
tenants data
structures, file system
data etc.
Example
Tenant ID value in the
context

Performance Isolation

Performance isolation is a challenging issue.

We currently relay on monitoring and auditing
where we can kill CPU hogging processes
We are exploring the possibility of changing the
priority of CPU hogging processes in the work
queues (e.g. workflow engine, ESB etc.).
photo Fortes by on Flickr, http://www.fotopedia.com/items/flickr3193056200

Scaling Up

Scaling Multi-tenant Middleware

So far we talked about building a single Multi-tenant
Node (That is Level 3)
To reach Level 4, we have to scale.
To do that

We have to run this with many nodes, and we have to

partition.
We have to replicate or partition. But we are talking
about 1000s of tenants, likely one tenant can not hold
all of them.
So We need to partition
We also need load balancing, and it should know about
tenants.

Overhead of MultiTenancy

Service Performance

Workflow Performance

Setup Multi-tenant and non-multi-tenant versions

Run 200 workflows from each client
Overhead is minimal
o MT supports only add few additional lookups and checks
o Java Security does not come in to play as we do not run user
provided code.

For more details (Publications on

the
topic)
A. Azeez and S. Perera et al., WSO2 Stratos: An Industrial Stack

to Support Cloud Computing, IT: Methods and Applications of

Informatics and Information Technology Journal, the special Issue
on Cloud Computing, 2011.
Afkham Azeez, Srinath Perera, Dimuthu Gamage, Ruwan Linton,
Prabath Siriwardana, Dimuthu Leelaratne, Sanjiva Weerawarana,
Paul Fremantle, "Multi-Tenant SOA Middleware for Cloud
Computing" 3rd International Conference on Cloud Computing,
Florida, 2010
Milinda Pathirage, Srinath Perera, Sanjiva Weerawarana, Indika
Kumara, A Multi-tenant Architecture for Business Process
Execution, 9th International Conference on Web Services (ICWS),
2011

Conclusion
We discussed what is Multi-tenancy and why it
is crucial for implementing a PaaS.
We discussed details about implementing it

Isolation (Data, Execution) .. Isolation vs. sharing tradeoff

Four levels of multi-tenancy
Scaling Design

Lot of open questions yet to be solved. Your

thoughts and code both are welcome.

Data Security (Encryption, Delegation etc. ), Tenant Migration ,

Scaling, Lazy loading

Conclusion
We discussed what is Multi-tenancy and why it
is crucial for implementing a PaaS.
We discussed details about implementing it

Isolation (Data, Execution) .. Isolation vs. sharing tradeoff

Four levels of multi-tenancy
Scaling Design

Lot of open questions yet to be solved. Your

thoughts and code both are welcome.

Data Security (Encryption, Delegation etc. ), Tenant Migration ,

Scaling, Lazy loading

Case Study: Facebooks Use of Open

Source and Commodity Hardware (8/08)
Jonathan Heiliger, Facebook's vice president of technical
operations
80 million users + 250,000 new users per day
50,000 transactions per second, 10,000+ servers
Built on open source software
Web and App tier:
Apache, PHP, AJAX
Middleware tier: Memcached (Open source caching)
Data tier:
MySQL (Open source DB)

Thousands of DB instances store data in distributed

fashion (avoids collisions of many users accessing the
same DB)
We don't need fancy graphics chips and PCI cards," he
said. We need one USB port and optimized power and
airflow. Give me one CPU, a little memory and one
power supply. If it fails, I don't care. We are solving the
redundancy problem in software.
19

Case Study: IBM-Google Cloud (8/08)

Google and IBM plan to roll out a worldwide
network of servers for a cloud computing
infrastructure Infoworld
Initiatives for universities
Architecture
Open source
Linux hosts
Xen virtualization (virtual machine monitor)
Apache Hadoop (file system)
open-source software for reliable, scalable, distributed
computing

IBM Tivoli Provisioning Manager

19

Amazon EC2

Case Study: Amazon Cloud

Amazon cloud components
Elastic Compute Cloud (EC2)
Simple Storage Service (S3)
SimpleDB

New Features
Availability zones
Place applications in multiple locations for failovers

Elastic IP addresses
Static IP addresses that can be dynamically remapped to
point to different instances (not a DNS change)
19

Amazon Cloud Users:

New York Times and Nasdaq (4/08)
Both companies used Amazons cloud offering
New York Times
Didnt coordinate with Amazon, used a credit card!
Used EC2 and S3 to convert 15 million scanned news articles to PDF
(4TB data)
Took 100 Linux computers 24 hours (would have taken months on NYT
computers
It was cheap experimentation, and the learning curve isn't steep.
Derrick Gottfrid, Nasdaq

Nasdaq
Uses S3 to deliver historic stock and fund information
Millions of files showing price changes of entities over 10 minute
segments
The expenses of keeping all that data online [in Nasdaq servers] was
too high. Claude Courbois, Nasdaq VP
Created lightweight Adobe AIR application to let users view data
19

Case Study:
Salesforce.com in Government
5,000+ Public Sector and Nonprofit Customers use
Salesforce Cloud Computing Solutions
President Obamas Citizens Briefing Book Based on
Salesforce.com Ideas application

Concept to Live in Three Weeks

134,077 Registered Users
1.4 M Votes
52,015 Ideas
Peak traffic of 149 hits per second

US Census Bureau Uses Salesforce.com Cloud

Application
Project implemented in under 12 weeks
2,500+ partnership agents use Salesforce.com for 2010 decennial census
Allows projects to scale from 200 to 2,000 users overnight to meet peak
periods with no capital expenditure
20

Case Study:
Salesforce.com in Government
New Jersey Transit Wins InfoWorld 100 Award
for its Cloud Computing Project
Use Salesforce.com to run their call center, incident management,
complaint tracking, and service portal
600% More Inquiries Handled
0 New Agents Required
36% Improved Response Time

U.S. Army uses Salesforce CRM for Cloud-based

Recruiting
U.S. Army needed a new tool to track potential recruits who visited its
Army Experience Center.
Use Salesforce.com to track all core recruitment functions and allows
the Army to save time and resources.
20