CCSA-Annot | Cloud Computing | Software As A Service

User Requirements for

Cloud Computing Architecture
Roger Clarke, Xamax Consultancy, Canberra
Visiting Professor in Computer Science, ANU
and in Cyberspace Law & Policy, UNSW

2nd International Symposium on Cloud Computing
Melbourne, 17 May 2010
http://www.rogerclarke.com/II/CCSA {.html,.ppt}

Copyright
2010

1

User Requirements for Cloud Computing Architecture
AGENDA





Copyright
2010

Precursors / Related Concepts
A Working Definition
An Architectural Framework
User Benefits
Disbenefits and Risks
• Operational
• Contingent
• Security
• Business
Implications
2

The Gartner Hype-Cycle for Emerging Technologies

QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.

" ... a snapshot of the relative maturity of technologies ...
"They highlight overhyped areas against those that are high impact, estimate how
long they will take to reach maturity, and help organizations decide when to adopt"
Copyright
2010

3

. .QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture..html 4 .media-history-through-gartner-hype. Copyright 2010 http://adverlab.blogspot..com/2008/08/..

.com/blog/wp-content/.lostinthemagicforest.QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture. . Copyright 2010 http://www....uploads/2007/10/gartner2007.jpg 5 .

com/2008/08/. Copyright 2010 http://adverlab.QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture.blogspot.html 6 ....media-history-through-gartner-hype. ..

com/it/page.jsp?id=1124212 7 .Copyright 2010 The Gartner Hype-Cycle – 2009 http://www.gartner.

Solutions • Cloud Computing/SaaS Integration • Cloudbursting/Overdraft • Cloud Service Management Tools • Tera-architectures • Virtual Private Cloud Computing • Application Platform as a Service • Cloud Computing for the Enterprise • DBMS in the Cloud • Private Cloud Computing • Business Process Utility • Hybrid Cloud Computing • Cloud Application Development Tools • Cloud-Based E-Mail Services • Cloud-Enabled BPM Platforms • Cloud Security Concerns • Cloud Storage Copyright 2010 • • • At the Peak • Elasticity • Enterprise Portals as a Service • Cloud/Web Platforms • Compute Infrastructure Services • 'In the Cloud' Security Services • Cloud Computing • Public Cloud Computing/the Cloud Sliding Into the Trough • Real-Time Infrastructure • IT Infrastructure Utility • SaaS Climbing the Slope • SaaS Sales Force Automation • Virtualization • Cloud Advertising • Grid Computing • Integration as a Service http://www.gartner.) • On the Rise • Cloud Services Governance • Cloud-Driven Prof'l IT Services.995 (53 pp.com/DisplayDocument?id=1078112&ref=g_sitelink 8 .Gartner Hype Cycle for Cloud Computing July 2009 – $US 1.

g. e. Salesforce Cluster Computing – inter-connected stand-alone computers are managed as a single integrated computing resource Grid Computing – computational resources are assigned dynamically Peer-to-Peer (P2P) architectures Server-Virtualisation Infrastructure as a Service (IaaS) – 2006 Platform as a Service (PaaS) – 2006 Anything as a Service *aaS / AaaS 9 . 1970s Application Service Providers (ASPs) – 1980s working from home / tele-work – 1980s working on the move / 'road warrior' – 1990s docking portables to corporate networks portable-to-desktop synchronisation Internet Service Providers (ISPs) – late 1980s Web Services – 2000 Service-Oriented Architecture (SOA) – early-to-mid-2000s Copyright 2010 Related Concepts • • • • • • • • Software as a Service (SAAS) – late 1990s.Predecessor Terms • • • • • • • • • Computing as a utility / 'computer service bureaux' / 'data centres' – 1960s.

dynamically-scalable. at the Grid Computing Environments Workshop) five 'essential characteristics' (NIST. using any device) • resource pooling (i. 2008. from anywhere.e. and services are delivered on demand to external customers over the Internet" (Foster et al. October 2009): • on-demand self-service (i. the provider allocates resources according to demand. managed computing power.Cloud Computing Definitions • • "a large-scale distributed computing paradigm that is driven by economies of scale.e. automated response by servers to direct requests by clients) • broad network access (i. storage. resources are scalable according to demand) • measured service (i.e. in which a pool of abstracted. virtualized. resource usage is metered) Copyright 2010 10 . rather than assigning resources to particular clients) • rapid elasticity (i.e.e. platforms.

i. at least re the quantum used Copyright 2010 11 . nor where the hosting device is located • the service is acquired under a relatively flexible contractual arrangement. the user has no technical need to be aware which server running on which host is delivering the service.e.The User Organisation Perspective A Working Definition A service that satisfies all of the following conditions: • it is delivered over a telecommunications network • users place reliance on the service for data access and/or data processing • the data is under the legal control of the user • some of the resources on which the service depends are virtualised.

through resource-virtualisation • Copyright 2010 12 . through SLA dependence (assuming there's an SLA. through commoditisation of service levels.Cloud Computing is a Form of Outsourcing How is it different from earlier forms? • • • Scalability ('there when it's needed) Flexible Contractual Arrangements ('pay per use') Opaqueness ('let someone else worry about details') • which means less user control: • of the application. and it's negotiable) • of host location.

Butrico M.. (2008) 'Toward a Unified Ontology of Cloud Computing' Proc.Sample Architectures QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture. CSA (2009) 'Security Guidance for Critical Areas of Focus in Cloud Computing' Cloud Security Alliance. QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture. 2008 Copyright 2010 13 . & Da Silva D. Grid Computing Environments Workshop. April 2009 Youseff L.

Yeo C.. and reality for delivering computing as the 5th utility' Future Generation Computer Systems 25 (January 2009) 599-616 14 . (2009) 'Cloud computing and emerging IT platforms: Vision. & Brandic I. Broberg J..S.. hype. 3 High-level market-oriented Cloud architecture Copyright 2010 Buyya R.QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture. Fig. Venugopal S.

CC Architecture – The User Organisation Perspective Intermediating Infrastructure Copyright 2010 15 .

Intermediating Infrastructure Copyright 2010 A Comprehensive CC Architecture 16 .

CC's Potential Benefits • • • Copyright 2010 Enhanced Service Accessibility • Access to Services that are otherwise unavailable • Access to Services from multiple desktop devices • Access to Services from scaled-down devices • Access to Services from multiple device-types Other Technical Benefits • Professionalised backup and recovery • Scalability • Collaboration convenience • Copyright convenience Financial Benefits • Lower Investment / up-front cost • Lower Operational Costs • Lower IT Staff Costs 17 .

Downsides – The User Perspective • Operational Disbenefits and Risks Dependability on a day-to-day basis • Contingent Risks Low likelihood / Potentially highly significant • Security Risks Security in the broad • Business Disbenefits and Risks Beyond the merely technical Copyright 2010 18 .

mods Copyright 2010 19 .Operational Disbenefits and Risks • Fit – to users' needs. reliability. and the data • Maintainability – fit. integrity after bug-fixes. and customisability • Reliability – continuity of operation • Availability – hosts/server/database readiness/reachability • Accessibility – network readiness • Robustness – frequency of un/planned unavailability (97% uptime = 5 hrs/wk offline) • • Resilience – speed of resumption after outages Recoverability – service readiness after resumption • Integrity – sustained correctness of the service.

versions. escrow inspection. data formats Flexibility Customisation Forward-compatibility (to migrate to new levels) Backward compatibility (to protect legacy systems) Lateral compatibility (to enable escape) Copyright 2010 20 . proven recovery procedures. protocols.Contingent Risks • • Major Service Interruptions Service Survival – supplier collapse or withdrawal Safeguards include software escrow. rights that are proof against actions by receivers • • • Data Survival – data backup/mirroring and accessibility Compatibility – software.

while denying access to imposters? • Susceptibility to DDOS Multiple. both in remote storage and in transit • Authentication and Authorisation How to provide clients with convenient access to data and processes in the cloud. separate servers.Security Risks • Service Security Environmental. second-party and third-party threats to content. second-party and third-party threats to any aspect of reliability or integrity • Data Security Environmental. but choke-points will exist Copyright 2010 21 .

replication/synch'n) • • Service Levels to the Organisation's Customers Legal Compliance Data protection law. business continuity. non-negotiability of terms of contract and SLA • Ongoing Usage Loss of corporate knowledge about apps. Third-Party ('data breach'. evidence discovery law. risk management • Privacy Breach – Content Access. Company Directors' obligations re asset protection. costs to deliver Inherent lock-in effect. Use.Business Disbenefits and Risks • Acquisition Lack of information. law of confidence. Arkansas) Copyright 2010 22 . 'unauthorised disclosure'). due diligence. financial services regulations. IT services. Retention Second-Party (service-provider abuse). Storage in Data Havens (India. because of high switching costs High-volume data transfers (large datasets.

.Some Risk Management Strategies • Risk Assessment • Contract Terms Service Level Agreement (SLA) Multi-Sourcing • Parallel in-house service • Several compatible suppliers .. • • • Copyright 2010 23 .

php/Checklist_SLA_OLA_UC 24 . Business justification 2. Procedures for announcing interruptions to the service 8. List of annexes http://wiki. Numbers and types of users 3.g. Requirements regarding capacity and performance reporting 3. Required types and levels of support 1. Reaction and resolution times 2.com/index. Reaction and resolution times Copyright 2010 9. Costs and pricing 1. Types of users (user groups granted access to the service) 3. Exceptions (e. Types of infrastructure to be supported 4. Conditions under which the service is considered to be unavailable 2. Downtimes for maintenance 6. Reference to further contracts which also apply (e. Numbers and types of transactions 2. Remote support 1. Area/ locations 2. Types of users 3. SLA) 7. Estimation of the business impact caused by a loss of service or assets 6. Maintainability targets (usually defined as MTRS) 5. Rules regarding termination of the agreement 4. Availability targets and commitments 1. Duties of the customer (contract partner for the service) 3. Maintenance slots 8. Start and end dates 2. Desired outcome in terms of utility 4. Identification of business-critical assets connected with the service 1. On-site support 1. Required capacity (lower/upper limit) for the service.ITILv3 SLA Checklist – Edited Down! 1. Time within which normal service levels must be restored 10. Change history 14. Requirements for scalability 4. Response times from applications 3. Vital Business Functions (VBFs) supported by the service 2. Responsibilities 1.g. weekly) and seasonal variations 2. Customer 3. Availability targets 3. weekends. 1. Description/ desired customer outcome 1. Service Continuity commitments 1. Other critical assets used within the service 2. Restrictions on maintenance 7. Mandated technical standards and spec of the technical service interface 11.g. Service times 1. Requirements regarding availability reporting 2. Responsibilities of service users (e. with respect to IT security) 4. Service and asset criticality 1. Time within which a defined level of service must be re-established 2. Business processes/ activities oncust side supported by the service 3.it-processmaps. Service level requirements/ targets 1. Desired outcome in terms of warranty 5.en. Duties of the service provider 2. Contract duration 1. Hours when the service is available 2. Capacity/ performance targets and commitments 1. Rules for penalties/ charge backs 13. Business cycles (daily. IT Security aspects to be observed when using the service 12.g. Reliability targets (usually defined as MTBF or MTBSI ) 4. Service Level Manager 2. Clearance information (with location and date) 1. Cost for the service provision 2. public holidays) 3. Service name 2. Area/ locations 2. Types of infrastructure to be supported 4. e.

terms of service and SLA (if any) But who audits and certifies? 25 .User Requirements Essential Features • • • • • Copyright 2010 Assured Data Integrity Assured Service Integrity Assured Compliance with legal requirements within jurisdictions to which the user organisation is subject Warranties and indemnities in the contract.

. convenience. • can the risks be adequately understood and managed? • trade-offs between potential benefits vs. and adjuncts to analysis and decision-making. etc. uncertain reliability. UP3: CC is applicable depending . not essential operations Trade off loss of control. scalability.Categories of Use-Profile • • • UP1: CC is completely inappropriate • 'mission-critical systems' • systems embodying the organisation's 'core competencies' • applications whose failure or extended malperformance would threaten the organisation's health or survival UP2: CC is very well-suited Uses of computing that are highly price-sensitive. contingent risks against cost-advantages.. uncontrollable risks Copyright 2010 26 .

Privacy Policy Enforcement Measures. Declaration. Integrity Assurance • • Service Integrity Data Integrity 2.User Requirements for CC Infrastructure 1. to enable: • • • • Server Privacy Policy Statement User Privacy Rqmts Statement Comparison of the two Preclusion of Usage where Requirements are not satisfied 27 . Compliance Assurance • • • • • • • Service Security Service Access Controls Data Transmission Security Data Storage Security Data Use (by service-provider) Data Disclosure (by others) Jurisdictional Location(s) of Data Storage Copyright 2010 3. Measurement • • • • • Service Reliability Levels Service Survival Protections Data Survival Protections Service and Data Compatibility Service and Data Flexibility 4.

but also the client side and intermediating functions Security Risk Assessments and Solutions must be end-to-end rather than limited to the server side CCA designers must address the risks arising from vulnerable user devices and vulnerable clients Client authentication must be achieved through components.Implications for Cloud Computing Architectures • • • • • • • CCAs must be comprehensive. OpenID) Jurisdictional Locations of Hosts must be controlled These all depend on CCAs including specs and implementation of multiple special-purpose components and features Privacy management must go beyond 'privacy through policy' and 'privacy by design' to 'Privacy through Architecture' Copyright 2010 28 . APIs. encompassing not only the server side. and externally-managed identities (Shibboleth.

2008. 5 – UC Berekeley) • CC may be just another marketing buzz-phrase that leaves corporate wreckage in its wake CC service-providers need to invest a great deal in many aspects of architecture... and we note that in each case one or two . applications. and terms of contract and SLA • Copyright 2010 29 .Conclusion • "Past efforts at utility computing failed. infrastructure. critical characteristics were missing" (Armbrust et al. p.

.rogerclarke.User Requirements for Cloud Computing Architecture Roger Clarke. ANU and in Cyberspace Law & Policy.ppt} Copyright 2010 30 .com/II/CCSA {. Canberra Visiting Professor in Computer Science. Xamax Consultancy.html. 17 May 2010 http://www. UNSW 2nd International Symposium on Cloud Computing Melbourne.

Sign up to vote on this title
UsefulNot useful