Article: Computer Science
Learning Objectives
Define and describe the PaaS model.
Describe the advantages and disadvantages of PaaS solutions.
List and describe several real-world PaaS solutions.
List and describe cloud-based database solutions and describe their advantages.
Discuss the development history that led to PaaS.
1
Platform as a Service (PaaS) Defined
Provide a collection of hardware and software resources that developers can use to build and deploy applications within the cloud.
Depending on their needs, developers may use a Windows-based PaaS solution or a Linux-based PaaS.
2
PaaS Advantages
Developers eliminate the need to buy and maintain hardware, and the need to install and manage operating system and database software.
Because the computing resources no longer reside in the data center, but rather in the cloud, the resources can scale on demand and the company can pay for only resources it consumes.
Further, because PaaS eliminates the developers need to worry about servers, they can more quickly deploy their web-based solutions.
3
PaaS Disadvantages
Some developers and administrators want finer control over the underlying systems (versions, patch releases/applications, )
4
Real World: Google App Engine
Google App Engine, sometimes called GAE, is a PaaS solution that lets developers create and host web-based applications that reside and run on services managed by Google.
Like many Google services and offerings, Google App Engine is a free service.
Google App Engine provides platform support for a variety of programming languages, the three most common of which are Java, Python, and Go.
5
Google App Engine Continued
Google App Engine features include the following:
Support for dynamic web pages
Data storage and query support
Load balancing for application scalability
Application program interface (API) support for application-based e-mail through Google services
A local development environment that simulates Google App Engine on the developers computer
Support for event scheduling and triggering
An application sandbox that limits access to the underlying operating system
An administrative console for managing applications
6
Real World: Taleo Human-Resources SaaS
7
To achieve wide-scale use, an SaaS solution must have large market potential.
Every business must recruit, hire, train, and compensate employees.
The Taleo cloud-based talent management system provides applications and services to meet company human resources demands.
Google App Engine
8
Evolution to the Cloud
Mainframe Computers
Personal Computers
Local-Area Networks
Internet Service Providers (ISPs)
PaaS
9
Mainframe Computing
Large capital investment for data-center-based computers
Large, expensive disk and tape storage systems that often provided only limited storage capacity
User interface to the system provided through dumb terminals
Limited computernetwork interconnectivity
System security maintained through physical security (few users had direct access to the computer hardware)
10
Mainframe Computer
11
Tower-Based Servers
Large physical footprint
Considerable heat generation and power consumption
12
Internet Service Providers (ISPs)
13
ISP Advantages
Reduced cost: The ISP provided the high-speed, high-bandwidth Internet connection, which it shared across several companies.
Less server administration: The ISP managed the servers to which developers uploaded their solutions.
Less hardware to purchase and maintain: The ISP purchased and managed the hardware and managed the infrastructure software, such as the operating system.
14
ISP Advantages Continued
Greater system uptime: Through the use of redundant hardware resources, the ISP provided high system uptime.
Potential scalability: The ISP had the ability to move a high-demand application to a faster bandwidth connection.
15
Blade Computers
Reduced server footprint
Reduced power consumption and heat generation
16
Real World: Force.com PaaS
To extend its cloud capabilities to application developers, Salesforce.com has released the Force.com PaaS.
Originally developed to provide a home for business applications, Force.com now runs applications across most sectors.
17
Benefits of PaaS
By shifting computing resources from an on-site data center to the cloud, PaaS solutions offer:
Lower total cost of ownership: Companies no longer need to purchase and maintain expensive hardware for servers, power, and data storage.
Lower administration overhead: Companies shift the burden of system software administration from in-house administration to employees of the cloud provider.
18
Benefits of PaaS Continued
More current system software: The cloud administrator is responsible for maintaining software versions and patch installations.
Increased business and IT alignment: Company IT personnel can focus on solutions as opposed to server-related issues.
Scalable solutions: Cloud-based solutions can scale up or down automatically based on application resource demands. Companies pay only for the resources they consume.
19
Disadvantages of PaaS
Potential disadvantages of PaaS solutions include:
Concerns about data security: Some companies are hesitant to move their data storage off-site.
Challenges to integrating cloud solutions with legacy software: A company may need to support on-site solutions as well as cloud-based solutions. Communication between the two application types may be difficult to impossible.
Risk of breach by the PaaS provider: If the company providing the PaaS service fails to meet agreed-upon service levels, performance, security, and availability may be at risk, and moving the application may be difficult.
20
Real World: Windows Azure as a PaaS
Microsoft .NET has driven the development of many dynamic web solutions and web services.
Windows Azure is a PaaS running within Microsoft data centers.
Users pay only for the scalable processor resources that they consume.
SQL Azure provides a cloud-based database solution for applications running within Windows Azure.
21
Windows Azure Continued
Windows Azure goes beyond .NET and includes support for Java, PHP, and Ruby. Developers can build and deploy their solutions to Azure using an IDE such as Visual Studio or Eclipse.
Developers can interface to SQL Azure using much of the same code they would use to access a local database.
22
Windows Azure Continued
23
Key Terms
24
References
Jamsa, K. A. (2013). Cloud computing: SaaS, PaaS, IaaS, virtualization, business models, mobile, security and more. Burlington, MA: Jones & Bartlett Learning.
25 Learning Objectives
Describe challenges related to ID management.
Describe and discuss single sign-on (SSO) capabilities.
List the advantages of IDaaS solutions.
Discuss IDaaS solutions offered by various companies.
IDaaS Defined
Identity (or identification) as a service (IDaaS)Cloud-based approaches to managing user identities, including usernames, passwords, and access. Also sometimes referred to as identity management as a service.
Identity and Access Management (IAM)
Identity and Access Management includes the components and policies necessary to control user identify and access privileges.
Authentication
Username/Password, digital signatures, digital certificates, biometrics
Authorization
Granular controls for mapping identities and rights
User Management
Creation and administration of new user identities, groups, passwords, and policies
Credential Management
Establishes identities and access control rules for user accounts
3
(Erl, 2014)
Single Sign-On (SSO)
Single sign-on (SSO)PA process that allows a user to log into a central authority and then access other sites and services for which he or she has credentials.
Advantages of SSO
Fewer username and password combinations for users to remember and manage
Less password fatigue caused by the stress of managing multiple passwords
Less user time consumed by having to log in to individual systems
Fewer calls to help desks for forgotten passwords
A centralized location for IT staff to manage password compliance and reporting
Disadvantages of SSO
The primary disadvantage of SSO systems is the potential for a single source of failure. If the authentication server fails, users will not be able to log in to other servers.
Thus, having a cloud-based authentication server with system redundancy reduces the risk of system unavailability.
How Single Sign On Works
The single sign on mechanism enables one cloud service consumer to be authenticated by a security broker. Once established, the security context is persistent when the consumer accesses other cloud based IT resources.
7
(Erl, 2014)
Figure 10.9 – A cloud consumer provides the security broker with login credentials (1). The security broker response with an authentication token (message with small lock symbol) upon successful authentication, which contains cloud service consumer identify information (2) that is used to automatically authenticate the cloud service consumer across Cloud Services A, B, and C (3).
Federated ID Management
FIDM describes the technologies and protocols that combine to enable a user to bring security credentials across different security domains (different servers running potentially different operating systems).
Security Assertion Markup Language (SAML)
Behind the scenes, many FIDM systems use the Security Assertion Markup Language (SAML) to package a users security credentials.
Account Provisioning
The process of creating a user account on a system is called account provisioning.
Because different employees may need different capabilities on each system, the provisioning process can be complex.
When an employee leaves the company, a deprovisioning process must occur to remove the users accounts.
Unfortunately, the IT staff is not always immediately informed that an employee no longer works for the company, or the IT staff misses a server account and the user may still have access to one or more systems.
4 As of Cloud Identity
Authentication: The process of validating a user for on-site and cloud-based solutions.
Authorization: The process of determining and specifying what a user is allowed to do on each server.
Account management: The process of synchronizing user accounts by provisioning and deprovisioning access.
Audit logging: The process of tracking which applications users access and when.
Real World: Ping Identity IDaaS
Ping Identity provides cloud-based ID management software that supports FIDM and user account provisioning.
Real World: PassworkBank IDaaS
PasswordBank provides an IDaaS solution that supports on-site and cloud-based system access. Its FIDM service supports enterprise-wide SSO (E-SSO) and SSO for web-based applications (WebSSO).
The PasswordBank solutions perform the FIDM without the use of SAML.
PasswordBank solutions support a myriad of devices, including the iPhone.
OpenID
OpenID allows users to use an existing account to log in to multiple websites. Today, more than 1 billion OpenID accounts exist and are accepted by thousands of websites.
Companies that support OpenID include Google, Yahoo!, Flickr, Myspace, WordPress.com, and more
Advantages of Using OpenID
Increased site conversion rates (rates at which customers choose to join websites) because users do not need to register
Access to greater user profile content
Fewer problems with lost passwords
Ease of content integration into social networking sites
Mobile ID Management
Threats to mobile devices include the following:
Identity theft if a device is lost or stolen
Eavesdropping on data communications
Surveillance of confidential screen content
Phishing of content from rogue sites
Man-in-the-middle attacks through intercepted signals
Inadequate device resources to provide a strong security implementation
Social attacks on unaware users that yield identity information
Cloud Based Security Groups
Cloud resource segmentation is a process of creating separate physical and virtual IT environments for different users and groups to increase security.
17
(Erl, 2014)
Figure 10.11 – Cloud-Based Security Group A encompasses Virtual Servers A and D and is assigned to Cloud Consumer A. Cloud-Based Security Group B is comprised of Virtual Servers B, C, and E and is assigned to Cloud Consumer B. If Cloud Service Consumer As credentials are compromised, the attacker would only be able to access and damage the virtual servers in Cloud-Based Security Group A, thereby protecting Virtual Servers B, C, and E.
Hardened Virtual Server Images
When creating a virtual server from a template, the hardening process removes unnecessary software from the system to limit vulnerabilities that could be exploited by hackers.
18
(Erl, 2014)
Figure 10.13 – A cloud provider applies its security policies to harden its standard virtual server images.
Key Terms
References
Primary:
Jamsa, K. A. (2013). Cloud computing: SaaS, PaaS, IaaS, virtualization, business models, mobile, security and more. Burlington, MA: Jones & Bartlett Learning.
Secondary:
Erl, T., Mahmood, Z., & Puttini, R. (2014).Cloud computing: concepts, technology, & architecture. Upper Saddle River, NJ: Prentice Hall.
20 Define and describe IaaS and identify IaaS solution providers.
Define and describe colocation.
Define and describe system and storage redundancy.
Define and describe cloud-based network-attached storage (NAS) devices and identify solution providers.
Define and describe load balancing and identify cloud-based solution providers.
Describe the pros and cons of IaaS solutions.
Learning Objectives
An IaaS provider makes all of the computing hardware resources available, and the customers, in turn, are responsible for installing and managing the systems, which they can normally do, for the most part, over the Internet.
IaaS Defined
What Data Centers Must Provide
Access to high-speed and redundant Internet service
Sufficient air conditioning to eliminate the heat generated by servers and disk storage devices
Conditioned power with the potential for uninterrupted power supply in the short term and long term through the use of on-site diesel powered generators
Fire suppression systems
Administrative staffing to support hardware, networks, and operating systems
Bottom Line: Data Centers are Expensive
Co-located Data Centers
To reduce the risk of a single point of failure, companies often create a duplicate data center at a remote location.
Should one of the data centers fail, the other can immediately take over operations.
Unfortunately, the second data center will increase the companys costsessentially doubling thembecause there are duplicate servers, storage devices, network equipment, Internet access, and staffing.
What Co-located Systems Accomplish
Makes the company less susceptible to fire, acts of God, and terrorism
Improves performance through a distributed workload
Makes the company less susceptible to downtime due to power loss from a blackout or brownout
IaaS solutions allow smaller companies to eliminate the need for their own on-site data center
IaaS Solutions May Support Many Different Companies
Load Balancing
Across the web, sites experience a wide range of network traffic requirements.
Sites such as Google, Yahoo!, Amazon, and Microsoft experience millions of user hits per day. To handle such web requests, the sites use a technique known as load balancing, to share the requests across multiple servers.
Load Balancing Continued
Load balancing uses a server to route traffic to multiple servers which, in turn, share the workload.
Load Balancing and Replicated Databases
Load balanced systems, for data redundancy, often replicate databases on multiple servers.
Each database, in turn, will send data updates to the other to maintain data synchronization between the servers.
Cloud-Based Data Replication
Using cloud-based NAS devices and cloud-based databases, companies can replicate key data within the cloud.
Real World: Rackspace IaaS
Rackspace has emerged as one of the largest players in the IaaS market. Rackspace offers a set of solutions that include cloud hosting, managed hosting (including 24/7 data-center like management), and hybrid solutions that combine the cloud and managed services.
Within minutes, from the Rackspace website an administrator can select a solution that deploys from 1 to 50 servers. Larger configurations are available.
Rackspace Continued
Today Rackspace offers cloudbased solutions to hundreds of thousands of clients. Rackspace houses its data centers at very large facilities located around the world.
With respect to the cloud, Rackspace offers pay as you go scalability, with on-demand storage and load balancing. Beyond cloud hosting, Rackspace provides solutions for cloud-based e-mail, Exchange hosting, file sharing, backups, and collaboration.
Network Attached Storage (NAS)
Cloud-based NAS devices present cloud-based storage as mountable devices, which may be replicated in the cloud to meet a companys data redundancy needs.
Real World: Nirvanix IaaS
The Nirvanix IaaS provides cloud-based NAS, which is accessible through the CloudNAS file system.
Advantages of IaaS
Elimination of an expensive and staff-intensive data center
Ease of hardware scalability
Reduced hardware cost
On-demand, pay as you go scalability
Reduction of IT staff
Suitability for ad hoc test environments
Allows complete system administration and management
IaaS Server Types
Physical server: Actual hardware is allocated for the customers dedicated use.
Dedicated virtual server: The customer is allocated a virtual server, which runs on a physical server that may or may not have other virtual servers.
Shared virtual server: The customer can access a virtual server on a device that may be shared with other customers.
IaaS Server Types Continued
Within an IaaS environment, customers can allocate various server types.
Data Center Technology
Virtualization
Standardization and Modularity
Automation
Remote Operation and Management
High Availability
Security-Aware Design, Operation, and Management
Facilities
Computing Hardware
Storage Hardware
(Erl, 2014)
Storage Technologies
Hard Disk Arrays
I/O Caching
Hot-Swappable Hard Disks
Storage Virtualization
Fast Data Replication Mechanisms
Network Storage Devices
Storage Area Networks (SAN) dedicated network
Network Attached Storage (NAS) device connected to network
(Erl, 2014)
Network Hardware
Carrier and External Network Interconnection LAN/WAN
Load Balancing and Acceleration
LAN Fabric High performance and redundant connectivity
SAN Fabric Used to connect servers to storage devices
NAS Gateways connection points for NAS storage devices
(Erl, 2014)
Key Terms
References
Primary:
Jamsa, K. A. (2013). Cloud computing: SaaS, PaaS, IaaS, virtualization, business models, mobile, security and more. Burlington, MA: Jones & Bartlett Learning.
Secondary:
Erl, T., Mahmood, Z., & Puttini, R. (2014).Cloud computing: concepts, technology, & architecture. Upper Saddle River, NJ: Prentice Hall.
24
