Cloud computing, architectural considerations for IaaS


Today’s trend:

  • high-performance computing
  • database management systems
  • Cpu-intensive processing
  • data-intensive processing

the goals:

  • Scalability
  • Availability
  • Reliability
  • Security
  • Flexibility and agility
  • Serviceability
  • Effciency

CC raises the level of abstraction so that all componenets are abstracted or virtualized, and can be used to quickly composes higher-level applications or platforms. If a component does not provide a consistent and stable absraction layer to its clients or peers, it’s not appropriate for cloud computing.

In cloud computing, it’s important to maintain the model, not the image itself. The models is maintained, the image is produced from the model.

Virtual machine images will alwats change because the layers of software within them will always need to be patched, upgraded, or reconfigured. What doesn;t change is the process of creating the virtual machine image, and this is what the developers should focus on.

Standards help to address complexity

CC emphasized efficiency above all, so adopting a small of standards and standard configurations helps to reduce maintenance and deployment costs. Having standards that make deployment easy is more iomportant than having the perfect environment for the job. The rule comes to play here: “cloud computing focuses on the few standards that can suport 80% of the use cases.”

For an enterprise shifting to cloud computing, standards may inlclude the type of virtual machine, the operating system in standard virtual machine images, tools, and programming languages supported:

  • Virtual machine types: consider the impact of virtual machine choice on the application to be supported. For a social networking application, isolation for security, and a high level of abstraction for portability, would suggest using Type II VMS. For a high-performance computing or visualization applications, the need to access hardware directly to achieve the utmost performance would suggest using Type II VMs. (The software layer providing the virtualization is called a virtual machine monitor or hypervisor. A hypervisor can run on bare hardware (Type 1 or native VM) or on top of an operating system (Type 2 or hosted VM)).
  • Preinstalled, Preconfigured systems: The software on VMs must be maintained just as does on a physical server. OSs still need to be hardeded, patched, and upgraded.
  • Tools & languages: Enterprises might standardize on using java programming language and Ruby on Rails; small businesses might standardize on PHP…just remember platform as a service.

Virtualization and encapsulation supports refactoring

4A development pattern can be encapsulated for re-use. In this example a pattern specifies Web, application and database server tiers, and all that needed for it to deploy an instance of itself is pointered to VMs for each of the three layers.

Loose-coupled, stateless, fail-in-place computing

For years, web applications have been moving toward being loose-coupled and stateless. In CC, this characteristics are even more imporant because of CC’s even more  dynamic nature. Coupling between application components needs to be loose so that a failure of any component does not affect overall application availability. A component should be able to “fail in
place” with little or no impact on the application.

Horizontal scaling

CC makes a massive amount of horizontal scalability avaiable to applications that can take advantage of it. The trend toward designing and refactoring applications to work well in horizontally scaled environments means that
an increasing number of applications are well suited to cloud computing.

The combination of stateless and loose-coupled application components with horizontal scaling promotes a fail-in-place strategy that does not depend on the reliability of any one component.

Parallelization

In a physical world, parallelization is often implemented with load balancers or content switches that distribute ncoming requests across a number of servers. In a cloud computing world, parallelization can be implemented with a load balancing appliance or a content switch that distributes incoming requests across a number of  virtual machines. In both cases, applications can be designed to recruit additional resources to accommodate workload spikes.

5Security and data physics

  • Encrypt data so that if any intruder is able to penetrate a cloud provider’s security, or if a configuration error makes that data accessible to unauthorized parties, that the data cannot be interpreted.
  • Encrypt data transit
  • Strong authenticaton –-> data is transmitted only to known parties
  • Pay attention to cryptography and how algorithms are cracked and are replaced by new ones over time.

Network security practices

There are some approches:

  • Use security domains to group virtual machines together, and then control access to the domain through the cloud provider’s port filtering capabilities.

 Cloud providers should offer mechanisms, such as security domains, to  secure a group of virtual machines and control traffc fow in and out of the group

Cloud providers should offer mechanisms, such as security domains, to secure a group of virtual machines and control traffc fow in and out of the group

  • Control traffic using the cloud provider’s port-based fltering, or utilize more stateful packet fltering by interposing content switches or firewall appliances where appropriate.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: