Random Recipes

PartI:IntroducingtheWindowsAzurePlatform NISTpromisestocreatetheseadditionalÔÔSpecialPublicationsÕÕin2009andlater: Securingcloudarchitectures Securingcloudapplications Enablingandperformingforensicsinthecloud Centralizingsecuritymonitoringinacloudarchitecture Obtainingsecurityfromthird-partycloudarchitecturesthroughservice-levelagreements Securitycomplianceframeworksandcloudc omputing(forexample,HIPAA,FISMA,SOX) YoucanexpecttoÞnddraftversionsofthesepublicationsfromalinktotheSpecialPublications (800Series)ontheComputerSecuri tyDivisionÕsComputerSecurityResourceCenterPublicationspage IfNISTcancomeupwithasetofnon-proprietarysecurit Chapter1:SurveyingtheRoleofCloudComputing regulations,whichcanresultinÞnesorothersanctions.However,thesesecurityandprivacyissuesalso applytooutsourcingconventionaldataentryandproc essingoperations,whichisbecomingincreasingly commonplace,andarenÕtspeciÞctocloudcomputing. TheInformationTechnologyLaboratoryoftheU.S.NationalInstituteofStandardsandTechnology (NIST)iscontemplatingtheidentiÞcationofminima lstandardsandarchitecturetoenablefederalagen- ciestocreateorpurchaseinteroperablecloudcomputingcapabilities.TheITLÕsComputerSecurity DivisionhasthemissionÔÔtoprovidestandardsandte chnologytoprotectinformationsystemsagainst threatstotheconÞdentialityofinformation,integrityofinformationandprocesses,andavailabilityof informationandservicesinordertobuildtrustandco nÞdenceinInformationTechnology(IT)systems.ÕÕ NISTÕsÔÔPerspectivesonCloudComputingandStandard sÕÕpresentationliststhefollowingcharacteristics ofapotential FederalCloudInfrastructure AgencieswouldowncloudinstancesorÔÔnodes.ÕÕ Nodeswouldprovidethesamesoftwareframeworkforrunningcloudapplications. NodeswouldparticipateintheFederalcloudinfrastructure. Federalinfrastructurewouldpromoteandadoptclo PartI:IntroducingtheWindowsAzurePlatform TheRedQueeninLewisCarroll’sThroughtheLooki ng-GlassandWhatAliceFoundTheresaid,‘‘It samelitanyofdoubt,butthesuccessesofSalesforce.comandAWSprovethatgovernanceissuescanbe overcome. FollowingaretheÔÔFiveFastFixesÕÕtosecuredatainthecloudrecommendedbyMikeFratto,theauthor ÕsÔÔCloudControlÕÕarticleofJanuary26,2009thatdeliveredthepollÕsconclusions: DeneYourGovernanceNeeds :Aretheyinternal,external,legal?Listtherequirementsand howtheyÕresatisÞed. ClassifyYourData Chapter1:SurveyingtheRoleofCloudComputing and80,000 customapplicationsasofearly2009.GAErequiresatleastsomefamiliaritywith Pythonprogrammingtoprovideusefulservices,butpromisestosupportotherlanguagesin thefuture.TheWindowsAzurePlatformÕsnameanditsdependenceonVisualStudio2008 placeMicrosoftÕscloudofferingsquarelyinthePaaScategory.WindowsAzuresupportsany programminglanguagethatconformstotheCommonLanguageRuntime(CLR).TheYouseff researchpaperdidnÕtincludeareferencetoAzureasofearly2009. SoftwareKernel canbeimplementedasanOSkernel,hyp ervisor,virtualmachinemonitor and/orclusteringmiddleware,orvariouscombinationsofthesesystems.Althoughgridappli- cationsplayedasigniÞcantroleinearlycloudcomputingimplementations,thegridhasgiven waytothehypervisorasthepreferredsoftwarekernelforcloudcomputingbecausethelatter abstractshardwareidiosyncrasiesfromtheserv ice.AddingCaaSmakesthislayerequivalentto traditionalVPSWebhosting. layeristhephysicalcomputing,switching,androutinghardwarethat formsthecloudÕsbackbone.TheHaaSprovideroperates,manages,andupgradesthehardware onbehalfofitslessees,whosupplytheirownoperatingsystemandapplicationsoftware,and chargesbytheGBfordataingressandegress,similartowebservercolocation.Leasingelimi- natesusersÕneedtoinvestinbuildingandmana gingdatacentersandmightreducethecostof powerandinsurance. Otherrecognizedandself-anoin tedcloudcomputingÔÔthoughtle adersÕÕoffernumerouscloud computingdeÞnitionsandontologies.Forexample,DavidLinthicumofBlueMountainLabs proposesandbrießydescribesthefollowing10majorcloudcomputingcomponentsinhis ÔÔDeÞningtheCloudComputingFrameworkÕÕblogpostofJanuary18,2009( http://cloudcomputing.sys-con.com/node/811519 Storage-as-a-Service Platform-as-a-Service Database-as-a-Service Integration-as-a-Service Information-as-a-Service Security-as-a-Service Process-as-a-Service Application-as-a-Service AccordingtoitsCCIFMission&GoalsWebpage,theCloudComputingInteroperabilityForum http://groups.google.com/group/cloudforum/web/ccif-mission-goals ÔÔwasformedinordertoenableaglobalcloudcomputingecosystemwherebyorganizationsare PartI:IntroducingtheWindowsAzurePlatform CloudComputingOntologies Theterm cloudcomputing Resources (IaaS) (CaaS) Cloud Application (SaaS) Figure1-4:TheÞve-layerstructureofcloud computingasdescribedintheÔÔTowardaUniÞed OntologyofCloudComputingÕÕresearchpaper. Followingisahigh-leveloverviewofYouseffÕsÞve-layerontologicalmodelasusedinthisbook: Youseffandhercolleaguesdesignatethetop-level CloudApplicationLayer astheaccesspointfor SaaSapplications,suchasSalesforceCRMandGAE,throughWebportals. Cloudapplicationdevelopersusethe CloudSoftwareEnvironmentLayer ,whichprovidessup- Chapter1:SurveyingtheRoleofCloudComputing PlatformasaService :PaaSusuallycomprisesatleastthesethreedistinctelements: ToolsasaService (TaaS),whichprovidesWeb-based developmenttoolsandlanguages, suchasMicrosoftVisualStudio(forVisualC#,VisualBasic,IronPython,andIronRuby)or open-sourceEclipse(primarilyforJava) .TheWindowsAzureToolsforVS2008include templatesforcreatingWeb,Worker,WebandWorker,andCloudSequentialWorkßow Servicesthatcanrununderalocal(developer)orcloud(production)WindowsAzure instance(fabric).GoogleAppEngineoffersahostedPythonvariantaswellaswebappand Djangoframeworks. Avirtualizedruntimeapplicationplatform thatenablesrunningapplicationsinthecloud,typ- icallyontopofanIaaSanddeliveredasSaaS.AmazonEC2haspre-builtAMIsfor32-bit and64-bitLinuxdistributions,WindowsServer2003R2withSQLServer2005,andOra- cledatabases,aswellas64-bitOpenSolaris.WindowsAzurerunsonWindowsServer 2008withacustomversionofMicrosoftÕsHyper-Vhypervisor.GoogleAppEngineoffers topersistthestateoftheruntimeapplicationinAmazonÕsElasticBlockStore,Sim- pleDBorS3,GoogleÕsBigTable,orWindowsAzureStorageServicesÕtablesandblobs. EverythingasaService PartI:IntroducingtheWindowsAzurePlatform Ozmo,andHolaServers,useAmazonWebServicesÕSimpleStorageService(S3)toholdgraphic imagesandotherÞles,chargingusersasmallornoaccessfee.MicrosoftLiveSkyDriveisaFaaS providerthatgivesusersupto25GBoffreeÞlestorageatnocharge. Theterm DataStorage DatabaseasaService impliesstructuredstoragewithatleastsomerela- tionaldatabasemanagementsystem(RDBMS)features,suchasquerycapabilities,primaryand foreignkeyindexes,andentityassociationsthroughsimulatedJOINs.Commercialcloudser- vices,suchasAmazonWebServices(AWS),GoogleAppEngine(GAE),andWindowsAzure, offerindexedEntity-Attribute-Value(EAV)tablesandquerylanguageshavingsomerelation- Chapter1:SurveyingtheRoleofCloudComputing VirtualPrivateServer (VPS),alsocalled dedicatedvirtualserver hosting,isolatestheoperatingsys- temandwebserverinavirtualizedinstance,whichallowsasitetobelogicallypartitionedfrom othersitesononeoraclusterofphysicalmachines.VPShostingprovidesadditionalsecurity andcostsfromaboutUS$40ormorepermonthwithincreasedstorageandtrafÞclimits.Small- scalee-commercesitescommonlyuseVPShosting.SomeÞrmschargesmallsetupfeesforVPS Dedicatedserverhosting leasesaphysicalwebservertotheoperatorforincreasedsecurityby contentisolationatacostoffromaboutUS$200permonthandup,withthemonthlycharge PartI:IntroducingtheWindowsAzurePlatform Chapter1:SurveyingtheRoleofCloudComputing PartI:IntroducingtheWindowsAzurePlatform useandestablishedaNetworkComputerReferenceProÞle.TheproÞlerequiredallNCappliancesto Technologies,formerlyknownasNCIorNetworkComputers,Inc.,acreatorofthin-clientsystems suchastheNetChannel,towritesoftwareforitsset-topbox.AOLreportedlyhadoffered$65million Chapter1:SurveyingtheRoleofCloudComputing WhyMigrateApplicationsandServices totheCloud? Cloudcomputingisreceivingmassivepresscoverage,generatinganunendingseriesofconferences, increasingITmanagementmindshareandsubstantialsoftwaredeveloperresourcesbecauseitenables small,medium,andlargebusinessesto PartI:IntroducingtheWindowsAzurePlatform ThebookdoesnotcovertheLiveOperatingEnvironment(LOE,formerlyMeshOperatingEnvironment, MOE)anditsLiveServicesbecausetheseareconsume r-orientedfeatures.NordoesitdigintoMicrosoft SharePointServices,MicrosoftDynamicsCRMServices,orOfÞceBusinessApplications(OBAs)because Development Fabric Development Storage Table Services Blob Services Queue Services Development Runtime Azure (Cloud) Fabric Table Services Blob Services Queue Services SQL Services SQL Analysis Services* SQL Report Services* Figure1-3:Enterprise-orientedWindowsAzurePlatformandSDK features.Featuresnotcoveredinthisbookarecrossedout. Thisbookwaswrittenwiththefourth(May2009)andlaterCTPsoftheWindowsAzureSDKandWin- dowsAzureToolsforMicrosoftVisualStudio. Chapter2,‘‘UnderstandingWindowsAzurePlatform Architecture’’andtherem ainingchaptersofPart I,‘‘IntroducingtheWindowsAzurePlatform,’’descri betheunderlyingarchitectureandimplementation ofWindowsAzureanditsrepertoire ofenterprise-orientedfeatures. Chapter1:SurveyingtheRoleofCloudComputing AmazonreleaseditsElasticComputeCloud(EC2)webservice,whichwastheÞrstservicetopermit Figure1-2:TheWindowsAzurePlatformwascalledtheAzure ServicesPlatformuntilJuly2009. SpeciÞcally,thisbookcovers WindowsAzure ,theoperatingsystemwhichimplementst heWindowsAzureFabricÕsproduction versioninvirtualizedWindowsServer2008clusters. AzureStorageServices ,whichprovidesscalablepersistentstorageofstructuredtables,arbitrary blobs,andqueues. SQLServices :SQLAzureDatabaseimplementsMicrosoftSQLServerinthecloudwithfeatures commonlyofferedbyenterprise-scalerelation aldatabasemanagementsystems.SQLReporting andSQLAnalysisservicesareexpectedasfuturedata-relatedSQLServices. SurveyingtheRole ofCloudComputing Theterm cloudcomputing impliesaccesstoremotecomputingservicesofferedbythirdpartiesviaa TCP/IPconnectiontothepublicInternet.Thecloudsymbolinanetworkdiagram,whichinitially PartI IntroducingtheWindowsAzure Platform Chapter1: SurveyingtheRoleofCloudComputing Chapter2: UnderstandingWindowsAzurePlatformArchitecture Chapter3: AnalyzingtheWindowsAzureOperatingSystem Chapter4: ScalingAzureTableandBlobStorage COPYRIGHTED MATERIAL PartI:IntroducingtheWindowsAzurePlatform accesstothecloud.ThereareanumberofcompaniesthathavebeneÞtedfromthat. Obviously,Google,Yahoo!,eBay,Amazoncometomind.Thecomputationandthe dataandsoforthareintheservers.[Emphasisadded.] Mr.SchmidtisconsideredbymanytobetheÞrstuseroftheterm cloudcomputing inthecontextofits embodimentin2008andlater,butthetermdidnÕtreachthethresholdforinclusioninGoogleÕsTrends serviceuntilaboutSeptember2007(seeFigure1-1).Mr.Schmidtmakestheassumptioninthepreceding quotationthatdataservicesprovid edbythecloud-computingserversweredeÞnedbytheorganizations thatownedtheservers,speciÞcallyGoogle,Yahoo!,eBay,andAmazon. Figure1-1:WorldwidetrafÞcfortheterms cloudcomputing , WindowsAzure , AmazonEC2 ,and GoogleApp Engine fortheyears2000through2008asreportedbytheGoogleTrendsservice. 4