Académique Documents
Professionnel Documents
Culture Documents
SEMINAR ON
OVERVIEW Introduction Key attributes of cloud Cloud deployment model Security issue in cloud computing Case study Secure Cloud computing platform Security features in Nebula Conclusion Reference
computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.
3
Conventional Computing
vs.
Cloud Computing
Conventional Cloud
Dedicated Hardware Fixed Capacity Pay for Capacity Capital & Operational Expenses
Self-provisioned Shared Hardware Elastic Capacity Pay for Use Operational Expenses Managed via APIs
INTRODUCTION
1. 2. 3. 4.
Shared / pooled resources Broad network access On-demand self-service Metered by use
On-Demand Self-Service:
Completely automated Users abstracted from the implementation Near real-time delivery (seconds or minutes) Services accessed through a self-serve web interface
Metered by Use:
Services are metered, like a utility Users pay only for services used Services can be cancelled at any time
IaaS
PaaS
SaaS
Microsoft
Salesforce
SaaS
PaaS
IaaS
Products and companies shown for illustrative purposes only and should not be construed as an endorsement
Need for isolation management Logging challenges Data ownership issues Quality of service guarantees Attraction to hackers Security of virtual OSs in the cloud Identity Management Data Stealing
is an open-source cloud computing model and service developed to provide an alternative to the costly construction of additional data centers in NASA. Open and Public APIs, everywhere Open-source platform, apps, and data Full transparency
Users
only have access to APIs and Dashboards No user direct access to Nebula infrastructure Project-based separation A project is a set of compute resources accessible by one or more users Each project has separate: VLAN for project instances VPN for project users to launch, terminate, and access instances Image library of instances
Project A (10.1.1/24)
DMZ Services
C L O U D A P I S
S M W
RFC1918
(LAN_X) Project B
(10.1.2/24)
High-end Compute
Vast Storage
Super Computer
Intrusion Detection
Open source Host-based Intrusion Detection Mirror port to NASA SOC tap
Vulnerability Scanning
Nebula uses both internal and external vulnerability scanners
Incident Response
Procedures for isolating individual VMs, compute nodes, and clusters, including:
Taking snapshot of suspect VMs, including memory dump Quarantining a VM within a compute node Disabling VM images so new instances cant be launched Isolate a compute node within a cluster Isolate a cluster
Long term vision is to have a pass/fail launch gate based on scan/monitoring results
TOOLS
PXE
Preboot Execution Environment is an environment to boot a computer using a network interface in cloud data storage. It is follow DHCP model. It is a tool for open stack cloud. Open stck is open source computing management infrastructure. Nova is a messaging-based architecture. Major components are Compute Controller, Volume Controller, Network Controller.
PUPPET
RabbitMQ- It is open source message broker software (messageoriented middleware) that implements the Advanced Message Queuing Protocol (AMQP) standard.
NOVA NODE
OBJECT NODE
Nginx Puppet
PXE
Ubuntu OS
Ngnix It is an open source Web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage
NETWORK NODE
Project VLAN
Public Internet
IP Tables
Ubuntu OS
brctl is set up, inspect the network bridge configuration in the linux kernel. A bridge is a device used to connect different networks.
CONCLUSION
Security Threats are in the cloud are hurdle of adaption of cloud computing. We can use Nebula for high security , high availability on the internet. User can store their sensitive data on cloud. Nebula is open source so it cost effective.
REFERENCE
1. Changhoon Kim, Matthew Caesar, Alex Gerber, Jennifer Rexford, Revisiting Route Caching: TheWorld Should Be Flat, Passive and Active, Measurement Conference, April 2010. 2. Changhoon Kim, Matthew Caesar, Jennifer Rexford, Floodless in SEATTLE: A Scalable Ethernet for Large Enterprises, ACM SIGCOMM, August 2008. 3. Firat Kiyak, Brent Mochizuki, Eric Keller, Matthew Caesar, Better by a HAIR -- HardwareAmenable Internet Routing, IEEE ICNP, October 2009. 4. Teemu Koponen, Mohit Chawla, Byung-Gon Chun, Andrey Ermolinskiy, Kye Hyun Kim, Scott Shenker, and Ion Stoica. A data-oriented (and beyond) network architecture, In Proc. ACM SIGCOMM, August 2007. 5. Rongxing et al, Secure Provenance: The Essential Bread and Butter of Data Forensics in Cloud Computing, ASIACCS10, Beijing, China.. 6 . R. LaQuata Sumter, Cloud Computing: Security Risk Classification, ACMSE 2010, Oxford, USA 7 . Mladen A. Vouch, Cloud Computing Issues, Research and Implementations, Journal of Computing and Information Technology - CIT 16, 2008, 4, 235246