Introduction to Cloud Computing
- Processes, standards and quality
People interested in IT may wonder why implementing cloud computing is so successful in today’s market, especially that in terms of technology it isn’t anything new. Technologies due to which cloud can function, such as virtualisation, thin and fat clients or VPN, have been created long before someone even thought about cloud computing. Cloud means transferring IT resources (infrastructure, applications and data) from one place to another. It doesn’t matter whether you transfer data, whole application, device or virtual machine. Cloud enables you to store and distribute resources according to your needs.
Cloud computing is rather a new business model than a new technology. The term refers to the applications and services which work in distributed environment, use virtualised resources and are available through internet protocols and standard networks. This model is characterised by virtual and unlimited resources, where details concerning physical system, applications are running in, are hidden from the user. It introduces a certain level of abstraction. You can imagine cloud as a global network with unlimited, always available and scalable resources – from the user’s perspective.
The word „cloud” refers to two basic concepts:
- abstraction – cloud computing hides implementation details of the system from the user. Applications run on physical systems that aren’t specified, information is stored in an unknown location, systems management is delegated to others, and access to resources is granted to the user;
- virtualisation – cloud computing virtualizes systems by storing and distributing resources. IT resources are flexibly scaled and delivered according to the needs of a centralized infrastructure and the cost is charged according to consumption.
Virtualisation involves mapping physical resources (hardware) to logical units. Having the physical machine with a certain pool of computing power, you can divide it into several virtual machines. From the user’s point of view, they operate on a regular machine, which is only an emulation of a physical unit with its own address space, assigned processor and I/O device resources (time). This characteristic enables you to create a few, simultaneously running, virtual machines (with different operating systems) on one physical server.
Basic characteristics of cloud computing:
- service available on request – consumer may use computing power (e.g. time of processor, storage, network bandwidth) when it is necessary, or can change its parameters without suppliers intervention;
- large availability of services – services are available through standard mechanisms that support usage of heterogeneous platforms (e.g. PC, smart phone, games console);
- co-division of resources – service provider’s accumulated resources (physical and virtual) are used by many consumers and are dynamically allocated according to clients’ demand. The clients have no control over resources they use, and don’t know their location;
- flexibility – services capabilities can be quickly scaled horizontally (quality), as well as vertically (quantity). The consumers have an impression of access to unlimited computing power – can use any number of resources;
- monitoring – service provider automatically controls and optimizes the use of resources, as well as charges fees for services according to the model of pay-as-you-go;
- low requirements – using the service doesn’t require high costs, which allows experimenting without risk and long-term liabilities.
Advantages of cloud computing
High power scalability in the cloud introduces the ability to make parallel calculations on a large number of computers. If a company has to perform a complex data analysis, which can take a month, by activating, e.g. one hundred machines in the cloud, they can do the same calculations in a several hours.
Novice entrepreneurs often face financial barriers. They don’t have sufficient funds to purchase a license for the software, create a professional storage and data processing centre, or to employ a team of experienced specialists with high qualifications. Processing in the cloud eliminates all the above mentioned barriers. Due to cloud computing, both small and large companies are able to access the same IT services.
One of the main values introduced by cloud computing is the ability to convert fixed expenses on consumables through flexible charging scheme that is tailored to your needs. Replacing the physical infrastructure with a virtual one protects against having too small or too big infrastructure. The development of the company can be hindered, if revenue doesn’t cover the expenses.
The company that wants to develop, would have a choice: buy new equipment and implement it on the site, hire equipment at a time, or move all activities to an external provider, whose task would be to provide services. If the demand for services is variable, then the question, how large infrastructure is needed to meet the demand, arises.
If the company invests too much in comparison to the number of potential customers – and this number is always difficult to predict – costs will automatically increase. Consequently, customers will leave as they will benefit from cheaper competition’s services.
On the other hand, if a company doesn’t invest enough, they won’t be able to take advantage of a sudden, short-term increase in demand, because with the poor quality of hardware the services quality will decrease, and customers leave.
Another advantage is billing according to consumption. At a time the demand for services is high, a company is able to pay for the provision of increased services. In the opposite case, when the company records a decline in demand for services, doesn’t have to pay the fees for services, which aren’t needed at that moment. The risk of doing business decreases, because the financial side becomes more predictable.
Disadvantages of cloud computing
The number of problems associated with the use of cloud computing is as great as the number of advantages. In general, the idea of public cloud works well for small and medium-sized enterprises. Larger companies can afford high-end hardware and IT staff. Their goal is to use specialized solutions designed specifically for their needs. Using some applications in the cloud, you choose solution that doesn’t need to be specially adopted. In that case preconfigured solutions are the only thing you will be forced to work with. Locally managed versions have far more opportunities of cloud modification than their counterparts.
The biggest problem of cloud computing concerns security and confidentiality. If data travel through a part of the infrastructure that isn’t under the direct supervision, there is always a risk of intercepting and interfering information. Also, you can’t count on privacy if the government of your provider requests information that are on the same server as the client’s data. It is also worth mentioning that when the application is distributed across the globe, its owner should get familiar with the legal issues of the region with regard to the storage of personal data, as regulatory agencies shift all responsibility onto the client.
The challenges of cloud computing:
- accounting – in private systems, the cost of operation is constant; in the cloud computing with pay-as-you-go model, the costs are calculated individually;
- law – the applicable law depends on the geographic location, that is why a supplier must adjust their policy depending on the region;
- data privacy – to ensure privacy in the cloud additional security systems must be implemented, such as private encryption, VLAN (Virtual Area Network), firewalls; also the local storage for sensitive data is sometimes required;
- monitoring – in private systems each solution requested by the client can be implemented. Cloud mechanisms are often limited to those provided by the supplier;
- „bottlenecks” – occur when a large number of data must be sent, e.g. an implementation of a system or database replication. Internal LAN copes with this type of tasks much better than their counterparts in the cloud (WAN). Also the performance of storage space, although scalable, may deviate from standard carriers, and obviously high-performance solutions are more expensive;
- Service Level Agreement (SLA) – they are standardized to adapt to majority of users, that is why any attempt of negotiating the conditions becomes problematic for small businesses. Before moving to the cloud, it is worth analysing the risk, which wasn’t covered by the SLA supplier;
- software – cloud forces the use of standard solutions and reduces the possibility of modifying the existing system.
SLA is an agreement (less frequently a contract) on the performance, negotiated between the client and the provider of the cloud. It should be noted that some of the SLAs aren’t legally biding.
At the moment, the agreements are generalized in a significant number of cases to meet the needs of majority of clients.
Security in the cloud
Cloud includes features that undoubtedly make it valuable. Unfortunately, many of them are associated with security problems.
A distributed system is more vulnerable to attack than the one held in the local network. Cloud computing has all the vulnerabilities associated with Web applications. Additionally, you have to be aware of susceptibility connected with the collection, virtualization and access to resources.
One way to maintain the security may be creating a reference image that can be used as a base configuration for the new environment. The ability of downloading system image and analysing it in terms of vulnerability is often invaluable. If the client feels that the system is at risk, they can change the image to the well-known version.
Protection of data that are sent to/from the cloud (and the data remaining there) is the biggest problem of dealing with information security. Similarly to communication within WAN, it is necessary to be aware of the fact that data can be intercepted and modified. That is why it is so important that any exchange of information is carried out by an encrypted connection. It also applies to data stored in the cloud. The encrypted data concern not only passwords but also the whole communication. However, it doesn’t prevent from the loss of data, including private keys and passwords.
The problem with the data stored in the cloud also applies to the fact that we don’t know exactly where they are (geographically) – in fact, they may be stored anywhere in the supplier’s system.
Even the biggest companies may be closed or change their policies. Transferring the system operating in the cloud from one supplier to another can be problematic. The choice of the service provider, who enables exporting all data stored on their servers in a format supported by the local system, may be important.
Steps recommended by the General Inspector (Inspector General for Personal Data Protection GIODO) to be taken in order to move IT resources to the cloud:
- oblige the supplier to provide information about the physical locations of servers that process data, as well as documentation on the safety regulations used in data centres and a list of subcontractors and institutions participating in the service;
- all subcontractors processing data of a public entity (which may be personal data) should be bound by the same conventions as the service provider, however the recipient remains the sole administrator of personal data sent to the cloud;
- oblige the cloud provider to inform the client about all obligations in relation to the police for the transfer of access to data stored in the cloud;
- commit to reporting security incidents that may affect data processed by the client.
Using cloud computing the client receives functionality available to them in the form of services which payments are closely associated with their use, so that they only pay for what has actually been used. Access to the service is possible via any device with the Internet connection. The operating system used by the client doesn’t matter, as applications running in the cloud communicate regardless of the platform. Any knowledge concerning the services isn’t required from the user, and the high quality and availability of the services are provided by supplier due to the possibility of modifying their performance depending on the demand. In the cloud, application can start working in a modest infrastructure and grow to enormous size during the night, and services will still be delivered tailored to client’s needs. It can be assumed that in the next few years cloud applications will supplant those kept on local drivers.
Unfortunately, not all applications can benefit from the cloud. You have to deal with delays in access to resources related to, e.g. the geographical distance, transaction management, security and regulations. Scalability, which characterises the cloud may be worthless regarding limitations imposed by the cloud computing providers on clients. Additionally, low start-up costs may be disproportionate to the expected, due to the high cost in terms of computing power, when it is on high demand.