xxx Cloud Computing
application performance monitoring. Managed security services that are
delivered by third-party providers also fall into this category.
Platform-as-a-Service (PaaS) is yet another variation of SaaS. Some-
times referred to simply as web services in the cloud, PaaS is closely related
to SaaS but delivers a platform from which to work rather than an applica-
tion to work with. These service providers offer application programming
interfaces (APIs) that enable developers to exploit functionality over the
Internet, rather than delivering full-blown applications. This variation of
cloud computing delivers development environments to programmers, ana-
lysts, and software engineers as a service. A general model is implemented
under which developers build applications designed to run on the provider’s
infrastructure and which are delivered to users in via an Internet browser.
The main drawback to this approach is that these services are limited by the
vendor’s design and capabilities. This means a compromise between free-
dom to develop code that does something other than what the provider can
provide and application predictability, performance, and integration.
An example of this model is the Google App Engine. According to
Google, “Google App Engine makes it easy to build an application that runs
reliably, even under heavy load and with large amounts of data.”
7
The Goo-
gle App Engine environment includes the following features
Dynamic web serving, with full support for common web technol-
ogies
Persistent storage with queries, sorting, and transactions
Automatic scaling and load balancing
APIs for authenticating users and sending email using Google
Accounts
A fully featured local development environment that simulates
Google App Engine on your computer
Currently, Google App Engine applications are implemented using the
Python programming language. The runtime environment includes the full
Python language and most of the Python standard library. For extremely
lightweight development, cloud-based mashup platforms (Ajax modules
that are assembled in code) abound, such as Yahoo Pipes or Dapper.net.
7. http://code.google.com/appengine/docs/whatisgoogleappengine.html, retrieved 5 Jan 2009.
Intro.fm Page xxx Friday, May 22, 2009 11:24 AM
Is the Cloud Model Reliable? xxxi
Grid Computing or Cloud Computing?
Grid computing is often confused with cloud computing. Grid computing
is a form of distributed computing that implements a
virtual supercomputer
made up of a cluster of networked or Internetworked computers acting in
unison to perform very large tasks. Many cloud computing deployments
today are powered by grid computing implementations and are billed like
utilities, but cloud computing can and should be seen as an evolved next
step away from the grid utility model. There is an ever-growing list of pro-
viders that have successfully used cloud architectures with little or no cen-
tralized infrastructure or billing systems, such as the peer-to-peer network
BitTorrent and the volunteer computing initiative SETI@home.
8
Service commerce platforms are yet another variation of SaaS and
MSPs. This type of cloud computing service provides a centralized service
hub that users interact with. Currently, the most often used application of
this platform is found in financial trading environments or systems that
allow users to order things such as travel or personal services from a com-
mon platform (e.g., Expedia.com or Hotels.com), which then coordinates
pricing and service delivery within the specifications set by the user.
Is the Cloud Model Reliable?
The majority of today’s cloud computing infrastructure consists of time-
tested and highly reliable services built on servers with varying levels of vir-
tualized technologies, which are delivered via large data centers operating
under service-level agreements that require 99.99% or better uptime. Com-
mercial offerings have evolved to meet the quality-of-service requirements
of customers and typically offer such service-level agreements to their cus-
tomers. From users’ perspective, the cloud appears as a single point of access
for all their computing needs. These cloud-based services are accessible any-
where in the world, as long as an Internet connection is available. Open
standards and open-source software have also been significant factors in the
growth of cloud computing, topics we will discuss in more depth later.
8. SETI@home is a scientific experiment that uses Internet-connected computers in the Search
for Extraterrestrial Intelligence (SETI). For more information, see http://www.seti.org.
Intro.fm Page xxxi Friday, May 22, 2009 11:24 AM
xxxii Cloud Computing
Benefits of Using a Cloud Model
Because customers generally do not own the infrastructure used in cloud
computing environments, they can forgo capital expenditure and consume
resources as a service by just paying for what they use. Many cloud comput-
ing offerings have adopted the utility computing and billing model
described above, while others bill on a subscription basis. By sharing com-
puting power among multiple users, utilization rates are generally greatly
improved, because cloud computing servers are not sitting dormant for lack
of use. This factor alone can reduce infrastructure costs significantly and
accelerate the speed of applications development.
A beneficial side effect of using this model is that computer capacity
increases dramatically, since customers do not have to engineer their appli-
cations for peak times, when processing loads are greatest. Adoption of the
cloud computing model has also been enabled because of the greater avail-
ability of increased high-speed bandwidth. With greater enablement,
though, there are other issues one must consider, especially legal ones.
What About Legal Issues When Using Cloud Models?
Recently there have been some efforts to create and unify the legal environ-
ment specific to the cloud. For example, the United States–European Union
Safe Harbor Act provides a seven-point framework of requirements for U.S.
companies that may use data from other parts of the world, namely, the
European Union. This framework sets forth how companies can participate
and certify their compliance and is defined in detail on the U.S. Depart-
ment of Commerce and Federal Trade Commission web sites. In summary,
the agreement allows most U.S. corporations to certify that they have joined
a self-regulatory organization that adheres to the following seven Safe Har-
bor Principles or has implemented its own privacy policies that conform
with these principles:
1. Notify individuals about the purposes for which information is
collected and used.
2. Give individuals the choice of whether their information can be
disclosed to a third party.
3. Ensure that if it transfers personal information to a third party,
that third party also provides the same level of privacy protection.
Intro.fm Page xxxii Friday, May 22, 2009 11:24 AM
What About Legal Issues When Using Cloud Models? xxxiii
4. Allow individuals access to their personal information.
5. Take reasonable security precautions to protect collected data
from loss, misuse, or disclosure.
6. Take reasonable steps to ensure the integrity of the data col-
lected.;
7. Have in place an adequate enforcement mechanism.
Major service providers such as Amazon Web Services cater to a global
marketplace, typically the United States, Japan, and the European Union,
by deploying local infrastructure at those locales and allowing customers to
select availability zones. However, there are still concerns about security
and privacy at both the individual and governmental levels. Of major con-
cern is the USA PATRIOT Act and the Electronic Communications Pri-
vacy Act’s Stored Communications Act. The USA PATRIOT Act, more
commonly known as the Patriot Act, is a controversial Act of Congress that
U.S. President George W. Bush signed into law on October 26, 2001. The
contrived acronym stands for “Uniting and Strengthening America by Pro-
viding Appropriate Tools Required to Intercept and Obstruct Terrorism
Act of 2001” (Public Law P.L. 107-56). The Act expanded the definition of
terrorism to include domestic terrorism, thus enlarging the number of
activities to which the USA PATRIOT Act’s law enforcement powers could
be applied. It increased law enforcement agencies’ ability to surveil tele-
phone, email communications, medical, financial, and other records and
increased the range of discretion for law enforcement and immigration
authorities when detaining and deporting immigrants suspected of terror-
ism-related acts. It lessened the restrictions on foreign intelligence gather-
ing within the United States. Furthermore, it expanded the Secretary of the
Treasury’s authority to regulate financial transactions involving foreign
individuals and businesses.
The Electronic Communications Privacy Act’s Stored Communications
Act is defined in the U.S. Code, Title 18, Part I, Chapter 121, § 2701,
Unlawful Access to Stored Communications. Offenses committed under
this act include intentional access without authorization to a facility
through which an electronic communication service is provided or inten-
tionally exceeding an authorization to access that facility in order to obtain,
alter, or prevent authorized access to a wire or electronic communication
while it is in electronic storage in such a system. Persons convicted under
Intro.fm Page xxxiii Friday, May 22, 2009 11:24 AM
xxxiv Cloud Computing
this Act can be punished if the offense is committed for purposes of com-
mercial advantage, malicious destruction or damage, or private commercial
gain, or in furtherance of any criminal or tortious act in violation of the
Constitution or laws of the United States or any state by a fine or imprison-
ment or both for not more than five years in the case of a first offense. For a
second or subsequent offense, the penalties stiffen to fine or imprisonment
for not more than 10 years, or both.
What Are the Key Characteristics of Cloud Computing?
There are several key characteristics of a cloud computing environment.
Service offerings are most often made available to specific consumers and
small businesses that see the benefit of use because their capital expenditure
is minimized. This serves to lower barriers to entry in the marketplace, since
the infrastructure used to provide these offerings is owned by the cloud ser-
vice provider and need not be purchased by the customer. Because users are
not tied to a specific device (they need only the ability to access the Inter-
net) and because the Internet allows for location independence, use of the
cloud enables cloud computing service providers’ customers to access cloud-
enabled systems regardless of where they may be located or what device they
choose to use.
Multitenancy
9
enables sharing of resources and costs among a large
pool of users. Chief benefits to a multitenancy approach include:
Centralization of infrastructure and lower costs
Increased peak-load capacity
Efficiency improvements for systems that are often underutilized
Dynamic allocation of CPU, storage, and network bandwidth
Consistent performance that is monitored by the provider of the
service
Reliability is often enhanced in cloud computing environments because
service providers utilize multiple redundant sites. This is attractive to enter-
9. http://en.wikipedia.org/wiki/Multitenancy, retrieved 5 Jan 2009. Multitenancy refers to a
principle in software architecture where a single instance of the software runs on a SaaS
vendor’s servers, serving multiple client organizations (tenants).
Intro.fm Page xxxiv Friday, May 22, 2009 11:24 AM
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.