Head in the Cloud..?

Various aspects of cloud computing, as an abstraction of computer resources and its implications on Network Security, have been topics of the ongoing debate.

With its advantages and disadvantages, recognising the opinions and the trends of its deployment in the IT by Network Administrators; both into the server, as well as the desktop environments, many relevant arguments exist.

• Cloud computing is a part of virtualisation - which has gained much support and popularity in the industry, certainly as a valid option for expanding the IT resources, without the hardware.

Initially, VIRTUALISATION related to the ability of running multiple operating systems on a one host-server…but this soon became too narrow a description, because a large number of hardware, software, services, applications, can be “tricked/virtualised” to the benefit of user, without introducing any extra hardware capacity, thus reducing the equipment and operational overheads.  

Simply speaking, it is the creation of multiple tools, based on one (or several) main tools, or bench-marks, or making multiple “imagined”-but operational- resources, from one “real” physical hardware, or software resource.

One aspect of CLOUD is the simulation of a real, or imagined environment that can be experienced visually and can include other sensory experiences, like sound, touch and feedback from “touched” objects, or other forces and sensations designed to enable a person to work in a computer environment, by seeming to manipulate objects, by handling them. (White, 2008)

It allows the user to perform tasks on a computer more powerfully than otherwise would be possible, with the computer’s limited hardware/software capabilities.

It gets accomplished by the concealment of the physical capacity/characteristics of the resource (be it an application, a server, a storage device, or an operating system) from the other systems working with it at the time.

Cloud is also described as a method of allocating the resources of a computer into several working environments, in which each virtual machine, operating in its own space segregated on the memory/disc-space (partition), is able to run its own (different) operating system and applications, independently.

CLOUD computing is the delivery of computing as a service rather than a product, whereby shared resources, software, and information are provided to computers and other devices as a metered service over a network, typically the Internet.

Computing clouds provide computation, software, data access, and storage resources without requiring cloud users to know the location and other details of the computing infrastructure.

Users access cloud based applications through a web browser or a light weight desktop or mobile app while the business software and data are stored on servers at a remote location.

Cloud application providers strive to give the same or better service and performance as if the software programs were installed locally on end-user computers.

In some recent cases, the security and accessibility of data in CLOUD environment have been compromised and the pressure is on the vendors to ensure the service is at least as secure, as a physical set-up on users’ own hardware.

There are several types of Cloud-Virtualisation;

·      Storage

·      Service

·      Application / Desktop

·      Infrastructure

·      Server

·      Network

·      Client

 In the above cases; either virtualising one to many, or many to one resource (or vice-versa) occurs.

·      STORAGE: In order to accommodate large amounts of data, if the system doesn’t have enough RAM, it allows the use of hard disk extension of RAM, called Virtual Memory, or Swap File Space. (Beisse, 2013)

·      SERVICE / APP. INFRASTRUCTURE (also called APPLICATION-FABRICS) virtualisation separates apps from Operating System and hardware, allowing coding to be written by developers into this created virtualised layer. In this way, the fabric can be used for scaling and deployment, also for Dynamic Resource Discovery, Virtualised Processing and Distribution.                                                                                                                      IBM have gone into this area, by providing management, performance monitoring and fault checking, whereby the implementation is provided on the Virtualised platform, rather than on the physical space of the machine, again, leading to better utilisation of resources, resulting in cost reduction.

·      APPLICATION CLOUD virtualisation, on the client side, is split into Local and Hosted. With streamed and local application virtualization, an application can be installed on demand as needed. If streaming is enabled then the portions of the application needed for start-up are sent first optimising start-up time. Locally virtualised applications also frequently make use of virtual registries and file systems to maintain separation and cleanness from the user’s physical machine. Examples of local application virtualization solutions include Citrix Presentation Server and Microsoft Soft Grid. One could also include virtual appliances into this category such as those frequently distributed via VMware’s VMware Player.

Hosted application virtualization allows the user to access applications from their local computer that are physically running on a server somewhere else on the network. Technologies such as Microsoft’s Remote App allow for the user experience to be relatively seamless include the ability for the remote application to be a file handler for local file types. (https://www.infoq.com/articles/virtualization-intro, 2013)

 The advantages of this kind of virtualisation are access, management, legacy support           and security.

...

The drawbacks include the lack of compatibility, drain on resources and packaging.

 Local Desktop Virtualisation (like VMware Fusion, or M/S Virtual PC) allows easy access to applications and promotes good Development Support, Isolation/Security.

SERVER in CLOUD virtualisation is the most preferred and utilised in this industry, dividing one Server Machine into separate partitions, which in turn enables to offer different operating systems (and other resources) to Domain Clients, on those different platforms in separate partitions.                      

This way, they can be operated by users as separate entities, independently of each other, without the need to acquire extra hardware, thus utilising resources more efficiently.

It requires management interfaces (like Integration Services, Dynamic Data Center on M/S Hyper-V) to run multiple operating systems on a single physical computer (typically server-class hardware), as well as Memory Management, Scheduler, State Machine, Storage/Networking, Virtualised Devices and their drivers.

In such a computing environment as this, implemented in the software; it abstracts the hardware resources of the physical computer (physical host), so that multiple operating systems can run simultaneously on a single machine. Each Operating System runs in its own virtual node and is allocated logical instances of the computer’s processors, hard discs, network cards and other resources.

A single physical computer (host) needs a platform on which it can run multiple operating systems; a hypervisor, which provides isolated execution environments, as well as management access between the guest operating systems running on the virtual machines  and the underlying hardware resources on the physical host computer.

Hypervisors come in two types; 1 (“native” on bare metal; directly on the hardware)       and 2 (hosted, on top of a host Operating System of the host machine).

NETWORK CLOUD-virtualisation, like VPN, expands private network all over public network such as the internet.

It enables a host computer to send and receive data over public or shared networks, just as they were an essential part of the private network with all the security, management policies and functionalities.

This is all established by making point-to-point link via the use of dedicated links, encryptions or with both of them together.

It’s good for customising the access and simplifying the network management, consolidating physical networks into one (or more) virtual ones,                                       but it suffers from the risk of being complex, overhead-heavy and difficult to administer, requiring higher skill set from its overseers.

Security issues on a VPN are enhanced by the use of authentication and encryption of remote users accessing a corporate network.

The VPN links all the internet is technically a wide area network (WAN) connection in between remote sites. From the user point of view, expanded network resources are obtained exactly the same way as resources accessed from the private network, thus the name virtual private network.

CLIENT CLOUD-virtualisation encompasses both desktop and application level, in both – local and hosted formats. Apps here are not installed in a traditional way, but are accessed         and executed from a “virtualised” space in the domain-system, or on a client machine desktop.

At the foundation of cloud computing is the broader concept of infrastructure convergence (or Converged Infrastructure) and shared services, which is becoming increasingly popular.

This type of data centre environment allows enterprises to get their applications up and running faster, with easier manageability and less maintenance, and enables IT to more rapidly adjust IT resources (such as servers, storage, and networking) to meet fluctuating and unpredictable business demand.

The "CLOUD," whether it's talking about “cloud services” or “cloud computing,” is increasingly being used across the technology sector, and has received billions of dollars of investment from the large multinational technology companies.

Popularly referred to as the "Cloud”, also Software as a Service (SAAS), Software on Demand and/or Software Hosting (Public, Private & Hybrid) - all of these terms are about CLOUD COMPUTING, which I elaborate on, in another article I published here on LinkedIn.

Virtual/Cloud computing is worth considering for organisations of all sizes.

Instead of the costs of buying and running own infrastructure and software, the use of shared, pre-installed and implemented infrastructure, which is available anywhere, any time is accessed.

By taking advantage of this new wave of application development and moving into the "cloud," organisations "pay as you go" - for only what they use.

There are cost savings and reduced hardware/software overheads.

BENEFITS:

·       Reduced Cost - Cloud technology is paid incrementally, saving money

·       Increased Storage capacity - more data can be accommodated than on private/physical computer systems

·       Highly Automated - No longer do IT personnel need to worry about keeping software up to date

·       Flexibility - Cloud computing offers much more flexibility than past computing methods

·       More Mobility - Employees can access information wherever they are, rather than having to remain at their desks

·       Allows IT to Shift Focus - No longer having to worry about constant server updates and other computing issues, organisations will be free to concentrate on innovation.

Some DISADVANTAGES:

·       Possible loss of privacy and security, as the data may be accessed by unauthorised third parties, outside of the Organisation’s network.

·       Possible loss of control. Dependency on the vendor providing the service.

·       Poor quality of service; no influence on the maintenance, backup, contingency procedures.

·       Inability to migrate to another system.

·       Reliance on the vendor’s financial standing.

·       Cost. Inability to quantify the amount of service used/charged for.

·       Lack of knowledge, as the system is under full control of the third party and their policies.

·       Integration of USB peripherals, email, smartphones, groupware, etc. (https://www.cloudcomputingtechie.com/top-5-disadvantages/)

 In a cloud computing system, there's a significant workload shift. Local computers no longer have to do all the work when it comes to running applications.

The network of computers that make up the cloud handles them instead. Hardware and software demands on the user's side decrease. The only thing the user's computer needs to be able to run is the cloud computing system's interface software, which can be as simple as a Web browser, and the cloud's network takes care of the rest.

Most of the e-mail accounts with a Web-based e-mail service like Hotmail, Yahoo! Mail or Gmail utilise cloud computing technology.  Instead of running an e-mail program on a computer, users log in to a Web e-mail account remotely. The software and storage for the account doesn't exist on their computer - it's on the service's computer cloud.(Strickland, 2014)

IN CONCLUSION:

Any research on the matter confirms that the advantages of CLOUD-virtualisation by far outweigh the disadvantages… (Skyline, 2013)

One has to be aware, however, that with the ability to consolidate the server-hardware by the virtues of it, the risk of physical damage to the core of the system domain could have catastrophic consequences to the domain network ...

More than one physical Servers in different locations, catering to the virtual servers system/network, arguably could be the answer to the above…

 The way physical servers communicate may also be compromised in terms of performance and it may be argued, that the cloud-virtual environments are not capable of handling the requirements of operating systems and applications, especially if the services are all called upon simultaneously… Some features of “the real thing” may also be missing, with the reduced performance.

 While it became a very important part of the IT enterprise recently, cloud-virtualisation can be a handful to network administrators, as some of the software apps become rather tricky to manage in this “imagined”- yet real environments.

Extra skills are often required, in Hyper-v Xen, VMware, calling for totally different knowledge and skills to operate in the server cloud-virtualisation domain.

Desktop/node-physical area (as discussed on previous pages here) is far less risky and more user friendly to virtualise (with less, or no impact on the domain), as opposed to critical/production server network, which arguably, require a solid/safe platform of real hardware, to deliver the services in a safe and robust manner. (Dinesh, 9May2011) 

Some apps and operating systems behave oddly in a cloud-virtualised domain, leaving some IT industry Network Administrators in preference to the mix of physical hardware resources for the highly critical production server domains and desktop/node cloud-virtualisation for the client (Hybrid option).

Vendors of the (cloud) services have been under scrutiny, too, with concerns over security and access.

Some users argue it may not be safe enough to rely on a third party to store any sensitive data in an “unknown” location, off shore, beyond their reach and control, mixed with/next to other users’ files…not to mention Government/Health sensitive data, requiring local/physical presence by legislation/default.

Others are content to have an alternative backup to the physical data storage facilities, which may be exposed to various security and technical glitches that plague, at times, servers and other hardware digital storage devices on land.

Tomek Ziolkowski (www.tomzed.com.au)