Cloud Computing

UNIT-II : VIRTUALIZATION & COMMON STANDARDS IN CLOUD COMPUTING

Prof. S. S. Kasualye Department of Information Technology Sanjivani College of Engineering, Kopargaon Common Standards 1. Open Cloud Consortium The Open Commons/Cloud Consortium (OCC) is a not for profit that manages and operates cloud computing and data commons infrastructure to support scientific, medical, health care and environmental research. 1. Open Cloud Consortium (continue…) The Open Cloud Consortium (OCC) supports: 1. the development of standards for cloud computing and frameworks for interoperating between clouds; 2. supports the development of benchmarks for cloud computing; 3. supports open source software for cloud computing; 4. manages a testbed for cloud computing called the Open Cloud Testbed; sponsors workshops and other events related to cloud computing. 1. Open Cloud Consortium (continue…) The OCC members:

1. Companies: Aerospace, Booz Allen Hamilton, Cisco, InfoBlox, Open Data Group, Raytheon, Yahoo

2. Universities: CalIT2, Johns Hopkins, MIT Lincoln Lab, Northwestern Univ., University of Illinois at Chicago, University of Chicago

3. Government agencies: NASA 1. Open Cloud Consortium (continue…) The OCC Mission 1. Manage storage and data commons infrastructure, such as the Open Science Data Cloud Public Data Commons, the Environmental Data Commons, the BloodPAC Commons, the Biomedical Data Commons, and various contract-specific commons. 2. Provide a governance framework to align various stakeholders in the success of a Data Commons. 3. Provide index, metadata, transfer and other value services supporting data commons activities. 4. Manage cloud computing infrastructure such as the Open Science Data Cloud, to support scientific, environmental, medical and health care research. 1. Open Cloud Consortium (continue…) 5. Manage cloud computing testbeds, such as the Open Cloud Testbed, to improve cloud computing software and services. 6. Develop reference implementations, benchmarks and standards, such as the MalStone Benchmark, to improve the state of the art of cloud computing. 7. Sponsor workshops and other events related to cloud computing and data commons to educate the community. 2. Open Virtualization Format Open Virtualization Format (OVF) is an open standard for packaging and distributing virtual appliances or, more generally, software to be run in virtual machines.

An OVF package contains multiple files in a single directory.

The directory always contains an Extensible Markup Language (XML) file called the OVF descriptor with the name, hardware requirements, and references to other files in the package. 2. Open Virtualization Format (continue…)  In addition, the OVF package typically contains a network description, a list of virtual hardware, virtual drives, certificate files, information about the operating system (OS) and in some cases, a human-readable description of every information item. 2. Open Virtualization Format (continue…) The OVF specification defines two specific ways of grouping files:

1. OVF Package

– An OVF package is a group of files required for importing the virtual machine, and are generally found in a single folder. This is the minimum requirement of the specification. 2. OVA Package – An Open Virtualization Appliance (OVA) package is a single file archive of the .ovf file, .vhd file, .mf file and, if applicable, the .cert file. The OVF specification requires an archive to be in the TapeARchive (TAR) format. 2. Open Virtualization Format (continue…) Features of OVF include: Support for Content Verification: OVF supports integrity checking and the verification of content depending on the industry- standard public key infrastructure. It also provides a strategy for management and software licensing. Validation Support: While installing the virtual machine life cycle management process, OVF supports the validation of every single virtual machine and the complete package. Detailed user- readable descriptive information is also provided with every package. 2. Open Virtualization Format (continue…) Features of OVF include: Support for Single and Multiple Virtual Machine (VM) Configurations: OVF supports both standard single VM packages and complex multitier package services that include multiple interdependent VMs. Extensibility: OVF is designed to be extensible, and can support new technological advancements. Enables Portable Packaging: Because the OVF is platform- independent, it allows for platform-specific enhancements. Vendor and Platform Independence: OVF is independent of a specific host platform, virtualization platform, or guest operating system. 3. Standards for Application Developers 1. Browsers (AJAX) : – Ajax (Asynchronous JavaScript And XML) is a set of Web development techniques on the client side to create asynchronous Web applications.

– Web application communicates with a server in the background, without interfering with the current state of the page. 3. Standards for Application Developers Following technologies are incorporated: 1. HTML (or XHTML) and CSS for presentation 2. The Document Object Model (DOM) for dynamic display of and interaction with data 3. JSON or XML for the interchange of data, and XSLT for its manipulation 4. The XMLHttpRequest object for asynchronous communication 5. JavaScript to bring these technologies together 3. Standards for Application Developers 2. JASON (JavaScript Object Notation) : – Douglas Crockford originally specified the JSON format in the early 2000 which is a lightweight data-interchange format.

– It is based on a subset of the JavaScript Programming Language

– It is a very common data format used for asynchronous browser–server communication, including as a replacement for XML in some AJAX-style. 2. JASON (continue) : A possible JSON representation describing a person. 3. Standards for Application Developers 3. Solution Stack : – Solution stack or software stack is a set of software subsystems or components needed to create a complete platform without any additional software support.

– Applications are said to "run on" or "run on top of" the resulting platform.

– Ex. To develop web application the stack can be target OS, web server, database, and programming language. 3. Standards for Application Developers 3. Solution Stack : – Solution stack or software stack is a set of software subsystems or components needed to create a complete platform without any additional software support.

– Applications are said to "run on" or "run on top of" the resulting platform.

– Ex. To develop web application the stack can be target OS, web server, database, and programming language. 3. Standards for Application Developers 3. Solution Stack (continue…) : – LAMP

– It is model of web service stacks, named as an acronym of its four open-source components: the Linux operating system, the Apache HTTP Server, the MySQL relational database management system (RDBMS), and the PHP programming language. 3. Standards for Application Developers 3. Solution Stack (continue…) : – LAMP components are largely interchangeable and not limited to the original selection.

– As a solution stack, LAMP is suitable for building dynamic web sites and web applications 3. Standards for Application Developers 3. Solution Stack (continue…) : – LAPP

– The LAPP stack is an open source web platform that can be used to run dynamic web sites and servers.

– It is considered as a powerful alternative to LAMP stack.

– It includes Linux, Apache, PostgreSQL (instead of MySQL) and PHP, Python and Perl. 3. Standards for Application Developers 3. Syndication (Atom, Atom Publishing Protocol, and RSS) – A group of people or companies who join together in order to share the cost of a particular business operation for which a large amount of money is needed.

– The name Atom is related to pair of related Web standards. The Atom Syndication Format is an XML language used for web feeds.

– Atom Publishing Protocol (AtomPub or APP) is a simple HTTP- based protocol for creating and updating web resources 3. Standards for Application Developers 3. Syndication (Atom, Atom Publishing Protocol, and RSS) – RSS is a family of Web feed formats used to publish updated content such as blog entries, news headlines or podcasts. – An RSS document, which is called a "feed," "web feed," or "channel," contains either a summary of content from an associated web site or the full text. – RSS makes checking website automated. 3. Standards for Application Developers 3. Standards for Application Developers 4. RSS (Really Simple Syndication) – Syndication: Transfer of something for control or management by a group of individuals or organizations. – Versions of Web content syndication: • RDF Site Summary (RSS 0.9, RSS 1.0) • Rich Site Summary (RSS 0.91, RSS 1.0) • Really Simple Syndication (RSS 2.0) – It represents the standardized web feed syndication. Originally developed by Netscape 3. Standards for Application Developers 4. RSS (continue...) – It is a type of web feed which allows users to access updates to online content in a standardized, computer-readable format. – RSS is an XML-based format and used in different ways for content distribution. – Its most widespread usage is in distributing news headlines on the Web. 3. Standards for Application Developers 4. RSS (continue...) – There are many RSS readers that offer a free version and an upgraded version. Here are a few popular readers: • Feedly for web, iOS, Android • Panda is a Chrome extension, web, iOS • Reeder 3 for Mac and iOS • Feeder for Android, Chrome, and iOS • Feedreader for Windows 3. Standards for Application Developers 4. RSS (continue...) – There are millions of RSS feeds worldwide that can be subscribed. – CNN RSS – NFL football news feeds – BBC news feeds – Hurricane Watch news feeds – BBC – TechCrunch – Wired RSS feeds 4. Security Standards 1. SAS 70 (Statement on Auditing Standards No. 70) – Most commonly adopted security standard. – Roughly 67% of cloud service providers follow SAS 70 – Internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). – Defines standards an auditor must employ in order to assess the contracted internal controls 4. Security Standards 2. PCI DSS (Payment Card Industry Data Security Standard) – 42% of cloud service providers follow the PCI DSS standard. – Global security standard that applies to all organizations which hold, process or exchange credit card or credit card holder information. – This standard was created to give the payment card industry increased controls around data and to ensure it is not exposed. – It is also designed to ensure that consumers are not exposed to potential financial or identity fraud and theft when using a 4. Security Standards 3. ISO 27001 – 33% of cloud service providers adhere to ISO 27001, published in 2005. – It is specification for an Information Security Management System (ISMS). – The objective of ISO 27001 is to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving ISMS. 4. Security Standards 3. ISO 27001 (continue...) – ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization's information risk management processes. 4. Security Standards 4. NIST (National Institute of Standards and Technology) – Originally designed for federal agencies, emphasize the importance of security controls and how to implement them. – The NIST standards specifically designed for government, but have recently been adopted by the private sector as well. – NIST covers what should be included in an IT security policy and what can be done to boost security, how to manage a secure environment, and applying a risk management framework. – 25% of cloud service providers adhere to NIST standards.