Cloud Computing for Architects using Openstack

Course details

Cloud Computing is gaining increasing attention within enterprises of all shapes and sizes, but few technologists actually know how to properly scope, design, and construct Cloud solutions. Taking standard software applications, databases, and user interfaces and deploying them in a Cloud environment is a recipe for disaster. Proper scoping, usage modeling, and careful design are all essential to success in the Cloud.

This two day class begins with an examination of the Cloud Computing concept, the structure and key characteristics of Clouds, and takes a look under the hood at how they operate. From there, students are introduced to a Cloud Reference Model and explore various aspects of Cloud solution design from discovery throughout the lifecycle of a Cloud solution all the way to retirement. Special attention is given to requirements and Cloud utilization analysis, Cloud solution design strategies, and deployment scenarios.

Who should attend?

Enterprise Architects, Solution Architects, Information Technology Architects, Senior Developers, and Team Leads.

Course Prerequisites

Foundational Knowledge in distributed computing and Web-based architecture

Topics Covered

• Cloud Reference Model
• Cloud Risks and Risk Mitigation
• OpenStack Platform
• Cloud Design Strategies
• Security in the Cloud
• Cloud Governance
• Cloud SLAs

Course Content

Chapter 1. Defining the Cloud

• A Bit of History
• Wikipedia Entry
• Cloud Computing at a Glance
• Gartner Research on Cloud
• Electrical Power Grid Service Analogy
• The NIST Perspective
• Five Characteristics
• On-demand Self-Service (NIST Characteristic)
• Broad Network Access (NIST Characteristic)
• Resource Pooling (NIST Characteristic)
• Rapid Elasticity (NIST Characteristic)
• Measured Service (NIST Characteristic)
• The Three Cloud Service Models (NIST)
• The Cloud Computing Spectrum: IaaS, PaaS and SaaS
• The Four Cloud Deployment Models (NIST)
• The NIST Cloud Definition Framework
• A Hybrid Cloud Diagram
• Cloud Deployment Model Dynamics

Chapter 2. The Cloud Enablers

• The Origin of the Cloud Computing
• Virtualization
• Hypervisors
• Hypervisor Types
• Type 1 hypervisors
• Type 2 hypervisors
• Type 1 vs Type 2 Processing
• Paravirtualization
• Applying Virtualization to the Cloud
• Virtualization Qualities (1/2)
• Virtualization Qualities (2/2)
• Grid Computing vs Cloud Computing
• Myth: Cloud is SaaS
• SOA and the Cloud

Chapter 3. Cloud Reference Model

• The Need for a Cloud Reference Model
• Cloud Reference Model
• Cloud Infrastructure
• Cloud Infrastructure – Virtual Machines
• A Bootable OS Image
• Defining a “Compute Unit”
• Instance Templates (Flavors)
• Launching an Instance in OpenStack
• Block Storage for Instances
• Cloud Infrastructure – Cloud Object Storage
• Additional Data Storage Options
• Cloud Multi-Tenancy Model
• Common Characteristics of Multi-tenant Applications (1/2)
• Common Characteristics of Multi-tenant Applications (2/2)
• The PaaS Platform
• Google App Engine (GAE) PaaS Overview
• GAE’s Stats
• Google Cloud Storage
• The SaaS Platform
• Cloud Service Model Implementations
• Google Compute Engine’s Simplified Architecture
• Google Cloud Platform

Chapter 4. OpenStack

• What is OpenStack
• OpenStack Main Components/Services
• Release History (Since the
• Folsom
• Release)
• Compute (Nova)
• Main Compute (Nova) modules/services
• Creating OpenStack VM Instances
• Image (Glance)
• Object Store (Swift)
• Components of Swift
• Dashboard (Horizon)
• Launching a Virtual Instance in Horizon
• Block Storage (Cinder)
• Identity (Keystone)
• Networking (Neutron, formerly Quantum)
• OpenStack Networking
• Telemetry (Ceilometer)
• Orchestration (Heat)
• Heat Templates
• Pulling It All Together
• Building OpenStack Environments
• Using Automated Configurators
• Managing OpenStack Clouds

Chapter 5. The Cloud Economics

• Cloud Value Proposition
• Coping with Computing Demand the Traditional Way
• Coping with Computing Demand the Cloud Way
• Cloud economics
• You Can Move Your Cloud Apps Closer to Your Clients!
• Be Aware of What You Ask For!
• Do Clouds Compute?
• Total Cost of Ownership (TCO)
• Cloud Infrastructure – Vendor Comparison
• Select Expected Benefits
• You Still Need …
• Financial Management and Tracking
• Calculate initial, simple return
• Calculate Returns for on-going Usage
• How to Practically Estimate Your Cloud Bill?
• Shop Around (Within the Same Shop)
• Discounted Object Storage: Amazon Glacier
• Amazon S3 Cost Monitoring
• Google Compute Engine Per-Minute Billing

Chapter 6. Cloud Risks and Risk Mitigation

• Cloud Risks
• Failure-As-A-Service in 2009
• Service Quality
• Malicious Insiders
• Shared Technology Vulnerabilities
• Data Loss/Leakage
• Data Loss / Leakage Causes
• Account, Service & Traffic Hijacking
• Unknown Risk Profile
• Mitigating Cloud Security Risks
• Five Mitigation Strategies
• Federated ID
• Multi-layer Inspection
• Centralized Management
• Virtual Desktop Protection
• Look toward standards
• Problem Resolution
• Data Back-up
• Risks When Supporting Clouds: Provisioning
• Liability
• Security

Chapter 7. Cloud Security

• The Heartbleed OpenSSL Bug
• A Notable Breach (a Spear-phishing Attack Example)
• Cloud Vendor Security Certifications
• Google Compute Engine Data Security
• Cloud Access Security Features
• Security of Cloud Vendor Networks
• Insecure Interfaces
• Top Threats for Cloud Computing
• The Common Cloud Security Concerns
• Authorization and Data Access Constraints
• Cloud Security Domains
• The CIAs of Security
• Access Control: Physical Security
• Access Control: Authentication & Authorization
• Federated Identity Management
• Access Control: Auditing
• Identity Management
• AWS Identity and Access Management Service
• Security in the Google Cloud
• GAE Cloud Security Module
• Application Security
• Application Multi-Layer Security Design
• Access Control List Extensions
• Information and Data Security
• Data-at-rest Security
• Amazon S3 Security
• Amazon S3 Security (Cont.)
• Network Security
• Operational Security
• DevOps Security Concerns

Chapter 8. Cloud Services

• Defining Cloud Services
• User-Cloud Interaction
• Cloud Service Characteristics
• The Typical Cloud Services
• Application Services
• Messaging Application Service
• Email Application Service
• Cache Application Service
• Specialized Application Services
• AWS Analytics Systems
• Google App Engine (GAE) MapReduce Service
• Use Cases for MapReduce Jobs
• Integration Platform as a Service (IPaaS)
• Storage Services
• Object Storage
• Archive Storage
• Relational Storage
• NoSQL Storage
• Some AWS Storage Services
• Data Warehouses in the Cloud
• Cloud Utility Services
• Scalability and HA of Your Applications in the Cloud
• The Auto-scaling Service
• Monitoring Services
• Configuring Instance Health Check in AWS
• Amazon Web Services Integration Diagram
• Google App Engine (GAE) Services Integration Diagram
• Microsoft Azure Services
• Comparing Cloud Service Stacks

Chapter 9. Adopting Your Very Own Cloud

• What Drives Cloud Adoption?
• What May Go to the Cloud?
• Capacity Planning
• Critical Run-time and Storage Parameters
• The Cloud Adoption Stages (Example)
• Getting to the Cloud (Example Road Map)
• Pre-Cloud Stages
• Cloud Stages
• Cloud Stages (Cont’d)
• Cloud Adoption Steps
• Identify your business drivers (Step #1)
• Get Educated (Step #2)
• Get Educated (Things to Avoid … )
• Articulate a Value Proposition (Step #3)
• Define one or more scenarios (Step #4)
• Produce a Road Map (Step #5)
• Gain Stakeholder Buy-in (Step #6)
• Establish Governance (Step #7)
• Invest in Infrastructure (Step #8)
• Cloud Pilot (Step #9)
• Scoping the Pilot Project
• Pilot Project Scope (Cont’d)
• Enterprise Roll-out (Step #10)
• Start Small and Grow Incrementally
• Amazon WS Technical Lessons When Moving To the Cloud
• Hype Cycle and Technology Adoption Model

Chapter 10. OpenStack Security

• OpenStack Cloud Perimeter Security
• System Perimeter Security
• OpenStack Virtual Instance Security
• OpenStack Security Considerations
• Linux Kernel-Based Firewall
• OpenStack Security Groups
• Nova Client Security Group Commands
• Nova REST API for Security Group Administration
• Nova Security Command Examples
• Identity Management with Keystone
• Keystone Command-line
• Example of a Keystone Command
• Keystone REST API
• Example of Keystone RESTful Request

Chapter 11. Cloud Design Strategies

• Implications of Vendor Lock-In
• Dealing with Vendor-specific Service API
• Know Your Cloud Application’s Needs
• Data Physics
• Cloud Design Strategies
• Designing for Scalability
• Designing for Cloud Availability
• Designing for Failure
• Designing for Cloud Security
• Designing for Cloud Security – OWASP 10
• Designing for Cloud Security – OWASP 10 (Cont’d)
• Designing for Cloud Security – Multi-Factor Security
• Stepping Across Site Silos
• Stepping Across Site Silos – the SAML Protocol
• Stepping Across Site Silos – t
• he OpenID Protocol
• SAML vs OpenID
• History of OAuth
• Stepping Across Site Silos – OAuth
• Selecting the Right Storage
• (Cont’d)
• Designing for Cloud Management
• Designing for Cloud Maintainability
• Other Considerations
• Designing for Cloud Service Reuse
• Designing for Cloud Service Reuse (Cont’d)
• Designing for Cloud Agility
• Designing for Cloud Usability
• Additional Usability Considerations

Chapter 12. Cloud Governance

• IT Governance
• IT Governance (Cont’d)
• Unmanaged Clouds
• Defining Cloud Governance
• Defining Cloud Governance (Cont’d)
• An Internal Service Registry and Repository
• IBM WebSphere Service Registry and Repository (Example)
• Cloud Risks to Consider
• Top Cloud Computing Consumer Risks
• Top Cloud Computing Provider Risks
• Risk Mitigation
• Governance and Risk Mitigation
• Cloud Governance Model
• Roles and Responsibilities
• Policies and Procedures
• Governing Cloud Services
• Business alignment
• Asset Ownership
• Contract-driven Services
• Contract-driven Services (Cont’d)
• Agile IT in the Cloud
• The Cloud Systems Checklist
• Capacity Planning Concepts and Challenges
• Governance Best Practices
• Governance Best Practices (Cont’d)
• Governance Gotchas

Chapter 13. Cloud SLAs

• What is an SLA?
• Two SLA Management Phases
• Some SLA Parameters
• The Importance of Cloud SLAs
• Amazon Storage SLAs
• Understanding your SLA
• Example of Google Infrastructure Failure Rates
• Assess Consequences for Your Business
• Characteristics of a Service Quality Metric
• Service Quality Metrics
• SLA Monitoring Components