Cloud computing and CDNs

By Olafur Ingthorsson on June 22, 2010 in Cloud Computing and Cloud Networking. 0 Comments

Normally, cloud computing services and applications are delivered to users through an Internet connection. This is one of the pillars of cloud computing, making it distributed, accessible and affordable from wherever and, increasingly, via various wireless devices. But what about organizations that want something more than a “best effort” service delivery through the Internet?

Well, obviously there are several alternatives, including managed networks, e.g. MPLS, ATM and, in the future, many other types of virtual networks that run across  multiple physical networks or substrates.

But then there is the possibility of Content Delivery Network or CDNs like Akamai and Limelight Networks, which promise a better than best effort service or content delivery. Although the CDNs use in fact the Internet as the mechanism for carrying traffic, they strategically distribute replication servers (sometimes called Surrogates) in the network that replicated content stored on a origin server or servers farms.  Users accessing content from a particular server are directed to the most appropriate “surrogate” based on multiple criteria, including distance, network congestion, etc., determined by a load balancer in the network that calculates the most efficient delivery route. CDN providers use a combination of technologies to provide better than best effort service delivery, including the distributed surrogates, or caching servers, mention, but also by using different proprietary protocols/algorithms than the native Internet uses for inter-network communications, i.e. the Border Gateway Protocol, and by reducing drag caused by TCP multiple round trips to set up and tear down connections.

It is interesting to note that already some cloud providers have started to integrate CDNs into their products offering. This includes for example Rackspace that offers a storage solution called CloudFiles that is integrated with the Limelight CDN. Through the CDN, content can be distributed, cached and shared in edge locations throughout the world – so that users gain access to content from a nearby surrogate.

It will be interesting to follow this trend as see if and how more and more cloud service providers will integrate CDNs to their service offerings.

Networking technologies in Cloud Computing

By Olafur Ingthorsson on April 30, 2010 in Cloud Networking. 0 Comments

Recently, I participated in a research study under the auspices of Eurescom, working with research colleagues from Telenor, PT Inovacao (Portugal Telecom – Innovation) and Orange Labs (France Telecom). Our objective was to analyse Cloud Computing as both a technology concept and service delivery model, especially from its networking perspective, and its implications for telcos in general. We studied the current and promising networking technologies used in the Cloud, internally and externally, including WAN technologies and Data Center interconnections.

Long-distance interconnections (WAN and MAN) between data centers are obviously based on IP standards (over ATM, Ethernet, SONET/SDH) and, more recently, on MPLS with QoS and native interconnection capabilities. For high bandwidth and ultra-low latency, DWDM (Dense Wavelength Division Multiplexing) appears to be very promising as a future high-performance WAN transport technology – mainly due to its capabilities of multiplexing multiple optical signals and being protocol and bit-rate independent (agnostic). Further on the horizon, new WAN networking technologies are still on the research stage, including the concept of Lambda networking that promises low-cost, high-capacity circuits in long-haul and metro systems.

Inside data centers , however, where network servers, storage systems and network nodes/elements are interconnected, three LAN networking technologies are prevailing:

Where, currently, Ethernet is the most frequently used. An important trend today is to deploy 10 Gb Ethernet (10GBE) equipment and networks – extending Ethernet’s capacity and support for more traffic patterns. FiberChannel is mostly used in scientific computing and storage area networks (SAN) whereas InifiBand is almost exclusively deployed in scientific and engineering simulation networks, e.g. using clustered servers.

Obviously, there are even more networking technologies and protocols available for supporting the delivery of Cloud services. This is an ever-emerging ecosystem of new innovations and improvements that will continue to evolve in multiple directions. For the Cloud vendor or service provider, it is, however, necessary to understand the strengths and weaknesses of individual networking technologies and how they most effectively can be applied in their current surroundings or technical infrastructure, whether that is inside a data center or in the transport sphere.

Tags: , .

Network bottlenecks in Cloud Computing

By Olafur Ingthorsson on April 26, 2010 in Cloud Networking. 0 Comments

Many enterprises are understandably reluctant in moving their core applications to the cloud, primarily due to security issues but also due, perhaps equally, to concerns of poor network performance. According to a recent report from the Yankee Group, many thought leaders, including Trend Micro, Cisco and CSL, say the issue of latency and poor performance is, at least temporarily, hindering the adoption of cloud computing.

This is not surprising. Quality of service delivery in the Cloud is intrinsically integrated with the network, its infrastructure and capacity. As migration to the Cloud continues, network operators face increasing challenges of upgrading the network infrastructure. This includes fixed infrastructure, including last-mile and first-mile as well as mobile networks like 3G and 4G. Many operators are already challenged with current unsatisfactory ROI – mainly due to flat pricing structures and “all-you-can-eat” data packages. How operators can justify increased investments in network infrastructure without changing pricing models remains difficult to see – unless they are, perhaps, also the Cloud provider themselves.

This is in fact the strategy Google seems to be pursuing by gradually increasing their network infrastructure possession. The latest example is their intention to connect up to 500.000 homes with 100Mbps fiber optic broadband connections (fiber-to-the-home), directly competing with the traditional telecom networks providers like Verizon. AT&T and Comcast. Google wants to provide rich Internet applications directly to the user – from the Cloud – eliminating network latency bottlenecks as much as possible. This probably includes bandwidth hungry high-def video applications, VoIP (Voice-Over-IP) and, of course, virtualized desktops a.l.a Google Chrome OS, where the desktop is actually being transferred to the Cloud and run from a lightweight network operating system (e.g. Chome OS). Google clearly foresees that all, or most, application will be run from the Cloud. Most likely, in my opinion, their vision will materialize in the coming years.

Tags: , .

Cloud computing – top threats

By Olafur Ingthorsson on April 14, 2010 in Cloud Security. 0 Comments

Last month, The Cloud Security Alliance (CSA) published a short security guidance paper with an interesting overview of the top 7 threats to Cloud Computing (version 1.0) – according to their analysis. The paper can be used as a simple guideline for addressing, and perhaps checking off, all the major security concerns associated with implementing cloud computing and its different service modes.

Cloud Computing: Security Threats

This is important especially as people often lack an overview of all the potential security vulnerabilities associated with cloud computing. As pointed out in the paper, it is seen as a companion to the much more detailed “Security Guidance for Critical Areas in Cloud Computing” from the SCA (version 2.1 issued in Dec. 2009). The paper includes the top 7 following threats that need to be addressed – in accordance with the type of cloud computing adoption, i.e. “IaaS”, “PaaS”, “SaaS”:

#1: Abuse and Nefarious Use of Cloud Computing (IaaS, PaaS)
#2: Insecure Interfaces and APIs (IaaS, PaaS, SaaS)
#3: Malicious insiders (IaaS, PaaS, SaaS)
#4: Shared Technology Issues (IaaS)
#5: Data Loss or Leakage (IaaS, PaaS, SaaS)
#6: Account or Service Hijacking (IaaS, PaaS, SaaS)
#7: Unknown Risk Profile (IaaS, PaaS, SaaS)

The threats are equally important – and should reflect the critical threat concerns in Cloud Computing that organizations experience during their adoption processes. The CSA short paper was influenced by a more detailed European research paper produced by ENISA (European Network and Information Security Agency) called “Cloud Computing: Benefits, Risks and Recommendations for Information Society“, published in Nov. 2009.

Tags: , .

Cloud computing – data privacy and compliance

By Olafur Ingthorsson on March 25, 2010 in Cloud Security. 1 Comment

Often, when the cloud computing discussion takes off, especially in relation to public clouds, one recurring issue soon emerges, namely, the the issue of data privacy and responsibility. It seems clear that different legislations related to data privacy and, especially, cross-border transfer of data is causing a lot of uncertainty and retention by many IT managers considering cloud services. Especially does this relate to certain type of data, e.g. financial information, health records and personal identifiable information. With the global distribution of data centers and the opaquenature of data location in many cloud services – e.g. do you actually now where your Google Apps information is physically stored? – complicates matters further. Compliance with local regulatory issues can be a thorny and sensitive issue, especially for organizations. There are many questions that arise concerning data privacy, accessibility and administration, such as:

  • Data seizure due to legal investigation – organizations need to adhere to local legislation
  • What is the accessibility of local authorities to data under investigation residing in a different jurisdiction
  • Fear of infringement of data protection rights due to seizure of a server in the host jurisdiction
  • Data losses caused by cloud provider and unauthorized disclosures in the cloud
  • The cloud provider goes bankrupt – what happens to my data

If an organization migrates data, application or processes to a cloud provider in another jurisdiction it is still fully responsible for that data and needs to apply to local data protection legislation and regulations when handling personal data. In a public cloud environment this can be difficult as the organization is unlikely to know if and when data is moved, where and how it is stored and, sometimes, who has access to it and what particular security measures are in place. Therefore, it is quite possible that a dispute can arise about who is actually responsible for data protection compliance. Organizations need to be particularly careful when selecting a third-party cloud provider with this in mind and should in all circumstances require a written declaration describing how the provider will address compliance with local legislation and provide assurance in the event of data losses or unauthorized disclosures. Even better, requesting SLAs and certifications of quality and operational control, e.g. equivalent to a SAS 70 Report – Type II (Statement on Auditing Standard 70).

Tags: , , .

The emergence of mobile cloud computing

By Olafur Ingthorsson on March 19, 2010 in Mobile Cloud Computing. 10 Comments

Did yo know that digital media entertainment (DME) traffic currently represented by the iPhone is already 35 times higher than that created by traditional handsets? Many analysts believe that most mobile apps will move from being handset-centric (thick-clients) to the cloud so that mobile terminals will run applications directly from the cloud – especially as apps become larger and feature rich. Today, this is not necessarily the case.

Take iPhone for example – where users purchase and download apps from iTunes AppStore for running them on the phone, although some apps may support back-end processing and data storage as well. Evidently this will change – and why shouldn’t it? Mobile cloud computing is certainly just another method of delivering software applications in a service fashion over the network – in this case wirelessly, e.g. via WiFi and mobile broadband networks such as 3G and WiMax. Mobile network equipment manufacturers and providers are promising that their future Long-Term-Evolution (LTE) platforms will support approximately 170Mbit/s data rate speed (uplink and downlink) in each cell – although in reality the throughput is probably going to be somewhat lower. Obviously the available speed will be dynamically distributed between users within each cell – the more users the less bandwidth for each user.

Users will be able to seamlessly transfer from WiFi networks to mobile operator broadband networks, and vice versa, without necessarily knowing what network he or she is accessing at any particular time. The handset, e.g. smartphone, will make sure that it is selecting and using the most beneficial connection in terms of cost and quality.

Mobile cloud computing

Clearly, this will improve user experience and flexibility and enhance service delivery. Users can access SaaS apps irrelevant of their device, fixed or wireless, PC or smartphone. It should be noted that many analysts, including ABI Research, assert that cloud computing will soon become a disruptive force in the mobile world and, eventually, becoming the dominant way in which mobile applications operate and are delivered.
Tags: , , .

Improving service delivery in cloud computing

By Olafur Ingthorsson on February 3, 2010 in Cloud Computing. 8 Comments

It’s obvious that one of the primary reason enterprises are reluctant to move resources to the cloud, and cloud computing, is the inherent bottlenecks and unreliability of the Internet – as the primary networking mode service delivery channel. The Internet possesses several critical problems that expose its weaknesses in providing adequate network performance and quality levels. These include:

  • Peering point problems. Peering points separate Internet networks for the purpose of exchanging traffic between customers of each network. Peering is normally a settlement-free “swapping” (exchange) of data from one network provider to the other – forming the backbone of the Internet. Unfortunately, perhaps largely due to the settlement-free nature, there has been lack of economical incentives for network operators in sufficiently upgrading their peering routers to handle increasing network traffic. (Depeering is another process that I will not go into). While the “first mile” (from data center to the Internet/WAN) and the “last mile” (from end-user to the Internet/WAN) have received significant investments, the “middle mile” (i.e. the Internet) has lagged behind.
  • Border Gateway Protocol (BGP), the Internet’s inter-network routing protocol determines how data packets travel from one network to another in the cloud. The problem with BGP lies in its slow routing capabilities, especially when making fine distinctions between the traffic on multiple routes. This results in lack of performance and reliability of service delivery in the cloud.
  • TCP bottlenecks. TCP is the Internet’s primary communication protocol – providing reliable, ordered delivery of a stream of bytes from a program on one computer to another program on another computer. However, TCP was designed for reliability rather than efficiency and often causes drag (delay) in packet delivery due to its multiple round-trips to set up and tear down connections. This is a overhead that can be especially detrimental to the performance of SaaS and PaaS-based enterprise applications.

So, if these are the main concerns for good network performance and reliable service delivery on the Internet, what can be done to mitigate these? Well, there are probably several different measures that can be taken, and depends on both the cloud service provider, network provider(s) and the enterprise using the cloud computing services and include:

  • Using a overlay network, e.g. from CDN providers like Akamai or Limelight Networks. These providers use edge servers and multiple (proprietary) optimization schemes to improve network performance and quality levels of content delivery.
  • Use managed IP network services. Many network providers offer private IP connections, e.g. from a particular data center (cloud provider) to an enterprise, promising quality of service and much better performances than over the public Internet. Today, the MPLS (Multi-Protocol-Layer-Switching) data-carrying mechanism is becoming prevalent in modern networks for high-performance delivery.
  • Consider the new FASP (Fast and Secure Protocol), originally designed by Aspera, for improving efficiency and throughput. Amazon AWS plan to offer FASP in its services.

Having said this, it becomes obvious that companies do not have to rely completely on the Internet for service delivery if they aspire to use public cloud computing services. There are several ways to improve network performances and reliability as I have pointed out – and there are probably even more ways available!

Tags: , , .