Infrastructure as a Service

Physical facilities and infrastructure hardware form the foundation of IaaS. With cloud computing we abstract and pool these resources, but at the most basic level we always need physical hardware, networks, and storage to build on. These resources are pooled using abstraction and orchestration. Abstraction, often via virtualization, frees the resources from their physical constraints to enable pooling. Then a set of core connectivity and delivery tools (orchestration) ties these abstracted resources together, creates the pools, and provides the automation to deliver them to customers.
All this is facilitated using Application Programming Interfaces (APIs). APIs are typically the underlying communications method for components within a cloud, some of which (or an entirely different set) are exposed to the cloud consumer to manage their resources and configurations. Most cloud APIs these days use REST (Representational State Transfer), which runs over the HTTP protocol, making it extremely well suited for Internet services.
In most cases, those APIs are both remotely accessible and wrapped into a web-based user interface. This combination is the cloud management plane, since consumers use it to manage and configure the cloud resources, such as launching virtual machines (instances) or configuring virtual networks. From a security perspective, it is the both the biggest difference from protecting physical infrastructure (since you can't rely on physical access as a control) as well as the top priority when designing a cloud security program. If an attacker gets into your management plane, they potentially have full remote access to your entire cloud deployment.
Thus IaaS consists of a facility, hardware, an abstraction layer, an orchestration (core connectivity and delivery) layer to tie together the abstracted resources, and APIs to remotely manage the resources and deliver them to consumers.
Here is a simplified architectural example of a compute IaaS platform:
Simplified IaaS Architecture
This is a very simple diagram showing the compute and storage controllers for orchestration, hypervisors for abstraction, and the relationship between the compute and storage pools. It omits many components, such as the network manager.
A series of physical servers each run two components: a hypervisor (for virtualization) and the management/orchestration software to tie in the servers and connect them to the compute controller. A customer asks for an instance (virtual server) of a particular size and the cloud controller determines which server has the capacity and allocates an instance of the requested size.
The controller then creates a virtual hard drive by requesting storage from the storage controller, which allocates storage from the storage pool, and connects it to the appropriate host server and instance over the network (a dedicated network for storage traffic). Networking, including virtual network interfaces and addresses, is also allocated and connected to the necessary virtual network.
The controller then sends a copy of the server image into the virtual machine, boots it, and configures it; this creates an instance running in a virtual machine, with virtual networking and storage all properly configured. Once this entire process is complete, the metadata and connectivity information is brokered by the cloud controller and available to the consumer, who can now connect to the instance and log in.

Comments

Post a Comment

Popular posts from this blog

Characteristics of Cloud Computing

Described as: On-demand computing, pay as you go, software as a service, utility computing Usually costs, but cost-effective Emphasizes availability Virtualization Scalable (expand on current hardware) Elastic (dynamically add hardware as needed by application/user) Distributed and highly parallel approach Replication, replication, replication. On-demand self service: Cloud computing resources can be provisioned on-demand by the users, without requiring interactions with the cloud service provider.   The process of provisioning resources is automated. Broad network access: Cloud computing resources can be accessed over the network using standard access mechanisms that provide platform-independent access through the use of heterogeneous client platforms such as workstations, laptops, tablets and smartphones. Resource pooling: The computing and storage resources provided by cloud service providers are pooled to serve multiple users using multi-tenancy. Multi-tenant aspects o
Read more

Cloud Architectures

Image
Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. cloud computing customers do not own the physical infrastructure. Cloud computing users avoid capital expenditure ( CapEx ) on hardware, software, and services when they pay a provider only for what they use. Low shared infrastructure and costs, low management overhead, and immediate access to a broad range of applications
Read more

Logical Model

Image
At a high level, both cloud and traditional computing adhere to a logical model that helps identify different layers based on functionality. This is useful to illustrate the differences between the different computing models themselves: Infrastructure:  The core components of a computing system: compute, network, and storage. The foundation that every else is built on. The moving parts. Metastructure:  The protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration. Infostructure:  The data and information. Content in a database, file storage, etc. Applistructure:  The applications deployed in the cloud and the underlying application services used to build them. For example, Platform as a Service features like message queues, artificial intelligence analysis, or notification services. Different security focuses map to the different logical layers. Ap
Read more