Thomas Erl is a top-selling IT author, founder of Arcitura Education, editor of the Service Technology Magazine and series editor of the Prentice Hall Service Technology Series from Thomas Erl. With more than 175,000 copies in print world-wide, his books have become international bestsellers and have been formally endorsed by senior members of major IT organizations, such as IBM, Microsoft, Oracle, Intel, Accenture, IEEE, HL7, MITRE, SAP, CISCO, HP, and many others. As CEO of Arcitura Education Inc. and in cooperation with [...] and [...], Thomas has led the development of curricula for the internationally recognized Cloud Certified Professional (CCP) and SOA Certified Professional (SOACP) accreditation programs, which have established a series of formal, vendor-neutral industry certifications obtained by thousands of IT professionals around the world. Thomas has toured over 20 countries as a speaker and instructor and regularly participates in international conferences, including Service Technology Symposium and Gartner events. More than 100 articles and interviews by Thomas have been published in numerous publications, including The Wall Street Journal and CIO Magazine.

Dr. Zaigham Mahmood is a published author of six books, four of which are dedicated to cloud computing. He acts as a technology consultant at Debesis Education UK and a Researcher at the University of Derby, UK. He further holds positions as a foreign professor and professor extraordinaire with international educational institutions. Professor Mahmood is a certified cloud trainer and a regular speaker at the International SOA, Cloud + Service Technology Symposium, and he has published more than 100 articles. His specialized areas of research include distributed computing, project management, and e-government.

Professor Ricardo Puttini has 15 years of field experience as a senior IT consultant at major government organizations in Brazil. He has taught several undergraduate and graduate-level courses in service orientation, service-oriented architecture, and cloud computing. Ricardo was the general chair of the 4th International SOA Symposium and 3rd International Cloud Symposium that was held in the spring of 2011. He holds a Ph.D. in Communication Networks (2004) from the University of Brasilia, where he has taught in the Electrical Engineering department since 1998. Ricardo spent 18 months at the L′Ecole Superieure d′Electricite (Supelec) in Rennes, France, during his Ph.D., where he started researching distributed system architecture and security.

Foreword xxix

Acknowledgments xxxiii

CHAPTER 1: Introduction 1

1.1 Objectives of This Book 3

1.2 What This Book Does Not Cover 4

1.3 Who This Book Is For 4

1.4 How This Book Is Organized 4

1.5 Conventions 9

Symbols and Figures 9

Summary of Key Points 9

1.6 Additional Information 9

Updates, Errata, and Resources ([...] 9

Referenced Specifications ([...] 10

The Service Technology Magazine ([...] 10

International Service Technology Symposium ([...] 10

What Is Cloud? ([...] 10

What Is REST? ([...] 10

Cloud Computing Design Patterns ([...] 10

Service-Orientation ([...] 11

[...] Certified Cloud (CCP) Professional ([...] 11

[...] SOA Certified (SOACP) Professional ([...] 11

Notification Service 11

CHAPTER 2: Case Study Background 13

2.1 Case Study #1: ATN 14

Technical Infrastructure and Environment 14

Business Goals and New Strategy 15

Roadmap and Implementation Strategy 15

2.2 Case Study #2: DTGOV 16

Technical Infrastructure and Environment 17

Business Goals and New Strategy 18

Roadmap and Implementation Strategy 19

2.3 Case Study #3: Innovartus Technologies Inc 20

Technical Infrastructure and Environment 20

Business Goals and Strategy 20

Roadmap and Implementation Strategy 21

PART I: FUNDAMENTAL CLOUD COMPUTING

CHAPTER 3: Understanding Cloud Computing 25

3.1 Origins and Influences 26

A Brief History 26

Definitions 27

Business Drivers 28

Capacity Planning 28

Cost Reduction 29

Organizational Agility 30

Technology Innovations 30

Clustering 31

Grid Computing 31

Virtualization 32

Technology Innovations vs. Enabling Technologies 32

3.2 Basic Concepts and Terminology 33

Cloud 33

IT Resource 34

On-Premise 36

Cloud Consumers and Cloud Providers 36

Scaling 37

Horizontal Scaling 37

Vertical Scaling 37

Cloud Service 38

Cloud Service Consumer 40

3.3 Goals and Benefits 40

Reduced Investments and Proportional Costs 41

Increased Scalability 42

Increased Availability and Reliability 43

3.4 Risks and Challenges 45

Increased Security Vulnerabilities 45

Reduced Operational Governance Control 45

Limited Portability Between Cloud Providers 47

Multi-Regional Compliance and Legal Issues 48

CHAPTER 4: Fundamental Concepts and Models 51

4.1 Roles and Boundaries 52

Cloud Provider 52

Cloud Consumer 52

Cloud Service Owner 53

Cloud Resource Administrator 54

Additional Roles 56

Organizational Boundary 56

Trust Boundary 57

4.2 Cloud Characteristics 58

On-Demand Usage 59

Ubiquitous Access 59

Multitenancy (and Resource Pooling) 59

Elasticity 61

Measured Usage 61

Resiliency 61

4.3 Cloud Delivery Models 63

Infrastructure-as-a-Service (IaaS) 64

Platform-as-a-Service (PaaS) 65

Software-as-a-Service (SaaS) 66

Comparing Cloud Delivery Models 67

Combining Cloud Delivery Models 69

IaaS + PaaS 69

IaaS + PaaS + SaaS 72

4.4 Cloud Deployment Models 73

Public Clouds 73

Community Clouds 74

Private Clouds 75

Hybrid Clouds 77

Other Cloud Deployment Models 78

CHAPTER 5: Cloud-Enabling Technology 79

5.1 Broadband Networks and Internet Architecture 80

Internet Service Providers (ISPs) 80

Connectionless Packet Switching (Datagram Networks) 83

Router-Based Interconnectivity 83

Physical Network 84

Transport Layer Protocol 84

Application Layer Protocol 85

Technical and Business Considerations 85

Connectivity Issues 85

Network Bandwidth and Latency Issues 88

Cloud Carrier and Cloud Provider Selection 89

5.2 Data Center Technology 90

Virtualization 90

Standardization and Modularity 90

Automation 91

Remote Operation and Management 92

High Availability 92

Security-Aware Design, Operation, and Management 92

Facilities 92

Computing Hardware 93

Storage Hardware 93

Network Hardware 95

Carrier and External Networks Interconnection 95

Web-Tier Load Balancing and Acceleration 95

LAN Fabric 95

SAN Fabric 95

NAS Gateways 95

Other Considerations 96

5.3 Virtualization Technology 97

Hardware Independence 98

Server Consolidation 98

Resource Replication 98

Operating System-Based Virtualization 99

Hardware-Based Virtualization 101

Virtualization Management 102

Other Considerations 102

5.4 Web Technology 103

Basic Web Technology 104

Web Applications 104

5.5 Multitenant Technology 106

5.6 Service Technology 108

Web Services 109

REST Services 110

Service Agents 111

Service Middleware 112

5.7 Case Study Example 113

CHAPTER 6: Fundamental Cloud Security 117

6.1 Basic Terms and Concepts 118

Confidentiality 118

Integrity 119

Authenticity 119

Availability 119

Threat 120

Vulnerability 120

Risk 120

Security Controls 120

Security Mechanisms 121

Security Policies 121

6.2 Threat Agents 121

Anonymous Attacker 122

Malicious Service Agent 123

Trusted Attacker 123

Malicious Insider 123

6.3 Cloud Security Threats 124

Traffic Eavesdropping 124

Malicious Intermediary 124

Denial of Service 126

Insufficient Authorization 127

Virtualization Attack 127

Overlapping Trust Boundaries 129

6.4 Additional Considerations 131

Flawed Implementations 131

Security Policy Disparity 132

Contracts 132

Risk Management 133

6.5 Case Study Example 135

PART II: CLOUD COMPUTING MECHANISMS

CHAPTER 7: Cloud Infrastructure Mechanisms 139

7.1 Logical Network Perimeter 140

Case Study Example 142

7.2 Virtual Server 144

Case Study Example 145

7.3 Cloud Storage Device 149

Cloud Storage Levels 149

Network Storage Interfaces 150

Object Storage Interfaces 151

Database Storage Interfaces 151

Relational Data Storage 151

Non-Relational Data Storage 152

Case Study Example 152

7.4 Cloud Usage Monitor 155

Monitoring Agent 155

Resource Agent 155

Polling Agent 157

Case Study Example 157

7.5 Resource Replication 161

Case Study Example 162

7.6 Ready-Made Environment 166

Case Study Example 167

CHAPTER 8: Specialized Cloud Mechanisms 169

8.1 Automated Scaling Listener 170

Case Study Example 172

8.2 Load Balancer 176

Case Study Example 177

8.3 SLA Monitor 178

Case Study Example 180

SLA Monitor Polling Agent 180

SLA Monitoring Agent 180

8.4 Pay-Per-Use Monitor 184

Case Study Example 187

8.5 Audit Monitor 189

Case Study Example 189

8.6 Failover System 191

Active-Active 191

Active-Passive 194

Case Study Example 196

8.7 Hypervisor 200

Case Study Example 201

8.8 Resource Cluster 203

Case Study Example 206

8.9 Multi-Device Broker 208

Case Study Example 209

8.10 State Management Database 210

Case Study Example 211

CHAPTER 9: Cloud Management Mechanisms 213

9.1 Remote Administration System 214

Case Study Example 219

9.2 Resource Management System 219

Case Study Example 221

9.3 SLA Management System 222

Case Study Example 224

9.4 Billing Management System 225

Case Study Example 227

CHAPTER 10: Cloud Security Mechanisms 229

10.1 Encryption 230

Symmetric Encryption 231

Asymmetric Encryption 231

Case Study Example 233

10.2 Hashing 234

Case Study Example 235

10.3 Digital Signature 236

Case Study Example 238

10.4 Public Key Infrastructure (PKI) 240

Case Study Example 242

10.5 Identity and Access Management (IAM) 243

Case Study Example 244

10.6 Single Sign-On (SSO) 244

Case Study Example 246

10.7 Cloud-Based Security Groups 247

Case Study Example 249

10.8 Hardened Virtual Server Images 251

Case Study Example 252

PART III: CLOUD COMPUTING ARCHITECTURE

CHAPTER 11: Fundamental Cloud Architectures 255

11.1 Workload Distribution Architecture 256

11.2 Resource Pooling Architecture 257

11.3 Dynamic Scalability Architecture 262

11.4 Elastic Resource Capacity Architecture 265

11.5 Service Load Balancing Architecture 268

11.6 Cloud Bursting Architecture 271

11.7 Elastic Disk Provisioning Architecture 272

11.8 Redundant Storage Architecture 275

11.9 Case Study Example 277

CHAPTER 12: Advanced Cloud Architectures 281

12.1 Hypervisor Clustering Architecture 282

12.2 Load Balanced Virtual Server Instances Architecture 288

12.3 Non-Disruptive Service Relocation Architecture 293

12.4 Zero Downtime Architecture 298

12.5 Cloud Balancing Architecture 299

12.6 Resource Reservation Architecture 301

12.7 Dynamic Failure Detection and Recovery Architecture 306

12.8 Bare-Metal Provisioning Architecture 309

12.9 Rapid Provisioning Architecture 312

12.10 Storage Workload Management Architecture 315

12.11 Case Study Example 321

CHAPTER 13: Specialized Cloud Architectures 323

13.1 Direct I/O Access...