Cloud Expo

Cloud is one of big buzz word for a couple of years now. Last year a friend of mine attended Cloud Expo in Prague and he was offered to attend this year too. And he offered the second day attendance to me. Pretty complicated, huh?

The interesting thing is that it might be one of turn points in my life! Last session on one of the tracks was called Cloud Forensics: Challenges and Opportunities by Ph.D. student at Dublin City Collage Keyun Ruan. I found it unbelievably interesting. I don’t want to leak anything here, but computer security is one of my interests for a while and in same time I would like to start study Ph.D. but I haven’t had the right topic up until now. I need to do my own research on this topic, but it seems that there is just a little publications on this topic so far.

The full notes from all sessions I have attended:

cloudexpo

• + –
  abiquo
  • history
    • web
    • vmware
    • salesforce.com
    • Amazon Cloud
    • 10 years of Cloud
    • same old IT model
  • virtualization 1.0 issues
    • disconnect between provisioning people vs. who use
    • provisioning takes too long (lack of agility)
    • separation of application (inside) on a scale
    • vendor lock-in
  • spaceship diagram
    • physical infrastructure
      • local/remote/hosting provider resources
    • virtual resources
      • cross all physical resources
      • allocation policy = set of business rules
    • libraries
      • private
        • stateless and statefull
      • shared
    • triangle
      • separation
        • of apps
      • delegation
        • one team is responsible for specific app
      • allocation
        • policy
  • policy based allocation
    • overspecification -> overbooking in cloud (deal with that by monitoring)
    • enterprise preferences based on SLA
  • benefits
    • reduce costs
      • IT team is focusing on more important tasks
      • increase agility
        • user can deploy OS in minutes
        • open posibility of temp projects
      • increased utilization
        • use every single piece of resource to turn on new machine
    • billing and chargeback
      • pay based on resource used
      • brokered resource provision (get the best deal in the market for cloud)
• + –
  Unisys: Storm Clouds
  • Tectonic shift
    • merge technology forces and business forces together
  • smoke and mirrors
    • concerns
      • saleseforce.com problem – patriot act -> moved to UK
      • portability
      • network latency
      • license management
      • less control
    • advantages
      • cost
      • agile
      • time to market
  • unisys cloud solution
    • internal cloud
    • secure external cloud
    • hybrid cloud
      • early 2011
  • stack redefined for building secure cloud
    • security
    • service management
    • provisioning
    • virtualization
  • how to make sure allocation policy is in place?
    • stealth technology in unisys
    • where data and who have access to them
  • mobility
  • WFH
    • easier in cloud computer
• + –

  how cloud improves security

  • group presentation
  • definistion (from security standpoind)
    • scapegoad
    • everybody blame cloud from insecurity
  • what keeps Joe CISO up at night
    • data corruption
    • theft or loss of sensitive data
    • unauthorized access
      • physical
      • logical
    • system availability
    • compliance
  • arguments agains cloud
    • multi-tenant
    • internet connection
      • risk mitigation
      • run on hightway
    • giving up control
• + –

  monoDB

  • open source
  • JSON and BSON
  • requires languaguage drivers
    • cannot communicate directly by browser
  • flexible schema
    • simply add one property and thats it
  • dynemic queries
  • secondary indexes
    • same as in SQL
  • map/reduce
  • UI
    • shell / javascript web interface
    • Basic CRUD
    • finding by example
      • db.users.remove({dark_side: false})
    • _id = Primary Key
      • default object
      • added automatically
  • in place updates
    • modified in memory
    • flush to disk later
  • atomic modifier operations
    • partial updates
  • Schema design
    • read vs. write patterns
    • $ operators
      • $or: [ {tags: „nosql“}, {tags: „monodb“}]
      • tags: {$in: [„nosql“,“monodb“] }
      • $where
  • gridFS
    • chunked binary storage
    • very scalable FS under monoDB
  • Scaling Up
    • replication
      • 1 master – many slaves
        • slaves read and change log (opslog)
    • replica set
      • a set o N nodes
      • one master
      • new master auto-elected
      • transparent to client
      • failover-friendly
      • some possible to lose data
    • auto-sharding
      • shard data by any key
      • over a number of replica sets
      • shards can be added anytime
      • architecture
        • routing process is point to talk for clients
        • configurators
        • and any number of shards
  • caveats
    • no joins
    • no transaction support
    • no single-server durability
    • all those things are tradeoffs for speed
  • what is the largest deployment you have seen so far?
• + –
  Cloud migration costs and risks
  • definition
    • on deman self service
    • resource pooling
    • rapid elasticity
    • measured service
    • board network access
  • cloud
    • software as a service
      • for long time (2001)
      • gmail netsuite, salesforce.com
    • platform as a service
      • google app engine
      • last 1,5 year
    • infrastructure as a service
      • amazon EC2, rackspace, GoGrid¸OpSource, Flexiscale
      • exciting area of cloud computing
    • migration process
      • select apps (services or components)
      • select IaaS provider
        • based on price
        • select server class
      • install/activate components
        • vanilla version of OS
        • repackage it
      • test enterprise-to-cloud interaction to evaluate
        • metrics
        • test instances
    • risks
      • security/reliability
      • latency of network hops (connection to cloud)
      • timeouts, message delivery errors
        • again added one hop
      • performance variability
    • costs
      • IaaS provider costs ($0.08-$2.40/hr)
      • imaging costs
      • Establishing communication
        • firewalls
        • leased line
        • load balancer
      • hand coding „what-if“ scenarios for
        • timeouts
        • message delivery errors
        • security profiles
      • evaluate multiple IaaS provider
• Cloud Forensics: Challenges and Opportunities
  • definition
    • scientificly drived and proven method
      • preservation
      • collection
      • validation
      • identification
      • analysis
      • intepretation
      • documentation
      • presentation
    • all about reconstruction of the sceen
  • curently impossible
  • cooperation
    • prosecution (law enforcement)
    • military
      • confinuity of operations
    • bussines
      • availability of service
      • bring up as soon as possible
      • to avoid problem again
  • chalange
    • preservation!
      • unchaged evidence
    • readines
      • location aninymity
      • identity management
        • at begining
      • log format
    • milti-tendancy and resource sharing
      • separate logs one from another
      • make sure log are not changed
    • multiple jurisdictions
      • „confiscate cloud“ – how?
      • many countries
    • third party dependency
    • amplify incidents
    • data deletion
      • how to make sure that data are realy deleted
    • hyper-level investigation
      • very hacker very interesting layer
    • proliferation of Endpoints
      • how to collect all
  • crimes
    • cloud as objective
      • DOS
    • subject of the cround
    • tool of a crime
      • criminals use cloud
      • cloud used to hack other clouds
  • opportunities
    • cost-effectiveness
    • scalability
      • cost-effectiveness
      • dedicated server for forensics
      • forensics can use cloud computing
      • standards and policies
  • 2CENTER