Abstraction and Orchestration - In The Cloud

By

In the previous blog post, we dissected the definition of cloud computing as per NIST and ISO/IEC. Before you proceed further, I urge you to read it before continuing. In this blog post, we will learn about traditional virtualisation and how cloud is an extension of it via the abstraction and orchestration mechanism.

Consider this scenario :

John is a security administrator and wants to implement a firewall ( primary & secondary), a mailing server and a server managing legacy applications. In the traditional IT workspace, John would require 2 separate physical boxes for implementing the firewall ( one for primary & the other one for secondary), a mailing server box and probably as many boxes as the number of applications. This would be highly cost-prohibitive.

The intelligent minds gather together and hail virtualisation as the solution to reduce cost. Virtualization is a technology that lets you create useful IT services using resources that are traditionally bound to hardware. It allows you to use a physical machine’s full capacity by distributing its capabilities among many users or environments.

So instead, John deploys 2 firewalls ( including IPS) through use of virtualization from one single box and creates a single server where mails, as well as all legacy applications, are supported.

I will not go into the technical details as this point (it’s just the beginning), but let’s briefly understand the details of virtualization. A software called hypervisor is used to create a virtual instance which can run a server, application or even an operating system. For example, you have a windows laptop and wish to run Linux on this machine to work on a particular application which is supported only over the Linux platform. One way is to install Linux by removing the Windows OS, but then you need an additional laptop if you want to run Windows also. Use of hypervisor will help you create a virtual machine on this system and you can run Linux on this machine itself ( this is not dual boot), but running an instance of Linux virtually.

Hypervisors take the physical resources and separate them so they can be utilized by the virtual environment. They are able to sit on top of an OS or they can be directly installed onto the hardware. There are many flavours of virtualisation out there - desktop, os, server etc.

So, does virtualisation mean that we have created a cloud? Well, the answer is NO. The key techniques to create a cloud are abstraction and orchestration. Abstraction is provided by virtualisation. Abstraction in cloud computing terms refers to mapping a logical identity or address to a physical identity or address. We will discuss this in detail in upcoming blog posts.

Using abstraction through virtualization, you have only solved half the problem. To solve the other half, we need orchestration. ( Yeah, I can imagine the look on your face … one more  ****ion).

If you remember what we learnt from the post on cloud computing, the various features that make the cloud involved a lot of automation at the back end. A person can set up a server in just minutes without even needing a human administrator intervention. If we look at the scale of the cloud, typically thousands of servers would be created or destroyed every minute. This calls for intelligent automation, multiple workload executions, hundreds of workflows etc.

Cloud orchestration is the process to manage these multiple workloads, in an automated fashion, across several cloud solutions, with the goal being to synthesize this into a single workflow.


 Have you ever been to an orchestra? Yeah, a man with a wand like Harry Potter who keeps on waving it to all the musicians with their instruments and they play along with the waving of the wand. The technique required to make all the music flow and all these musicians to be in sync with each other is achieved through orchestration ( terms of cloud).

Cloud orchestration involves the coordination of multiple tasks. The manual coding requirements are frequently less, as the coding from cloud automation is built upon, which avoids redundant work. Compared to cloud automation, cloud orchestration works on a higher level of coordination as the processes are already streamlined through cloud automation.

These two techniques help make a cloud function like a cloud - Abstraction and Orchestration.

What are your thoughts on this? Just pour them out in the comments section below.

Comments

Post a Comment

You may also like to read...

Identification, Authentication, Authorization, and Accountability

By
Image
The 4 steps to complete access management are identification, authentication, authorization, and accountability. Many confuse or consider that identification and authentication are the same, while some forget or give the least importance to auditing. These are four distinct concepts and must be understood as such. Identification Whenever you log in to most of the websites, you submit a username. In case you create an account, you are asked to choose a username which identifies you. This username which you provide during login is “Identification”. It is simply a way of claiming your identity. From an information security point of view, identification describes a method where you claim whom you are. If you notice, you share your username with anyone. Your email id is a form of identification and you share this identification with everyone to receive emails. This means that identification is a public form of information. Authentication So now you have entered you
Continue Reading...

Access Control Models - DAC, MAC, RBAC , Rule Based & ABAC

By
Image
Identity and Access Management is an extremely vital part of information security. An access control model is a framework which helps to manage the identity and the access management in the organization. There are 5 main types of access control models: discretionary, rule-based, role-based, attribute-based and mandatory access control model. Every model uses different methods to control how subjects access objects. While one may focus on rules, the other focus on roles of the subject. As a security professional, we must know all about these different access control models. While one company may choose to implement one of these models depending on their culture, there is no rule book which says that you cannot implement multiple models in your organization. These models are built into the core or the kernel of the different operating systems and possibly their supporting applications. Every operating system has a security kernel that enforces a reference monitor concept, whi
Continue Reading...

How to Pass SSCP Exam in the First Attempt

By
Image
Systems Security Certified Practitioner (SSCP) exam is offered by (ISC)2 . When I prepared for this exam, there was hardly any material for preparation or blog posts to help me understand the experience of this exam. In this blog post, I will try to explain to you how to study for this exam and the experience of this exam.  Before I begin, let me congratulate on your journey to becoming an SSCP. Although this certification may not be highly recognized as the CISSP certification, still it shows your employer and the world that you are really interested to pursue your career in this field. You become a practitioner in this field. What is SSCP? You would like to read CISSP vs SSCP in case you want to have a comparison between the exams. SSCP is a 3-hour long examination having 125 questions. You are required to score a minimum of 700 out of 1000. 25 questions are not graded as they are research oriented questions. It is important to note that since these questions are
Continue Reading...

Understanding Security Modes - Dedicated , System high, Compartmented , Multilevel

By
Image
Imagine a system that processes information. This information is classified in nature. When we say, its classified, it means that the information has been labeled according to the data classification scheme finalized by the organization. This scheme can be company specific, such as public, internal and confidential or military/government specific such as Confidential, Top Secret, Secret, Public. As a general user or a security professional, you would want that proper controls to be implemented and the system to be secure that processes such information. Imagine a scenario where such a malicious user tries to access this information. What clearance must this person have? Will he/she have access to all classified levels? Hey!!, stop imagining. Let’s discuss something else now. Hold on, I know, I had asked you to imagine the scenario above. But answers to all your questions would follow, so keep on reading further. We need to learn and understand a few terms before we are ready
Continue Reading...

Cloud Computing - The Logical Model

By
Image
At a high level, both cloud and traditional computing adhere to a logical model that helps identify different layers based on functionality.  The four layers are : Infrastructure: The core components of a computing system: compute, network, and storage.The foundation that everything else is built on. The moving parts. Metastructure: The protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration. Infostructure: The data and information. Content in a database, file storage, etc. Applistructure: The applications deployed in the cloud and the underlying application services used to build them. For example, Platform as a Service features like message queues, artificial intelligence analysis, or notification services. The security at different levels is mapped to the different layers. The application security is managed at the applistructure layer while the data sec
Continue Reading...