Home Page Icon
Home Page
Table of Contents for
Cloud Computing
Close
Cloud Computing
by Dor Skuler, Hui-Lan Lu, Igor Faynberg
Cloud Computing
About the Authors
Acknowledgments
1 Introduction
Notes
References
2 The Business of Cloud Computing
2.1 IT Industry Transformation through Virtualization and Cloud
2.2 The Business Model Around Cloud
2.3 Taking Cloud to the Network Operators
Notes
References
3 CPU Virtualization
3.1 Motivation and History
3.2 A Computer Architecture Primer
3.3 Virtualization and Hypervisors
Notes
References
4 Data Networks—The Nervous System of the Cloud
4.1 The OSI Reference Model
4.2 The Internet Protocol Suite
4.3 Quality of Service in IP Networks
4.4 WAN Virtualization Technologies
4.5 Software-Defined Network
4.6 Security of IP
Notes
References
5 Networking Appliances
5.1 Domain Name System
5.2 Firewalls
5.3 NAT Boxes
5.4 Load Balancers
Notes
References
6 Cloud Storage and the Structure of a Modern Data Center
6.1 Data Center Basics
6.2 Storage-Related Matters
Notes
References
7 Operations, Management, and Orchestration in the Cloud
7.1 Orchestration in the Enterprise
7.2 Network and Operations Management
7.3 Orchestration and Management in the Cloud
7.4 Identity and Access Management
Notes
References
Appendix: Selected Topics
A.1 The IETF Operations and Management Standards
A.2 Orchestration with TOSCA
A.3 The REST Architectural Style
A.4 Identity and Access Management Mechanisms
Notes
References
Index
EULA
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Cloud Computing
Next
Next Chapter
About the Authors
Contents
About the Authors
Acknowledgments
1 Introduction
Notes
References
2 The Business of Cloud Computing
2.1 IT Industry Transformation through Virtualization and Cloud
2.2 The Business Model Around Cloud
2.3 Taking Cloud to the Network Operators
Notes
References
3 CPU Virtualization
3.1 Motivation and History
3.2 A Computer Architecture Primer
3.3 Virtualization and Hypervisors
Notes
References
4 Data Networks—The Nervous System of the Cloud
4.1 The OSI Reference Model
4.2 The Internet Protocol Suite
4.3 Quality of Service in IP Networks
4.4 WAN Virtualization Technologies
4.5 Software-Defined Network
4.6 Security of IP
Notes
References
5 Networking Appliances
5.1 Domain Name System
5.2 Firewalls
5.3 NAT Boxes
5.4 Load Balancers
Notes
References
6 Cloud Storage and the Structure of a Modern Data Center
6.1 Data Center Basics
6.2 Storage-Related Matters
Notes
References
7 Operations, Management, and Orchestration in the Cloud
7.1 Orchestration in the Enterprise
7.2 Network and Operations Management
7.3 Orchestration and Management in the Cloud
7.4 Identity and Access Management
Notes
References
Appendix: Selected Topics
A.1 The IETF Operations and Management Standards
A.2 Orchestration with TOSCA
A.3 The REST Architectural Style
A.4 Identity and Access Management Mechanisms
Notes
References
Index
EULA
List of Illustrations
Chapter 1
Figure 1.1
Dialectics in the development of Cloud Computing: (a) from mainframe to Cloud; (b) from IT data center to Private Cloud.
Figure 1.2
Essential characteristics of Cloud Computing.
Source:
NIST SP 800-145, p. 2.
Chapter 2
Figure 2.1
Investment in an application deployment—before and after.
Chapter 3
Figure 3.1
A computing environment before and after virtualization.
Figure 3.2
Simplified computer architecture.
Figure 3.3
A simplified CPU loop (first approximation).
Figure 3.4
The process stack and the procedure call.
Figure 3.5
Setting a breakpoint.
Figure 3.6
The second approximation of the CPU loop.
Figure 3.7
Go( ) and the interrupt service routines.
Figure 3.8
The process table.
Figure 3.9
The CPU mode state machine.
Figure 3.10
The modified CPU and the two process stacks.
Figure 3.11
Introducing the MMU.
Figure 3.12
Segmentation: The MMU translation processing.
Figure 3.13
Paging—establishing contiguous memory.
Figure 3.14
Storing pages on the disk to achieve the “infinite” memory illusion.
Figure 3.15
Page table and virtual address in-memory translation.
Figure 3.16
CPU loop—the final version.
Figure 3.17
System call processing: (a) the
Service_A
routine—user part; (b) the
TRAP 1
service routine; (c) the
Service_A
routine—system part.
Figure 3.18
Graham's security rings (hardware support).
Figure 3.19
Optimization with non-disjoint security rings.
Figure 3.20
Hypervisor structure—after Popek and Goldberg. Data from [14].
Figure 3.21
General virtualization architecture.
Figure 3.22
Type-1 and Type-2 hypervisors.
Figure 3.23
Intel privilege level rings.
Figure 3.24
Direct Memory Access (DMA).
Figure 3.25
I/O MMU.
Figure 3.26
Virtual machine I/O support in Xen.
Figure 3.27
Xen network I/O optimization using shared memory.
Figure 3.28
The state transition diagram for the KVM modes.
Figure 3.29
NOVA architecture (simplified).
Chapter 4
Figure 4.1
Dual aspects of networking in Cloud Computing.
Figure 4.2
Private and virtual private networks.
Figure 4.3
The OSI reference model.
Figure 4.4
Requests
and
indications
as methods of the layer class.
Figure 4.5
Summary of the overall computational model.
Figure 4.6
Session multiplexing in the OSI transport layer.
Figure 4.7
The case for error correction at the link layer.
Figure 4.8
Broadcast media configurations.
Figure 4.9
The IPv4 packet header.
Figure 4.10
Jon Postel's map of the Internet in 1982.
Source:
http://commons.wikimedia.org/wiki/File%3AInternet_map_in_February_82.png. By Jon Postel [Public domain], via Wikimedia Commons.
Figure 4.11
CIDR aggregation.
Figure 4.12
“Subnetting” a Class B network.
Figure 4.13
The IPv6 basic packet header (after RFC 2460).
Figure 4.14
Routing protocol classification: (a) LAN, no routing needed; (b) routing within and among autonomous systems.
Figure 4.15
Autonomous systems and border gateways.
Figure 4.16
Transit and (settlement-free) peering relationships.
Figure 4.17
The Internet hourglass.
Figure 4.18
Multi-homing with SCTP.
Figure 4.19
Packet scheduling disciplines: (a) best effort; (b) fair queuing; (c) weighted fair queuing.
Figure 4.20
Traffic specification models: (a) leaky bucket; (b) token bucket.
Figure 4.21
The integrated services model (after RFC 1631).
Figure 4.22
The end-to-end worst-case delay
D
(after RFC 2212).
Figure 4.23
An example of the RSVP exchange.
Figure 4.24
Summary of the RSVP messages.
Figure 4.25
Traffic conditioning at the edges of DS domains.
Source:
Reprinted from [3] with permission of Alcatel-Lucent, USA, Inc.
Figure 4.26
An example of an AF specification.
Figure 4.27
The inside view of DS.
Source:
RFC 2475.
Figure 4.28
Routing and switching.
Figure 4.29
The location and structure of the MPLS label.
Figure 4.30
An example of label assignment to flows and LSPs.
Figure 4.31
Examples of the explicit route setup with (a) CR-LDP and (b) RSVP-TE.
Figure 4.32
Layer-1 VPN framework (after RFC 4847).
Figure 4.33
The VLAN concept: (a) physical configuration; (b) logical configuration.
Figure 4.34
Pseudo-wire emulation edge-to-edge network reference model (after Figure 2 of RFC 3985).
Figure 4.35
Label stacking in provider-supported VPN: (a) LSP in a single network; (b) LSP traversing a provider network.
Figure 4.36
The ForCES architecture (after RFC 3746).
Figure 4.37
The OpenFlow switch.
Figure 4.38
Relationship among the IPSec specifications (after RFC 6071).
Figure 4.39
IPSec scenarios.
Figure 4.40
IPsec in transport mode in IPv4.
Figure 4.41
IPsec in tunnel mode in IPv4.
Chapter 5
Figure 5.1
DNS components.
Figure 5.2
The domain name space tree.
Figure 5.3
A recursive name server.
Figure 5.4
The DNS query/response format. Source: RFC 1035.
Figure 5.5
The RR structure. Source: RFC 1035.
Figure 5.6
Circular dependencies.
Figure 5.7
A sample name resolution.
Figure 5.8
Root name systems. Source: Internet Assigned Number Authority, www.iana.org
Figure 5.9
Domain name internationalization components. Source: RFC 3490.
Figure 5.10
Examples of internationalized country code top domain names. Source: Internet Assigned Number Authority, www.iana.org
Figure 5.11
Firewalls: (a) a firewall between two networks; (b) a firewall protecting a single host.
Figure 5.12
Interconnecting networks with different security postures.
Figure 5.13
An application gateway.
Figure 5.14
Ingress and egress filtering: (a) interfaces; (b) split CPE.
Figure 5.15
Layer-3 VPN with firewalls.
Figure 5.16
A
smurf
attack.
Figure 5.17
A reflective DNS attack.
Figure 5.18
TCP connection establishment. Source: RFC 675.
Figure 5.19
Stateful firewall (an example of a TCP connection establishment).
Figure 5.20
Network zoning: (a) with a single firewall; (b) with two firewalls.
Figure 5.21
NAT in a nutshell.
Figure 5.22
Private and public addressing networks
A
and
B
.
Figure 5.23
A NAT box—outgoing traffic.
Figure 5.24
A NAT box—incoming traffic.
Figure 5.25
An unsolicited “response.”
Figure 5.26
Application-Level Gateway (ALG).
Figure 5.27
A
rendez-vous
relay.
Figure 5.28
Traversal using relays around NAT (TURN).
Figure 5.29
Learning the reflective address from a STUN server.
Figure 5.30
Different NATs for different paths.
Figure 5.31
Candidate transport addresses (after Figure 2 of RFC 5245).
Figure 5.32
ICE operation.
Figure 5.33
Carrier-grade (large-scale) NAT.
Figure 5.34
A load balancing example: choosing a call center with the 800 service.
Figure 5.35
A server farm.
Figure 5.36
Saving session state at the client (a cookie).
Figure 5.37
An example of an Nginx-based load-balanced web service.
Figure 5.38
Configuring the load balancer.
Figure 5.39
Load balancing with DNS.
Chapter 6
Figure 6.1
Traditional data center.
Figure 6.2
Next-generation data center.
Figure 6.3
SNIA shared storage model.
Figure 6.4
An example of direct-attached storage.
Figure 6.5
A schematic direct-attachment interface.
Figure 6.6
An example SCSI configuration.
Figure 6.7
SCSI addressing for an 8-bit data bus.
Figure 6.8
SCSI client–server model.
Figure 6.9
Comparison of different SCSI versions.
Figure 6.10
Organization of SCSI standards.
Figure 6.11
SCSI interlayer relationship.
Figure 6.12
An example of SAS configuration.
Figure 6.13
Serial attached SCSI architecture.
Figure 6.14
A network file system.
Figure 6.15
A hierarchical directory.
Figure 6.16
Structure of a magnetic disk drive.
Figure 6.17
Organization of a platter's surface.
Figure 6.18
File system abstraction.
Figure 6.19
A functional view of NFS.
Figure 6.20
An example remote file system.
Figure 6.21
Examples of remote file operations through NFS.
Figure 6.22
FC structure.
Figure 6.23
FC and line coding.
Figure 6.24
An example of fabric topology.
Figure 6.25
An example of the arbitrated loop.
Figure 6.26
A weighted-path network.
Figure 6.27
Examples of converged storage protocol options.
Figure 6.28
FCoE frame structure.
Figure 6.29
A conceptual FCoE architecture.
Figure 6.30
High-level FIP operations.
Figure 6.31
iSCSI conceptual model.
Figure 6.32
iSCSI names.
Figure 6.33
Format of the iSCSI protocol data unit.
Figure 6.34
A work flow for the
write
operation.
Figure 6.35
Object storage access control model.
Figure 6.36
File-level storage virtualization.
Figure 6.37
In-band storage virtualization.
Figure 6.38
Out-of-band storage virtualization.
Figure 6.39
A comparison of storage technologies.
Figure 6.40
The memory hierarchy.
Figure 6.41
Hypothetical state of a NAND flash memory.
Figure 6.42
A circle in consistent hashing.
Chapter 7
Figure 7.1
Service orchestration (after NIST SP 500-292).
Figure 7.2
Distributed object-oriented computing model.
Figure 7.3
An example of the three-tier enterprise model.
Figure 7.4
Flow-based computing examples.
Figure 7.5
Workflow as a directed graph of activities.
Figure 7.6
Path analysis.
Figure 7.7
The basic network management model.
Figure 7.8
The service life cycle.
Figure 7.9
Operations on a stack (an example).
Figure 7.10
The AWS CloudFormation template.
Figure 7.11
Mapping the OpenStack components into a physical architecture: an example.
Figure 7.12
A high-availability cluster.
Figure 7.13
The Heat computing architecture.
Figure 7.14
The Ceilometer computing architecture.
Figure 7.15
Interworking Heat and Ceilometer: an auto-scaling example.
Figure 7.16
Integrated orchestration architecture.
Figure 7.17
Networking with OpenStack nodes.
Figure 7.18
Relative administrative privilege.
Figure 7.19
Scope of identity and access management.
Figure 7.20
Credentials for user authentication.
Figure 7.21
Public-key-based authentication (a simplified view).
Figure 7.22
Conceptual illustration of the chain of trust.
Figure 7.23
Access control matrix.
Figure 7.24
Conceptual OAuth 1.0 workflow.
Figure 7.25
OAuth 2.0 conceptual workflow.
Figure 7.26
A simplified workflow for VM provisioning.
Figure 7.27
Additional steps for VM provisioning.
Figure 7.28
An example token (unsigned).
Figure 7.30
Additional steps for auto-scaling.
Figure 7.29
A simplified workflow for auto-scaling.
Figure 7.31
An example trust.
Appendix
Figure A.1
The tree of SMI ASN.1 object identifiers.
Figure A.2
SNMP entity (after RFC 3411).
Figure A.3
Policy control architecture (after RFC 2753).
Figure A.4
Policy control in an RSVP router (after RFC 2753).
Figure A.5
NETCONF architecture.
Figure A.6
NETCONF layers.
Figure A.7
(a) Invocation of the
deck-the-halls
RPC method; (b) reply with the positive result.
Figure A.8
Orchestration layering framework (courtesy of Sivan Barzilay).
Figure A.9
The structure of a TOSCA template.
Figure A.10
A topology template example.
Figure A.11
An example of translation of (a) the TOSCA template into (b) the corresponding HOT template (courtesy of Sivan Barzilay).
Figure A.12
URI examples.
Figure A.13
Caching with proxies (an example).
Figure A.14
Eliminating the transient state: (a) a service with a transient state; (b) the same service with a permanent state.
Figure A.15
Kerberos at work (simplified).
Figure A.16
Kerberos at work (improved).
Figure A.17
Access control lists.
Figure A.18
Capability lists.
Figure A.19
Flow of information in a Bell–LaPadula system.
Figure A.20
Altered information flow in a Bell–LaPadula system.
Figure A.21
SAML message flow for identity federation.
Figure A.22
OAuth 2.0 user authorization message flow.
Figure A.23
OpenID connect message flow.
Figure A.24
Policy control workflow.
Guide
Cover
Table of Contents
Chapter
Pages
ix
x
xi
xii
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset