1 / 11

Navigating Security, Availability, and Federation in Cloud Architecture: Challenges and Best Practices

This document outlines the key challenges faced in cloud architecture, particularly concerning security, availability, audience understanding, federation, and various miscellaneous issues. Experimenters with public-facing VMs must navigate risks associated with firewall policies, system failures, and service accessibility. Further, the significance of tailoring infrastructure to meet audience needs is emphasized, covering aspects like performance isolation and scaling. Best practices, including effective monitoring frameworks and the use of mature management software, are shared to promote security and efficiency in cloud environments.

virote
Download Presentation

Navigating Security, Availability, and Federation in Cloud Architecture: Challenges and Best Practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GENICloud

  2. Types of Clouds

  3. GENICloud Architecture

  4. Challenge 1: Security Policy • Experimenters have public-facing VMs • What can go wrong? • Sites have specific firewall policies

  5. Challenge 2: Availability • All types of failures • Machine room (nature, mechanical) • Expiring DHCP leases • Software problems • Obstacles to fast recovery • Distributed administrative domains • Restricted physical access • Default services turned off

  6. Challenge 3: Understanding Your Audience • Physical Hosts, Virtual Machines or Processes? • Custom images / hardware/ Kernels? • Performance isolation? Privacy? • How much scale do we need per host? • Do you care about the xyz interface?

  7. Challenge 4: Federation • Site-specific firewalls/proxies • International laws about content, liability • Sustainability

  8. Challenge 5: Miscellaneous • Naming • Rspec • Educating users / Documentation

  9. Naming Service <instance>.<slice>.<site>.geni-cloud.net boss.<site>.geni-cloud.org • Bind9 server at each authority • AM Sends updated list of instance.slice.site ex: foobar.myslice.hp.geni-cloud.net

  10. Best Practices / Lessons Learned • Framework for monitoring/accounting • Need to treat machines as throw-away • Leverage mature management software

  11. Questions – Chaos!! • On-node virtualization interface: containers vs. virtual machines. • What are the tradeoffs? • Security in GENICloud, including ABAC, • certs, • sign-on restrictions • Use of private networks • restrictions, and how do we use them • from machines connected to the public Internet? • Integration with OpenFlow: • what do we need • how do we do it?

More Related