SLIDE 1
Michael Holck Vice President, Software Engineering ESAC Inc.
BENEFITS AND CHALLENGES WITH CLOUD COMPUTING
SLIDE 2 § In the cloud model you pay for what you use so you can start small and scale quickly
§ Nearly infinite scalability § Both Vertical and Horizontal scalability options
Benefits of Cloud Computing - Scalability
§ Cloud providers have a global presence
§ You can provide resources close to users anywhere in the world § Reduces latency for access to data
GCP Regions as of October 2019
SLIDE 3 § Cloud providers provide physical presence in multiple countries and multiple regions within countries
§ There are also multiple Availability Zones (AZ) in each region § Allows for very high fault tolerance in case of outage
§ Requires proper configuration
§ Cloud data centers provide physical redundancy
§ Power generators in case of long-term power outage § Multiple internet providers § Redundant HVAC systems
Benefits of Cloud Computing – High Availability
SLIDE 4
§ To achieve the benefits of scalability and high availability you need to configure things properly
§ Requires knowledge of the Cloud provider platform and network configuration § Need to make use of multiple availability zones and possibly regions as well § Compute instances may require load balancing § Databases should be setup with at least a single master, and another read replica in different AZs § Make use of auto scaling capabilities
Challenges of Cloud Computing – High Availability
SLIDE 5 § To achieve the benefits of reducing data latency you need to know where your users are located
§ Need to make use of either servers in those regions or Content Delivery Network (CDN) nodes
Challenges of Cloud Computing – Data Latency
AWS CDN Locations as of December 2019
SLIDE 6 § Cloud object storage provides very large storage ability
§ Amazon Web Services (AWS) S3 or Google Cloud Platform (GCP) Storage
§ Organized using buckets
§ Single object limited to 5 TB for both GCP and AWS § Unlimited Objects allowed § Automatically replicated across AZs or regions for high availability
§ Depending on storage class and configuration
§ Structured Data in SQL
§ Very large single instance disk sizes
§ Single table size up to 16 TB
§ Can setup clusters for increased size and scalability
Benefits of Cloud Computing – Nearly Limitless Storage
SLIDE 7 § Cloud providers charge you only for what you use as far as computing power § You are charged per minute or less depending on the provider for uptime on the compute instances
§ A very large instance might cost several thousand dollars a month but if you only keep it up for a few hours to perform an analysis it might only cost $20
§ Reserved Instances and Spot Instances can also reduce cost further § Cloud Storage has different cost tiers for long term storage depending on how
- ften the object is accessed
§ First several GB/month are often free, and costs after that are around $0.03/GB/Month
Benefits of Cloud Computing - Cost
SLIDE 8 § While object storage costs are reasonable on the cloud to maximize cost efficiency you need to know how often your data will be accessed and how quickly needed § Most cloud providers offer multiple tiers of storage where cost to store is less but access costs
Challenges of Cloud Computing – Storage Cost
AWS S3 Storage Class Storage Costs (Per GB) Data Retrieval (Per GB) Access Speed Standard $0.023 $0.00 ms Standard IA $0.0125 $0.01 ms One Zone IA $0.01 $0.01 ms Glacier $0.004 $0.01 1 min – 12 hours Glacier Deep Archive $0.00099 $0.02 12 hours
SLIDE 9
§ Because cloud providers only charge for what you use you can save significant money
§ But only if you manage the resources to only run when needed
§ Servers that will always be up like web servers or DB servers you might want to consider reserved instances
§ Pre-purchasing a specific instance type for 1-3 years up front at a savings (~40% for 1 year)
§ Serverless Services
§ Cloud providers offer managed services that are serverless, so you pay per query or access rather than for a server § Ideal for event driven architectures where functions are executed based on a trigger event
Challenges of Cloud Computing – Compute Cost
SLIDE 10 § Spot Instances can save significant cost but need to be well understood
§ Spot instance is unused compute capacity where you can bid for your hourly cost
§ Whenever the compute capacity cost gets to your bid you are given a server § When the price exceeds your target price you will be given a 2-minute interrupt notice
§ For processes that do not need to execute immediately this can save a lot of cost
§ Software process needs to be developed such that it can start wherever it left off § Needs to be able to persist and exit in under 2 minutes § Once your process completes you need to terminate the instance to quit being charged
§ Determining the bid price for a spot instance can be complicated
§ Bid too low and you never get the compute § Bid too high and you will get your resources but will not have saved as much
Challenges of Cloud Computing – Compute Cost
SLIDE 11 § Cloud Provider provides physical security of resources in data centers
§ Facilities are tightly controlled and monitored
§ Data replication and transfer within cloud provider is over private network not
- ver internet and is automatically encrypted
§ Cloud Provider secures the infrastructure and their managed services
§ Client is still required to secure what is put on the cloud
§ Software, what ports and protocols are open, etc…
§ Infrastructure is compliant with several global and national compliance standards
§ FedRAMP, FISMA, NIST, HIPAA, HITRUST CSF, etc…
Benefits of Cloud Computing - Security
SLIDE 12
§ While the infrastructure is secured for you by the cloud provider you are still responsible for what you host on the cloud
§ Compute instances will need to be patched regularly § Compute instances will need to be scanned for malware and vulnerabilities regularly
§ Best to use both public and private subnets within a VPC
§ Only put servers or services that need to be accessed by anyone in public subnets § All other servers or services should be in private subnets
§ Need to restrict specific ports and protocols to all instances
§ Instances in private subnets should only allow traffic from public subnets § Instances in public subnets should limit ports and protocols to the minimum needed
Challenges of Cloud Computing - Security
SLIDE 13 § Reference architecture for NIST based assurance frameworks should be followed
§ Requires multiple VPCs and subnets § Management VPC
§ Logging tools § Scanning Tools § IDS/IDP Tools
Challenges of Cloud Computing - Security
SLIDE 14
§ Logging
§ Need to make sure logging is enabled for everything and you are monitoring the logs
§ Intrusion Detection and Prevention (IDS/IDP)
§ Need to enable VPC flow logs to log all network traffic so it can be monitored
§ Continuous Monitoring
§ Need to have a plan and strategy for regularly monitoring the status of the systems § Reviewing system logs, scanning reports, network traffic, application logs, user access
Challenges of Cloud Computing - Security
SLIDE 15 § Backups
§ Need to setup backups for your compute instances and DBs
§ Encryption
§ For sensitive data you need to enable encryption in transit and encryption at rest
§ Some cloud providers enable encryption on storage automatically and some require you to enable it § Can use cloud provider keys or supply your own § Only certain SQL instance types support encryption on each provider
§ Contingency Planning
§ Need to have backups and images that are continuously updated so you can recover from any crashes or data loss § Should conduct contingency planning exercises with the team
Challenges of Cloud Computing - Security
SLIDE 16 § Google BiqQuery
§ Serverless data warehouse that scales to petabyte size § Supports BigQuery ML
§ Enables users to create and execute machine learning models in BigQuery using standard SQL queries
§ Google AutoML
§ Allows you to classify Documents, Images, or Videos according to labels you define § For documents you can train your model to identify a custom set of entities within English language text § For videos you can train your model to follow specific objects in your videos § For images you can train your model to detect and extract multiple objects and provide information about those objects including its position in the image
Benefits of Cloud Computing – Tools and Services
SLIDE 17
§ Amazon Athena
§ An interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL § Serverless so you only pay per query made § No need for complex extract, transform, and load (ETL) jobs to prepare your data for analysis
§ Amazon EMR
§ Provides a managed Hadoop framework that makes it easy, fast, and cost- effective to process vast amounts of data across dynamically scalable Amazon EC2 instances § EMR notebooks, based on Jupyter notebooks, for ad hoc querying and analysis
Benefits of Cloud Computing – Tools and Services
SLIDE 18
§ Amazon Kinesis
§ Makes it easy to collect, process, and analyze real-time, streaming data § Can capture, transform, and load streaming data into Amazon S3, Amazon Redshift, Amazon Elasticsearch Service, and Splunk
§ Amazon Rekognition
§ Makes it easy to add image and video analysis to your applications using proven, highly scalable, deep learning technology that requires no machine learning expertise to use § Can identify objects, people, text, scenes, and activities in images and videos
Benefits of Cloud Computing – Tools and Services
SLIDE 19
§ There are new tools and services being developed and released all the time
§ Keeping up with everything requires time and dedication § Need to follow the cloud providers for announcements § Continuous education is required
Challenges of Cloud Computing – Tools and Services
