Posts Tagged ‘cloud’

Authentication & Authorization

August 5, 2011 1 comment

It is easy to confuse the mechanism of authentication with that of authorization. In many host-based systems (and even some client/server systems), the two mechanisms are performed by the same physical hardware and, in some cases, the same software.It is important to draw the distinction between these two mechanisms, however, since they can (and, one might argue, should) be performed by separate systems. What, then, distinguishes these two mechanisms from one another?

Authentication is the mechanism whereby systems may securely identify their users. Authentication systems provide an answers of the following questions:

  • Who is the user?
  • Is the user really who he/she represents himself to be?

An authentication system may be as simple and insecure as a plain-text password challenging system as found in some older PC-based FTP servers or as complicated as the Kerberos system described elsewhere in these documents. In all cases, authentication systems depend on some unique bit of information known or available only to the individual being authenticated and the authentication system — a shared secret. Such information may be a classical password, some physical property of the individual fingerprint, retinal vascularization pattern, etc., or some derived data as in the case of so-called smartcard systems. In order to verify the identity of a user, the authenticating system typically challenges the user to provide his unique information (his password, fingerprint, etc.) — if the authenticating system can verify that the shared secret was presented correctly, the user is considered authenticated.

Authorization, by contrast, is the mechanism by which a system determines what level of access a particular authenticated user should have to secured resources controlled by the system. For example, a database management system might be designed so as to provide certain specified individuals with the ability to retrieve information from a database but not the ability to change data stored in the datbase, while giving other individuals the ability to change data. Authorization systems provide answers of the following questions:

  • Is user X authorized to access resource D?
  • Is user X authorized to perform operation J?
  • Is user X authorized to perform operation D on resource J?

Authentication and authorization are somewhat tightly-coupled mechanisms — authorization systems depend on secure authentication systems to ensure that users are who they claim to be and thus prevent unauthorized users from gaining access to secured resources.

Figure I, below, graphically depicts the interactions between arbitrary authentication and authorization systems and a typical client/server application.

Authentication vs. Authorization


Cloud Computing

July 19, 2011 Leave a comment

What is cloud computing?

Cloud computing is the access to computers and their functionality via the Internet or a local area network. Users of a cloud request this access from a set of web services that manage a pool of computing resources (i.e., machines, network, storage, operating systems, application development environments, application programs). When granted, a fraction of the resources in the pool is dedicated to the requesting user until he or she releases them. It is called “cloud computing” because the user cannot actually see or specify the physical location and organization of the equipment hosting the resources they are ultimately allowed to use. That is, the resources are drawn from a “cloud” of resources when they are granted to a user and returned to the cloud when they are released. A “cloud” is a set of machines and web services that implement cloud computing.

What is the relationship between virtualization and cloud computing?

Virtualization is the ability to run “virtual machines” on top of a “hypervisor.” A virtual machine (VM) is a software implementation of a machine (i.e., a computer) that executes programs like a physical machine. Each VM includes its own kernel, operating system, supporting libraries and applications. A hypervisor provides a uniform abstraction of the underlying physical machine. Multiple VMs can execute simultaneously on a single hypervisor. The decoupling of the VM from the underlying physical hardware allows the same VM to be started on different physical machines. Thus virtualization is seen as an enabler for cloud computing, allowing the cloud computing provider the necessary flexibility to move and allocate the computing resources requested by the user wherever the physical resources are available.

How are clouds classified?

Given the broad definition of the term “cloud,” the current taxonomy differentiates clouds both in terms of cloud service offerings and cloud types. When categorizing cloud service offerings we often refer to clouds in terms of “service style“ depending on the portion of the software stack delivered as a service. Here we discuss the most common service styles referred to by the acronyms IaaS, PaaS, and SaaS. Cloud ”types“ (including public, private, and hybrid) refer to the nature of access and control with respect to use and provisioning of virtual and physical resources.

What are the most popular cloud service styles?

IaaS (Infrastructure as a Service) style clouds provide access to collections of virtualized computer hardware resources, including machines, network, and storage. With IaaS, users assemble their own virtual cluster on which they are responsible for installing, maintaining, and executing their own software stack.
PaaS (Platform as a Service) style clouds provide access to a programming or runtime environment with scalable compute and data structures embedded in it. With PaaS, users develop and execute their own applications within an environment offered by the service provider.
SaaS (Software as a Service) style clouds deliver access to collections of software application programs. SaaS providers offer users access to specific application programs controlled and executed on the provider’s infrastructure. SaaS is often referred to as “Software on Demand.”

What are cloud types?

Public cloud
Public clouds provide access to computing resources for the general public over the Internet. The public cloud provider allows customers to self-provision resources typically via a web service interface. Customer’s rent access to resources as needed on a pay-as-you-go basis. Public clouds offer access to large pools of scalable resources on a temporary basis without the need for capital investment in data center infrastructure.
Private cloud
Private clouds give users immediate access to computing resources hosted within an organization’s infrastructure. Users self-provision and scale collections of resources drawn from the private cloud, typically via web service interface, just as with a public cloud. However, because it is deployed within the organization’s existing data center—and behind the organization’s firewall—a private cloud is subject to the organization’s physical, electronic, and procedural security measures and thus offers a higher degree of security over sensitive code and data. In addition, private clouds consolidate and optimize the performance of physical hardware through virtualization, and can thus markedly improve data center efficiency while reducing operational expense.
Hybrid cloud
A hybrid cloud combines computing resources (e.g., machines, network, storage, etc.) drawn from one or more public clouds and one or more private clouds at the behest of its users.

Why Cloud Computing?

Cloud computing is seen by some as an important forward-looking model for the distribution and access of computing resources because it offers these potential advantages:

  • Self-service provisioning: Allows users to deploy their own sets of computing resources (machines, network, storage, etc.) as needed without the delays and complications typically involved in resource acquisition; IT supports ongoing customization and enhancement of cloud user experience, while monitoring, managing, and expanding as required the underlying cloud infrastructure.

  • Scalability: Decouples the fluctuating needs of individual users from typical infrastructure constraints, thus easily accommodating rapid increases or decreases in resource demand.

  • Reliability and fault-tolerance: IT can focus on improving critical pieces of infrastructure to achieve pre-determined levels of reliability. Policies addressing expected levels of reliability can be continuosly reassessed and updated without user involvement.

  • Optimization/Consolidation: Maximizes the usage and increases the efficiency of existing infrastructure resources. Extends infrastructure lifecycle. Reduces capital expenditure.

  • QoS (Quality of Service): Allows IT to dynamically reassess the SLA associated with users or groups of users for the resources allocated. Allows the organization to react quickly to changing conditions without unnecessary user involvement or knowledge.

  • Well defined API: Using a well-defined and stable industry standard API avoids lock-in and ensures interoperability with an ever-growing number of tools and cloud service providers.

  • As-needed availability: Aligns resource expenditure with actual resource usage thus allowing the organization to pay only for the resources required, when they are required.

Ref :