Tips to construct cloud computing:

Cloud Computing:

An article from Linux.com,

The promise of cloud computing is very compelling. Just listen to the pitch for hybrid clouds: “If your organization needs more computing resources, why purchase extra hardware? Just set up a connection to a public cloud, use the extra machines to your heart’s content, and stop using them when your needs are satisfied.”

Sounds nice, doesn’t it? To be sure, the advantages of any type of cloud computing, be it completely private and internal, public and external, or something in-between, are very real. But there’s potentially a big difference between the promise of instantly expanding your company’s infrastructure and the reality of getting your systems and the cloud’s completely and securely talking to each other.

Thinking about this on the network level alone brings up some daunting questions: if your organization is a public company, you can’t just trustingly connect to a public cloud infrastructure. Your company may have procedural and even regulatory security requirements to meet that would prevent such connections.

This is the kind of challenge Lori MacVittie sees organizations facing as they increasingly are drawn to the lure of the cloud. MacVittie, is the Senior Technical Marketing Manager at F5 Networks, an international firm that, among other services, specializes in delivering cloud solutions at the application level.

MacVittie has participated in a number of cloud deployments, both internal and external, and has some definite ideas on a best-practices approach to cloud security and authorization concerns.

“The first thing you have to ask yourself is,” MacVittie explained, “what’s the purpose of the cloud you’re setting up? Why are you building it?”

That high-level question may seem obvious, but really examining it may give you some clues as to what kind of security solution you will need for your cloud deployment. Is the cloud internal (private) or external (public)? What are you deploying? Is it cross-domain? What kind of authorization strategy does your company use now?

This last question, MacVittie emphasized, is a big one. When thinking about the cloud you want to build, she said, think about what kind of security requirements, procedures, and regulations do you already have in place with your internal systems? With that in mind, you should plan for how those security procedures will look when projected to an external or external/internal cloud deployment.

What parts of your existing security and authorization procedures absolutely need to be replicated out on an external set of machines? Virtual or otherwise, the machines on the cloud must be maintained in a way similar to any other machine in your internal network.

This is perhaps the biggest challenge to best-practices thinking that organizations must face. It’s not that public clouds aren’t secure—that’s the biggest myth MacVittie and her peers have to debunk. Public clouds are indeed very secure, but only in the most generic sense. For instance, MacVittie related, Amazon Web Services is fully PCIDSS compliant, but Amazon’s approach to security may not match a given organization’s security and authorization procedures.

Above all, it’s critical to keep all such security controls close.

“You always need to maintain control, especially when identity is concerned,” MacVittie stressed.

The principle applies no matter what kind of authorization system you have in place, be it LDAP, Active Directory, or even data from a human resource database. Whatever your internal authorization scheme, you must find a way to duplicate that authorization so that, to your users and applications, the cloud machine uses exactly the same centralized authorization.

This may mean (if you’re lucky and happen to match the cloud provider’s security protocols) you can plug right into a cloud. But if that best-case scenario does not work, you will need to make sure the provider will work with your security policies. If not, you should find one that will.

Sometimes, depending on the solution you’re trying to deploy, you may need to leverage a custom solution to authorization and security policies, MacVittie said, as no provider may meet your needs. That’s to be expected, but it something that should be considered when planning a cloud deployment.

In general, the “higher” up the stack your authorization policies apply, the easier authorization schemes can be translated to the cloud. Applications, for instance, can carry their own authorization policies with them. But, MacVittie explained, as you move down the stack, such as solutions that depend on network topology, the authorization plan could become more complex.

There are other security aspects to consider, when planning on an external cloud deployment. For instance, you may want to conduct an independent security audit of a cloud provider to make sure they can deliver on their promises. In fact, your own policies may require such an audit.

While you’re at it, find out with whom the cloud provider partners and discover exactly if or how these partners might touch your data. Ideally, not at all, but even cloud providers need support sometimes, and their support vendors may be put into a position to see your data. This may not be a deal breaker, but you will at least need to confirm the provider’s policy if such a situation occurs.

Regulatory requirements don’t just apply to security and authorization issues: data management must also be considered. Where, physically, where your data be stored and what, if any, laws are in place at that location regarding data protection and management? Have your legal team take a look at those rules and be sure they are compatible with your own policies and regulatory requirements. If they are not, this likely is a deal breaker, because you never want to expose your data to incompatible jurisdictions.

Finally, make sure your own house is in order before you start deploying to a cloud. How are your own security procedures working? Do they meet the overall goals of the company’s security needs? That’s on the high level as well as every day use: are your employees complying with the policies you have in place? If they aren’t, find out why. Whether it’s a technological issue or an educational one, it’s important that users are compliant with security internally before they start using cloud-based resources. The strongest security setup in the world is no match for an easily guessable password.

Though MacVittie addressed her comments to the authorization aspects of cloud deployment, there is much to be said for the central concept she highlights: keep as much as possible under your control. This is true for authorization, and it’s applicable to all of these security aspects. If the cloud is going to be effectively part of your IT resources, however briefly, then make sure you have control of as many aspects of the deployment and security process as possible.

The advantages of the cloud are powerful, and taking authorization and security into account as you deploy your solutions will help you find the silver lining faster.

What Is Cloud Computing?

Cloud computing consists of hardware and software resources made available on the Internet as managed third-party services. These services typically provide access to advanced software applications and high-end networks of server computers.

Types of Cloud Computing:

Service providers create cloud computing systems to serve common business or research needs. Examples of cloud computing services include:

* virtual IT – configure and utilize remote, third-party servers as extensions to a company’s local IT network

* software – utilize commercial software applications, or develop and remotely host custom built applications

* network storage – back up or archive data across the Internet to a provider without needing to know the physical location of storage

Cloud computing systems all generally are designed for scalability to support large numbers of customers and surges in demand.

Examples of Cloud Computing Services:

These examples illustrate the different types of cloud computing services available today:

* Amazon EC2 – virtual IT
* Google App Engine – application hosting
* Google Apps – software as a service
* Apple MobileMe – network storage

Some providers offer cloud computing services for free while others require a paid subscription.

Cloud Computing Pros and Cons:

Service providers are responsible for installing and maintaining core technology within the cloud. Some customers prefer this model because it limits their own manageability burden. However, customers cannot directly control system stability in this model and are highly dependent on the provider instead.

Cloud computing systems are normally designed to closely track all system resources, which enables providers to charge customers according to the resources each consumes. Some customers will prefer this so-called metered billing approach to save money, while others will prefer a flat-rate subscription to ensure predictable monthly or yearly costs.

Using a cloud computing environment generally requires you to send data over the Internet and store it on a third-party system. The privacy and security risks associated with this model must be weighed against alternatives.

VPN & Its Advantages and Benefits of a VPN:

A VPN(Virtural Private Networking) supplies network connectivity over a possibly long physical distance. In this respect, a VPN is a form of Wide Area Network (WAN). VPNs enable file sharing, video conferencing and similar network services. Virtual private networks generally don’t provide any new functionality that isn’t already offered through alternative mechanisms, but a VPN implements those services more efficiently / cheaply in most cases.

A key feature of a VPN is its ability to work over both private networks as well as public networks like the Internet. Using a method called tunneling, a VPN use the same hardware infrastructure as existing Internet or intranet links. VPN technologies includes various security mechanisms to protect the virtual, private connections.

Specifically, a VPN supports at least three different modes of use:

* Internet remote access client connections
* LAN-to-LAN internetworking
* Controlled access within an intranet

Internet VPNs for Remote Access:

In recent years, many organizations have increased the mobility of their workers by allowing more employees to telecommute. Employees also continue to travel and face a growing need to stay connected to their company networks.

A VPN can be set up to support remote, protected access to the corporate home offices over the Internet. An Internet VPN solution uses a client/server design works as follows:

1. A remote host (client) wanting to log into the company network first connects to any public Internet Service Provider (ISP).

2. Next, the host initiates a VPN connection to the company VPN server. This connection is made via a VPN client installed on the remote host.

3. Once the connection has been established, the remote client can communicate with the internal company systems over the Internet just as if it were a local host.

Before VPNs, remote workers accessed company networks over private leased lines or through dialup remote access servers. While VPN clients and servers careful require installation of hardware and software, an Internet VPN is a superior solution in many situations.

VPNs for Internetworking:

Besides using virtual private networks for remote access, a VPN can also bridge two networks together. In this mode of operation, an entire remote network (rather than just a single remote client) can join to a different company network to form an extended intranet. This solution uses a VPN server to VPN server connection.

Intranet / Local Network VPNs:

Internal networks may also utilize VPN technology to implement controlled access to individual subnets within a private network. In this mode of operation, VPN clients connect to a VPN server that acts as the network gateway.

This type of VPN use does not involve an Internet Service Provider (ISP) or public network cabling. However, it allows the security benefits of VPN to be deployed inside an organization. This approach has become especially popular as a way for businesses to protect their WiFi local networks.

Advantages and Benefits of a VPN:

A VPN – Virtual Private Network – is one solution to establishing long-distance and/or secured network connections. VPNs are normally implemented (deployed) by businesses or organizations rather than by individuals, but virtual networks can be reached from inside a home network. Compared to other technologies, VPNs offers several advantages, particularly benefits for wireless local area networking.

For an organization looking to provide a secured network infrastructure for its client base, a VPN offers two main advantages over alternative technologies: cost savings, and network scalability. To the clients accessing these networks, VPNs also bring some benefits of ease of use.

Cost Savings with a VPN:

A VPN can save an organization money in several situations:

* eliminating the need for expensive long-distance leased lines
* reducing long-distance telephone charges
* offloading support costs

VPNs vs leased lines – Organizations historically needed to rent network capacity such as T1 lines to achieve full, secured connectivity between their office locations. With a VPN, you use public network infrastructure including the Internet to make these connections and tap into that virtual network through much cheaper local leased lines or even just broadband connections to a nearby Internet Service Provider (ISP).

Long distance phone charges – A VPN also can replace remote access servers and long-distance dialup network connections commonly used in the past by business travelers needing to access to their company intranet. For example, with an Internet VPN, clients need only connect to the nearest service provider’s access point that is usually local.

Support costs – With VPNs, the cost of maintaining servers tends to be less than other approaches because organizations can outsource the needed support from professional third-party service providers. These provides enjoy a much lower cost structure through economy of scale by servicing many business clients.

VPN Network Scalability:

The cost to an organization of building a dedicated private network may be reasonable at first but increases exponentially as the organization grows. A company with two branch offices, for example, can deploy just one dedicated line to connect the two locations, but 4 branch offices require 6 lines to directly connect them to each other, 6 branch offices need 15 lines, and so on.

Internet based VPNs avoid this scalability problem by simply tapping into the the public lines and network capability readily available. Particularly for remote and international locations, an Internet VPN offers superior reach and quality of service.

Using a VPN:

To use a VPN, each client must possess the appropriate networking software or hardware support on their local network and computers. When set up properly, VPN solutions are easy to use and sometimes can be made to work automatically as part of network sign on.

VPN technology also works well with WiFi local area networking. Some organizations use VPNs to secure wireless connections to their local access points when working inside the office. These solutions provide strong protection without affecting performance excessively.

Limitations of a VPN:

Despite their popularity, VPNs are not perfect and limitations exist as is true for any technology. Organizations should consider issues like the below when deploying and using virtual private networks in their operations:

1. VPNs require detailed understanding of network security issues and careful installation / configuration to ensure sufficient protection on a public network like the Internet.

2. The reliability and performance of an Internet-based VPN is not under an organization’s direct control. Instead, the solution relies on an ISP and their quality of service.

3. Historically, VPN products and solutions from different vendors have not always been compatible due to issues with VPN technology standards. Attempting to mix and match equipment may cause technical problems, and using equipment from one provider may not give as great a cost savings.

What Is Attenuation?

Definition: In computer networking, attenuation is a loss of signal strength measured in decibels (dB). Attenuation occurs on networks for several reasons:

* range – both wireless and wired transmissions gradually dissipate in strength over longer reaches
* interference – on wireless networks, radio interference or physical obstructions like walls also dampen communication signals
* wire size – on wired networks, thinner wires suffer from higher (more) attenuation than thicker wires

Line Attenuation

On DSL networks, line attenuation measures signal loss between the home and the DSL provider’s access point (central exchange). Typical values for line attenuation on a DSL connection are between 5 dB and 50 dB (lower values better). Some broadband routers display these line attenuation values on their console pages, although they are typically of interest only to advanced network administrators when troubleshooting connection problems.

Attenuation in Other Contexts

The word “attenuation” sometimes applies in other environments besides computer networks. For example, professional sound mixers may use attenuation techniques to manage sound levels when blending different audio recordings together.

PAN – Personal Area Network:

Definition: A personal area network – PAN – is a computer network organized around an individual person. Personal area networks typically involve a mobile computer, a cell phone and/or a handheld computing device such as a PDA. You can use these networks to transfer files including email and calendar appointments, digital photos and music.

Personal area networks can be constructed with cables or wirelessly. USB and FireWire technologies often link together a wired PAN while wireless PANs typically use Bluetooth or sometimes infrared connections. A Bluetooth PAN is also called a piconet, and is composed of up to 8 active devices in a master-slave relationship (a very large number of devices can be connected in “parked” mode). The first Bluetooth device in the piconet is the master, and all other devices are slaves that communicate with the master. A piconet typically has a range of 10 meters, although ranges of up to 100 meters can be reached under ideal circumstances.

Personal area networks generally cover a range of less than 10 meters (about 30 feet).