324 |
K.W.S. Morrison |
18.5 Conclusion
Too often, technological trends focus on what is new and fail to learn the lessons of the past. In the cloud community today, there is a misperception that SOA largely failed and that cloud will be the approach that successfully drives down IT costs and increases agility in the enterprise. In truth, cloud advocates can – and should
– learn from the lessons of SOA. There is much to gain from recognizing cloud computing as an evolutionary step and a logical deployment model for services developed under the principles and guidance of SOA.
The adherents of SOA are careful to promote the discipline not as technology, but as an architectural approach. Technology may not be a perfect realization of the philosophical goals of SOA; however, it is a pragmatic lens through which one can explore the more practical aspects of the discipline, especially when applied to an emerging sector like cloud computing. This chapter was about such a technology.
This chapter proposed the use of SOA PEPs, a security technology with proven value in on-premise SOA, as a means to secure and manage application services residing in the cloud. We found that a number of new challenges arise from the changes in control and operating environment that is inherent to cloud computing. The approach shows promise, though there remain open areas for research, particularly around cloud-based policy repositories and provisioning of PEP instances. Nevertheless, a run time, cloud governance architecture, based on the existing virtualized PEP infrastructure, is a practical and pragmatic approach.
Acknowledgments This author acknowledges the many valuable discussions with Jay Thorne, Director of Development, Tactical Team at Layer 7 technologies.
References
1.Armburst M et al (2009) Above the clouds: a Berkeley view of cloud computing. Electrical Engineering and Computer Sciences University of California at Berkeley. Technical Report No. UCB/EECS-2009-28. 10 Feb 2009
2.Berners-Lee T, Fielding R, Masinter L (2005) RFC 3986 Uniform Resource Identifier (URI): Generic Syntax. IETF
3.Brodie S (2008) Barriers to cloud computing adoption. http://blog.skytap.com/2008/06/barri- ers-to-cloud-computing-adoption/. Accessed 20 June 2010
4.Brunette G et al (2009) Security guidance for critical areas of focus in cloud computing V2.1. Cloud Security Alliance
5.Cameron R, Herdy K, Ehsan A (2009) Parallel bit stream technology as a foundation for XML parsing performance. In: Proceedings of the international symposium on processing XML efficiently: overcoming limits on space, time, or bandwidth. Balisage Series on Markup Technologies, vol. 4 (2009), Montreal, Canada
6.Dierks T, Allen C (1999) The TLS Protocol version 1.0. RFC 2446
7.Fickes M (2005) Validating DOD. Government Security Magazine. http://govtsecurity.com/ mag/validating_dod/. Accessed 20 June 2010
8.Fielding R, Getty J, Mogul J, Frystyk H, Masinter L, Leach P, Berners-Lee T (1999) Hypertext transfer protocol – HTTP/1.1, IETF
18 Technologies for Enforcement and Distribution of Policy in Cloud Architectures |
325 |
9.Fielding RT (2000) Architectural styles and the design of network-based software architectures. Ph.D. thesis, University of California, Irvine
10. Frier A, Karlton P, Kocher P (1996) The SSL 3.0 Protocol, Netscape Communications Corp. 11. Hollis C (2009) Barriers to private cloud adoption. http://chucksblog.emc.com/chucks_
blog/2009/06/barriers-to-private-cloud-adoption.html/.Accessed 20 June 2010
12. Langley K (2008) Cloud computing: get your head in the clouds. http://www.productionscale. com/home/2008/4/24/cloud-computing-get-your-head-in-the-clouds.html/. Accessed 20 June 2010
13. Leventhal M, Lemoine M (2009). The XML chip at 6 years. In: Proceedings of the international symposium on processing XML efficiently: overcoming limits on space, time, or bandwidth. Balisage Series on Markup Technologies, vol. 4 (2009), Montreal, Canada
14. Linthicum D (2009) Cloud computing and SOA convergence in your enterprise: a step-by- step guide. Addison–Wesley, Reading, MA
15.Lingyu W et al (2007) A logic-based framework for attribute based access control. In: Proceedings of the 2004 ACM workshop on formal methods in security engineering, Washington DC, USA
16. Maler E et al (2003) Assertions and protocols for the OASIS security assertion markup language (SAML) V1.1. OASIS Standard, September 2003
17. McIntosh M et al (2009) Basic Security Profile V1.1 Web Service Interoperability Organization
18. Mell P et al (2009) NIST Definition of Cloud Computing. NIST Computer Security Division. http://csrc.nist.gov/groups/SNS/cloud-computing/. Accessed 20 June 2010
19. Monzillo R et al (2006) Web services security: SAML token profile 1.1. OASIS Standard Specification
20. Morrison KS (2009) Steer safely into the clouds: why you must have cloud governance before you move your apps. Layer 7 Technologies
21. Moses T (2005) eXtensible access control markup language (XACML) version 2.0. OASIS Standard
22. Nadalin A et al (2006) Web services security: username token profile 1.1. OASIS Standard Specification
23. Nadalin A et al (2006) Web services security: Kerberos token profile 1.1. OASIS Standard Specification
24. Ness G (2009) The 3 major technology barriers to cloud computing. http://seekingalpha.com/ instablog/275505-gregory-ness/3681-the-3-major-technology-barriers-to-cloud-computing/. Accessed 20 June 2010
25. Reese G (2009) Cloud tips: sending email from an EC2 instance. http://broadcast.oreilly. com/2009/01/sending-email-from-ec2.html/. Accessed 20 June 2010
26. Salz R, Achilles H, Maze D (2009) Hardware and software trade-offs in the IBM DataPower XML XG4 processor card. In: Proceedings of the international symposium on processing XML efficiently: overcoming limits on space, time, or bandwidth. Balisage Series on Markup Technologies, vol. 4 (2009), Montreal, Canada
27. Van Cleave D (2003) MITRE helps the air force implement PKI. The Mitre Digest May 2003 28. ZDnet Interviews (2009) Experts highlight barriers to cloud adoption. http://news.zdnet.co.uk/
internet/0,1000000097,39661584,00.htm/. Accessed 20 June 2010
29. Service-Oriented Architecture (2009) http://en.wikipedia.org/wiki/Service-oriented_architecture Role-based Access Control. http://en.wikipedia.org/wiki/Role-based_access_control. Accessed 20 June 2010
30. Yavatkar R et al (2000) A framework for policy-based admission control RFC2753 Internet engineering task force
Chapter 19
The PRISM On-demand Digital Media Cloud
Terry Harmer, Ron Perrott, and Rhys Lewis
Abstract Over the last 5 years, the digital media sector has undergone a radical change in its business model. An industry once focused on broadcasting to a fixed published schedule must now support an on-demand usage model across a wide range of fixed and network devices using a variety of content formats. This media revolution has brought significant changes to user viewing patterns and demanded significant changes in the broadcaster’s business model. In turn, this has resulted in significant changes to the content creation workflow and radical changes in the infrastructure that is used to support digital media creation, distribution, delivery and archive. For the last 7 years, the Belfast e-Science Centre (BeSC) has worked with the British Broadcasting Corporation (BBC) to research emerging networkcentric technology and their applications within the broadcasting sector. This work pioneered the use of grid technology within the broadcasting sector and evolved, over the last 4 years (the PeRvasive Infrastructure of Services for Media (PRISM) project), into piloting a cloud-based media infrastructure that supports traditional and network-centric access to BBC content. The PRISM media cloud has services and test users across the United Kingdom and brings together owned and on-demand resources to support its user content access services. The service cloud is deployed on demand using owned and on-demand resources, and operates as a dynamic market selecting services based on need and usage criteria. In this chapter, we describe the PRISM cloud and the market ideas that underpin its operation.
T. Harmer (*)
Belfast e-Science Centre, the Queen’s, University of Belfast, Belfast, UK. e-mail: t.harmer@besc.ac.uk
N. Antonopoulos and L. Gillam (eds.), Cloud Computing: Principles, |
327 |
Systems and Applications, Computer Communications and Networks,
DOI 10.1007/978-1-84996-241-4_19, © Springer-Verlag London Limited 2010
328 |
T. Harmer et al. |
19.1 Introduction and Background
Digital media has become a pervasive part of people’s lives. Once video was transmitted to the home and viewed on a television. The focus for the broadcaster was on creating programmes to be broadcast according to a well-defined broadcasting schedule; creating an attractive schedule was an important part of the broadcaster’s business model to ensure success. There were generally few television stations and each targeted a broad audience with peak adult viewing and targeted programmes for children. There has been a rapid expansion in the number of television channels, such as CBeebies children’s channel or the Science Fiction channel, which target increasingly narrower audiences.
In addition, it is now the norm for video to be available on-demand from a range of content providers such as established television broadcasters, offering for example new catch-up services such as the British Broadcasting Corporation’s (BBC’s) iPlayer [6], or newer content providers such as YouTube [14]. This on-demand content is available at home using set-top boxes from cable or satellite providers, and via broadband network connections directly to network enabled in-home devices. It is commonplace that media is downloaded on-demand to a networked device at home or on the move when required; or it might be downloaded to a device and stored for future use. New companies and a new economy have been established that sell and deliver content directly to a user for use on their networked device using the network as the sales and delivery platform, such as Apple’s iTunes Store or Amazon’s Download service.
This media revolution has led to significant changes in the way the industry operates and the resulting workflows. A traditional broadcaster, such as the BBC, must now support a range of user access mechanisms, or platforms, in their day-to- day operation. Their traditionally small number of (schedule-driven) linear broadcasting channels has increased rapidly, from two channels 5 years ago to seven channels today, and they sit alongside cable, satellite, online news services and content on-demand services, and support conventional and high-resolution material. Each of these platforms requires content and metadata management, and they often have different content control access rights. For example, online content from the BBC’s iPlayer is available for 7 days after transmission and only within the UK. A broadcasting infrastructure must manage these platforms efficiently and costeffectively in the cost-sensitive media domain.
What makes digital media an interesting domain to work in is that it is a golden example that combines large-scale data requirements, millisecond-based quality of service (QoS) requirements and high security needs because (to the broadcaster) digital content is its lifeblood. Thus, for example, digital media combines data needs that are currently larger (and rising faster) than that projected for the Large Hadron Collider [1] and must support many millions of users all with high degree of reliability. For any new technology, the digital media domain is a demanding one.
The Belfast e-Science Centre has been working with the BBC for 7 years, researching the use of emerging technology within the broadcasting domain. Initially, BeSC and the BBC pioneered the use of grid technology [2] within the broadcasting