In case you have been wondering what has been keeping me busy, the InfoSec Institute out of Chicago has requested that I write down everything I know about Cloud Computing, and this is turning into an interesting project.
As I am nearing my deadline, and finishing up the book on Advanced Cloud Computing for ISI, I am realizing just how little people really know about setting up and maintaining a cloud computing infrastructure. While people get ideas of virtualization, when you look at virtualized NIC cards, or Virtualized Memory Caches, a lot of folks have no idea what to do with them. Amazon provides some amazingly cool stuff to work with, but dealing with atomic components like GPU’s and CPU’s for a render farm and what works best is a “best guess” for people in how to use them.
The research part of this has been very interesting, because there is such a lack of data on some of the Amazon Cloud Computing components. Amazon of course has an excellent set of white papers on the subject, but little if any real examples in the real world how someone used cloud computing to do something very cool using various components of Amazon’s cloud computing resources.
Looking at things like Amazon’s High Performance computing stack (which would make an awesome render farm for a video game or video company), I would like to see more real world examples of how it has been used, and used to save money or time. Using atomic components for EBS (Elastic Block Storage) like putting an additional NIC card on the EBS system. Or the dangers of using EBS rather than S3, EBS is meant to be temporary while S3 is meant to be more permanent.
Then there are the security implications to S3 that I think some folks forgot about or didn’t realize what they were working with so you could programmatically drunkards walk through someone’s S3 volume without them even knowing about what you were doing. Logging in S3 in some of the real world examples I have seen drew blank stares because they didn’t realize you could log the events on one S3 bucket to another S3 bucket.
That is why I am having so much fun with this book, there are a lot of very cool things you can do, but there are a lot of interesting ways of mucking things up so that you do not get what you were expecting. The state of cloud computing architecture is still fairly primitive even if we are years into the idea, tools are obscure or shoehorned into working in a cloud environment rather than being built from the ground up to be compatible with the cloud environment. And yes that statement alone should get vendors angry with me wanting to assert my statement. But selling a network based IDS/IPS system for the cloud is an interesting prospect given that a company does not have direct access to the network, and cannot really put an IDS/IPS inline to the network even when using a Virtual Private Cloud, the best place for an inline IDS/IPS is still going to be at the company at the entry point for the VPN, not in the Amazon web space.
In all there are a lot of cool things you can do, but there are also a lot of changes in how we think about what we are doing in the cloud. I hope you will be interested in the book when it comes out, because I think it is going to pretty much so rock, and raise interesting questions, and offer interesting solutions to a wide range of issues with cloud computing.
- Why is cloud computing significant for college faculty? (speedofcreativity.org)