Cloud computing deployments must be monitored and

managed in order to be optimized for best performance.

Cloud management software provides capabilities for

managing faults, configuration, accounting, performance,
and security; this is referred to as FCAPS.

DMTF's (Distributed Management Task Force) Open Cloud

Standards Incubator.
These fundamental features are offered
by traditional network management
systems:
Administration of resources
Configuring resources
Enforcing security
Monitoring operations
Optimizing performance
Policy management
Performing maintenance
Provisioning of resources
Network management systems acronym FCAPS
Fault
Configuration
Accounting
Performance
Security
Fault Management
• A fault is an event that has a negative significance. The goal of fault
management is to recognize, isolate, correct and log faults that occur in
the network. It also uses trend analysis to predict errors so that the
network is always available. This can be established by monitoring different
things for abnormal behavior.
• When a fault or event occurs, a network component will often send a
notification to the network operator using either a proprietary or
open protocol such as SNMP (such as HP OpenView or Sun Solstice–
formerly Net Manager), to collect information about network devices or at
least write a message to its console for a console server to catch and
log/page. In turn, the management station can be configured to make a
network administrator aware of problems (by email, paging, or on-screen
messages), allowing appropriate action to be taken. This notification is
supposed to trigger manual or automatic activities. For example, the
gathering of more data to identify the nature and severity of the problem or
to bring backup equipment on-line.
Configuration Management
The goals of Configuration Management include:
to gather and store configurations from network devices (this
can be done locally or remotely).
to simplify the configuration of the device
to track changes that are made to the configuration
to configure ('provision') circuits or paths through non-switched
networks
to plan for future expansion and scaling
Accounting Management
• The goal is to gather usage statistics for users.
• Accounting management is concerned with tracking network
utilization information, such that individual users, departments,
or business units can be appropriately billed or charged for
accounting purposes. While this may not be applicable to all
companies, in many larger organizations, the IT department is
considered a cost center that accrues revenues according to
resource utilization by individual departments or business units.
• For non-billed networks, "administration" replaces "accounting".
The goals of administration are to administer the set of
authorized users by establishing users, passwords, and
permissions, and to administer the operations of the equipment
such as by performing software backup and synchronization.
• Accounting is often referred to as billing management. Using the
statistics, the users can be billed and usage quotas can be
enforced. These can be disk usage, link utilization, CPU time,
etc.
Performance Management
Performance management is focused on ensuring that network
performance remains at acceptable levels. It enables the
manager to prepare the network for the future, as well as to
determine the efficiency of the current network.
The network performance addresses the throughput, network
response times, packet loss rates, link utilization, percentage
utilization, error rates and so forth.
Security Management
• Security management is the process of controlling access to
assets in the network.
• Security management is not only concerned with ensuring that a
network environment is secure, but also that gathered security-
related information is analyzed regularly.
• Security management functions include managing network
authentication, authorization, and auditing, such that both
internal and external users only have access to appropriate
network resources.
• Other common tasks include the configuration and management
of network firewalls, intrusion detection systems, and security
policies
 Management Responsibilities
What separates a network management package from a cloud computing management
package is the
“cloudly” characteristics that cloud management service must have:

Billing is on a pay-as-you-go basis.

The management service is extremely scalable.
The management service is ubiquitous.
Communication between the cloud and other systems uses
cloud networking standards.
To monitor an entire cloud computing
deployment stack, you monitor six
different categories:
• 1. End-user services such as HTTP, TCP, POP3/SMTP, and
others
• 2. Browser performance on the client
• 3. Application monitoring in the cloud, such as Apache,
MySQL, and so on
• 4. Cloud infrastructure monitoring of services such as Amazon
Web Services, GoGrid, Rackspace and others
• 5. Machine instance monitoring where the service measures
processor utilization, memory usage, disk consumption, queue
lengths, and other important parameters
• 6. Network monitoring and discovery using standard protocols
like the Simple Network Management Protocol (SNMP),
Configuration Management Database (CMDB), Windows
Management Instrumentation (WMI)
two aspects to cloud management:
Managing resources in the cloud
Using the cloud to manage resources on-premises
When you deploy an application on Google's PaaS App
Engine cloud service, the Administration Console provides you with the following monitoring
capabilities:

• Create a new application, and set it up in your domain.

• Invite other people to be part of developing your
application.
• View data and error logs.
• Analyze your network traffic.
• Browse the application datastore, and manage its
indexes.
• View the application's scheduled tasks.
• Test the application, and swap out versions
Management responsibilities by service model type
Lifecycle management
 1. The definition of the service as a template for creating instances
 Tasks performed in Phase 1 include the creation, updating, and deletion of service
templates.
 2. Client interactions with the service, usually through an SLA (Service Level Agreement)
contract
 This phase manages client relationships and creates and manages service contracts.
 3. The deployment of an instance to the cloud and the runtime management of instances
 Tasks performed in Phase 3 include the creation, updating, and deletion of service
offerings.
 4. The definition of the attributes of the service while in operation and performance of
modifications of its properties
 The chief task during this management phase is to perform service optimization and
customization.
 5. Management of the operation of instances and routine maintenance
 During Phase 5, you must monitor resources, track and respond to events, and
perform reporting and billing functions.
 6. Retirement of the service
 End of life tasks include data protection and system migration, archiving, and service
contract termination.
by most cloud management service
products include the
following:
• • Support of different cloud types

• • Creation and provisioning of different types of cloud

resources, such as machine instances, storage, or staged
applications

• • Performance reporting including availability and uptime,

response time, resource quota usage, and other
characteristics

• • The creation of dashboards that can be customized for a

particular client's needs
Emerging Cloud Management
Standards
• DMTF cloud management standards

• DMTF has created a working group called the Open Cloud

Standards Incubator (OCSI) to help develop
interoperability standards for managing interactions
between and in public, private, and hybrid cloud systems.

• The group is focused on describing resource management

and security protocols, packaging methods, and network
management technologies.
The Service Measurement Index (SMI) is
based on a set of measurement
technologies forming the SMI
It measures cloud-based services in six areas:

 Agility
 Capability
 Cost
 Quality
 Risk
 Security
Securing the Cloud
Areas of cloud computing that were uniquely troublesome:

• Auditing
• Data integrity
• e-Discovery for legal compliance
• Privacy
• Recovery
• Regulatory compliance
In order to evaluate your risks, you need
to
perform the following analysis:
• 1. Determine which resources (data, services, or
applications) you are planning to move to the cloud.
• 2. Determine the sensitivity of the resource to risk. Risks
that need to be evaluated are loss of privacy, unauthorized
access by others, loss of data, and interruptions in
availability.
• 3. Determine the risk associated with the particular cloud
type for a resource. Cloud types include public, private
(both external and internal), hybrid, and shared community
types. With each type, you need to consider where data and
functionality will be maintained.
• . Take into account the particular cloud service model that
you will be using. Different models such as IaaS, SaaS, and
PaaS require their customers to be responsible for security
at different levels of the service stack.
• 5. If you have selected a particular cloud service provider,
you need to evaluate its system to understand how data is
transferred, where it is stored, and how to move data both
in and out of the cloud.
The security boundary
Security service boundary
Securing Data
These are the key mechanisms for protecting data
mechanisms:

• Access control
• Auditing
• Authentication
• Authorization
Brokered cloud storage access
Under this system, when a client makes a request for
data, here's what happens:
1. The request goes to the external service interface (or
endpoint) of the proxy, which has only a partial trust.
2. The proxy, using its internal interface, forwards the
request to the broker.
3. The broker requests the data from the cloud storage
system.
4. The storage system returns the results to the broker.
5. The broker returns the results to the proxy.
6. The proxy completes the response by sending the data
requested to the client.
Establishing Identity and Presence

Cloud computing requires the following:

• That you establish an identity

• That the identity be authenticated
• That the authentication be portable
• That authentication provide access to cloud resources