July 4 News, the 2012 China Computer Network security conference held in Xian today, wave system software director Zhang published the topic "Wave security controllable cloud computing platform key technology" speech.
Wave System software director Zhang
The following is a transcript of the speech:
Hello everybody, I report the topic is "Tide security controllable cloud computing platform key technology".
As a wave, we are not a professional manufacturer of cloud computing, I think the future of cloud computing will be what kind of development, in this area some key technology is what. It should be said that the concept of cloud computing has been 5, 6 years, in 10 and 11, cloud computing was high, but it fell off last year, but it's not that cloud computing fell out of our spotlight, and now that cloud computing is not as hot as it used to be, everyone thinks that cloud computing is like a new thing coming out, Everyone feels good. Cloud computing into such a period, it turned out that everyone in the hype concept, and then into the mature development process, this is the future development of cloud computing. China's situation, as a wave in the cloud to do earlier manufacturers, we say a very large cloud computing center in China did not form. In the next few years, cloud computing remains a concern for the overall IT development. How to realize autonomous and controllable security system is still a direction of our efforts.
As we understand it, the advent of cloud computing does not bring more problems than we have seen before, and perhaps more things like we put money in the bank. But in this sense, security is still a very important point in cloud computing, how you can implement an autonomous and controllable cloud computing system. The main purpose of cloud computing is to provide services, where the most critical is the application, but to carry these applications we need a solid number of centers, we just talked about how to ensure security, how to improve its efficiency, to start from the data center. Features of future cloud computing data centers, the so-called information technology is to deal with information, your machine heap there, if not to provide external services, then you this pile of machinery will become scrap iron, cloud computing development is the development of data, in the big time, we need a larger pool of resources to store data, The architecture of a unified platform is how I let so many clouds get better at a cloud-computing infrastructure.
At present, from the development trend of cloud computing, IT industry from the beginning, the first to do mechanical manufacturers do anything, this in the 70 's, 80 's time is very common, provide a database, what all provide. But in the 80 's, with the gradual realization of the open architecture, the current situation has shifted to the middle, and it is clear that this level of division is obvious. But after entering the cloud, it is very typical of Apple to appear, so we also put forward our goal, we want to provide a holistic solution of the data center such a trend. In the cloud data center, it may put a lot of things, now our existing budget is not to meet our future development, we have mentioned some new ideas. For example, the first, efficient cloud server. Support a variety of cloud computing application types, can dynamically meet the application resources on-demand, flexible expansion requirements, low-power, high-performance integrated cloud server. The Heterogeneous hybrid architecture is adopted to meet the needs of the cloud computing application resources on demand and dynamic adjustment. It provides common processing, variable acceleration, high density, low power and other triple computing units to meet the needs of computing-intensive, I/o-intensive, number-intensive, and many other types of cloud applications. Adopt the integrated design, improve the power conversion efficiency and heat dissipation efficiency, the overall pue reach below 1.1. Centralize assets, power and fault management, reduce maintenance complexity, and improve device availability. This is still a very professional thing to store, not that I take a server to replace the original storage service mode, in fact, the storage can still make changes in hardware.
Integrated cloud computing data center. Data center construction needs to consider civil engineering, computer room environment construction, system construction and operation maintenance, long cycle and high cost. Integration of data center solutions to provide standardization, modularity, and convenience. A full range of autonomous and controllable cloud computing system software platform. The first is resource allocation, how do I respond to demand, to provide a framework that can flex. What it really needs in terms of the application is the ability to compute, and as a good cloud platform system, what kind of access and processing capabilities do we need to deal with what kind of data you want to handle. In this area, cloud computing also needs to provide such a framework to truly rationally apply reasonable resources. In the entire framework, another framework is the cloud security system, I am more concerned about the security of the virtual resources I provide security, I provide the entire system user management. Computational Virtualization and Network virtualization. Computational Virtualization: Resource Adaptive allocation, resource elasticity expansion, virtual machine mirroring Distributed management mechanism, efficient virtual image creation and access speed. Network virtualization: The whole network Unified switch strategy, efficient snapshot disk format, virtual network distributed snapshots and virtual machine non-stop network consistent snapshot. Distributed file system and continuous data protection. Distributed File System: Metadata distribution, user data distribution, no single point of failure, petabytes of massive data management. Data protection: Continuous data Protection (CDP), any time recovery, supporting databases, applications, file systems, disk count. In fact, in a cloud computing data center, the key is how to make your resources efficient application, how to let your equipment with the lowest consumption to provide a higher service.
In the cloud, in fact, a lot of security problems there is no cloud it is the same, but with the cloud Computing data Center Virtual resource integration, in fact, some more problems, so that these problems more prominent, we want to talk about, how to address these outstanding problems to take some measures. Under the framework of the virtual machine, how can I prove that the virtual machine architecture is safe, in fact, when we use a stand-alone problem is the same, and in the Cloud data center area, this problem will be more prominent. Security-resource security isolation. Add an isolator to the critical path of virtual machine I/O read/write to prevent a malicious user from I/O reading and writing affecting other virtual machine I/O. For each user's virtual cluster, establish a global I/O Scheduler/isolator to provide user-oriented I/O service quality assurance. I/O security scheduling, according to different service teams have different strength of the demand, the application of online real-time conditions of the dynamic demand for resources or capacity changes in the law of rationality and the reasonable range of allowable changes to prevent indirect denial of service attacks. Security-Virtual machine mirroring security management. Virtual machine Integrity metrics, capture system calls, interrupts, exceptions, and other events to implement dynamic metrics for the latest state of the system. Virtual machine Image Security management, complete the virtual machine Image Security Management module developed, in a fully transparent way to detect the user virtual machine access to virtual storage generated by the I/O data stream, detect malicious I/O operations. Split the virtual machine image and securely store it in the database. System operation-Large-scale distributed asset Management, online configuration of heterogeneous resources, support for large scale data center asset Management, establishment of asset management model. Large-scale distributed problem and fault management, automated problem analysis language fault handling model problem Knowledge Base, save the occurrence of fault, and solve the fault method to achieve it operational experience accumulation. troubleshooting, according to the reporting information of the infrastructure, determine what has happened and the underlying causes of potential accidents in the service provided, and eliminate the accident by making a change request.
Dynasty Sea of clouds, focus on China's industry cloud applications, follow the open and standardized technical route, relying on independent innovation, focus on the development of high-end servers, high-density servers and mass storage, such as cloud infrastructure, data center-oriented cloud data center operating system. We propose the concept of industry cloud, which is established and maintained by organizations that play a leading role in the industry or within a region or have key resources, in an open or partially public manner. This ground relies mainly on the wave of hard equipment that our software platform includes in doing cloud servers, cloud storage, including cloud platform setup. At the same time provide fast, flexible, on-demand delivery of cloud services operations. Wave is actively involved in cloud computing standards, since 08 wave in the cloud-related infrastructure, energy-saving systems, security systems and other areas led the drafting of 7 national standards.
My introduction today will be here, thank you.
(Responsible editor: The good of the Legacy)