论坛公告:应用容器安全指南(SP800-190)中文版   美国政府宣布禁用卡巴斯基软件   《中华人民共和国网络安全法》讨论帖   新手报到专用帖   【论坛公告】关于本站广告贴泛滥问题的整理通知   

当前时区为 UTC + 8 小时


发表新帖 回复这个主题  [ 4 篇帖子 ] 
作者 内容
 文章标题 : 【开源翻译项目】向公共云迁移对可用性的影响
帖子发表于 : 2012-02-10 09:04 
离线
站长

关注按钮

注册: 2003-11-11 19:30
最近: 2018-05-23 15:51
拥有: 10,296.00 安全币

奖励: 878692 安全币
在线: 107628 点
帖子: 3276
以下是开源翻译项目《公共云计算安全与隐私指南(SP800-144)》(http://bbs.cisps.org/viewtopic.php?f=128&t=29613)第四章第八节的原文及译文对照,感谢lzm_2011辛勤和出色的翻译工作。请大家审阅译文并提出修改意见,我会给与提出修改意见者安全币奖励。

4.8 Availability

4.8可用性

In simple terms, availability is the extent to which an organization’s full set of computational resources is accessible and usable. Availability can be affected temporarily or permanently, and a loss can be partial or complete. Denial of service attacks, equipment outages, and natural disasters are all threats to availability. The concern is that most downtime is unplanned and can impact the mission of the organization.

简单来说,可用性是指一个组织的全部计算资源是可被访问和可使用的程度。可用性可以是暂时地或永久地受影响,损失可以是部分的或全部的。拒绝服务攻击,设备故障,自然灾害都是对可用性的威胁。值得关注的是,大多数的宕机时间是无计划而且会够影响一个组织的主要使命。

Temporary Outages. Despite employing architectures designed for high service reliability and availability, cloud computing services can and do experience outages and performance slowdowns [Lea09]. A number of examples illustrate this point. In February 2008, a popular storage cloud service suffered a three-hour outage that affected its consumers, including Twitter and other startup companies [Dig08, Kri08, Mil08]. In June 2009, a lightning storm caused a partial outage of an IaaS cloud that affected some users for four hours, and in April 2011, a network upgrade attempt caused a serous outage lasting more than twenty-four hours [Met11, Mil09, Pep11a]. Similarly, in February 2008, a database cluster failure at a SaaS cloud caused an outage for several hours, and in January 2009, another brief outage occurred due to a network device failure [Fer09, Goo09a, Mod08]. In March 2009, a PaaS cloud experienced severe degradation for about twenty-two hours due to networking issues related to an upgrade [Cla09, Mic09].

临时的服务中断
尽管采用了高可靠性和可用性的设计架构,云计算服务还是并且确实承受过业务中断和性能下降的影响[Lea09]。有一些例子说明了这一点。 在2008年2月,一个流行的云存储服务遭受了三个小时的业务中断,受影响的消费者包括Twitter和其他创业公司[Dig08,Kri08,Mil08]。 2009年6月​​雷电风暴导致一个IaaS云服务提供商的部分服务中断,一些用户在四个小时内服务受此影响,在2011年4月一次由网络升级的尝试引起的严重服务中断,持续时间超过二十四个小时[Met11,Mil09,Pep11a] 。同样在2008年2月在一个SaaS云数据库群集故障造成中断了几个小时,并且在2009年1月,由网络设备故障由引起了短暂的服务中断[Fer09,Goo09a,Mod08]。 在2009年3月一个PaaS云经历了大约二十二个小时的服务性能严重降级,故障来源于是系统升级相关的网络问题[Cla09,Mic09]。

At a level of 99.95% availability, 4.38 hours of downtime are to be expected in a year. Periods of scheduled maintenance are usually excluded as a source of downtime in SLAs and may be scheduled with short notice from the cloud provider. The level of availability of a cloud service and its capabilities for data backup and disaster recovery need to be addressed in the organization’s contingency and continuity planning to ensure the recovery and restoration of disrupted cloud services and operations, using alternate services, equipment, and locations, if required. Cloud storage services may represent a single point of failure for the applications hosted there. In such situations, the services of a second cloud provider could be used to back up data processed by the primary provider to ensure that during a prolonged disruption or serious disaster at the primary’s facilities, the data remains available for immediate resumption of critical operations.

对99.95%的可用性而言,在一年的时间内预计将有4.38小时宕机。那些定期维修的时间通常是排除在SLA的宕机计算的因素之外的, 通常云提供商会发一个简短的通知来进行安排。一个云服务提供商的可用性水平以及数据备份和灾难恢复能力应该在组织机构的应急和连续性计划中涉及到,以确保本机构的业务的恢复能力以及被中断的云服务和业务,如果需要的话,使用替代的(云)服务,设备,和地点加以解决。云存储服务可能代表一个应用托管的单点故障。在这种情况下,第二个云服务提供商的服务可用于备份的主要供应商所处理的数据,以确保在长时间中断或严重的灾难,在主要的设施,仍然可以立即恢复关键业务数据。

Prolonged and Permanent Outages. The possibility exists for a cloud provider to experience serious problems, like bankruptcy or facility loss, which affect service for extended periods or cause a complete shutdown. For example, in April 2009, the Federal Bureau of Investigation raided computing centers in Texas and seized hundreds of servers, when investigating fraud allegations against a handful of companies that operated out of the centers [Zet09a]. The seizure disrupted service to hundreds of other businesses unrelated to the investigation, but who had the misfortune of having their computer operations collocated at the targeted centers [Zet09a]. A similar raid with much the same result occurred more recently [Sch11]. Other examples of outages are the major data loss experienced in 2009 by a bookmark repository service, and the abrupt failure of an on-line storage-as-a-service provider, who closed without warning to its users in 2008 [Cal09, Gun08]. Changing business conditions may also cause a cloud provider to disband its services, as occurred recently with an online cloud storage service [Sto10].

长期和永久服务中断
一个云服务提供商遇到严重问题的可能性是存在的,因公司破产或设施受损失而使其提供的服务长时间受影响,或导致服务完全关闭。例如,在2009年4月,联邦调查局搜查了得克萨斯州的计算机中心并扣押了数百台服务器,(扣押原因)是为了对少数企业经营中心欺诈指控的调查[Zet09a]。扣押导致数以百计的与调查无关的其他业务服务中断,因为不幸的是这些企业的计算机运维中心也在被调查的目标计算中心里[Zet09a]。最近一个类似的警方搜查也导致了几乎相同的后果[Sch11]。其他服务中断的例子是2009年一个书签库服务的主要数据丢失,以及2008年一个提供在线存储服务的提供商的服务突然失败,在没有任何预先警告用户的情况下关闭了服务[Cal09,Gun08] 。不断变化的商业环境也可能会导致云提供商撤销其服务,如最近发生的一个在线云存储服务的例子[Sto10]。

If an organization relies on a cloud service for data storage and processing, it must be prepared to carry on mission critical operations without the use of the service for periods when the cloud experiences a serious outage. The organization’s contingency plan should address prolonged and permanent system disruptions and support continuity of operations that effect the restoration of essential functions elsewhere. Having policy, plans, and standard operating procedures in place avoids creating an undue reliance on employing cloud services without sufficient recourse.

如果一个组织机构依赖于云服务提供商的数据存储和处理,她必须做好充足的准备,在云服务经历严重的业务中期间使关键任务操作可使用。组织机构的应急计划应该解决长期和永久的系统中断的问题并能够对影响(机构的)其他地方的基本功能恢复的操作提供连续性运行的支持。具有有既定的政策,计划和标准的作业程序,才能避免造成对没有足够的追索权的云服务过分依赖。

Denial of Service. A denial of service attack involves saturating the target with bogus requests to prevent it from responding to legitimate requests in a timely manner. An attacker typically uses multiple computers or a botnet to launch an assault. Even an unsuccessful distributed denial of service attack can quickly consume large amounts of resources to defend against and cause charges to soar. The dynamic provisioning of a cloud in some ways simplifies the work of an attacker to cause harm. While the resources of a cloud are significant, with enough attacking computers they can become saturated [Jen09]. For example, a denial of service attack against a code hosting site operating over an IaaS cloud resulted in more than 19 hours of downtime [Bro09, Met09].

拒绝服务攻击
拒绝服务攻击涉及到利用伪造的请求使(被攻击)目标饱和来阻止对 合法请求做出及时响应。攻击者通常使用多台计算机或一个僵尸网络发动攻击。即使不成功的分布式拒绝服务攻击可以快速消耗大量资源抵御(攻击)从而导致系统维护费用飙升。云在某些方面的动态配置简化了攻击者为达到造成损害的目的而进行的相关的工作量。尽管云资源是庞大的,利用足够的攻击计算机也可以使之饱和[Jen09]。例如,针对在IaaS云上经营托管代码服务的网站的拒绝服务攻击导致超过19小时的宕机[Bro09,Met09]。

In addition to attacks against publicly available services accessible via the Internet, denial of service attacks can occur against internally accessible services, such as those used in cloud management [Mee09, Sla09]. Internally assigned non-routable addresses, used to manage resources within a cloud provider’s network, may also be used as an attack vector. A worst-case possibility that exists is for elements of one cloud to attack those of another or to attack some of its own elements [Jen09].

除了经由互联网取得对提供公共服务访问的攻击,拒绝服务攻击可能会出现在对内部访问的服务,例如那些云管理管理端的(攻击)[Mee09,Sla09]。云提供商的网络中用于管理资源而分配的内部非路由地址,也可能被用来作为攻击载体。一个最坏情况的可能性存在的:一个云的组成元素(服务)攻击其他云或攻击自身的一些组成元素(服务) [Jen09]。


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 【开源翻译项目】向公共云迁移对可用性的影响
帖子发表于 : 2012-02-11 22:53 
离线
中级用户

注册: 2011-11-27 19:21
最近: 2013-10-02 10:02
拥有: 4,283.00 安全币

奖励: 934 安全币
在线: 8828 点
帖子: 69
4.8 Availability
In simple terms, availability is the extent to which an organization’s full set of computational resources is accessible and usable. Availability can be affected temporarily or permanently, and a loss can be partial or complete. Denial of service attacks, equipment outages, and natural disasters are all threats to availability. The concern is that most downtime is unplanned and can impact the mission of the organization.

 Temporary Outages. Despite employing architectures designed for high service reliability and availability, cloud computing services can and do experience outages and performance slowdowns [Lea09]. A number of examples illustrate this point. In February 2008, a popular storage cloud service suffered a three-hour outage that affected its consumers, including Twitter and other startup companies [Dig08, Kri08, Mil08]. In June 2009, a lightning storm caused a partial outage of an IaaS cloud that affected some users for four hours, and in April 2011, a network upgrade attempt caused a serous outage lasting more than twenty-four hours [Met11, Mil09, Pep11a]. Similarly, in February 2008, a database cluster failure at a SaaS cloud caused an outage for several hours, and in January 2009, another brief outage occurred due to a network device failure [Fer09, Goo09a, Mod08]. In March 2009, a PaaS cloud experienced severe degradation for about twenty-two hours due to networking issues related to an upgrade [Cla09, Mic09].

At a level of 99.95% availability, 4.38 hours of downtime are to be expected in a year. Periods of scheduled maintenance are usually excluded as a source of downtime in SLAs and may be scheduled with short notice from the cloud provider. The level of availability of a cloud service and its capabilities for data backup and disaster recovery need to be addressed in the organization’s contingency and continuity planning to ensure the recovery and restoration of disrupted cloud services and operations, using alternate services, equipment, and locations, if required. Cloud storage services may represent a single point of failure for the applications hosted there. In such situations, the services of a second cloud provider could be used to back up data processed by the primary provider to ensure that during a prolonged disruption or serious disaster at the primary’s facilities, the data remains available for immediate resumption of critical operations.

4.8可用性

简单来说,可用性是指一个组织的全部计算资源是可被访问和可使用的程度。可用性可以是暂时地或永久地受影响,损失可以是部分的或全部的。拒绝服务攻击,设备故障,自然灾害都是对可用性的威胁。值得关注的是,大多数的宕机时间是无计划而且会够影响一个组织的主要使命。

临时的服务中断。尽管采用了高可靠性和可用性的设计架构,云计算服务还是并且确实承受过业务中断和性能下降的影响[Lea09]。有一些例子说明了这一点。 在2008年2月,一个流行的云存储服务遭受了三个小时的业务中断,受影响的消费者包括Twitter和其他创业公司[Dig08,Kri08,Mil08]。 2009年6月​​雷电风暴导致一个IaaS云服务提供商的部分服务中断,一些用户在四个小时内服务受此影响,在2011年4月一次由网络升级的尝试引起的严重服务中断,持续时间超过二十四个小时[Met11,Mil09,Pep11a] 。同样在2008年2月在一个SaaS云数据库群集故障造成中断了几个小时,并且在2009年1月,由网络设备故障由引起了短暂的服务中断[Fer09,Goo09a,Mod08]。 在2009年3月一个PaaS云经历了大约二十二个小时的服务性能严重降级,故障来源于是系统升级相关的网络问题[Cla09,Mic09]。

对99.95%的可用性而言,在一年的时间内预计将有4.38小时宕机。那些定期维修的时间通常是排除在SLA的宕机计算的因素之外的, 通常云提供商会发一个简短的通知来进行安排。一个云服务提供商的可用性水平以及数据备份和灾难恢复能力应该在组织机构的应急和连续性计划中涉及到,以确保本机构的业务的恢复能力以及被中断的云服务和业务,如果需要的话,使用替代的(云)服务,设备,和地点加以解决。云存储服务可能代表一个应用托管的单点故障。在这种情况下,第二个云服务提供商的服务可用于备份的主要供应商所处理的数据,以确保在长时间中断或严重的灾难,在主要的设施,仍然可以立即恢复关键业务数据。


--------本帖迄今已累计获得42安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 【开源翻译项目】向公共云迁移对可用性的影响
帖子发表于 : 2012-02-12 16:43 
离线
中级用户

注册: 2011-11-27 19:21
最近: 2013-10-02 10:02
拥有: 4,283.00 安全币

奖励: 934 安全币
在线: 8828 点
帖子: 69
Prolonged and Permanent Outages. The possibility exists for a cloud provider to experience serious problems, like bankruptcy or facility loss, which affect service for extended periods or cause a complete shutdown. For example, in April 2009, the Federal Bureau of Investigation raided computing centers in Texas and seized hundreds of servers, when investigating fraud allegations against a handful of companies that operated out of the centers [Zet09a]. The seizure disrupted service to hundreds of other businesses unrelated to the investigation, but who had the misfortune of having their computer operations collocated at the targeted centers [Zet09a]. A similar raid with much the same result occurred more recently [Sch11]. Other examples of outages are the major data loss experienced in 2009 by a bookmark repository service, and the abrupt failure of an on-line storage-as-a-service provider, who closed without warning to its users in 2008 [Cal09, Gun08]. Changing business conditions may also cause a cloud provider to disband its services, as occurred recently with an online cloud storage service [Sto10].

If an organization relies on a cloud service for data storage and processing, it must be prepared to carry on mission critical operations without the use of the service for periods when the cloud experiences a serious outage. The organization’s contingency plan should address prolonged and permanent system disruptions and support continuity of operations that effect the restoration of essential functions elsewhere. Having policy, plans, and standard operating procedures in place avoids creating an undue reliance on employing cloud services without sufficient recourse.

长期和永久服务中断. 一个云服务提供商遇到严重问题的可能性是存在的,因公司破产或设施受损失而使其提供的服务长时间受影响,或导致服务完全关闭。例如,在2009年4月,联邦调查局搜查了得克萨斯州的计算机中心并扣押了数百台服务器,(扣押原因)是为了对少数企业经营中心欺诈指控的调查[Zet09a]。扣押导致数以百计的与调查无关的其他业务服务中断,因为不幸的是这些企业的计算机运维中心也在被调查的目标计算中心里[Zet09a]。最近一个类似的警方搜查也导致了几乎相同的后果[Sch11]。其他服务中断的例子是2009年一个书签库服务的主要数据丢失,以及2008年一个提供在线存储服务的提供商的服务突然失败,在没有任何预先警告用户的情况下关闭了服务[Cal09,Gun08] 。不断变化的商业环境也可能会导致云提供商撤销其服务,如最近发生的一个在线云存储服务的例子[Sto10]。

如果一个组织机构依赖于云服务提供商的数据存储和处理,她必须做好充足的准备,在云服务经历严重的业务中期间使关键任务操作可使用。组织机构的应急计划应该解决长期和永久的系统中断的问题并能够对影响(机构的)其他地方的基本功能恢复的操作提供连续性运行的支持。具有有既定的政策,计划和标准的作业程序,才能避免造成对没有足够的追索权的云服务过分依赖。


--------本帖迄今已累计获得33安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 【开源翻译项目】向公共云迁移对可用性的影响
帖子发表于 : 2012-02-14 10:58 
离线
中级用户

注册: 2011-11-27 19:21
最近: 2013-10-02 10:02
拥有: 4,283.00 安全币

奖励: 934 安全币
在线: 8828 点
帖子: 69
Denial of Service. A denial of service attack involves saturating the target with bogus requests to prevent it from responding to legitimate requests in a timely manner. An attacker typically uses multiple computers or a botnet to launch an assault. Even an unsuccessful distributed denial of service attack can quickly consume large amounts of resources to defend against and cause charges to soar. The dynamic provisioning of a cloud in some ways simplifies the work of an attacker to cause harm. While the resources of a cloud are significant, with enough attacking computers they can become saturated [Jen09]. For example, a denial of service attack against a code hosting site operating over an IaaS cloud resulted in more than 19 hours of downtime [Bro09, Met09].

In addition to attacks against publicly available services accessible via the Internet, denial of service attacks can occur against internally accessible services, such as those used in cloud management [Mee09, Sla09]. Internally assigned non-routable addresses, used to manage resources within a cloud provider’s network, may also be used as an attack vector. A worst-case possibility that exists is for elements of one cloud to attack those of another or to attack some of its own elements [Jen09].

拒绝服务攻击. 拒绝服务攻击涉及到利用伪造的请求使(被攻击)目标饱和来阻止对 合法请求做出及时响应。攻击者通常使用多台计算机或一个僵尸网络发动攻击。即使不成功的分布式拒绝服务攻击可以快速消耗大量资源抵御(攻击)从而导致系统维护费用飙升。云在某些方面的动态配置简化了攻击者为达到造成损害的目的而进行的相关的工作量。尽管云资源是庞大的,利用足够的攻击计算机也可以使之饱和[Jen09]。例如,针对在IaaS云上经营托管代码服务的网站的拒绝服务攻击导致超过19小时的宕机[Bro09,Met09]。

除了经由互联网取得对提供公共服务访问的攻击,拒绝服务攻击可能会出现在对内部访问的服务,例如那些云管理管理端的(攻击)[Mee09,Sla09]。云提供商的网络中用于管理资源而分配的内部非路由地址,也可能被用来作为攻击载体。一个最坏情况的可能性存在的:一个云的组成元素(服务)攻击其他云或攻击自身的一些组成元素(服务) [Jen09]。


--------本帖迄今已累计获得33安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
显示帖子 :  排序  
发表新帖 回复这个主题  [ 4 篇帖子 ] 

当前时区为 UTC + 8 小时


在线用户

正在浏览此版面的用户:没有注册用户 和 1 位游客


不能 在这个版面发表主题
不能 在这个版面回复主题
不能 在这个版面编辑帖子
不能 在这个版面删除帖子
不能 在这个版面提交附件

前往 :  
cron
华安信达(CISPS.org) ©2003 - 2012