Building Hybrid Clouds

Similar documents
Transform to Your Cloud

Operating the Cloud to Deliver Business Value. Dr Liam Keating IT Director, Intel APAC

Enterprise Cloud Computing. Eddie Toh Platform Marketing Manager, APAC Data Centre Group Cisco Summit 2010, Kuala Lumpur

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

Cloud Transformation: Data center usage models driving Cloud computing innovation. Jake Smith, Advanced Server Technologies Data Center Group Intel

3 years of OpenStack with Intel IT

The Latest EMC s announcements

Enterprise & Cloud Security

Cloud Essentials for Architects using OpenStack

Matrix IT work Copyright Do not remove source or Attribution from any graphic or portion of graphic

Security Readiness Assessment

Exam C Foundations of IBM Cloud Reference Architecture V5

Cisco Unified Data Center Strategy

Enabling Fast IT. In the IoE era. Alberto Degradi DCV Sales Leader. November 2014

Demystifying the Cloud With a Look at Hybrid Hosting and OpenStack

The Oracle Trust Fabric Securing the Cloud Journey

Cloud without Compromise - Continuous Innovation for Growth

2-4 April 2019 Taets Art and Event Park, Amsterdam CLICK TO KNOW MORE

Journey to the Private Cloud

Accelerate your Software Delivery Lifecycle with IBM Development and Test Environment Services

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

An Open Architecture for Hybrid Delivery

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Cloud Computing An IT Paradigm Changer

Network Implications of Cloud Computing Presentation to Internet2 Meeting November 4, 2010

Anything-as-a-Service. Name

Orchestrating the Cloud Infrastructure using Cisco Intelligent Automation for Cloud

De kracht van IBM cloud: hoe je bestaande workloads verhuist naar de cloud

CHEM-E Process Automation and Information Systems: Applications

Module Day Topic. 1 Definition of Cloud Computing and its Basics

Please give me your feedback

Cloud Computing: Making the Right Choice for Your Organization

CLOUD SECURITY CRASH COURSE

Taking your next integration or BPM project to the cloud WebSphere Integration User Group, 12 July 2012 IBM Hursley

Technology for a Changing World

ArcGIS in the Cloud. Andrew Sakowicz & Alec Walker

Extend your datacenter with the power of Citrix Open Cloud

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

What is Dell EMC Cloud for Microsoft Azure Stack?

Supporting the Cloud Transformation of Agencies across the Public Sector

The Software Driven Datacenter

Cloud Computing Introduction & Offerings from IBM

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Managing the Journey Through the Clouds

Accelerate Your Enterprise Private Cloud Initiative

Getting Hybrid IT Right. A Softchoice Guide to Hybrid Cloud Adoption

Automating the Software-Defined Data Center with vcloud Automation Center

How to Keep UP Through Digital Transformation with Next-Generation App Development

Securing Your Cloud Introduction Presentation

Part III: Evaluating the Business Value of the Hybrid Cloud

Transform Your Business To An Open Hybrid Cloud Architecture. Presenter Name Title Date

How Hybrid Cloud Accelerates IT Transformation

MySQL CLOUD SERVICE. Propel Innovation and Time-to-Market

EMC Strategy Overview: Journey To The Private Cloud

The IBM Platform Computing HPC Cloud Service. Solution Overview

Data Center and Cloud Automation

The intelligence of hyper-converged infrastructure. Your Right Mix Solution

REDEFINING THE ENTERPRISE

Accelerate your Azure Hybrid Cloud Business with HPE. Ken Won, HPE Director, Cloud Product Marketing

The End of Storage. Craig Nunes. HP Storage Marketing Worldwide Hewlett-Packard

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION

Fast IT - Policy Driven Infrastructure for the Intercloud World

Hybrid Cloud Solutions

Converged Cloud and Digital Transformation: A Strategy for Business Success

Vblock Infrastructure Packages: Accelerating Deployment of the Private Cloud

Cloud Builders. Billy Cox. Director Cloud Strategy Software and Services Group

Build your own Cloud on Christof Westhues

VMware Hybrid Cloud Solution

Introducing VMware Validated Design Use Cases. Modified on 21 DEC 2017 VMware Validated Design 4.1

Bringing OpenStack to the Enterprise. An enterprise-class solution ensures you get the required performance, reliability, and security

TRANSFORMING TO IT-AS-A- SERVICE

#techsummitch

DevOps and Continuous Delivery USE CASE

Automating the Software-Defined Data Center with vcloud Automation Center

Powering Transformation With Cisco

Automating the Software-Defined Data Center with vcloud Automation Center

Driving Business Outcomes: Cisco Data Center Innovation and Solutions

VMWARE CLOUD FOUNDATION: THE SIMPLEST PATH TO THE HYBRID CLOUD WHITE PAPER AUGUST 2018

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

Cloud Computing: The Next Wave. Matt Jonson Connected Architectures Lead Cisco Systems US and Canada Partner Organization

Enabling Your Cloud with VMware. Rob Rowe Jason Kuipers

NS2 Cloud Overview The Cloud Built for Federal Security and Export Controlled Environments. Hunter Downey, Cloud Solution Director

Application Centric Microservices Ken Owens, CTO Cisco Intercloud Services. Redhat Summit 2015

Architecting Microsoft Azure Solutions (proposed exam 535)

SOFTWARE PLATFORM INFRASTRUCTURE. as a Service. as a Service. as a Service. Empower Users. Develop Apps. Manage Machines

Practical Guide to Platform as a Service.

Qualys Cloud Platform

Transforming IT: From Silos To Services

HPE IT Operations Management (ITOM) Thought Leadership Series

Digital Transformation with HPE Cloud Management October 26, Copyright 2016 Vivit Worldwide

Realities and Risks of Software-Defined Everything (SDx) John P. Morency Research Vice President

Securing the Cloud Today: How do we get there?

PUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS

RED HAT CLOUD STRATEGY (OPEN HYBRID CLOUD) Ahmed El-Rayess Solutions Architect

I D C T E C H N O L O G Y S P O T L I G H T. V i r t u a l and Cloud D a t a Center Management

Why the cloud matters?

Leveraging cloud for real business transformation

Automating Security Practices for the DevOps Revolution

CSP 2017 Network Virtualisation and Security Scott McKinnon

David Bernstein June 2012

Transcription:

Building Hybrid Clouds Manjunath Kanale Mahabhaleshwar Enterprise Architect, Intel IT 20th, August 2013

Agenda Definition Cloud Direction Maturity Demand Drivers Journey IAAS ( Infrastructure as Service) Securing Cloud services Recap 2

What the Cloud Means to Intel IT Delivering a highly available computing environment where secure services and data are delivered on-demand to authenticated devices and users utilizing a shared, elastic infrastructure that concurrently supports multiple tenants Attributes 1 On-demand self-service Broad network access Rapid elasticity Measured service Resource pooling Shared multiple tenants Service Models Software as a Service: on-demand packaged sw Platform as a Service: on-demand sw development and hosting Infrastructure as a Service: on-demand compute infrastructure Delivery Models Public, Private, or Hybrid Hybrid Cloud The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability 3

Intel IT Cloud Strategic Direction Deliver the necessary changes in how we expose applications/data to improve end user productivity Drive the transformation to a large-scale automated Hybrid Cloud infrastructure Accelerate the transformation of the Enterprise IT industry to Cloud 4

Intel and Industry Cloud Maturity End User App Dev App Owner Simple SaaS (e.g. exp reports) Legacy Apps Simple Compute IaaS Simple SaaS (e.g. exp reports) Cloud Aware Apps Legacy Apps Complex Compute IaaS Simple Compute IaaS Complex SaaS (e.g. B2B) Cloud Aware Apps Legacy Apps Private PaaS 5 Hybrid SaaS Cloud Aware Apps Legacy Apps Hybrid PaaS Federated and Open Cloud IT Ops Compute, Storage, and Network Compute, Storage, and Network Full Private IaaS Hybrid IaaS Consumers Minimal Industry Solutions Early Industry Solutions Open Industry Materializes Industry Normalizing Industry Normalized? 2010 Intel Cloud 1.0 2011 Intel Cloud 1.5 2012 Intel Cloud 2.0 2013 Intel Cloud 2.5 2014 Intel Cloud 3.0 In 2013 Hybrid applications are the norm enabling low latency, lowest cost, improved security, and seamless data sharing between services for end user productivity. 1 Intel IT future state goals subject to change as of June 2011 5

Demand Drivers Comparison Traditional Drivers Cloud Aware Drivers 1. Incremental Velocity Increase <3hrs good enough 70 day app release Bureaucracy normal 2. More Lifecycle Automation Reduce Downtime costs Reduce Ops labor time 3. Incremental Reliability Increase 99.7% Downtimes are normal and expected 4. Growth is linear Linear employee growth Linear Data Growth 1. Significant Velocity Increase Grow/shrink 20x in hours/minutes Need to release apps in days/weeks No patience for bureaucracy 2. All Components need Automation Expect APIs for all IT Services Manual is not an option 3. Significant Reliability Increase 99.99% Consumers expect always on 4. Growth is potentially exponential Consumers can grow without warning Massive increase in connected devices 5. Cost of Platform can impact Profit 5. Cost of Platform acceptable Traditional IT incremental improvements Cloud Aware requiring exponential improvements 6

Challenges Building applications to take the advantage of Hybrid cloud Security Policy and Management Strong auditing and reporting Capacity Utilization/Performance Analytics Significant multi-tenant sharing (flatten out peaks/valleys of usage) Most SW developers oblivious to HW below them Manageability/Automation Homogenous resources are easier to manage at scale Most IT shops are trying to simplify Workforce planning Support and Manage Cloud integration infrastructure Software development changes 7

Intel s Cloud Journey Today Tomorrow Large Private Cloud Limited Public Cloud Hybrid Cloud 76%+ Virtualized 80% of New Services in the Cloud Under 1 Hour to Deploy Infrastructure Small number of SaaS apps in usage Land Applications in Minutes Automation: Lower Cost with Less Resources Open Cloud for Bursting Capacity SaaS for non-differentiated apps 8

Infrastructure as a Service

Physical Infrastructure Infrastructure As a Service Monitoring As a Service Interfaces IaaS What is it? Developers/App Owners consuming all Infrastructure as Web Services Infrastructure exposed as APIs and UI to enable on-demand self-service Supporting everything from discovery, order, to deletion of Infrastructure services GUI (Graphical User Interface) API (Application Programming Interface) Manageability Watcher (e.g. Nagios * ) Decider (internal) Actor (e.g. Puppet * ) Collector (tbd) Cloud Operating Environment Dashboard Service Catalog Compute OS Images Block Storage Object Storage Network From innovative idea to production service in less than a day. Compute Storage Network 10

Intel IT Hybrid Cloud INTEL SITE A POD POD POD INTEL SITE B POD POD POD EXTERNAL PROVIDER POD POD POD GLB INTERNET Fully Meshed VPN Tunnels Focus Area Technical Operational Business Key Aspects Active/Active App Design- SW Design for Failure Unified Monitoring/Manageability/Authentication IT Service broker handling cloud on-boarding internal and external IT handling basic IaaS container levels externally, covering all IaaS internally Single contract with Intel IT funding and showback to BUs Liability/Indemnification at acceptable levels for associated risk 11

Intel IT Open Cloud - Details OPEN CLOUD HOSTING ENVIRONMENT COMPUTE NODES Cloud Controller Services Volume Controller Network Controller Tenant x Scheduler Tenant 2 Databases API Tenant 1 Hosting Services Domain Controllers DNS Automation Security Services Key Technologies Cloud OpenStack Essex Monitoring Nagios Configuration Puppet Hosts Intel Xeon 5600 Blades Network 10GBe Storage Scale out on 2U Integration with Support Desk and other Ops capabilities NETWORK FABRIC Load Balancer STORAGE NODES REMOTE DESKTOP SERVICE Load Balancer INTERNET ICC VPN Tunnel INTEL DMZ/ENCLAVE ENVIRONMENT CENTRALIZED MONITORING AND MANAGEMENT Patch Management Package Repository Rialto-l Monitoring ICC Firewalls Running cutting edge Web Services, on a predominantly open source cloud. 12

Securing the Cloud Services

IaaS PaaS SaaS Cloud Security Control Stack Platform security Infrastructure security Data protection Security Management Identity & Access management Configuration management Resource provisioning Capacity management Release management Service Availability Application Application security Software platform Operating system Hypervisor Hardware Storage Network Data Center Facility Physical security IaaS PaaS SaaS Agency Responsibility CSP Responsibility 14

2 Separate Risk Areas Provider Risk Posture Tenant Risk Posture Risk to Determine acceptable level of Risk to Intel and then adjust controls at CSP And Tenant level to reach goal. Risks and Controls for the Service Model (what the CSP provides) and for the Tenant usage must be measured separately. 15

IT Cloud Security Goals Assign Provider and Tenant different classes of risk based on controls they can provide Need to get a complete picture need to combine risk Provider Risk Posture Tenant Risk Posture Risk to Qualification Usage Example Required Controls Bronze Minimum Enterprise requirement Cloud security provider poses minimal Tenant s application has minimum security controls Silver Business Important CSP implements validated methods plus added controls (e.g., DDOS, code audits, certifications) Tenant s application has additional controls Gold Platinum Biz or Mission Critical or High data classification Foundational Security services CSP has implemented Enterprise requirements Tenant s application has well documented security implementation and controls CSP raises the bar, provides high assurance Tenant s application has maximum security controls. 16

Cloud Service Provider Controls Areas Controls Governance Training, Regulatory Controls, Investigations, E-D, Audits Secured Datacenters Data Location Secured Brokers and Support Applications Tools, Automation and accounts are hardened and logically isolated privileged accounts Code Auditing Data Protection Control of VM Images and Data Encryption* DLP Monitoring Security Monitoring and Alerting Security Logging (including Infrastructure and Management component Intrusion Detection Network, Host, Management, intra-host Hardened Management and Control Infrastructure Privileged Access Control Bastion Chokepoints Multi-factor access control Cloud Service Providers not only need specific controls but the controls must integrate with our enterprise controls. 17

Tenant Controls Areas Controls Governance Cloud Security Training Regulatory Controls, Investigations, E-D, Audits Data Location Secured Brokers and Support Applications Data Protection Control of VM Images and Data Encryption DLP Tools, Automation and accounts are hardened and logically isolated privileged accounts Code Auditing Identity management Lifecycle Logging Multi-factor authentication Privilege of services and automation Application layer Intrusion Detection Granular access control Control over Privileged activity Isolation (logical or physical) Application and Platform hardening Detect malicious activity at the application layer (WAF, mod_security) Security Groups, Vlans, VPC, else SDLC, Pre-launch code audits, pen test Tenants need to take some ownership of their own security controls and not rely on the provider 18

Recap and Summary

Wrap Up Our Direction- Federated, Interoperable and Open Cloud Transforming Data Center to Open APIs Exposing Specialized HW through Open APIs True Autonomics possible making the Decider brilliant Build more and more Cloud aware applications Enterprise IT will change massively in next 2-5 years 20

Resources for You Engage with ODCA Learn about usage models Use the RFP Tool www.opendatacenteralliance.org Over 300 Global IT leaders representing over $100B in annual IT spend Learn more about IT@Intel best practices www.intel.com/it Please check APM( Application Performance management) Poster 21 Please contact me if any thing required. Manjunath.k.mahabhaleshwar@intel.com

Rules of Cloud Aware Apps Software Developer Changes http://www.opendatacenteralliance.org/docs/devcloudcapapp.pdf Shift to stateless cloud services Assume and design for failure at all layers Scale horizontally Scaling up always has a break point, scaling horizontally ensures greater scalability (close to infinite if you remove app bottlenecks) Eventual consistency at the data layer Shift to DevOps or NoOps model Set rules/automation for desired effects, utilize APIs, continue to assume failure Developers involved in creating automation/remediation for production Developer and IT partnered to create agile and highly available services Never wait on IT, never wait on other software developers IT Infrastructure team should seem invisible Implement true Web services for consumption 23

What s Ahead for Cloud At Intel? Past (2009) Traditional Office & Enterprise Design Grid Current (2013) Distinct Clouds Office/Enterprise /Services Design Future Goals Federated Clouds Public Public 80% Effective Asset Utilization Velocity for Service Provisioning Zero Business Impact Pervasive virtualization (75%) Enterprise app virtualization Secure virtualization Larger pools in fewer data centers On-demand self-service the norm Innovative idea to production <day Provision VMs within minutes External Cloud for burst demand Automated sourcing decisions Application design for failure Reduce MTTR Increase availability Automated, end-to-end service-managed Cloud 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback