CREATING A CLOUD STRONGHOLD: Strategies and Methods to Manage and Secure Your Cloud

Similar documents
RED HAT CLOUDFORMS. Chris Saunders Cloud Solutions

The Road to Digital Transformation: Increase Agility Building and Managing Cloud Infrastructure. Albert Law Solution Architect Manager

S Automating security compliance for physical, virtual, cloud, and container environments

Red Hat CloudForms Hybrid Cloud Management (CL220)

Orchestrate JBoss Middleware with Ansible Tower Red Hat Summit San Francisco

Automating, Securing, and Managing Cox Automotive's (AutoTrader) Big Data Infrastructure

ENTERPRISE-GRADE MANAGEMENT FOR OPENSTACK WITH RED HAT CLOUDFORMS

L105190: Proactive Security Compliance Automation with CloudForms, Satellite, OpenSCAP, Insights, and Ansible Tower

Red Hat Roadmap for Containers and DevOps

Red Hat Cloud Platforms with Dell EMC. Quentin Geldenhuys Emerging Technology Lead

DEPLOYING NFV: BEST PRACTICES

RED HAT OPENSHIFT A FOUNDATION FOR SUCCESSFUL DIGITAL TRANSFORMATION

THE AUTOMATED ENTERPRISE

Red Hat Containers Roadmap. Red Hat A panel of product directors

Delivering Red Hat OpenShift at Ease on Red Hat OpenStack and RHV

Red Hat CloudForms 4.2

TEN LAYERS OF CONTAINER SECURITY

OPENSTACK Building Block for Cloud. Ng Hwee Ming Principal Technologist (Telco) APAC Office of Technology

INTRODUCING CONTAINER-NATIVE VIRTUALIZATION

Public Cloud - Azure workshop

Enabling Red Hat Virtualization for the Hybrid Cloud

Red Hat CloudForms 4.6

Ansible for Incident Response

BUILDING A PATH TO MODERN DATACENTER OPERATIONS. Virtualize faster with Red Hat Virtualization Suite

FISMA COMPLIANCE FOR CONTAINERIZED APPS

AGILE RELIABILITY WITH RED HAT IN THE CLOUDS YOUR SOFTWARE LIFECYCLE SPEEDUP RECIPE. Lutz Lange - Senior Solution Architect Red Hat

S Implementing DevOps and Hybrid Cloud

Go Faster: Containers, Platforms and the Path to Better Software Development (Including Live Demo)

Automating Security Practices for the DevOps Revolution

Data Center and Cloud Automation

CoreOS and Red Hat. Reza Shafii Joe Fernandes Brandon Philips Clayton Coleman May 2018

Open Hybrid Cloud & Red Hat Products Announcements

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

Speeding Up Infrastructure Provisioning with CloudForms. Jason Dillaman Principal Architect, Red Hat Nick Lane Consultant, Red Hat

ACCENTURE & RED HAT ACCENTURE CLOUD INNOVATION CENTER

Love Containers, Love Devops, Love Openshift, Where's my business case?

AWS Reference Design Document

A10 HARMONY CONTROLLER

SYMANTEC DATA CENTER SECURITY

CLOUD WORKLOAD SECURITY

Red Hat Cloud Infrastructure 1.1

Red Hat CloudForms 4.1 Managing Providers

Backup strategies for Stateful Containers in OpenShift Using Gluster based Container-Native Storage

ACCELERATE APPLICATION DELIVERY WITH OPENSHIFT. Siamak Sadeghianfar Sr Technical Marketing Manager, April 2016

The threat landscape is constantly

Build an open hybrid cloud and paint it red and blue

Building a government cloud Concepts and Solutions

Container Deployment and Security Best Practices

Red Hat CloudForms 4.2

Red Hat CloudForms 4.5

Cisco CloudCenter Use Case Summary

EVERYTHING AS CODE A Journey into IT Automation and Standardization. Raphaël Pinson

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

INDIGO PAAS TUTORIAL. ! Marica Antonacci RIA INFN-Bari

Red Hat Cloud Suite 1.1

Transform Your Business with Hybrid Cloud

WHEN CONTAINERS AND VIRTUALIZATION DO - AND DON T - WORK TOGETHER

A Cloud WHERE PHYSICAL ARE TOGETHER AT LAST

Data safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.

Secure Foundations: Why RHEL isn t just another Linux distribution

The ADC Guide to Managing Hybrid (IT and DevOps) Application Delivery

Orchestrating the Cloud Infrastructure using Cisco Intelligent Automation for Cloud

Qualys Cloud Platform

Best Practices for Monitoring VMware with System Center Operations Manager

Red Hat CloudForms 4.6

Container Management : First Looks

2018 Cisco and/or its affiliates. All rights reserved.

Discover SUSE Manager

No Limits Cloud Introducing the HPE Helion Cloud Suite July 28, Copyright 2016 Vivit Worldwide

Getting Started with AWS Security

Automating the Software-Defined Data Center with vcloud Automation Center

Taming the Multi-Cloud With Simplicity and Openness. Minh Dang Cisco Systems Vietnam 2018 January

A Greybeard's Worst Nightmare

Red Hat CloudForms 4.6

Patching and Updating your VM SUSE Manager. Donald Vosburg, Sales Engineer, SUSE

BUILDING A PRIVATE CLOUD. By Mark Black Jay Muelhoefer Parviz Peiravi Marco Righini

Actual Agility with SDN: Weaving SDN into Data Center Automation May 6, John Burke Principal Research Analyst & CIO

Transform to Your Cloud

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

Red Hat Virtualization

AGENDA. 13:30-14:25 Gestion des patches, du provisionning et de la configuration de RHEL avec Satellite 6.1, par Michael Lessard, Red Hat

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

(Em)Powering Open Hardware with Open Source Software

CHEM-E Process Automation and Information Systems: Applications

Automating Security and Compliance for Hybrid Environments

PUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS

LOG AGGREGATION. To better manage your Red Hat footprint. Miguel Pérez Colino Strategic Design Team - ISBU

That Set the Foundation for the Private Cloud

Cisco Enterprise Cloud Suite Overview Cisco and/or its affiliates. All rights reserved.

Datacenter Security: Protection Beyond OS LifeCycle

Transform Your Business To An Open Hybrid Cloud Architecture. Presenter Name Title Date

Cisco Solution for Private Cloud

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER

Red Hat HyperConverged Infrastructure. RHUG Q Marc Skinner Principal Solutions Architect 8/23/2017

NE Infrastructure Provisioning with System Center Virtual Machine Manager

What s New in Red Hat OpenShift Container Platform 3.4. Torben Jäger Red Hat Solution Architect

AppDefense Getting Started. VMware AppDefense

CLOUD INFRASTRUCTURE ARCHITECTURE DESIGN

Securing Your Cloud Introduction Presentation

70-247: Configuring and Deploying a Private Cloud with System Center 2012

Transcription:

CREATING A CLOUD STRONGHOLD: Strategies and Methods to Manage and Secure Your Cloud Ted Brunell Principal Solution Architect, DoD Programs tbrunell@redhat.com @DoDCloudGuy

AGENDA Overview of Current Security Risks Security In the Hybrid Cloud Governance in Hybrid Clouds Ansible CloudForms Hybrid cloud computing refers to policy-based and coordinated service provisioning, use and management across a mixture of internal and external cloud services. - Gartner IT Glossary 2

TOP IT SECURITY RISKS What is the greatest security risk to your organization? 3 Source: TechValidate survey of 385 users of IT Security

BUSINESS CONCERNS ON SECURITY What is the top business concern for your organization related to security? 4 Source: TechValidate survey of 373 users of IT Security

5 OTHER INTERESTING STATS

THE THREAT DoS - Termination of Guest Activity within an individual guest or host that impacts the ability for the host to effectively run virtual machines Memory Corruption/Leakage Ability to corrupt or access guest memory from outside the constraints of the virtual machine Guest to Host Escape Executing code outside the constraints of a guest virtual machine directly on the host hypervisor on which it s running

7 SECURITY IN THE HYBRID CLOUD Look at the whole picture and integrate existing management systems

SECURITY IN THE HYBRID CLOUD Look at the whole picture and integrate existing management systems Security cannot exist solely at the platform level - but is should still exist Deploy diverse tools that can interoperate Design for diverse and distributed environments Work with existing physical and virtual resources Tools implemented based on requirements and capabilities Able to handle emerging technologies, threats and vulnerabilities 8

9 TAKING ADVANTAGE OF APIs

10 TAKING ADVANTAGE OF APIs

GOVERNANCE IN HYBRID CLOUDS Governance is a set of policies applied to cloud computing services with the goal of securing applications and data. Policy enforcement and remediation through the use of APIs Segmentation of users and resources Tenants and groups within tenants Hardware classification Configuration tracking, auditing and drift-analysis Enforced quotas Shadow IT discovery View relationships between resources and workloads 11

ANSIBLE

WHAT IS ANSIBLE It s a simple automation language that can perfectly describe an IT application infrastructure in Ansible Playbooks. It s an automation engine that runs Ansible Playbooks. Ansible Tower is an enterprise framework for controlling, securing and managing your Ansible automation with a UI and restful API.

WHAT IS ANSIBLE SIMPLE POWERFUL AGENTLESS Human readable automation No special coding skills needed Tasks executed in order Get productive quickly App deployment Configuration management Workflow orchestration Orchestrate the app lifecycle Agentless architecture Uses OpenSSH & WinRM No agents to exploit or update More efficient & more secure

PLAYBOOK EXAMPLE --- - name: install and start apache hosts: all vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: install httpd yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf - name: start httpd service: name=httpd state=running

CONFIG MANAGEMENT Centralizing configuration file management and deployment is a common use case for Ansible, and it s how many power users are first introduced to the Ansible automation platform. APP DEPLOYMENT When you define your application with Ansible, and manage the deployment with Tower, teams are able to effectively manage the entire application lifecycle from development to production. PROVISIONING Your apps have to live somewhere. If you re PXE booting and kickstarting bare-metal servers or VMs, or creating virtual or cloud instances from templates, Ansible and Ansible Tower help streamline the process. CONTINUOUS DELIVERY Creating a CI/CD pipeline requires buy-in from numerous teams. You can t do it without a simple automation platform that everyone in your organization can use. Ansible Playbooks keep your applications properly deployed (and managed) throughout their entire lifecycle. SECURITY & COMPLIANCE When you define your security policy in Ansible, scanning and remediation of site-wide security policy can be integrated into other automated processes and instead of being an afterthought, it ll be integral in everything that is deployed. ORCHESTRATION Configurations alone don t define your environment. You need to define how multiple configurations interact and ensure the disparate pieces can be managed as a whole. Out of complexity and chaos, Ansible brings order.

ENTERPRISE IMPACT TEAM IMPACT ENTERPRISE IMPACT + Save time and be more productive + Overcome complexity + Eliminate repetitive tasks + More resources for innovation + Fewer mistakes & errors + Increase accountability and compliance + Improve collaboration and job satisfaction + A culture of success

CLOUDFORMS

CLOUDFORMS DELIVERS SERVICES ACROSS HYBRID ENVIRONMENTS SERVICE AUTOMATION Streamline complex service delivery processes, saving time and money. POLICY & COMPLIANCE Draws on continuous monitoring and deep insights to raise alerts or remediate issues. OPERATIONAL VISIBILITY Complete lifecycle and operational management that allows IT to remain in control. UNIFIED HYBRID MANAGEMENT Deploy across virtualization, private cloud, public cloud and container-based environments. 19

AN EVOLUTIONARY PATH TO HYBRID CLOUD Service Automation Policy & Compliance Operational Visibility Unified Hybrid Management CONTAINERS Red Hat Atomic OpenShift by Red Hat VIRTUALIZATION PRIVATE CLOUD PUBLIC CLOUD VMware Microsoft Hyper-V Red Hat Virtualization Red Hat Openstack Platform Amazon Web Services Windows Azure Google Cloud Platform SOFTWARE DEFINED NETWORKING 20

CLOUDFORMS FEATURES AGENTLESS, VIRTUAL APPLIANCE WEB-BASED, SELF-SERVICE, ADMIN AND OPERATIONS MULTI-TENANT AND MULTI-LOCATION NON-INVASIVE, EASY MAINTENANCE ACCESS FROM ANY BROWSER SECURELY SHARE INFRASTRUCTURE PLUGABLE API FRAMEWORK HORIZONTALLY SCALABLE, LOAD-BALANCED ROLE-BASED ACCESS CONTROL AND ENTITY TAGGING EASY TO INTEGRATE AND EXTENSIBLE TO OTHER PLATFORMS HIGHLY SCALABLE, HIGHLY AVAILABLE WITH FAILOVER AND FALLBACK SEGMENT USER ACCESS AND DRIVE COMPLIANCE, CONTROL AND REPORTING 21

ADVANCED VIRTUALIZATION MANAGEMENT Service Automation Policy & Compliance Operational Visibility Unified Hybrid Management CONTAINERS Red Hat Atomic OpenShift by Red Hat VIRTUALIZATION PRIVATE CLOUD PUBLIC CLOUD VMware Microsoft Hyper-V Red Hat Virtualization Red Hat Openstack Platform Amazon Web Services Windows Azure Google Cloud Platform SOFTWARE DEFINED NETWORKING 22

SELF-SERVICE DELIVERY Create service delivery catalogs for users to choose the services the services that they need to deploy. Shopping cart functionality allows multiple services to be requested at one time. Service requests can be routed for approval. 23

AUTOMATED PROVISIONING Automatically deploys and configures requested services on any infrastructure platform. Automation steps can be codified in Ansible playbooks or natively in CloudForms. Integration to external IT systems allows CloudForms to automate all process steps. 24

TRANSFORMATION TO PRIVATE CLOUD Service Automation Policy & Compliance Operational Visibility Unified Hybrid Management CONTAINERS Red Hat Atomic OpenShift by Red Hat VIRTUALIZATION PRIVATE CLOUD PUBLIC CLOUD VMware Microsoft Hyper-V Red Hat Virtualization Red Hat Openstack Platform Amazon Web Services Windows Azure Google Cloud Platform SOFTWARE DEFINED NETWORKING 25

LIFECYCLE MANAGEMENT Ongoing tracking of virtual instances ensures continual visibility. Complete operational control over virtual instances, including power operations and virtual console access. Automated lifecycle policies for scheduled retirement and archiving. 26

ROOT CAUSE ANALYSIS View instance performance and resource usage over time to pinpoint problem initiation. Quickly compare system state against known good state or other systems. Navigate across relationships and drill down infrastructure layers to identify underlying causes. 27

PERFORMANCE AND CAPACITY MANAGEMENT Continuous data gathering for both greenfield and brownfield deployments. Resource utilization tracking and right-size recommendations. Projection and what if tools aid in future planning. 28

PERFORMANCE AND CAPACITY MANAGEMENT Service Automation Policy & Compliance Operational Visibility Unified Hybrid Management CONTAINERS Red Hat Atomic OpenShift by Red Hat VIRTUALIZATION PRIVATE CLOUD PUBLIC CLOUD VMware Microsoft Hyper-V Red Hat Virtualization Red Hat Openstack Platform Amazon Web Services Windows Azure Google Cloud Platform SOFTWARE DEFINED NETWORKING 29

POLICY ENFORCEMENT Continuous discovery and deep SmartState inspection of virtual instances. Policy violations can raise alerts or be remediated automatically. Policy can be applied uniformly or based on virtual instance criteria. 30

QUOTAS AND CHARGEBACK Rate schedules per platform and per tenant with multi-tiered and multi-currency support. Quota set by user, role and tenant and apply to compute, memory and storage resources. Monitor resource usage and report based on workload or tenant. 31

CONTAINER AND CLOUD NATIVE WORKLOADS Service Automation Policy & Compliance Operational Visibility Unified Hybrid Management CONTAINERS Red Hat Atomic OpenShift by Red Hat VIRTUALIZATION PRIVATE CLOUD PUBLIC CLOUD VMware Microsoft Hyper-V Red Hat Virtualization Red Hat Openstack Platform Amazon Web Services Windows Azure Google Cloud Platform SOFTWARE DEFINED NETWORKING 32

VIRTUALIZATION MANAGEMENT Provision from clone of existing VM instance or template. View VM genealogy and track VM drift from established configurations. Execute VM power operations and retire VM instances. 33

CLOUD MANAGEMENT View virtual instance inventory and manage across regions and availability zones. Provision virtual instances, storage and networking. Monitor and respond to events. 34

CONTAINER MANAGEMENT View connections from the container all the way down through the underlying infrastructure in one interface. Apply automation rules and enforce policies for deployed containers. Scan containers for known vulnerabilities with OpenSCAP. 35

OPS HAS CHANGED. The next I.T. is never static. Collaboration is now a requirement. Security is non-negotiable. The platform is hybrid. Digital innovation is the goal. HOW YOU MANAGE OPS HAS TO CHANGE, TOO.

THANK YOU plus.google.com/+redhat facebook.com/redhatinc linkedin.com/company/red-hat twitter.com/redhatnews youtube.com/user/redhatvideos

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback