190 likes | 286 Views
Improving Security in the Cloud by Using Virtual Silos. Dale Wickizer, CTO, U. S. Public Sector NASA IT Summit 2010 National Harbor, MD August 16-18, 2010. Maintaining a Proper Perspective. Maintaining a Proper Perspective. Server Virtualization. Network Virtualization.
E N D
Improving Security in the Cloud by Using Virtual Silos Dale Wickizer, CTO, U. S. Public Sector NASA IT Summit 2010 National Harbor, MD August 16-18, 2010
Maintaining a Proper Perspective Server Virtualization Network Virtualization Storage Virtualization
Federal IT Being Asked to Transform Vivek Kundra, U.S. CIO, http://cio.gov/pages.cfm/page/closing-the-it-gap • FY2012 Budget Guidance • Project Management • Identify and re-scope high-risk projects • IT Infrastructure • Execute FY2010 data center consolidation plans • Adopt cloud computing if best value at acceptable risk • Cyber Security • Fund tools for continuous monitoring of agency IT systems
Cloud ServicesThe deliverable: “what you get” IaaS ITaaS PaaS SaaS StaaS Cloud Computing? What Is It? “It’s cloud illusions I recall. I really don’t know clouds at all.” --Joni Mitchell “Cloud” Generally, “IT as a service” Cloud ComputingA business model for delivering IT as a Service SLA’s
Public CloudsNon-IT Examples:Facebook, iTunes Examples:Yahoo! email (SaaS)Google Apps (SaaS) Public CloudsTraditional IT Examples:Terremark (IaaS) Private ExternalCustomers only Examples:USPTO Teleworks NASA Nebula Private InternalEmployees only Cloud Delivery Vehicles IT as a Service (ITaaS) • General access • Internet delivery • Low security • Low SLAs • Cheap or free PUBLIC Low SLA HYBRID • Limited access • Internet/Intranet delivery • Security & firewalls • Enterprise SLAs • High value PRIVATE High SLA Focus of this Talk
New IT Organization Is The Service Broker • Lower TCO • Acquisition cost • Operating cost • Simplify staff skill sets • Faster Time to Market • Provision faster • New services faster • Lower Business Risk • Consistent Backup/DR Other Agencies Citizens Internal Users Business/Mission Requirements IT Requirements/ Policies The New IT Organization • Benefits • Efficient • Predictable (cost wise) • Elastic and Scalable • Always “ON” • Dynamic IT Services and SLAs Provider Services / SLAs Internal Cloud External Cloud Shared Virtual Infrastructure 7 7 7
Looking At Clouds From Both Sides Service Consumers Service Consumers Expect • Data security and privacy • Self-service • Always on • Instant delivery • Capacity elasticity • Pay as you go Federal IT Must Provide • Secure multi-tenancy • Integrated data protection • Service automation and management • Data mobility • Storage efficiency Applications Servers Management Network Storage
Path to Cloud (ITaaS) IT as a Service Virtualization Is Necessary, But Not Sufficient Self-service Self-Managing Chargeback Automate Standardize Offering Cost Reduction & Flexibility Virtualize & Consolidate Centralize IT, Policy & Management Assess Tasks Ahead; Determine ROI Where Does Your Journey Begin? Time
From Physical to Virtual Silos Internal Multi-Tenant Shared Virtual Infrastructure Zones ofVirtualization on Shared Storage App & Org Silos OutsourcedCloud Services Apps VMs P Servers Network V Storage P Storage Separate Separate High Low Hours Medium Better Better Unified Combined High High Minutes Low Strong Strong Unified Combined High High Minutes Lowest Strong Strong IT Gov IT Budgets Server Util Storage Util Provisioning Costs SLAs Security Separate Separate Low Low Days/Wks Very High Poor Inconsistent + Multi-tenant & Automated + Mobile Virtualized
Secure Multi-Tenancy Reference architecture and deployment guides at http://ImagineVirtuallyAnything.com
Traditional Data Center Transformed Data Center Orchestration Layer “Service Delivery” Transforming Federal Data Centers Systems call API E2E automated User self-service User manual Analyze & Ensure Cost Effective Service ticket Automate service-levels Ordering System Ordering System “Service Broker” manual DepartmentalAdministrator automated ticket System Operations At Scale VMM1 IP Adr. Sheet manual manual SISMCMDB Level 1 Support Datacenter Infrastructure Datacenter Infrastructure CMDB & Billing From 1100* To ?? (A Lot Fewer) *The Ones We Know About
The Layers of Virtualization Server Virtualization API Network Virtualization API Policy-based Management Storage Virtualization API Various 3rd Part Storage Arrays NAS – SAN - FCoE
Data Center Automation Subscriber Service Catalog • High-level Abstraction • Web Service APIs • Offers Storage Services Self Service Portal Dataset Orchestration Tool Storage Architect Service Catalog Application Server Network Workflow Automation Services Provisioning Tool Monitoring Tool SLA Tool Protection Tool Provisioning Monitoring Assurance Data Protection Product View Logical View
Box-level Management Service Level Management Storage Automation & Analytics: “Language” 16
Service Catalog Model I need three 800GB Oracle instances at the Gold service level Service Catalog Network Server Storage OrchestrationFramework Gold Gold Silver Bronze Application Admin Change backup policy for Gold service level to every 4 hours • Reduce opex and capex • Increase agility • Eliminate errors Storage/Backup Admin Protection policies Provisioning policies Resource pool Chargeback metrics
Conclusion Smart IT organizations and service providers will virtualize application stacks and run them on shared infrastructure to drive out cost and provide their customers the control they desire These virtual silos will enable multiple tenants to run securely in a shared, service-based infrastructure Unified architectures at each level in the stack minimize skill sets and processes (lowest cost) and improve architectural flexibility Integrated security and data protection are foundational, to minimize risk
Thank you! Dale Wickizer Chief Technology Officer, U. S. Public Sector, NetApp, Inc. wickizer@netapp.com No IT personnel were harmed in the making of this presentation.