improving security in the cloud by using virtual silos dale wickizer, cto, u. s. public sector nasa...

Improving Security in the Cloud by Using Virtual Silos

Dale Wickizer,CTO, U. S. Public Sector

NASA IT Summit 2010National Harbor, MDAugust 16-18, 2010

© 2010 NetApp. All rights reserved.

Maintaining a Proper Perspective

2

© 2010 NetApp. All rights reserved. 3

Maintaining a Proper Perspective

Server Virtualization

Network Virtualization

Storage Virtualization


Federal IT Being Asked to Transform

FY2012 Budget Guidance– Project Management

Identify and re-scope high-risk projects

– IT Infrastructure Execute FY2010 data center consolidation

plansAdopt cloud computing if best value at

acceptable risk

– Cyber Security Fund tools for continuous monitoring of

agency IT systems

4

Vivek Kundra, U.S. CIO, http://cio.gov/pages.cfm/page/closing-the-it-gap


Cloud Computing? What Is It?

“Cloud” Generally, “IT as a service”

Cloud Computing A business model for delivering IT as a Service

Cloud Services The deliverable: “what you get”

IaaS PaaS SaaS StaaS

ITaaS

“It’s cloud illusions I recall. I really don’t know clouds at all.” --Joni Mitchell

SL

A’s


Cloud Delivery Vehicles

IT as a Service (ITaaS)

PU

BLI

CP

RIV

AT

E

Public Clouds Non-IT

Examples: Facebook, iTunes

Public Clouds Traditional IT

Examples: Yahoo! email (SaaS)Google Apps (SaaS)

Private External Customers only

Private Internal Employees only

Examples: Terremark (IaaS)

Examples: USPTO TeleworksNASA Nebula

General access Internet delivery Low security Low SLAs Cheap or free

Limited access Internet/Intranet delivery Security & firewalls Enterprise SLAs High value

Low

SL

A

Hig

h S

LA

HY

BR

ID

Focus of this Talk


Internal Cloud

New IT Organization Is The Service Broker

Internal Users

CitizensOther

Agencies

External Cloud

Lower TCO– Acquisition cost

– Operating cost

– Simplify staff skill sets

Faster Time to Market– Provision faster

– New services faster

Lower Business Risk– Consistent Backup/DR

IT Services and SLAs

IT Requirements/ Policies

Benefits Efficient Predictable (cost wise) Elastic and Scalable Always “ON” Dynamic

Business/Mission Requirements

Provider Services / SLAs

The New IT OrganizationShared Virtual Infrastructure


Looking At Clouds From Both Sides

Service Consumers Expect Data security and privacy Self-service Always on Instant delivery Capacity elasticity Pay as you go

Federal IT Must Provide Secure multi-tenancy Integrated data protection Service automation and management Data mobility Storage efficiency

Applications

Servers

Network

Storage M

an

age

me

nt

Service Consumers

8


Path to Cloud (ITaaS)

9

Co

st

Red

uc

tio

n &

Fle

xib

ility

Time

IT as a Service

IT as a Service

Virtualize &Consolidate

Centralize IT, Policy & Management

StandardizeOffering

AutomateSelf-serviceSelf-ManagingChargeback

Assess Tasks Ahead; Determine ROI

Where Does Your Journey Begin?

Virtualization Is Necessary,But Not Sufficient


OutsourcedCloud Services

UnifiedCombined

HighHigh

MinutesLowestStrongStrong

Internal Multi-Tenant

Shared Virtual Infrastructure

UnifiedCombined

HighHigh

MinutesLow

StrongStrong

Zones ofVirtualization on Shared Storage

SeparateSeparate

HighLow

HoursMediumBetterBetter

10

From Physical to Virtual Silos

P Storage

P Servers

Apps

Network

App & Org Silos

Virtualized + Multi-tenant & Automated

VMs

V Storage

IT GovIT BudgetsServer UtilStorage UtilProvisioningCostsSLAsSecurity

SeparateSeparate

LowLow

Days/WksVery High

PoorInconsistent

+ Mobile


Security #1 Concern for Cloud


Secure Multi-Tenancy

12

Reference architecture and deployment guides at http://ImagineVirtuallyAnything.com


Transforming Federal Data Centers

© SAP 2009 /

SAP Manage

d Services / Page

13

Traditional Data Center Transformed Data Center

User

DepartmentalAdministrator

manual

ticket

manual

Ordering System

manual

Level 1 Support

manual

IP Adr. Sheet

SISMCMDB

DatacenterInfrastructure

ticket

VMM1

Userself-service

automated

CMDB &Billing

Ordering System“Service Broker”

Orchestration Layer“Service Delivery”

DatacenterInfrastructure

Systems call APIE2E automated

Automate service-levels

Analyze & Ensure

Cost EffectiveService

SystemOperations

At Scale

From 1100* To ?? (A Lot Fewer)*The Ones We Know About


The Layers of Virtualization

API

Po

licy-

ba

sed

Man

ag

emen

t

Network Virtualization

Server Virtualization

API

API

Various 3rd Part Storage Arrays

NAS – SAN - FCoE

Storage Virtualization


Data Center Automation

Service Catalog

Services

Storage Architect

Orchestration ToolOrchestration Tool

Self ServicePortal

Self ServicePortal

Subscriber

Pro

visi

onin

g

Dat

a P

rote

ctio

n

Mon

itorin

g

Pro

visi

onin

g T

ool

Pro

tect

ion

Too

l

Mon

itorin

g T

ool

Product View Logical View

15

Dataset

Service Catalog• High-level Abstraction• Web Service APIs• Offers Storage Services

Workflow Automation

Ass

uran

ce

SLA

Too

l


Box-level Management

Service Level Management

Storage Automation & Analytics: “Language”


Service Catalog Model

I need three 800GB Oracle

instances at the Gold service

level

OrchestrationFramework

Service Catalog

Gold

Silver

Bronze

Protection policies

Provisioning policies

Resource poolChargeback

metrics

Change backup policy

for Gold service level

to every 4 hoursStorage/Backup

Admin

Application Admin

Reduce opex and capexIncrease agilityEliminate errors

StorageNetwork Server

Gold

17


Conclusion

Smart IT organizations and service providers will virtualize application stacks and run them on shared infrastructure to drive out cost and provide their customers the control they desire

These virtual silos will enable multiple tenants to run securely in a shared, service-based infrastructure

Unified architectures at each level in the stack minimize skill sets and processes (lowest cost) and improve architectural flexibility

Integrated security and data protection are foundational, to minimize risk

18


Dale WickizerChief Technology Officer,U. S. Public Sector, NetApp, [email protected]

No IT personnel were harmed in the making of this presentation.

Thank you!

improving security in the cloud by using virtual silos dale wickizer, cto, u. s. public sector nasa...

Documents

cloud itaas

internal cloud new

cloud illusions

talk slide

sufficient slide

outsourced cloud services

cloud delivery vehicles

virtual infrastructure