improving security in the cloud by using virtual silos dale wickizer, cto, u. s. public sector nasa...
TRANSCRIPT
Improving Security in the Cloud by Using Virtual Silos
Dale Wickizer,CTO, U. S. Public Sector
NASA IT Summit 2010National Harbor, MDAugust 16-18, 2010
© 2010 NetApp. All rights reserved. 3
Maintaining a Proper Perspective
Server Virtualization
Network Virtualization
Storage Virtualization
© 2010 NetApp. All rights reserved.
Federal IT Being Asked to Transform
FY2012 Budget Guidance– Project Management
Identify and re-scope high-risk projects
– IT Infrastructure Execute FY2010 data center consolidation
plansAdopt cloud computing if best value at
acceptable risk
– Cyber Security Fund tools for continuous monitoring of
agency IT systems
4
Vivek Kundra, U.S. CIO, http://cio.gov/pages.cfm/page/closing-the-it-gap
© 2010 NetApp. All rights reserved. 5
Cloud Computing? What Is It?
“Cloud” Generally, “IT as a service”
Cloud Computing A business model for delivering IT as a Service
Cloud Services The deliverable: “what you get”
IaaS PaaS SaaS StaaS
ITaaS
“It’s cloud illusions I recall. I really don’t know clouds at all.” --Joni Mitchell
SL
A’s
© 2010 NetApp. All rights reserved. 6
Cloud Delivery Vehicles
IT as a Service (ITaaS)
PU
BLI
CP
RIV
AT
E
Public Clouds Non-IT
Examples: Facebook, iTunes
Public Clouds Traditional IT
Examples: Yahoo! email (SaaS)Google Apps (SaaS)
Private External Customers only
Private Internal Employees only
Examples: Terremark (IaaS)
Examples: USPTO TeleworksNASA Nebula
General access Internet delivery Low security Low SLAs Cheap or free
Limited access Internet/Intranet delivery Security & firewalls Enterprise SLAs High value
Low
SL
A
Hig
h S
LA
HY
BR
ID
Focus of this Talk
© 2010 NetApp. All rights reserved. 777
Internal Cloud
New IT Organization Is The Service Broker
Internal Users
CitizensOther
Agencies
External Cloud
Lower TCO– Acquisition cost
– Operating cost
– Simplify staff skill sets
Faster Time to Market– Provision faster
– New services faster
Lower Business Risk– Consistent Backup/DR
IT Services and SLAs
IT Requirements/ Policies
Benefits Efficient Predictable (cost wise) Elastic and Scalable Always “ON” Dynamic
Business/Mission Requirements
Provider Services / SLAs
The New IT OrganizationShared Virtual Infrastructure
© 2010 NetApp. All rights reserved.
Looking At Clouds From Both Sides
Service Consumers Expect Data security and privacy Self-service Always on Instant delivery Capacity elasticity Pay as you go
Federal IT Must Provide Secure multi-tenancy Integrated data protection Service automation and management Data mobility Storage efficiency
Applications
Servers
Network
Storage M
an
age
me
nt
Service Consumers
8
© 2010 NetApp. All rights reserved.
Path to Cloud (ITaaS)
9
Co
st
Red
uc
tio
n &
Fle
xib
ility
Time
IT as a Service
IT as a Service
Virtualize &Consolidate
Centralize IT, Policy & Management
StandardizeOffering
AutomateSelf-serviceSelf-ManagingChargeback
Assess Tasks Ahead; Determine ROI
Where Does Your Journey Begin?
Virtualization Is Necessary,But Not Sufficient
© 2010 NetApp. All rights reserved.
OutsourcedCloud Services
UnifiedCombined
HighHigh
MinutesLowestStrongStrong
Internal Multi-Tenant
Shared Virtual Infrastructure
UnifiedCombined
HighHigh
MinutesLow
StrongStrong
Zones ofVirtualization on Shared Storage
SeparateSeparate
HighLow
HoursMediumBetterBetter
10
From Physical to Virtual Silos
P Storage
P Servers
Apps
Network
App & Org Silos
Virtualized + Multi-tenant & Automated
VMs
V Storage
IT GovIT BudgetsServer UtilStorage UtilProvisioningCostsSLAsSecurity
SeparateSeparate
LowLow
Days/WksVery High
PoorInconsistent
+ Mobile
© 2010 NetApp. All rights reserved.
Secure Multi-Tenancy
12
Reference architecture and deployment guides at http://ImagineVirtuallyAnything.com
© 2010 NetApp. All rights reserved.
Transforming Federal Data Centers
© SAP 2009 /
SAP Manage
d Services / Page
13
Traditional Data Center Transformed Data Center
User
DepartmentalAdministrator
manual
ticket
manual
Ordering System
manual
Level 1 Support
manual
IP Adr. Sheet
SISMCMDB
DatacenterInfrastructure
ticket
VMM1
Userself-service
automated
CMDB &Billing
Ordering System“Service Broker”
Orchestration Layer“Service Delivery”
DatacenterInfrastructure
Systems call APIE2E automated
Automate service-levels
Analyze & Ensure
Cost EffectiveService
SystemOperations
At Scale
From 1100* To ?? (A Lot Fewer)*The Ones We Know About
© 2010 NetApp. All rights reserved. 14
The Layers of Virtualization
API
Po
licy-
ba
sed
Man
ag
emen
t
Network Virtualization
Server Virtualization
API
API
Various 3rd Part Storage Arrays
NAS – SAN - FCoE
Storage Virtualization
© 2010 NetApp. All rights reserved.
Data Center Automation
Service Catalog
Services
Storage Architect
Orchestration ToolOrchestration Tool
Self ServicePortal
Self ServicePortal
Subscriber
Pro
visi
onin
g
Dat
a P
rote
ctio
n
Mon
itorin
g
Pro
visi
onin
g T
ool
Pro
tect
ion
Too
l
Mon
itorin
g T
ool
Product View Logical View
15
Dataset
Service Catalog• High-level Abstraction• Web Service APIs• Offers Storage Services
Workflow Automation
Ass
uran
ce
SLA
Too
l
© 2010 NetApp. All rights reserved. 16
Box-level Management
Service Level Management
Storage Automation & Analytics: “Language”
© 2010 NetApp. All rights reserved.
Service Catalog Model
I need three 800GB Oracle
instances at the Gold service
level
OrchestrationFramework
Service Catalog
Gold
Silver
Bronze
Protection policies
Provisioning policies
Resource poolChargeback
metrics
Change backup policy
for Gold service level
to every 4 hoursStorage/Backup
Admin
Application Admin
Reduce opex and capexIncrease agilityEliminate errors
StorageNetwork Server
Gold
17
© 2010 NetApp. All rights reserved.
Conclusion
Smart IT organizations and service providers will virtualize application stacks and run them on shared infrastructure to drive out cost and provide their customers the control they desire
These virtual silos will enable multiple tenants to run securely in a shared, service-based infrastructure
Unified architectures at each level in the stack minimize skill sets and processes (lowest cost) and improve architectural flexibility
Integrated security and data protection are foundational, to minimize risk
18
© 2010 NetApp. All rights reserved. 19
Dale WickizerChief Technology Officer,U. S. Public Sector, NetApp, [email protected]
No IT personnel were harmed in the making of this presentation.
Thank you!