savvis cloud
TRANSCRIPT
-
8/7/2019 SAVVIS CLOUD
1/37
Integrating Cloudinto Your IT Strategy
October 22, 2009 Webinar
Bryan DoerrChief Technology Officer
Ken OwensVice President, Security and
Virtualization Technology
-
8/7/2019 SAVVIS CLOUD
2/37
2Savvis Proprietary & Confidential
Guest Speakers
Bryan DoerrChief Technology OfficerSavvis
Ken OwensVice President
Security and Virtualization TechnologySavvis
-
8/7/2019 SAVVIS CLOUD
3/37
3Savvis Proprietary & Confidential
Webinar Agenda
Discerning Cloud Computings Relevance to the Enterprise Defining the Cloud and Moving Beyond the Hype
Distinguishing Among Cloud Models and Types
Clouds Fit with Enterprise IT Needs
Anatomy of an Infrastructure Cloud
Securing the Cloud
New Threats Introduced by Virtualization
Newer Benefits to Security
Security Design Considerations & Reference Architecture
How to Define SLA for Security
Savvis Cloud Capabilities & Early Use Cases
Q&A
-
8/7/2019 SAVVIS CLOUD
4/37
4
Discerning Cloud ComputingsRelevance to the Enterprise
Bryan DoerrChief Technology Officer, Savvis
-
8/7/2019 SAVVIS CLOUD
5/37
5Savvis Proprietary & Confidential
What is the Largest Barrierto Adoption of Cloud Services?
497 responses
Cost / benefit unclear (23.69%)
Unknown management headaches (21.89%)
Lack of security (17.07%)
Lack of reliability (6.03%)
No standard way to switch providers (6.43%)
Limited reference cases (6.02%)
Disruption to IT org chart/politics (4.22%)
Other (13.85%)
Source: Tech Target: Cloud Computing Readership Survey, 2009
-
8/7/2019 SAVVIS CLOUD
6/37
6Savvis Proprietary & Confidential
What Is Cloud Computing?Industry Analysts View
GartnerA style of computing
where massively
scalable IT-enabled
capabilities are
delivered 'as a service'
to external customers
using Internet
technologies.
Gartner, Cloud Computing:Defining and Describing anEmerging Phenomenon, June 2008
ForresterA pool of abstracted,
highly scalable, and
managed compute
infrastructure
capable of hosting
end-customer
applications and
billed by consumption.
Forrester, Is Cloud ComputingReady for the Enterprise?, March 2008
IDCAn emerging IT
development,
deployment and
delivery model,
enabling real-time
delivery of products,
services and solutions
over the Internet.
IDC, Defining Cloud Services andCloud Computing, Cloud ComputingBlog, September 23, 2008
-
8/7/2019 SAVVIS CLOUD
7/377Savvis Proprietary & Confidential
Cloud ComputingA New Purchasing Paradigm for Managed Services
Usage-based billing
Automatic delivery
Minimal/no commitment
Customer controlledservice provisioning/
modification/termination
Cloudcomputingis likeonline music
vs. CDs
A new wayto obtaindata centerservices
Cloudcomputingisnt like gridor client-
server
Not a newtechnology
-
8/7/2019 SAVVIS CLOUD
8/378Savvis Proprietary & Confidential
Cloud ComputingBeyond the Hype
Enhances managed servicesvalue proposition
Lowers cost of adoptingvirtualized solutions
Tailored to specific needsand more flexible tochange when using cloudservices
De-risks taking advantageof managed services valueproposition
Purchasing paradigmeliminates long-termobligations
The result is greater adoption of managed services,with potential for significant market growth
-
8/7/2019 SAVVIS CLOUD
9/379Savvis Proprietary & Confidential
Risk/Benefit ImprovementsReaching the Tipping Point
Today Decision to outsource often reduces
to preference-based
Benefits are real, but seen as riskyby some
Tomorrow
Decision will be obvious
Compelling benefit/substantiallyreduced perceived risk
To achieve this vision, service providers must workwith suppliers to design and integrate high-efficiency,
low-cost, and improved customer experience.
-
8/7/2019 SAVVIS CLOUD
10/3710Savvis Proprietary & Confidential
Acceptance of virtualization
Cloud ComputingWhy Now?
Moores Law across all significant resources:bandwidth, CPU, memory, storage
Maturity of client server architectures:building blocks of IT applications are well defined
Ability to deliver services on demand
-
8/7/2019 SAVVIS CLOUD
11/3711Savvis Proprietary & Confidential
Cloud ModelsIncreasing Automation and Flexibility
SaaSpay for seatsT
argeted
Applications
GeneralPurpose
Technologies
PaaSpay for transactions
IaaSpay for usage
ReducedChoice
Architectures
Hosted business applications, often replacinglicensed desktop software
Subscribe and Customize
(e.g., Vovici, Concur, NetSuite, Availity, SF.com)
Application execution environment that
abstracts infrastructure in exchange forruntime specificity
Subscribe and Develop
(e.g., AppEngine, Azure, Engine Yard)
Infrastructure deployment platform thatenables system-based procurement of datacenter resources
Granular capacity & billing
Specify and Deploy
(e.g., Savvis, Amazon, Rackspace, AT&T)
Infrastructure-as-a-Service
Platform-as-a-Service
Software-as-a-Service
-
8/7/2019 SAVVIS CLOUD
12/3712Savvis Proprietary & Confidential
Types of Clouds
Customer Data Center
Private Cloud Dedicated Cloudcustomer
Public Cloud
customer
customer
customer
-
8/7/2019 SAVVIS CLOUD
13/3713Savvis Proprietary & Confidential
HostedDedicated Clouds
Additional 15-40% TCO Savings(Workload Dependent)
Infrastructure-as-a-Service CloudsMulti-Tenancy Models And Cost Structure
CurrentCustomer
Costs
Opex
Cap
ex
Avoided Capex
Internal CloudPersonnel
Hardware MTC
Streamlined OpexPersonnel
Software MTC
Hardware MTC
Facilities & Power
Server Capex
Storage Capex
Software MTCFacilities & Power
Server CapexStorage Capex
DedicatedPrivate Cloud
Avoided Opex
Software MTC*
Avoided Capex
Avoided Opex
Software MTC*
PublicCloud
15-40% TCO Savings(Solution Dependent)
Internal Clouds Public Clouds
-
8/7/2019 SAVVIS CLOUD
14/3714Savvis Proprietary & Confidential
Cloud ComputingWhen Is It a Good Fit for the Enterprise?
Applications and processes have highly variable demand
Internal data center capacity limits are being reached
Hardware is at the end of its serviceable life
Speed of provisioning is constraining business execution
Your data center no longer offers a competitive advantageto the organization
No longer provides a differentiation
Competitors time to market surpasses yours
In-house application development
-
8/7/2019 SAVVIS CLOUD
15/3715Savvis Proprietary & Confidential
Anatomy of an Infrastructure Cloud
WAN1
2
3
4
5
89
11
12
Access
Network Delivery
Redirection
Security
Web Compute Tier
TierAvailabilitySLA
Data Access/Mobility
Data Protection
Storage (Latency)
Security
Security
App Compute Tier
dB Compute Tier
User ControlProvisioning
App Performance13
14
Support& Monitoring
6
10
7
-
8/7/2019 SAVVIS CLOUD
16/3716Savvis Proprietary & Confidential
Concerns About Cloud Security
IT Leaders(US)
Source: Independent research undertaken by Vanson Bourne in 2009, surveying 314 CIOs, CTOs, IT Directorsand heads of IT of global businesses based in the US, UK, and Singapore.
56%44%
Agree
Disagree
64%
36%
Cloud computing isnot yet secure enoughfor the Enterprise
IT Leaders(Global)
-
8/7/2019 SAVVIS CLOUD
17/3717
Securing the Cloud
Ken OwensVice PresidentSecurity and Virtualization Technology, Savvis
-
8/7/2019 SAVVIS CLOUD
18/3718Savvis Proprietary & Confidential
Be Careful Up There!Concerns About Cloud Computing Security Abound
The cloud is fraught with security risks InfoWorld
Analysts warn that the cloud is becoming particularly
attractive to cyber crooks. ComputerWeekly
Corporate use of cloud services slowed by concerns
about data security, reliability. ComputerWorld
Privacy, security issues darken cloud computing plans. IDG
"Cloud computing sounds so sweet and wonderful and safe...
we should just be aware of the terminology, if we go aroundfor a week calling it swamp computing, I think you might
have the right mindset. Ron Rivest, co-founder, RSA
It is a security nightmare and it can't be handledin traditional ways. John Chambers, CEO, Cisco
-
8/7/2019 SAVVIS CLOUD
19/3719Savvis Proprietary & Confidential
Security Tops Cloud Concerns
Source: IDC, 2009
-
8/7/2019 SAVVIS CLOUD
20/37
20Savvis Proprietary & Confidential
New Threats Introducedby Virtualization Layer
Virtual-machine escapes
Virtual-machine hopping
Virtual-server sprawl
One customer or department being able to gain access toanother customer or department
Moving a VM can render a once up-to-date VM unsecure
Network IDS/IPS not being able to inspect inter-VM traffic
Affects of moving a VM to a new network
-
8/7/2019 SAVVIS CLOUD
21/37
21Savvis Proprietary & Confidential
Newer Benefits to Security
Hypervisor controls physical resources underneath OS Extending hypervisor to allow 3rd party to control & secure:
Memory: read, write and execute
CPU: context switching, memory mapping, debugging
Network, Graphics, Disk
Security software living outside the OS away from the enemy
Securing VM image files:
Encryption, access control, offline AV scanning, patches
Extending v12n management infrastructure:
Extending virtual storage to support black and white listing
Extending virtual network switch for IPS capabilities
VMSafe:
Memory & CPU security
Network security
-
8/7/2019 SAVVIS CLOUD
22/37
22Savvis Proprietary & Confidential
VMsafe CPU/MemoryDedicated Security VM
Protection of memory and processor operations
-
8/7/2019 SAVVIS CLOUD
23/37
23Savvis Proprietary & Confidential
Expected Growth of VMsafe
Protection over all virtualized devices
-
8/7/2019 SAVVIS CLOUD
24/37
24Savvis Proprietary & Confidential
Challenges to VMsafe CPU/Memory
Performance (cross VM context switching)
Stability of guest OS due to triggers processing latency
Loss of guest OS context
-
8/7/2019 SAVVIS CLOUD
25/37
25Savvis Proprietary & Confidential
Virtual Applications Security
Example of basic challenges: AV/HIPS does not see virtual application file activities
Apps mobility allows malware to extend its reach
New opportunities for security:
Security deeply integrated into apps
Enforcing security policy aside from the OS
-
8/7/2019 SAVVIS CLOUD
26/37
26Savvis Proprietary & Confidential
Security Design Considerations
Integrated Cloud Security Cloud environments provide limited visibility to inter-VM traffic flows
Specific architecture and configuration decisions
Physical Segmentation
Integrated (VMsafe) Security
Cloud Burst Security
Security Policies
Baseline information
Compliance Concerns
Auditing events
VM Mobility
Defense in Depth
Continue to leverage proven security strategies
-
8/7/2019 SAVVIS CLOUD
27/37
27Savvis Proprietary & Confidential
Reference Architecture
-
8/7/2019 SAVVIS CLOUD
28/37
28Savvis Proprietary & Confidential
How to Define SLA for Security?
Security Policy SLAs Firewall Rule Auditing
Firewall Change Request implementation SLA
Firewall log availability SLA
Patch Level SLAs
Time to patch SLAs
Remediation SLAs
Threat Management SLAs Vulnerabilities against VM Asset Auditing
Threats detected and prevented SLAs
Availability SLAs
-
8/7/2019 SAVVIS CLOUD
29/37
29Savvis Proprietary & Confidential
DDo
SDetection/
Intrusion Detection Network IDS Host IDS Integrity Monitoring
Email Protection Anti-Virus Anti-Spam Content Filtering Image Filtering URL Filtering
Secure Access IP VPN Strong Authentication
Incident Management Incident Response
Perimeter Security Managed Firewall Multi-Tiered Firewall Mitigation Worm Detection / Prevention
Intrusion Detection Network IDS NIDS Care Host IDS Integrity Monitoring
Secure Access IP VPN Strong Authentication
Perimeter Security
Managed Firewall Firewall Care Multi-Tiered Firewall
Security Mgmt. Patch Management Reporting/Logging Vulnerability Scanning
Cloud & VirtualEnvironments
Threat & LogManagement Log Management Service Threat Management Service Vulnerability Scanning
DedicatedSecurity
CustomerData
Savvis Security Services Portfolio
-
8/7/2019 SAVVIS CLOUD
30/37
30
Savvis Cloud Capabilities& Early Use Cases
Savvis Cloud Compute & Project Spirit
-
8/7/2019 SAVVIS CLOUD
31/37
Savvis Proprietary & Confidential
Savvis Cloud Services Portfolio
Dedicated Cloud
Compute
Open Cloud
Compute Project Spirit
Summary Cloud Computing Cloud Computing Cloud Data Center
Management Service TiersFully Managed Fully Managed
& Pre-Production*Enterprise, Balanced& Essential
Virtual ServicesAvailable
ComputeApplicationsStorage
(Security & Network addressed onseparate Savvis platforms)
ComputeApplicationsStorage
(Security & Network addressed onseparate Savvis platforms)
ComputeApplicationsStorageNetworkSecurity
Billing Terms Monthly + 1/2/3yr Terms Monthly+ 1/2/3yr Terms Hourly & Monthly
ConnectivityHosting Area Network
(HAN)
Hosting Area Network
(HAN)
Application Transport
Network (ATN)
Geography Any Managed HAN IDCSelect Savvis InternetData Centers (IDCs)
Regional Virtual IDCs
Service Architecture Dedicated Multi-tenant Multi-tenant
Capacity Management Customer Savvis Savvis
InterfaceSecure Portal Secure Portal Secure Portal
XML API** Future
-
8/7/2019 SAVVIS CLOUD
32/37
32Savvis Proprietary & Confidential
Savvis Project Spirit
Multiple Service Grades with Scalable Capacity,Cost, Security, Support
Simple Drag-and-Drop Data Center Configuration
Enterprise-Grade Platform Technologies
Enhanced Cloud Security
Suitable for Development, Production andMission-Critical Applications
Industrys first enterprise-class VPDCwith multi-tiered QoS capabilities
-
8/7/2019 SAVVIS CLOUD
33/37
Savvis Proprietary & Confidential 33
Project Spirit User Experience
4-step VPDC creation process
Drag-and-drop designer
Set network effects andsecurity policies using GUI
Price review before deployment
Account spending limits
XML API coming soon
Seamless integration withSavvisStation Portal forexisting customers
Demo at www.savvis.com
http://www.savvis.com/http://www.savvis.com/ -
8/7/2019 SAVVIS CLOUD
34/37
34Savvis Proprietary & Confidential
The Savvis OfferingWhat Makes Us Different
Current popular cloudofferings
Of limited use due toperformance, security andSLA deficiencies
Service deficiencies leadto limited usageopportunities
Use of multiple providersleads to design and
operational complexity
Savvis offers Lower cost infrastructure for
applications with burstableutilization
Faster development cycles for
new applications
Best-in-class next-generationplatform
Integration with Savvis ATN
Aligned with Savvis overall IToutsourcing solution strategy
Savvis enables single-source simplicity with all service types
-
8/7/2019 SAVVIS CLOUD
35/37
35Savvis Proprietary & Confidential
Savvis Cloud OfferingsEarly Use Cases
1.Analytics Company (Data Analysis Workload) Burst compute to run large projects fast
2.Software Company (Web Serving Workload)
Capacity to flex Web site
3.Banking SaaS Company (Web Serving Workload)
Selected Savvis for security and enterpriseattributes
Granular growth with increased users
4.Unified Comms Company (Workgroup Workload)
Evaluating for conversion to a SaaS model
5.Financial Organization (App Dev Workload)
TimeC
omputeInstancesGranular growth
Burst
Data Analysis
Time
ComputeInstances
Runtime(000)
-
8/7/2019 SAVVIS CLOUD
36/37
36
Q&A
-
8/7/2019 SAVVIS CLOUD
37/37
For more information
www.savvis.net
Thank You.