savvis cloud

8/7/2019 SAVVIS CLOUD

1/37

Integrating Cloudinto Your IT Strategy

October 22, 2009 Webinar

Bryan DoerrChief Technology Officer

Ken OwensVice President, Security and

Virtualization Technology


2/37

2Savvis Proprietary & Confidential

Guest Speakers

Bryan DoerrChief Technology OfficerSavvis

Ken OwensVice President

Security and Virtualization TechnologySavvis


3/37


Webinar Agenda

Discerning Cloud Computings Relevance to the Enterprise Defining the Cloud and Moving Beyond the Hype

Distinguishing Among Cloud Models and Types

Clouds Fit with Enterprise IT Needs

Anatomy of an Infrastructure Cloud

Securing the Cloud

New Threats Introduced by Virtualization

Newer Benefits to Security

Security Design Considerations & Reference Architecture

How to Define SLA for Security

Savvis Cloud Capabilities & Early Use Cases

Q&A


4/37

4

Discerning Cloud ComputingsRelevance to the Enterprise

Bryan DoerrChief Technology Officer, Savvis


5/37


What is the Largest Barrierto Adoption of Cloud Services?

497 responses

Cost / benefit unclear (23.69%)

Unknown management headaches (21.89%)

Lack of security (17.07%)

Lack of reliability (6.03%)

No standard way to switch providers (6.43%)

Limited reference cases (6.02%)

Disruption to IT org chart/politics (4.22%)

Other (13.85%)

Source: Tech Target: Cloud Computing Readership Survey, 2009


6/37


What Is Cloud Computing?Industry Analysts View

GartnerA style of computing

where massively

scalable IT-enabled

capabilities are

delivered 'as a service'

to external customers

using Internet

technologies.

Gartner, Cloud Computing:Defining and Describing anEmerging Phenomenon, June 2008

ForresterA pool of abstracted,

highly scalable, and

managed compute

infrastructure

capable of hosting

end-customer

applications and

billed by consumption.

Forrester, Is Cloud ComputingReady for the Enterprise?, March 2008

IDCAn emerging IT

development,

deployment and

delivery model,

enabling real-time

delivery of products,

services and solutions

over the Internet.

IDC, Defining Cloud Services andCloud Computing, Cloud ComputingBlog, September 23, 2008


7/377Savvis Proprietary & Confidential

Cloud ComputingA New Purchasing Paradigm for Managed Services

Usage-based billing

Automatic delivery

Minimal/no commitment

Customer controlledservice provisioning/

modification/termination

Cloudcomputingis likeonline music

vs. CDs

A new wayto obtaindata centerservices

Cloudcomputingisnt like gridor client-

server

Not a newtechnology



Cloud ComputingBeyond the Hype

Enhances managed servicesvalue proposition

Lowers cost of adoptingvirtualized solutions

Tailored to specific needsand more flexible tochange when using cloudservices

De-risks taking advantageof managed services valueproposition

Purchasing paradigmeliminates long-termobligations

The result is greater adoption of managed services,with potential for significant market growth



Risk/Benefit ImprovementsReaching the Tipping Point

Today Decision to outsource often reduces

to preference-based

Benefits are real, but seen as riskyby some

Tomorrow

Decision will be obvious

Compelling benefit/substantiallyreduced perceived risk

To achieve this vision, service providers must workwith suppliers to design and integrate high-efficiency,

low-cost, and improved customer experience.



Acceptance of virtualization

Cloud ComputingWhy Now?

Moores Law across all significant resources:bandwidth, CPU, memory, storage

Maturity of client server architectures:building blocks of IT applications are well defined

Ability to deliver services on demand



Cloud ModelsIncreasing Automation and Flexibility

SaaSpay for seatsT

argeted

Applications

GeneralPurpose

Technologies

PaaSpay for transactions

IaaSpay for usage

ReducedChoice

Architectures

Hosted business applications, often replacinglicensed desktop software

Subscribe and Customize

(e.g., Vovici, Concur, NetSuite, Availity, SF.com)

Application execution environment that

abstracts infrastructure in exchange forruntime specificity

Subscribe and Develop

(e.g., AppEngine, Azure, Engine Yard)

Infrastructure deployment platform thatenables system-based procurement of datacenter resources

Granular capacity & billing

Specify and Deploy

(e.g., Savvis, Amazon, Rackspace, AT&T)

Infrastructure-as-a-Service

Platform-as-a-Service

Software-as-a-Service



Types of Clouds

Customer Data Center

Private Cloud Dedicated Cloudcustomer

Public Cloud

customer

customer

customer



HostedDedicated Clouds

Additional 15-40% TCO Savings(Workload Dependent)

Infrastructure-as-a-Service CloudsMulti-Tenancy Models And Cost Structure

CurrentCustomer

Costs

Opex

Cap

ex

Avoided Capex

Internal CloudPersonnel

Hardware MTC

Streamlined OpexPersonnel

Software MTC

Hardware MTC

Facilities & Power

Server Capex

Storage Capex

Software MTCFacilities & Power

Server CapexStorage Capex

DedicatedPrivate Cloud

Avoided Opex

Software MTC*

Avoided Capex

Avoided Opex

Software MTC*

PublicCloud

15-40% TCO Savings(Solution Dependent)

Internal Clouds Public Clouds



Cloud ComputingWhen Is It a Good Fit for the Enterprise?

Applications and processes have highly variable demand

Internal data center capacity limits are being reached

Hardware is at the end of its serviceable life

Speed of provisioning is constraining business execution

Your data center no longer offers a competitive advantageto the organization

No longer provides a differentiation

Competitors time to market surpasses yours

In-house application development



Anatomy of an Infrastructure Cloud

WAN1

2

3

4

5

89

11

12

Access

Network Delivery

Redirection

Security

Web Compute Tier

TierAvailabilitySLA

Data Access/Mobility

Data Protection

Storage (Latency)

Security

Security

App Compute Tier

dB Compute Tier

User ControlProvisioning

App Performance13

14

Support& Monitoring

6

10

7



Concerns About Cloud Security

IT Leaders(US)

Source: Independent research undertaken by Vanson Bourne in 2009, surveying 314 CIOs, CTOs, IT Directorsand heads of IT of global businesses based in the US, UK, and Singapore.

56%44%

Agree

Disagree

64%

36%

Cloud computing isnot yet secure enoughfor the Enterprise

IT Leaders(Global)


17/3717

Securing the Cloud

Ken OwensVice PresidentSecurity and Virtualization Technology, Savvis



Be Careful Up There!Concerns About Cloud Computing Security Abound

The cloud is fraught with security risks InfoWorld

Analysts warn that the cloud is becoming particularly

attractive to cyber crooks. ComputerWeekly

Corporate use of cloud services slowed by concerns

about data security, reliability. ComputerWorld

Privacy, security issues darken cloud computing plans. IDG

"Cloud computing sounds so sweet and wonderful and safe...

we should just be aware of the terminology, if we go aroundfor a week calling it swamp computing, I think you might

have the right mindset. Ron Rivest, co-founder, RSA

It is a security nightmare and it can't be handledin traditional ways. John Chambers, CEO, Cisco



Security Tops Cloud Concerns

Source: IDC, 2009


20/37


New Threats Introducedby Virtualization Layer

Virtual-machine escapes

Virtual-machine hopping

Virtual-server sprawl

One customer or department being able to gain access toanother customer or department

Moving a VM can render a once up-to-date VM unsecure

Network IDS/IPS not being able to inspect inter-VM traffic

Affects of moving a VM to a new network


21/37


Newer Benefits to Security

Hypervisor controls physical resources underneath OS Extending hypervisor to allow 3rd party to control & secure:

Memory: read, write and execute

CPU: context switching, memory mapping, debugging

Network, Graphics, Disk

Security software living outside the OS away from the enemy

Securing VM image files:

Encryption, access control, offline AV scanning, patches

Extending v12n management infrastructure:

Extending virtual storage to support black and white listing

Extending virtual network switch for IPS capabilities

VMSafe:

Memory & CPU security

Network security


22/37


VMsafe CPU/MemoryDedicated Security VM

Protection of memory and processor operations


23/37


Expected Growth of VMsafe

Protection over all virtualized devices


24/37


Challenges to VMsafe CPU/Memory

Performance (cross VM context switching)

Stability of guest OS due to triggers processing latency

Loss of guest OS context


25/37


Virtual Applications Security

Example of basic challenges: AV/HIPS does not see virtual application file activities

Apps mobility allows malware to extend its reach

New opportunities for security:

Security deeply integrated into apps

Enforcing security policy aside from the OS


26/37


Security Design Considerations

Integrated Cloud Security Cloud environments provide limited visibility to inter-VM traffic flows

Specific architecture and configuration decisions

Physical Segmentation

Integrated (VMsafe) Security

Cloud Burst Security

Security Policies

Baseline information

Compliance Concerns

Auditing events

VM Mobility

Defense in Depth

Continue to leverage proven security strategies


27/37


Reference Architecture


28/37


How to Define SLA for Security?

Security Policy SLAs Firewall Rule Auditing

Firewall Change Request implementation SLA

Firewall log availability SLA

Patch Level SLAs

Time to patch SLAs

Remediation SLAs

Threat Management SLAs Vulnerabilities against VM Asset Auditing

Threats detected and prevented SLAs

Availability SLAs


29/37


DDo

SDetection/

Intrusion Detection Network IDS Host IDS Integrity Monitoring

Email Protection Anti-Virus Anti-Spam Content Filtering Image Filtering URL Filtering

Secure Access IP VPN Strong Authentication

Incident Management Incident Response

Perimeter Security Managed Firewall Multi-Tiered Firewall Mitigation Worm Detection / Prevention

Intrusion Detection Network IDS NIDS Care Host IDS Integrity Monitoring

Secure Access IP VPN Strong Authentication

Perimeter Security

Managed Firewall Firewall Care Multi-Tiered Firewall

Security Mgmt. Patch Management Reporting/Logging Vulnerability Scanning

Cloud & VirtualEnvironments

Threat & LogManagement Log Management Service Threat Management Service Vulnerability Scanning

DedicatedSecurity

CustomerData

Savvis Security Services Portfolio


30/37

30

Savvis Cloud Capabilities& Early Use Cases

Savvis Cloud Compute & Project Spirit


31/37

Savvis Proprietary & Confidential

Savvis Cloud Services Portfolio

Dedicated Cloud

Compute

Open Cloud

Compute Project Spirit

Summary Cloud Computing Cloud Computing Cloud Data Center

Management Service TiersFully Managed Fully Managed

& Pre-Production*Enterprise, Balanced& Essential

Virtual ServicesAvailable

ComputeApplicationsStorage

(Security & Network addressed onseparate Savvis platforms)

ComputeApplicationsStorage

(Security & Network addressed onseparate Savvis platforms)

ComputeApplicationsStorageNetworkSecurity

Billing Terms Monthly + 1/2/3yr Terms Monthly+ 1/2/3yr Terms Hourly & Monthly

ConnectivityHosting Area Network

(HAN)

Hosting Area Network

(HAN)

Application Transport

Network (ATN)

Geography Any Managed HAN IDCSelect Savvis InternetData Centers (IDCs)

Regional Virtual IDCs

Service Architecture Dedicated Multi-tenant Multi-tenant

Capacity Management Customer Savvis Savvis

InterfaceSecure Portal Secure Portal Secure Portal

XML API** Future


32/37


Savvis Project Spirit

Multiple Service Grades with Scalable Capacity,Cost, Security, Support

Simple Drag-and-Drop Data Center Configuration

Enterprise-Grade Platform Technologies

Enhanced Cloud Security

Suitable for Development, Production andMission-Critical Applications

Industrys first enterprise-class VPDCwith multi-tiered QoS capabilities


33/37

Savvis Proprietary & Confidential 33

Project Spirit User Experience

4-step VPDC creation process

Drag-and-drop designer

Set network effects andsecurity policies using GUI

Price review before deployment

Account spending limits

XML API coming soon

Seamless integration withSavvisStation Portal forexisting customers

Demo at www.savvis.com
http://www.savvis.com/http://www.savvis.com/


34/37


The Savvis OfferingWhat Makes Us Different

Current popular cloudofferings

Of limited use due toperformance, security andSLA deficiencies

Service deficiencies leadto limited usageopportunities

Use of multiple providersleads to design and

operational complexity

Savvis offers Lower cost infrastructure for

applications with burstableutilization

Faster development cycles for

new applications

Best-in-class next-generationplatform

Integration with Savvis ATN

Aligned with Savvis overall IToutsourcing solution strategy

Savvis enables single-source simplicity with all service types


35/37


Savvis Cloud OfferingsEarly Use Cases

1.Analytics Company (Data Analysis Workload) Burst compute to run large projects fast

2.Software Company (Web Serving Workload)

Capacity to flex Web site

3.Banking SaaS Company (Web Serving Workload)

Selected Savvis for security and enterpriseattributes

Granular growth with increased users

4.Unified Comms Company (Workgroup Workload)

Evaluating for conversion to a SaaS model

5.Financial Organization (App Dev Workload)

TimeC

omputeInstancesGranular growth

Burst

Data Analysis

Time

ComputeInstances

Runtime(000)


36/37

36

Q&A


37/37

For more information

www.savvis.net

Thank You.

savvis cloud

Documents