vmworld 2013: automating it configuration and compliance management for your cloud
DESCRIPTION
VMworld 2013 Becky Smith, VMware Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshareTRANSCRIPT
Automating IT Configuration and Compliance
Management for Your Cloud
Becky Smith, VMware
VCM4838
#VCM4838
2 2
Agenda
Introduction to vCenter Operations Suite
vSphere Configuration and Compliance challenges
in the Cloud
Addressing these challenges with vCenter
Configuration Manager (vCM):
• Integrated Virtual and Cloud Infrastructure
• Comprehensive Operating System
• Automated Operations
3 3
VMware Cloud Management
Multiplatform Hybrid Multi-provider
Broker
of IT Services
VMware simplifies and automates IT management
and empowers IT to govern services
across multiple platforms and providers
CIO
Turn management into manageability through
intelligent, policy-based automation
The VMware
Approach
4 4
VMware Cloud Management – Key Solution Areas
Automate the delivery of infrastructure, applications and
desktops as a service across multiple clouds
and platforms.
Cloud Operations
Manage the health, risk, efficiency and compliance of your infrastructure and
applications.
Cloud Business
Govern and manage cloud services as a critical element of running IT like a
business.
Intelligent operations
Policy-based
automation
Unified management
Financial
transparency
Industry norms
Prescriptive guidance
Automate everywhere
Policy-based control
and governance
Choice and flexibility
5 5
Cloud Operations – vCenter Operations Management Suite
• Prebuilt and configurable operations dashboards
provide real-time insight into infra. behavior
• Self-learning performance analytics and dynamic
thresholds enable early problem detection
• Policy-based config mgmt ensures continuous
compliance
• Capacity management optimizes resource usage
• Application discovery, monitoring and dependency
mapping enable enterprise-wide visibility
Benefits
Overview Right Now Future Focused
vCenter Operations Management Suite
Sources: *Forrester, “The Total Economic Impact of VMware vCenter Operations Management Suite” Dec 2012;
**Management Insights Customer Survey, September 2012
Integrated performance, capacity and
configuration management
• Higher quality of service, fewer incidents and less
downtime of infra and app services
• 67% IT productivity gain from simplified
performance, incident & change mgmt tasks*
• 30% reduction in server CapEx from rightsizing
and reclaiming over-provisioned capacity*
• 60% increase in VMs managed by a single VI
admin**
6 6
Cloud Operations Management Value
36% reduction in application downtime
26% reduction in diagnostics and problem resolution time
40% improvement in VMware capacity utilization
37% improvement in consolidation ratios
30% increase in hardware savings
60% increase in administrator productivity
50% total IT cost savings in combination with vSphere
Source: Management Insights Customer Survey, September 2012
7 7
vCenter Operations Management Suite
Integrated Management Disciplines
VMware’s Approach to Cloud Operations Management
Automated Operations Management for Cloud Infrastructure
Cloud Operations Console
Performance
Patented Analytics
Capacity
App visibility Reporting Logs Inventory Automation
Extensibility
Cost APIs
SDKs
3rd Party
adapters
Content
Packs
Compliance Config
8 8
Customer Configuration and Compliance Concerns
We have fully embraced cloud but ensuring compliance with PCI, HIPAA, and a raft of security best practices consumes massive amounts of my teams time.
We lack visibility into our cloud and the increased velocity of change has made our change management process extremely challenging.
Ensuring that all our systems - including running VMs, offline VMs and VM Templates - are all properly patched is source of ongoing pain for my staff.
9 9
Cross-cloud Compliance Governance
Govern, automate and enforce compliance in the cloud:
For each cloud: create separate groups, configure compliance templates, collect
data for every managed system and remediate compliance breaches.
Configure separate
compliance templates
for each cloud
Track compliance
results for each cloud
11 11
Configuration Management – Across Virtual Infrastructure
Configurations for the entire
virtual infrastructure
• Across Multiple vCenters &
vCloud Directors
1,000’s of Settings and
Configurations collected for:
• vCenter
• vSphere Hosts & Guests
• Virtual Network & Storage
• vCloud Director
• vShield
Fix settings across multiple
vCenters & ESX(i) servers
at once
12 12
Configuration Management – Simplified Visualization
vSphere Host Summary Dashboard
• Provides overall vSphere Hosts Configuration Summary
State of the
Hosts
Makeup of the
Environment
Host
Compliance
Posture
Drill
in for
Details
VI Admin: “What is the status of my HOSTS in my environment? Is it what I expect?”
13 13
Configuration Management – Simplified Visualization
vSphere Guest Summary Dashboard
• Provides overall VM Configuration/Status Summary across vCenters
Accurate OS
Counts
VM Tool
Status
VM
Compliance
Posture
Drill
in for
Details
VI Admin: “How do I see visibility of at a glance guest configurations to find variants?”
14 14
Create Internal IT Best Practice Standards
vCM Compliance Management • Build compliance rules that meet your internal standards
• Across multiple vCenters and vCDs
VI & vCD Admins: “How can I be made aware of unwanted change? Drive MY Best Practices”
Create simple rules Rule Groups
span your IT
Best Practices
Severity
15 15
Virtual Environment Compliance Posture
Virtual Compliance Dashboard • Assess compliance status across vSphere & vCD environments
• vCenters, Clusters, Hosts, Datastores, VMs, vCD Orgs, vDCs & vApps
Latest
Compliance
Results
VI & vCD Admins + Security Teams: “Is my Virtual Infrastructure compliant?”
View Results
in VI context • Data Centers
• Clusters
• vCD Orgs
• vShield
Security
Groups
16 16
Out of the Box Standards Compliance
Center for Policy and
Compliance
Out of the Box Templates
• Use as is
• Leverage to start your Internal
Standards
• Use in Conjunction with your
Internal Standards
VI & vCD Admins + Security Teams: “How can quickly I meet industry standards and guidelines?”
Compliant VI
vSphere Hardening
Guides vCM Best Practices
DISA ESX
PCI DSS 2.0 for
vSphere/ESX
ISO 27002 - vSphere
Basel III - vSphere
CIS for ESX
FISMA ESX
GLBA ESX
HIPAA ESX
SOX ESX
View Hardening Guidelines
18 18
Configuration Management – Across Operating Systems
Configurations for the OS
• Across Virtual and Physical Servers
and Desktops
10,000’s of Settings and
Configurations collected for:
19 19
Capture Changes
Assess Report
Remediate
Continuous Compliance of OS (Virtual and Physical)
Build & deploy compliant VMs from catalog
Assign more policies as needed
• Specific for the role of the VM/app in the consumer’s business
• PCI, SOX, HIPAA, ISO, etc.
Continuous automated compliance
• Internal configuration standards
• Industry: PCI DSS, NERC/FERC
• Regulatory: SOX, HIPAA, GLBA, FISMA, DISA, ISO
• Vendor hardening guides
Ongoing patch management guards against known attacks
• Assess (Win, Linux, MAC, UNIX)
• Deploy
Dashboards provide “At-a-Glance” posture
HIPAA
20 20
Compliance Analysis and Remediation with vCM
View available
compliance
templates
Select PCI
compliance
analysis
results
Pinpoint what
systems failed
what checks
Fix
compliance
violations
21 21
Manage OS Patching Across the Enterprise
Monitor and plan
patching from a
single location Report on patch-level
status across the
enterprise
Select systems
and patches to
deploy
22 22
Out of the Box Standards Compliance
Center for Policy and
Compliance
Out of the Box Templates
• Use as is
• Leverage to start your Internal
Standards
• Use in Conjunction with your
Internal Standards
Configuration Snapshots
and Comparisons
• Save configuration of a “gold”
system for comparison of
similar systems
Sys Admins + Security Teams: “How can quickly I meet industry standards and guidelines?”
Compliant OS
Vendor Security Guides
DISA Win, Linux & UNIX
PCI DSS - Win, Linux
& UNIX
ISO 27001-2 - Win, Linux
& UNIX
Basel III - Win, Linux
& UNIX
CIS -
Win, Linux & UNIX
CobIT – Win, Linux
& UNIX FISMA -
Win, Linux & UNIX
GLBA - Win, Linux
& UNIX
HIPAA - Win, Linux
& UNIX
NERC CIP - Win,
Linux & UNIX
SOX - Win, Linux
& UNIX
BSI – Win, Linux
& UNIX
FFIEC – Win, Linux
& UNIX
24 24
Performance Troubleshooting with Correlated Change Events
Overview
• Integration of vCenter
Configuration Manager and
vCenter Operations Manager
• Correlate in-guest change
events with performance and
health
• Launch vCM in context to
remediate configuration
changes
Benefits
• Enable Operations to quickly
understand and remediate
performance issues arising
from configuration changes
Correlate
changes with
health scores Drill down and
remediate in
VCM
25 25
Compliance Visibility in Operations
Overview
• Roll up Hardening and
Compliance Status into
Risk Score
• Launch vCM in context
to remediate out of
Compliance systems
Benefits
• Enable Operations to
standardize on system
configurations and
quickly know when they
change
Drill into vCM for
details and to fix
violations
Compliance Score
as part of
Operational Risk
26 26
vCenter Orchestrator Workflows to Automate Complex Operations
Overview
• Integration of vCenter
Configuration Manager and
vCenter Orchestrator
• Call vCM APIs to manage
VMs and Templates from
vCO to orchestrate across
processes
Benefits
• Enables automated
configuration management
of vCenter VM Templates,
Online and Offline VMs
vCM
vCO REST Plugin
APIs
vCO Workflows
Check Compliance
and Enforce
Snapshot and
Deploy Patches
28 28
A Variety of Personas can Benefit from VCM
Infrastructure Admins
• Templatize configuration settings for vSphere Hosts and vCenters. Replicate settings
from POC to Production.
• Consolidate configuration and execute large scale change operations across multiple
vCenters and Hosts
• Use compliance to ensure internal and external standards for vSphere systems
Sys Admins
• Patch and Standardize VMs or Physical Machines
• Detect changes and drift from standard configuration
• Troubleshoot operation issues caused by mis-configurations
• Use compliance to ensure standards for VMs and Physical Machines
Security Admins
• Define Hardening and Regulatory compliance (HIPAA, PCI, etc) for VMs, vSphere and
Physical Machines
• Report on compliance status and recommend remediation for non-compliance
29 29
VCM supports Private, Public and Hybrid Cloud Models
Benefits
• vSphere change
management and compliance
assurance for both
Consumer and Provider
• Ability to leverage the cloud
for compliant sensitive work
loads
• Ability to manage guests
across Clouds
• Guest compliance
• Patching
• Change management
vSphere
DMZ
HIPAA
Private Cloud Public Cloud
vSphere
Consumer
Provider
VMware
Compliance visibility
across owned
infrastructure and
all guests
Compliance visibility across
owned infrastructure
30 30
vCenter Operations Management Suite
Integrated Management Disciplines
VMware’s Approach to Cloud Operations Management
Automated Operations Management for Cloud Infrastructure
Cloud Operations Console
Performance
Patented Analytics
Capacity
App visibility Reporting Logs Inventory Automation
Extensibility
Cost APIs
SDKs
3rd Party
adapters
Content
Packs
Compliance Config
33 33
Other VMware Activities Related to This Session
HOL:
HOL-SDC-1315 vCloud Suite Use Cases - Control & Compliance
Group Discussions:
VCM1002-GD, VCM1004-GD
Cloud Operations with Hicham Mourad or Sam McBride
Automating IT Configuration and Compliance
Management for Your Cloud
Becky Smith, VMware
VCM4838
#VCM4838