El CISO y los nuevos modelos de servicios de Nube

1.589 visualizaciones

Publicado el

La presentación realizada en el evento de seguridad en entidades financieras en 2014. Hotel NH Buenos Aires.

Publicado en: Tecnología
0 comentarios
1 recomendación
Estadísticas
Notas
  • Sé el primero en comentar

Sin descargas
Visualizaciones
Visualizaciones totales
1.589
En SlideShare
0
De insertados
0
Número de insertados
18
Acciones
Compartido
0
Descargas
0
Comentarios
0
Recomendaciones
1
Insertados 0
No insertados

No hay notas en la diapositiva.
  • Goal: Frame how System Center 2012 (and SP1) deliver unified management for the Cloud OS.

    Talking Points

    Let’s discuss the capabilities required to deliver on our promise of unified management:
    <click> First, you need a “simple” self-service experience to enable your App Owners to specify their requirements. For example, let’s suppose they want to provision a SharePoint service with the following specs:
    3 tier .NET architecture
    Has a set of configuration and deployment parameters to conform with (e.g. perf thresholds, scale out rules, update domains)
    Needs 99.95% availability SLA
    Adheres to compliance/security controls around SOX/HIPAA
    Need on-demand reporting on key availability metrics that track against SLA
    <click> Next, you need a way to understand the topology and architecture of the application service in question. An application deployed in on an abstracted, or cloud computing model is called a “service”. This would necessitate a “service model” that accurately binds the application’s architecture to the underlying resources where it will be hosted. The “service model” would be comprised of:
    Service definition information, deployed as “roles”. Roles are like DLLs, i.e. a collection of code with an entry point that runs in its own virtual machine
    Front end: e.g. load-balanced stateless web servers
    Middle worker tier: e.g. order processing, encoding
    Backend storage: e.g. SQL tables or files
    Service Configuration information
    Update domains
    Availability domains
    Scale out rules
    <click> You will need a set of process automation capabilities to break down this application provisioning request into the enterprise change requests that need to be implemented. This could include setting up the underlying infra and then a set of app configuration/release requests that need to be tracked (and ideally implemented with orchestrated automation)
    <click> Next you need a set of provisioning tools that actually configure and deploy the infra and application layers.
    <click> the underlying datacenter resources could be physical, virtual, private or public cloud as per the requirements dictated by the application’s service model
    <click> once the underlying infrastructure and application service are deployed, they would immediately need to be “discovered” and monitored for reporting and health tracking
    <click> There you see how the System Center 2012 components offer these life cycle management capabilities in combination to help you deliver on the Microsoft promise of unified Cloud OS management:
    App Controller would offer that self-service experience that allows your application owners manage their apps across on-premises, service provider and Windows Azure environments.
    Service Manager offers the standardized self-service catalog that defines “templates” for your applications and infrastructure.
    App Controller, Virtual Machine Manager, Service Manager and Operations Manager work together to maintain the service model through the application service life cycle
    Orchestrator and Service Manager offer orchestrated automation for the process workflows required to drive your provisioning and monitoring tools
    Virtual Machine Manager and Configuration manager can provision physical, virtual and cloud environments
    Operations Manager (AVIcode capabilities will be built into Operations Manager) monitors your application services end to end and offers deep app insight to help you deliver predictable SLA
    Your datacenter resources could be deployed anywhere from on-premises, service provider and Windows Azure
    However, to get to this agile self-service end-state, you will have to start with abstracting your infrastructure and allocating it appropriately so that your business units can deploy and manage their applications on top.

    Transition: So, how does System Center 2012 get you to this point where you can deliver unified management across cloud? These can really be categorized into three buckets:
    Application Management: Deploying and operating your business applications
    Service Delivery & Automation: Standardizing and automating service and resource provisioning, managing change and access controls, etc.
    Infrastructure management: Deploying and operating all the underlying infrastructure on which your business applications and services run.
  • Slide Objective:
    Explain availability sets

    Notes:
    Availability sets tell the Fabric Controller to place VMs in the same set on different racks for faults and in separate upgrade domains for updates.
    This essentially tells the FC not to take the guest OS down of all VMs in the same set for host updates.
  • Slide Objective:
    Explain that each tier of an application can be enabled with its own availability set which ensures at a physical hardware level in the data center that there is no single point of failure.
  • El CISO y los nuevos modelos de servicios de Nube

    1. 1. El CISO y los nuevos modelos de Servicios de Cloud Computing Daniel S. Levi Director de Servicios de Datacenter @danielslevi - dlevi@perceptiongrp.com
    2. 2. La nube no es lo que era…
    3. 3. disponibilidad ahorro de costos flexibilidad contexto
    4. 4. Fuente: Microsoft
    5. 5. El CIO en la era Cloud • Control de la experiencia de adopción. • No busca una plataforma ni herramienta sino una solución a una problemática. • Altamente informado. • Busca validaciones independientes o procesos de “assessment” previos. • Gran heterogeneidad en maduración de IT (como siempre)
    6. 6. La nube en boca de todos.
    7. 7. ¿Y la transición? (usted elije)
    8. 8. La nube en un slide (¡finalmente!) PersonalizableControl Elasticidad Basado en UsoAuto Servicio Recursos Compartidos …y si es privada:
    9. 9. Sus sabores.
    10. 10. Dependencia (vendor lock-in) Menor dependencia Mayor dependencia
    11. 11. La realidad es híbrida. Operación RRHH Finanzas Controlling CRM Producción Almacén
    12. 12. Escenarios típicos en la industria financiera en EEUU (ya llegará la ola… si no llegó aún) Fuente: Intel Securing the Cloud for Financial Institutions, 2013 Funciones administrativas (no críticas) Email corporativo (pequeñas firmas) Almacenamiento Nube Pública Nube Privada Personal (HR) Front-Office y Back-Office Aplicaciones internas LoB Nube Híbrida Con soporte SaaS Trading. Datos de Mercado Sin Nube Risk Management Aplicaciones propietarias (trading) Analytics en tiempo real Contabilidad de portafolios
    13. 13. ITaaS: Maduración de IT end-to-end Flexibilidad y Elasticidad Tecnologías heterogéneas: Hipervisores, Sistemas Operativos, Dispositivos (Tablets, Smartphones), SANs, swichtes, etc.
    14. 14. Avances en Cloud. Nuevas oportunidades = nuevos desafíos en seguridad. • BYOD (bueno, no tan nueva…) • Backup en la nube. • DRP en la nube. • Big Data en la nube. • HPC • Servicios Multimedia
    15. 15. El CISO presente en todas las etapas (quiera o no) Situación Actual • Oportunidades visibles • Oportunidades invisibles Modelo de Servicios • Maduración de Operaciones Horizonte • ¿Qué necesitamos implementar? Priorización • ¿En qué orden? + Seguridad + Seguridad + Seguridad + Seguridad
    16. 16. Seleccionando proveedores (tu checklist mínimo) • A través de PaaS, IaaS, SaaS • Automatización • Seguridad (SDLC, Equipo de incidentes) • Compliance (ISO27001, SOC1 y 2, PCI, DSS, HIPAA, FISMA/FedRAMP) • SSL, OpenSSL, TLS • APIs, Active Directory • Selección en la localización geográfica • Georreplicación • Conjuntos de disponibilidad
    17. 17. Disponibilidad en IaaS
    18. 18. Alta Disponibilidad End to End Redundancia en todos los niveles
    19. 19. Típicos proyectos de Nube más un plus Definición de la Estrategia Prueba de Concepto Proceso de Migración Ambiente de desarrollo “on the cloud” = ITaaS Monitoreo, deployment, service templates, autoservicio. Escenarios específicos Noticia para los responsables de seguridad: ¡tienen trabajo!
    20. 20. El CISO y los nuevos modelos de Servicios de Cloud Computing Daniel S. Levi Director de Servicios de Datacenter @danielslevi - dlevi@perceptiongrp.com

    ×