Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

How To Move Your Data Center To The Cloud - Chris Brenton of Dyn

1.065 visualizaciones

Publicado el

Dyn Director of Security Chris Brenton prepared these slides as part of a webinar on how to move your data center to the cloud.

Publicado en: Tecnología, Empresariales
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

How To Move Your Data Center To The Cloud - Chris Brenton of Dyn

  1. 1. How to Move Your Data Center To A Cloud Infrastructure January 22, 2014 Chris Brenton Director of Security
  2. 2. Your Presenter Chris Brenton - Director of Security @Chris_Brenton cbrenton@dyn.com Pg. 2 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  3. 3. What We’ll Cover • Background on industry trends • Strengths and weaknesses of each cloud service and deployment model • Security options Pg. 3 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  4. 4. New Era of Computing • Mainframe/mini = Generation 1 • PC client/server = Generation 2 • Hybrid cloud = Generation 3 – No single deployment model – Hit its stride in 2010 Pg. 4 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  5. 5. An Automotive Analogy • The 1960s: o Easy to work on o Extremely inefficient (poor power and mileage) Pg. 5 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  6. 6. An Automotive Analogy • The 1980’s: o Change fluids and that’s about it o 50% improvement in power and mileage Pg. 6 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  7. 7. An Automotive Analogy • The 2000s: o Outsource just about everything to specialists o 200%+ improvement in power and mileage Pg. 7 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  8. 8. Private or Public Cloud Infrastructure? • Private -- Do it all yourself o You maintain control and all responsibility o You need to staff accordingly o Greater flexibility Pg. 8 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  9. 9. Private or Public Cloud Infrastructure? • Public -- Outsource to specialists o Easier to focus on core product(s) o Less staffing concerns o Speed of scale Pg. 9 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  10. 10. Definitions: Tenant and Provider • Tenant o Entity consuming the resource(s) o This could be your customers o This could be other internal workgroups Pg. 10 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  11. 11. Definitions: Tenant and Provider • Provider o Entity managing the resource(s) o This could be your Operations group o This could be a 3rd party company Pg. 11 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  12. 12. Gen2 Computing Pg. 12 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  13. 13. Gen3 Computing Pg. 13 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  14. 14. Gen3 Computing SMB Pg. 14 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  15. 15. Déjà vu – Laptops As A Model • We’ve dealt with mobile workloads in the past Pg. 15 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  16. 16. Déjà vu – Laptops As A Model • We’ve dealt with mobile workloads in the past • Workstations used to only reside on desks Pg. 16 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  17. 17. Déjà vu – Laptops As A Model • We’ve dealt with mobile workloads in the past • Workstations used to only reside on desks • Laptops opened up the possibility of working from anywhere Pg. 17 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  18. 18. Déjà vu – Laptops As A Model • Security needed to change from being network based to host based Pg. 18 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  19. 19. Déjà vu – Laptops As A Model • Security needed to change from being network based to host based • Expect similar to occur with mobile workloads – Shared resources means host based technology must be reworked prior to use Pg. 19 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  20. 20. Cloud Models • Infrastructure as a Service (IaaS) o Provider supplies platform o Tenant loads OS and all apps Pg. 20 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  21. 21. Cloud Models • Platform as a Service (PaaS) o Provider supplies platform and stack o Tenant provides custom apps Pg. 21 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  22. 22. Cloud Models • Software as a Service (SaaS) o Provider supplies OS, stack and apps o Tenant hits the ground running Pg. 22 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  23. 23. Cloud Model Examples • IaaS o Amazon Web Services (AWS) o Rackspace Cloud Hosting Pg. 23 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  24. 24. Cloud Model Examples • IaaS o Amazon Web Services (AWS) o Rackspace Cloud Hosting • PaaS o Original Microsoft Azure o VMware Cloud Foundry Pg. 24 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  25. 25. Cloud Model Examples • SaaS o Dyn o Salesforce Pg. 25 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  26. 26. Deployment Model Tradeoffs • IaaS o Provider generates the lowest level environment o More work for tenant to deploy app o More tenant control to implement security Pg. 26 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  27. 27. Deployment Model Tradeoffs • SaaS o Nearly turnkey solution for app deployment o Least amount of tenant control and flexibility Pg. 27 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  28. 28. Deployment Model Tradeoffs • PaaS o Sits in the middle Pg. 28 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  29. 29. Delineation of Responsibility Pg. 29 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  30. 30. What Are My Security Options? Pg. 30 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  31. 31. Extending The LAN Into The Cloud Pg. 31 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  32. 32. LAN Extended Challenges • Increases load on corporate link o Today we’re mobile o Limits public cloud scaling • Increase load on perimeter infrastructure Pg. 32 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  33. 33. LAN Extended Challenges • Negates network benefits o Provider load balancing o Multi-peer points o Geo-location DNS o Higher latency • No protection within virtual infrastructure Pg. 33 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  34. 34. Virtual Appliance Management Pg. 34 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  35. 35. Virtual Appliance Architecture Pg. 35 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  36. 36. What About Introspection? • Hypervisor based security o Has visibility into all VMs Pg. 36 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  37. 37. What About Introspection? • Hypervisor based security o Has visibility into all VMs • Single point of management o For a specific hypervisor deployment Pg. 37 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  38. 38. What About Introspection? • Do you want other tenants to have access to your hypervisor? Pg. 38 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  39. 39. What About Introspection? • Do you want other tenants to have access to your hypervisor? • Do you want your provider to have nonauditable access to your VMs? o Can break segregation of duties Pg. 39 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  40. 40. Host-Based Architecture Consistent architecture (and risk abatement) regardless of deployment Pg. 40 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  41. 41. Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access Pg. 41 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  42. 42. Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access • Supported across all cloud infrastructures Pg. 42 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  43. 43. Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access • Supported across all cloud infrastructures • Consistent management across all cloud deployments Pg. 43 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  44. 44. Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access • Supported across all cloud infrastructures • Consistent management across all cloud deployments • Security is portable with the VM Pg. 44 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  45. 45. Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access • Supported across all cloud infrastructures • Consistent management across all cloud deployments • Security is portable with the VM • Mitigate potential risks from vswitch or VLANs Pg. 45 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  46. 46. Consistency is Key to Security • Customization is common in small business Pg. 46 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  47. 47. Consistency is Key to Security • Customization is common in small business • Focus is on getting the product to market – “We’ll worry about maintaining it later” Pg. 47 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  48. 48. Consistency is Key to Security • Enterprise needs to play “the long game” Pg. 48 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  49. 49. Consistency is Key to Security • Enterprise needs to play “the long game” • “Snowflakes” can be an inhibitor o Reduces available resources for innovation o Can easily stunt an organizations ability to scale Pg. 49 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  50. 50. One Off Server Deployment Pg. 50 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  51. 51. VM Cloning Pg. 51 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  52. 52. Clones Should All Have • Patches to the same level Pg. 52 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  53. 53. Clones Should All Have • Patches to the same level • Identical configuration settings Pg. 53 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  54. 54. Clones Should All Have • Patches to the same level • Identical configuration settings • Same system accounts Pg. 54 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  55. 55. Clones Should All Have • • • • Pg. 55 Patches to the same level Identical configuration settings Same system accounts The same processes running in memory How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  56. 56. Clones Should All Have • • • • • Pg. 56 Patches to the same level Identical configuration settings Same system accounts The same processes running in memory Usually no reason to logon – Update master and re-clone How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  57. 57. VM Clone Security = Spot The Difference Game Pg. 57 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  58. 58. Spot The Difference Has an additional listening port open Gold Master Pg. 58 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  59. 59. Spot The Difference 1 login successful on first try Gold Master Pg. 59 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  60. 60. Spot The Difference Missing 3 patches Missing 3 patches Gold Master Pg. 60 How to Move Your Data Center to a Cloud Infrastructure Missing 3 patches @chris_brenton
  61. 61. VM Clone Security • Can identify positive exceptions, not just negative ones o Successful login o Increased patch level Pg. 61 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  62. 62. VM Clone Security • Can simplify server security o No more one off auditing! o Far easier to ID variations that matter Pg. 62 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  63. 63. Questions? Chris Brenton - Director of Security @Chris_Brenton cbrenton@dyn.com Pg. 63 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton

×