Gitex journey to the cloud
•
1 recomendación•765 vistas
The challenges of moving to cloud computing are many... The following presents some insights on how to address these challenges in a pragmatic way.
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Destacado (20)
Similar a Gitex journey to the cloud
Similar a Gitex journey to the cloud (20)
Más de Jorge Sebastiao
Más de Jorge Sebastiao (20)
Último
Último (20)
Gitex journey to the cloud
- 1. Datamatix Gitex Conference 2011 Journey to the cloud Dusit Thani Hotel, Dubai, UAE October 10th, 2011
- 2. Agenda Business challenges Organization & Cloud Computing Elements of Cloud Computing Cloud Architectures Value of the Cloud EMC Speednet Q&A
- 3. Business Problem Source: VMware Fortune 100 Customers Cause • Overwhelming complexity • Reliance on brittle infrastructure Effect • >70% of IT budgets just “maintaining” status quo • <30% of IT budgets goes to innovation and competitive advantage Where IT Energy Is Spent 42% Infrastructure Maintenance 30% Application Maintenance 23% Application Investment 5% Infrastructure Investment Business Agility Depends on IT Agility
- 4. Business Problem 1. Cost 2. Scalability 3. Flexibility 4. Availability 5. Portability 6. Collaboration 7. Enable new stuff…
- 8. Benefits in the Cloud? Speed Cost Source: IDC eXchange, "IT Cloud Services User Survey, pt. 2: Top Benefits & Challenges," (http://blogs.idc.com/ie/?p=210), October 2, 2008
- 9. Issues with the Cloud QoS Fit Security Source: IDC eXchange, "IT Cloud Services User Survey, pt. 2: Top Benefits & Challenges," (http://blogs.idc.com/ie/?p=210), October 2, 2008
- 10. Evolution Mainframe PC / Client- Server Web Cloud Computing Managed Services Cloud Computing & Managed Services Are transforming the delivery of ICT
- 11. Comparison Traditional Computing Dedicated Traditional hardware procurement New services added manually Manual repair of system failure Months Incremental CapEx purchases Shared Self service Scale on-demand Automated recovery due to integration / interoperable Minutes Pay per use Consumption Ease of Use Scalability Availability Provisioning Cost Cloud Computing
- 12. Next Gen DC
- 14. Gartner Predicts by 2012, 20% percent of businesses will have no ownership of IT assets
- 15. Gartner View
- 18. Standards Definition Source: NIST Definition of Cloud Computing v15 Cloud computing is enabling model… 3 Service Models 4 Deployment Models 5 Essential Characteristics
- 19. SaaS, PaaS and IaaS Applications delivered as a service to end-users over the Internet Infrastructure as a Service Platform as a Service Software as a Service App development & deployment platform delivered as a service Server, storage and network hardware and associated software delivered as a service
- 20. Public Clouds & Private Clouds I N T E R N E T Public Clouds IaaS PaaS SaaSI N T R A N E T Private Cloud Users Public Clouds: • Lower upfront costs • Economies of scale • Simpler to manage • OpEx Private Cloud: • Lower total costs • Greater control over security, compliance & quality of service • Easier integration • CapEx & OpEx Both offer: • High efficiency • High availability • Elastic capacity • Used by multiple tenants on a shared basis • Exclusively used by a single organization IaaS PaaS SaaS
- 21. Types of Clouds Private (On-Premise) Infrastructure (as a Service) Platform (as a Service) Storage Server HW Networking Servers Databases Virtualization Runtimes Applications Security & Integration Storage Server HW Networking Servers Databases Virtualization Runtimes Applications Security & Integration Storage Server HW Networking Servers Databases Virtualization Runtimes Applications Security & Integration Youmanage Managedbyvendor Managedbyvendor Youmanage Youmanage
- 22. Cloud Control
- 23. Cloud Elements Automation of provisioning events Self management via portal / control panel Utility / Elastic Computing Multi-tenancy Virtualisation
- 24. Portal Monitoring Applications Reporting / Billing Provisioning Engine Resources Cloud Interface
- 25. Cloud Computing is Different
- 26. Technology & Solutions Operations Strateg y You FOCUS on STRATEGY
- 27. Increased Value
- 28. Shift from CapEx to OpEx Traditional IT Cloud Computing Cloud Computing Economics
- 29. Value to CFO • Capital Expenditure Minimized • Predictable gross marginCapex/Opex • Financial risk increases only as business value is proven • Full costs only realized on success Managed Risk • No capital assets on balance sheet • No need to depreciate assets • No risk of capital write downs Off Balance Sheet
- 30. Value to CEO • No call on equity capital • No call on debt capital Capital Preservation • No trip to the Boardroom for approval • ‘Fail Fast’ doesn’t cost the earth Calculable Risk • Reduce headcount on non-core functions • No need to run a data center Strategic Focus
- 31. Cloud Issues Issue #1: Bandwidth Issue #2: Integration Issue #3: Long term viability of service (rapid change) Issue #4: Sovereignty Issue #5: Data recovery Issue #6: Standards
- 32. Ownership and Control Ownership Control Internal Resources All cloud resources owned by or dedicated to enterprise External Resources All cloud resources owned by providers; used by many customers Private Cloud Cloud definition/ governance controlled by enterprise Public Cloud Cloud definition/ governance controlled by provider
- 33. Hybrid Cloud Ownership Control Internal Resources All cloud resources owned by or dedicated to enterprise External Resources All cloud resources owned by providers; used by many customers Private Cloud Cloud definition/ governance controlled by enterprise Public Cloud Cloud definition/ governance controlled by provider Hybrid Cloud Interoperability and portability among Public and/or Private Cloud systems
- 35. Fix the Mesh, Spaghetti 1. Architect 2. Decouple 3. Virtualized 4. Utility 5. Security
- 36. Many Apps Flunk Security Check Before Move to the Cloud
- 37. Security
- 38. EMC Global Coverage Connectivity
- 39. Cloud with Zero Latency
- 40. EMC Zero Latency Network Architecture EMC Proprietary Information
- 41. Cloud Browser & Green Technology
- 42. Speed & Efficiency are key Type of Link by Latency Time to Open and View a 20 Mb corporate document Mbps SpeedNet “Zero Latency” EMC Satellite 3 Seconds 100 50 Msec “In Country” terrestrial Non 105 Seconds 1.5 100 - 180 Msec “Inter Country” terrestrial 126 Seconds 1.5 200 - 380 Msec “Inter Continental” 165 Seconds 1.5 850 - 1200 Msec “TDMA Overbooked” 256 Seconds 1.5
- 43. EMC Fast Ethernet Connectivity Service + EMC SpeedNet Browser = Security Fastest Internet Experience Available Today!!! Cloud delivers Security + Speed…
- 44. Questions
Notas del editor
- Please try to add some graphics
- CEOs and the technologists who work for them like to say the applications they rely on— especially the kind custom-written by specialists at banks and investment companies with fortunes behind them—are safe as houses.And they are, if you're talking about houses in Louisiana when the Gulf starts lashing hurricanes and tarballs.Almost 60 percent of all the applications brought to security testing and risk-analysis companyVeracode during the past 18 months couldn't meet the minimum standards for acceptable security, even when the criteria were dialed down to accommodate applications that don't pose a great security risk, according to Samskriti King, vice president of product marketing at the company. Web-based apps carry their own special set of risks."There are far more people on Web projects because they're often easier to develop; many components are already available so you can stand up Web applications very easily," King says. "Developer education usually focuses on applications generated and used in one place, but Web applications could touch many places, so a vulnerability in one component could manifest in many places if it's reused."Unfortunately, developers trained with software that's generated and used in one location with a single set of servers often don't understand the precautions needed for Web applications that take code, data, and elements of the interface from many servers, she says.[ For more background on securing Web-based apps, see 5 Problems with SaaS Security . ]The typical number of security flaws, especially in legacy or other homegrown software, must be taken into account by cloud-computer service providers, says Thomas Kilbin, CEO of cloud and hosted-server provider Virtacore Systems. After all, he says, customers who want on-demand compute capacity don't want to rewrite all their applications just to run in an environment designed to save money and add convenience."Our customers are taking apps they had running in their back office and moving them to private clouds for the most part," Kilbin says. "They are not developing any apps geared towards only working in a cloud IaaS/SaaS model. We secure these apps via a number of methods, traditional firewalls, app specific firewalls from Zeus, etc."Keeping Web-based apps secure can be particularly tough for smaller IT teams."The cloud model is more threat-rich than the shared hosting model, mainly because in shared hosting the core OS and apps—php, perl, mysql—are kept updated by the service provider," Kilbin says. "In the cloud, the customer has to keep the core OS updated, along with the application stacks, in addition to their code."Most customers don't have the expertise or the time to do so, Kilbin says.Some 2,922 applications were examined by Veracode in the past 18 months, with the results detailed in the company's recently released State of Software Security Report: The Intractable Problem of Insecure Software.Some of the applications sent to Veracode for testing come from ISVs or corporate programmers in the last stages of development. Another big chunk comes from developers who have to present certifications or risk analyses before closing a deal with government agencies or heavily regulated industries.Old App Flaws Revealed Before Web MovesIncreasingly, however, Veracode is testing software that clients have used for a long time or are very confident in, but are now migrating to a cloud or Web-based service environment. The requests often come from corporate IT executives who turn out to be wrong in believing that their secure, homegrown applications are either homegrown or secure, especially when they're moved into multi-site environments for the first time.Both commercial and open-source applications failed Veracode's tests more often than homegrown—at 65 percent and 58 percent respectively. Homegrown applications failed 54 percent of the time, Veracode reports.Software written by outsourcing firms missed the mark an astonishing 93 percent of the time, Veracode says.Even applications being used by banks and financial service companies failed 56 percent of the time on initial submission, though the criteria are tougher for those applications, because problems in those apps would create more havoc than, say, in an internally developed server-monitoring application, King says.Internal developers shouldn't be comparatively complacent, however, King says. Though internal apps are generally assumed to be made of 70 percent homegrown code, reuse of code, objects and procedures is so common that between 30 percent and 70 percent of the code in homegrown applications actually came from commercial software.Internal developers are also unaccountably unaware of the most common exploits likely to be used against Web-fronting applications, resulting in an 80 percent failure rate for Web applications, which are tested against the list of 10 most-common security threats published and publicized by the the Open Web Application Security Project (OWASP), King says."At that point it just comes down to developer education," King says.Cross-site scripting is the most common security flaw in all the types of software Veracode tests, but is most noticeable in Web- and cloud-based software, King says.But the time it takes to fix problems and get an application to an acceptable level of security has dropped drastically from 30 to 80 days a year or two ago to only 16 days now, mainly because developers of all stripes are putting greater emphasis on security, software quality, and shortening their time to market, King says.There aren't any shortcuts, but Veracode does have some suggestions for IT teams to counter the most consistent app security problems:1. Design apps assuming they'll link cross-site; secure those links and the processes that launch them.Cross-site scripting (XSS) accounts for 51 percent of all vulnerabilities, according to Veracode. Apps written in .net have an abnormally high number of XSS issues because many .net controls don't automatically encrypt data before sending or storing it. Check and encrypt all points of output. Inadequate or absent encryption in non-.net applications also created problems, but are easy to fix once the source of in-the-clear data broadcasts are identified.2. Focus your efforts on the greatest source of vulnerabilities.You can assume software from any provider is likely to have vulnerabilities, but put extra Q/A and security analysis effort into code from outsourced programming services, ISVs and components from either of those that find their way into homegrown applications.3. Verify security of the application itself in a cloud or SaaS environment.Whether the customer or the service provider supplies the application, check it for flaws or vulnerabilities in a realistic cloud/SaaS/shared-resource environment, not just in a workgroup on a LAN. Security in the cloud platforms is still evolving, and the skills to write secure code for them is not widespread. Stick extra red flags on this part of your project plan.4. Location is irrelevant. New criteria are impact, impact, impact.A printer-management application with a flaw that allows hackers to draft a LaserJet into a bot army can cause headaches. An accounting, customer-data-management or cashflow-automation app with a backdoor can put you out of business. Use Level of Risk as a multiplier to determine how important a particular app is to evaluate, and how much time or money you should spend getting it fixed.5. Don't ignore the basics.The 10 most common attacks on Web applications are listed here by OWASP. The 25 most significant security errors that appear in applications are listed here. They're easy to read and come with extra help to fix or avoid errors already known by everyone who might want to hack your systems.