Delivering Policy & Trust to the Hybrid Cloud June 10, 2015 Derek Collison Founder and CEO, Apcera
Delivering Policy & Trust to the Hybrid Cloud
Aug 16, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Delivering Policy & Trust to the Hybrid Cloud
June 10, 2015
Derek Collison Founder and CEO, Apcera
What is Policy?
A JOKE Really In today’s increasingly complex world
A Tale of “4” Worlds
• Non-Existant
• Manual and Disconnected
• Semi-Automated, with Loose or No Enforcement
• Security Focused Only - The world on NO!
What should it look like?
What it should look like• Systemic - Complete - Pervasive
• Enforceable
• Changeable - Adaptable - Pluggable
• Understandable - Approachable
• Auditable
Why do we need it?
Risk
Governance Compliance
Risk
Governance Compliance?
We need TRUST!
Do you Trust?
• Your systems?
• Your processes?
• Your people?
They trusted me!
They trusted me! WHY??
- Do you Trust?
• Your systems? YES!
• Your processes? YES!
• Your people? Uh.. NO.. (But we don’t care)
Why Now?
Three Things
Three Things Three major things!
MicroServices
DevOps Hybrid Cloud
Increasing COMPLEXITY!
Complexity
Dawn of MicroServices
Complexity - Dawn of MicroServices
• Want to build faster? Build LESS!
• Services will WIN the Hybrid CLOUD!
• Systems will NEVER be simpler than TODAY!
Things Will Never Be Simpler Than Today
+
Data: Always growing and changing (44X in 2020 from 2014 level)
API’s: We are living in the “API Economy” — constantly growing, constantly evolving
Services: Always growing and adding new capabilities
+
24
Policy in the Hybrid Cloud
Hybrid Cloud
Private Cloud
Public Cloud
Year of Hybrid
Delivering Policy and Trust for the Hybrid Cloud
27
Connecting all clouds, with a single,
policy-driven system
Let’s go under the Hood
This could be complex
• RBAC vs ABAC vs ACL/DAC
• XACML vs Datalog
• PCI, SOX, HIPPA, ISO 27001, FISMA
KISS Principle
Keep it Simple
I like Simple
Let’s start
• What are we describing?
• What do we want to control?
System Datamodel
Simplified System Datamodel
• Packages (bag of bits)
• Jobs -> Instances
• Links -> Channels
Basic Policy Realms
Simplified System Datamodel
• Packages (bag of bits) • What’s allowed? How do we find vulnerabilities?
• Jobs -> Instances • CPU, Memory, Disk, Network?, Placement
• Links -> Channels • Access, QoS, SLAs
What Else?
Also Needed• Additional Realms
• Identity, Authorization, Audit, etc • Policy itself - the system turing test
• Simple Policy Language
• Namespaces
Example
Architecture
Bi-Directional Graph
Secure Message Bus
Distributed Policy Evaluation & Enforcement
What really Matters?
Service Access Change Mgmt
Service Access Example
APCERA CONFIDENTIAL
49
Service Access in a Hybrid World
Private Cloud
RDS
APCERA CONFIDENTIAL
50
Service Access in a Hybrid World
Private Cloud
HTTP
RDS
APCERA CONFIDENTIAL
52
Service Access in a Hybrid World
Private Cloud
HTTP
RDS
APCERA CONFIDENTIAL
53
Service Access in a Hybrid World
Private Cloud
HTTP
RDS
State of the Policy World
The Policy World Today• People and Paper based
• BMC, CA, IBM • Legacy
• OpenStack Congress • OpenStack centric in a Hybrid World
Summary
A single, policy-driven, system — a connective fabric — that sits above all clouds, private and public
Purpose built for the Hybrid Cloud
Reduces complexity and invites change, all while enabling enterprise-wide governance and maximum
agility
“System of Trust”
The Right Approach to Policy
Thank You!
Questions?
Related Documents
