1 1 © 20010 EMC Corporation. All rights reserved. Journey to the Private Cloud Key Enabling Technologies Jeffrey Nick Chief Technology Officer Senior Vice President EMC Corporation June 2010
Jan 12, 2016
111© 20010 EMC Corporation. All rights reserved.
Journey to the Private Cloud
Key Enabling Technologies
Jeffrey NickChief Technology OfficerSenior Vice PresidentEMC Corporation
June 2010
2© 20010 EMC Corporation. All rights reserved.
The current I/T state:
• Infrastructure sprawl• Information explosion• Identity access complexity• Increasing threats• Increasing regulation• Spiraling costs vs. reduced budgets
3© 20010 EMC Corporation. All rights reserved.
On-demand
Pay for Use
Seamless
Economies of Scale
Trusted
Controlled
Reliable
Secure
Desired State:
VirtualizedData Center
CloudComputing
External CloudInternal CloudInfrastructure
Information
Identity
4© 20010 EMC Corporation. All rights reserved.
Cloud Computing – Service Provider Priorities
Ensure Confidentiality, Integrity, and Availability in a Multi-Tenant environment.
Effectively meet the advertised SLA, while optimizing cloud resource utilization.
Offer Tenants capabilities for self-service, and achieve scale through automation and simplification.
5© 20010 EMC Corporation. All rights reserved.
Cloud Computing – Tenant Priorities
Reduce costs, while maintaining or improving SLA.
Maintain an appropriate level of Trust, Visibility, and Control for applications and/or services deployed to Cloud.
Meet all applicable Governance, Risk and Compliance requirements.
For example, organizations are required by law to demonstrate Business Continuity Compliance….
6© 20010 EMC Corporation. All rights reserved.
External Cloud
Virtualized Data Center
Internal Cloud
CloudComputing
PrivateCloud
Security
Information
Identity
Policy-based Management
Desired State: Private Cloud
Infrastructure
Virtualization
Private Cloud requires key enabling technologies Private Cloud requires key enabling technologies
Integration
Insulation
Seamless
Control
7© 20010 EMC Corporation. All rights reserved.
CPU Pool
Storage Pool
StoragePool
Oracle CRMSAP ERP
File/Print
Virtualization: Provides I/T LiquidityInsulates applications from physical infrastructure
Lower IT Costs– Better Utilization– Less Complexity
Quality of Service– Non-disruptive application migration– Fault tolerance– Container-based management
Exchange
Virtualization
Virtualization
Virtualization
Virtualization
Virtual Infrastructure
8© 20010 EMC Corporation. All rights reserved.
Today most security, resource management and information management is enforced by the OS and application stack
– OS / application-based security – Application specific management and visibility– Application centric information
All are complex, expensive and brittle, if not impossible to implement
As virtual container levels evolve, We can surpass the levels of management possible in today’s physical infrastructures
Virtual Containers create the opportunity to simplify and optimize IT management
by pushing security, information and resource management to the virtual container domains
Simplified, unified managementRegardless of OS (Windows/Unix), patch levels
Physical infrastructure
APP
OS
APP
OS
APP
OS
APP
OS
vApp and VM layer
Virtual and cloudinfrastructure
Virtual and cloudinfrastructure
9© 20010 EMC Corporation. All rights reserved.
VMware vShield Zones and RSA DLP: Building a Content-Aware Trusted Zone
OverviewVMware vShield Zones provides isolation between groups of VMs in the virtual infrastructure
RSA deploys Data Linkage Prevention (DLP) as a virtual application monitoring data traversing virtual networks
Uses centrally managed policies and enforcement controls to prevent data loss in the virtual datacenter
Customer Benefits
Pervasive protection
Persistent protection
Improved scalabilityPhysical Infrastructure
VMware VSphere
VMware vShield zones
DLP DLP DLP DLP
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
APP
OS
Virtual Infrastructure
10© 20010 EMC Corporation. All rights reserved.
Physical Infrastructure
Private Cloud Trusted Zones:Key Capabilities
Tenant #2
APP
OS
APP
OS
Virtual Infrastructure
Physical Infrastructure
Cloud Provider
APP
OS
APP
OS
Virtual Infrastructure
Tenant #1
Insulate information from cloud providers’ employees
Insulate information from other
tenants
Insulate infrastructure from Malware, Trojans
and cybercriminals
Segregate and control user
access
Control and isolate VM(s) in the virtual infrastructure
Federate identities with public clouds
Identity federation
Virtual network security
Access Mgmt
Cybercrime intelligence
Strong authentication
Data loss prevention
Encryption & key mgmt
Tokenization
Enable end to end view of security events and compliance across infrastructures
Security Info. & Event Mgmt GRC
Anti-malware
11© 20010 EMC Corporation. All rights reserved.
How can we flexibly share resources across the Private Cloud…
Across data center infrastructure boundaries
Across federated service provider boundaries
Flexible infrastructure across the Private Cloud
(Virtual) DataCenter
Organization A
Cloud Applications
VPN
Cloud Compute
Service
Provider
12© 20010 EMC Corporation. All rights reserved.
External Cloud
Virtualized Data Center
Internal Cloud
CloudComputing
PrivateCloud
Security
Information
Identity
Desired State: Private Cloud
Infrastructure
Virtualization
Private Cloud requires key enabling technologiesPrivate Cloud requires key enabling technologies
IntegrationSeamless
13© 20010 EMC Corporation. All rights reserved.
Distributed MirroringActive-Active Access A A
Aggregation of Storage devices Volume management
Remote ExportDiskless access to non-local storage
AA
Array Failure ProtectionLocal mirroring
Site ASite A Site BSite B
V-Plex MetroPlexV-Plex Cluster V-Plex Cluster
FC
Heterogeneous Geographically Distributed Storage Non Disruptive Data Mobility
Inter-array migrations
Storage Virtualization: introducing EMC vPlex
14© 20010 EMC Corporation. All rights reserved.
vPlex evolution
Data Center
Synchronous
Asynchronous
Anywhere
VPLEXVPLEXLocalLocal
VPLEXVPLEXMetroMetro
VPLEXVPLEXGeoGeo
VPLEXVPLEXGlobalGlobal
Access Anywhere
15© 20010 EMC Corporation. All rights reserved.
Network Virtualization:Seamless Layer 2 VLAN integration
Enable VM mobility without IP address changes or connection drops– Virtual Machines can escape IP address block “prisons”
Extend layer 2 VLANs over arbitrary network connectivity
Seamless add/ drop of edge nodes w/o need to reconfigure other edge notes
Core
IP A IP B
IP C
West East
South
16© 20010 EMC Corporation. All rights reserved.
Move virtual machines from one physical server to another - while running
Eliminate downtime and provide continuous service Shift underlying hardware resources dynamically Balance workloads across the data center to optimize computing resources
Vmware VMotion
17© 20010 EMC Corporation. All rights reserved.
Data Center Elasticity across physical boundaries
Standalone
Application
Application
Application
Application
Standalone Consolidation
Application
Application
Application
Application
Pools of Cooperation
Application
Application
ApplicationApplication
Pools of Cooperation
Federation
Consolidation
FAST
Application
Data
ApplicationData
Application
Data
ApplicationData
Enables privatecloud computing
18© 20010 EMC Corporation. All rights reserved.
But how can we deliver a business relevant SLA… with Customer-controlled app deployment, resource allocation and management
With visible compliance to both committed SLA and Regulatory controls???…
Across data center infrastructure boundaries
Across federated service provider boundaries
Service Management across the Private Cloud
(Virtual) DataCenter
Organization A
Cloud Applications
VPN
Cloud Compute
Service
Provider
19© 20010 EMC Corporation. All rights reserved.
External Cloud
Virtualized Data Center
Internal Cloud
CloudComputing
PrivateCloud
Security
Information
Identity
Desired State: Private Cloud
Infrastructure
Virtualization
Private Cloud requires key enabling technologiesPrivate Cloud requires key enabling technologies
Integration
Policy-based ManagementControl
20© 20010 EMC Corporation. All rights reserved.
A logical IT service provided as a collection of VMs– Application and any supporting infrastructure VMs (Virtual Appliances)– Network connections between these
Managed as a unit, not as independent components– One-click provision, power-on, snapshot, backup – The right view for managing & achieving SLAs
E-commercevApps
A New Model for Describing and Deploying ApplicationsVirtual Applications: vAPP
IISIIS OracleOracleTomcatApp Server
TomcatApp Server
21© 20010 EMC Corporation. All rights reserved.
Policy Travels with VMs and vApps
Open Virtual Framework (OVF) includes instructions for the infrastructure
Policy is described and attached to the Virtual Application
Policy-based management is maintained across VM deployments and Vmotions
PolicyName: eCommerce
1. Only port 80 is used2. 100 ms web response
3. VRM: Encrypt w/ SHA-14. DR RPO: 0 minutes
5. Continuity Compliance6. Scalable WebServer7. AppServer Security
22© 20010 EMC Corporation. All rights reserved.
Definition: Subscription to and usage of Cloud Services that are delivered over a virtual private network, where a private instance of the service is based on a common virtual infrastructure model, and wherein an integrated SLA with business relevant metrics is offered
Cloud Services – [Virtual] Private Clouds
(Virtual) DataCenter
Organization A
Cloud Applications
VPN
Cloud ComputeExtra CapacityService
Provider
The contract is with the virtual environment The contract is with the virtual environment
23© 20010 EMC Corporation. All rights reserved.
VM’s
Seamless Private Cloud Service Delivery
Backup
Primary Datacenter
Monitoring
Secondary Datacenter / Service ProviderSecondary Datacenter / Service Provider
Virtual Datacenter OSVirtual Datacenter OS
24© 20010 EMC Corporation. All rights reserved.
Data Protection-as-a-ServiceBusiness Continuity Compliance PoC
Data Protection
Advisor
Backup Clients
Replication
VirtualEnvironments
DeDupeVTL
Monitoring
Alerting
Troubleshooting
Optimization
Capacity Planning
Reporting
Customer A
Customer B
Customer C
Customers See Data Protection
Status And Cost
Service ProvidersOne Solution Across All Customers
For SLA Management
NASSAN
Business Apps
25© 20010 EMC Corporation. All rights reserved.
Monitoring and Managing Policy Compliance
25
Across virtual, physical, internal and external infrastructures
Tenant #2
APP
OS
APP
OS
Virtual Infrastructure
Physical Infrastructure
Cloud Provider
APP
OS
APP
OS
Virtual Infrastructure
Tenant #1
EMCDPA
VMwarevCenter
Virtual infrastructure management
GRC
Compliance Dashboard:End-to-end compliance
reporting
data recovery management for physical and virtual
infrastructures
BCC
End-to-end business continuity SLA
correlation / analysis
26© 20010 EMC Corporation. All rights reserved.
Management & Monitoring ElasticityFor the Virtual Private Cloud:
27© 20010 EMC Corporation. All rights reserved.
The Journey to Private Clouds
[Virtual] Private clouds will transform how we think about IT– As a service
The impact to businesses will be considerable– Exploit new economics with confidence
Clear and logical pathway– Preserving existing investment in applications, infrastructure and
information– Ensuring preservation of security, privacy, and control – Compliance to SLA and Regulatory policies