Turbo Training Hybrid Cloud

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15


Even voorstellen

Bart M. Veldhuis• (Certified) Cloud Architect – Weolcan

• Oprichter Cloud Architect Alliance

• Expert voor Computable topics: Cloud | Architectuur

@BartMVeldhuis

[email protected]

blog.weolcan.eu


Turbo Training Hybrid Cloud

Waarom

1

Wat

2

Hoe

3


HET WAAROM VAN DE HYBRID CLOUDDeel 1


Why Hybrid Cloud?

• Hybrid Cloud to shape IT-infrastructure based on:

– Customer demands;

– Market demands.

“Hybrid Cloud is the road to business agility” (Gartner)


Scenario 1Public cloud as failover platform

Private Cloud Public Cloud

Disaster Recovery


Scenario 2Handling peak loads


Peak loads


Scenario 3Planning for unexpected succes or failure


Success

Failure


Scenario 4Public cloud as an application test bed


Development, Test and Acceptance


WAT IS EEN HYBRID CLOUD?Deel 2


Hybrid cloud: definition

A hybrid cloud is a composition of two or more clouds (on-site private, on-site community, off-site private, off-site community or public) that remain as distinct entities, but are bound together by standardized or proprietary technology that enables data and application portability.

Source: NIST


Some more clouds

This is a hybrid cloud..

App

OS

App

OS

App

OS

A cloud Another cloud


What makes a Hybrid Cloud?

Mobility of data and applications

Single service catalog

Single security boundary

Single data model

Single orchestration layer

Capacity management & alerting


Hybrid cloud: what it’s not!

Mobility of data and applications

Single service catalog

Single security boundary

Single data model

Single orchestration layer

Capacity management & alerting

‘Just multiple clouds’


HOE BOUW JE EEN HYBRID CLOUD?Deel 3


7 stappen om Hybrid Cloud te realiseren

Get a lawyerClassify data &

applications

Select cloud service

provider (CSP)

Select cloud management

platform (CMP)

Connect with CSP & deploy

CMP

Deploy governance processes

Start moving apps

1 2 3 4 5 6 7


Stap 1: get a lawyer!


applications


provider (CSP)


platform (CMP)


CMP

Deploy all security, monitoring, auditing

& governance processes

Start moving apps

1 2 3 4 5 6 7


Stap 1: get a lawyer!

Met welke weten regelgeving moet rekening

gehouden worden?

Wat zijn de plichten m.b.t. het bewaren en archiveren

van data?

Mag data buiten de landsgrenzen opgeslagen

worden?




applications


provider (CSP)


platform (CMP)


CMP


Start moving apps

1 2 3 4 5 6 7


Stap 2: classify data

• Data is not a four letter word..

• Every type of data needs to beadressed differently!

Examples of

Data types

Personal

Classified

Sensitive

Derived

Proprietary

Encrypted


Stap 2: classify applications

Dat

abas

eC

RM

Ente

rpri

se S

ervi

ce B

us

(ESB

)

Mes

sagi

ng

HR

Fin

ance

IAM

E-m

ail

Legacy-applicatie

1

2

Ontvlechten van het applicatielandschap

Selecteer applicaties geschikt voor Hybrid Cloud




applications


provider (CSP)


platform (CMP)


CMP


Start moving apps

1 2 3 4 5 6 7


Stap 3: select Cloud Service Provider (CSP)

‘Different workloadsrequire different clouds’

Kies de provider die past bij de huidige technologie

stack!

Contractmogelijkheden: pay-per-use, details, etc.

On-premises Public CloudMicrosoft MicrosoftVMWare VMWare



• Onafhankelijk onderzoek naar de volwassenheid van de SLAs van 12 IaaS providers die diensten aanbieden in Nederland.

• 70 objectieve meetpunten;

• Juridische expertise;

• Cloud expertise.



• 99,95% Uptime = 21,91 min. downtime (per maand), maar:

Uptime =Total PossibleAvailable Time

- (Downtime Allowable Downtime)-out of CSP’s allow

downtime for ScheduledMaintenance.

Total minutes in a certainperiode of time, usuallyequal to billing period.

10 12

out of CSP’s allowsdowntime for UnscheduledMaintenance.

1 12

out of CSP’s allowan X-amount of minutes downtimebefore the SLA kicks in.

6 12



• Periode: Oktober 2015.

• Service: Rackspace.

Carve-outs:

• Downtime begint pas te tellen vanaf 30 minuten.

• Zowel gepland als ongepland onderhoud zijn ‘Allowable Downtime’.

In werkelijkheid, vanuit het klantperspectief, zijn er geen carve-outs voor beschikbaarheid:

Uptime = Total Possible Available Time –Downtime.

Situatieschets Rackspace’ SLA Realiteit

Outages (3x)

15 minuten

34 minuten

5 minuten

Onderhoud

Gepland: 8 uur

Ongepland: 2 uur

Uptime (promised)

Max. 43,83 min. downtime

99,90%

Downtime Outages (3x)

0 minuten (pas vanaf 30 minuten)



Downtime Onderhoud

0 minuten (allowed)

0 minuten (allowed)

Uptime

Slechts 4 minuten downtime

99,99%

Downtime Outages (3x)

15 minuten

34 minuten

5 minuten

Downtime Onderhoud

480 minuten

120 minuten

Uptime

654 minuten downtime

98,51%



• Amazon AWS:

Unavailable means when all of your running instances (in a certain availability zone) have no external connectivity.




applications


provider (CSP)


platform (CMP)


CMP


Start moving apps

1 2 3 4 5 6 7


Stap 4: select Cloud Management Platform

• Waarom een Cloud Management Platform?

– Single pane-of-glass management

– Single Service Catalog

– Single data model

• Voorbeelden van CMP’s:




applications


provider (CSP)


platform (CMP)


CMP


Start moving apps

1 2 3 4 5 6 7


Stap 5: connect with CSP and deploy CMP

• Verbinding maken met CSP (fysiek of virtueel).

• CMP koppelen (soms zo eenvoudig als de API key invoeren).

VPNApp

OS

Private Cloud

On-premises

App

OS

App

OS

App

OS

App

OS

Public Cloud

Off-premises

App

OS

App

OS

App

OS

APIAPI

CMP




applications


provider (CSP)


platform (CMP)


CMP


Start moving apps

1 2 3 4 5 6 7


Stap 6: deploy governance processes


Stap 6: deploy governance processes

Cloud Governance Tools

• Auditing & compliancy

– SPLUNK - logfile analysis.

– VMware:

• vRealize Operations (Configuration and Compliance Management).

• vRealize Air Compliance - compliancy checker.

– Gravitant – Cloud broker & multi-cloud governance.

• Back-up: Zerto, Veeam.

• Monitoring: CopperEgg.

• Configuration Management: SaltStack, Puppet, Chef.


Stap 6: deploy all processes

• Governance means knowing:

Security Resiliency Spend

Which cloud accounts the organization uses (IAM).

If the cloud is being backed-up. How much is being spend on cloud.

How secure is the data. If the application is properly designed for load balancing.

And by which business units.

Whether company processes are being followed.

If disaster recovery is implemented.

On which applications.


Cloud governance: measuresCloud != on-premises but the same measurements need to be taken!

• Lock down the administrator accounts just as you would with the AD-Administrator or root accounts.

• Implement proper Identity & Access Management with SSO and trusts.

• Implement log monitoring & analysis for the cloud infra (SIEM).

• Implement (and test) DR for all cloud apps.Tip: Consider the cloud

environment as a remote facility with a stretched

security boundary

1

2

3

4




applications


provider (CSP)


platform (CMP)


CMP


Start moving apps

1 2 3 4 5 6 7


Stap 6: start moving apps

Some more clouds

App

OS

App

OS

App

OS

A cloud Another cloud


STATE OF THE ART HYBRID CLOUD DESIGN

Deel 4


App

OS

Private Cloud

On-premises

App

OS

App

OS

App

OS

API

Monitoring

Status: ok

CMP

Global Load Balancer

App

OS

Public Cloud

Off-premises

App

OS

App

OS

App

OS

Default

API

Hybrid Cloud bij piekbelasting


Monitoring

Status: okOff-premises

API

App

OS

Private Cloud

On-premises

App

OS

App

OS

App

OS

CMP

DefaultBurst out!

App

OS

Public Cloud

App

OS

App

OS

App

OS

App

OS

App

OS

API

Global Load Balancer

Status: X

Hybrid Cloud bij piekbelasting

Hoe bouw je een Hybride Cloud?

Meer weten?

Turbo Training Hybrid Cloud

Education