Managing a Public Cloudg g
Chuck Tsocanos
1
perspectives on public cloud
infrastructure/DC managermaintain server farm and leverage remote services with similar confidence and
developersaccess to resources to develop and test new applications
end userssecure and reliable access to information f d i to improve ROI, security,
performance, availability, etc.
new applicationsfrom any device
ProvidersEnterprises
bus. application manager
Mid-marketConsumers
bus. application managersupport and guarantee the end user experience while adhering to business rules i.e. compliance
operations/support managermanage increasing complexity of a
2
g g p ymulti-domain environment; while providing IT support, flexibility and scalability
management challenges in a public cloud
core capabilitiesshared/multi-tenant infrastructureservice catalog/portal
Services description Virtual Data Center
Application Logic3
4
service catalog/portalsecured and extensible architectureusage metering & billing
what we need to do?Provision/install/configure
Operating Environment
Middleware Platform
1
2
3
Provision/install/configureProcess dataStore dataSecure perimeter and networkMonitor/operate/support
Hardware
Virtual Machine/Container1
Monitor/operate/supportwhat we must manage?
servers & operating systemsmiddleware platformsbusiness applications and databases
Hosting
Datacenter - Network
Orange Managementbusiness applications and databasescross domain SLAsbusiness data (privacy, confidentiality, ownership)regulatory compliance accountability
Orange ManagementCustomer managment
1 Hardware and fabric management
2 OS Management
3 Middleware management
4 Application management
3
regulatory compliance, accountability
frameworks, methods, and approachesWHAT
TO IMPROVE?
WHERE TOCONTROL
RISK?
HOW TO DEVELOP?
ITIL
HOWTO IMPROVE? HOW TO
ARCHITECT?
SIXSIGMA COBITCMMI
TOGAFFISMA HIPAA
4
Business/ RegulatoryContext
HIPAA SOXPCI SAS 70
developing a service catalog for the cloud
=Process Partners Technology++ ServiceService
Service AService A
•• Automated ProvisioningAutomated Provisioning
•• Business System Business System MonitoringMonitoring
Service BService B
MonitoringMonitoring
•• Workload ManagementWorkload Management
•• Usage MeteringUsage Metering
Ch b k/BilliCh b k/BilliService CService C
•• Chargeback/BillingChargeback/Billing
•• Data ManagementData Management
•• Security ServicesSecurity ServicesService DService D
Partners
Technology
•• Connectivity Connectivity
•• Helpdesk & Operational Helpdesk & Operational Support Support
ServiceService
5
•• Business ContinuityBusiness ContinuityServiceServiceCatalogCatalog
managing across multiple domains – the integration challengechallenge
characteristics :– Control Points - multiple points of monitoring and control
E ti lti l ti f t d t k ti– Execution - multiple tiers of support and task execution– Communication – vertical and horizontal flow of information across and
within domains
6
another example of a high level infrastructure management designmanagement design
CloudCloud
CloudVPN HUB
Internet C t A VLANService Desk VLAN e e
OrangeService Desk
Service DeskIPSEC Router
x.x.x.x/xx
Customer IPSEC Router
x.x.x.x/xx
CustomerNetwork
Customer Access VLANService Desk VLAN
7
Service Desk Network
Customer monitoredequipment
$
managing end to end SLAs is a balancing act$
costefficiency
CXOReporting
$
businessservice
Businessparameters
yCXOReporting
Decision
Users'
serviceefficiency
IPT
SAP In housesatisfaction
SLA SLA
LANInternet
Hosting
SAP
Various 3rd parties
Service Providers
OLA
UsersIP VPN
WANMessaging
Application mgt
Support organizations
Technicalparameters
Operational Manager
mgt
8
operational efficiency
In closing, some questions you should ask yourself…Who owns the data especially in a situations where there is shared access? What are the risks i.e. foreign governments or subpoenas?
Who is accountable/responsible for regulatory audits? (will your providers be subject to audit?)subject to audit?)
How detailed are your SLAs with your providers and do they cover all contingencies? i.e. access, loss, theft, audits, etc.
How will you secure any and all exposed APIs either to key applications or management systems?
Do you trust your providers security model or accreditation? Are you willing to give up control based on how they isolate/zone? Are hypervisor risksgive up control based on how they isolate/zone? Are hypervisor risks acceptable for production? Is encryption required for data in transit and at rest?
How will regulations constraint your use of cloud resources i.e. in-countryHow will regulations constraint your use of cloud resources i.e. in country data
How will you integrate management systems from multiple 3rd parties to enable an end to end view of service?
9
What management standards are you ready to adopt i.e. libcloud, WSDM, WS-Management, etc.
Thank You
10