Many of today's enterprises are working under a false assumption that there is a trade-off between consumer-centric file sharing and corporate IT policy compliance. This is because most market-leading SaaS solutions for file sync and share are not designed around enterprise IT's needs. They represent growing risks with vendor lock-in, data security, compliance and data ownership.
With a track record in delivering innovative Open Source solutions, Vizuri has an answer to help enterprises overcome these hurdles. By leveraging innovative Red Hat and ownCloud open source solutions, this solution help corporate IT provide a simple to use file sync and share solution for employees. As a result, organizations are able to retain a greater control over valuable intellectual property.
The Ultimate Guide to Choosing WordPress Pros and Cons
Liberate Your Files with a Private Cloud Storage Solution powered by Open Source
1.
2. Liberate Your Files
Isaac Christoffersen
Architect, Vizuri
Matt Richards
VP Products, ownCloud
Ted Brunell
Solution Architect, Red Hat
14 June 2013
3. Do you know where your data is?
● More than 75% of businesses have
shared or stored sensitive company
information on public clouds
services – Symantec.
● 40% experienced the exposure
of confidential information
● 40% reported that they had lost
data in the cloud and had to
restore it from backups
● Average cost of a data breach
equaled $5.5 Million in 2011
(Infosecisland.com)
5. The Problem “Dropbox” Created
The Problem:
“Dropbox” created huge demand for file
sync and share...
• Simple
• Free
• Fast to obtain
• It just works
...at the risk of user and IT security.
6. The Problem “Dropbox” Created
The Problem:
“Dropbox” created huge demand for file
sync and share...
• Simple
• Free
• Fast to obtain
• It just works
...at the risk of user and IT security.
44%
*
44%
*
* Use Dropbox in the enterprise without permission, Osterman Research
7. Enterprise IT needs more control over the
cloud storage service offerings ...
Let your data out into the open, not into the wild
8. Extensible
& Open APIs
Dynamic
Scaling
Search
& Retrieval
Tools
Automated File
Synchronization
Security
& Encryption
Access from
Anywhere
Collaboration
& Sharing
… while also offering the same features that
employees love about the public offerings
9. Professional open source solutions allow you to
regain control and maintain your freedom
Vizuri has selected &
integrated the best of breed
technologies to overcome
these hurdles.
11. What is ownCloud
ownCloud helps enterprises concerned about sensitive data
leakage via Dropbox deliver a secure file sync and share
solution on their storage inside their data center.
● Protect and Manage sensitive data by storing it on-site,
on their servers, managed to their policies
● Integrate seamlessly into existing infrastructure
● Extend functionality through extensive APIs
AND STILL provide the seamless, easy-to-use access to
sensitive data that end users have come to expect from
consumer-grade services.
12. ● Host in your data center
● Store on your storage
● Integrate via Plug-ins
● Extend with Plug-ins
● Sync files and folders
● Share files and folders
ownCloud Server – the brains
iOS and Android
– mobile access
apps
Windows, Mac and
Linux – desktop file sync
clients
ownCloud is a distributed application with
mobile, web, and desktop clients
14. OpenShift PaaS
…Bridging App Dev Worlds
Cloud-Class AgilityCloud-Class Agility
• Designed for No Lock-In
• Polyglot with Java, Ruby, PHP,
Perl, Python
• Mobile and Responsive Web
• REST and Javascript
Enterprise-ClassEnterprise-Class
StrengthStrength
• Enterprise Java EE6 via JBoss
• Multi-tenancy and Security via
Red Hat Enterprise Linux
• Jenkins, Maven, Git
• Auto-Scaling
• On-Premise, Hosted, or Hybrid
Established New
OpenShift = Open Hybrid PaaSOpenShift = Open Hybrid PaaS
15. Unique SELinux Approach Enables
Security and Multi-tenancy
RHEL RHEL
SELinux Policies securely subdivide
the Node instances.
Broker Node Node Node
RHEL
AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal
16. OpenShift User Applications
Run in OpenShift Gears
RHEL RHEL
Broker Node Node Node
RHEL
AWS / CloudForms / OpenStack (IaaS) / RHEV (Virt) / Bare Metal
Linux kernel cgroups are used to
contain application processes
and to fairly allocate resources
18. RED HAT STORAGE 2.0 AREAS OF FOCUS
CONSOLIDATED INFRASTRUCTURE
RESOURCE POOLS
BIG DATA
RUNS ON THE CLOUD
INFRASTRUCTURE
FOCUS
LINUX ADJACENCY
STABILITY
RELIABILITY
UPGRADEABILITY
RED HAT
STORAGE
SERVICES FOR
UNSTRUCTURED
DATA
ENTERPRISE
CLASS
FILE-CENTRIC
STORAGE
(NAS Alternative)
19. z
ADMINISTRATOR
RED HAT
STORAGE CLI
USERS
SSH
NFS
CIFS
Fuse
OpenStack Swift
Cloud Volume
Manager
(glusterd)
Cloud Volume
Manager
(glusterd)
Cloud Volume
Manager
(glusterd)
Brick
(glusterfsd)
Brick
(glusterfsd)
Brick
(glusterfsd)
Brick
(glusterfsd)
Brick
(glusterfsd)
Brick
(glusterfsd)
Brick
(glusterfsd)
Brick
(glusterfsd)
Brick
(glusterfsd)
RED HAT STORAGE POOL
VIRTUAL PHYSICAL
RED HAT STORAGE—50,000 FOOT OVERVIEW
21. RED HAT STORAGE VALUE PROP
Highly Scalable Storage
●
Multiple peta-byte clusters
●
Geo-replication to disperse data
Highly Cost-Effective
●
Leverages commodity x86
servers
●
Leverages existing capacity
within virtual Machine
environment
Highly Flexible
●
Physical, virtual, cloud and
hybrid deployment models
●
File and object access protocols
Deployment Agnostic
●
Deploy on-premise, in the public
cloud or a hybrid setup.
Open & Standards Based
●
NFS, CIFS, HTTP
22. Demonstration
Key Components in Action
● OpenShift Enterprise
● 1 Broker with 2 Nodes
● Red Hat Storage
● 2 Nodes with 1 Brick per Node in a distributed
configuration
● ownCloud
● Deployed as an OpenShift Gear
● MySQL
● Php 5.3
23. Next-generation cloud storage on your terms
Example text
Secure multi-tenant
environment with built-in
autoscaling and encryption
Geo-replication support with
massive redundancy and
pro-active self-healing
Example text
Mobile, desktop, and web
clients let you work from
anywhere
Integrates with existing
infrastructure and corporate
audit & compliance policies
Example text
Free of lock-in and
extensible through open
APIs
Built on top of enterprise-
class, professional open
source software
Title:Vizuri-logo-large-Summit-2011.ep
Creator:Adobe Illustrator(R) 13.0
CreationDate:4/12/11
LanguageLevel:2
24. Thank you.
Isaac Christoffersen ichristoffersen@vizuri.com
www.vizuri.com @1Vizuri
Matt Richards matt@owncloud.com
www.owncloud.com @owncloudcom
Ted Brunell tbrunell@redhat.com
www.redhat.com
Notes de l'éditeur
For main parts to the solution Control – you server Physical, virtual, private cloud Where everything is integrated and admins control access and administer the system Storage – Your storage – AGNOSTIC NAS, SAN, direct attached – whatever you have or want Hybrid too if you choose Access – web clients, mobile devices, desktop clients, and a standard WebDAV connection Extensibility – the secret sauce of ownCloud, this extensible framework for creating plug-ins ALL Runs inside your firewall, managed by your admins, to your security and access polocies
So what is the problem? Dropbox created something amazing Simeple Easy to get Easy to use It just works Drop a file in the folder, it show up on server, and then to all other devices or users The problem is it is not secure – lots of news to this affect
However, in an attempt to be more productive, users use it anyway In a recent survey, 44% of enterprise users (>1000+) use dropbox without Its permission Not all that secure, Lots of people using it anyway Opens you to risk of lost sensitive data The little dropbox can be a big source of leaks – why it is upside down over here
And one more layer down, you see the server The APIs are part of why we are so flexible, as is the standard n-tier architecture We are PHP, support Oracle, MySQL, Postgres as databases We have a management panel and logging apps to provide insight and control External provisioning api for use with automation Sharing Capability Storage abstraction layer: whatever you have plus cloud storage, all abstracted by ownCloud to make it simple to use the storage you have
OpenShift provides a Cloud Application Platform that bridges today’s two diverging application development worlds. OpenShift brings Enterprise-class strength and maturity to the Cloud and also enables both proven enterprise application stacks like Java EE as well as newer rapid-development oriented application stacks like LAMP, Ruby and Node.JS. OpenShift includes the tools needed for rigorous application development like Maven and Jenkins, as well as support for NoSQL databases and Mobile application development. Soon to be available in either public, private, or hybrid cloud implementations, OpenShift delivers the Control and Security that IT Operations demands and the Velocity and Agility that Application Developers desire. OpenShift is the industry’s first Open Hybrid PaaS. <next slide>
One of the unique features of OpenShift is that within the Nodes, OpenShift provides secure, fine-grained, multi-tenancy by leveraging powerful Red Hat Enterprise Linux subsystems such as SELinux (Security Enhanced Linux), CGroups (Control Groups), and NameSpaces to divide up the RHEL instances into slices that can be dedicated to each user application firewalled off from each other. <next slide>
These slices of RHEL are called OpenShift Gears. OpenShift Gears are super-secure and highly efficient containers that host user applications in OpenShift. To the user, the Gear appears like an instance of RHEL. They can even SSH in to the gear. They can see their processes, their memory, and their filesystem, but they are prevented from seeing or impacting anyone else’s environment or the system as a whole. SELinux was built by Red Hat in conjunction with the National Security Agency in order to support some of their strict requirements. It is a “Deny everything, and allow by exception” policy subsystem that allows very strict control of what processes and users can do. In OpenShift, SELinux policies are used to enable hi security in a container based multitenant environment. Likewise, Control Groups are used to carefully control what resources an OpenShift Gear is able to consume. Cgroups allow Gears to consume CPU and RAM but also limits that consumption based on configurable policies. And finally NameSpaces are used to allow each Gear to have it’s own file system complete with the system directories that it may need including /tmp, /var, and others. Red Hat has been able to leverage these technologies to build a secure and yet efficient multi-tenant PaaS because Red Hat has incredible knowledge with respect to the Operating System underneath, Red Hat Enterprise Linux. With some of the best linux kernel coders in the world, Red Hat has used these smarts to build a cloud Platform-as-a-Service on top of the industry leading enterprise Linux operating system. OpenShift Gears represent the resulting benefit of leveraging this wealth of knowledge in the Operating System Platform to build a Cloud Application Platform that is both super-secure and highly efficient. <Optional statements> The OpenShift Gear-based architecture provides two other key benefits: Deploying multi-tenancy inside of RHEL Nodes allows many, many applications to be maintained by deploying maintenance to a much smaller set of RHEL Operating System instances. The Sys Admins job becomes much easier when they only need to patch and perform maintenance on a small number of nodes instead of 1000s of Virtual Machine instances (as would be the case with VM-based multi-tenancy). OpenShift also has the ability to “Idle” Gears that are not actively being used. In this situation the Broker will take a snapshot of an application Gear and write it to disk to take it out of RAM. Network connections are maintained so when an application URL is requested, the Gear will be “un-idled” and able to service the request quickly. This Idling technology allows many more Gears to be supported within one instance of RHEL because not all Gears will be active at the same time. Implemented for the OpenShift hosted service, this Idling capability is also beneficial to the enterprise that wants to optimize resource consumption as much as possible. <next slide>
And, once the application is launched within the OpenShift PaaS, OpenShift provides the elasticity expected in a Cloud Application Platform by automatically scaling the application as needed to meet demand. When created, applications can be flagged as “Scalable” (some apps may not want to be scaled). When OpenShift sees this flag, it creates an additional Gear and places an HA-Proxy software load-balancer in front of the application. The HA-Proxy then monitors the incoming traffic to the application. When the number of connections to the application crosses a certain pre-defined threshold, OpenShift will then horizontally scale the application by replicating the application code tier of the application across multiple Gears. For JBoss applications, OpenShift will scale the application using JBoss Clustering which allows stateful or stateless applications to be scaled gracefully. For Ruby, PHP, Python, and other script-oriented languages, the application will need to be designed for stateless scaling where the application container is replicated across multiple gears. The Database tier is not scaled in OpenShift today. Automatic application scaling is a feature that is unique to OpenShift among the popular PaaS offerings that are out there. Automatic scaling of production applications is another example of how OpenShift applies automation technologies and a cloud architecture to make life better for both IT Operations and Development. <next slide>