Aucune remarque pour cette diapositive
Source image : http://www.apwn.fr/wp-content/uploads/2011/04/objectifs.jpg(refaire image similaire)
5 caractéristiques3 modèles de service4 modèles de déploiement
5 caractéristiques- Libre service à la demande- Accès réseau, clients variés- Mise en commun des ressources (pooling)- « Élasticité » rapideService mesuré et facturation à l’usageStream line operationsAméliorel’agilité (= d’adapte à la demande, monte en charge,…)Gagner de nouveaux marchés et clients ????Focaliser sur la valeur business
TODO : inclure ici une signalétique pour SaaS => utilisateurPaaS => DéveloppeurIaaS=> Administrateur ITUtiliser une application packagée directement dans le CloudCréer une application sur une plateforme hébergée dans le CloudBesoin le plus basique d’héberger une machine virtuelle dans le Cloud
Source : Visual Model of NIST WorkingDefinition of Cloud Computinghttp://www.csrc.nist.gov/groups/SNS/cloud-computing/index.htmlNIST : National Institute of Standards and Technology
TODO : Mettre autre…
In-houseTiming: 2 minutes Key Points:The move to the cloud starts with identifying applications that are low risk, not mission critical, and don’t have regulatory exposure. These are the easier, lower impact opportunities to test the waters. Script:One of the first activities that we recommend you start with is to segment your applications based on their suitability for early transition to the cloud. The ideal first candidates are those applications that are low risk. This model can help you partition your applications looking at both business and technical considerations: From a business perspective, low-risk candidate applications are those that are not mission critical or don’t require a high degree of security, that don’t involve regulatory exposure, and that involve only low-impact content or content that isn’t a high security risk. From a technical perspective, considerations include whether the application is cross-premises, if it has high monitoring needs, how it integrates with other applications, and its database storage requirements. Integration is an important point, as you need to retain that integration during the move; for this reason, these applications are not ideal early candidates.As you look at this matrix, you will find that some of your applications fit in the “wait” column, perhaps because they are critical to the operation of your business or involve a significant degree of regulatory exposure. Others may involve some risk or complexity—perhaps they span multiple premises—but may be worth the effort if the return on investment (ROI) is clear. Others will fit neatly in the “now” column and are ideal candidates for the cloud; these often include your email, productivity applications, and some departmental applications. Let’s have a look at why they represent a good first step.
Utiliser ZoomITPilot Apps That Meet Ideal Workload PatternsTiming: 5 minutes Key Points:After segmenting your applications and identifying those that are non-differentiating, the next best step is to prioritize candidate applications that fit one of these four models. Certain workload patterns, including highly volatile or unpredictable workloads, are ideally suited to the cloud.The cloud may also make new applications possible that would have been cost prohibitive in a traditional infrastructure. Script:Once you have segmented your top candidate applications for the cloud and identified those that can be easily switched to turnkey software as a service (SaaS) applications, what next?A good next step is to evaluate your remaining potential candidate applications to identify those with workload patterns ideally suited to be migrated to or written specifically for the cloud. Although SaaS applications have seen the greatest initial adoption of public IT cloud services, interest in and uptake of platform as a service (PaaS) and infrastructure as a service (IaaS) are on the increase. IDC predicts that by 2014, infrastructure and application development/deployment (PaaS) will make up nearly half of cloud computing market revenue.Do you have any applications that match the patterns depicted here on the slide? Let’s look at these in a little more detail.“On and off” applications have seasonal or time-bounded workloads where the processing requirements are either all or nothing (or close to nothing). In a traditional infrastructure, the capacity dedicated to these workloads sits unused for extended periods of time. Remember the Auction Tool example that I mentioned earlier when I was talking about how Microsoft IT approached the cloud? This is a great example of an application that is only used at a specific point in the year. The rest of the time it sits idle. Another example might be sites that help with tax preparation—in the United States, for example, these include turbotax.com, hrblock.com, taxcut.com, and taxact.com. Activity on these sites spikes between January and April for tax season; data from Alexa.com (which provide web traffic metrics) shows that the load during the peak season can be 10 times the normal load. Of course, the on/off scenario doesn’t always occur on a regular schedule; the same pattern happens when you have occasional one-off computing requirements, perhaps for product prototyping during a development cycle or occasional intensive computer modeling or analysis. We have a customer, RiskMetrics, using the cloud in this situation—they run risk analysis for hedge funds to support recommendations to their clients. The cloud gives them access to powerful computing on demand.“Growing fast” applications are just what they sound like—applications with low (or no) current usage but with anticipated fast growth. Anobvious example is a smaller startup company, but even in the enterprise this has relevance when you’re setting up a new business unit or launching a new service. For example, what if you build an application for a certain segment of your customers, and then find that a lot more people than you had planned for want to use it? The elasticity of the cloud means that scalability—both during development and operation—doesn’t need to slow things down. Another typical example is a merger and acquisition (M&A) scenario, when nearly overnight you need to mesh an existing organization in with your existing systems. The cloud lets you add capacity as required, without delay.With unpredictable bursting, you get unexpected or unplanned peaks in demand. In a traditional infrastructure, you would need to estimate what the potential loads could be and build the capacity for those estimates, even though it will remain unused for the majority of the time. Not only does this lead to wastage, but get the estimate wrong and these sudden spikes can have an impact on performance—depending on the application, this could be critical or just lead to lost opportunities. Consider, for example, an emergency response system in which normal operation is fairly well understood; if a hurricane hits, the system could get overloaded just when you need it most. Another example is when a news or entertainment event prompts a spike in activity. For example, let’s say an underdog team puts in an impressive show and wins a major competition. All of the sudden the fans will be looking to buy related merchandise to celebrate. If an online sports retailer’s site can’t handle the upsurge in demand, it loses its chance. With the cloud, you don’t need to plan for a worst case (or best case!) scenario—it can instantly scale to meet requirements.And finally, predictable bursting—most of the time the demand is steady, but at regular intervals it peaks. One good example is a salary or payroll application; employees might occasionally log in during the month, but in general usage will be quite low except right around payday, when you’ll get a spike as people check to see what their paycheck looks like. Another great example is the holiday season in retail sales. If we look at the traffic ratings from Alexa.com for the websites of some major retailers in the United States—Target, Toys “R” Us, Barnes & Noble, and Walmart—there is a marked increase from September through to December or January when the sites see about four times the normal load, as their customers get busy with their holiday shopping (interestingly, in the case of Barnes & Noble, the peak is actually in January, presumably as a result of returns and people using the gift cards they received as holiday presents). The cloud lets retailers meet seasonal peak demands such as this without having to worry about whether they will have sufficient capacity—or have to pay for that capacity when it isn’t being used. The cloud may also make new applications possible that would have been cost prohibitive in a traditional infrastructure. In all of the above cases, the issue is around having sufficient capacity to meet demand—whether expected or otherwise—without having wasted capacity consuming resources. However, in some cases building a traditional infrastructure to accommodate occasional peak workloads isn’t just inefficient—it’s not feasible. The cloud makes nearly infinite capacity and processing power available on demand, even for short periods, and in so doing it opens up whole new possibilities that simply wouldn’t have been achievable for an individual enterprise previously. Additional Information:Robert P. Mahowald, “Worldwide Software as a Service 2010-2014 Forecast: Software Will Never Be the Same,” IDC, Doc #223628, June 2010, http://www.idc.com/research/viewdocsynopsis.jsp?containerId=223628&sectionId=null&elementId=null&pageType=SYNOPSISFor details on the Alexa.com stats, see the Windows Azure EBC deck (November 2010): http://arsenalcontent/ContentDetail.aspx?ContentID=183703RiskMetrics: http://www.microsoft.com/casestudies/Windows-Azure/RiskMetrics/Financial-Risk-Analysis-Firm-Enhances-Capabilities-with-Dynamic-Computing/4000005921
Exemple : le cas Zynga !
Source : “Understanding and Managing SaaS and Cloud-Computing Risks”” - Tom Scholtz - Gartner
ENISA est un centre d’excellence pour les membres de l’union Européenne et les institutions européennes sur la sécurité réseau et de l’information, émettant des avis et recommandations et jouant le rôle de relais d’information pour les bonnes pratiques. De plus, l’agence facilite les contacts entre les institutions européennes, les états membres et les acteurs privés du monde des affaires et de l’industrie.La CSA est une organisation pilotée par ses membres, chargée de promouvoir l’utilisation de bonnes pratiques pour fournir une assurance de la sécurité dans le cadre de l’informatique dans le Cloud.On retrouve parmi ses membres, Sophos, Accenture, Google, Microsoft, At&T, CA, Deloitte, eBay, Hitachi…
Décrire un scénario d’application fonctionnant dans un environnement Cloud public ou hybrideUne appli qu’on met dans le Cloud mais pb authentification, fédérationExemple d’application : Application mobile avec création de profils utilisateur gérés dans le CloudTechniqueChiffrement de la base de données (atrest)Information (en transit)Légal (privacy) : voir 2.2 Legal IssuesDonnées personnelles : déclaration obligatoire à la CNILLocalisation des données : si hors Europe, la CNIL doit approuver l’endroitIl reste à scripter un scénario :en customisant les réponses de la page CIO pour maximiser les risques légaux et protection des donnéesen customisant les réponses sur le questionnaire sécurité pour mettre en évidence ces 2 points à remédieren proposant les solutions de remédiation pour traiter ces risques et faire passer en risque acceptable
Le cas : ReconsiderTolerance qui peut indiquer soit une trop forte couverture du risque ou une mauvaise évaluation de la tolérance.La recommandation est basée sur la différence entre la tolérance au risque et l’exposition au risqueSi les 2 valeurs sont identiques la recommandation est « Aligned »Si la différence entre l’exposition et la tolérance est de 1, on considère « Acceptable »Si la tolérance est supérieure de 2 à l’exposition, on considère également « Acceptable »Si l’exposition au risque est supérieure à 2, on préconise « Remediate »Si la tolérance est supérieure de 3 ou 4 à l’exposition, on préconise « ReconsiderTolerance »