Rise of the Hybrid Cloud

1. RISE OF THE HYBRID CLOUD TRENDS, SECURITY AND OPTIMIZATION

2. Introduction Ian Evans, Cloud Solutions Architect at Quality Technology Services (QTS) ● 17 years of systems, network and infrastructure planning experience spanning multiple industries including Healthcare, Oil and Gas, Hospitality and the Federal Government. In my current role as a Cloud Solutions Architect at QTS, I use a deep understanding of cloud backbone systems, processes, management tools, and techniques to help customers construct, modify, operate, and maintain geographically disperse cloud architectures that meet unique customer needs. ● Prior to joining QTS, I have held multiple architect and product/account management positions at Verizon Enterprise Solutions, RedHat, Amazon Web Services and Systems Technology Forum, Ltd. I am also an active member and contributor within the Openstack Foundation. ● My primary areas of interest are around newer container based technologies which aim to improve application deployment time for customers. https://www.linkedin.com/in/ianwevans http://www.qualitytech.com

3. THE CLOUD LANDSCAPE ● According to a recent Rightscale survey, 94% of respondents said they are using Cloud. ● 74% of respondents said they have a multi-cloud strategy (Private and Public). ● Respondents noted greater flexibility, faster provisioning and higher availability as the top motivating factors for a move into the cloud. ● Cloud security, compliance and cloud management were among the top 5 challenges in regards to cloud maturity. ● AWS still dominates the public cloud landscape with VMWare vCHS, Rackspace, Google App Engine and Azure IaaS in the top 6. ● Openstack is now considered production ready and is being experimented with heavily in the private cloud space.

4. CURRENT TRENDS ● IaaS is becoming less important and the emphasis continues around improving the application deployment model. SaaS and PaaS will be primary focus for organizations through 2016. Public cloud SaaS is expected to grow from $39B in 2014 to $298B by 2026. ● The performance differentiation between public cloud-driven IaaS and baremetal IaaS is rapidly diminishing. Some public cloud providers are making huge gains in this area. We can expect to see public cloud adoption rates continue to increase with most of these adoptions having some aspect of hybrid connectivity as well. ● Cloud Management Products (CMP) and Unified Threat Management Appliances (UTM) will be a major focus for organizations. Customers continue to demand better tools to manage their diverse cloud workloads and security within a single pane of glass. ● There will be continued Software Defined Networking (SDN) adoption into hybrid cloud environments. Now that compute and storage are fairly well orchestrated and interconnected, customers would like the same type of functionality with their networks. SDN platforms such as Opendaylight, MidoNet and Cumulus are all set to make a huge impact on public, private and hybrid workloads in 2016. ● Cybersecurity will be a top priority in 2016. In addition to initiatives to protect customer/consumer data, there will be more regulations coming which will require organizations to meet stricter security guidelines. ● Integrated Authentication Management (IAM) adoption will increase. ReasearchAndMarkets reports projected IAM growth at 25.7% CAGR from 2015 levels. ● Hardware Unified Fabrics will continue to decline as cloud software orchestration mechanisms continue to improve. Customers will see significant cost savings in addition to better control over their hardware supply chain by adopting whitebox solutions. We expect to see projects like Open Compute (OCP) rise significantly in 2016. ● Containers will continue to gain popularity due to ease of provisioning applications and baremetal-like performance.

5. COMMON PITFALLS ● Involving too many vendors in your overall cloud solution. As more vendors are added, maintaining a good security posture becomes increasingly difficult. This also makes orchestrating workloads harder (e.g. too many panes of glass). ● Relying too heavily on public cloud providers to provide application and data security through your service chain. Using technologies like Unified Threat Management (UTM) and Cloud Management Portals (CMP) help mitigate risk by ensuring unified security for networks, storage and application stacks. ● Misunderstanding the current cloud deployment models: ● Example: Common Hypervisor environments are well understood, but has any thought been put into implementing an orchestrated container based system? ● Example: Using a hardware based orchestration system rather than focusing on software driven orchestration on commodity hardware. ● Example: Relying to heavily on the IaaS deployment model. Most successful deployments look at IaaS as a commodity resource and put emphasis on the application deployment model (e.g. SaaS and PaaS). ● Example: Thinking application workloads cannot be easily spread over multiple providers to ensure better uptime and resilience. This is a key area for CMP's as they ensure proper abstraction over multiple clouds which eases deployment and management in multi-cloud environments.

6. THE FUTURE IS: FLEXIBLE OPEN AND SECURE

7. ● Openstack is a free open-source platform for cloud computing created by NASA and Rackspace. It consists of compute pools, software orchestrated networking, automated billing and block/object storage. All components within the Openstack ecosystem can be orchestrated via the Openstack Horizon Dashboard or through the Openstack API. ● The platform is community built, rather than having a sole organization responsible for development cycles. This methodology speeds development, improves release cycles and fosters greater innovation into the product line. ● The Openstack community has built the product with the goal of being able to create common compute, network and storage pools that can be deployed across multiple private, public and hybrid clouds at any given time. ● Openstack is very mature and production ready. Rackspace has been running it for years. RedHat, Mirantis, Ubuntu, Dell, HP and Cisco all have Openstack private cloud offerings now as well. Walmart just deployed Openstack on a larger scale to drive their eCommerce business. ● There are many different CMP's that support Openstack's complete feature set. As an example, Scalr has commercial and open source offerings that plug directly into Openstack API. ● Native container support (Magnum) has been added into Openstack. Container technologies such as Kubernetes and Docker can now be fully orchestrated using Heat. This is an extremely important addition as it allows both bare metal (CoreOS, Atomic) and virtual deployment (Containers running inside of KVM) of containers. ● The project is still maturing when it comes to building in a more robust network stack. As SDN controllers become more integrated with Neutron, we will see this situation improve. ● Openstack helps organizations lower cost and decouple proprietary infrastructure from their cloud strategy.

8. RISE OF THE HYBRID CLOUD

9. HYBRID CLOUD ADOPTION ● In a recent survey, The New Era of Hosted Services noted 68% of all enterprises will be using Hybrid Cloud by the next two years. ● Hybid cloud adoption will continue to increase as organization demand better cost, scalability, business continuity and compliance out of their resources. ● Hybrid Cloud continues to offer more architectural flexibility for many organizations. There is still massive demand for dedicated infrastructure to meet specific compliance, security and performance requirements. ● Multi-tenant public cloud infrastructure has many uses, however things like sustained IOPS performance are sometimes times better suited in dedicated hosted environments. ● Hybrid clouds allow a wider use of Operating Systems, specifically legacy systems (e.g. AIX) that cannot run in public cloud. By adopting a hybrid approach these systems can be used and connected to more advanced services. Source: The New Era of Hosted Services ✔ Federate your resources in a cost effective manner by spanning private and public clouds. ✔ Connect legacy services with public cloud resources and platforms. ✔ Unify private and public clouds with on-prem baremetal resources with a cloud based CMP. ✔ Provide cost effective bursting for on-prem resources. ✔ Establish a cost effective disaster recovery using lower cost highly-available public cloud infrastructure. ✔ Pick and choose a variety of pricing models, SLA's and legal agreements. ✔ Meet specific compliance requirements by choosing providers that have already completed the compliance/security legwork. ✔ Build a dynamic infrastructure meeting exact performance guidelines.

10. HYBRID CLOUD MANAGEMENT ● Dealing with multiple clouds and legacy infrastructure is a very complex task. A good Cloud Management Product (CMP) addresses these common concerns: ● Lack of abstraction: CMP's provide layers of abstraction over multiple clouds to achieve a proper policy based provisioning model. As an example, an organization might want to select the cheapest object storage for specific archival requirements. The CMP would then reach out via API make that selection automatically for the customer. ● Unified network orchestration: SDN's can now be integrated into CMP's to provide unified network management across hybrid cloud environments. Through technologies like Openflow, CMP's can make calls directly to SDN frameworks, switches, VPN's and route devices. ● Improved utilization of DevOps resources: CMP's can use common automation and orchestration languages to allow a more seamless DevOps experience. With a CMP doing the DevOps orchestration, you can ensure better availability, accountability, performance, security and compliance. ● Better control and visibility over cloud finance: CMP's can control and monitor on-demand infrastructure, perform show- back/charge-back and conduct expenditure forecasting/analysis. Policies within the CMP can be established to perform workflows based on specific criteria. As an example: A report on instance activity can be generated showing development instances that were accidentally left running. ● Lack of focus around the application: A CMP will allow DevOps and System Administrators to spend more time focusing on applications rather than getting tied up in the complexities of provisioning IaaS. ● Lifecycle limitations: In order to ensure workflows are complete, the CMP needs visibility into every aspect of the organizations cloud footprint. A good CMP will connect common compute, network and storage resources to form deployable application stacks.

11. SDN Controller CMP VPC VPC VPC Router Switch Firewall Single Pane of Glass Management VPC Baremetal Infrastructure (Legacy) PUBLIC PRIVATE PRIVATE LEGACY HYBRID HOW DOES A CMP WORK? Legacy Switch Unified VPC GOOGLE AWS RACKSPACEPRIVATE OPENSTACK CMP VCGS (FedRAMP Cloud) NSX VPC

12. HYBRID CLOUD SECURITY

13. CLOUD SECURITY AND COMPLIANCE MANDATES ● Depending on the sensitivity of information (low or moderate), federal agencies must meet some strict guidelines: ● FISMA: The Federal Information Security Modernization Act mandates organizations follow NIST (800-53A) recommendations based on specific impact levels. Systems usually go through an Authority to Operate (ATO) and require continuous monitoring to ensure compliance. ● DoD: DoD workloads hosted on Cloud Services must comply with DoD security standards which are additive to FedRAMP and address DoD specific security requirements. The higher the Impact Level (IL) the greater number of additive controls that must be met. ● FedRAMP: This mandate follows the governments “Cloud First” initiative, giving preference to cloud-based technologies over on- prem counterparts. The Security Authorization of Information Systems in Cloud Computing memo also mandates federal agencies use FedRAMP ready clouds. ● Because the process to achieve FedRAMP status is so difficult and time consuming, many of the newer cloud technologies and services may not be immediately available. ● Agencies that wish to use services outside the already established FedRAMP boundary can cross-connect hybrid cloud infrastructure ONLY once they have received a P-ATO (Preliminary Authority to Operate) or ATO (Authority to Operate). ● The Joint Authorization Board (JAB) will review the cloud and issue a recommendation for a P-ATO or ATO. ● Other federal mandates include: FIPS 140-2, CJIS, DoD SRG, FERPA, VPAT and ITAR. ● In the commercial space, there are many different mandates that also need to be met: ● HIPAA: Designed to protect healthcare related information. ● SOC/SSAE/ISAE: Designed to protect consumer data. This mandate consists of various safeguards including auditing of data, accounting practices, confidentiality, integrity and privacy. ● PCI DSS: Designed to safeguard branded credit card transactions. ● Other commercial mandates include: GxP, ISO 27001 and GLBA.

14. SECURING HYBRID CLOUD WORKLOADS ● Securing individual cloud assets with multiple tools can be very time consuming and introduce gaps in the overall cloud security posture. Here are some tips to improve Hybrid Cloud security: ● Use a CMP or or Hybrid Overlay Appliance to ensure all network changes are made consistently throughout your entire cloud ecosystem. The CMP will also facilitate logging for compliance purposes though common API's. ● Start to experiment with SDN controllers and find one that can orchestrate your existing and cloud connected networks. Most modern switches support some level of Openflow or sFlow API control. The OpenDaylight Project is a great place to start and offers good Hybrid connectivity right out of the box. ● Deploy a Unified Threat Management Appliance (UTM) with remote data collectors to actively monitor traffic, events and correlate everything into a central logging facility. UTM's also has these features: ● Multi-factor Authentication (FreeIPA, YubiKey, RSA, CAC, AD Integration, etc). ● Software and hardware vulnerability assessment tools. UTM's can be deployed in each location to ensure uniform software updates throughout the organizations cloud footprint. ● Dynamic Firewall Policies. The UTM will respond to API calls from a CMP to configure firewalls. Once a policy is created, it can be deployed on public and private clouds simultaneously. ● File Integrity Monitoring. The UTM scans server and application deployments to ensure unauthorized changes are not being made. File Integrity Monitoring can be coupled with a firewall policy allowing the UTM to issue isolation commands in the event of a breach. ● Cloud Intrusion Detection/Prevention. Each UTM can monitor incoming/outgoing traffic, port access and other anomalies and report back into the CMP logging facility.

15. CLOUD MANAGEMENT HELPS SECURE THROUGH THE ENTIRE LIFECYCLE

16. HOW CAN A UTM HELP YOUR HYBRID CLOUD ENVIRONMENT? VPC UTM UTM Routing between subnets defined in VPC AZ B Subnet Instances Instances SDN VPC UTM UTM Routing between subnets defined in SDN VM/Instances VM/Instances SSL VPN'sSSL VPN's IPSEC VPN Tunnels CLOUD MANAGEMENT PORTAL AZ A Subnet LUKS Or Provider Disk Encryption LUKS Or Provider Disk Encryption Private Cloud Site Subnet A Private Cloud Site Subnet B LUKS Or Provider Disk Encryption LUKS Or Provider Disk Encryption Secure UTM Ecosystem ✔ Routing ✔ DDOS Mitigation ✔ Traffic Inspection/IDS/IPS ✔ Authentication ✔ Web/Email Protection ✔ Secure VPN ✔ Logging/Reporting

17. TAKEAWAYS ● The Hybrid Cloud market is growing rapidly and so are the security and compliance requirements. ● A good security model should consist of a CMP and some sort of UTM design. This will ensure better management, rapid provisioning, improved monitoring/logging and strengthen security across all of your clouds. ● Technologies like Openstack have opened new possibilities in the multi-tenant Hybrid Cloud ecosystem. ● Container based systems should be considered to ease the burden on DevOps and reduce overall application provisioning times. ● SDN technologies are finally production ready and will be making headway in 2016. By adopting SDN, organizations will have greater control over their network resources, provisioning, security, etc. ● Cyber attacks will become more complex, requiring improved security posture throughout the cloud ecosystem. UTM's coupled with SDN and CMP will help reduce attack surface and improve security awareness. ● More importance will be given to the application provisioning process than standing up traditional IaaS silos. Organizations are looking for ways to continually improve their DevOps processes. ● Cheaper non-proprietary commodity hardware adoption rates will increase as the need to reduce OPEX and CAPEX becomes more important for most organizations. ● Integrated Authentication Management (IAM) will be a top priority for organizations as they add additional hybrid cloud resources to their footprint. ● The increase in government/industry regulations will necessitate a more proactive security approach.

18. QUESTIONS?

Rise of the Hybrid Cloud

Rise of the Hybrid Cloud

Recommandé

Contenu connexe

Tendances

Tendances(20)

En vedette

En vedette(13)

Similaire à Rise of the Hybrid Cloud

Similaire à Rise of the Hybrid Cloud(20)

Dernier

Dernier(20)

Rise of the Hybrid Cloud