Contenu connexe Similaire à A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: How Service Provider ACS Delivers Value Creation for Its Customers with Cloud Computing Services (20) A Practical Approach to Delivering Cloud Platforms Using Novell Solutions: How Service Provider ACS Delivers Value Creation for Its Customers with Cloud Computing Services1. A Practical Approach to Delivering Cloud
Platforms Using Novell Solutions: ®
How Service Provider ACS Delivers Value Creation for Its
Customers with Cloud Computing Services
Charles A Radi, Sr.
Principal Architect – Novell Services (cradi@novell.com)
Steve Hansen
Principal Architect – Novell Services (shansen@novell.com)
Steve Houser
VP and CTO – ACS, ITO Global Strategy and Service Management
(steve.houser@acs-inc.com)
2. Agenda
Cloud Computing Background
ACS Enterprise Cloud Business Overview
ACS AMP 2.0 Delivery Review
ACS AMP 2.0 Architecture Review
Live Demo
Questions and Answers
2 © Novell, Inc. All rights reserved.
4. Definitions – Cloud Computing Market
SAAS SOFTWARE
Salesforce.com
Thoughts to ponder:
PLATFORM What are your
PAAS Google App Engine, requirements?
Azure, Force.com
Where does your
Enterprise cloud fit?
INFRASTRUCTURE
IAAS Amazon EC2, GoGrid,
Rackspace, Slicehost
4 © Novell, Inc. All rights reserved.
5. Extending the Enterprise to the Cloud
Internal Cloud (On-Site) External Cloud (Off-Site)
GOVERNANCE AND COMPLIANCE
Business Business Business
Service Service Service
Management Management Management Software as
a Service
IT Service IT Service IT Service Platform as
Management Management Management a Service
Existing Virtualized New Infrastructure
Internal Internal External as a Service
Capacity Capacity Capacity
Firewall
Thoughts to ponder:
What is your strategy? You may not call it a cloud
5 © Novell, Inc. All rights reserved.
6. The Workload Lifecycle
+ Customized OS
Intelligent
+ Identity
Workload
+ Management
Build
Secure Both Intelligent and Standard Workloads
Across Physical, Virtual, and Cloud
Manage Environments
Measure
Thoughts to ponder:
What is your current life cycle? Who owns each stage?
6 © Novell, Inc. All rights reserved.
7. Integrating Identity into Management
(aka I've already heard too much about the cloud ... what's different?)
1. The workload is intelligent
Resource Resource
Management Management
General Purpose
Operating System
Security and
Service
Compliance
Management
Management
Service
Management
Customized
Security and Operating
Compliance System
Management
Identity-Managed
Isolated Identity Awareness
2. The intelligent workload
is managed intelligently
7 © Novell, Inc. All rights reserved.
9. Vision Statement
Deliver secured services integrating ACS
private cloud and public cloud services to
meet our clients’ needs.
This ACS Trusted Environment will
incorporate a flexible, global approach to
provide clients their own enterprise cloud.
9 © Novell, Inc. All rights reserved.
10. Cloud IaaS Design Objectives
• Simplify client access to ACS services
– Self-service provisioning of VMs, storage and application components
• Deliver lower-cost service options
– Service components aligned with application lifecycle, e.g. SandBox, Dev/Test,
Production
– Integrated performance options, e.g. regular versus high-performance storage I/O
• Reduce process cycle times
– End-to-end process analysis and refinement
– Workflow enabled system and people task automation
• Enhance cloud security
– Deeper security for multi-tenant environments
– Security visibility / SIEM / Privileged User Management
• Unify management of private and public cloud services
– Role-based portal for service and process status
– User provisioning / de-provisioning management
– Billing aggregation and cost control
10 © Novell, Inc. All rights reserved.
11. Enterprise Cloud – Base Functionality
Phase 1 Phase 2 Phase 3 Phase 4 Phase 5
• AMP 1.0 / Compass • Amazon EC2 support • Advanced self • Ability to provision • Migrate VMs
Integration including health service provisioning services to multiple between clouds
status by service resource pools
• Self service portal for classification and simultaneously • Incremental
VMs and base app. • Streamlined config. options improvements in
components application workload • Complex n-tier previously noted
on-boarding • Larger selection of application service areas
• Provisioning OS and application provisioning
approval workflows • Deeper service stack service
status views templates • Drag and drop
• Role Based Access workflow integrations
Control , Integrated • Customer specific
• Additional / task palette
SIEM, Privileged application templates hypervisors, e.g.
User Mgmt. Oracle Xen • Enhanced policy
• Federated workflow based automation
• Basic service status available for
• Rules based
views advanced process application workload
automation management
11 © Novell, Inc. All rights reserved.
12. Your “Enterprise Cloud” Delivered
Adopt a Strategy That Best Fits Customer Requirements
Google
Docs & Wave
Microsoft Client A
Online & Azure
ACS AMP
Software-as-
Web 2.0
Inovis Service Service
Services
a-Service
B2B Connectivity / SFT
(SaaS)
Client B
Application Components-
Application Application
as-a-Service (CaaS)
IBM Application Application Software Platform-as-a-
LotusLive Platform Platform Service (PaaS)
Client C
Data Virtual Infrastructure- Virtual Infrastructure-
Platform as-a-Service (VaaS) as-a-Service (VaaS)
ACS - Xerox
Collaboration
Physical Physical Infrastructure- Physical Infrastructure-
Infrastructure as-a-Service (IaaS) as-a-Service (IaaS)
Client D
Amazon
EC2 & S3
Services Framework
Salesforce.com
SFA & Force.com
12 © Novell, Inc. All rights reserved.
13. ACS Cloud Management Services
New and Modified Services to Support Cloud Deployments
Unified Provisioning Subscriber Management Identity Management
• Private and Public Cloud • Utilization Reporting • Directory Federation
• Role Based Access Control • Billing Aggregation • Single Sign On
• Approval Workflows • Business Unit Chargeback • User Deprovisioning
Workload Security Service and App Network Path Monitoring
Monitoring
• SIEM and SOC Monitoring • Availability
• Availability
• Vulnerability Scanning • Performance Trending
• End User Experience Mgmt.
• Privileged User Mgmt. • Configuration Validation
• Performance Trending
Workload Management Service Level
Management
• Provisioning Templates
• Service Availability
• P-to-V and V-to-P Migration
• Application Availability
• Data Migration
• Custom SLAs
13 © Novell, Inc. All rights reserved.
14. A Path to Enterprise Cloud
Enterprise
Service Cloud
Management
Virtual
Resource
Application Pools
Workload
Consolidation
• Best use of ACS and
public resource pools
• Business Service
Management • Business aligned
• Dedicated vs. ACS consumption options
• Simplify HA and DR
Community shared
• Application
• Elastic scaling
resource use • Enhanced dashboards
rationalization and
Cloud planning • Application centric
workload management
• Increase percent
of server virtualization • Application team self
service
• Business Case
14 © Novell, Inc. All rights reserved.
15. Cloud Planning and Design
• Current state virtualization and • WAN acceleration
objectives / business planning • Web and application load
• Application catalog and balancing
classification • Recovery objectives
• Security – network, data and • Self service provisioning /
systems admin. business rules
• Data segregation, regulatory • App. provisioning templates
requirements, PI
• Operational entitlements
• Storage tiering / application I/O
• Monitoring and performance
• Network / firewalls management
• Active Directory, DNS, DHCP • Existing workload migration
• Database location • Service Level Management
15 © Novell, Inc. All rights reserved.
16. Xerox Innovation Heritage
Seventy year heritage of innovation continues
5,000 world-class
scientists and
engineers
Fuji-Xerox
partnership
$1.4B R&D/year US National Medal of
Technology
Breakthrough
research
§ 55,000 global patents
§ A top 25 US innovator:
2 patents/day
IEEE Corporate
Innovation Award
16 © Novell, Inc. All rights reserved.
18. Cloud Life Cycle Overview
Business Service Single pane Helpdesk view to
Management manage environment and
provide SLA views
Novell Identity Novell Access
Manager Manager
Authenticates user
Provisions access
and associates roles
and authorizes access Novell User REST Endpoint interface for self service
Identity Vault based on role Application provisioning, federated workflow, approval,
Delivery Manager and automation (Start,Stop)
contracts and
registers new
admin/user
PlateSpin Orchestrate
Workload Management Dynamically
assembles and starts client virtual machine
based on role, policy, and contracted
Service offering from Base Templates
PlateSpin
Recon Xen/ESX/Hyper-V
Admin/User Hosts the user virtual workload,
logs into secure manages HA, DRS
URL
Meters workload
usage, and reports
on billable events Novell Sentinel
based on user roles
and customized
Audit, Logging of all events
business policies. (Security, Billing,
Operations)
PlateSpin Novell Access Novell ZENworks
Orchestrate Manager Dynamically manages workload and application
Manages/ Recycles Terminates - Configuration Management - software compliance
Resources user session - Patch Management - Application Bundles
- h/w and s/w discovery - Endpoint Security
18 © Novell, Inc. All rights reserved.
19. How Novell Delivers Intelligent ®
Workload Management
Build Secure Manage Measure
SUSE Linux
® Novell Identity
® PlateSpin Migrate
® Novell Business Service
®
Enterprise Server Manager Manager
PlateSpin Orchestrate
®
SUSE Studio
® Novell Access
® Novell Business Service
®
Manager ™ Novell ZENworks
® ®
Level Manager™
SUSE Linux
® Configuration
Enterprise JeOS Novell Roles Based
® Management Novell Business
®
Provisioning Module Experience Manager™
Novell ZENworks
® ® PlateSpin Recon
®
Configuration Novell Access
®
Novell myCMDB™
®
Management Governance Suite PlateSpin Protect
®
Novell Sentinel™
®
SUSE Appliance
® Novell Privileged
®
PlateSpin “Atlantic”
®
Toolkit User Manager Novell Sentinel™ Log
PlateSpin “BlueStar”
®
Manager
®
Novell Workshop
® Novell SecureLogin
® ®
Novell “Workbench”
Novell Compliance
®
®
Novell Cloud
®
Automation Solution
Security Service
19 © Novell, Inc. All rights reserved. * Available by end of 2010
20. ACS Milestone 0 Functionality
Build Secure Manage Measure
SUSE Linux
® Novell Identity
® Novell ZENworks
® Novell Business
®
Enterprise Server Manager and Access Configuration Service Manager for
as a host Manager for™
Management and Internal Dashboards
Employee/ Customer ZENworks Linux®
PlateSpin Migrate
®
provisioning, Management for For correlation of
to move workloads authentication, and software packaging, Service Management
into the cloud access patching of workloads, (Remedy), Monitoring
and for software (Netcool) and other
For Directory deployment on base CMDB (Atrium) data
Synchronization workloads
For Root Cause Analysis
For Identity Integration PlateSpin Orchestrate
®
and Impact Analysis
with Service for Workload
Management Management Novell Sentinel for
®
™
(Remedy), Monitoring Security Monitoring and
(Netcool) PlateSpin Recon for
®
Identity Integration
metering of VM's for
billing
Interim Solution
(“Atlantic” coming in
2010) for Self-service
provisioning of Cloud
20 © Novell, Inc. All rights reserved. services
21. “Day in the Life” of AMP 2.0
Build
SUSE Linux®
Enterprise Server as
a host
PlateSpin Migrate to
®
ACS Enterprise Cloud (AEC)
move workloads into (Vmware, Hyper-V, SLES)
the cloud vPOD
vPOD
ACS Management Platform (AMP 2.0) CORE
(Linux)
* Done ahead of time in order to build capacity or move workloads into the cloud
21 © Novell, Inc. All rights reserved.
22. “Day in the Life” of AMP 2.0
Secure ACCESS MANAGEMENT
Novell Identity Manager
®
and Access Manager for ™
USER
Employee/ Customer
APP
provisioning,
authentication, and access
AIM
For Directory
Synchronization
AMP 2.0 Customer ACS Employee
For Identity Integration with IDV IDV
Service Management
(Remedy), Monitoring
(Netcool)
Identity Integration with other tools
(eg. AMP 1.0)
*Standard implementation of our Identity technology to manage provisioning,
authentication and access
22 © Novell, Inc. All rights reserved.
23. “Day in the Life” of AMP 2.0
Manage
Novell ZENworks
®
Configuration
Management and
ZENworks Linux ®
Management for
software packaging,
patching of workloads, and
for software deployment on
base workloads
PlateSpin Orchestrate for
®
Workload Management
PlateSpin Recon for
®
metering of VM's for billing
Interim Solution
(“Atlantic” coming in
2010) for Self-service
provisioning of Cloud *Request a Cloud service and it gets deployed
services
23 © Novell, Inc. All rights reserved.
24. “Day in the Life” of AMP 2.0
Measure
Novell Business
®
Service Manager for
Internal Dashboards
For correlation of
Service Management
(Remedy), Monitoring
(Netcool) and other
CMDB (Atrium) data
For Root Cause
Analysis and Impact
Analysis
Novell Sentinel for
®
™
Security Monitoring and
Identity Integration
*Know what‘s happening with the cloud service
24 © Novell, Inc. All rights reserved.
28. PS-Orchestrate Logical Architecture
Orchestrate Client PlateSpin Orchestrate
SystemCenter VMM
vCenter
Hyper-V Hosts
HYPERV-1
Xen Hosts
XEN-1
ESX Hosts
HYPERV-2
ESX-1
XEN-2
HYPERV-3
ESX-2
XEN-3
ESX-3
Template Repository
VMware Templates Xen Templates Hyper-V Templates
28 © Novell, Inc. All rights reserved.
33. Functional Approval
Provision a Workload Functional Flow (AEC1 Approval Process)
The AMP user with the proper AEC1 role selects a service offering to be provisioned. They will only be
able to select a service offering if the role is assigned and the Customer has been configured in AEC1.
The details for this workflow are defined in the Contracted Services object. This includes the AEC1
approval process information. There are two distinct types of approvals, first the AEC1 Roles based
approval process that will be handled by User Application in AEC1. Second, whatever approvals are
required as part of the ACS operational processes, these will be handled by Remedy.
If this offering requires customer approval before provisioning, it is accomplished at this time. The
process checks for the “customer provisioning manager” user role for this customer. This can be a
user or group of users that can approve this request. If no information is provided, this process is
skipped.
Does this offering require the SDM to approve before provisioning starts. The process checks the
“SDM” roles that are related to this customer. Again, groups of users can be used but must have been
assigned the proper role and customer relationship. The “Close Workflow” is a process that will be
defined in a later functional flow.
The condition had been defined that the target hypervisor may be owned by a customer and managed
by AMP2.0. In this condition, does the provisioning of this hypervisor require additional approval by the
“owner” of the hypervisor. This is where that approval will be gained or denied.
The desire is that a single workflow will be able to handle most all conditions required to deploy a
workload into AEC1. However, specific Service Offerings may require additional approvals or process.
This is a fork in the process to configure the additional workflow if required.
This is a pre-defined process that follows the object relationships between all the definitions in the IDV
to make a “best guess” at the end result state of the provisioned workload. It includes customer
networking configuration, the target hypervisor and all the requirements to complete the request.
33 © Novell, Inc. All rights reserved.
34. AMP 2.0 Integration
Provision a Workload Functional Flow (Remedy Integration)
In the Contracted Services object, we have attribute that defines what Remedy Change Order to
call and whether to wait for the process to complete before continuing. If no attribute exists, skip
this process.
If we are required to wait until the Change Order is complete, we will keep checking on a
schedule until complete. If the return status is complete, we continue. If the return status is
“closed” before completed, that means the change order terminated without being approved and
we fail the request and run the defined close workflow process.
In the Contracted Services object, we have an attribute that defines what Remedy Service
Request to call and whether to wait for the process to complete before continuing. If no attribute
exists, skip this process.
If we are required to wait until the Service Request is complete, we will keep checking on a
schedule until complete. If the return status is complete, we continue. If the return status is
“closed” before completed, that means the change order terminated without being approved and
we fail the request and run the defined close workflow process.
There may be additional conditions and processes that must be met for this process to complete.
If the Optional Workflow attribute exists, this extended workflow most complete before we
continue this process.
Either Exit of continue if all conditions are completed successfully.
34 © Novell, Inc. All rights reserved.
45. BSM – Admin View
45 © Novell, Inc. All rights reserved.
47. Milestone 0: Architecture
Legend
S Sentinel Connector
Log File Larry
L
A Adapter (MO)
E idM Driver Dashboards
PeopleSoft
S
Access
Manager myMO
S Self
Registration L
AD
VMWare
Jim ID IDM
HyperV eDirectory Framework
Provider Other
A Metrics
Model and
Directories
CMDB A Events
S Directory Services
A Helpdesk Martin
Manager
VMClient
Read Only
Service Approver File System Kelly
PSO Desk
PS L L
Migrate
Configuration Sentinel Security
BM Provision
VMWare
HyperV
L
Xen
Patch
L
୪୭ © Novell, Inc. All rights reserved.
48. Milestone 1: Architecture
Legend
Larry
S Sentinel Connector
L Log File Service Catalog
Dashboards UI
A Adapter (MO)
E idM Driver
Kelly
Access
Manager
S Service Catalog
AD
VMWare
Jim ID IDM
HyperV eDirectory Framework
Provider Other
A Metrics
Model and
Directories
CMDB A Events
S Directory Services Dashboards
A Helpdesk Martin
Manager
VMClient
Read Only
Service Approver File System
PSO Desk
PS L L
Migrate
Configuration Sentinel Security
BM Provision
VMWare
HyperV
L
Xen
Patch
L
48 © Novell, Inc. All rights reserved.
49. Milestone 2: Architecture (SDDC V1.0)
Legend
Larry
S Sentinel Connector
L Log File
A Adapter (MO) Dashboards Atlantic1
E idM Driver
A
Kelly
Access
Manager
S
AD
Service Catalog
Glassfish
IDM
VMWare eDirectory Framework L
Jim ID
HyperV Other
Provider Directories
Directory Services Model and Metrics (PlateSpin Recon)
S CMDB
Events
Dashboards
Helpdesk Martin
Manager
VMClient
Service Approver
Desk
Enterprise Services Bus
PS
Migrate Sentinel Security
L L L
Configuration Workflow
BM Provision
HyperV
Xen
VMware
Cloud
L L L L
Network Patch Capacity Cost Billing Svc.
Storage Mgmt
49 © Novell, Inc. All rights reserved.
50. Milestone 3: Architecture (SDDC v1.5)
Legend
Larry
S Sentinel Connector
L Log File
Compliance
A Adapter (MO) Report Dashboards Atlantic.2
E idM Driver
A
Kelly
Access
Manager
Service ACM Rule
S Catalog (MO) Engine
AD Compliance
Report Eng Glassfish
IDM
VMWare eDirectory Framework L L
Jim
HyperV Other
ID Provider Directories
Directory Services Model and Metrics (PlateSpin Recon)
S CMDB
Events
Dashboards
Helpdesk Martin
Manager
VMClient Novell Secure Login
Service Approver
Desk
S
Enterprise Services Bus
PS
PSO
Migrate Sentinel
L L L Security
L
Configuration DSL Workflow
BM Provision
HyperV
Xen
VMware
Cloud
L L L L L L
Network License Patch Capacity VDI Cost Billing Svc. Sourcefire
Storage Mgmt
50 © Novell, Inc. All rights reserved.
53. Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc.
Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope
of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified,
translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc.
Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents
of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any
particular purpose. The development, release, and timing of features or functionality described for Novell products
remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to
make changes to its content, at any time, without obligation to notify any person or entity of such revisions or
changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc.
in the United States and other countries. All third-party trademarks are the property of their respective owners.