SlideShare a Scribd company logo

Securing Enterprise Assets In The Cloud

G
gojkoadzic

From the Gaming Scalability event, June 2009 in London (http://gamingscalability.org). In this talk, Chris Purrington will discuss security challenges for cloud deployments and present VPN Cubed, a solution for the problem of integrating your existing infrastructure with the cloud. VPN-Cubed is a federated mesh of VPN servers that can be embedded in applications to run as a secure overlay network across multple locations, allowing your cloud machines can appear to exist on an extension of your local network. The enables you to run applications in the cloud while remaining connected to immobile systems such as databases and management interfaces. As VP Sales at cloud enabler CohesiveFT Chris is responsible for worldwide sales. With over 20 years in the software industry. Chris has extensive experience in leading ISVs to success in EMEA, this includes 9+ years at Application Lifecycle Management company Borland where he was UK MD and VP UK , Ireland and Africa. Chris is an active member of the London cloud community, organising CloudCamp London and the AWS London User Group. Don't hold it against him but Chris started his career as a 'bean counter', and is a Fellow of the Chartered Association of Certified Accountants.

TechnologyBusiness
1 of 55
Download to read offline
Cohesive Flexible Technologies Controlling and Securing Your Assets in the Cloud Chris Purrington, CohesiveFT Copyright CohesiveFT 2009 1
CohesiveFT - on boarding solutions for public, private and hybrid clouds Team looks like this 20 Cloud Computing Startups You Should Know Copyright CohesiveFT 2009 2
CohesiveFT - on boarding solutions for public, private and hybrid clouds We do this Copyright CohesiveFT 2009 3
The cloud is not a panacea for bad design. But moving applications to the cloud can quickly reduce capital expenditure, speed time to market. Copyright CohesiveFT 2009 4
The first question on everyone’s mind: Is my stuff safe up there? ? ? ? ? ? ? ? ? ? ? ? ? Copyright CohesiveFT 2009 5
Security and control remain top concerns Copyright CohesiveFT 2009 6
Use “your father’s VPN” Copyright CohesiveFT 2009 7
Typical VPN: Remote office access Copyright CohesiveFT 2009 8
Typical VPN: Remote office access X X X X X Copyright CohesiveFT 2009 9
Uhhh...no. Typical VPN does not provide high availability, overlapping address spaces, multi-site routing, etc.. But an overlay network can. confidential 10
I will be robust and secure using cloud-to-cloud DR confidential 11
Do x-cloud fail over...somehow.... Cloud A Copyright CohesiveFT 2009 12
Somehow... Cloud A Copyright CohesiveFT 2009 13
Do this! (somehow) Cloud A Cloud B Copyright CohesiveFT 2009 14
(somehow) When you put your assets in a cloud you surrender CONTROL of addressing, protocols, topology, and secure communications. But an overlay network gives back CONTROL. confidential 15
Speaking of security... What’s inside this VM? Copyright CohesiveFT 2009 16
Speaking of security... What’s inside this VM? Copyright CohesiveFT 2009 17
Speaking of security... What’s inside this VM? I know, let’s ask him... Picture from: www.sysadminday.com Copyright CohesiveFT 2009 18
Speaking of security... What’s inside this VM? ...or him. Picture from: www.sysadminday.com Copyright CohesiveFT 2009 19
Server “assembly” costs are THE Enterprise IT cost 20-year journey from single file deployment to homogenous architecture (the “C” program on Unix) to single file deployment on heterogeneous architecture (the VM to everywhere) As such - assembly error and propagation represents one of the biggest security risks as well Photo credit: Zach Rosing, May 25, 2007, Copyright CohesiveFT 2009 20
Do you have evil clones? Good clones? There is going to be a lot of them. Run the numbers... Photo credit: Paramount 10,000,000 - today 250,000,000 - 2015 2,500,000,000 - is not impossible Copyright CohesiveFT 2009 21
“P2V and SLA are mutually EXCLUSIVE!” Why? The 3 rules of hardware computing... 1) When you get a physical machine installed and working - NEVER MOVE IT 2) When you get the software installed and PHYSICAL TO VIRTUAL........easy. working - NEVER TOUCH IT 3) When you “touch it”, don’t tell anyone. Copyright CohesiveFT 2009 22
So...I am highlighting 2 issues in securing your assets in the cloud Even if using a cloud...it needs Working from a “bill of materials” to be YOUR infrastructure in approach is the only way to safely YOUR control survive the clone wars Copyright CohesiveFT 2009 23
YOUR infrastructure in YOUR control in the clouds Use an “overlay network” that you acquire, configure, deploy and manage. Enterprise IT is about checks, balances, and risk mitigation. Copyright CohesiveFT 2009 24
What is an overlay network? An overlay network is a computer network which is built on top of another network. Nodes in the overlay can be thought of as being connected by virtual or logical links, each of which corresponds to a path, perhaps through many physical links, in the underlying network. Copyright CohesiveFT 2009 25
Use an overlay network CONTROL: - Your addressing - Your topology - Your protocols - Your secure communications Copyright CohesiveFT 2009 26
I have software that REQUIRES multicast for service discovery This is true of many enterprise software packages (grid computing packages, database clusters, wikis and more).  Even inside the enterprise complexity and lead times prevent shared use of available resources in disparate customer controlled data centers because VLAN reconfiguration would be too expensive.  VPN-Cubed allows you to get the multicast traffic into the overlay network before it is rejected by the underlying network infrastructure. This allows you control of your protocols. Copyright CohesiveFT 2009 27
I want to control my own network addresses I am an early adopter of cloud computing and love the flexibility provided by public cloud like Amazon EC2 but I want to control my own network addresses, not be given some different set of VLAN addresses when I reboot my servers.  VPN-Cubed gives you control of your addressing allowing you to give your cloud servers static addresses that only change when YOU want them to.  Local infrastructure control of addressing in the public clouds! Copyright CohesiveFT 2009 28
Can’t I use my existing data center NOC? I have completed some of my “datacenter to cloud” migrations but am now under pressure to use new monitoring and management tools.  Can’t I use my existing datacenter NOC (network operations center)?  VPN-Cubed allows you to simply set up an overlay network for the express purpose of connecting cloud VLANS (at EC2 for example) to data center management installations using popular commercial systems like Tivoli, Unicenter, OpenView, as well as leading open source systems like Nagios, Hyperic and GroundWorks. Copyright CohesiveFT 2009 29
I want to use EC2 USA and EC2 Europe for both fail over and data privacy issues I am a cloud early adopter and I want to use both Amazon EC2 USA and Amazon EC2 Europe for both fail over and data privacy issues.  How can I securely link the two environments and treat them as one logical network?  VPN-Cubed does this “out of the box” with a pre-packaged solution “VPN-Cubed for EC2” available for self-service clients as well as those needing some professional services support. Copyright CohesiveFT 2009 30
Isn’t there a way I can test ISV solutions as if on my local network? I have an ISV who has a solution which I would like to evaluate but it will be quite disruptive for me to install. Can’t I can test their solution as if it was on my local network?  VPN-Cubed allows your ISV to install their solution as a virtual server in a public cloud like EC2, yet make it available to a DMZ or particular set of VLANs in your corporate environment.  The burden of testing the ISV solution should rest with your vendor with minimal impact or workload on your team. Copyright CohesiveFT 2009 31
VPN-Cubed Overlay Network Customers Addressing Customer Encryption Customer Multicast VPN-Cubed Managers Virtual Servers create an overlay network. Internet, leased or private network Data Center Cloud A VPN-Cubed Managers synchronize state and management information across N managers Copyright CohesiveFT 2009 32
VPN-Cubed Edtions -VPN-Cubed for EC2 (Free) -VPN-Cubed for EC2 (Paid AMIs) -VPN-Cubed: Datacenter to EC2 -VPN-Cubed: Datacenter to EC2 (IPsec) -VPN-Cubed: Enterprise Edition Copyright CohesiveFT 2009 33
VPN-Cubed for EC2 (Free Edition) Build an overlay network controlled by VPN-Cubed Managers in US and/or EU Peers Peers OR EC2 EC2 OR Peers USA EU EC2 EC2 USA EU Copyright CohesiveFT 2009 34
VPN-Cubed for EC2 (Paid AMIs) Build an overlay network controlled by 4 managers in US and/or EU regions Peers Peers EC2 EC2 USA EU Copyright CohesiveFT 2009 35
VPN-Cubed: Datacenter to EC2 Run an overlay network using Manager pairs in EC2 region and your data center WHAT IS DIFFERENT? The local VPN-Cubed Managers will need to be Peers assembled in a virtual machine format you can support. You WILL need to allow the Managers in your Peers data center to initiate outbound connections. You MIGHT want to allow the Managers in EC2 to initiate inbound connections to the local managers, if so you LIKELY will have to make some NAT entries in your network control equipment. Your EC2 You SHOULD put the VPN-Cubed Managers in a Data EU VLAN setup where you are comfortable with what traffic can and cannot traverse to and from Center or your EC2 VLAN. EC2 USA Copyright CohesiveFT 2009 36
VPN-Cubed: Datacenter to EC2 (IPSEC) Overlay network created via Manager pairs in EC2 and your data center equipmentt WHAT IS DIFFERENT? There are no local VPN-Cubed Managers. Your data center extranet solution (Cisco ASA, Cisco Pix, Juniper Netscreen) will connect to IPSEC VPN-Cubed Managers in the cloud, front-ended Gateways Peers by VPN-Cubed IPSEC Gateways. You MIGHT want to allow the Managers in the cloud to route traffic to your datacenter, if so you WILL have to make some routing entries in the VPN-Cubed Managers. EC2 Your EU Data or Center EC2 USA Copyright CohesiveFT 2009 37
VPN-Cubed: Enterprise Edition Complex, multi-manager, custom topology captured as a specification Evolution of use cases. As we discover different use cases we retrofit them as specification to automatically drive the user interface for peering and monitoring. It is in incremental and ongoing process at this point of the market. Copyright CohesiveFT 2009 38 38
YOUR infrastructure in YOUR control in the clouds THIS or THIS Enterprise IT is about checks, balances, and risk mitigation. Copyright CohesiveFT 2009 39
With a BOM approach: - Identity - Customization - Provenance This is an EC2 server... Bill of Materials right? Look again... Copyright CohesiveFT 2009 40
With a BOM approach: Bill of Materials Re-master device: - new cloud - new VM type - new OS Make clones with unique IDs, unique MAC addresses It the BOM! Copyright CohesiveFT 2009 41
Copyright CohesiveFT 2009 42
What does Elastic Server do? Gives Anyone THEIR own SOFTWARE FACTORY Copyright CohesiveFT 2009 43
What does Elastic Server do? Any developer, SI, ISV, project, team, enterprise can SOURCE THEIR own component supply chain can CREATE THEIR own server design center can MARKET, can MESSAGE, can DISTRIBUTE THEIR own server product Copyright CohesiveFT 2009 44
Server assembly like hardware Elastic Server Platform confidential 45
Build from components just like your would from HP or Dell... confidential 46
Source Assemble Allows choice at every level - Open Source Components - Commercial Source Components - Proprietary Source Components - Multiple Operating Systems confidential 47
Assemble Create Upload your own or your licensed ISV component Capture Operating Instructions confidential 48
Create Deploy Rapid deployment to virtual and cloud infrastructures Assembly portals allow precise control of enterprise architecture confidential 49
Market Message Distribute Assembly portals allow: - control of your message - control of your brand - control of your architecture - control of your execution context - control of your customer connection - support and highlight your ecosystem - support e-commerce integration - support usage pattern analysis confidential 50
Manage Save Bill of Material as a template Rebuild button - allows “remanufacturing” for patch mgmt - allows “remanufacturing” for migrations or heterogeneous deployment Bill of Materials confidential 51
Manage Manage Each Elastic Server is injected with management components to facilitate enterprise virtualization Common device control across environments confidential 52
Elastic Server Key Themes and Values ES as a meta-packaging system ES covers the continuum from “vm building” to an online community for teamsourcing/crowdsourcing virtual servers - Appliance Builders - OSS ISVs - Traditional ISVs - Enterprises ES as a driver of provenance, certification and standards ES as a tool to integrate developers to the production flow ES as an e-commerce system for marketing, messaging and distributing virtual servers ES as a defense against vendor lock in confidential 53
www.elasticsever.com www.cohesiveft.com blog.elasticserver.com Copyright CohesiveFT 2009 54 twitter.com/elasticserver
Thanks chris.purrington@cohesiveft.com Copyright CohesiveFT 2009 55

Recommended

Web2erc weblog wiki_forum
Web2erc weblog wiki_forumWeb2erc weblog wiki_forum
Web2erc weblog wiki_forum
davidroethler
 
Descaling Agile (Agile Tour Vienna 2019)
Descaling Agile (Agile Tour Vienna 2019)Descaling Agile (Agile Tour Vienna 2019)
Descaling Agile (Agile Tour Vienna 2019)
gojkoadzic
 
Maximum Impact, Minimum Effort
Maximum Impact, Minimum EffortMaximum Impact, Minimum Effort
Maximum Impact, Minimum Effort
gojkoadzic
 
Painless visual testing
Painless visual testingPainless visual testing
Painless visual testing
gojkoadzic
 
Serverless JavaScript
Serverless JavaScriptServerless JavaScript
Serverless JavaScript
gojkoadzic
 
Serverless Code Camp Barcelona
Serverless Code Camp BarcelonaServerless Code Camp Barcelona
Serverless Code Camp Barcelona
gojkoadzic
 
Test Automation Without the Headache: Agile Tour Vienna 2015
Test Automation Without the Headache: Agile Tour Vienna 2015 Test Automation Without the Headache: Agile Tour Vienna 2015
Test Automation Without the Headache: Agile Tour Vienna 2015
gojkoadzic
 
How I learned to stop worrying and love flexible scope - at JFokus 2014
How I learned to stop worrying and love flexible scope - at JFokus 2014How I learned to stop worrying and love flexible scope - at JFokus 2014
How I learned to stop worrying and love flexible scope - at JFokus 2014
gojkoadzic
 

Recommended

Web2erc weblog wiki_forum
Web2erc weblog wiki_forumWeb2erc weblog wiki_forum
Web2erc weblog wiki_forum
davidroethler
 
Descaling Agile (Agile Tour Vienna 2019)
Descaling Agile (Agile Tour Vienna 2019)Descaling Agile (Agile Tour Vienna 2019)
Descaling Agile (Agile Tour Vienna 2019)
gojkoadzic
 
Maximum Impact, Minimum Effort
Maximum Impact, Minimum EffortMaximum Impact, Minimum Effort
Maximum Impact, Minimum Effort
gojkoadzic
 
Painless visual testing
Painless visual testingPainless visual testing
Painless visual testing
gojkoadzic
 
Serverless JavaScript
Serverless JavaScriptServerless JavaScript
Serverless JavaScript
gojkoadzic
 
Serverless Code Camp Barcelona
Serverless Code Camp BarcelonaServerless Code Camp Barcelona
Serverless Code Camp Barcelona
gojkoadzic
 
Test Automation Without the Headache: Agile Tour Vienna 2015
Test Automation Without the Headache: Agile Tour Vienna 2015 Test Automation Without the Headache: Agile Tour Vienna 2015
Test Automation Without the Headache: Agile Tour Vienna 2015
gojkoadzic
 
How I learned to stop worrying and love flexible scope - at JFokus 2014
How I learned to stop worrying and love flexible scope - at JFokus 2014How I learned to stop worrying and love flexible scope - at JFokus 2014
How I learned to stop worrying and love flexible scope - at JFokus 2014
gojkoadzic
 
Sabotage product
Sabotage productSabotage product
Sabotage product
gojkoadzic
 
Reinventing Software Quality, Agile Days Moscow 2013
Reinventing Software Quality, Agile Days Moscow 2013Reinventing Software Quality, Agile Days Moscow 2013
Reinventing Software Quality, Agile Days Moscow 2013
gojkoadzic
 
5 key challenges
5 key challenges5 key challenges
5 key challenges
gojkoadzic
 
Death to the testing phase
Death to the testing phaseDeath to the testing phase
Death to the testing phase
gojkoadzic
 
Challenging Requirements/Oredev
Challenging Requirements/OredevChallenging Requirements/Oredev
Challenging Requirements/Oredev
gojkoadzic
 
Effective specifications for agile teams
Effective specifications for agile teamsEffective specifications for agile teams
Effective specifications for agile teams
gojkoadzic
 
Agile Testers: Becoming a key asset for your team
Agile Testers: Becoming a key asset for your teamAgile Testers: Becoming a key asset for your team
Agile Testers: Becoming a key asset for your team
gojkoadzic
 
From dedicated to cloud infrastructure
From dedicated to cloud infrastructureFrom dedicated to cloud infrastructure
From dedicated to cloud infrastructure
gojkoadzic
 
Specification Workshops - The Missing Link
Specification Workshops - The Missing LinkSpecification Workshops - The Missing Link
Specification Workshops - The Missing Link
gojkoadzic
 
Specification by example and agile acceptance testing
Specification by example and agile acceptance testingSpecification by example and agile acceptance testing
Specification by example and agile acceptance testing
gojkoadzic
 
Space Based Programming
Space Based ProgrammingSpace Based Programming
Space Based Programming
gojkoadzic
 
Getting business people and developers to listen to testers
Getting business people and developers to listen to testersGetting business people and developers to listen to testers
Getting business people and developers to listen to testers
gojkoadzic
 
Is the cloud a gamble
Is the cloud a gambleIs the cloud a gamble
Is the cloud a gamble
gojkoadzic
 
Casino In The Clouds
Casino In The CloudsCasino In The Clouds
Casino In The Clouds
gojkoadzic
 
From Grid to Cloud
From Grid to CloudFrom Grid to Cloud
From Grid to Cloud
gojkoadzic
 
Time to Bet on the Cloud?
Time to Bet on the Cloud?Time to Bet on the Cloud?
Time to Bet on the Cloud?
gojkoadzic
 
Going the extra mile
Going the extra mileGoing the extra mile
Going the extra mile
gojkoadzic
 
As fast as a grid, as safe as a database
As fast as a grid, as safe as a databaseAs fast as a grid, as safe as a database
As fast as a grid, as safe as a database
gojkoadzic
 
Betting On Data Grids
Betting On Data GridsBetting On Data Grids
Betting On Data Grids
gojkoadzic
 
Achieving Scale With Messaging And The Cloud
Achieving Scale With Messaging And The CloudAchieving Scale With Messaging And The Cloud
Achieving Scale With Messaging And The Cloud
gojkoadzic
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

More Related Content

More from gojkoadzic

Reinventing Software Quality, Agile Days Moscow 2013
Reinventing Software Quality, Agile Days Moscow 2013Reinventing Software Quality, Agile Days Moscow 2013
Reinventing Software Quality, Agile Days Moscow 2013
gojkoadzic
 
Casino In The Clouds
Casino In The CloudsCasino In The Clouds
Casino In The Clouds
gojkoadzic
 
From Grid to Cloud
From Grid to CloudFrom Grid to Cloud
From Grid to Cloud
gojkoadzic
 
Time to Bet on the Cloud?
Time to Bet on the Cloud?Time to Bet on the Cloud?
Time to Bet on the Cloud?
gojkoadzic
 
Going the extra mile
Going the extra mileGoing the extra mile
Going the extra mile
gojkoadzic
 
As fast as a grid, as safe as a database
As fast as a grid, as safe as a databaseAs fast as a grid, as safe as a database
As fast as a grid, as safe as a database
gojkoadzic
 
Betting On Data Grids
Betting On Data GridsBetting On Data Grids
Betting On Data Grids
gojkoadzic
 

More from gojkoadzic (20)

Sabotage product
Sabotage productSabotage product
Sabotage product
 
Reinventing Software Quality, Agile Days Moscow 2013
Reinventing Software Quality, Agile Days Moscow 2013Reinventing Software Quality, Agile Days Moscow 2013
Reinventing Software Quality, Agile Days Moscow 2013
 
5 key challenges
5 key challenges5 key challenges
5 key challenges
 
Death to the testing phase
Death to the testing phaseDeath to the testing phase
Death to the testing phase
 
Challenging Requirements/Oredev
Challenging Requirements/OredevChallenging Requirements/Oredev
Challenging Requirements/Oredev
 
Effective specifications for agile teams
Effective specifications for agile teamsEffective specifications for agile teams
Effective specifications for agile teams
 
Agile Testers: Becoming a key asset for your team
Agile Testers: Becoming a key asset for your teamAgile Testers: Becoming a key asset for your team
Agile Testers: Becoming a key asset for your team
 
From dedicated to cloud infrastructure
From dedicated to cloud infrastructureFrom dedicated to cloud infrastructure
From dedicated to cloud infrastructure
 
Specification Workshops - The Missing Link
Specification Workshops - The Missing LinkSpecification Workshops - The Missing Link
Specification Workshops - The Missing Link
 
Specification by example and agile acceptance testing
Specification by example and agile acceptance testingSpecification by example and agile acceptance testing
Specification by example and agile acceptance testing
 
Space Based Programming
Space Based ProgrammingSpace Based Programming
Space Based Programming
 
Getting business people and developers to listen to testers
Getting business people and developers to listen to testersGetting business people and developers to listen to testers
Getting business people and developers to listen to testers
 
Is the cloud a gamble
Is the cloud a gambleIs the cloud a gamble
Is the cloud a gamble
 
Casino In The Clouds
Casino In The CloudsCasino In The Clouds
Casino In The Clouds
 
From Grid to Cloud
From Grid to CloudFrom Grid to Cloud
From Grid to Cloud
 
Time to Bet on the Cloud?
Time to Bet on the Cloud?Time to Bet on the Cloud?
Time to Bet on the Cloud?
 
Going the extra mile
Going the extra mileGoing the extra mile
Going the extra mile
 
As fast as a grid, as safe as a database
As fast as a grid, as safe as a databaseAs fast as a grid, as safe as a database
As fast as a grid, as safe as a database
 
Betting On Data Grids
Betting On Data GridsBetting On Data Grids
Betting On Data Grids
 
Achieving Scale With Messaging And The Cloud
Achieving Scale With Messaging And The CloudAchieving Scale With Messaging And The Cloud
Achieving Scale With Messaging And The Cloud
 

Recently uploaded

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 

Recently uploaded (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Securing Enterprise Assets In The Cloud

  • 1. Cohesive Flexible Technologies Controlling and Securing Your Assets in the Cloud Chris Purrington, CohesiveFT Copyright CohesiveFT 2009 1
  • 2. CohesiveFT - on boarding solutions for public, private and hybrid clouds Team looks like this 20 Cloud Computing Startups You Should Know Copyright CohesiveFT 2009 2
  • 3. CohesiveFT - on boarding solutions for public, private and hybrid clouds We do this Copyright CohesiveFT 2009 3
  • 4. The cloud is not a panacea for bad design. But moving applications to the cloud can quickly reduce capital expenditure, speed time to market. Copyright CohesiveFT 2009 4
  • 5. The first question on everyone’s mind: Is my stuff safe up there? ? ? ? ? ? ? ? ? ? ? ? ? Copyright CohesiveFT 2009 5
  • 6. Security and control remain top concerns Copyright CohesiveFT 2009 6
  • 7. Use “your father’s VPN” Copyright CohesiveFT 2009 7
  • 8. Typical VPN: Remote office access Copyright CohesiveFT 2009 8
  • 9. Typical VPN: Remote office access X X X X X Copyright CohesiveFT 2009 9
  • 10. Uhhh...no. Typical VPN does not provide high availability, overlapping address spaces, multi-site routing, etc.. But an overlay network can. confidential 10
  • 11. I will be robust and secure using cloud-to-cloud DR confidential 11
  • 12. Do x-cloud fail over...somehow.... Cloud A Copyright CohesiveFT 2009 12
  • 13. Somehow... Cloud A Copyright CohesiveFT 2009 13
  • 14. Do this! (somehow) Cloud A Cloud B Copyright CohesiveFT 2009 14
  • 15. (somehow) When you put your assets in a cloud you surrender CONTROL of addressing, protocols, topology, and secure communications. But an overlay network gives back CONTROL. confidential 15
  • 16. Speaking of security... What’s inside this VM? Copyright CohesiveFT 2009 16
  • 17. Speaking of security... What’s inside this VM? Copyright CohesiveFT 2009 17
  • 18. Speaking of security... What’s inside this VM? I know, let’s ask him... Picture from: www.sysadminday.com Copyright CohesiveFT 2009 18
  • 19. Speaking of security... What’s inside this VM? ...or him. Picture from: www.sysadminday.com Copyright CohesiveFT 2009 19
  • 20. Server “assembly” costs are THE Enterprise IT cost 20-year journey from single file deployment to homogenous architecture (the “C” program on Unix) to single file deployment on heterogeneous architecture (the VM to everywhere) As such - assembly error and propagation represents one of the biggest security risks as well Photo credit: Zach Rosing, May 25, 2007, Copyright CohesiveFT 2009 20
  • 21. Do you have evil clones? Good clones? There is going to be a lot of them. Run the numbers... Photo credit: Paramount 10,000,000 - today 250,000,000 - 2015 2,500,000,000 - is not impossible Copyright CohesiveFT 2009 21
  • 22. “P2V and SLA are mutually EXCLUSIVE!” Why? The 3 rules of hardware computing... 1) When you get a physical machine installed and working - NEVER MOVE IT 2) When you get the software installed and PHYSICAL TO VIRTUAL........easy. working - NEVER TOUCH IT 3) When you “touch it”, don’t tell anyone. Copyright CohesiveFT 2009 22
  • 23. So...I am highlighting 2 issues in securing your assets in the cloud Even if using a cloud...it needs Working from a “bill of materials” to be YOUR infrastructure in approach is the only way to safely YOUR control survive the clone wars Copyright CohesiveFT 2009 23
  • 24. YOUR infrastructure in YOUR control in the clouds Use an “overlay network” that you acquire, configure, deploy and manage. Enterprise IT is about checks, balances, and risk mitigation. Copyright CohesiveFT 2009 24
  • 25. What is an overlay network? An overlay network is a computer network which is built on top of another network. Nodes in the overlay can be thought of as being connected by virtual or logical links, each of which corresponds to a path, perhaps through many physical links, in the underlying network. Copyright CohesiveFT 2009 25
  • 26. Use an overlay network CONTROL: - Your addressing - Your topology - Your protocols - Your secure communications Copyright CohesiveFT 2009 26
  • 27. I have software that REQUIRES multicast for service discovery This is true of many enterprise software packages (grid computing packages, database clusters, wikis and more).  Even inside the enterprise complexity and lead times prevent shared use of available resources in disparate customer controlled data centers because VLAN reconfiguration would be too expensive.  VPN-Cubed allows you to get the multicast traffic into the overlay network before it is rejected by the underlying network infrastructure. This allows you control of your protocols. Copyright CohesiveFT 2009 27
  • 28. I want to control my own network addresses I am an early adopter of cloud computing and love the flexibility provided by public cloud like Amazon EC2 but I want to control my own network addresses, not be given some different set of VLAN addresses when I reboot my servers.  VPN-Cubed gives you control of your addressing allowing you to give your cloud servers static addresses that only change when YOU want them to.  Local infrastructure control of addressing in the public clouds! Copyright CohesiveFT 2009 28
  • 29. Can’t I use my existing data center NOC? I have completed some of my “datacenter to cloud” migrations but am now under pressure to use new monitoring and management tools.  Can’t I use my existing datacenter NOC (network operations center)?  VPN-Cubed allows you to simply set up an overlay network for the express purpose of connecting cloud VLANS (at EC2 for example) to data center management installations using popular commercial systems like Tivoli, Unicenter, OpenView, as well as leading open source systems like Nagios, Hyperic and GroundWorks. Copyright CohesiveFT 2009 29
  • 30. I want to use EC2 USA and EC2 Europe for both fail over and data privacy issues I am a cloud early adopter and I want to use both Amazon EC2 USA and Amazon EC2 Europe for both fail over and data privacy issues.  How can I securely link the two environments and treat them as one logical network?  VPN-Cubed does this “out of the box” with a pre-packaged solution “VPN-Cubed for EC2” available for self-service clients as well as those needing some professional services support. Copyright CohesiveFT 2009 30
  • 31. Isn’t there a way I can test ISV solutions as if on my local network? I have an ISV who has a solution which I would like to evaluate but it will be quite disruptive for me to install. Can’t I can test their solution as if it was on my local network?  VPN-Cubed allows your ISV to install their solution as a virtual server in a public cloud like EC2, yet make it available to a DMZ or particular set of VLANs in your corporate environment.  The burden of testing the ISV solution should rest with your vendor with minimal impact or workload on your team. Copyright CohesiveFT 2009 31
  • 32. VPN-Cubed Overlay Network Customers Addressing Customer Encryption Customer Multicast VPN-Cubed Managers Virtual Servers create an overlay network. Internet, leased or private network Data Center Cloud A VPN-Cubed Managers synchronize state and management information across N managers Copyright CohesiveFT 2009 32
  • 33. VPN-Cubed Edtions -VPN-Cubed for EC2 (Free) -VPN-Cubed for EC2 (Paid AMIs) -VPN-Cubed: Datacenter to EC2 -VPN-Cubed: Datacenter to EC2 (IPsec) -VPN-Cubed: Enterprise Edition Copyright CohesiveFT 2009 33
  • 34. VPN-Cubed for EC2 (Free Edition) Build an overlay network controlled by VPN-Cubed Managers in US and/or EU Peers Peers OR EC2 EC2 OR Peers USA EU EC2 EC2 USA EU Copyright CohesiveFT 2009 34
  • 35. VPN-Cubed for EC2 (Paid AMIs) Build an overlay network controlled by 4 managers in US and/or EU regions Peers Peers EC2 EC2 USA EU Copyright CohesiveFT 2009 35
  • 36. VPN-Cubed: Datacenter to EC2 Run an overlay network using Manager pairs in EC2 region and your data center WHAT IS DIFFERENT? The local VPN-Cubed Managers will need to be Peers assembled in a virtual machine format you can support. You WILL need to allow the Managers in your Peers data center to initiate outbound connections. You MIGHT want to allow the Managers in EC2 to initiate inbound connections to the local managers, if so you LIKELY will have to make some NAT entries in your network control equipment. Your EC2 You SHOULD put the VPN-Cubed Managers in a Data EU VLAN setup where you are comfortable with what traffic can and cannot traverse to and from Center or your EC2 VLAN. EC2 USA Copyright CohesiveFT 2009 36
  • 37. VPN-Cubed: Datacenter to EC2 (IPSEC) Overlay network created via Manager pairs in EC2 and your data center equipmentt WHAT IS DIFFERENT? There are no local VPN-Cubed Managers. Your data center extranet solution (Cisco ASA, Cisco Pix, Juniper Netscreen) will connect to IPSEC VPN-Cubed Managers in the cloud, front-ended Gateways Peers by VPN-Cubed IPSEC Gateways. You MIGHT want to allow the Managers in the cloud to route traffic to your datacenter, if so you WILL have to make some routing entries in the VPN-Cubed Managers. EC2 Your EU Data or Center EC2 USA Copyright CohesiveFT 2009 37
  • 38. VPN-Cubed: Enterprise Edition Complex, multi-manager, custom topology captured as a specification Evolution of use cases. As we discover different use cases we retrofit them as specification to automatically drive the user interface for peering and monitoring. It is in incremental and ongoing process at this point of the market. Copyright CohesiveFT 2009 38 38
  • 39. YOUR infrastructure in YOUR control in the clouds THIS or THIS Enterprise IT is about checks, balances, and risk mitigation. Copyright CohesiveFT 2009 39
  • 40. With a BOM approach: - Identity - Customization - Provenance This is an EC2 server... Bill of Materials right? Look again... Copyright CohesiveFT 2009 40
  • 41. With a BOM approach: Bill of Materials Re-master device: - new cloud - new VM type - new OS Make clones with unique IDs, unique MAC addresses It the BOM! Copyright CohesiveFT 2009 41
  • 43. What does Elastic Server do? Gives Anyone THEIR own SOFTWARE FACTORY Copyright CohesiveFT 2009 43
  • 44. What does Elastic Server do? Any developer, SI, ISV, project, team, enterprise can SOURCE THEIR own component supply chain can CREATE THEIR own server design center can MARKET, can MESSAGE, can DISTRIBUTE THEIR own server product Copyright CohesiveFT 2009 44
  • 45. Server assembly like hardware Elastic Server Platform confidential 45
  • 46. Build from components just like your would from HP or Dell... confidential 46
  • 47. Source Assemble Allows choice at every level - Open Source Components - Commercial Source Components - Proprietary Source Components - Multiple Operating Systems confidential 47
  • 48. Assemble Create Upload your own or your licensed ISV component Capture Operating Instructions confidential 48
  • 49. Create Deploy Rapid deployment to virtual and cloud infrastructures Assembly portals allow precise control of enterprise architecture confidential 49
  • 50. Market Message Distribute Assembly portals allow: - control of your message - control of your brand - control of your architecture - control of your execution context - control of your customer connection - support and highlight your ecosystem - support e-commerce integration - support usage pattern analysis confidential 50
  • 51. Manage Save Bill of Material as a template Rebuild button - allows “remanufacturing” for patch mgmt - allows “remanufacturing” for migrations or heterogeneous deployment Bill of Materials confidential 51
  • 52. Manage Manage Each Elastic Server is injected with management components to facilitate enterprise virtualization Common device control across environments confidential 52
  • 53. Elastic Server Key Themes and Values ES as a meta-packaging system ES covers the continuum from “vm building” to an online community for teamsourcing/crowdsourcing virtual servers - Appliance Builders - OSS ISVs - Traditional ISVs - Enterprises ES as a driver of provenance, certification and standards ES as a tool to integrate developers to the production flow ES as an e-commerce system for marketing, messaging and distributing virtual servers ES as a defense against vendor lock in confidential 53
  • 54. www.elasticsever.com www.cohesiveft.com blog.elasticserver.com Copyright CohesiveFT 2009 54 twitter.com/elasticserver
  • 55. Thanks chris.purrington@cohesiveft.com Copyright CohesiveFT 2009 55