Post on 02-Aug-2015
© 2015 IBM Corporation
Cloud for the military . . . . projects & promise
V2, 8 Jun 15
John Palfreyman, IBM
© 2015 IBM Corporation 2
1. Cloud Clarified 2. US Air Force Mission Oriented Cloud Architecture 3. US Army Logistics Activity 4. National Oceanographic & Atmospheric Administration 5. Looking Forward
Agenda
© 2015 IBM Corporation 5
. . . as a Service
Networking
Storage
Servers
Virtualization
O/S
Middleware
Runtime
Data
Applications
Traditional
Networking
Storage
Servers
Virtualization
O/S
Middleware
Runtime
Data
Applications
Platform as a Service
Networking
Storage
Servers
Virtualization
O/S
Middleware
Runtime
Data
Applications
Software as a Service
Networking
Storage
Servers
Virtualization
Middleware
Runtime
Data
Applications
Infrastructure as a Service
O/S
Vendor Manages in Cloud Client Manages
© 2015 IBM Corporation 6
Where & Who?
On Premises Off Premises
Client Operates
Most Secure Highest Cost (Unlikely)
Contractor Operates Secure (with cleared staff) Lower Cost
Less Secure Lowest Cost
© 2015 IBM Corporation 7
Public, Private or Both (Hybrid)?
Most sensitive workloads behind firewall
Everything connected to you, but remote
Optimised economics &
agility
Seamless experience, regardless of choice /
combination
© 2015 IBM Corporation 8
Military promise of Cloud . . .
Mission System provisioning Weeks Minutes
Event-based Scalability Fixed Elastic
Workload Runtime Location Static Movable
Service access Administered Self-service
Standardization Complex Reuse/share
Metering/billing Fixed cost Variable cost
Server/storage utilization 10–20% 70–90%
Return of Investment Years Months
Increasing Mission Agility
Reducing costs
On-demand, event-based access to mission services that can react to changing events
© 2015 IBM Corporation 10
Why?
"Our goal is to demonstrate how cloud computing can be a tool to enable our Air Force to manage, monitor and secure the information flowing through our network. We examined the expertise of IBM's commercial performance in cloud computing and asked them to develop an architecture that could lead to improved performance within the Air Force environment to improve all operational, analytical and security capabilities.” Lieutenant General William Lord, Chief Information Officer and Chief, Warfighting Integration, for the U.S. Air Force.
! Advanced cyber security and analytics capable of protecting sensitive data
! Designed with real time processing of sensors, monitors and devices
! Cloud architecture to reduce response time to cyber threats
! Mission prioritized workload & capacity management
© 2015 IBM Corporation 11
How?
Dash-boarding, Visualizing and Reporting
Stored Data & Threat Profiles Streaming Threats
Real-time Security Software
+
10-40-100 Gb/S
100% packet Inspection
Real-time Analytics
Massive (pbyte) Scale Analytics Engine
! Advanced Analytics - detecting and reacting to abnormal patterns
! Deep Packet Inspection - analyze data flows within the cloud
! Resilience - reconfigure cloud networks and resources
! Virtual server protection - situational awareness of vulnerabilities and attacks
! Autonomic Defense – at machine speed with chip level responsiveness
© 2015 IBM Corporation 12
What (benefit)?
! Security Intelligence approach (Analytics on masses of data)
! Enhanced security, policy management and compliance management
! Real collaboration (IBM – USAF) ! Cloud security possible using standard
commercial software
© 2015 IBM Corporation 14
Why?
Logistics Support Activity (LOGSA) ! Acquire, Manage, Equip & Sustain US Army materiel ! Data Collection, Organising, Storing Delivering ! Logistics Information Warehouse Drivers ! Save Money ! Interoperate ! Broaden Analytics Capability
© 2015 IBM Corporation 15
How?
! Started as Data Centre Consolidation ! Comprehensive Pre-Transition Audit ! Three Phases
1. On boarding 2. Transition to Managed Services 3. Solution Modernisation
! Analytics & Optimisation
© 2015 IBM Corporation 16
[1] Discovering “Real” As-Is
Firewall
Solaris Servers
Trusted User
EMC SAN
Other LOGSA Customers
IETM Customers
Basic Services
IETM Servers
Fiber Channel
Network
USPV
SAN
Tape
NAS
Non-VM Servers
Network
V-Block In
com
plet
e E
TL
Fiber Channel
Non-ERP Databases
Non-ERP Files
ERP Databases
• Poor VM processes & mgmt
• Data Warehouse in disarray
• Excessive applications
• Disjointed SAN architecture
• Maxed-out SAN frames
• Thousands of patches not applied over previous decade
Por
tal
Dat
abas
es
Old
OS
VM
s
Act
ive
Dire
ctor
y
• Numerous access mechanisms
• Badly outdated equipment
SFTP & Custom
Interfaces
Multiple DB
Interfaces Web Portal SSO, E-mail
Server Minimal SOA Multiple Client
Interfaces
© 2015 IBM Corporation 17
[2] . . . to Managed Services
• Migrate to Unified SAN • Massive upgrade/patch fix
• Modernize equipment • Improve VM processes/mgmt • Resolve License/Lease issues • Reduce number of databases
• Modeled, doctrine-aligned Business Processes
Firewall
Solaris Servers
Trusted User
EMC SAN
LOGSA Customers
IETM Customers
SVC IETM Servers
Fiber Channel
USPV
Non-VM Servers
ILDP Server
Network
V-Block In
foS
pher
e E
TL &
ISD
Fiber Channel
Non-ERP Databases
Non-ERP Files
ERP Databases
Por
tal
Uni
fy
Dat
abas
es
Sol
aris
V
MS
Linu
x V
Ms
SFTP / LOGFERS
LOGTRANS, LOGETL,
ILAP, LIW-F
Web Portal, E-mail Server
Client SOA Interfaces
Tape
Network
Act
ive
Dire
ctor
y
XIV SAN
Substantial repairs New/major updates
LIW-1 Forward
ALEG Business Glossary
NAS
© 2015 IBM Corporation 18
What (benefit)?
! Half the Cost of the previous unmanaged solution ! Transitioned to Managed Services in 181 days ! Applied over 10,000 patches ! Demonstrated Rapid Recovery from unplanned outages ! Building scalable, Cloud-ready Army Logistics SOA
© 2015 IBM Corporation 20
NOAA Why?
! Collects 20TB data / day – Doppler radars – weather satellites – buoy networks and stations, – real-time weather stations – ships and aircraft
! Demand for quality weather information ! New business model - “Drive economic growth and business
innovation” Secretary Pritzker
© 2015 IBM Corporation 21
How?
! Open up weather data to IBM & Partners ! Creates NOAA “data lake” in Cloud ! Applies analytics, offers service to Consumer ! Leveraging Open Standards based BlueMix
Platform – Partner Interoperability ! Cooperative Research & Development
(CRADA)
© 2015 IBM Corporation 22
What (benefit)?
! More VALUE to consumer ! From delayed, summary information . . ! . . to full data, low latency ! Efficiencies through scale up / down ! Iterative, exploratory approach
© 2015 IBM Corporation 24
! Emerging high value cloud workloads generate business insights by linking data from Systems of Record and Systems of Engagement at cloud scale
! “Flat” data centers can efficiently host such workloads with varying memory, network and storage requirements
! As sensitive workloads and data migrate to the cloud, security and compliance are becoming paramount
Industry Transformation
DevOps, Agility
Capex Reduction
Cloud Evolution
Cloud 1.0 Cloud 2.0
Cloud 3.0
Data originates in Cloud
© 2015 IBM Corporation 25
IBM BlueMix Overview
! Open Standards based Cloud Platform ! Mobile & application developers access to software [1]
– Integration – Security – Business functions – Advanced, exploratory elements
! EASE of application development ! Immediate use of Web Service ! Ideal vehicle for Open Innovation
[1] from IBM & partners
© 2015 IBM Corporation 26
Adaptive, Contextual Security
Reactive, Defense in Depth
Static, Perimeter Controls
Cloud 1.0 Cloud 2.0
Cloud evolution – security point of view
Challenge 1 Challenge 2 Challenge 3
Fragmented and complex security controls
Sophisticated threats and attackers
Increased attack surface due to agile and composable systems
Attackers exploit platform shifts to launch new attacks on high value workloads and data
Cloud 3.0
© 2015 IBM Corporation 27
Monitor and Distill
Correlate and Predict
Adapt and Pre-empt
Correlate events
Predict risk
Business impact
Defense strategies
Risk Prediction and Defense Planning From forensic to predictive security by building contextual models of access to value at risk
Active
In-device
Near Field
Passive
Multi-level monitoring and big data analytics 360 view of device, user, data, application and process
Adapt network architecture, access protocols, and privileges in a way that increases attacker workload
Controls Management Agents Active Adaptive and optimized response
Less intrusive More controls
Less
intru
sive
Mor
e vi
sibi
lity
IBM is uniquely positioned to provide the most secure Systems of Insight with adaptive, contextual security
Security 3.0
© 2015 IBM Corporation 28
1. Cloud (economy, agility, interoperability) ideal for military 2. Security is HARD but commercial software can solve 3. Projects may be complex, incremental – but huge savings accrue 4. Open Innovation – releasing value from data - happening 5. Open Standards Cloud platforms underpin real innovation 6. Security must evolve with Cloud usage
Summary