Cloud Computing Strategy and Architecture

Hendrix Yapputro certified IT architect

certified ISO 27000 lead auditor – cloud security

Cloud Computing Strategy & Architecture

Further Reading

1. National Institute of Standards and Technology Special Publication 800-145. 2. CompTia Cloud www.comptia.org 3. Could Computing Explained: the implementation handbook for enterprise. 4. Architecting the Cloud: Design Decision for Cloud Computing Service Model (SaaS, PaaS, Iaas)

Cloud Computing

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

National Institute of Standards and Technology Special Publication 800-145

Essential Characteristics

On-demand self-service

A consumer can unilaterally provision computing capabilities, such as server time and network storage,

as needed automatically without requiring human interaction with each service provider

Broad network access

Capabilities are available over the network and accessed through standard mechanisms that promote

use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and

workstations).

Rapid elasticity

Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly

outward and inward commensurate with demand. To the consumer, the capabilities available for

provisioning often appear to be unlimited and can be appropriated in any quantity at any time.

1

2

3


Essential Characteristics

Resource pooling

The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model,

with different physical and virtual resources dynamically assigned and reassigned according to consumer

demand.

Measured service

Cloud systems automatically control and optimize resource use by leveraging a metering capability at

some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and

active user accounts).

4

5


BUSINESS VALUE OF CLOUD COMPUTING

Business Value of Cloud Computing

Business Driver

What???

Mr. Business Mr. IT

but, this is the fact

.

.

.

Business costs have to be efficient for winning business competition. It can be achieved by: 1. Reducing costs for gaining efficiency, and 2. Agility

Cost Leadership

Because of its lower cost, the cost leader is able to charge a lower price than its competitors yet make the same level of profit. If companies in the industry charge similar prices for their products, the cost leader still makes higher profit than its competitors because of its lower costs.

And, if rivalry within the industry increases and companies start to compete on price, the cost leader will be able to withstand competition better than the other companies because of its lower costs.

Building competitive advantage through Cost Leadership

A company’s goal in pursuing a cost-leadership strategy is to outperform competitors by doing everything it can to produce goods/service at a cost lower than theirs.

Agility

Cloud Provider Customer Modules

Business need to rapidly develop new products (particularly applications or web-based services) without being limited by the cost of computing hardware or being stalled by long procurement time

Shorten time to market 1

Mobility 3

Global access to organizational enterprise resources is required for organizations with a distributed workforce.

Rapid internal development & testing

The ability to provision and de-provision development and testing environments on demand provides organizations with greater opportunities to improve their business processes by developing applications internally or testing off-the-shelf software in their environment.

2

CompTia CompTia Cloud Essential

MANAGEMENT OF CLOUD –READY APPLICATION

Management of Cloud-ready Application

Cloud Ready Application

E N D - T O - E N D M a n a g e m e n t o f C l o u d

IaaS vs PaaS SLA

Monitoring

No of Data Center

Pricing Type of Instance

Certification

Support

Most providers have a set number of servers that can be used, with a specific number of CPUs, amount of memory, and operating system. Others have fully customizable instances.

There are no standards for PaaS-based applications. Each provider uses different APIs based on its platform. Choosing a specific provider might force a lock-in with a technology that cannot be migrated later to a different provider. Use IaaS unless you are comfortable with the technology used by a PaaS provider and you do not foresee a change in the technology used.

CompTia CompTia Cloud CompTia Cloud Essential

Service Level Agreement

Data Ownership Data Loss

Data Location Contract Renewal

Insurance Contractual Protection


Negotiation of SLA

Availability of Service

Liabilities Control of Data

Choice of Law

Organizations should raise the issue of contract negotiation with the vendor and choose the law based on their territory coverage

The cloud provider should disclose the list of data centers used to store the data, including backups. The SLA between the vendor and the organization must also specify how backups are handled.

Organizations should specify the purpose of contracting with the vendor so that it is clear that, unless the service adequately addresses this purpose, it is pointless to enter into the contract.

Vendors should have documented management systems, processes, and resources. Organizations should be able to access the average available time provided by the vendors in the different layers of services offered. And consequences for not meeting the SLA must be clearly identified.

CompTia CompTia Cloud Essential

SECURITY Security

Cloud Security Principal

Confidentiality Integrity

Availability

Confidentiality refers to the sensitivity of data.

Integrity refers to the reliability of data.

ISO 27000 series

Availability refers to the accessibility of data. To be available, data needs to be protected from disruption of service.

Other Security Reference

CompTia Cloud CompTia Cloud Essential

Cloud Security Management Data Security

Application Security Network Security

Physical Security

Security Policy & Procedure


Cloud Security Diagram Traditional firewall Virtual firewall

In/outbound traffic

Internet


DEPLOYMENT Deployment

Cloud Deployment Model

Private Cloud

Community Cloud

Public Cloud

Hybrid Cloud

used by a single user or group of users

within an organization, the private cloud is

owned, managed, and operated by the

organization

used by a group of related organizations with

shared concerns, such as a group of

governmental or educational institutions that

choose to share a common cloud of services

not available

to the general public

Used by the general public, public cloud

services represent the most thoroughly

virtualized cloud infrastructural design,

removing data center information

resources partially or completely.

using components of private, community,

or public clouds, the hybrid cloud provides

access to two or more infrastructures

bridged by standardized technologies or

proprietary cloud services.


Cloud Service Model

• The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure2. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

Software as a Service

• The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider.

Platform as a Service

• The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications.

Infrastructure as a Service


Cloud Network Architecture

Interconnectivity

• For e-mail

SMTP

• For file transfer

FTP

• For web access

HTTP & HTTPS

Architecture

Physical

Data-Link

Network

Transport

Session

Presentation

Application

send

Physical

Data-Link

Network

Transport

Session

Presentation

Application

receive

media

SaaS

PaaS

IaaS

Open Systems Interconnection (OSI)

Cloud Adoption Strategy Aligning cloud deployment with

organizational goal 1

Impact of cloud adoption to business process

2

Understanding the improve of SLA 3

Any organization that is considering adoption of cloud services must start by identifying the type of

cloud service components it intends to take advantage of before starting plans for integration with an

existing enterprise network

Prior to adopting cloud computing services, an organization must fully understand the impact they will

have on existing business processes.

Culture & Business Changes a

Management Changes b

Testing & Readiness c


CLOUD OFFICER Cloud Officer

Necessary Skill

SaaS

Project Management Vendor Management

Data Integration & Analytical

Business & Financial Skill

Security & Compliance

PaaS & IaaS

Technical Skill

Project Management


LEGAL ISSUE OF CLOUD COMPUTING

Legal Issue of Cloud Computing

Jurisdiction of Data Location

▶ The location of the physical servers ▶ The location of the service provider’s headquarters ▶ The location of the data owner ▶ The locations the data passes through between the provider’s servers

Cloud Computing Provider

Cloud Computing Customer

Data Center

Data Center

Data Center

This issue can be mitigated by contractually obligating the service provider to keep data within appropriate geographic locations.

CompTia Cloud Essential

Cloud holds more than just rain

the end

Cloud Computing Strategy and Architecture

Technology

Transcript of Cloud Computing Strategy and Architecture