How to Integrate Your Operations Group with a Cloud-based Services Group
description
Transcript of How to Integrate Your Operations Group with a Cloud-based Services Group
How to Integrate Your Operations Group with a Cloud-based Services
Group
Session #33
November 8, 2012
1:45 – 2:45 PM
David Miller, Chief Security Officer
Covisint, a Compuware Company
MIS Training Institute Session #33 - Slide 2© COVISINT, A COMPUWARE COMPANY
MIS Training Institute Session #33 - Slide 3© COVISINT, A COMPUWARE COMPANY
Discussion Topics What kind of cloud have you chosen? Interface points
Before You Buy Governance Procurement Innovation Implementation
After You Buy Operational Integration Event\Incident Management Managing Audits
MIS Training Institute Session #33 - Slide 4© COVISINT, A COMPUWARE COMPANY
PaaS delivers application run-time infrastructures as a IDM and Portal frameworks with SLAs
Platforms & Compute
FrameworksDB Msg DNS
Services Platform
Polic
y,
Contr
ol
Platform-as-a-Service
What Kind of Cloud Have I Chosen?
SaaS delivers provider-owned application capability as a plug-in and go experience with SLAs Apps or Web Services run on the provider’s infrastructure
SaaS App Services
ISV Web Srvcs
Services
Users &BusinessProcesses
Business Applications(CRM, ERP, UC)
Software-as-a-Service
InformationTechnology
IDM Mobility
Portal
Infrastructure-as-a-Service
IaaS delivers standardized virtualized computing environments as plug-in and go experience with SLAs
Delivers connectivity to global virtualized service resources as a plug-in and go experience with SLAsOperates at Internet scale, with Ethernet flexibility and optical performance
Cloud BackboneNetwork
Communications
MIS Training Institute Session #33 - Slide 5© COVISINT, A COMPUWARE COMPANY
Public/Private or Hybrid
External
Public Cloud
SaaS Engines
Virtualized Apps
SAP cluster
Hosted UC
Virtual Desktop
Internal
Private Cloud
BO/HO
Enterprise #2
Private Cloud
Enterprise
VPN
· Hybrid· Cloud
#2
Extending Private Resources
C-VPN
#1
Enterprise
Data CentersBO/HO
Enterprise #1
Traditional IT & Public Cloud
Enterprise
VPN
SaaS
Access
Leasing Public Resources
#3
#3
#3
Virtual Private
Cloud
BO/HO
Enterprise #3
Virtual Private Cloud
Cloud Aware
Network
C-VPN
MIS Training Institute Session #33 - Slide 6© COVISINT, A COMPUWARE COMPANY
Touch Points
IT
CIO
CFO
Customer
Cloud
Service
Operational
SLA’s
Operations
Technology
ValueFinancial Measures
LegalLiability
Operational Integration
Managing Security
Event/Incident Management
After you buy
Governance
Procurement
Technology Innovation
Implementa-tion/Adoption
Before you buy
MIS Training Institute Session #33 - Slide 7© COVISINT, A COMPUWARE COMPANY
Before You Buy Manage Governance
Cloud Executive Steering Committee Establish/Manage Communities of Practice and Working Groups Create a Could Policy and Strategy Document related to Cloud
Computing activities (e.g. Security, Records Management, eDiscovery, etc.)
Establish a Cloud Audit Process
· This information is draft and has not been published, please do not disseminate
Procurement Develop contract vehicles to ease procurement
of Cloud Computing Solutions Coordinate across the organization to ensure
adoption and implementation of cloud-related procurement policies and processes
Facilitate adoption of the Cloud Computing Storefront
MIS Training Institute Session #33 - Slide 8© COVISINT, A COMPUWARE COMPANY
· This information is draft and has not been published, please do not disseminate
Before You Buy Cloud Technology Innovation
Identify common cloud services and foster standards development and security policies
Develop architectures that allow groups to more effectively implement and leverage cloud computing services
Establish, manage and coordinate Cloud Computing Developer Communities and Application Libraries
Enable the reuse, modularity and interoperability of Cloud Computing Service interfaces
Create a Cloud interface group to share new technology plans
Implementation and Adoption Implement and roll-out cloud solutions Identify Partners for pilot activities Assess and implement services Disseminate Cloud Services Operating and Business Models
MIS Training Institute Session #33 - Slide 9© COVISINT, A COMPUWARE COMPANY
After you Buy
Operational Integration Scope of Services and Resource Training Process integration Manage your costs
Event\Incident Management Process Black Box Extend your team
Managing Security Don’t forget the basics Ensure you have your audit controls covered Manage your data
MIS Training Institute Session #33 - Slide 10© COVISINT, A COMPUWARE COMPANY
Scope of Services
A successful Cloud solution requires: Clearly defined Service Description Well documented and concise Service Level Agreement Clearly defined scope of the Support Agreement
Understanding scope of your Cloud Component Where does your piece end and theirs begin? Avoiding grey areas is crucial Build a detailed RASIC and get buy in from your new partner Identify your partner team dedicated and shared and your
counter point Understand their org chart and escalation matrix
MIS Training Institute Session #33 - Slide 11© COVISINT, A COMPUWARE COMPANY
Resource Training
Resource Training goes beyond operations Educate all disciplines in your company Make sure your operational resources understand the new cloud
components Ensure your developers and business teams understand for use in
future products or solutions. Instill understanding of how Virtual Technology works
Highlight differences between cloud components and traditional physical server architecture
Key Leads and Managers should visit your new provider and tour their facilities and NOC
A day of training on operations and processes Specific examples of successful integrations with other clients
MIS Training Institute Session #33 - Slide 12© COVISINT, A COMPUWARE COMPANY
Process Integration Identify/integrate key processes that will be changing or
impacted Helpdesk
Will this be transparent to your customer or will you be leveraging a cloud based service for Level 1?
What changes for your Level1 support model?– Do their contact points change?
– Do they have access to any new tools?
– How will they escalate?
24x7\NOC This is typically your command and control and the most crucial point of
integration How will the cloud impact your process of command and control
– Notification
– Event correlation
– Tracking
Level 2 or Level 3 Support Remote access and support Deployments
MIS Training Institute Session #33 - Slide 13© COVISINT, A COMPUWARE COMPANY
Process Integration Identify/integrate key processes that will be changing or
impacted (cont.) Monitoring
Who owns monitoring for which points
– Infrastructure (CPU, Network, Memory, Disk Etc.) How will you monitor your cloud provider? Can you leverage or integrate their tools with yours? Single pane of glass?
Change Management How does this change your process internally? How do you manage your partners changes? Can you integrate your change management tools? How do you ensure their changes are managed as part of your availability commitments?
Development How does the cloud impact your SDLC? Does it impact any deployment or version control tools? How do you give developers needed access but still keep them out of production?
.* When process integration is an afterthought of Cloud outsourcing services you lose control of your ability to measure service levels end-to-end
and end up with a fragmented solution
MIS Training Institute Session #33 - Slide 14© COVISINT, A COMPUWARE COMPANY
Managing Costs Understand your Contract and Billing
Billing by items and timing One time fees, Storage, Active Inactive, etc.
Understand your Billing Every provider bills differently and the calculations are almost
always complex and confusing Review each bill ask questions and challenge anything that seems
odd or wrong
MIS Training Institute Session #33 - Slide 15© COVISINT, A COMPUWARE COMPANY
Managing Costs1. Manage the Churn
Cloud means faster and easier – but must be controlled The rules are changing monthly in the industry Business teams and developers are not the best at policing their
consumption– Watch for waste
– Track by business unit and use bill back
– Developers like sandboxes or spares
» Run utilization reports and look at usage
2. Cloud pricing comparisons: things change, and they change quite often and without much notice
3. Make sure you understand whether you are being billed for VMs that are only up and running, or all the time
MIS Training Institute Session #33 - Slide 16© COVISINT, A COMPUWARE COMPANY
Event\Incident Management
Incident Management in the cloud is simplified right? Number of integration points tolls and organizations make it more
complex Rapid growth creates frequent changes Traditional ITIL process can be applied to your new cloud solution
IncidentCMDA Known Error Database
Nth Line Support
Resolved?
Resolved
Time to Resolution
Simplified Incident Management Process
Yes
NoNoNo
YesYes
Incident Management
Service Desk
Resolved?
Resolved?
Second Line Support
Resolved?
Problem Management
First Line Support
MIS Training Institute Session #33 - Slide 17© COVISINT, A COMPUWARE COMPANY
Event\Incident Management Making incident and event management simple is not so
simple Manage it like the contents of a black box:
– Find quickest resolution to minimize impact
– More levels of integration available for escalation - means we see more impact
– Leverage your partner and integrate them as a single layer
– If you try to manage your cloud partner as an extension of your teams and replace your teams in the matrix 1 for 1 you increase the touch points and the complexity
– By establishing a single point of contact and allowing them to manage their teams within that box actually simplifies your process
MIS Training Institute Session #33 - Slide 18© COVISINT, A COMPUWARE COMPANY
Event\Incident Management Don’t blame the complexity of event\incident management
on the Cloud Stick to the basics - keep it simple
Don’t reinvent the wheel (what has worked before, will work with the cloud)
The integration points may change but the underlying principles remain the same
– Clearly defined process and escalation points
– Tool integration
Resist the urge to throw resources at a problem Poorly architected software or business processes are still just that Don’t neglect training
– Education your internal teams on how your new cloud service works is crucial
– If they don’t understand it they will tend to blame it
– Treat it like a black box in process only. Making your cloud feel like part of your solution and integrating it into your documentation and WIKI’s or run books is critical
– As far as your internal teams and groups are concerned, the cloud is just another department.
MIS Training Institute Session #33 - Slide 19© COVISINT, A COMPUWARE COMPANY
Event\Incident Management For any Event\Incident Management solution to succeed
you need to ensure the following: Integrate all cloud processes into internal processes make your
cloud provider an extension of your team Measure and control your cloud partner services as another team
in your org chart
– Hold monthly SLA reviews
– Meet regularly to review all incidents and root cause
– Give them a performance review (like you would your own direct team members)
MIS Training Institute Session #33 - Slide 20© COVISINT, A COMPUWARE COMPANY
Managing Security
Do not forget the basics for security in the cloud
No matter who manages the individual components of your solution, you still own security
The methods and types of security do not change In the cloud or out of the cloud you still need things like
Virus Protection If your new Cloud service allows your admins to control
things like firewall rules don’t break your model
MIS Training Institute Session #33 - Slide 21© COVISINT, A COMPUWARE COMPANY
Managing Security Ensure you have your audit controls covered
Moving to the Cloud doesn’t change your rating or your controls for audit certification
Identify your existing controls and determine which ones may be affected
Cloud partner should be able to provide their own evidence or certification for the components they own (SOC, SAS, ISO, HIPAA, PCI or any other audit standard)
If your vendor maintains a SOC2 Type 2 certification (Same goes for SAS or ISO, etc.) this does not release you from having to attain your own
– Your cloud partners certifications do not become your certifications
– Your cloud partners certifications compliment your certifications and quite possibly will make it a lot easier for you on future audits
MIS Training Institute Session #33 - Slide 22© COVISINT, A COMPUWARE COMPANY
Managing Security Managing your data
Ongoing Debate - Cloud solutions revolve around data Many different types of offerings and solutions Should be a secure offering you are personally
comfortable with The debate is more around policy then it is around
technology There are ways to still leverage the cloud without
compromising benefits Consider using a hybrid model Consider a private cloud- Internal or outsourced
MIS Training Institute Session #33 - Slide 23© COVISINT, A COMPUWARE COMPANY · © 2010 IBM
Corporation
· IBM Global Technology Services