IBM SmartCloud Enterprise - A Secure Infrastructure for Test and Development
-
Upload
piotr-pietrzak -
Category
Technology
-
view
893 -
download
0
description
Transcript of IBM SmartCloud Enterprise - A Secure Infrastructure for Test and Development
IBM SmartCloud EnterpriseA Secure Infrastructure for Test and Development
Piotr PietrzakIBM Forum 2012 – EstoniaTallinn, October 9, 2012
© 2012 IBM Corporation2
IBM SmartCloud Enterprise at a glance
More at: ibm.com/cloud/solutions/enterprise
Cloud Portal: ibm.com/cloud/enterprise
Features and functions: Choice of nine virtual (Intel) server configurations Choice of operating systems:
• Linux®; Red Hat, Novell SUSE or bring your own• Windows Server® 2003 and 2008
Software image choices:• Pick a pre-configured IBM or IBM Partner image• Construct a Linux image in the cloud from software bundles using IBM and
partner tools• Import or copy an existing Linux image
Storage choices:• Persistent storage; fixed blocks up to 10TB• Object/File storage; web accessible file storage with nearly unlimited capacity
Options to dynamically add/delete multiple blocks of Virtual servers isolated in virtual private network environments.
Premium support services as a supplement to forums, with optional add-on operating system support
Choice of six sites: US (2), Canada, Germany, Japan & Singapore with massive capacity.
Payment options:• Pay-as-you-go • Reserved capacity package options.
What’s new? / 3Q2012• Increased SLA from 99.5% to 99.9%• Optional Platinum-M2 virtual machine – 32GB of RAM• Cloning of Windows domain controller instancesIBM global delivery centers
Virtual machinesand virtual storage
Management infrastructure
Private and shared VLANs
IBM unique security and authentication model
IBM firewall
Optional VPN gateway
IBM SmartCloudEnterprise
Your firewall
Your servers and personal computers (PCs)
© 2012 IBM Corporation3
Nine server and eight attachable persistent storage options enable you to configure systems to match a wide variety of workloads.
60
4
2
Copper
60
2
1
Copper
60+204860+102460+102460+85060+35060+35060+175Instance storage (GB)
Virtual machine (VM)Options
32-bit configurations 64-bit configurations
Bronze Silver Gold Bronze Silver Gold Platinum
Virtual CPUswith 1.25 Gigahertz
1 2 4 2 4 8 16
Virtual memory (GB) 2 4 4 4 8 16 16
• Intel architecture servers can be provisioned with Linux (Red Hat, Novell SUSE or customer provided) or Microsoft Windows Server (2003 or 2008) and your choice of middleware.
• Prices start well under 10 cents per hour* for a virtual machine, including operating system. Reserved capacity options provide pools of resources at discounted rates.
• Dynamically attach and detach up to three extra blocks of persistent (RAID protected) storage to an instance, preformatted (ext3) or raw
in eight sizes from 60 GB to 10 TB.
*US prices for 32-bit copper configuration with Windows Server or SUSE Enterprise Linux, current as of December 5, 2011. Prices subject to change.
© 2012 IBM Corporation4
The IBM SmartCloud Enterprise software asset catalogs provide a software store for your server configurations.
The ‘public’ catalog contains a growing list of operating system images with or without selected software and software bundles from IBM (Lotus®,WebSphere®, DB2®, Informix®, Cognos®, Tivoli®, Rational®), Alphinat, Aviarc, BeyondTrust, CohesiveFT, Corent, Grid Robotics, Kaavo, NetEnrich, OpenCrowd, Pragma Systems, Servoy, SugarCRM or Zeus. The licensing options include:
• “Pay-as-you-go” (“PAYG”), with hourly rates: You choose the desired software, accept the license terms online, and receive a monthly usage bill.
• “Bring your own license” (“BYOL”): You own or buy a software license and can use the prebuilt image in the catalog.
Your ‘private’ and ‘community’ catalogs provide a place for you to store and manage customized copies of public images and images you build in the cloud or import.
© 2012 IBM Corporation5
You can have your server environment running in minutes and pay for it only as long as you need it.
The self-service portal, designed for ease of use, guides you through setting up what you need and triggers the automated provisioning of your servers.
Step 1
Click and choose the software you need
Step 2 Step 3
Choose the hardware and usage configuration
Application provisioned and ready to run
© 2012 IBM Corporation6
IBM SmartCloud Enterprise can help you gain savings, quality improvements and speed to market.
Cloud computing from IBM can help you:
• Reduce IT labor cost by over 50 percent1—reduce the cost and time to provision a software environment with reduced labor for configuration and without installation costs
• Virtually eliminate capital expense and realize significant software license savings through more rapid access to elastic server capacity
• Reduce provisioning cycle times from weeks to minutes—for faster time to market and more time for innovation
• Improve quality—eliminate over 30 percent1 of all defects that come from faulty configurations; standard configurations help reduce risk and deliver higher service quality
• Enable more effective development—preconfigured integrated IBM Rational® developer group tools and best practices
• Improve governance and reduce risk of large server deployments
1Based on results from IBM’s Technology Adoption Program. Your results may vary, and client-specific results can only be ascertained after a return on investment analysis.
© 2012 IBM Corporation7
When considering a new technology such as cloud, there are always challenges and dependencies that need to be addressed.
We know that:
It is located at X
It is stored in server Y
We have backups in place
Our administrators control access
Our uptime is sufficient
The auditors are happy
Our security team is engaged
Who ensures security?
Where is it located?
Where is it stored?
Who backs it up?
Who has access?
How resilient is it?
How do auditors observe?
How does our securityteam engage?
Technical concerns:
Extended network security
Isolation failure
Insecure or incomplete data deletion
Additional software layers
Today’s data center Tomorrow’s cloud environment
????
??
??
??
??
© 2012 IBM Corporation8
IBM Security Solutions to address the challenges of cloud computingHelping clients begin their journey to the cloud with relevant security expertise
Compliance ownershipCross border constraintse-discovery processAccess to logs and audit trailsMerging patch, change, and configuration
management policies
Compliance ownershipCross border constraintse-discovery processAccess to logs and audit trailsMerging patch, change, and configuration
management policies
GRCGRCGRCGRC
Rapid provisioning/de-provisioning of usersFederated identity management
Rapid provisioning/de-provisioning of usersFederated identity management
Data segregation Intellectual property protectionData preservation and investigation
Data segregation Intellectual property protectionData preservation and investigation
Multi-tenancy and shared imagesMulti-tenancy and shared images
Virtualized environments Open public access
Virtualized environments Open public access
Physical data center security and resiliencyPhysical data center security and resiliency
© 2012 IBM Corporation9
Customers require visibility into the security posture of their cloud.
Establish 3rd-party audits (SAS 70, ISO27001, PCI)
Provide access to tenant-specific log and audit data
Create effective incident reporting for tenants
Visibility into change, incident, image management, etc.
Support for forensics and e-Discovery
Implement a governance and audit management program
Security governance, risk management and complianceSecurity governance, risk management and compliance
Supporting IBM Products, Services and Solutions
IBM Security Framework
IBM Cloud Security Guidance Document
IBM Security Products and Services
IBM Managed Security Services - hosted security event and log managementCloud-based security servicesA cloud-based security service designed to provide security incident and event management (SIEM) functionality at a lower cost.
IBM Professional Security Services – cloud security consulting Services – cloud security strategy roadmapAssessing security to create a roadmap to reduced riskA comprehensive evaluation of an organization's existing security policies, procedures, controls and mechanisms.
Enhanced
© 2012 IBM Corporation10
Customers require proper authentication of cloud users.
Implement strong identity and access management
Supporting IBM Products, Services and Solutions
IBM Security Framework
IBM Cloud Security Guidance Document
IBM Security Products and Services
IBM Tivoli Federated Identity Manager
Securely manage cloud identitiesEmploy user-centric federated identity
management to increase customer satisfaction and collaboration
People and IdentityPeople and Identity
IBM Tivoli Security Information and Event Manager
Optimize security & compliance efforts
Monitor user activity for accidental or malicious activity that could put information at risk
Privileged user monitoring, including logging activities, physical monitoring and background checkingUtilize federated identity to coordinate authentication and authorization with enterprise or third party systemsA standards-based, single sign-on capability can help simplify user logons for both internally hosted applications and the cloud.
Privileged user monitoring, including logging activities, physical monitoring and background checkingUtilize federated identity to coordinate authentication and authorization with enterprise or third party systemsA standards-based, single sign-on capability can help simplify user logons for both internally hosted applications and the cloud.
© 2012 IBM Corporation11
Customers cite data protection as their most important concern.
Use a secure network protocol when connecting to a secure information store.
Implement a firewall to isolate confidential information, and ensure that all confidential information is stored behind the firewall.
Sensitive information not essential to the business should be securely destroyed.
Ensure confidential data protection
Supporting IBM Products, Services and Solutions
IBM Security Framework
IBM Cloud Security Guidance Document
IBM Security Products and Services
Data and InformationData and Information
IBM Information Protection Services – managed backup cloudFlexible, automated backup and recovery managed serviceLocated onsite or offsite using public and/or private cloud technology
EnhancedIBM Data Security ServicesProtect data and enable business
innovationSolutions for network data loss
prevention, endpoint encryption, endpoint data loss prevention, and log analysis
© 2012 IBM Corporation12
Customers require secure cloud applications and provider processes.
Implement a program for application and image provisioning.
A secure application testing program should be implemented.
Ensure all changes to virtual images and applications are logged.
Develop all Web based applications using secure coding guidelines.
Establish application and environment provisioning
Supporting IBM Products, Services and Solutions
IBM Security Framework
IBM Cloud Security Guidance Document
IBM Security Products and Services
IBM WebSphere DataPower Secure Hybrid Cloud Connector
IBM WebSphere DataPower Cast Iron Appliance XH35
Leverages standard protocols to provide multiple layers of connection security for private, public or hybrid clouds.
Application and ProcessApplication and Process
IBM Application Security Services for Cloud
Security assessment services for cloud applications
Identify and eliminate security and privacy risks associated with your cloud applications.
Enhanced
© 2012 IBM Corporation13
Customers expect a secure cloud operating environment.
.
Isolation between tenant domains
Trusted virtual domains: policy-based security zones
Built-in intrusion detection and prevention
Vulnerability Management
Protect machine images from corruption and abuse
Maintain environment testing and vulnerability/intrusion management
Supporting IBM Products, Services and Solutions
IBM Security Framework
IBM Cloud Security Guidance Document
IBM Security Products and Services
Network, Server and End PointNetwork, Server and End Point
IBM Professional Security Services – cloud security consulting – cloud security assessment
Provide cloud providers with an assessment of their security controls
Leverage international standards and best practices to provide public or private cloud providers
Managed Security Services – hosted vulnerability management
Identify vulnerabilities and manage risk to reduce cost
Cloud-based security service to identify vulnerabilities across network devices, servers, databases and web applications
Enhanced
© 2012 IBM Corporation14
Customers expect cloud data centers to be physically secure.
.
Ensure the facility has appropriate controls to monitor access.
Prevent unauthorized entrance to critical areas within facilities.
Ensure that all employees with direct access to systems have full background checks.
Provide adequate protection against natural disasters.
Implement a physical environment security plan
Supporting IBM Products, Services and Solutions
IBM Security Framework
IBM Cloud Security Guidance Document
IBM Security Products and Services
IBM Physical Security ServicesDefend and help secure physical environments A full suite of digital security solutions and site assessments that can be
integrated with your network and IT systems
Physical SecurityPhysical Security
© 2012 IBM Corporation15
IBM SmartCloud Enterprise is designed to address key client concerns of control, reliability, and security
Control. Web-based portal allows authorized users to log on at any time and monitor, manage and control their virtual environments. Administrator and user roles offer enterprise-level control of cloud assets and spending, including full usage detail downloads. Built-in APIs allow you to customize and automatically control your cloud server capacity.
Reliability. Around-the-clock monitoring and management of the IBM SmartCloud infrastructure with a service level agreement. Features like ‘anti-collocation’ and ‘virtual IP addressing’ help enable you to build resiliency into your cloud server environments. Backup and recovery and monitoring services are available separately.
Security. Built into the solution, ranging from tight physical security of the IBM SmartCloud delivery centers to IPS and vulnerability scanning of the IBM SmartCloud infrastructure. Optional security options such as virtual private networking can help you extend your existing security disciplines to the cloud.
© 2012 IBM Corporation16
Why choose IBM to realize cloud computing value?
• IBM has one of the broadest bases of cloud solutions in the market and is a thought leader in cloud standards, optimization and integration.
• Our public cloud services offer flexible, enterprise-oriented delivery models to help enable enterprises to more securely partition their environment, virtual and dedicated.
• IBM is world-leading in middleware, development and testing tools
• We have expertise and best practices gained from years of experience managing and operating security-rich enterprise data centers around the world.
© 2012 IBM Corporation17
Thank you for your time today.Questions?:
Next Steps:• Request IBM SmartCloud Enterprise trial
from your IBM sales representatives• Identify candidate cloud workloads• Ask your IBM sales representative for a
SmartCloud Enterprise workload migration workshop
For more information:ibm.com/smartcloud/solutions/enterprise
Contact:[email protected] http://twitter.com/piotrpietrzak