IBM SmartCloud Enterprise - A Secure Infrastructure for Test and Development

IBM SmartCloud EnterpriseA Secure Infrastructure for Test and Development

Piotr PietrzakIBM Forum 2012 – EstoniaTallinn, October 9, 2012

© 2012 IBM Corporation2

IBM SmartCloud Enterprise at a glance

More at: ibm.com/cloud/solutions/enterprise

Cloud Portal: ibm.com/cloud/enterprise

Features and functions: Choice of nine virtual (Intel) server configurations Choice of operating systems:

• Linux®; Red Hat, Novell SUSE or bring your own• Windows Server® 2003 and 2008

Software image choices:• Pick a pre-configured IBM or IBM Partner image• Construct a Linux image in the cloud from software bundles using IBM and

partner tools• Import or copy an existing Linux image

Storage choices:• Persistent storage; fixed blocks up to 10TB• Object/File storage; web accessible file storage with nearly unlimited capacity

Options to dynamically add/delete multiple blocks of Virtual servers isolated in virtual private network environments.

Premium support services as a supplement to forums, with optional add-on operating system support

Choice of six sites: US (2), Canada, Germany, Japan & Singapore with massive capacity.

Payment options:• Pay-as-you-go • Reserved capacity package options.

What’s new? / 3Q2012• Increased SLA from 99.5% to 99.9%• Optional Platinum-M2 virtual machine – 32GB of RAM• Cloning of Windows domain controller instancesIBM global delivery centers

Virtual machinesand virtual storage

Management infrastructure

Private and shared VLANs

IBM unique security and authentication model

IBM firewall

Optional VPN gateway

IBM SmartCloudEnterprise

Your firewall

Your servers and personal computers (PCs)


Nine server and eight attachable persistent storage options enable you to configure systems to match a wide variety of workloads.

60

4

2

Copper

60

2

1

Copper

60+204860+102460+102460+85060+35060+35060+175Instance storage (GB)

Virtual machine (VM)Options

32-bit configurations 64-bit configurations

Bronze Silver Gold Bronze Silver Gold Platinum

Virtual CPUswith 1.25 Gigahertz

1 2 4 2 4 8 16

Virtual memory (GB) 2 4 4 4 8 16 16

• Intel architecture servers can be provisioned with Linux (Red Hat, Novell SUSE or customer provided) or Microsoft Windows Server (2003 or 2008) and your choice of middleware.

• Prices start well under 10 cents per hour* for a virtual machine, including operating system. Reserved capacity options provide pools of resources at discounted rates.

• Dynamically attach and detach up to three extra blocks of persistent (RAID protected) storage to an instance, preformatted (ext3) or raw

in eight sizes from 60 GB to 10 TB.

*US prices for 32-bit copper configuration with Windows Server or SUSE Enterprise Linux, current as of December 5, 2011. Prices subject to change.


The IBM SmartCloud Enterprise software asset catalogs provide a software store for your server configurations.

The ‘public’ catalog contains a growing list of operating system images with or without selected software and software bundles from IBM (Lotus®,WebSphere®, DB2®, Informix®, Cognos®, Tivoli®, Rational®), Alphinat, Aviarc, BeyondTrust, CohesiveFT, Corent, Grid Robotics, Kaavo, NetEnrich, OpenCrowd, Pragma Systems, Servoy, SugarCRM or Zeus. The licensing options include:

• “Pay-as-you-go” (“PAYG”), with hourly rates: You choose the desired software, accept the license terms online, and receive a monthly usage bill.

• “Bring your own license” (“BYOL”): You own or buy a software license and can use the prebuilt image in the catalog.

Your ‘private’ and ‘community’ catalogs provide a place for you to store and manage customized copies of public images and images you build in the cloud or import.


You can have your server environment running in minutes and pay for it only as long as you need it.

The self-service portal, designed for ease of use, guides you through setting up what you need and triggers the automated provisioning of your servers.

Step 1

Click and choose the software you need

Step 2 Step 3

Choose the hardware and usage configuration

Application provisioned and ready to run


IBM SmartCloud Enterprise can help you gain savings, quality improvements and speed to market.

Cloud computing from IBM can help you:

• Reduce IT labor cost by over 50 percent1—reduce the cost and time to provision a software environment with reduced labor for configuration and without installation costs

• Virtually eliminate capital expense and realize significant software license savings through more rapid access to elastic server capacity

• Reduce provisioning cycle times from weeks to minutes—for faster time to market and more time for innovation

• Improve quality—eliminate over 30 percent1 of all defects that come from faulty configurations; standard configurations help reduce risk and deliver higher service quality

• Enable more effective development—preconfigured integrated IBM Rational® developer group tools and best practices

• Improve governance and reduce risk of large server deployments

1Based on results from IBM’s Technology Adoption Program. Your results may vary, and client-specific results can only be ascertained after a return on investment analysis.


When considering a new technology such as cloud, there are always challenges and dependencies that need to be addressed.

We know that:

It is located at X

It is stored in server Y

We have backups in place

Our administrators control access

Our uptime is sufficient

The auditors are happy

Our security team is engaged

Who ensures security?

Where is it located?

Where is it stored?

Who backs it up?

Who has access?

How resilient is it?

How do auditors observe?

How does our securityteam engage?

Technical concerns:

Extended network security

Isolation failure

Insecure or incomplete data deletion

Additional software layers

Today’s data center Tomorrow’s cloud environment

????

??

??

??

??


IBM Security Solutions to address the challenges of cloud computingHelping clients begin their journey to the cloud with relevant security expertise

Compliance ownershipCross border constraintse-discovery processAccess to logs and audit trailsMerging patch, change, and configuration

management policies

Compliance ownershipCross border constraintse-discovery processAccess to logs and audit trailsMerging patch, change, and configuration

management policies

GRCGRCGRCGRC

Rapid provisioning/de-provisioning of usersFederated identity management

Rapid provisioning/de-provisioning of usersFederated identity management

Data segregation Intellectual property protectionData preservation and investigation

Data segregation Intellectual property protectionData preservation and investigation

Multi-tenancy and shared imagesMulti-tenancy and shared images

Virtualized environments Open public access

Virtualized environments Open public access

Physical data center security and resiliencyPhysical data center security and resiliency


Customers require visibility into the security posture of their cloud.

Establish 3rd-party audits (SAS 70, ISO27001, PCI)

Provide access to tenant-specific log and audit data

Create effective incident reporting for tenants

Visibility into change, incident, image management, etc.

Support for forensics and e-Discovery

Implement a governance and audit management program

Security governance, risk management and complianceSecurity governance, risk management and compliance

Supporting IBM Products, Services and Solutions

IBM Security Framework

IBM Cloud Security Guidance Document

IBM Security Products and Services

IBM Managed Security Services - hosted security event and log managementCloud-based security servicesA cloud-based security service designed to provide security incident and event management (SIEM) functionality at a lower cost.

IBM Professional Security Services – cloud security consulting Services – cloud security strategy roadmapAssessing security to create a roadmap to reduced riskA comprehensive evaluation of an organization's existing security policies, procedures, controls and mechanisms.

Enhanced


Customers require proper authentication of cloud users.

Implement strong identity and access management





IBM Tivoli Federated Identity Manager

Securely manage cloud identitiesEmploy user-centric federated identity

management to increase customer satisfaction and collaboration

People and IdentityPeople and Identity

IBM Tivoli Security Information and Event Manager

Optimize security & compliance efforts

Monitor user activity for accidental or malicious activity that could put information at risk

Privileged user monitoring, including logging activities, physical monitoring and background checkingUtilize federated identity to coordinate authentication and authorization with enterprise or third party systemsA standards-based, single sign-on capability can help simplify user logons for both internally hosted applications and the cloud.

Privileged user monitoring, including logging activities, physical monitoring and background checkingUtilize federated identity to coordinate authentication and authorization with enterprise or third party systemsA standards-based, single sign-on capability can help simplify user logons for both internally hosted applications and the cloud.


Customers cite data protection as their most important concern.

Use a secure network protocol when connecting to a secure information store.

Implement a firewall to isolate confidential information, and ensure that all confidential information is stored behind the firewall.

Sensitive information not essential to the business should be securely destroyed.

Ensure confidential data protection





Data and InformationData and Information

IBM Information Protection Services – managed backup cloudFlexible, automated backup and recovery managed serviceLocated onsite or offsite using public and/or private cloud technology

EnhancedIBM Data Security ServicesProtect data and enable business

innovationSolutions for network data loss

prevention, endpoint encryption, endpoint data loss prevention, and log analysis


Customers require secure cloud applications and provider processes.

Implement a program for application and image provisioning.

A secure application testing program should be implemented.

Ensure all changes to virtual images and applications are logged.

Develop all Web based applications using secure coding guidelines.

Establish application and environment provisioning





IBM WebSphere DataPower Secure Hybrid Cloud Connector

IBM WebSphere DataPower Cast Iron Appliance XH35

Leverages standard protocols to provide multiple layers of connection security for private, public or hybrid clouds.

Application and ProcessApplication and Process

IBM Application Security Services for Cloud

Security assessment services for cloud applications

Identify and eliminate security and privacy risks associated with your cloud applications.

Enhanced


Customers expect a secure cloud operating environment.

.

Isolation between tenant domains

Trusted virtual domains: policy-based security zones

Built-in intrusion detection and prevention

Vulnerability Management

Protect machine images from corruption and abuse

Maintain environment testing and vulnerability/intrusion management





Network, Server and End PointNetwork, Server and End Point

IBM Professional Security Services – cloud security consulting – cloud security assessment

Provide cloud providers with an assessment of their security controls

Leverage international standards and best practices to provide public or private cloud providers

Managed Security Services – hosted vulnerability management

Identify vulnerabilities and manage risk to reduce cost

Cloud-based security service to identify vulnerabilities across network devices, servers, databases and web applications

Enhanced


Customers expect cloud data centers to be physically secure.

.

Ensure the facility has appropriate controls to monitor access.

Prevent unauthorized entrance to critical areas within facilities.

Ensure that all employees with direct access to systems have full background checks.

Provide adequate protection against natural disasters.

Implement a physical environment security plan





IBM Physical Security ServicesDefend and help secure physical environments A full suite of digital security solutions and site assessments that can be

integrated with your network and IT systems

Physical SecurityPhysical Security


IBM SmartCloud Enterprise is designed to address key client concerns of control, reliability, and security

Control. Web-based portal allows authorized users to log on at any time and monitor, manage and control their virtual environments. Administrator and user roles offer enterprise-level control of cloud assets and spending, including full usage detail downloads. Built-in APIs allow you to customize and automatically control your cloud server capacity.

Reliability. Around-the-clock monitoring and management of the IBM SmartCloud infrastructure with a service level agreement. Features like ‘anti-collocation’ and ‘virtual IP addressing’ help enable you to build resiliency into your cloud server environments. Backup and recovery and monitoring services are available separately.

Security. Built into the solution, ranging from tight physical security of the IBM SmartCloud delivery centers to IPS and vulnerability scanning of the IBM SmartCloud infrastructure. Optional security options such as virtual private networking can help you extend your existing security disciplines to the cloud.


Why choose IBM to realize cloud computing value?

• IBM has one of the broadest bases of cloud solutions in the market and is a thought leader in cloud standards, optimization and integration.

• Our public cloud services offer flexible, enterprise-oriented delivery models to help enable enterprises to more securely partition their environment, virtual and dedicated.

• IBM is world-leading in middleware, development and testing tools

• We have expertise and best practices gained from years of experience managing and operating security-rich enterprise data centers around the world.


Thank you for your time today.Questions?:

Next Steps:• Request IBM SmartCloud Enterprise trial

from your IBM sales representatives• Identify candidate cloud workloads• Ask your IBM sales representative for a

SmartCloud Enterprise workload migration workshop

For more information:ibm.com/smartcloud/solutions/enterprise

Contact:[email protected] http://twitter.com/piotrpietrzak

IBM SmartCloud Enterprise - A Secure Infrastructure for Test and Development

Technology

Transcript of IBM SmartCloud Enterprise - A Secure Infrastructure for Test and Development