Journey to the Private Cloud Key Enabling Technologies

111© 20010 EMC Corporation. All rights reserved.

Journey to the Private Cloud

Key Enabling Technologies

Jeffrey NickChief Technology OfficerSenior Vice PresidentEMC Corporation

June 2010


The current I/T state:

• Infrastructure sprawl• Information explosion• Identity access complexity• Increasing threats• Increasing regulation• Spiraling costs vs. reduced budgets


On-demand

Pay for Use

Seamless

Economies of Scale

Trusted

Controlled

Reliable

Secure

Desired State:

VirtualizedData Center

CloudComputing

External CloudInternal CloudInfrastructure

Information

Identity


Cloud Computing – Service Provider Priorities

Ensure Confidentiality, Integrity, and Availability in a Multi-Tenant environment.

Effectively meet the advertised SLA, while optimizing cloud resource utilization.

Offer Tenants capabilities for self-service, and achieve scale through automation and simplification.


Cloud Computing – Tenant Priorities

Reduce costs, while maintaining or improving SLA.

Maintain an appropriate level of Trust, Visibility, and Control for applications and/or services deployed to Cloud.

Meet all applicable Governance, Risk and Compliance requirements.

For example, organizations are required by law to demonstrate Business Continuity Compliance….


External Cloud

Virtualized Data Center

Internal Cloud

CloudComputing

PrivateCloud

Security

Information

Identity

Policy-based Management

Desired State: Private Cloud

Infrastructure

Virtualization

Private Cloud requires key enabling technologies Private Cloud requires key enabling technologies

Integration

Insulation

Seamless

Control


CPU Pool

Storage Pool

StoragePool

Oracle CRMSAP ERP

File/Print

Virtualization: Provides I/T LiquidityInsulates applications from physical infrastructure

Lower IT Costs– Better Utilization– Less Complexity

Quality of Service– Non-disruptive application migration– Fault tolerance– Container-based management

Exchange

Virtualization

Virtualization

Virtualization

Virtualization

Virtual Infrastructure


Today most security, resource management and information management is enforced by the OS and application stack

– OS / application-based security – Application specific management and visibility– Application centric information

All are complex, expensive and brittle, if not impossible to implement

As virtual container levels evolve, We can surpass the levels of management possible in today’s physical infrastructures

Virtual Containers create the opportunity to simplify and optimize IT management

by pushing security, information and resource management to the virtual container domains

Simplified, unified managementRegardless of OS (Windows/Unix), patch levels

Physical infrastructure

APP

OS

APP

OS

APP

OS

APP

OS

vApp and VM layer

Virtual and cloudinfrastructure

Virtual and cloudinfrastructure


VMware vShield Zones and RSA DLP: Building a Content-Aware Trusted Zone

OverviewVMware vShield Zones provides isolation between groups of VMs in the virtual infrastructure

RSA deploys Data Linkage Prevention (DLP) as a virtual application monitoring data traversing virtual networks

Uses centrally managed policies and enforcement controls to prevent data loss in the virtual datacenter

Customer Benefits

Pervasive protection

Persistent protection

Improved scalabilityPhysical Infrastructure

VMware VSphere

VMware vShield zones

DLP DLP DLP DLP

APP

OS

APP

OS

APP

OS

APP

OS

APP

OS

APP

OS

APP

OS

APP

OS



Physical Infrastructure

Private Cloud Trusted Zones:Key Capabilities

Tenant #2

APP

OS

APP

OS



Cloud Provider

APP

OS

APP

OS


Tenant #1

Insulate information from cloud providers’ employees

Insulate information from other

tenants

Insulate infrastructure from Malware, Trojans

and cybercriminals

Segregate and control user

access

Control and isolate VM(s) in the virtual infrastructure

Federate identities with public clouds

Identity federation

Virtual network security

Access Mgmt

Cybercrime intelligence

Strong authentication

Data loss prevention

Encryption & key mgmt

Tokenization

Enable end to end view of security events and compliance across infrastructures

Security Info. & Event Mgmt GRC

Anti-malware


How can we flexibly share resources across the Private Cloud…

Across data center infrastructure boundaries

Across federated service provider boundaries

Flexible infrastructure across the Private Cloud

(Virtual) DataCenter

Organization A

Cloud Applications

VPN

Cloud Compute

Service

Provider


External Cloud


Internal Cloud

CloudComputing

PrivateCloud

Security

Information

Identity


Infrastructure

Virtualization

Private Cloud requires key enabling technologiesPrivate Cloud requires key enabling technologies

IntegrationSeamless


Distributed MirroringActive-Active Access A A

Aggregation of Storage devices Volume management

Remote ExportDiskless access to non-local storage

AA

Array Failure ProtectionLocal mirroring

Site ASite A Site BSite B

V-Plex MetroPlexV-Plex Cluster V-Plex Cluster

FC

Heterogeneous Geographically Distributed Storage Non Disruptive Data Mobility

Inter-array migrations

Storage Virtualization: introducing EMC vPlex


vPlex evolution

Data Center

Synchronous

Asynchronous

Anywhere

VPLEXVPLEXLocalLocal

VPLEXVPLEXMetroMetro

VPLEXVPLEXGeoGeo

VPLEXVPLEXGlobalGlobal

Access Anywhere


Network Virtualization:Seamless Layer 2 VLAN integration

Enable VM mobility without IP address changes or connection drops– Virtual Machines can escape IP address block “prisons”

Extend layer 2 VLANs over arbitrary network connectivity

Seamless add/ drop of edge nodes w/o need to reconfigure other edge notes

Core

IP A IP B

IP C

West East

South


Move virtual machines from one physical server to another - while running

Eliminate downtime and provide continuous service Shift underlying hardware resources dynamically Balance workloads across the data center to optimize computing resources

Vmware VMotion


Data Center Elasticity across physical boundaries

Standalone

Application

Application

Application

Application

Standalone Consolidation

Application

Application

Application

Application

Pools of Cooperation

Application

Application

ApplicationApplication

Pools of Cooperation

Federation

Consolidation

FAST

Application

Data

ApplicationData

Application

Data

ApplicationData

Enables privatecloud computing


But how can we deliver a business relevant SLA… with Customer-controlled app deployment, resource allocation and management

With visible compliance to both committed SLA and Regulatory controls???…

Across data center infrastructure boundaries

Across federated service provider boundaries

Service Management across the Private Cloud


Organization A

Cloud Applications

VPN

Cloud Compute

Service

Provider


External Cloud


Internal Cloud

CloudComputing

PrivateCloud

Security

Information

Identity


Infrastructure

Virtualization

Private Cloud requires key enabling technologiesPrivate Cloud requires key enabling technologies

Integration

Policy-based ManagementControl


A logical IT service provided as a collection of VMs– Application and any supporting infrastructure VMs (Virtual Appliances)– Network connections between these

Managed as a unit, not as independent components– One-click provision, power-on, snapshot, backup – The right view for managing & achieving SLAs

E-commercevApps

A New Model for Describing and Deploying ApplicationsVirtual Applications: vAPP

IISIIS OracleOracleTomcatApp Server

TomcatApp Server


Policy Travels with VMs and vApps

Open Virtual Framework (OVF) includes instructions for the infrastructure

Policy is described and attached to the Virtual Application

Policy-based management is maintained across VM deployments and Vmotions

PolicyName: eCommerce

1. Only port 80 is used2. 100 ms web response

3. VRM: Encrypt w/ SHA-14. DR RPO: 0 minutes

5. Continuity Compliance6. Scalable WebServer7. AppServer Security


Definition: Subscription to and usage of Cloud Services that are delivered over a virtual private network, where a private instance of the service is based on a common virtual infrastructure model, and wherein an integrated SLA with business relevant metrics is offered

Cloud Services – [Virtual] Private Clouds


Organization A

Cloud Applications

VPN

Cloud ComputeExtra CapacityService

Provider

The contract is with the virtual environment The contract is with the virtual environment


VM’s

Seamless Private Cloud Service Delivery

Backup

Primary Datacenter

Monitoring

Secondary Datacenter / Service ProviderSecondary Datacenter / Service Provider

Virtual Datacenter OSVirtual Datacenter OS


Data Protection-as-a-ServiceBusiness Continuity Compliance PoC

Data Protection

Advisor

Backup Clients

Replication

VirtualEnvironments

DeDupeVTL

Monitoring

Alerting

Troubleshooting

Optimization

Capacity Planning

Reporting

Customer A

Customer B

Customer C

Customers See Data Protection

Status And Cost

Service ProvidersOne Solution Across All Customers

For SLA Management

NASSAN

Business Apps


Monitoring and Managing Policy Compliance

25

Across virtual, physical, internal and external infrastructures

Tenant #2

APP

OS

APP

OS



Cloud Provider

APP

OS

APP

OS


Tenant #1

EMCDPA

VMwarevCenter

Virtual infrastructure management

GRC

Compliance Dashboard:End-to-end compliance

reporting

data recovery management for physical and virtual

infrastructures

BCC

End-to-end business continuity SLA

correlation / analysis


Management & Monitoring ElasticityFor the Virtual Private Cloud:


The Journey to Private Clouds

[Virtual] Private clouds will transform how we think about IT– As a service

The impact to businesses will be considerable– Exploit new economics with confidence

Clear and logical pathway– Preserving existing investment in applications, infrastructure and

information– Ensuring preservation of security, privacy, and control – Compliance to SLA and Regulatory policies

Journey to the Private Cloud Key Enabling Technologies

Documents

Transcript of Journey to the Private Cloud Key Enabling Technologies