Titul, Meno Priezvisko TechNet Europe 2011 Private Cloud in the Defence Sector Implementation and...
-
Upload
aniyah-bristow -
Category
Documents
-
view
213 -
download
0
Transcript of Titul, Meno Priezvisko TechNet Europe 2011 Private Cloud in the Defence Sector Implementation and...
Titul, Meno Priezvisko
TechNet Europe 2011
Private Cloud in the Defence SectorImplementation and Adoption
May 26, 2011Peter Dostál, [email protected]
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
Who we are
Certificates:
• Privately held technology company• HQ & Production in Bratislava, R&D in Liptovský Mikuláš & Bratislava• Extended experience with Defence Sector & Home Land Security
• Quality Assurance: ISO 9001 and AQAP 2110 • Information Security Management System: ISO 27001 • Environmental Management System: ISO 14001 • Security: NATO, EU and National SECRET
What we do: Special Systems Division
COMTANET ® Tactical Deployable ICT Systems
COMTAG ®Mobile Communication Systems
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
What we do: ICT Systems Division
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
ICT STRATEGY
SECURITYMANAGEMENT
NETWORKS SERVERSSTORAGE
OPERATING SYSTEMS & FIRMWARE
SOFTWARE & APPLICATIONS
BCP/DRP
• Design, B&I and Support of:– HA Datacenters & Cloud Computing– ICT infrastructure– Security – BCP/DRP
Private (Internal) Cloud Our experience with implementation
in the Defence Sector
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
CIEĽ PREZENTÁCIE
• Is Cloud Computing the right solution for the defence sector?
• What is Cloud Computing and what are the benefits?
• What are the limitations?
• Where and how to start?
• What we have learned?
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
Before we have started
• Individual IS were running on dedicated resources at different locations managed by dedicated staff
• Most of the HW was obsolete and lacked redundancy• HW resources were underutilized• Guaranteed SLA wasn’t an option• Lack of ICT standards led to extensive demand on human resources and their
skillset
Business challenge
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
?
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
Business solution
Service oriented ICT & SLA
Shared and better utilized resources
PRIVATE CLOUD
ICT standards
Scaled resources on demand
Where to start?
ROI for O
wner
ROI for O
wner
Valu
e Vi
sibi
lity
for E
nd U
sers
Valu
e Vi
sibi
lity
for E
nd U
sers
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
Service oriented ICT & SLA
• Define required services– Limit the scope– Build a service catalogue & provisioning processes– Typical services would be: a small HA server at presentation layer or 20 GB of FC
storage
• Define SLA for individual services– Availability– Capacity– Scalability– Etc.
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
ICT standards
• Select the technology for individual components– Limit the scope
• The built solution has to provide– A platform to meet the SLA: Availability, Capacity, …– Option to scale now and in the future– Required level of automation– Self-healing option– Option to be maintained while in the production
• Built the infrastructure with no single point of failure (N+1) – Efficient solution resilient to HW or SW failures
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
Scale resources on demand
• Disjoin the physical and logical topology– To scale up, simply add more physical resources with no disruption of production
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
Share and better utilize resources
• Share & virtualize all physical resources: servers, switches, routers, firewalls, storage etc.
• Provide server virtualization with booting from SAN and shared storage• Build a secure logical multi-tiered topology
– By firewalls separated horizontal tiers for presentation, application, DB layers as well as for the Internet DMZ, management and backup layers
– Individual systems are separated from each other vertically via PVLANs on each horizontal layer
– Traffic from and to each cell is controlled on the firewalls/IPS, routed through routers and monitored through IDS/IPS systems
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
Roadmap
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
What has been completed? 1/2
• A datacenter with facility services:– Physical security– HVAC– Redundant and autonomous Power Supply and Distribution– Rack systems– Cabling and cable management– Facility Management
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
What has been completed? 2/2
• ICT infrastructure– WAN connectivity – LAN and SAN infrastructure (switches, routers, loadbalancers, content
management etc.)– Security (firewalls, IDS, IPS, encryption devices, SSL accelerators etc.)– Servers (physical and virtual)– Management
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
Technology: Networks, Security & Servers
• LAN– Nexus 7000 & Nexus 1000V– FCoE
• SAN (EMC / Cisco)– MDS Director 9500
• Security– ASA Firewalls– IDS/IPS
• Servers– Server Blade Technology: UCS (Unified Computing System)– UCS Fabric Interconnect 6100
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
Technology: Storage, Backup, Archive
• Storage– Symetrix Enterprise Storage– Server booting from SAN – FC & SATA Disks
• Backup– Data Domain – VTL – Advanced deduplication
• Archive– Centera– DiskXtender
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
Technology: Server virtualization
• Server virtualization– vSphere– Share HW resources
• Fault tolerance – vMotion– Seamless failover
• Distributed Resource Scheduling– Distributed Power Management– Thin provisioning
• Management – vCenter
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
Challenges• To convince different stakeholders (decision makers, users) of
necessity to implement the Cloud– Higher CAPEX investment– Limited ICT services provided– Limited portfolio of technologies– Potential security concerns
• To fulfill Special Security Requirements (NATO, EU and National legislation)
• Protection of existing investments
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
Lessons learned• Don’t try to do all in one step
– The large projects never end– Limit the scope and deliver– Get approval for the next step
• Manage expectations– Decision makers– End user community
• Be prepared for extensive post implementation support– Train and educate the OPS staff
• Hold the ground and stick with the new standards– Some exceptions are required, but …
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
Is a Cloud always the right solution?
• Restrictions in legislation and policies– NATO– EU – National– Internal
• But…some services could be shared (think about that when you design your system)
– Power supply and distribution?– HVAC?– A portion of physical security? – Other facility and/or ICT services?
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011
What is next?
• To complete migration of information systems into the Cloud• To further extend PaaS• To provide SaaS• To provide Virtual Desktop Infrastructure• To build a redundant DC at a different location
Thanks for your attention!
Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011