Você está na página 1de 19

Improving Security

in the Cloud by
Using Virtual Silos
Dale Wickizer,
CTO, U. S. Public Sector
NASA IT Summit 2010
National Harbor, MD
August 16-18, 2010

Maintaining a Proper Perspective

2010 NetApp. All rights reserved.

Maintaining a Proper Perspective

Server Virtualization

Network Virtualization

Storage Virtualization
2010 NetApp. All rights reserved.

Federal IT Being Asked to Transform


FY2012 Budget Guidance
Project Management
Identify and re-scope high-risk projects

IT Infrastructure
Execute FY2010 data center consolidation
plans
Adopt cloud computing if best value at
acceptable risk

Cyber Security
Fund tools for continuous monitoring of
agency IT systems
Vivek Kundra, U.S. CIO, http://cio.gov/pages.cfm/page/closing-the-it-gap
2010 NetApp. All rights reserved.

Cloud Computing? What Is It?


Its cloud illusions I recall. I really dont know clouds at
all.
--Joni Mitchell

Cloud

Generally, IT as a service

Cloud Computing A business model for


delivering IT as a Service
Cloud Services

The deliverable: what you get


SLAs

ITaaS

2010 NetApp. All rights reserved.

IaaS

PaaS

SaaS

StaaS
5

Cloud Delivery Vehicles

Non-IT

General access
Internet delivery
Low security
Low SLAs
Cheap or free

Examples:
Facebook,
iTunes

Traditional IT

Examples:
Yahoo! email (SaaS)
Google Apps (SaaS)

Private External

Examples:
Terremark (IaaS)

Public Clouds

Customers only

Private Internal
Employees only

2010 NetApp. All rights reserved.

Limited access
Internet/Intranet delivery
Security & firewalls
Enterprise SLAs
High value

Focus of this Talk

HYBRID

PUBLIC

Public Clouds

PRIVATE

High SLA

Low SLA

IT as a Service (ITaaS)

Examples:
USPTO Teleworks
NASA Nebula

New IT Organization Is The Service


Broker
Lower TCO

Other
Agencies

Internal
Users

Citizens

Business/Mission Requirements
IT Services and SLAs
IT Requirements/ Policies
Provider Services / SLAs

Internal Cloud

External Cloud

Shared Virtual Infrastructure

Acquisition cost
Operating cost
Simplify staff skill sets

Faster Time to Market


Provision faster
New services faster

Lower Business Risk


Consistent Backup/DR

Benefits

Efficient
Predictable (cost wise)
Elastic and Scalable
Always ON
Dynamic

The New IT Organization


2010 NetApp. All rights reserved.

Looking At Clouds From Both Sides


Service Consumers

Service Consumers Expect

Applications

Network
Storage

2010 NetApp. All rights reserved.

Federal IT Must Provide


Management

Servers

Data security and privacy


Self-service
Always on
Instant delivery
Capacity elasticity
Pay as you go

Secure multi-tenancy
Integrated data protection
Service automation and management
Data mobility
Storage efficiency

Cost Reduction & Flexibility

Path to Cloud (ITaaS)


Virtualization Is Necessary,
But Not Sufficient

Automate
Standardize
Offering

IT as a
Service

Self-service
Self-Managing
Chargeback

Virtualize &
Consolidate
Centralize IT,
Policy & Management
Assess Tasks Ahead;
Determine ROI

Where Does Your Journey Begin?


Time

2010 NetApp. All rights reserved.

From Physical to Virtual Silos


App &
Org Silos

Zones of
Virtualization on
Shared Storage

Internal
Multi-Tenant
Shared Virtual
Infrastructure

Separate
Separate
High
Low
Hours
Medium
Better
Better

Unified
Combined
High
High
Minutes
Low
Strong
Strong

Outsourced
Cloud Services

Apps
VMs
P Servers
Network
V Storage
P Storage
IT Gov
Separate
IT Budgets
Separate
Server Util
Low
Storage Util
Low
Provisioning Days/Wks
Costs
Very High
SLAs
Poor
Security
Inconsistent

Virtualized+ Multi-tenant &


Automated

2010 NetApp. All rights reserved.

Unified
Combined
High
High
Minutes
Lowest
Strong
Strong

+
Mobile

1 10

Security #1 Concern for Cloud

2010 NetApp. All rights reserved.

1 11

Secure Multi-Tenancy

Reference architecture and deployment guides at http://ImagineVirtuallyAnything.com


2010 NetApp. All rights reserved.

1 12

Transforming Federal Data Centers


Transformed Data Center

Traditional Data Center

Ordering System

Systems call API


E2E automated

User

manual

ticket

manual

Automate
service-levels

Departmental
Administrator

User
self-service

Analyze &
Ordering System
Ensure
Service Broker
Cost Effective
automated
Service

ticket
VMM1

System
Operations
At Scale

IP Adr. Sheet

manual

manual
SISM
CMDB

Level 1 Support

Datacenter
Infrastructure

From 1100*

Orchestration Layer
Service Delivery
CMDB &
Billing

Datacenter
Infrastructure

To ?? (A Lot Fewer)

*The Ones We Know About


2010 NetApp. All rights reserved.

1 SAP

The Layers of Virtualization

Policy-based Management

Server Virtualization
API

Network Virtualization
API
Storage Virtualization
API

NAS SAN - FCoE

2010 NetApp. All rights reserved.

Various 3rd Part


Storage Arrays
1 14

Data Center Automation


Service Catalog
High-level Abstraction
Web Service APIs
Offers Storage Services

Self
Service
Portal
Subscriber

Orchestration Tool

Dataset

Service Catalog

Product View
2010 NetApp. All rights reserved.

Assurance

Monitoring

Data Protection

Provisioning

Services
SLA Tool

Monitoring Tool

Protection Tool

Provisioning Tool

Workflow Automation

Storage
Architect

Logical View
1 15

Storage Automation & Analytics:


Language
Box-level Management

Service Level Management

2010 NetApp. All rights reserved.

1 16

Service Catalog Model


I need three
800GB Oracle
instances at the
Gold service level

Service Catalog
Network
Orchestration
Framework

Application
Admin

Reduce opex and capex


Increase agility
Eliminate errors
2010 NetApp. All rights reserved.

Gold
Silver
Bronze

Server

Storage

Protection
policies
Provisioning
policies
Resource pool
Chargeback
metrics

Change
backup policy
for Gold
service level
to every 4
Storage/Backup
hours
Admin
1 17

Conclusion
Smart IT organizations and service providers
will virtualize application stacks and run them
on shared infrastructure to drive out cost and
provide their customers the control they desire
These virtual silos will enable multiple tenants
to run securely in a shared, service-based
infrastructure
Unified architectures at each level in the stack
minimize skill sets and processes (lowest cost)
and improve architectural flexibility
Integrated security and data protection are
foundational, to minimize risk
2010 NetApp. All rights reserved.

1 18

Thank you!
Dale Wickizer
Chief Technology Officer,
U. S. Public Sector, NetApp, Inc.
wickizer@netapp.com
No IT personnel were harmed in the making of this presentation.
2010 NetApp. All rights reserved.

1 19