• Save
Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmiertelne zagrożenie czy rozwojowa perspektywa?
Upcoming SlideShare
Loading in...5
×
 

Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmiertelne zagrożenie czy rozwojowa perspektywa?

on

  • 268 views

Krzysztof Rafalski - IBM Polska - Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmiertelne zagrożenie czy rozwojowa perspektywa?

Krzysztof Rafalski - IBM Polska - Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmiertelne zagrożenie czy rozwojowa perspektywa?

Statistics

Views

Total Views
268
Views on SlideShare
252
Embed Views
16

Actions

Likes
0
Downloads
0
Comments
0

4 Embeds 16

http://tech.3camp.pl 12
http://www.slideee.com 2
http://feedly.com 1
http://digg.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • The Open Group - Standards to set a common foundation of understanding and guide architects in the creation of their solutions using cloud Cloud Architecture – IBM Contributed our Reference Architecture (i.e. the CCRA) Includes Security for SOA and Cloud - Consistent with IBM’s CCRA SOA Cloud Computing Infrastructure (IaaS) Standard - Builds on SOA & IBM’s CCRAOASIS – Identity in the Cloud TC Exploring use cases that describe Identity and Access Mgmt. Challenges in cloud environments against all deployment types (private, public, hybrid) and service models (IaaS, PaaS and SaaS).Use cases categorized against 14 categories of IAM Whitepaper v1.0 Released June 2011, Revision 2 February 2012Currently authoring a security stds. Gap analysis due March/April 2012DMTF – Cloud Auditing Data Federations (CADF) Work Group Specifying Data Model to express audit data in the form of events, logs and reports Audit Data is classified so that it can easily be queried for compliance auditing and reporting (including Security, SLA, SLM) Data is normalized and prescriptive so that it can be federated and shared across cloud providers and between enterprise customers and cloud deployment

Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmiertelne zagrożenie czy rozwojowa perspektywa? Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmiertelne zagrożenie czy rozwojowa perspektywa? Presentation Transcript

  • Krzysztof Rafalski – Executive Technology Architect January 2014 The Cloud being part of your IT Lethal threat or wonderful perspective? © 2013 IBM Corporation
  • Cloud Consulting – always on duty... 2 © 2013 IBM Corporation
  • The Evolution of the IT Environment From monolithic applications From static infrastructure to cloud services From programmed systems to learning systems From structured data at rest to unstructured data in motion From stable well-defined workloads to unpredictable workloads From standard devices to a variety of devices From proprietary standards 3 to dynamic services to open innovation © 2013 IBM Corporation
  • Several service models have emerged in the cloud Business Process, Software, Platform and Infrastructure Services and Components to Build Public and Private Clouds Cloud Services Cloud Components Customers consume business outcomes (e.g. payroll processing, HR) by accessing business services via Webcentric interfaces Software as a Service (SaaS) Customers use applications (e.g. CRM, ERP, e-mail) from multiple client devices through a Web browser Platform as a Service (PaaS) Infrastructure as a Service (IasS) Customers use programming languages, tools and platforms to develop, deploy, and manage applications Services Components Business Process as a Service (BPaaS) Software Hardware Customers use processing, storage, networks, and other computing resources with ability to rapidly and elastically provision and control resources to deploy and run software and services All of these services can be consumed via multi-tenant and shared infrastructures without the need to manage or control the underlying resources 4 © 2013 IBM Corporation
  • IaaS, PaaS, SaaS – who manages what? Traditional On-Premises Platform as a Service Infrastructure as a Service Software as a Service Applications Applications Applications Applications Data Data Data Data Runtime Runtime Runtime Runtime Middleware Middleware Middleware Middleware O/S O/S O/S O/S Virtualization Virtualization Virtualization Virtualization Servers Servers Servers Servers Storage Storage Storage Storage Networking Networking Networking Networking Client Manages Vendor Manages in Cloud Standardization; OPEX savings; faster time to value 5 © 2013 IBM Corporation
  • Different cloud models for different workloads Private Cloud Managed Private Cloud Hosted Private Cloud Enterprise Data Center Enterprise Third-party operated Enterprise Data Center Shared Cloud Services Public Cloud Services Enterprises Users Third-party hosted and operated Private Public IT capabilities are provided “as a service,” over an intranet, within the enterprise and behind the firewall IT activities / functions are provided “as a service,” over the Internet Higher control Lower cost Hybrid 6 Internal and external service delivery methods are integrated © 2013 IBM Corporation
  • Migration to Cloud - Cloud adoption is driven by workloads. Ready for cloud… Collaborative care Analytics Infrastructure storage Information intensive New workloads made possible by clouds… Medical imaging Financial risk Industry applications Collaboration Isolated workloads Workplace, desktop and devices Sensitive data Mature workloads Highly customized Business processes Disaster recovery Not yet virtualized third-party software May not yet be ready for migration… Energy management Preproduction systems Complex processes and transactions Development and test Batch processing Infrastructure compute Regulation sensitive 7 © 2013 IBM Corporation
  • Migration to Cloud based on workload affinity. Higher Gain From Cloud To manage the transformation of workloads to a Cloud Computing environment in the optimum manner, a structured approach to analyzing each individual IT workload is required Higher Pain To Cloud Delivery Numerical [Low Data/Compute] Web Serving Data Warehousing Data Mining Virtual Desktop [High Data Transfer] Systems Mgmt. File & Print LE - ERP/SCM/CRM LE - Transaction Processing Collaboration Numerical SME ERP/SCM/CRM Application Dev’t. & Test Lower Pain To Cloud Delivery “Virtualized Traditional” Architecture “Database Centric” Architecture “Content Centric” Architecture “Loosely Coupled” Architecture “Analytics” Architecture 8 Lower Gain From Cloud © 2013 IBM Corporation
  • How do we migrate your IT into the cloud? Inventory Automated Data Collection Total Image Landscape Affinity Map         Rapid: Slide quickly into cloud with little (e.g. SP) or no adjustments needed Rapid+Minor: Minor OS upgrade (e.g. RHEL 5.2  5.4) Rapid +Future Release: Soon to be supported (e.g.Win 2003 R2 Enterprise edition) Replatform: Moves from unsupported OS’s (e.g Sun) to Linux Reinstall: Outdated OS’s (RHEL v4) that need major upgrade Rapid +Major: Infrastructure change (e.g. change construction of app with NICS, Disc, Clusters) Physical: Required physical host based on analytics Hypervisor: Does not need to be moved as it is recreated at target 3 © Copyright IBM Corporation 2011 2012 Dependencies Migration Roadmap Executive Summary Gathering & Loading of the development data  Initial server data has been loaded into SCOPE  Inventory, Filesystem, and Network Interface data has been loaded in to SCOPE  52,071 servers have been found in the Database What we Have Done been appliedData production data  Some SCE+ Rules have with the to the  30,764 images out of 52,071 (or 60%) have a high probability of candidacy for SCE+  18,306 images out of 52,071 (or 35%) fall under the Rapid Migration method  Not all SCE+ rules have been applied. Business rules are yet to be applied What we are Doing in Parallel  We are extracting more information to identify clusters and application dependencies SCE+ Rules that have been applied      2 9 Servers with more than 1 NIC port are Non-Candidates in SCE+ Servers with IP count greater than 4 are Non-Candidates in SCE+ Servers with DISK count greater than 8 are Non-Candidates in SCE+ Servers with OS Versions outside of Rapid migration have been applied Partition size more than 512 GB are non-Candidate in SCE+ © Copyright IBM Corporation 2011 2012 © 2013 IBM Corporation
  • Different cloud deployment models also change the way we think about security Private cloud On or off premises cloud infrastructure operated solely for an organization and managed by the organization or a third party Hybrid IT Public cloud Traditional IT and clouds (public and/or private) that remain separate but are bound together by technology that enables data and application portability Available to the general public or a large industry group and owned by an organization selling cloud services. Changes in Security and Privacy − − Provider responsibility for infrastructure − More customization of security controls − Less customization of security controls − Good visibility into day-to-day operations − No visibility into day-to-day operations − Easy to access to logs and policies − Difficult to access to logs and policies − 10 Customer responsibility for infrastructure Applications and data remain “inside the firewall” − Applications and data are publically exposed © 2013 IBM Corporation
  • Cloud Security – Building the Solution Self-Service GUI User identity is verified and authenticated IBM Identity & Access Management Visibility & Monitoring of the Cloud Environment QRadar Log Management C QRadar SIEM Cloud Enabled Data Center Image provisioned behind FW / IPS 1 Host security installed and updated Cloud Platform A Resource chosen from correct security domain Available Resource 2 VM is configured with appropriate security policy Image Library Machine Image Software patches applied and up-to-date 3 SW Catalog 4 5 •IBM Security D Network Intrusion Prevention (IPS) •IBM Security SiteProtector Configured Machine Image Virtual Machine 6 Virtual Machine Hypervisor IBM Endpoint Manager for Security and Compliance B Config Binaries Resource Pool 11 © 2013 IBM Corporation
  • NGCi - Business needs and the Vision The creation of truly national infrastructure which interconnects all regions of the country; The creation of innovative technological concepts that will become a core part of the platform used to deliver various kinds of services; The development of computing science, research and education; 12 Mass spread of innovational activity; Modernization of industry and formation of new values; and Location: one of the CIS countries Profile: Government sector – initially healthcare and research Solution components: desktop cloud, private cloud Onboarded: pilot completed 2Q13 The development of new high-tech service sector; Efficient transformation of knowledge into industrial technologies; National Grid Cloud Infrastructure (NGCi) Supporting and encouraging international and local scientific collaboration. © 2013 IBM Corporation
  • NGCi – Architecture Overview Commercial Usage Non-Commercial Usage Users Medical User Non-Medical User Government Official Researcher Student Citizen Research VOs Research VOs Research VOs UMIS Communication Channels Terminal Sensors NGCi Consumer Services Grid/Cloud Service Endpoint Provisioning Mobile Personal computer Devices Grid/Cloud self-service portal Resource virtualization and provisioning Application deployment and management Service and Operations Management Data & Analytics Grid/Cloud Services HPC Services Grid/Cloud Integration Services NGCi Operating Environment Services User Inteface Grid/Cloud Service Creators Service Catalog Management Grid/Cloud portal management Business Services Process Blueprints Extensible Portal Components Orchestration UI Controller for Service Fabric Portal UI API Operational Decision Event Manager Workflow Operational Decision Rule Manager API / Blueprint management Service Management Development Tools Integration Services XML Transformation Mediation Application Adapters Industry Standards Service Fabric for Endpoints High Performance Computing Endpoints Analytics and Optimization Endpoints Service Deployment API Development Lifecycle Tools Virtual Resource Management Tools Data Services Data virtualization Big Data Services Advanced analytics Information Streams Analytics Data vizualization Data lifecycle services Big Data Filesystem Business Intelligence Advanced optimization Grid Analytics Databases Operational Data Stores Infrastructure Layer Virtualization VM VM VM VM VM PureFlex Compute Storage Cloud Governance VM VM VM VM PureFlex Network Compute Security Governance, Risk Management & Compliance Storage VM VM VM GRID Physical Layer PureFlex Network Problem & Information Security Incident Management Compute Storage Identity and Access Management GRID GRID GRID GRID GRID GRID HPC Network Compute Data classification and protection Storage GRID HPC Network Systems Acquisition and Maintenance Compute Storage Infrastructure protection Network Physical and Personnel Security Security Incident Management Problem Management Access Management Change Management Release Management Request Fulfillment Service management 13 © 2013 IBM Corporation
  • Pilot NGCi - Physical Solution Overview Dynamic grid/cloud infrastructure based on PureFlex systems Smarter Healthcare Disaster Recovery Center (DRC) Test and Development Environment Research Environment Smarter Healthcare Production environment High speed links Primary DC with production workloads: • UHIS 2.0 • Unified Access and iServices • DWH and Analytics Primary DC DRC MPLS cloud Clinic No n Hospital No 1 Hospital No n Clinic No 2 Clinic No 1 Disaster Recovery DC with: • Test and Development environments • Research environment • Critical Production systems in case of disaster Hospital No 2 MPLS connectivity Primary DC/DRC/MOs 14 © 2013 IBM Corporation
  • A leading Ukrainian pharmaceutical company is adopting an SCE+ based production cloud for SAP Location: Kiev, Ukraine BUSINESS CHALLENGE: • Create a backup/passive replica of an SAP environment for an existing installation; • Prepare to meet complex, pharmacy industry regulatory certification environments (e.g. ISO); • Optimize IT management costs; Profile: The company has a 85 year history of working for health and wellbeing of people. Company’s products help overcome diseases in five areas of therapy: endocrinology, cardiology, ophthalmology, rheumatology, and catarrhal disorders. Responsible for 18% of Ukraine’s drug manufacturing output; one of the leading drug exporters: about 20% of our products are exported; exporting drugs to more than 20 countries of the world. Solution components: SmartCloud Enterprise+ Onboarded: Q3 2013 SOLUTION BENEFITS: • True availability service level agreement (SLA) that is in alignment with business requirements • Improved IT agility in case of disaster scenarios • Automation allows for managed hosting level capabilities in days vs. weeks • Smaller up front commitment allows customers to grow as needed 15 © 2013 IBM Corporation
  • Deployment Architecture Diagram 16 © 2013 IBM Corporation
  • Cloud standards landscape Architecture Defining cloud as an extension of SOA to protect your investment The Open Group & ISO SC38 Cloud Computing Reference Architecture Infrastructure APIs Standardized IaaS layer allows Differentiation higher in the stack OpenStack Adoption of IaaS standards DMTF Cloud Infrastructure Management Interface Open-services.net Open Services for Lifecycle Collaboration SNIA Cloud Data Management Interface Security Ensuring the security of your assets, regardless of the location DMTF Cloud Audit Working Group OASIS Cloud Identity Management CSCC Security Working Group OAuth.net OAuth 17 Management Write once, run anywhere portable workloads OASIS Topology & Orchestration Specification for Cloud Apps CSCC Platform as a Service Workgroup © 2013 IBM Corporation
  • IBM & Cloud Standards Customer Council (CSCC) contributing to cloud security standards development to address barriers in cloud adoption IBM Security Standards Participation Client-focused open standards and interoperability • Cloud Architecture Standards – Including Security for SOA and Cloud • ISO JTC 1/SC 27 – IT Security Techniques – Including cloud security methodologies, procedures, guidelines, documentation and evaluation procedures 18 • Identity in the Cloud TC – Published Cloud Identity Mgmt. Use Cases Whitepaper covering: 15 Identity Management categories SaaS, PaaS & IaaS service models Private, Public & Hybrid Cloud – Drafting Cloud IdM Standards Gap Analysis • Cloud Audit Working Group – Federation and Classification of Audit Data for Compliance Reporting © 2013 IBM Corporation
  • The IBM Common Cloud Reference Architecture (CCRA) IBM CCRA public material: https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Wf3cce8ff09b3_49d2_8 Public Cloud RA whitepaper available on ibm.com: ee7_4e49c1ef5d22/page/IBM%20Cloud%20Computing%20Reference%20Architecture%203.0 http://public.dhe.ibm.com/common/ssi/ecm/en/ciw03078usen/CIW03078USEN.PDF CCRA OpenGroup submission: http://www.opengroup.org/cloudcomputing/uploads/40/23840/CCRA.IBMSubmission.02282011.doc      Represents the aggregate experience from hundreds of cloud client engagements and IBMhosted cloud implementations • Based on knowledge of IBM’s services, software & system experiences, including IBM Research Provides prescriptive guidance on how to build IaaS, PaaS, SaaS and service provider clouds using IBM technologies Reflected in the design of • Clouds IBM implements for clients • IBM-hosted cloud services • IBM cloud appliances • IBM cloud products Focuses on cloud specifics • Radical cost reduction • Achievement of high degrees of security, reliability, scalability and control Consists of multiple detailed documents representing best-of-industry knowledge and insight • How to architect, design and implement clouds CCRA 3.0 Cloud-enabled data center / building IaaS Platform Services Cloud Service Provider Building SaaS Common Reference Architecture Foundation Cloud Service Consumer Cloud Service Creator Cloud Service Provider Common Cloud Management Platform (CCMP) Cloud Services Existing & 3rd party services, Partner Ecosystems Business-Processas-a-Service Cloud Service Integration Tools Sof tware-as-a-Service Operational Support Services (OSS) Business Support Services (BSS) Service Creation Tools Platf orm-as-a-Service Consumer In-house IT Inf rastructure-as-a-Service Inf rastructure Security, Resiliency, Performance & Consumability Governance 19 © 2013 IBM Corporation
  • Summary 1. 2. 3. 4. 5. IT is really changing (the business requirements are changing) Cloud plays important role – don’t ignore it Cloud is important and it’s more than technology Find what is good for you in a cloud Think about your business Contact: • Krzysztof Rafalski • +48 603 88 6308 • krzysztof.rafalski@pl.ibm.com 20 © 2013 IBM Corporation