• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
MPLS 2010: Network Enabled Cloud and Service Models
 

MPLS 2010: Network Enabled Cloud and Service Models

on

  • 4,411 views

Presented at MPLS 2010 Oct 24-27 Washington D.C. ...

Presented at MPLS 2010 Oct 24-27 Washington D.C.

Monique Morrow, Cisco Distinguished Consulting Engineer, discussed the role of the network in developing as a base for cloud computing in developing XaaS models across a private backbone vs offering Cloud-based services over the Internet.

The presenter further presented the potential evolution of Cloud Computing in the form of Private, Hybrid and Inter-Cloud.

Service Level Management and Security are also highlighted themes in this presentation.

An overview of the various standards organizations and forums that may be specific to cloud computing and emerging inter-cloud was also provided

Discussion and takeaway - the value of these models to your business.

Statistics

Views

Total Views
4,411
Views on SlideShare
3,664
Embed Views
747

Actions

Likes
2
Downloads
0
Comments
0

5 Embeds 747

http://blogs.cisco.com 743
http://rtts-demo.lionbridge.com 1
http://translate.googleusercontent.com 1
http://webcache.googleusercontent.com 1
http://ciscorewards.lvm.terralever.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    MPLS 2010: Network Enabled Cloud and Service Models MPLS 2010: Network Enabled Cloud and Service Models Presentation Transcript

    • Network Enabled Cloud and Service Models Monique J. Morrow Cisco mmorrow@cisco.com www.mpls2010.com Insert Company Logo Here
    • Agenda Service and Deployment Models Factoring the Network Into the Cloud Cloud Management Cloud Security Inter-cloud Standards Summary Insert Company Logo Here
    • Common Taxonomy Cloud Framework from NIST Essential Measured Rapid Elasticity Characteristics Service On-Demand Broad Network Resource Self Service Access Pooling Service Software as a Infrastructure Platform as a as a Service Models Service (SaaS) Service (PaaS) (IaaS) Deployment Models Public Private Hybrid Community http://www.csrc.nist.gov/groups/SNS/cloud-computing/index.html Insert Company Logo Here
    • Cloud Services Taxonomy SaaS Enabled Applications Software as a CRM/ERP Desktop Apps Service (SaaS) End Users UC Video Other Apps Platform Enabled Applications Platform as a Billing Collaboration Service (PaaS) Developers Apps Dev Workflow Metadata Infrastructure Enabled Services Business Data Infrastructure as a Service (IaaS) System Infrastructure IT Department Hosted Hardware Grid Insert Company Logo Here
    • Applications in the Cloud Supporting Hybrid: Not One-Size-Fits-All Future Data “Trust” (Verifiable) -  Secure and Private -  Compliant Strategic Today Development and Test Web Apps (some) Media Distribution Service Levels Large Scale Compute/Storage Mission Critical Insert Company Logo Here
    • Agenda Service and Deployment Models Factoring the Network Into the Cloud Cloud Management Cloud Security Inter-cloud Standards Summary Insert Company Logo Here
    • Hybrid Cloud for Enterprise Extension Multi-Tenant SP virtual private cloud services IaaS Enterprise - w/security Enterprise Internal Cloud - SLA support Virtualized DC Enterprise Virtualized DC Internet Seamless Extension of the Enterprise DC (IaaS) (elastic compute, storage, network, services) Insert Company Logo Here
    • Challenge: Tightly Integrating Network Services  One-size-fits-all makes it easier, but at the expense of functionality  More than just VMs on a VLAN!  Scaling becomes a challenge with just 20K VM’s and 100’s of tenants  Requires understanding of NW service abstraction, template-based configuration, tiered network designs Insert Company Logo Here
    • Network Factored Cloud App Tiers in a Typical DC Branch Branch DC Dept/Customer 1 Dept/Customer 2 Internet MAN/WAN/SP Net Web Tier DMZ App Tier Core Distribution DB Tier Aggregation Storage Tier Dept 2 Dept 1 App 6 App 1 Tiered Network: Access   Storage   SAN/NAS DB 2 DB 1   Access: App tiers reside here   Aggregation, distribution, core SAN Outsource (part of app tiers may reside here) to Cloud   DMZ Insert   Campus core/MAN/WAN edges Company Logo Here
    • Multi-tenant Cloud DC Need Support for Following, for Example: (Via Support Of API, vDC Configuration Spec A La OVF)   Isolate vDCs not just VM level, but also at network level   Network service or capability insertion (virtual or physical) at various layers on-demand Isolation Dept/Customer 1 Dept/Customer 2  Network QoS  Firewall  VPN Storage Tier  Network QoS  SSL Acceleration App Tier  Load Balancing  Firewall  Network QoS DB Tier  Load Balancing  Firewall  Network QoS Storage Tier  VSAN Insert Company Logo Here
    • Hybrid Cloud With Intelligent Network - High Level Use Case Additional Capacity Needs – Request Cloud Cloud Resources Data Center Internal Data Center Check Availability, Performance, Determine Optimal Location Cloud VPN Self-provision Network Tenant, Virtual Core Compute, Storage, Cloud Data Center VPN Workloads Deployed Cloud Data Center ‘Pay-as-you-go’ for compute, storage, network Insert Company Logo Here
    • Changing the Approach Current state Cloud Aware Infrastructure Periodic polling from Real-time publishing of state network mgmt system to from Network Devices – Scales devices does not scale well Management plane driven Network Control plane reduces – Scaling is achieved using the scaling challenges of technologies like clustering management plane Policy Definition and Policy Definition resides in Enforcement happens in Management tool & Management tool - communicates via Service requires update for every Layer APIs to Network Elements new device, flow, model to enforce policy Insert Company Logo Here
    • Where to Provision the Tenant? Utilizing Network Intelligence   Key for many SP applications Video – where to go that’s closest for particular video segment Mobile – where to go for resources needed for a particular customer Cloud (intra-DC) – workload positioning across pods within a DC Cloud (inter-DC) – workload positioning across DCs within an NGN   Network can provide more than just proximity information View into not only topology but performance data, link costs, etc.   API call provides customer identity, policy, requirements, receives top location(s) of / for resources Insert Company Logo Here
    • Agenda Service and Deployment Models Factoring the Network Into the Cloud Cloud Management Cloud Security Inter-cloud Standards Summary Insert Company Logo Here
    • Cloud Management   Not traditional management Cloud User Admin (CUA) vDC Creation and VPN Association   Everything has to be on-demand, on-line and elastic Cloud Service Mgmt MW Cloud Service Component If management layer does not have Service Composition Service Composition on-line, on-demand interfaces, it (Via OVF Spec, for Example) will be not be suitable for Cloud Cloud Provider + + + Corp VPN Admin (CPA)   Static provisioning has to be minimal, if at all Cloud Infra Management Decompose Services and Orchestrate   Autonomic flow-through Provisions + + + Corp VPN provisioning should be the norm   Compute, storage and network Compute Element Storage Element Network Service Network Service managed as a whole, interrelated, Management Management Mgmt L4–7 Mgmt L2–3 VPN not in isolation Corp VPN Provisions On-demand Insert Company Logo Here
    • Agenda Service and Deployment Models Factoring the Network Into the Cloud Cloud Management Cloud Security Inter-cloud Standards Summary Insert Company Logo Here
    • Cloud Security Threats and Issues   Where is my data? Geographical location of data Who is accessing it on the physical and virtual servers? Is it segregated from others? Can I recover it?   What is the threat vector for cloud services? Will it be heavily targeted?   How do I identify the weakest link in cloud services security chain?   Would centralization of data bring more security? Federated trust and identity issues   Who would manage risk for my business assets? And, can I comply with regulatory requirements set by (choose your standards body) Insert Company Logo Here
    • Private Cloud Private Cloud Security  What is a Private Cloud? –  It’s Private ;-) –  You have control of everything –  You decide the security policy –  No need for total seperation of resources (some exceptions apply) –  Need to secure virtual machines and services Insert Company Logo Here
    • Public Cloud Public Cloud Security  What is a Public Cloud? –  You are sharing a public infrastructure with others –  You do not have control of the infrastructure –  You do not decide the common security policy –  You control access to the leased infrastructure (IaaS/PaaS) –  You control access to your own services (IaaS/PaaS/SaaS) –  You need to work together with the Cloud Provider to establish trust and control  Need to set up a framework for controlling SLA’s and ensure that Security/Monitoring/Compliance/Audit requirements are fulfilled Insert Company Logo Here
    • Securing Clouds – Approach  As with any security area, organizations should adopt a risk-based approach to moving to the cloud and selecting security options (*) –  Identify the asset for the cloud deployment –  Evaluate the asset –  Map the asset to potential cloud deployment models –  Evaluate potential cloud service models and providers –  Sketch the potential data flow –  Conclusion / Decision * Cloud Security Alliance Whitepaper v2.1 Insert Company Logo Here
    • What Assets Do We Protect?   Company reputation   Customer trust   Employee loyalty and experience   Intellectual property   Service delivery   Personal data   Credentials   User directory   Cloud service management interface   Network   Physical hardware   Buildings   Logs   Backup or archive data Insert Company Logo Here
    • Risks  Policy and organizational Lock-in, Loss of governance, Compliance challenges, Cloud service termination or failure, Supply chain failure  Technical Resource exhaustion, Isolation failure, Cloud provider malicious insider, Management interface compromise, Intercepting data in transit, Insecure or ineffective deletion of data, DDoS  Legal Subpoena and e-discovery, Changes of jurisdiction, Data protection risks, Licensing risks  Non cloud Network breaks, Network management, Modifying network traffic, Privilege escalation, Social engineering Insert Company Logo Here
    • Benefits   Security and the benefits of scale Multiple locations Edge networks Improved timeliness of response: larger to incidents Threat management   Security as a market differentiator   Standardized interfaces for managed security services   Rapid, smart scaling of resources   Audit and evidence-gathering   More timely and effective and efficient updates and defaults   Benefits of resource concentration Insert Company Logo Here
    • Securing Clouds – Approach  As with any security area, organizations should adopt a risk-based approach to moving to the cloud and selecting security options (*) –  Identify the asset for the cloud deployment –  Evaluate the asset –  Map the asset to potential cloud deployment models –  Evaluate potential cloud service models and providers –  Sketch the potential data flow –  Conclusion / Decision * Cloud Security Alliance Whitepaper v2.1 Insert Company Logo Here
    • Evaluate the asset  How Important is the asset, what is the harm if the asset became widely public and widely distributed? an employee of our cloud provider accessed the asset? the process or function were manipulated by an outsider? the process or function failed to provide expected results? the information/data were unexpectedly changed? the asset were unavailable for a period of time?  Confidentiality, integrity and availability requirements when (part of) the resource is in the cloud Insert Company Logo Here
    • Security as a Service — Assessments Regulatory Compliance Audits and Reports Vulnerability Assessment Define Security Policies Global Security Intelligence Center Automate Mitigate risk and eliminate Insert Monitor and measure network compliance Company Distribute security and compliance reports Logo Here
    • References  NIST Cloud Definition http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc  ENISA Cloud Computing Risk Assessment http://www.enisa.europa.eu/act/rm/files/deliverables/cloud- computing-risk-assessment/at_download/fullReport  Cloud Security Alliance http://cloudsecurityalliance.org/ Insert Company Logo Here
    • Agenda Service and Deployment Models Factoring the Network Into the Cloud Cloud Management Cloud Security Inter-cloud Standards Summary Insert Company Logo Here
    • The Inter-Cloud Apps Integrate Services from Multiple Clouds   Naming/Discovery   Trust   Exchange/Peering Apps Integrate Services Dynamic Workload from Multiple Clouds Migration Insert Company Logo Here
    • Inter-cloud Potential for Disruption Interoperable Server Side Protocols and Formats Proprietary Proprietary Computing, Storage Computing, Storage Client Client SVMP*, SSRP*, SOIP* Proprietary Proprietary Computing, Storage Computing, Storage Client Client *Simple VM Mobility Protocol *Simple Storage Replication Protocol *Simple Other Inter-cloud Protocols As Needed Insert Company Logo Here
    • Evolution of the Cloud Computing Market from Stand-alone to the Inter-cloud Open Cloud (Federations) Private Cloud Private Cloud Virtual Inter Cloud Private Cloud Stand Alone Data Centers Public Cloud Public Cloud Public Cloud (1) Public Cloud (2) Phase 1 Phase 2 (Present) Phase 3 Phase 4 (2015–2017) Federation/Workload Portability/ Insert Interoperability/Security Company Logo Here
    • Agenda Service and Deployment Models Factoring the Network Into the Cloud Cloud Management Cloud Security Inter-cloud Standards Summary Insert Company Logo Here
    • Where Is the Standards Work to be Done? CSA DMTF NIST IEEE OGF ETSI-TC Grid MEF ITU-T And More…. SNIA CCIF OCM OASIS NCOIC IETF OCM LA TMF Insert Company Logo Here
    • Interoperability Standards Common Interfaces/APIs for Cloud services offered by Cloud SP (CSP)   OCCI for compute, SNIACDMI for storage   Not much for network, such as standard API for Virtual private Cloud (VPC), load-balancing (LB), firewall, QoS, bandwidth and other services Workload mobility/migration with following elements moving between Clouds (End user to CSP to Enterprise to CSP, CSP to CSP)   Virtual DC (vDC) with App, VM and relevant (App, VM, network) Configurations   Both static or live migration considered   OVF for vDC specification  move the OVF spec   Currently lacks features, such as network related   No standard VM (disk) format Insert Company Logo Here
    • Agenda Service and Deployment Models Factoring the Network Into the Cloud Cloud Management Cloud Security Inter-cloud Standards Summary Insert Company Logo Here
    • Summary Cloud Computing Represents a Shift in how Application and Data Center Resources Will be Architected and Consumed Sample Areas for Standardization:   Network abstraction, virtualization   Cloud security   Federation and interoperability   Innovation – What disrupts YOU? Insert Company Logo Here