Network Enabled Cloud and Service Models
             Monique J. Morrow
                  Cisco
            mmorrow@cisco....
Agenda
Service and Deployment Models

Factoring the Network Into the Cloud

Cloud Management

Cloud Security

Inter-cloud
...
Common Taxonomy
             Cloud Framework from NIST


     Essential                Measured
                          ...
Cloud Services Taxonomy

                                SaaS Enabled Applications
Software as a            CRM/ERP       ...
Applications in the Cloud
                Supporting Hybrid: Not One-Size-Fits-All



                                    ...
Agenda
Service and Deployment Models

Factoring the Network Into the Cloud

Cloud Management

Cloud Security

Inter-cloud
...
Hybrid Cloud for Enterprise Extension


                                          Multi-Tenant SP
                        ...
Challenge: Tightly Integrating Network
                 Services

 One-size-fits-all makes it
  easier, but at the expens...
Network Factored Cloud
    App Tiers in a Typical DC                                                            Branch    ...
Multi-tenant Cloud DC

Need Support for Following, for Example: (Via Support Of API,
vDC Configuration Spec A La OVF)
  I...
Hybrid Cloud With Intelligent Network - High Level Use Case

                                                             ...
Changing the Approach

Current state                  Cloud Aware Infrastructure
Periodic polling from          Real-time ...
Where to Provision the Tenant?
              Utilizing Network Intelligence
  Key for many SP applications
    Video – wh...
Agenda
Service and Deployment Models

Factoring the Network Into the Cloud

Cloud Management

Cloud Security

Inter-cloud
...
Cloud Management


  Not traditional management                                                          Cloud User Admin...
Agenda
Service and Deployment Models

Factoring the Network Into the Cloud

Cloud Management

Cloud Security

Inter-cloud
...
Cloud Security Threats and Issues
  Where is my data?
     Geographical location of data
     Who is accessing it on the ...
Private Cloud


              Private Cloud Security

 What is a Private Cloud?
  –  It’s Private ;-)
  –  You have contr...
Public Cloud



                     Public Cloud Security
 What is a Public Cloud?
  –  You are sharing a public infrast...
Securing Clouds – Approach

   As with any security area, organizations should adopt
    a risk-based approach to moving ...
What Assets Do We Protect?
    Company reputation
    Customer trust
    Employee loyalty and experience
    Intellect...
Risks

 Policy and organizational
   Lock-in, Loss of governance, Compliance challenges, Cloud
     service termination o...
Benefits

  Security and the benefits of scale
      Multiple locations
      Edge networks
      Improved timeliness of ...
Securing Clouds – Approach

     As with any security area, organizations should adopt a
      risk-based approach to mov...
Evaluate the asset

 How Important is the asset, what is the harm if
   the asset became widely public and widely distrib...
Security as a Service — Assessments
                       Regulatory Compliance Audits and Reports




Vulnerability Asse...
References

 NIST Cloud Definition
   http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc


 ENISA Cloud C...
Agenda
Service and Deployment Models

Factoring the Network Into the Cloud

Cloud Management

Cloud Security

Inter-cloud
...
The Inter-Cloud


                    Apps Integrate Services
                    from Multiple Clouds
                   ...
Inter-cloud Potential for Disruption
                             Interoperable Server
                              Side ...
Evolution of the Cloud Computing Market
                 from Stand-alone to the Inter-cloud

                            ...
Agenda
Service and Deployment Models

Factoring the Network Into the Cloud

Cloud Management

Cloud Security

Inter-cloud
...
Where Is the Standards Work to be Done?


                CSA               DMTF
 NIST                                    ...
Interoperability Standards

Common Interfaces/APIs for Cloud services
offered by Cloud SP (CSP)
  OCCI for compute, SNIAC...
Agenda
Service and Deployment Models

Factoring the Network Into the Cloud

Cloud Management

Cloud Security

Inter-cloud
...
Summary

Cloud Computing Represents a Shift in how
Application and Data Center Resources
Will be Architected and Consumed
...
Upcoming SlideShare
Loading in...5
×

MPLS 2010: Network Enabled Cloud and Service Models

4,363

Published on

Presented at MPLS 2010 Oct 24-27 Washington D.C.

Monique Morrow, Cisco Distinguished Consulting Engineer, discussed the role of the network in developing as a base for cloud computing in developing XaaS models across a private backbone vs offering Cloud-based services over the Internet.

The presenter further presented the potential evolution of Cloud Computing in the form of Private, Hybrid and Inter-Cloud.

Service Level Management and Security are also highlighted themes in this presentation.

An overview of the various standards organizations and forums that may be specific to cloud computing and emerging inter-cloud was also provided

Discussion and takeaway - the value of these models to your business.

Published in: Technology, Business
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
4,363
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

MPLS 2010: Network Enabled Cloud and Service Models

  1. 1. Network Enabled Cloud and Service Models Monique J. Morrow Cisco mmorrow@cisco.com www.mpls2010.com Insert Company Logo Here
  2. 2. Agenda Service and Deployment Models Factoring the Network Into the Cloud Cloud Management Cloud Security Inter-cloud Standards Summary Insert Company Logo Here
  3. 3. Common Taxonomy Cloud Framework from NIST Essential Measured Rapid Elasticity Characteristics Service On-Demand Broad Network Resource Self Service Access Pooling Service Software as a Infrastructure Platform as a as a Service Models Service (SaaS) Service (PaaS) (IaaS) Deployment Models Public Private Hybrid Community http://www.csrc.nist.gov/groups/SNS/cloud-computing/index.html Insert Company Logo Here
  4. 4. Cloud Services Taxonomy SaaS Enabled Applications Software as a CRM/ERP Desktop Apps Service (SaaS) End Users UC Video Other Apps Platform Enabled Applications Platform as a Billing Collaboration Service (PaaS) Developers Apps Dev Workflow Metadata Infrastructure Enabled Services Business Data Infrastructure as a Service (IaaS) System Infrastructure IT Department Hosted Hardware Grid Insert Company Logo Here
  5. 5. Applications in the Cloud Supporting Hybrid: Not One-Size-Fits-All Future Data “Trust” (Verifiable) -  Secure and Private -  Compliant Strategic Today Development and Test Web Apps (some) Media Distribution Service Levels Large Scale Compute/Storage Mission Critical Insert Company Logo Here
  6. 6. Agenda Service and Deployment Models Factoring the Network Into the Cloud Cloud Management Cloud Security Inter-cloud Standards Summary Insert Company Logo Here
  7. 7. Hybrid Cloud for Enterprise Extension Multi-Tenant SP virtual private cloud services IaaS Enterprise - w/security Enterprise Internal Cloud - SLA support Virtualized DC Enterprise Virtualized DC Internet Seamless Extension of the Enterprise DC (IaaS) (elastic compute, storage, network, services) Insert Company Logo Here
  8. 8. Challenge: Tightly Integrating Network Services  One-size-fits-all makes it easier, but at the expense of functionality  More than just VMs on a VLAN!  Scaling becomes a challenge with just 20K VM’s and 100’s of tenants  Requires understanding of NW service abstraction, template-based configuration, tiered network designs Insert Company Logo Here
  9. 9. Network Factored Cloud App Tiers in a Typical DC Branch Branch DC Dept/Customer 1 Dept/Customer 2 Internet MAN/WAN/SP Net Web Tier DMZ App Tier Core Distribution DB Tier Aggregation Storage Tier Dept 2 Dept 1 App 6 App 1 Tiered Network: Access   Storage   SAN/NAS DB 2 DB 1   Access: App tiers reside here   Aggregation, distribution, core SAN Outsource (part of app tiers may reside here) to Cloud   DMZ Insert   Campus core/MAN/WAN edges Company Logo Here
  10. 10. Multi-tenant Cloud DC Need Support for Following, for Example: (Via Support Of API, vDC Configuration Spec A La OVF)   Isolate vDCs not just VM level, but also at network level   Network service or capability insertion (virtual or physical) at various layers on-demand Isolation Dept/Customer 1 Dept/Customer 2  Network QoS  Firewall  VPN Storage Tier  Network QoS  SSL Acceleration App Tier  Load Balancing  Firewall  Network QoS DB Tier  Load Balancing  Firewall  Network QoS Storage Tier  VSAN Insert Company Logo Here
  11. 11. Hybrid Cloud With Intelligent Network - High Level Use Case Additional Capacity Needs – Request Cloud Cloud Resources Data Center Internal Data Center Check Availability, Performance, Determine Optimal Location Cloud VPN Self-provision Network Tenant, Virtual Core Compute, Storage, Cloud Data Center VPN Workloads Deployed Cloud Data Center ‘Pay-as-you-go’ for compute, storage, network Insert Company Logo Here
  12. 12. Changing the Approach Current state Cloud Aware Infrastructure Periodic polling from Real-time publishing of state network mgmt system to from Network Devices – Scales devices does not scale well Management plane driven Network Control plane reduces – Scaling is achieved using the scaling challenges of technologies like clustering management plane Policy Definition and Policy Definition resides in Enforcement happens in Management tool & Management tool - communicates via Service requires update for every Layer APIs to Network Elements new device, flow, model to enforce policy Insert Company Logo Here
  13. 13. Where to Provision the Tenant? Utilizing Network Intelligence   Key for many SP applications Video – where to go that’s closest for particular video segment Mobile – where to go for resources needed for a particular customer Cloud (intra-DC) – workload positioning across pods within a DC Cloud (inter-DC) – workload positioning across DCs within an NGN   Network can provide more than just proximity information View into not only topology but performance data, link costs, etc.   API call provides customer identity, policy, requirements, receives top location(s) of / for resources Insert Company Logo Here
  14. 14. Agenda Service and Deployment Models Factoring the Network Into the Cloud Cloud Management Cloud Security Inter-cloud Standards Summary Insert Company Logo Here
  15. 15. Cloud Management   Not traditional management Cloud User Admin (CUA) vDC Creation and VPN Association   Everything has to be on-demand, on-line and elastic Cloud Service Mgmt MW Cloud Service Component If management layer does not have Service Composition Service Composition on-line, on-demand interfaces, it (Via OVF Spec, for Example) will be not be suitable for Cloud Cloud Provider + + + Corp VPN Admin (CPA)   Static provisioning has to be minimal, if at all Cloud Infra Management Decompose Services and Orchestrate   Autonomic flow-through Provisions + + + Corp VPN provisioning should be the norm   Compute, storage and network Compute Element Storage Element Network Service Network Service managed as a whole, interrelated, Management Management Mgmt L4–7 Mgmt L2–3 VPN not in isolation Corp VPN Provisions On-demand Insert Company Logo Here
  16. 16. Agenda Service and Deployment Models Factoring the Network Into the Cloud Cloud Management Cloud Security Inter-cloud Standards Summary Insert Company Logo Here
  17. 17. Cloud Security Threats and Issues   Where is my data? Geographical location of data Who is accessing it on the physical and virtual servers? Is it segregated from others? Can I recover it?   What is the threat vector for cloud services? Will it be heavily targeted?   How do I identify the weakest link in cloud services security chain?   Would centralization of data bring more security? Federated trust and identity issues   Who would manage risk for my business assets? And, can I comply with regulatory requirements set by (choose your standards body) Insert Company Logo Here
  18. 18. Private Cloud Private Cloud Security  What is a Private Cloud? –  It’s Private ;-) –  You have control of everything –  You decide the security policy –  No need for total seperation of resources (some exceptions apply) –  Need to secure virtual machines and services Insert Company Logo Here
  19. 19. Public Cloud Public Cloud Security  What is a Public Cloud? –  You are sharing a public infrastructure with others –  You do not have control of the infrastructure –  You do not decide the common security policy –  You control access to the leased infrastructure (IaaS/PaaS) –  You control access to your own services (IaaS/PaaS/SaaS) –  You need to work together with the Cloud Provider to establish trust and control  Need to set up a framework for controlling SLA’s and ensure that Security/Monitoring/Compliance/Audit requirements are fulfilled Insert Company Logo Here
  20. 20. Securing Clouds – Approach  As with any security area, organizations should adopt a risk-based approach to moving to the cloud and selecting security options (*) –  Identify the asset for the cloud deployment –  Evaluate the asset –  Map the asset to potential cloud deployment models –  Evaluate potential cloud service models and providers –  Sketch the potential data flow –  Conclusion / Decision * Cloud Security Alliance Whitepaper v2.1 Insert Company Logo Here
  21. 21. What Assets Do We Protect?   Company reputation   Customer trust   Employee loyalty and experience   Intellectual property   Service delivery   Personal data   Credentials   User directory   Cloud service management interface   Network   Physical hardware   Buildings   Logs   Backup or archive data Insert Company Logo Here
  22. 22. Risks  Policy and organizational Lock-in, Loss of governance, Compliance challenges, Cloud service termination or failure, Supply chain failure  Technical Resource exhaustion, Isolation failure, Cloud provider malicious insider, Management interface compromise, Intercepting data in transit, Insecure or ineffective deletion of data, DDoS  Legal Subpoena and e-discovery, Changes of jurisdiction, Data protection risks, Licensing risks  Non cloud Network breaks, Network management, Modifying network traffic, Privilege escalation, Social engineering Insert Company Logo Here
  23. 23. Benefits   Security and the benefits of scale Multiple locations Edge networks Improved timeliness of response: larger to incidents Threat management   Security as a market differentiator   Standardized interfaces for managed security services   Rapid, smart scaling of resources   Audit and evidence-gathering   More timely and effective and efficient updates and defaults   Benefits of resource concentration Insert Company Logo Here
  24. 24. Securing Clouds – Approach  As with any security area, organizations should adopt a risk-based approach to moving to the cloud and selecting security options (*) –  Identify the asset for the cloud deployment –  Evaluate the asset –  Map the asset to potential cloud deployment models –  Evaluate potential cloud service models and providers –  Sketch the potential data flow –  Conclusion / Decision * Cloud Security Alliance Whitepaper v2.1 Insert Company Logo Here
  25. 25. Evaluate the asset  How Important is the asset, what is the harm if the asset became widely public and widely distributed? an employee of our cloud provider accessed the asset? the process or function were manipulated by an outsider? the process or function failed to provide expected results? the information/data were unexpectedly changed? the asset were unavailable for a period of time?  Confidentiality, integrity and availability requirements when (part of) the resource is in the cloud Insert Company Logo Here
  26. 26. Security as a Service — Assessments Regulatory Compliance Audits and Reports Vulnerability Assessment Define Security Policies Global Security Intelligence Center Automate Mitigate risk and eliminate Insert Monitor and measure network compliance Company Distribute security and compliance reports Logo Here
  27. 27. References  NIST Cloud Definition http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc  ENISA Cloud Computing Risk Assessment http://www.enisa.europa.eu/act/rm/files/deliverables/cloud- computing-risk-assessment/at_download/fullReport  Cloud Security Alliance http://cloudsecurityalliance.org/ Insert Company Logo Here
  28. 28. Agenda Service and Deployment Models Factoring the Network Into the Cloud Cloud Management Cloud Security Inter-cloud Standards Summary Insert Company Logo Here
  29. 29. The Inter-Cloud Apps Integrate Services from Multiple Clouds   Naming/Discovery   Trust   Exchange/Peering Apps Integrate Services Dynamic Workload from Multiple Clouds Migration Insert Company Logo Here
  30. 30. Inter-cloud Potential for Disruption Interoperable Server Side Protocols and Formats Proprietary Proprietary Computing, Storage Computing, Storage Client Client SVMP*, SSRP*, SOIP* Proprietary Proprietary Computing, Storage Computing, Storage Client Client *Simple VM Mobility Protocol *Simple Storage Replication Protocol *Simple Other Inter-cloud Protocols As Needed Insert Company Logo Here
  31. 31. Evolution of the Cloud Computing Market from Stand-alone to the Inter-cloud Open Cloud (Federations) Private Cloud Private Cloud Virtual Inter Cloud Private Cloud Stand Alone Data Centers Public Cloud Public Cloud Public Cloud (1) Public Cloud (2) Phase 1 Phase 2 (Present) Phase 3 Phase 4 (2015–2017) Federation/Workload Portability/ Insert Interoperability/Security Company Logo Here
  32. 32. Agenda Service and Deployment Models Factoring the Network Into the Cloud Cloud Management Cloud Security Inter-cloud Standards Summary Insert Company Logo Here
  33. 33. Where Is the Standards Work to be Done? CSA DMTF NIST IEEE OGF ETSI-TC Grid MEF ITU-T And More…. SNIA CCIF OCM OASIS NCOIC IETF OCM LA TMF Insert Company Logo Here
  34. 34. Interoperability Standards Common Interfaces/APIs for Cloud services offered by Cloud SP (CSP)   OCCI for compute, SNIACDMI for storage   Not much for network, such as standard API for Virtual private Cloud (VPC), load-balancing (LB), firewall, QoS, bandwidth and other services Workload mobility/migration with following elements moving between Clouds (End user to CSP to Enterprise to CSP, CSP to CSP)   Virtual DC (vDC) with App, VM and relevant (App, VM, network) Configurations   Both static or live migration considered   OVF for vDC specification  move the OVF spec   Currently lacks features, such as network related   No standard VM (disk) format Insert Company Logo Here
  35. 35. Agenda Service and Deployment Models Factoring the Network Into the Cloud Cloud Management Cloud Security Inter-cloud Standards Summary Insert Company Logo Here
  36. 36. Summary Cloud Computing Represents a Shift in how Application and Data Center Resources Will be Architected and Consumed Sample Areas for Standardization:   Network abstraction, virtualization   Cloud security   Federation and interoperability   Innovation – What disrupts YOU? Insert Company Logo Here

×