View stunning SlideShares in full-screen with the new iOS app!Introducing SlideShare for AndroidExplore all your favorite topics in the SlideShare appGet the SlideShare app to Save for Later — even offline
View stunning SlideShares in full-screen with the new Android app!View stunning SlideShares in full-screen with the new iOS app!
Today’s Agenda • Gartner Definitions • Applications for IT as a CSB • Blue Cross Blue Shield Deployment • Intel Technology-CSB Enablement Platform Agenda • Q&A Application Security and Identity Products 2
Are You Really Prepared for Hybrid IT? Cloud Provider 1Required Skills Cloud Provider 2 Public Cloud• Provisioning • Customization e.g., Sales Cloud Provider 3• Billing • Management Automation e.g., VMI/• Support • Backups E-commerce Cloud Provider 4• APIs • Security e.g., Contact Verification• Migration • DR• Integration • etc. e.g., HR Who will manage this? You manage this Can you manage this?TraditionalOn-Premises Private Cloud
Definition: Cloud Services Brokerage Aggregation Brokerage Distributor * 100% 75% 50% CustomizationDefinition: BrokerageCSB is composed of three 25%primary roles in which an ISV*intermediary adds value toone or more cloud serviceson behalf of consumers of Providers of CSB competethose services. on the relative strengths of Integration the three CSB roles Brokerage • Are a brokerage System You • Enable brokerage Integrator* Either • Leverage brokerage* = Alignment with traditional IT services terminology
Aggregation Brokerage• Definition - Delivering two or more (can be many) services to service consumers, or other service providers• Characteristics - Deliver cloud in scale to many customers - No net new services functionality, per se - No integration or customization of services - Many-to-one or one-to-many services delivery Example Providers IT Distributors, Resellers,• Capabilities etc. - Ability to support large-scale cloud provisioning •Ingram Micro •Insight - Normalized discovery, access, billing, support •Parallels - Centralized management, SLAs, security, etc. •Synnex •Tech Data• Typical Scenarios CSB Enablers - IT distribution •Avnet •AppDirect • e.g., distributors, resellers and VARs doing cloud provisioning •FullArmor - App Stores, marketplaces •Jamcracker • e.g., telcos, cloud providers, companies provisioning cloud •VerecloudSee "Cloud Services Brokerage Is Dominated by Three Primary Roles," G00226509
Integration Brokerage• Definition - Making independent designed services work together as a combined outcome for consumers• Characteristics - Can be IT stack or data/process integration - Substantial new value through integrated result - One-to-many, many-to-one, many-to-many - Increasingly implemented via some form of iPaaS• Capabilities Example Providers - Messaging, adapters, translation, orchestration Evolving B2B/EC Providers •GXS - Community management (think: LinkedIn for e-commerce) •HubSpan - Governance (e.g., policy and API management) •IBM (Sterling Commerce) - Shared services (e.g., management and security) •Liaison Technologies• Typical Scenarios •SAP (Crossgate) CSB Enablers - Cloud-to-cloud integration •Dell (Boomi) • e.g., synchronizing contacts between Gmail, salesforce.com •IBM (Cast Iron) - Cloud to on-premises integration •Informatica •Intel • e.g., synchronizing order-to-cash between NetSuite, Quickbooks •Jitterbit - Traditional supply chain integration •Seeburger • e.g., for large communities of suppliers, customers, 3PLs, etc.See "Cloud Services Brokerage Is Dominated by Three Primary Roles," G00226509
Customization Brokerage• Definition - Altering or adding to the capabilities of a service to change or improve its function• Characteristics - Net new functionality via new, modified services - Original cloud services can be modified, enhanced - One-to-many or many-to-one service delivery• Capabilities - Modifications (services combined, enhanced, etc.) Example Providers - Implementation (of new services, applications, BPS Providers •BlinkHR processes, user interfaces, master data, etc.) •E2open - Analytics (messages, services, processes, etc.) •eBuilder• Typical Scenarios •psHealth •Wipro - New and composite applications System Integrators • e.g., new custom reports on Force.com for salesforce.com CRM •Appirio - Process or data enhancement •Atlantic Technologies •Celigo • e.g., price comparing service for "less than truckload" booking •Infosys - Business process services •Tieto • Configurable processes (e.g., VMI, delivered on one-to-many basis)See "Cloud Services Brokerage Is Dominated by Three Primary Roles," G00226509
Hype Cycle for Cloud Services Brokerage Three primary CSB roles expectations Cloud Management Private Cloud leads Internal CSB role Platforms Integration PaaS CSB enabling technologies Private Cloud Computing Communications Service Providers as Cloud Services Brokerages Application PaaS Aggregation Brokerage Packaged Integration and Cloudstreams CSB Integrated Billing BPaaS CSB Single Sign-On Cloud Services Brokerage Application Service Governance Cloud-Based Security Services Cloud Access Security Brokers Multisourcing Service Integrator Cloud-Based Multienterprise Processes Customization Brokerage Pure-Play CSBs Software as a Service (SaaS) Integration IT Distributors as CSBs Brokerage Cloud-Based Data Identification and Enrichment Services Internal CSB Infrastructure as a Service (IaaS) Traditional IT Services IT Manufacturers as CSBs Providers as CSBs Federated Help Desk for CSBs As of July 2012 Peak of Technology Trough of Plateau of Inflated Slope of Enlightenment Trigger Disillusionment Productivity Expectations time Plateau will be reached in: obsolete less than 2 years 2 to 5 years 5 to 10 years more than 10 years before plateauSee " Hype Cycle for Cloud Services Brokerage, 2012," G00234256 9
Emergence of Internal CSB Role Attributes of Internal CSB • Alternative to third-party CSB role: - You are "prime contractor" - Think: cloud-enhanced traditional IT multisourcing Maximum Public Cloud • IT responsible for all CSB roles:Internal CSB - Aggregation Scope - Integration - Customization • Scope of internal CSB role: - Minimally applies only to private Private Cloud cloud - Can also apply to private and Minimum public (hybrid) cloudInternal CSB - Can include "broker of broker" Scope role, for cascaded brokerage - Can optionally also include Traditional IT traditional IT assets
How the Internal CSB Role Compares to Traditional IT Multisourcing Integrator Role Traditional IT Service Emerging MSI Role Attributes CSB Role• Smaller ecosystem • Larger ecosystem - Up to a dozen Ecosystem - Up to hundreds• Fewer larger services • More smaller services - More coarsely grained Granularity - More finely grained• Fewer SLAs, T&Cs • More SLAs, T&Cs - Fewer KPIs to track Outcome - More KPIs to track• Fewer, static providers • More, dynamic providers - Trust, experience lead Dynamics - Value, innovation lead• More centralized, simple • More federated, complex - Manual escalation OK Help Desk - Automated escalation• Limited use, manual • More usage, automated - Fewer policies to track Governance - More policies to track• More control of IT assets • Less control of IT assets - Assets in one DC Control - Assets across cloud See "Essential Provider Selection Criteria to Use When Outsourcing the CSB Role," G00230681
When to Consider Internal CSB RoleConsider internal CSB when: • You would prefer to fund the CSB with capex versus opex. • An internal CSB will reduce your risk of consuming services. • You have and/or desire the requisite CSB skills and technology. • An internal CSB can meet time-to-deployment requirements quickly. • An internal CSB better meets your internal constituents needs. • An internal CSB is mandated by management (e.g., for compliance). • No viable external CSB is available for your IT project requirements. • You have a strong desire for centralized, internal control of all IT. • Your full project life cycle TCO will be lower via an internal CSB. • Being a CSB is considered a required internal core competency.See "Predicts 2012: Cloud Services Brokerage Will Bring New Benefits and Planning Challenges," G00227370
Integration Brokerage “Basic” Capabilities:Intermediation Layer• Messaging Technology FTP/MFT AS2 FTP/MFT, MOM, HTTP, SOAP, Proprietary, … - For secure, reliable communications of SOAP, REST RosettaNet,… SOA services, EDI and very large files• Adapters - For "last mile" connectivity to apps, Wrapper Wrapper trading partners, cloud APIs, etc. App Cloud API• Transformation - To translate data and messages• Orchestration - To disposition messages, tasks and events within a process contextFor more information, see "SOA Infrastructure Selection Criteria, 2009," G00170722.
Integration Brokerage “Scale” Capabilities:Application Services Governance Application Services Governance = API Management + SOA GovernanceWhat cloud service policies are likely to be enforced?•Security - User/service/API authentication — Fine-grained/role authorization•Technical SLAs - Schema validation — service/API throughput, availability, failover•Business SLAs - Approve POs of more than $1,000; give "Gold" customers priority routing; archive invoices from France; encrypt personally identifiable data
Evidence CSB Role Increasingly Matters Est. Annual IT Spend on CSB by 2014 (1): Who will be responsible for end-to-end delivery of $100 billion cloud services? (3) Frequency of search for CSB on Gartner.com via “cloud” + “broker” terms (2) #respondents = 322 for those already using or planning to use cloud computing or cloud services within 12 months1 – See “Examining The Magnitude of the Cloud Services Brokerage Opportunity: Carpe Deim!," – research will publish in two weeks.2 – See “Search Analytics: Cloud Service Brokerage Enters the Search Scene," – research will publish in two weeks. 163 – See “Survey Analysis: Cloud Services Brokerage Playing a Larger Role in the Future of IT Services," G00228550
Recommendations Recognize that the "service" in CSB has both business and technical connotations, with the emphasis on "outcome." Interpret CSB role through primary three IT services roles: Aggregation brokerage Integration brokerage Customization brokerage Use Gartner evaluation criteria to help determine if you should deploy an internal CSB or use an external CSB. Leverage providers of CSB-enabling technology where appropriate to help enable your internal CSB role
Recommended Gartner Research Cloud Services Brokerage Is Dominated by Three Primary Roles Daryl Plummer, Benoit Lheureux, Michele Cantara (G00226509) Cool Vendors in Cloud Services Brokerages, 2012 Tiffani Bova, Daryl Plummer and others (G00231938) Predicts 2012: Cloud Services Brokerage Will Bring New Benefits and Planning Challenges Daryl Plummer, Benoit Lheureux and others (G00227370) Essential Provider Selection Criteria to Use When Outsourcing the CSB Role Benoit Lheureux, Jim Longwood (G00230681) The Role of CSB in the Cloud Services Value Chain Benoit Lheureux, Daryl Plummer, Tiffani Bova (G00218960)For more information, stop by Gartner Solution Central or e-mail us at email@example.com.
BCBSA Mediation Layer Architecture August 09, 2012 Presentation at Intel / Gartner Webcast Plamen Petrov Chief Enterprise Architect Blue Cross Blue Shield AssociationA presentation of the Blue Cross and Blue Shield Association. All rights reserved.
Blue Plans have been leading the industry for 83 years The Blue Cross and Blue Shield System consists of 38 independently operated Blue Cross and Blue Shield member companies , a Federal Employee Program® and an Association, which serves the collective needs of the Blue Cross and Blue Shield Plans.Cover 100M people – Blues serve1 in 3 Americans Nationwide access. Local support. 85% of Fortune 100 CompaniesBlue Plans contract with Blue Brand is #1 overall96% of U.S. hospitals and brand equity in the health91% of all physicians insurance industry Blues committed to serving local communities and national customers A presentation of the Blue Cross and Blue Shield Association. All rights reserved. 20 12-131-V
BCBS Plan Members Access Many Services and Data Stores Local Plan BCBS Plan Local Member Hospital Remote BCBS Plan BCBSA Remote Hospital Consumer Services Plan Member accesses services provided by different entities and data stored in many locations A presentation of the Blue Cross and Blue Shield Association. All rights reserved. 21 12-131-V
Service Brokering and Mediation Layer Services Clients Architecture Standards Governance Analytics Blue Plan BluesNet 3rd Party Vendor Cloud Services VPNs Cloud Services Internet Infrastructure Master Data Platform Services Services Services BCBSA Mediation Layer BCBSA PlanConnexion Cloud Services Cloud ServicesA presentation of the Blue Cross and Blue Shield Association. All rights reserved. 22 12-131-V
Mediation Services Platform Browser or M o b i l eAuthN /Info R e q u e s t Medical I n f o r m a t i o n Service Provider P o r t a l BCBSA Plan A Doctor I n f o r m a t i o n Peer Reviews, A w a r d s • Web S e r v e r • Mobile T i e r S e r v ic e s M e d ia tio n a n d Integration Broker SO A P JS O N X M L BCBS Plan B On-prem 3rd P a r t y Info P r o v i d e r s Partner A P I Flat F i l e Mgt A P I Security Brokerage Technology ED I • SSL Termi n ati o n • Data T r a n s f o r m • Web S e r v e r • Service M e t e r i ng/Monito r i n g • Protocol Mediati o n • ID trans l ati o n • Service Routi n g/Ver s i o n i ng • Mobile T i e r BCBS Plan C 3rd Party C l o u d Info P r o v i d e r s • Web S e r v e r • Mobile T i e r Service Mediation and Integration Brokerage A presentation of the Blue Cross and Blue Shield Association. All rights reserved. 23 12-131-V
Andy Thurai, Chief Architect, IntelIT CSB TECHNOLOGYENABLEMENTCONSIDERATIONS 24
Mobile and API Service Growth a Driver for IT CSBOther Internal CSB Deployments•Online University•Healthcare Claims Provider•SI Delivering Composite Apps•Telco Service Aggregator Extended Enterprise IT CSB PlatformPrivate & Public Developer & PartnerCloud Provider Consumers *Source ProgrammableWeb CSB Platforms offer way to automate & scale fine-grain service brokering for composite and mobile apps used by IT 25
IT’s CSB Platform Simplifies Service Consumption On-prem Service Service/API Providers Broker PaaS App ServicesEnterprise Departments/Developers Id & Security Broker HTTP, Service 1 REST Global Apps, IDM, Middleware SOAP, JMS, DB, App to Cloud FTP-any Calls Integration PII Data SaaS Applications Tokenization Service 2 HTTP REST JSON Departments 1-n Developers & API Mgt Service Admins Service 3 Partners Simplified, API Exposed Create Standardized Apps that invoke aggregated services HTTP, REST/SOAP/ Orchestrate JSON VM/Services Service 4 3rd Party CSBs & Sharing API Descriptions, Tools, Data Enrich Services Data Integration Dev Community Service 5 REST API Portal 26
Service Gateway Fast Path to Operating as a CSB Vendor Mgt- Contracts, SLA, Tracking Responsibilities Monitor Security Standards & Policies & Enablement Tools Dev Support & Disaster Recovery IT CSB Operator Value Added Custom “Glue” Code • Consistent policy enforcement for integration, COTs Core security, compliance across departments CSB Platform Monetization/Charge Back App Service Gov & Security, Access, Developer Community Integration Compliance • Meter usage • • Configuration not code API management • Edge threat protection • Throttle per SLAs • • Discovery of aggregated Policy creation & exe • Data Loss Protection services from IT • API Analytics • Legacy & SOA integration • Federated ID Brokering • Meta data • Orchestrate & transform • PCI PII Data Tokenization • Protocol translation Move from Line of Business to “Enterprise Controlled Consumption of Cloud Services 27
Security is Central for IT to Consume and Expose APIs Trust - API Access Control Threat - Perimeter Defense IdM • Denial of Service Protection: Via app security proxies and gateway capabilities• Authentication: Enabled through SSL/TLS, OAuth, SAML, Shared Secret • Code Injection: Via pattern-based Mechanisms, Custom API Keys, Digital scanning of SQL Injection, XSS, XML Signature/PKI processing, Database threats, XPath injection authentication rules • Malware Detection: Via heuristics that detect malware behavior• Authorization: Enabled through XACML, • A/V Scanning: Via signature based authorization decision points, coded in scanning of MIME attachments policies, custom built rules • Data Leak Prevention: Via network DLP scanning for API calls CSB platforms deliver these capabilities. Standards based and independently certified 28
More: www.cloudsecurity.intel.com White Paper Webinars CSB Research & Case Study On-demand • NIST & CSA CSB • API Management with ProgrammableWeb • API DLP Security • Meet Cloud API 29