• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Stki summit2013 infra_pini sigal_mega_v10 final
 

Stki summit2013 infra_pini sigal_mega_v10 final

on

  • 863 views

First Presentation

First Presentation
Mega Trends in changing DC
Pini Cohen
Sigal Russin

Statistics

Views

Total Views
863
Views on SlideShare
801
Embed Views
62

Actions

Likes
1
Downloads
1
Comments
0

1 Embed 62

http://www.scoop.it 62

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Stki summit2013 infra_pini sigal_mega_v10 final Stki summit2013 infra_pini sigal_mega_v10 final Presentation Transcript

    • Changing STKIData Center Summit 2013 Pini Cohen Sigal Russin IT at the crossroads: Lead, follow or get out of the way
    • Pini Cohen and Sigal Russin’s work/ Copyright@2013Do not remove source or attribution from any slide, graph or portion of graph 2
    • Agenda TechnologyMega Trends Domain Trends Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or 3 attribution from any slide, graph or portion of graph 3
    • The New ITOperations-different thinking• 18 Million Visitors, 10x Growth,12 Employees, 410 TB of Data Pinterest• An organization with 2 backend engineers can now scale a Instagram system to 30+ million users.• ~1000 hardware nodes in production and ~20 engineers Tumblr• Continuous deployment happens 25 times a day because it’s so Etsy easy.• No architects, engineers work across the entire stack. You own TripAdvisor your project end to end, and are responsible for design, coding, testing, monitoring. Most projects have 1-2 engineers. Amazon• You build it, you run it Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 4
    • Domains of change• Focus on generating business value through agility and flexibility• Move to distributed architectures• Move away from ownership as a core competency• Separation of concerns along services boundaries• Decentralization and reorganization of processes around services• Push of responsibility to as close to the developer as possible Source: http://highscalability.com/blog/2012/5/7/startups-are-creating-a-new-system-of-the-world-for-it.html STKI modifications Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 5
    • Old Datacenter New Cloud DatacenterLicensed and Installed Applications SaaS (Workday, Pagerduty, EMR)Central SQL Database Distributed Key/Value NoSQL Source: http://highscalability.com/blog/2012/5/7/startups-are-creating-a-new-system-of-the-world-for-it.html STKI modificationsSticky In-Memory Session Shared Memory Cache SessionTangled Service Interfaces Layered Service InterfacesInstrumented Code Instrumented Service PatternsFat Complex Objects Lightweight Serialized ObjectsComponents as Jar Files Components as ServicesChatty Protocols Latency Tolerant ProtocolsManual and Static Tools Automated and Scalable Tools Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 6
    • Old Datacenter New Cloud DatacenterSA/Database/Storage/Networking Admins NoOps/OpsDoneMaturelyButStillOps Source: http://highscalability.com/blog/2012/5/7/startups-are-creating-a-new-system-of-the-world-for-it.html STKI modificationsMonolithic Software Development Teams Organized around ServicesMonolithic Applications Building Your Own PaaSStatic and Slow Growing Capacity Incremental and Fast Growing CapacityHeavy Process/Meetings/Tickets/Waiting Better Business AgilitySingle Location Massive Geographical DistributionVendor Supply Chains Direct to DeveloperFocus on How Much it Costs Focus on How Much Value it BringsOwnership/CapEx Leasing/OpEx/Spot/Reserved/On Demand Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 7
    • You need to change! Source: http://www.forbes.com/pictures/eghe45eefgi/16-things-to-think-about-when-youre-considering-a-career-change/ Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 8
    • Traditional IT is changingLOB LOB LOB Enterprise CIO Procurement OCIO IT ProcurementSoftware Development IT Infrastructure Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 9
    • The next IT OrganizationLine of Businesses Pay per Software House UseEnterprise Procurement IT Delivery Services Managed Services Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 10
    • The new CIO/VPTech has to become:An internal strategic consultant more like (the model) HR, legal, financial VPs. That will help the business move from enterprise IT productivity to business productivityDevelops the Enterprise Digital Strategy that builds value through innovation: Technology solutions for the LOBs and manages the business change needed (new business processes) Leadership in tablet efforts because business-driven tablet programs will uncover transformative opportunities Defines and implements technology (used by the clients of the enterprise) in order to increase revenues Dr. Jimmy Schwarzkopf’s work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 11
    • IT Delivery Services DepartmentIT Delivery Services move:  from an infrastructure-component focused IT that is expensive to sustain and maintain to one focused on end-to-end service management, user experience and “fair” chargeback policiesDatacenter transformation, consolidations, vendor management, cloud, and application rationalization mandate: Formal governance structures for operational risks. Automation of management and control functionalities Secure access of users based on location and function Charges for “real” metered service delivery Validates, audits, protects, backups data Validates cloud provider service levels (SLAs) Dr. Jimmy Schwarzkopf’s work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 12
    • The new InfrastructureDelivery manager has to deliver:• Enable consumerization (BYOEverything)• Business enablement with best of class technologies. Examples: • Follow Software Defined X • Take advantage of new HW technologies (in memory, GPU, ARM servers) • Big Data• Manages operational risk, security and cyber for all technologies the enterprise uses• Infrastructure investment model – continues cost reduction• Manages the IT Department as an IT vendor with new InfraOps delivery model: • Private Cloud, automation, self service and chargeback tools • Embrace infrastructure as code • Deploy public cloud when possible Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 13
    • AgendaBYOEverything Security BusinessConsumerization & enabling Cyber technologies Infrastructure The new investment infraops model-cost delivery model reduction Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 14
    • Consumerization of IT (CoIT)• This mega trend is more than a decade old.• People are resourceful. They’ll find what they need to be successful. They’ll bring what they need to drive the business forward.• Whether it’s the proliferation of mobile devices or on- demand software, business people are driving IT.• Most companies allow for it. Few can effectively deliver applications or governance to support it. BYOE Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 15
    • Implications of the changing endpoint paradigm• The new endpoint experience• BYOD• What will happen to the suppliers  Changing business model• New Application development technology and functionality  SW distribution – APP stores BYOE Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 16
    • Source: cisco survey BYOD 2012 BYOE Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 17
    • BYOE Pini Cohen and Sigal Russins work Copyright@2013Do not remove source or attributionfrom any slide, graph or portion of graph 18
    • BYOE Pini Cohen and Sigal Russins work Copyright@2013Do not remove source or attributionfrom any slide, graph or portion of graph 19
    • BYOE Pini Cohen and Sigal Russins work Copyright@2013Do not remove source or attributionfrom any slide, graph or portion of graph 20
    • BYOE Pini Cohen and Sigal Russins work Copyright@2013Do not remove source or attributionfrom any slide, graph or portion of graph 21
    • KSP is selling tablets and smartphones BYOE Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 22
    • Bring Your Own Device• It is happening?• Does your organization support BYOD devices (smartphones)? Source: http://blogs-images.forbes.com/johnherrema/files/2012/03/BYOD-support.jpg BYOE Source: GOOD technologies survey 2012 Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 23
    • BYOD Usage and Policies Do employees access Does your organization have a business information BYOD policy to access businessusing personal devices? information? BYOE Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 24
    • BYOD Risk Classification Information security Employee privacy Software Licensing - Is software acquired by the business be installed on BYOD device? Damage to the BYOD device by business IT – who is responsible? Technological risk –the more connections you have the lower performance (applications, SSL VPN, WI-FI) Is there any increase in human Resources with BYOD? Increase the use of identity access management tools BYOE Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 25
    • BYOD Bring Your Own Device Saving in Where tooutlay on IT A policy Start? items document on BYOD  Supported Devices  Access Permission Productivity  Using VPN Security  Set passcodes BYOE Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 26
    • BYOE Pini Cohen and Sigal Russins work Copyright@2013Do not remove source or attributionfrom any slide, graph or portion of graph 27
    • BYOD Bring Your Own Device PolicyWhat types of devices (version of the operating system) canaccess to business resourcesWhich Access level your different groups of users requireWhat applications are required for a user.A VPN is required for personnel likely to be using public Wi-Fi networks.Educate users about the importance of setting passwordsand passcodes BYOE Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 28
    • Access business information using BYOD ‫האם בארגונכם מאפשרים סנכרוןחיבור מכשירים חכמים‬ ? )‫טלפון פרטיים למאגרי מידע בארגון (אימייל, אפליקציה‬ 31% ‫לא‬Source: current Analysis inc. BYOD survey 69% ‫כן‬ Source: STKI RT MDM BYOD Survey FEB 2013 BYOE Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 29
    • MAC MAC ‫האם בארגונכם מאפשרים סנכרוןחיבור‬ ?)‫פרטיים למאגרי מידע בארגון (אימייל, אפליקציה‬ 75% ‫לא‬ 25% ‫כן‬Source: STKI RT MDM BYOD Survey FEB 2013 BYOE Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 30
    • BYOD Policy ‫האם בארגונך קיימת מדיניות ברורה בנושא של‬ ?‫- יישומים מותר להתחבר ולאיזה אסור‬BYOD 25% ‫בתהליך‬ 44% ‫לא‬ 31% ‫כן‬Source: STKI RT MDM BYOD Survey FEB 2013 BYOE Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 31
    • BYOD importanceSource: STKI RT MDM BYOD Survey FEB 2013 BYOE Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 32
    • MDM process ‫האם ארגונכם הטמיע/נמצא בתהליך הטמעת מוצר‬ ‫ או פתרון‬MDM ( ‫אבטחת מידע/ניהול למובייל‬ ?)‫דומה‬Source: STKI RT MDM BYOD Survey FEB 2013 BYOE Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 33
    • Privacy employee concern ‫האם קיים בארגונך חשש מפגיעה בפרטיות‬ ?MDM ‫העובד בעת שימוש בכלי מסוג‬Source: STKI RT MDM BYOD Survey FEB 2013 BYOE Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 34
    • ‫1102 ‪Important issues when choosing MDM solution‬‬ ‫תמיכה במגוון מערכות הפעלה‬ ‫3‬ ‫אכיפת מדיניות ארגונית על המכשיר‬ ‫1‬ ‫אבטחת מידע על המכשיר (ססמאות, ‪)AV ,FW‬‬ ‫2‬ ‫הפרדת המידע הארגוני מהמידע הפרטי על המכשיר‬ ‫4‬ ‫ניהול מצאי, קונפיגורציה ו ‪ Image‬של המכשיר‬ ‫6‬ ‫יכולות הפצת תוכנה ואפליקציות למכשיר‬ ‫8‬ ‫ניהול מרכזי ואינטגרציה למערכות ארגוניות‬ ‫5‬ ‫יכולות תמיכה ותפעול מרחוק של המכשיר (למשל לצרכי ‪)HelpDesk‬‬ ‫6‬ ‫יכולות דיווח וניהול הוצאות כספיות הקשורות למכשיר (למשל: התראות על נדידת רשתות בחו"ל)‬ ‫01‬ ‫ארכיטקטורת הפיתרון (‪ ,SAAS‬שרת באתר, מודל התימחור וכו)‬ ‫9‬‫3102 ‪Source: STKI RT MDM BYOD Survey FEB‬‬ ‫‪BYOE‬‬ ‫‪Pini Cohen and Sigal Russins work‬‬ ‫3102@‪Copyright‬‬ ‫‪Do not remove source or attribution‬‬ ‫‪from any slide, graph or portion of‬‬ ‫‪graph‬‬ ‫53‬
    • ‫3102 ‪Important issues when choosing MDM solution‬‬ ‫3102‬ ‫תמיכה במגוון מערכות הפעלה‬ ‫2‬ ‫אכיפת מדיניות ארגונית על המכשיר‬ ‫1‬ ‫אבטחת מידע על המכשיר (ססמאות, ‪)AV ,FW‬‬ ‫4‬ ‫הפרדת המידע הארגוני מהמידע הפרטי על המכשיר‬ ‫3‬ ‫ניהול מצאי, קונפיגורציה ו ‪ Image‬של המכשיר‬ ‫6‬ ‫יכולות הפצת תוכנה ואפליקציות למכשיר‬ ‫5‬ ‫ניהול מרכזי ואינטגרציה למערכות ארגוניות‬ ‫7‬ ‫יכולות דיווח וניהול הוצאות כספיות הקשורות למכשיר (למשל: התראות על נדידת רשתות בחו"ל)‬ ‫9‬ ‫ארכיטקטורת הפיתרון (‪ ,SAAS‬שרת באתר, מודל התימחור וכו)‬ ‫8‬ ‫‪BYOE‬‬‫3102 ‪Source: STKI RT MDM BYOD Survey FEB‬‬ ‫‪Pini Cohen and Sigal Russins work‬‬ ‫3102@‪Copyright‬‬ ‫‪Do not remove source or attribution‬‬ ‫‪from any slide, graph or portion of‬‬ ‫‪graph‬‬ ‫63‬
    • Management Requirements for MobileA. Configuration and protection of lost or compromised devices- password enforcement, encryption enforcement, remote lock and wipe, remote email configuration, certificates for identity, remote connectivity (Wi-Fi, VPN) and detection of compromised OS (jailbreak, rooted etc).B. Data loss prevention (DLP)- privacy control (GIS), cloud usage control (iCloud, dropbox, GoogleDocs) and email DLP controls (protect attachments).C. Provisioning and data security in apps- Google Play market is full of malware. Microsoft and blackberry copied Apple approach. Control your business apps with group policies and content- managements controls. BYOE Source: Mobile Security, Galen M. Gruman, infoworld Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 37
    • Mobile Device Security • Beware of Wi-Fi- in public places such as hotels, restaurants, cinema etc.1 • Turn off Bluetooth- it can be used to listen in on private conversations. Also on2 laptops. • Connect to your corporate VPN -if you have to use an untrusted network. It enable3 you to connect in “full tunnel” mode. • Keep a close eye on your equipment – never leave any device alone.4 • Don’t share files with strangers using USB keys- it can delete your sensitive data or5 install a malware. Source: information week Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 38
    • Secure Sandbox vs. Secure container -MAM Mobile Device Management (MDM)- control the user owned device from an Enterprise standpoint. Data meaningful and valuable for the company should not be lost or end up in the wrong hands. Mobile Application Management (MAM) –the ability of the Enterprise to keep control on rolling over or calling back applications deployed in an end-user device without having impact on the user privacy.Source:http://www.webtorials.com/discussions/2012/09/thank-you-mam-new-ways-to-plug-mobile-data-leaks.html BYOE Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 39
    • Mobile Device Management -Israeli Market Positioning 1Q13 Mobile Iron AirWatch Player Local Support Worldwide FancyFone Leader Symantec Fiberlink Citrix( Zenprise) BoxTone Matrix McAfee Market Presence/Perception BYOE Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 40
    • Mobile Container Management -Israeli Market Positioning 1Q13 Player Good Local Support Technologies Worldwide Leader Excitor Sybase Market Presence/Perception Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 41
    • Case Study - IBM PolicyIBM still gives BlackBerrys to about 40,000 of its 400,000 employees, 80,000other workers now reach internal IBM networks using other smart phonesand tablets they purchased themselves.• Disables public file-transfer programs like Apple’s iCloud, dropbox etc.• Turns off Siri- they worried that the spoken queries, which are uploaded to Apple servers, could ultimately reveal sensitive information.• Each employee’s device is treated differently, depending on what model it is and what the person’s job responsibilities are (Email, calender, IBM apps …)• Developing strategies to reduce the risk of data leakage (Wi-Fi hotspot) Source: “Mobile Computing in Question” business impact, MIT 2012 BYOE Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 42
    • BYOD challenges (Case study IBM internal work)• Providing modern and secure network access that supports: • Personally owned devices Source: IBM http://www.google.co.il/url?sa=t&rct=j&q=&esrc=s&source=web& cd=1&cad=rja&ved=0CCsQFjAA&url=http%3A%2F%2Fwww.esl.dk %2Fmedia%2F35735%2FFredag%2520Carsten%2520B%2520Ander sen%2520Personally- • Partitioning technologies owned%2520devices%2520at%2520IBM%2520(ISACA).ppt&ei=9TI wUevYLseRswbS94G4Bw&usg=AFQjCNFnISWnbM8bhmQSsBLhtrvt -XHGmg&bvm=bv.43148975,d.Yms • Mobile device management • Multiple device types / multiple OS versions• Defining a mobile application portfolio• Providing an easy-to-use “app store” for distribution of applications• Standardization and comprehensive tooling• Supporting a variety of devices, platforms, carriers and countries• Securing access to corporate data and developing strategies to reduce the risk of data leakage (Wi-Fi hotspot)• Addressing unexpected legal or compliance demands BYOE• Managing expenses and determining the right balance of reimbursement Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 43
    • Addressing the challenges with a four-pronged approachTechnology: Policy: Sunset legacy devices (Symbian, Win  Security (ITCS300) Mobile)  Client Standard Cross link Traveler accounts with IBM 1. Technology  Connection tools and service Endpoint Manager registration expense eligibility (CIO 128) Digital Certification for all mobile  All mobile devices must be devices (1st step authentication) registered in IBM Endpoint Cross link digital certs to IEM and 4. Support 2. Policy Manager network access WiFI protection via enforced registration Containerization solutions Education: Remote wipe capability Enable and deploy high 3. Education  Provide education and certification to enable value applications employees to be “security aware” Support:  Annual Business Conduct  Self-support model, Source: IBM http://www.google.co.il/url?sa=t&rct=j&q=&esrc=s&source=web& cd=1&cad=rja&ved=0CCsQFjAA&url=http%3A%2F%2Fwww.esl.dk Guidelines certification powered by IBM’s social %2Fmedia%2F35735%2FFredag%2520Carsten%2520B%2520Ander sen%2520Personally- owned%2520devices%2520at%2520IBM%2520(ISACA).ppt&ei=9TI  “Ask the experts” software IBM Connections wUevYLseRswbS94G4Bw&usg=AFQjCNFnISWnbM8bhmQSsBLhtrvt -XHGmg&bvm=bv.43148975,d.Yms Pini Cohen and Sigal Russins work 44 Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 44
    • Develop a strong usage policyo Use of personal devices for business purposes is voluntary.o Eligible employees (all except privileged users) can use personal devices as long as they agree to the IBM terms and conditions.o Employees must adhere to security policies and installation of security agent to ensure their device is secure.o IBM or client information and data (property) maintained or stored on a device is owned by IBM. BYOE Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 45
    • Develop a strong usage policyo Employee agrees to allow IBM to inspect or take possession of the device upon request.o IBM can revoke the ability to use the device.o IBM can do a remote wipe of the device at any time, if the device is lost or stolen.o User will remove all IBM property when they stop using the device.o IBM may, but is not obligated to provide any 3rd party software. User must obtain valid licenses for any 3rd party software they choose to use for IBM business or purchase it . BYOE Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 46
    • Summary - BYODI. Have sensible, but not restrictive, policies. Emphasize user education about the threats such as lost, stolen, and infected mobile devices. Enforce reasonable policies such as requiring a PIN code.II. MDM -Implement remote lock, wipe, and locate features on company- and employee owned devices.III. Install anti-malware protection or a MAM – security container for business apps.IV. Use VPNs for everything when connecting to company assets from mobile devices, especially when connecting over public Wi-Fi.V. Focus on authentication and identity. Multifactor authentication or federated identity should be used to access high-value services on the company network. 47
    • PC sales are down Suppliers Change Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 48
    • These changes influence NasdaqMicrosoft Apple Suppliers Change Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 49
    • Suppliers Change Pini Cohen and Sigal Russins work Copyright@2013Do not remove source or attributionfrom any slide, graph or portion of graph 50
    • Windows 8 for “regular” PC’s Suppliers Change Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 51
    • Microsoft: from SW (license) to Services• Computerworld has confirmed that Office 2013 is permanently locked to the original machine it was installed on…. you will be unable to move it to a new machine should the need arise• Microsoft has made it fairly clear that it is now far more interested in getting consumers to sign up for its Office 365 product that works off of a subscription plan. Since this can be accessed from just about anywhere it would eliminate the need for re- installing a copy of Office that involves a license. Suppliers Change Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 52
    • Microsoft is looking for new way to do business• Windows Blue confirmed in new Microsoft job listings: “Windows Blue promises to build and improve upon these aspects of the OS, enhancing ease of use and the overall user experience on devices and PCs worldwide.”• Rumors about Windows Blue: • The first of a number of annual operating system updates to Windows 8. • There also is a Windows Phone Blue in the works that is expected to have the same core code as Windows Blue. • Its not clear to me when and whether Microsoft will roll out something known as Windows 9, given the new plan to deliver Windows operating system updates annually, rather than once every three years Suppliers Sources: http://www.zdnet.com/microsofts-windows-blue-may-have-just-hit-milestone-1-7000011514/ and http://www.neowin.net/news/windows-blue-confirmed-in-microsoft-job-listing Change Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 53
    • However• Service = Subscription = Rental• The “Cloud way” - you pay for what you need – can grow or reduce seats• There is no asset for the organization• Negotiation is tricky Suppliers Change Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 54
    • Mobile will cause new development paradigm Source: http://www.kendoui.com/surveys/global-developer-survey-2013.aspx Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 55
    • Enterprise App Store Source: http://velositor.com/2012/03/15/almost-3-in-5-enterprises-said-they-were-looking-to-implement-a-corporate-app-store/Source: http://www.ebizq.net/blogs/mashups/2011/07/is-your-it-organization-ready-for-the-attack-of-the-angry-birds.php Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 56
    • A new eraSource: http://www.socialtechpop.com/2010/10/old-vs-new-trends-in-social-media/ Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 57
    • AgendaBYOEverything Security BusinessConsumerization & enabling Cyber technologies Infrastructure The new investment infraops model-cost delivery model reduction Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 58
    • Open Networking Foundation on SDN … In the SDN architecture, the control and dataplanes are decoupled, network intelligence and stateare logically centralized and the underlying network infrastructure is abstracted from the applications … Enabling technologies Source: opennetworking.org Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 59
    • Enabling technologies Pini Cohen and Sigal Russins work Copyright@2013Do not remove source or attributionfrom any slide, graph or portion of graph 60
    • SDN Vendorso Cisco: Open Networking Environment (ONE), EEM (Tcl), Python scriptingo Juniper: Junos XML API and SLAX (human-readable XSLT)o Arista EOS: XMPP, Linux scripting (including Python and Perl)o Dell Force10: Open Automation Framework (Perl, Python, NetBSD shell)o F5: iRules (Tcl-based scripts) Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 61
    • Case Study Enabling technologies Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 62
    • Enabling technologies Pini Cohen and Sigal Russins work Copyright@2013Do not remove source or attributionfrom any slide, graph or portion of graph 63
    • Key aspects of SDNI. Separation of data and control planesII. A uniform vendor-agnostic interface such as OpenFlow between control and data planesIII. Logically centralized control plane, realized using a network OS, that constructs and presents a logical map of the entire network to services or network control applications on topIV. Slicing and virtualization of the underlying network Enabling Source : http://yuba.stanford.edu/openflow/documents/openflow_deployment_journal_paper_aug2012.pdf technologies Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 64
    • Today Networking Devices BA 1 C IP Routing Table 2 1-> B5 3-> A1 3 1 2 1 2 4 5 1 2 3 3 Enabling technologies Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 65
    • Current Networking Systems Enabling Microsoft ERP SAP CRM technologies 1 2 3 CPU RP SuperVisor Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 66
    • The “Software-Defined Network” Microsoft ERP SAP CRM Open API Network Operating System –SDN Controller Open Interface to Hardware “If header = x, send to port 4” Openflow Firmware Openflow Firmware Packet-Forwarding Packet-Forwarding Hardware HardwareOpenflow Firmware Openflow Firmware EnablingPacket-Forwarding Packet-Forwarding technologies Hardware Hardware Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 67
    • Current technology Future technology ERP SAP CRM ERP SAP CRM WindowsWindows Windows Windows Windows Windows Windows Network Windows Windows NOX- Windows Windows Beacon-SDN WindowsWindows Linux FreeBSD OS Nicira controller Virtualization Virtualization x86 Openflow Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 68
    • “S” for Software Enabling Policy/Control SW 1. Static Checking technologies (“compile time”) “Is my configuration Configuration correct?” 2. Dynamic checking (“run time”) Data Plane “Is my data plane behaving correctly?”Source : Formal checking in networks, ONCR Research , James Hongyi Zeng Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 69
    • SDN Benefits SDN allows companies to:Manage Change  Remove the complexity  Reduce the cost of network reconfigurationIntegrate Cloud Services  Turn the network into a truly dynamic and flexible asset.Network Investments Enabling technologies Source: http://www.accenture.com/us-en/Pages/insight-software-defined-networking-video.aspx Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 70
    • Open Flow  Today, your Routing Protocols / STP determine the Forwarding Table in your network.  OpenFlow is another method for configuring the Forwarding table in the Network Switch. OpenFlow will replace existing routing protocols !“If header = x, send to port 4”“If header = y, overwrite header with z, send to ports 5,6”“If header = ?, send to me” Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 71
    • Enabling technologies Pini Cohen and Sigal Russins work Copyright@2013Do not remove source or attributionfrom any slide, graph or portion of graph 72
    • Pini Cohen and Sigal Russins work Copyright@2013Do not remove source or attributionfrom any slide, graph or portion of graph 73
    • Pini Cohen and Sigal Russins work Copyright@2013Do not remove source or attributionfrom any slide, graph or portion of graph 74
    • Summary - SDNA. You should have clear vision about how SDN technology will benefit your business.B. It is very early days for SDN -- the market, standards and technology will evolve.C. Think about SDN implementation challenges: human resource. Vendor support, organization impact.D. Think about the potential impact of SDN on your operational costs.E. Improved network security is a critical potential benefit of SDN.F. Identify a specific initial use case for SDN. For example, reducing the time to provision network security to new (or migrating) VMs. 75
    • application(s) Server file-system ScaleIO Server ECS vol. manager ScaleIO ECS eliminates the block dev. dependency on SAN hardware ScaleIO Client drivers ScaleIO ECS software components: Space DAS ScaleIO • ScaleIO Data Client (SDC) allocated protocolto ScaleIO • ScaleIO Data Server (SDS) HBA NIC/IB External switch switch Fabric Storage switch HBA Subsystem Enabling technologies Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 76
    • Other vendors are following this trend Enabling technologies Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 77
    • • Does : EnablingSoftware Defined Network technologies +Software Defined Storage +Software Defined X (more similar technologies) =Software Defined Datacenter? Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 78
    • Software Defined Datacenter• Forrester: An SDDC is an integrated abstraction layer that defines a complete data center by means of a layer of software that presents the resources of the data center as pools of virtual and physical resources, and allows them to be composed into arbitrary user-defined services. Enabling Source: http://www.vmware.com/files/include/microsite/sddc/the_software-defined_datacenter.pdf technologies Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 79
    • STKI on Software Defined Datacenter• Two main vectors in Software Defined X: Enabling • Central control of all related components technologies • Use more simple HW – up to “standard servers” for everything• Will enable application to “ask” specific things from the HWinfra layer• Promising concept and a “game changer” but it will take time Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 80
    • EnablingSource: http://atea.lt/wp-content/uploads/2012/11/5-3-Datacenter-of-the-future-Atea-Action-2012.pdf technologies Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 81
    • Enabling technologiesSource: http://atea.lt/wp-content/uploads/2012/11/5-3-Datacenter-of-the-future-Atea-Action-2012.pdf Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 82
    • Facebook changed the DC industry : Open Compute Project• Open Compute Project: internet/cloud companies working collaboratively to come up with a better motherboard design, a better power supply based on Intel or ARM chips.• Facebook donated hardware designs to the Open Compute Project , showing how it had significantly cut costs with a new breed of slim-down gear purchased directly from manufacturers in Asia.• Rackspace : (second only to Amazon in the cloud computing game) donateddesigns to the Open Compute Project. • Rackspace’s hardware accommodates a different power system than Facebook’s gear. • The server includes an extra network connection and some extra management tools. And it’s designed to handle a much larger number of connecting cables• Google and Amazon have also bypassed big-name server makers going directly to more nimble manufacturers, but they’ve not donated their designs Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 83
    • Enablingtechnologies Source: SAP Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 84
    • SAP HANA• From Disk to RAM• From Row to Column• From Text to Binary• Compression of data• New data manipulation algorithms – build for the Intel Core level Enabling technologies Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 85
    • Enabling technologies Pini Cohen and Sigal Russins work Copyright@2013Do not remove source or attributionfrom any slide, graph or portion of graph 86
    • GPGPU• General-purpose computing on graphics processing units (General-purpose graphics processing unit, GPGPU, GPGP or less often GP²U) is the utilization of a graphics processing unit (GPU), which typically handles computation only for computer graphics, to perform computation in applications traditionally handled by the central processing unit (CPU). Source: wiki Enabling technologies Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 87
    • The GPU-Force! Enabling technologies Source: http://www.nvidia.com/object/personal-supercomputing.html Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 88
    • Amax GPGPU Cluster Enabling technologies Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 89
    • Intel’s Xeon PHI Enabling technologies Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 90
    • The SQream Product Topology Enabling technologies Data Data UsersSources Storage ~ 90% crunching 100TB of original data  Performance – x25 ++ 25%-50% raw data  x10, x25, x40, X100 faster Pini Cohen and Sigal Russins x5-x10 compression  than leading DBMSs Do not Copyright@2013 work remove source or 5TB-15TB on SQream’s Server attribution from any slide, graph or portion of graph 91
    • Technology Enabling• Data Crunching: technologies• Faster compression time X20• Faster decompression time X50-X70• Higher compression ratio X5-X15• Compute:• Faster MPP in a node X20• Higher scalability X1 node X3000 cores• Lower hardware cost 7,000,000$ > 15K Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 92
    • The internet of things• “Devices are smart” and have You have fever Take a pill right sophisticated software installed now!• What about the software license I don’t like in the device?! this tie I need to be changed! Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 93
    • Internet of things (sensor/computer to computer)• "Always On" world around us • Cheap, smart, small, image recognition, augmented reality • Near Field Communication and location aware sensors• Everything gets connected• Not only “personal” devices but “business” devices flourish Source: http://www.ibmbigdatahub.com/blog/next-best-action-internet-things • Real-time decision support for customers and employees Enabling technologies Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 94
    • 95 Do not remove source or attribution technologies from any slide, graph or portion of Pini Cohen and Sigal Russins work Enabling Copyright@2013 graph Srouce: http://www.xbitlabs.com/news/other/display/20120620221606_Calxeda_s_ARM_Based_Web_Server_Fifteen_Times_More_Energy_Efficient_than_Intel_Powered_Company.htmlARM servers
    • AgendaBYOEverything Security BusinessConsumerization & enabling Cyber technologies Infrastructure The new investment infraops model-cost delivery model reduction Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 96
    • Cyber and Security• The Dangers:  Blackhole- Hacking as a Service  APT1• Solutions/ Tools:  Categorization of solutions  Cyber Intelligence  HoneyPot• Recommendations Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 97
    • 13 of the biggest security myths Source: http://www.infoworld.com Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 98
    • Cyber Security Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source orattribution from any slide, graph or portion of graph 99
    • Blackhole: Hacking as a Service An exploit kit is a tool used by attackers to get their software installed on a victim’s PC. Their business is to create and sell exploit kits as a service to other cybercriminals. Blackhole redirects and exploit sites represent 28% of all web threats detected by SophosLabs. Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of Sigal Russin’s work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph graph 10
    • Blackhole: Today’s malware market leader 2) Spam messages1) Web browser with malicious code3) Landing page - control user web traffic Pini Cohen and Sigal Russins work Copyright@2013 Credit page; Adobe; Java; Flash … Do not remove source or attribution from any slide, graph or portion of Sigal Russin’s work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph graph 10
    • Protect yourself against Blackhole Spam filters The initial Redirection Delivery ofcontact either to the attack the exploit Web filters by email or site which itself andcompromised probes for the resulting website weaknesses malware Patching drop Pini Cohen and Sigal Russins work Copyright@2013 Source: SophosLabs Do not remove source or attribution from any slide, graph or portion of Sigal Russin’s work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph graph 10
    • APT1o A single organization of operators that has conducted a cyber espionage campaign against a broad range of victims since at least 2006.o APT1 has systematically stolen hundreds of terabytes of data from at least 141 organizations spanning 20 major industries. 97% 1,849 of the 87% Attack 1,905 817 of the English is the Infrastructure (97%) 832 (98%) native used IP Remote IP addresses language addresses Desktop logging registered sessions Cyber Security Source: http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 103
    • APT1 Puts the “Persistent” in APT2006 2007 2008 2009 2010 2011 2012 2013 Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 104
    • Pini Cohen and Sigal Russins work Copyright@2013Do not remove sourceCyber or attributionfrom any slide, graph or portion of graphSecurity 10
    • “Hop Points” Cyber Security1) WEBC2 backdoors - HTML tags or comments2) Standard Backdoors - HTTP Protocols3) Legitimate VPN credentials- Stolen usernames & passwords4) Log in to web portals - only restricted websites and web-based email systems Source: http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 106
    • “From the outside” category Cyber SecuritySandBox Source: IBM 2012 Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 107
    • "From the inside” category Cyber Security Source: IBM 2012 Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 108
    • Moving Security Closer To The Target SandBox80%of securitybudget Source: IBM 2012 Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 109
    • Pini Cohen and Sigal Russins work Copyright@2013Do not remove sourceCyber or attributionfrom any slide, graph or portion of graphSecurity 11
    • Cyber Intelligence Cyber Security 2bsecure Aman Secoz System of employee profile and behaviors inthe business using existing Managed service of: logs  Hacking  Forums  Sham  Monitoring and Analysis  Patches Distribution Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 111
    • Cyber Intelligence Outside your business Protection Companies who analyze world-class attacks and release patches for each segment Prevention Cyber Business Intelligence 2bsecure; Aman ; Secoz Cyber Security Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 112
    • HoneypotFAKE Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 113
    • Honeypot & Honeynet“A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource”. Wikipedia.org • Has no production value; anything going 1 to/from a honeypot is likely a probe, attack or compromise • Used for monitoring, detecting and analysing 2 attacks • Does not solve a specific problem. Instead, 3 they are highly flexible tools with different Cyber applications to security. Security Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 114
    • Honeypots ClassificationProduction Honeypots• Easy to implement and operate• Most commonResearch Honeypots• Study and identify new attacks• Difficult implementation• A lot of dataHoneytokens• Digital system/information resource• Unauthorized access Cyber Security Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 115
    • Location and StrategyNo connectionto real network CatchFront Network employee threatenSource:White Paper: Honeypots- Reto Baumann, Christian Plattner Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 116
    • HoneyPot Tools DTK - free • designed to protect the system better and give the administrator advantages over attackers. The idea is to mislead the attackers by tools running DTK, it has more potential holes available for attackers. • can run on unix & windows. It allows you to create a different virtual machines on one computer. You can set it to run as a Honeyd service such as FTP or SMTP. It allows the user to simulate an operating system. • designed to address the attackers used Search engines asGoogle Hack hacking. GHH emulates application real network and allows hackers to join the many search engines. Honey trap is connected Honeypot to a file settings register which records everything defined in the system settings. Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 117
    • Cyber Security Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source orattribution from any slide, graph or portion of graph 118
    • What are we responsible for? Organizational Level Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 119
    • Recommendations1) Install fast patches2) Education- Employee awareness3) Training4) Forensics process5) Strong authentication- segregation of duties6) Focus on behaviors inside your business – explore and analyze. Cyber Security Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 12
    • AgendaBYOEverything Security BusinessConsumerization & enabling Cyber technologies Infrastructure The new investment infraops model-cost delivery model reduction Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 121
    • Why Companies Use Open Source• Freedom / Flexibility• Lowers barriers to entry / exit• Can’t afford to build new applications from scratch• Tired of waiting on hold for support• Speed up development• Purchase only the functionality needed• Total Cost of Ownership (TCO)• ROI is shortened Cost Source: AnyOpen Reduction Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 122
    • List of Open Source Projects - Sourceforge Some well known open source projects:  Mule – ESB  Hadoop- BigData  Mozilla Firefox – Web Browser  jUnit – testing  MySQL – DBMS  Jakarta Tomcat – for Servlets  Apache – Web Server  Linux- Operating System  OpenSSL –for SSL  Jboss – Java App. Server  Postgre SQL – DBMS Cost Reduction  Eclipse – Java Development Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 123
    • Major Concerns When Using Open Source1. Compliance Issues  Programmers/managers want to reuse code  Code readily available for download  “Licenses are unenforceable “2. Support Issues  Wasted time searching for and testing products & updates  Resolving integration complications  Manipulating configurations3. Viability of Project Cost Reduction Source: AnyOpen Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 124
    • Open Software SolutionsServices in Israel Cost Reduction Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 125
    • Cost Reduction Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source orattribution from any slide, graph or portion of graph 126
    • Open Source & Enterprise Open Source = $$$Whats the difference? Community Enterprise  Release early, release often  Stability, reliability  Community/Self Supported  Support SLAs Cost  Innovation  Multi-year product support Reduction Source: Redhat Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 127
    • Failed Open Source Migration: Freiburg• After spending:  €25K training  €55K licensing a legacy commercial product for "interoperability"  €55K consulting cost for the migration (FormularMax) €20K consulting cost for the migration (macros)  €6K developer cost for migration (Calc)  €60K introduction of Wollmux  €240K personal cost project management (€60K 80% committed to the project over 5 years)• That comes to €461K in total - around €231 per seat. Cost Source: http://blogs.computerworlduk.com/simon-says/2012/12/intended-to-fail/index.htm Reduction Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 128
    • Limux• The city of Munichs migration was all in, full on, and no-noptional.• It hired staff to work in the open source community, developing features and fixing bugs.• The government invested in software, helping develop the comprehensive WollMux tool .• Saved $13 million! Cost Reduction Source: http://www.infoworld.com/d/open-source-software/triumph-and-disaster-two-migrations-openoffice-208604?page=0,1&source=footer Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 129
    • Successful Open Source Migration: Munich (Limux) Cost Reduction Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 130
    • In process project- IPS.GOV• Israeli Prison Service – “Shabas”• Government of Israel has decided to seek alternatives in the software domain for cost reduction at the end of 2011.• IPS took this challenge in exploring: • LibreOffice (working on Windows Desktop) • Linux Desktop (web applications should be browser agnostic) • Search Engine • Developing Mobile & WEB application with Open Source platforms and tools• Project is developed by IPS’s Technological Directorate’ led by Brig. Gen. Israel Rom.• All of the above - by using existing peoplecontractors Cost Reduction Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 131
    • In process project- IPS.GOV• After one year of exploration (end of 2012):• 900 desktops in operational environment are running LibreOffice (on Windows desktop) out of about 2.4K desktops designated for this project: • Not for heavy users • Training of 1 day • Common templates were translated • Saving files in DOC format • Functionality of Microsoft Office is superior but for the users it is not an issue • Good user acceptance Cost Reduction Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 132
    • In process project- IPS.GOV• After one year of exploration (end of 2012) (cont.):• Several Desktops are running Linux Desktop: • User experience is as good as Windows • Web applications had to be modified to support all browsers (W3C, HTML5 standards) • Some legacy applications are accessed via SBC (Terminal Server) • Currently Desktop security is an issue (IPS has highest security standards)• Search Engine selection is in process Cost Reduction Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 133
    • In process project- IPS.GOV• After one year of exploration (end of 2012) (cont.):• Three applications were developed based on PHP, Apache, Linux and PostgreSQL • Integrated with the existing Microsoft infrastructure (AD, Single Sign On, etc.) • Leading edge technologies – HTML5, JavaScript, etc. • One project is utilizing iPADS for core business activity• Developed by IPS Technology Directorate existing staff! Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 134
    • In process project- IPS.GOV• Next step (2013): • Application adoption to W3C and HTML5 (continued effort) • Enabling secured Linux based desktop via VDI backed via designated security solution. • Users will use hosted Linux OS, web applications and Outlook Web Access (OWA).• VDI architecture will enable flexibility.• Expected ROI for 2K in 3 years project is more than 2M NIS!• Project will enhance endpoint security! Cost Reduction Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 135
    • In process project- IPS.GOV• Conclusion (one year of project): • Mission NOT Accomplished! still lots to do. • About 50% of desktop will continue to deploy traditional Microsoft technology • Open Source tools are able to provide alternative to existing tools without “revolution” in the IT organization. • There are still technical issues (example: Linux desktop security) • The Hybrid model (LibreOffice on Windows Desktop) ROI is tricky with the current licensing policy of Microsoft • VDI is a tool for Open Source adoption Cost Reduction Pini Cohen and Sigal Russin’s work/ Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 136
    • Open source solutions – conclusion• Each solution should be evaluated in the same manner the other solutions are evaluated:  Functionality Scalability Local support (and global support) Vendor viability Certifications Etc.• Main issue in Open source solutions is support , experience and Hebrew• For ISV - Legal• Internal factors that will ease Open Source adaption:  Scale (will enable investment in Open Source code)  Less integration  Standard functionality requirements Cost Reduction Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 137
    • Main areas• Linux Server Open Source – you• Linux Client need to take• LibreOffice responsibility• DBMS – MySQL, PostgreSQL, MariaDB• PortalsWCM (Web Content Management) – several slides• BI• Big Data• Mobile• ETL – (Talend)• LMS – Learning Management Systems- Moodle• Wiki Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 138
    • AgendaBYOEverything Security BusinessConsumerization & enabling Cyber technologies Infrastructure The new investment infraops model-cost delivery model reduction Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 139
    • New infrastructure and delivery model• What is infraops new delivery model?  Private cloud  ChargebackShowback  Devops  Infrastructure as code  NoOPS  Public cloud  Automation- Standardization Self-service The Blind Men and the Elephant http://www.cs.princeton.edu/~rywang/berkeley/258/parable.html• Result should be agile and efficient end-to-end service management, user experience and “fair” chargeback policies New Delivery Model Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 140
    • Enterprise Benefits from new infraops delivery model Capability From To Server/Storage 10-20% 70-90% Utilization Cloud accelerates business value ElasticityAgility Little Good across a wide Self service None variety of Unlimited domains.Test Provisioning Weeks Minutes ChangeRelease Days/Hours Months Management Metering/Billing Fixed cost model Granular Availability and Improved Basic Source: IBM STKI modifications Performance Legacy environments Cloud enabled enterprise Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 141
    • Private Cloud• Private cloud is considered differently by clients:  “I already have virtualization. Private cloud will add some automation to my virtualization environment. Its evolution of virtualization”.  “Private cloud is revolution to IT and Infrastructure.”• STKI – it doesn’t matter how you call it. Still you should do it -delivery InfraOps differently. New Delivery Model Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 142
    • New delivery model Private Cloud potential benefits• Save money by better reducing repetitive work. Automation and self-service for 10% common services will eliminate 30% to 50% of work.• Reduce "wait time" of developersapplication personal Provision a server (HW, OS, storage, VLAN, security, monitoring, SW licenses, approval of managers, correction of errors etc.) might take up to 10-20 days• Cost saving by ElasticAgility –scale up or down Add web services when traffic is up and shutdown services when traffic is down.• Cost saving by not buying extra resources. New Delivery If I can get resource in 30 minutes I will not ask for extra resource "just in case” Model Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 143
    • New delivery model Private Cloud potential benefits (Cont.)• Better availability and performance by Elasticity Add more resources before the application crashes!• Better availability is gained by eliminate human errors The most common operations are error-prone . Example- forget to add LUN in DR when a LUN is added in Prod.• Better availability can be achieved by automation. Example – if application has a memory leakage that happens once a day, automation can open new server each day and close the old server – New automatically. Instead of correcting the bug by development. Delivery Model Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 144
    • Private Cloud Maturity Model – beyond server virtualization Private HybridAutomation Self Service DevOps Cloud Cloud1. Automation - help the infrastructure to be more efficient – internally. This goes with “Grid” (automation in production - enable automatic scale updown in production).2. Services Portal but without chargeback3. Internal cloud – provide infrastructure services that are measured (SLA reports) and paid for (chargeback). Complete visibility (usage-metering) of Infrastructure.4. Utilize hybridpublic cloud when possible5. Development and Operations are in the same team New Delivery Model Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 145
    • Automation: by code or by configuration toolsutilities ?• Should infrastructure professionals write a code or configure tools?• If not using code- the tools should have better orchestration capabilities.• When moving to infrastructure as code – organizations should educate the current infrastructure staff.• Will customization (specific configuration of – example – storage, network, etc) be done within the main automation tools or with the domain specific tool? New Delivery Model Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 146
    • Infrastructure as code• Some people say: New Delivery Srouce: http://devopsanywhere.blogspot.co.il/ Model Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 147
    • Infrastructure as code - tools New Delivery• Example of configuration management (cloud Model management) tools:  CFENGINE  CHEFF  PUPPET  Pallet  Many other… Source: http://code.google.com/p/devops-toolchain/wiki/ToolChainsAndUseCases Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 148
    • New delivery tools and processes• New, open (exposed), internal processes• Software (cloud, automation, workflow, monitoring, etc.)• Engineered systems with infrastructure pre-built environment• Engineered systems with pre-built application enviroment New Delivery Model Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 149
    • OpenStack, the Cloud Operating SystemManagement Layer That Adds Automation & Control Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 150
    • The Pieces of OpenStack• Dashboard• Identity Management• Networking• Load balancers• Database New• Queueing Delivery Model Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 151
    • Example of cloud tool: OpenStack• A cloud operating system that turns datacenters into pools of resources – the next evolution from server virtualization• Provides a management layer for controlling, automating, and efficiently allocating these resources• Empowers operators, sys admins and end users via self-service portals (“I want AWS-type service!”)• Gives developers the capability to build cloud-aware applications via standard APIs New Delivery Model Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 152
    • The Pieces of OpenStackOpenStack Compute (Nova)OpenStack Object Storage (Swift)OpenStack Image Service (Glance) New Delivery Model Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 153
    • Some States New Delivery• 1,500+ active participants Model• 17 countries represented at Design Summit• 60,000+ downloads• Worldwide network of user groups (North America, South America, Europe, Asia and Africa) Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 154
    • OpenStack Community Today Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 155
    • Engineered system for new delivery model New Delivery ModelVirtual Servers Dev/test environmentManaged storage Mobile and CollaborationBackup/Disaster Recovery IaaS PaaS/Saas/BPaaS ApplicationsVDI Analytics/database services New Analytics Model Infrastructure Application Platform Data Platform Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 156
    • Engineered system for new delivery model New Delivery Model Automatically load balance access requests, Self-balancing enabling increased performance and zero Monitoring downtime upgrades Lifecycle Management Dynamically balance resources for effective Self-tuning memory management Automatically select best data placement based on Self-optimizing access profile Automated system monitoring to improve Self-monitoring performance Implement autonomic self healing capabilities to Self-healing ensure failed nodes are isolated and recovered automatically Inspect and report report on the software content of Ensure compliance imageApplication Platform Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 157
    • Pre-Built configurations: Built-in Additional IBM Content Targeted for 1H2013* Pre-Entitled Separately Purchased (except where noted)• Web Application Pattern (1.0, 2.0) • Messaging Extension for Web Application 1Q 2013• IBM Transactional Database Pattern 1.1 Pattern 2.0 • Maximo Asset Management 7.5• IBM DataMart Pattern 1.1 • WebSphere Message Broker 8.0 • Worklight 5.0.6• IBM Application Pattern for Java 1.0 • WebSphere MQ 7.5, 8.0 • SOA Plugin for Monitoring (delivered via SOA• WebSphere Application Server HV (7.0, • WebSphere Portal Server 8.0 Policy Gateway Pattern) 2.1 8.0, 8.5) • Web Content Management 8.0 • WXTR 2.1 (runtime pre-entitled)• DB2 Enterprise Server Edition (9.7 FP5, • WebSphere Transformation Extender • DataPower (XG, XI) 5.0 V10.1) w/Launcher 8.4 2Q 2013 • IBM Business Process Manager 8.0 • IBM Domino 9.0 • IBM Operational Decision Manager 8.0 • Pathfinder / SOA Insight (pre-entitled) • SOA Policy 2.0 • Cast Iron Live • SOA Policy Gateway 2.0 • On-Premise API Management • Business Intelligence 1.0 • Business Intelligence 2.0 (mobile and dynamic query support) • Informix 11.7 • IBM Business Process Manager 8.5 • IBM Connections 4.0 • IBM Operational Decision Manager 8.5 • InfoSphere Information Server 9.1 • RAD 8.5 *2013 target dates only until plan dcp exit. • Virtual Application for SAP CRM 1.0 ** Available via free download from ibm.com • WebSphere Commerce Sample 7.0** Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 158
    • Next level of InfraOps delivery model : Devops• DevOps enables the benefits of Agile Source: http://dev2ops.org/blog/2010/2/22/what-is-devops.html development to be felt at the organizational level. DevOps does this by allowing for fast and responsive, yet stable, operations that can be kept in sync with the pace of innovation coming out of the development process. http://en.wikipedia.org/wiki/File:Devops.png• Fundamental change: delivery (infrastructure and ops) is part of the development team! New Delivery Model Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 159
    • What about public cloud for enterprises? New Source: http://www.datacenterjournal.com/it/selling-public-cloud-storage-to-your-executive-management/ Delivery Model Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 160
    • Cloud status How is Israel IT in public cloud usage?Source: information week Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 161
    • Cloud status Source: information week Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 162
    • Cloud status New Delivery Model Source: information week Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 163
    • Cloud status New Delivery Model Source: information week Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 164
    • Cloud status New Delivery Model Source: information weekWhat about “job security concern?” Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 165
    • Public cloud in enterprises• SaaS – CRM, Service desk, HR, Email, Security (mail scanning), Archiving mail, etc.• PaaS –DMZ applications , Short term web sites (marketing campaign)• IaaS – DMZ applications, testing (for this CA’w LISA-ITKO for interface simulation), encrypted & scrambled data New Delivery Model Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 166
    • Migrating apps to cloud (example) – the Cloudify way…• No code change 1 Upload your recipe.• Plug-in to the current way of 2 Cloudify creates VM’s & installs agents running apps 3 Agents install and manage your app• Add cloud properties from 4 Cloudify automate the scaling the outside• Use the baby steps approach• Design for cloud portability• Incorporate bare-metal into our cloud Pini Cohen and Sigal Russins ® Copyright 2012 GigaSpaces Ltd. work Copyright@2013 Do notRights Reservedor All remove source attribution from any slide, graph or portion of graph 167
    • Summary of Mega Trends• IT operations and infrastructure should start a journey into a different delivery mechanism and state of mind• Standardization in technology and processes is key value  Users should measure their “standardization status”• Preparation for the “Post PC era” is a must.  Users should build BYOD policy.  Develop for Mobile.  Build enterprise APP Store.  Prepare for new licensing model.  Users should deal with “Post PC era” without outsourcing (unless they look strategically at outsourcing”)• Also give high attention to Zero Day Attacks, Open Source, Big Data and new HW advances Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 168
    • Thanks for your patience and hope you enjoyed Pini Cohen and Sigal Russins work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph 169