Cohesive Flexible Technologies




                             Securing Enterprise Assets in the Cloud
                  ...
CohesiveFT - on boarding solutions for
                              public, private and hybrid clouds




               ...
CohesiveFT - on boarding solutions for
                              public, private and hybrid clouds




               ...
The cloud is not a panacea for bad design.
                             But moving applications to the cloud can quickly
 ...
The first question on everyone’s mind:
                                                     Is my stuff safe up there?



 ...
Security and control remain top concerns




Copyright CohesiveFT 2009     6
Use “your father’s VPN”



Copyright CohesiveFT 2009              7
Typical VPN: Remote office access




Copyright CohesiveFT 2009                8
Typical VPN: Remote office access




                                           X
                                       X...
Uhhh...no.



Copyright CohesiveFT 2009       10
I know...cloud-to-cloud DR



Copyright CohesiveFT 2009          11
Do x-cloud fail over...somehow....

                  Cloud A




Copyright CohesiveFT 2009                   12
Somehow...

                  Cloud A




Copyright CohesiveFT 2009       13
Do this!
                            (somehow)


                  Cloud A               Cloud B




Copyright CohesiveFT ...
Speaking of security...



                            What’s inside this VM?



Copyright CohesiveFT 2009              15
Speaking of security...



                            What’s inside this VM?



Copyright CohesiveFT 2009              16
Speaking of security...
                                     What’s inside this VM?




                            I know...
Speaking of security...
                             What’s inside this VM?




                                 ...or him...
Server “assembly” costs are THE
Enterprise IT cost
        20-year journey from single file deployment
        to homogenou...
Do you have evil clones?

Good clones?

There is going to be a lot of them.

Run the numbers...
                          ...
Repeat after me:

“P2V and SLA are
mutually EXCLUSIVE!”

Why? The 3 rules of hardware
computing...

1) When you get a phys...
So...I am highlighting 2 issues in
                              securing your assets in the cloud




Even if using a clo...
YOUR infrastructure in YOUR control
                                       in the clouds


                               ...
Use an overlay network




CONTROL:
- Your addressing
- Your topology
- Your protocols
- Your secure communications




  ...
I have software that REQUIRES
                                    multicast for service discovery

This is true of many en...
I want to control my own network addresses


I am an early adopter of cloud computing and
love the flexibility provided by ...
Can’t I use my existing data center NOC?

I have completed some of my “datacenter to
cloud” migrations but am now under pr...
I want to use EC2 USA and EC2 Europe for both
                        fail over and data privacy issues


I am a cloud ear...
Isn’t there a way I can test ISV solutions
                                       as if on my local network?
I have an ISV...
YOUR infrastructure in YOUR control
                                       in the clouds




                             ...
With a BOM approach:

- Identity
- Customization
- Provenance


This is an EC2 server...             Bill of Materials
rig...
With a BOM approach:
                                     Bill of Materials
Re-master device:
- new cloud
- new VM type
- ...
<a little overlay network demo>
                         or
              <a little BOM demo>
                         or
...
<thanks>

            <pjkerpan (at) cohesiveft.com>


Copyright CohesiveFT 2009      34
Upcoming SlideShare
Loading in …5
×

Securing Enterprise Assets In The Cloud

1,331 views
1,275 views

Published on

Securing Enterprise Assets In The Cloud

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,331
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Securing Enterprise Assets In The Cloud

  1. 1. Cohesive Flexible Technologies Securing Enterprise Assets in the Cloud Chris Purrington, CohesiveFT Copyright CohesiveFT 2009 1
  2. 2. CohesiveFT - on boarding solutions for public, private and hybrid clouds Team looks like this Copyright CohesiveFT 2009 2
  3. 3. CohesiveFT - on boarding solutions for public, private and hybrid clouds We do this Copyright CohesiveFT 2009 3
  4. 4. The cloud is not a panacea for bad design. But moving applications to the cloud can quickly reduce capital expenditure, speed time to market. Copyright CohesiveFT 2009 4
  5. 5. The first question on everyone’s mind: Is my stuff safe up there? ? ? ? ? ? ? ? ? ? ? ? ? Copyright CohesiveFT 2009 5
  6. 6. Security and control remain top concerns Copyright CohesiveFT 2009 6
  7. 7. Use “your father’s VPN” Copyright CohesiveFT 2009 7
  8. 8. Typical VPN: Remote office access Copyright CohesiveFT 2009 8
  9. 9. Typical VPN: Remote office access X X X X X Copyright CohesiveFT 2009 9
  10. 10. Uhhh...no. Copyright CohesiveFT 2009 10
  11. 11. I know...cloud-to-cloud DR Copyright CohesiveFT 2009 11
  12. 12. Do x-cloud fail over...somehow.... Cloud A Copyright CohesiveFT 2009 12
  13. 13. Somehow... Cloud A Copyright CohesiveFT 2009 13
  14. 14. Do this! (somehow) Cloud A Cloud B Copyright CohesiveFT 2009 14
  15. 15. Speaking of security... What’s inside this VM? Copyright CohesiveFT 2009 15
  16. 16. Speaking of security... What’s inside this VM? Copyright CohesiveFT 2009 16
  17. 17. Speaking of security... What’s inside this VM? I know, let’s ask him... Picture from: www.sysadminday.com Copyright CohesiveFT 2009 17
  18. 18. Speaking of security... What’s inside this VM? ...or him. Picture from: www.sysadminday.com Copyright CohesiveFT 2009 18
  19. 19. Server “assembly” costs are THE Enterprise IT cost 20-year journey from single file deployment to homogenous architecture (the “C” program on Unix) to single file deployment on heterogeneous architecture (the VM to everywhere) As such - assembly error and propagation represents one of the biggest security risks as well Photo credit: Zach Rosing, May 25, 2007, Copyright CohesiveFT 2009 19
  20. 20. Do you have evil clones? Good clones? There is going to be a lot of them. Run the numbers... Photo credit: Paramount 10,000,000 - today 250,000,000 - 2015 2,500,000,000 - is not impossible Copyright CohesiveFT 2009 20
  21. 21. Repeat after me: “P2V and SLA are mutually EXCLUSIVE!” Why? The 3 rules of hardware computing... 1) When you get a physical machine installed and working - NEVER MOVE IT 2) When you get the software installed and PHYSICAL TO VIRTUAL........easy. working - NEVER TOUCH IT 3) When you “touch it”, don’t tell anyone. Copyright CohesiveFT 2009 21
  22. 22. So...I am highlighting 2 issues in securing your assets in the cloud Even if using a cloud...it needs Working from a “bill of materials” to be YOUR infrastructure in approach is the only way to safely YOUR control survive the clone wars Copyright CohesiveFT 2009 22
  23. 23. YOUR infrastructure in YOUR control in the clouds Use an “overlay network” that you acquire, configure, deploy and manage. Enterprise IT is about checks, balances, and risk mitigation. Copyright CohesiveFT 2009 23
  24. 24. Use an overlay network CONTROL: - Your addressing - Your topology - Your protocols - Your secure communications Copyright CohesiveFT 2009 24
  25. 25. I have software that REQUIRES multicast for service discovery This is true of many enterprise software packages (grid computing packages, database clusters, wikis and more).  Even inside the enterprise complexity and lead times prevent shared use of available resources in disparate customer controlled data centers because VLAN reconfiguration would be too expensive.  VPN-Cubed allows you to get the multicast traffic into the overlay network before it is rejected by the underlying network infrastructure. This allows you control of your protocols. Copyright CohesiveFT 2009 25
  26. 26. I want to control my own network addresses I am an early adopter of cloud computing and love the flexibility provided by public cloud like Amazon EC2 but I want to control my own network addresses, not be given some different set of VLAN addresses when I reboot my servers.  VPN-Cubed gives you control of your addressing allowing you to give your cloud servers static addresses that only change when YOU want them to.  Local infrastructure control of addressing in the public clouds! Copyright CohesiveFT 2009 26
  27. 27. Can’t I use my existing data center NOC? I have completed some of my “datacenter to cloud” migrations but am now under pressure to use new monitoring and management tools.  Can’t I use my existing datacenter NOC (network operations center)?  VPN-Cubed allows you to simply set up an overlay network for the express purpose of connecting cloud VLANS (at EC2 for example) to data center management installations using popular commercial systems like Tivoli, Unicenter, OpenView, as well as leading open source systems like Nagios, Hyperic and GroundWorks. Copyright CohesiveFT 2009 27
  28. 28. I want to use EC2 USA and EC2 Europe for both fail over and data privacy issues I am a cloud early adopter and I want to use both Amazon EC2 USA and Amazon EC2 Europe for both fail over and data privacy issues.  How can I securely link the two environments and treat them as one logical network?  VPN-Cubed does this “out of the box” with a pre-packaged solution “VPN-Cubed for EC2” available for self-service clients as well as those needing some professional services support. Copyright CohesiveFT 2009 28
  29. 29. Isn’t there a way I can test ISV solutions as if on my local network? I have an ISV who has a solution which I would like to evaluate but it will be quite disruptive for me to install. Can’t I can test their solution as if it was on my local network?  VPN-Cubed allows your ISV to install their solution as a virtual server in a public cloud like EC2, yet make it available to a DMZ or particular set of VLANs in your corporate environment.  The burden of testing the ISV solution should rest with your vendor with minimal impact or workload on your team. Copyright CohesiveFT 2009 29
  30. 30. YOUR infrastructure in YOUR control in the clouds THIS or THIS Enterprise IT is about checks, balances, and risk mitigation. Copyright CohesiveFT 2009 30
  31. 31. With a BOM approach: - Identity - Customization - Provenance This is an EC2 server... Bill of Materials right? Look again... Copyright CohesiveFT 2009 31
  32. 32. With a BOM approach: Bill of Materials Re-master device: - new cloud - new VM type - new OS Make clones with unique IDs, unique MAC addresses It the BOM! Copyright CohesiveFT 2009 32
  33. 33. <a little overlay network demo> or <a little BOM demo> or <let’s take some questions> Copyright CohesiveFT 2009 33
  34. 34. <thanks> <pjkerpan (at) cohesiveft.com> Copyright CohesiveFT 2009 34

×