How to Move Your Data Center
To A Cloud Infrastructure
January 22, 2014

Chris Brenton
Director of Security
Your Presenter
Chris Brenton - Director of Security
@Chris_Brenton
cbrenton@dyn.com

Pg. 2

How to Move Your Data Center t...
What We’ll Cover
• Background on industry trends
• Strengths and weaknesses of each cloud service

and deployment model
• ...
New Era of Computing
• Mainframe/mini = Generation 1
• PC client/server = Generation 2
• Hybrid cloud = Generation 3
– No ...
An Automotive Analogy
• The 1960s:
o Easy to work on
o Extremely inefficient (poor power and mileage)

Pg. 5

How to Move ...
An Automotive Analogy
• The 1980’s:
o Change fluids and that’s about it
o 50% improvement in power and mileage

Pg. 6

How...
An Automotive Analogy
• The 2000s:
o Outsource just about everything to specialists
o 200%+ improvement in power and milea...
Private or Public Cloud Infrastructure?
• Private -- Do it all yourself

o You maintain control and all responsibility
o Y...
Private or Public Cloud Infrastructure?
• Public -- Outsource to specialists

o Easier to focus on core product(s)
o Less ...
Definitions: Tenant and Provider
• Tenant
o Entity consuming the resource(s)
o This could be your customers
o This could b...
Definitions: Tenant and Provider
• Provider
o Entity managing the resource(s)
o This could be your Operations group
o This...
Gen2 Computing

Pg. 12

How to Move Your Data Center to a Cloud Infrastructure

@chris_brenton
Gen3 Computing

Pg. 13

How to Move Your Data Center to a Cloud Infrastructure

@chris_brenton
Gen3 Computing SMB

Pg. 14

How to Move Your Data Center to a Cloud Infrastructure

@chris_brenton
Déjà vu – Laptops As A Model
• We’ve dealt with mobile workloads in the past

Pg. 15

How to Move Your Data Center to a Cl...
Déjà vu – Laptops As A Model
• We’ve dealt with mobile workloads in the past
• Workstations used to only reside on desks

...
Déjà vu – Laptops As A Model
• We’ve dealt with mobile workloads in the past
• Workstations used to only reside on desks
•...
Déjà vu – Laptops As A Model
• Security needed to change from being network
based to host based

Pg. 18

How to Move Your ...
Déjà vu – Laptops As A Model
• Security needed to change from being network
based to host based
• Expect similar to occur ...
Cloud Models
• Infrastructure as a Service (IaaS)
o Provider supplies platform
o Tenant loads OS and all apps

Pg. 20

How...
Cloud Models
• Platform as a Service (PaaS)
o Provider supplies platform and stack
o Tenant provides custom apps

Pg. 21

...
Cloud Models
• Software as a Service (SaaS)
o Provider supplies OS, stack and apps
o Tenant hits the ground running

Pg. 2...
Cloud Model Examples
• IaaS
o Amazon Web Services (AWS)
o Rackspace Cloud Hosting

Pg. 23

How to Move Your Data Center to...
Cloud Model Examples
• IaaS
o Amazon Web Services (AWS)
o Rackspace Cloud Hosting
• PaaS
o Original Microsoft Azure
o VMwa...
Cloud Model Examples
• SaaS
o Dyn
o Salesforce

Pg. 25

How to Move Your Data Center to a Cloud Infrastructure

@chris_bre...
Deployment Model Tradeoffs
• IaaS
o Provider generates the lowest level
environment
o More work for tenant to deploy app
o...
Deployment Model Tradeoffs
• SaaS
o Nearly turnkey solution for app deployment
o Least amount of tenant control and flexib...
Deployment Model Tradeoffs
• PaaS
o Sits in the middle

Pg. 28

How to Move Your Data Center to a Cloud Infrastructure

@c...
Delineation of Responsibility

Pg. 29

How to Move Your Data Center to a Cloud Infrastructure

@chris_brenton
What Are My Security Options?

Pg. 30

How to Move Your Data Center to a Cloud Infrastructure

@chris_brenton
Extending The LAN Into The Cloud

Pg. 31

How to Move Your Data Center to a Cloud Infrastructure

@chris_brenton
LAN Extended Challenges
• Increases load on corporate link
o Today we’re mobile
o Limits public cloud scaling

• Increase ...
LAN Extended Challenges
• Negates network benefits
o Provider load balancing
o Multi-peer points
o Geo-location DNS
o High...
Virtual Appliance Management

Pg. 34

How to Move Your Data Center to a Cloud Infrastructure

@chris_brenton
Virtual Appliance Architecture

Pg. 35

How to Move Your Data Center to a Cloud Infrastructure

@chris_brenton
What About Introspection?
• Hypervisor based security
o Has visibility into all VMs

Pg. 36

How to Move Your Data Center ...
What About Introspection?
• Hypervisor based security
o Has visibility into all VMs
• Single point of management
o For a s...
What About Introspection?
• Do you want other tenants to have access to
your hypervisor?

Pg. 38

How to Move Your Data Ce...
What About Introspection?
• Do you want other tenants to have access to
your hypervisor?
• Do you want your provider to ha...
Host-Based Architecture

Consistent architecture (and risk
abatement) regardless of
deployment

Pg. 40

How to Move Your D...
Why Host Based Firewalls?
• Tenant controlled
– Provider gains no additional access

Pg. 41

How to Move Your Data Center ...
Why Host Based Firewalls?
• Tenant controlled
– Provider gains no additional access
• Supported across all cloud infrastru...
Why Host Based Firewalls?
• Tenant controlled
– Provider gains no additional access
• Supported across all cloud infrastru...
Why Host Based Firewalls?
• Tenant controlled
– Provider gains no additional access
• Supported across all cloud infrastru...
Why Host Based Firewalls?
• Tenant controlled
– Provider gains no additional access
• Supported across all cloud infrastru...
Consistency is Key to Security
• Customization is common in small business

Pg. 46

How to Move Your Data Center to a Clou...
Consistency is Key to Security
• Customization is common in small business

• Focus is on getting the product to market
– ...
Consistency is Key to Security
• Enterprise needs to play “the long game”

Pg. 48

How to Move Your Data Center to a Cloud...
Consistency is Key to Security
• Enterprise needs to play “the long game”

• “Snowflakes” can be an inhibitor
o Reduces av...
One Off Server Deployment

Pg. 50

How to Move Your Data Center to a Cloud Infrastructure

@chris_brenton
VM Cloning

Pg. 51

How to Move Your Data Center to a Cloud Infrastructure

@chris_brenton
Clones Should All Have
• Patches to the same level

Pg. 52

How to Move Your Data Center to a Cloud Infrastructure

@chris...
Clones Should All Have
• Patches to the same level
• Identical configuration settings

Pg. 53

How to Move Your Data Cente...
Clones Should All Have
• Patches to the same level
• Identical configuration settings
• Same system accounts

Pg. 54

How ...
Clones Should All Have
•
•
•
•

Pg. 55

Patches to the same level
Identical configuration settings
Same system accounts
Th...
Clones Should All Have
•
•
•
•
•

Pg. 56

Patches to the same level
Identical configuration settings
Same system accounts
...
VM Clone Security =
Spot The Difference Game

Pg. 57

How to Move Your Data Center to a Cloud Infrastructure

@chris_brent...
Spot The Difference

Has an additional
listening port open

Gold
Master
Pg. 58

How to Move Your Data Center to a Cloud In...
Spot The Difference

1 login successful
on first try

Gold
Master
Pg. 59

How to Move Your Data Center to a Cloud Infrastr...
Spot The Difference
Missing 3 patches

Missing 3 patches

Gold
Master
Pg. 60

How to Move Your Data Center to a Cloud Infr...
VM Clone Security
• Can identify positive exceptions, not just
negative ones
o Successful login
o Increased patch level

P...
VM Clone Security
• Can simplify server security
o No more one off auditing!
o Far easier to ID variations that matter

Pg...
Questions?
Chris Brenton - Director of Security
@Chris_Brenton
cbrenton@dyn.com

Pg. 63

How to Move Your Data Center to a...
Upcoming SlideShare
Loading in …5
×

How To Move Your Data Center To The Cloud - Chris Brenton of Dyn

605
-1

Published on

Dyn Director of Security Chris Brenton prepared these slides as part of a webinar on how to move your data center to the cloud.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
605
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

How To Move Your Data Center To The Cloud - Chris Brenton of Dyn

  1. 1. How to Move Your Data Center To A Cloud Infrastructure January 22, 2014 Chris Brenton Director of Security
  2. 2. Your Presenter Chris Brenton - Director of Security @Chris_Brenton cbrenton@dyn.com Pg. 2 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  3. 3. What We’ll Cover • Background on industry trends • Strengths and weaknesses of each cloud service and deployment model • Security options Pg. 3 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  4. 4. New Era of Computing • Mainframe/mini = Generation 1 • PC client/server = Generation 2 • Hybrid cloud = Generation 3 – No single deployment model – Hit its stride in 2010 Pg. 4 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  5. 5. An Automotive Analogy • The 1960s: o Easy to work on o Extremely inefficient (poor power and mileage) Pg. 5 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  6. 6. An Automotive Analogy • The 1980’s: o Change fluids and that’s about it o 50% improvement in power and mileage Pg. 6 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  7. 7. An Automotive Analogy • The 2000s: o Outsource just about everything to specialists o 200%+ improvement in power and mileage Pg. 7 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  8. 8. Private or Public Cloud Infrastructure? • Private -- Do it all yourself o You maintain control and all responsibility o You need to staff accordingly o Greater flexibility Pg. 8 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  9. 9. Private or Public Cloud Infrastructure? • Public -- Outsource to specialists o Easier to focus on core product(s) o Less staffing concerns o Speed of scale Pg. 9 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  10. 10. Definitions: Tenant and Provider • Tenant o Entity consuming the resource(s) o This could be your customers o This could be other internal workgroups Pg. 10 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  11. 11. Definitions: Tenant and Provider • Provider o Entity managing the resource(s) o This could be your Operations group o This could be a 3rd party company Pg. 11 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  12. 12. Gen2 Computing Pg. 12 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  13. 13. Gen3 Computing Pg. 13 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  14. 14. Gen3 Computing SMB Pg. 14 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  15. 15. Déjà vu – Laptops As A Model • We’ve dealt with mobile workloads in the past Pg. 15 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  16. 16. Déjà vu – Laptops As A Model • We’ve dealt with mobile workloads in the past • Workstations used to only reside on desks Pg. 16 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  17. 17. Déjà vu – Laptops As A Model • We’ve dealt with mobile workloads in the past • Workstations used to only reside on desks • Laptops opened up the possibility of working from anywhere Pg. 17 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  18. 18. Déjà vu – Laptops As A Model • Security needed to change from being network based to host based Pg. 18 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  19. 19. Déjà vu – Laptops As A Model • Security needed to change from being network based to host based • Expect similar to occur with mobile workloads – Shared resources means host based technology must be reworked prior to use Pg. 19 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  20. 20. Cloud Models • Infrastructure as a Service (IaaS) o Provider supplies platform o Tenant loads OS and all apps Pg. 20 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  21. 21. Cloud Models • Platform as a Service (PaaS) o Provider supplies platform and stack o Tenant provides custom apps Pg. 21 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  22. 22. Cloud Models • Software as a Service (SaaS) o Provider supplies OS, stack and apps o Tenant hits the ground running Pg. 22 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  23. 23. Cloud Model Examples • IaaS o Amazon Web Services (AWS) o Rackspace Cloud Hosting Pg. 23 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  24. 24. Cloud Model Examples • IaaS o Amazon Web Services (AWS) o Rackspace Cloud Hosting • PaaS o Original Microsoft Azure o VMware Cloud Foundry Pg. 24 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  25. 25. Cloud Model Examples • SaaS o Dyn o Salesforce Pg. 25 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  26. 26. Deployment Model Tradeoffs • IaaS o Provider generates the lowest level environment o More work for tenant to deploy app o More tenant control to implement security Pg. 26 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  27. 27. Deployment Model Tradeoffs • SaaS o Nearly turnkey solution for app deployment o Least amount of tenant control and flexibility Pg. 27 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  28. 28. Deployment Model Tradeoffs • PaaS o Sits in the middle Pg. 28 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  29. 29. Delineation of Responsibility Pg. 29 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  30. 30. What Are My Security Options? Pg. 30 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  31. 31. Extending The LAN Into The Cloud Pg. 31 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  32. 32. LAN Extended Challenges • Increases load on corporate link o Today we’re mobile o Limits public cloud scaling • Increase load on perimeter infrastructure Pg. 32 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  33. 33. LAN Extended Challenges • Negates network benefits o Provider load balancing o Multi-peer points o Geo-location DNS o Higher latency • No protection within virtual infrastructure Pg. 33 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  34. 34. Virtual Appliance Management Pg. 34 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  35. 35. Virtual Appliance Architecture Pg. 35 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  36. 36. What About Introspection? • Hypervisor based security o Has visibility into all VMs Pg. 36 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  37. 37. What About Introspection? • Hypervisor based security o Has visibility into all VMs • Single point of management o For a specific hypervisor deployment Pg. 37 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  38. 38. What About Introspection? • Do you want other tenants to have access to your hypervisor? Pg. 38 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  39. 39. What About Introspection? • Do you want other tenants to have access to your hypervisor? • Do you want your provider to have nonauditable access to your VMs? o Can break segregation of duties Pg. 39 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  40. 40. Host-Based Architecture Consistent architecture (and risk abatement) regardless of deployment Pg. 40 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  41. 41. Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access Pg. 41 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  42. 42. Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access • Supported across all cloud infrastructures Pg. 42 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  43. 43. Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access • Supported across all cloud infrastructures • Consistent management across all cloud deployments Pg. 43 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  44. 44. Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access • Supported across all cloud infrastructures • Consistent management across all cloud deployments • Security is portable with the VM Pg. 44 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  45. 45. Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access • Supported across all cloud infrastructures • Consistent management across all cloud deployments • Security is portable with the VM • Mitigate potential risks from vswitch or VLANs Pg. 45 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  46. 46. Consistency is Key to Security • Customization is common in small business Pg. 46 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  47. 47. Consistency is Key to Security • Customization is common in small business • Focus is on getting the product to market – “We’ll worry about maintaining it later” Pg. 47 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  48. 48. Consistency is Key to Security • Enterprise needs to play “the long game” Pg. 48 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  49. 49. Consistency is Key to Security • Enterprise needs to play “the long game” • “Snowflakes” can be an inhibitor o Reduces available resources for innovation o Can easily stunt an organizations ability to scale Pg. 49 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  50. 50. One Off Server Deployment Pg. 50 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  51. 51. VM Cloning Pg. 51 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  52. 52. Clones Should All Have • Patches to the same level Pg. 52 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  53. 53. Clones Should All Have • Patches to the same level • Identical configuration settings Pg. 53 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  54. 54. Clones Should All Have • Patches to the same level • Identical configuration settings • Same system accounts Pg. 54 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  55. 55. Clones Should All Have • • • • Pg. 55 Patches to the same level Identical configuration settings Same system accounts The same processes running in memory How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  56. 56. Clones Should All Have • • • • • Pg. 56 Patches to the same level Identical configuration settings Same system accounts The same processes running in memory Usually no reason to logon – Update master and re-clone How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  57. 57. VM Clone Security = Spot The Difference Game Pg. 57 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  58. 58. Spot The Difference Has an additional listening port open Gold Master Pg. 58 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  59. 59. Spot The Difference 1 login successful on first try Gold Master Pg. 59 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  60. 60. Spot The Difference Missing 3 patches Missing 3 patches Gold Master Pg. 60 How to Move Your Data Center to a Cloud Infrastructure Missing 3 patches @chris_brenton
  61. 61. VM Clone Security • Can identify positive exceptions, not just negative ones o Successful login o Increased patch level Pg. 61 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  62. 62. VM Clone Security • Can simplify server security o No more one off auditing! o Far easier to ID variations that matter Pg. 62 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  63. 63. Questions? Chris Brenton - Director of Security @Chris_Brenton cbrenton@dyn.com Pg. 63 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×