Your SlideShare is downloading. ×
0
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Securing Enterprise Assets In The Cloud
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Securing Enterprise Assets In The Cloud

907

Published on

From the Gaming Scalability event, June 2009 in London (http://gamingscalability.org). …

From the Gaming Scalability event, June 2009 in London (http://gamingscalability.org).

In this talk, Chris Purrington will discuss security challenges for cloud deployments and present VPN Cubed, a solution for the problem of integrating your existing infrastructure with the cloud. VPN-Cubed is a federated mesh of VPN servers that can be embedded in applications to run as a secure overlay network across multple locations, allowing your cloud machines can appear to exist on an extension of your local network. The enables you to run applications in the cloud while remaining connected to immobile systems such as databases and management interfaces.

As VP Sales at cloud enabler CohesiveFT Chris is responsible for worldwide sales. With over 20 years in the software industry. Chris has extensive experience in leading ISVs to success in EMEA, this includes 9+ years at Application Lifecycle Management company Borland where he was UK MD and VP UK , Ireland and Africa. Chris is an active member of the London cloud community, organising CloudCamp London and the AWS London User Group. Don't hold it against him but Chris started his career as a 'bean counter', and is a Fellow of the Chartered Association of Certified Accountants.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
907
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
45
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Cohesive Flexible Technologies Controlling and Securing Your Assets in the Cloud Chris Purrington, CohesiveFT Copyright CohesiveFT 2009 1
  • 2. CohesiveFT - on boarding solutions for public, private and hybrid clouds Team looks like this 20 Cloud Computing Startups You Should Know Copyright CohesiveFT 2009 2
  • 3. CohesiveFT - on boarding solutions for public, private and hybrid clouds We do this Copyright CohesiveFT 2009 3
  • 4. The cloud is not a panacea for bad design. But moving applications to the cloud can quickly reduce capital expenditure, speed time to market. Copyright CohesiveFT 2009 4
  • 5. The first question on everyone’s mind: Is my stuff safe up there? ? ? ? ? ? ? ? ? ? ? ? ? Copyright CohesiveFT 2009 5
  • 6. Security and control remain top concerns Copyright CohesiveFT 2009 6
  • 7. Use “your father’s VPN” Copyright CohesiveFT 2009 7
  • 8. Typical VPN: Remote office access Copyright CohesiveFT 2009 8
  • 9. Typical VPN: Remote office access X X X X X Copyright CohesiveFT 2009 9
  • 10. Uhhh...no. Typical VPN does not provide high availability, overlapping address spaces, multi-site routing, etc.. But an overlay network can. confidential 10
  • 11. I will be robust and secure using cloud-to-cloud DR confidential 11
  • 12. Do x-cloud fail over...somehow.... Cloud A Copyright CohesiveFT 2009 12
  • 13. Somehow... Cloud A Copyright CohesiveFT 2009 13
  • 14. Do this! (somehow) Cloud A Cloud B Copyright CohesiveFT 2009 14
  • 15. (somehow) When you put your assets in a cloud you surrender CONTROL of addressing, protocols, topology, and secure communications. But an overlay network gives back CONTROL. confidential 15
  • 16. Speaking of security... What’s inside this VM? Copyright CohesiveFT 2009 16
  • 17. Speaking of security... What’s inside this VM? Copyright CohesiveFT 2009 17
  • 18. Speaking of security... What’s inside this VM? I know, let’s ask him... Picture from: www.sysadminday.com Copyright CohesiveFT 2009 18
  • 19. Speaking of security... What’s inside this VM? ...or him. Picture from: www.sysadminday.com Copyright CohesiveFT 2009 19
  • 20. Server “assembly” costs are THE Enterprise IT cost 20-year journey from single file deployment to homogenous architecture (the “C” program on Unix) to single file deployment on heterogeneous architecture (the VM to everywhere) As such - assembly error and propagation represents one of the biggest security risks as well Photo credit: Zach Rosing, May 25, 2007, Copyright CohesiveFT 2009 20
  • 21. Do you have evil clones? Good clones? There is going to be a lot of them. Run the numbers... Photo credit: Paramount 10,000,000 - today 250,000,000 - 2015 2,500,000,000 - is not impossible Copyright CohesiveFT 2009 21
  • 22. “P2V and SLA are mutually EXCLUSIVE!” Why? The 3 rules of hardware computing... 1) When you get a physical machine installed and working - NEVER MOVE IT 2) When you get the software installed and PHYSICAL TO VIRTUAL........easy. working - NEVER TOUCH IT 3) When you “touch it”, don’t tell anyone. Copyright CohesiveFT 2009 22
  • 23. So...I am highlighting 2 issues in securing your assets in the cloud Even if using a cloud...it needs Working from a “bill of materials” to be YOUR infrastructure in approach is the only way to safely YOUR control survive the clone wars Copyright CohesiveFT 2009 23
  • 24. YOUR infrastructure in YOUR control in the clouds Use an “overlay network” that you acquire, configure, deploy and manage. Enterprise IT is about checks, balances, and risk mitigation. Copyright CohesiveFT 2009 24
  • 25. What is an overlay network? An overlay network is a computer network which is built on top of another network. Nodes in the overlay can be thought of as being connected by virtual or logical links, each of which corresponds to a path, perhaps through many physical links, in the underlying network. Copyright CohesiveFT 2009 25
  • 26. Use an overlay network CONTROL: - Your addressing - Your topology - Your protocols - Your secure communications Copyright CohesiveFT 2009 26
  • 27. I have software that REQUIRES multicast for service discovery This is true of many enterprise software packages (grid computing packages, database clusters, wikis and more).  Even inside the enterprise complexity and lead times prevent shared use of available resources in disparate customer controlled data centers because VLAN reconfiguration would be too expensive.  VPN-Cubed allows you to get the multicast traffic into the overlay network before it is rejected by the underlying network infrastructure. This allows you control of your protocols. Copyright CohesiveFT 2009 27
  • 28. I want to control my own network addresses I am an early adopter of cloud computing and love the flexibility provided by public cloud like Amazon EC2 but I want to control my own network addresses, not be given some different set of VLAN addresses when I reboot my servers.  VPN-Cubed gives you control of your addressing allowing you to give your cloud servers static addresses that only change when YOU want them to.  Local infrastructure control of addressing in the public clouds! Copyright CohesiveFT 2009 28
  • 29. Can’t I use my existing data center NOC? I have completed some of my “datacenter to cloud” migrations but am now under pressure to use new monitoring and management tools.  Can’t I use my existing datacenter NOC (network operations center)?  VPN-Cubed allows you to simply set up an overlay network for the express purpose of connecting cloud VLANS (at EC2 for example) to data center management installations using popular commercial systems like Tivoli, Unicenter, OpenView, as well as leading open source systems like Nagios, Hyperic and GroundWorks. Copyright CohesiveFT 2009 29
  • 30. I want to use EC2 USA and EC2 Europe for both fail over and data privacy issues I am a cloud early adopter and I want to use both Amazon EC2 USA and Amazon EC2 Europe for both fail over and data privacy issues.  How can I securely link the two environments and treat them as one logical network?  VPN-Cubed does this “out of the box” with a pre-packaged solution “VPN-Cubed for EC2” available for self-service clients as well as those needing some professional services support. Copyright CohesiveFT 2009 30
  • 31. Isn’t there a way I can test ISV solutions as if on my local network? I have an ISV who has a solution which I would like to evaluate but it will be quite disruptive for me to install. Can’t I can test their solution as if it was on my local network?  VPN-Cubed allows your ISV to install their solution as a virtual server in a public cloud like EC2, yet make it available to a DMZ or particular set of VLANs in your corporate environment.  The burden of testing the ISV solution should rest with your vendor with minimal impact or workload on your team. Copyright CohesiveFT 2009 31
  • 32. VPN-Cubed Overlay Network Customers Addressing Customer Encryption Customer Multicast VPN-Cubed Managers Virtual Servers create an overlay network. Internet, leased or private network Data Center Cloud A VPN-Cubed Managers synchronize state and management information across N managers Copyright CohesiveFT 2009 32
  • 33. VPN-Cubed Edtions -VPN-Cubed for EC2 (Free) -VPN-Cubed for EC2 (Paid AMIs) -VPN-Cubed: Datacenter to EC2 -VPN-Cubed: Datacenter to EC2 (IPsec) -VPN-Cubed: Enterprise Edition Copyright CohesiveFT 2009 33
  • 34. VPN-Cubed for EC2 (Free Edition) Build an overlay network controlled by VPN-Cubed Managers in US and/or EU Peers Peers OR EC2 EC2 OR Peers USA EU EC2 EC2 USA EU Copyright CohesiveFT 2009 34
  • 35. VPN-Cubed for EC2 (Paid AMIs) Build an overlay network controlled by 4 managers in US and/or EU regions Peers Peers EC2 EC2 USA EU Copyright CohesiveFT 2009 35
  • 36. VPN-Cubed: Datacenter to EC2 Run an overlay network using Manager pairs in EC2 region and your data center WHAT IS DIFFERENT? The local VPN-Cubed Managers will need to be Peers assembled in a virtual machine format you can support. You WILL need to allow the Managers in your Peers data center to initiate outbound connections. You MIGHT want to allow the Managers in EC2 to initiate inbound connections to the local managers, if so you LIKELY will have to make some NAT entries in your network control equipment. Your EC2 You SHOULD put the VPN-Cubed Managers in a Data EU VLAN setup where you are comfortable with what traffic can and cannot traverse to and from Center or your EC2 VLAN. EC2 USA Copyright CohesiveFT 2009 36
  • 37. VPN-Cubed: Datacenter to EC2 (IPSEC) Overlay network created via Manager pairs in EC2 and your data center equipmentt WHAT IS DIFFERENT? There are no local VPN-Cubed Managers. Your data center extranet solution (Cisco ASA, Cisco Pix, Juniper Netscreen) will connect to IPSEC VPN-Cubed Managers in the cloud, front-ended Gateways Peers by VPN-Cubed IPSEC Gateways. You MIGHT want to allow the Managers in the cloud to route traffic to your datacenter, if so you WILL have to make some routing entries in the VPN-Cubed Managers. EC2 Your EU Data or Center EC2 USA Copyright CohesiveFT 2009 37
  • 38. VPN-Cubed: Enterprise Edition Complex, multi-manager, custom topology captured as a specification Evolution of use cases. As we discover different use cases we retrofit them as specification to automatically drive the user interface for peering and monitoring. It is in incremental and ongoing process at this point of the market. Copyright CohesiveFT 2009 38 38
  • 39. YOUR infrastructure in YOUR control in the clouds THIS or THIS Enterprise IT is about checks, balances, and risk mitigation. Copyright CohesiveFT 2009 39
  • 40. With a BOM approach: - Identity - Customization - Provenance This is an EC2 server... Bill of Materials right? Look again... Copyright CohesiveFT 2009 40
  • 41. With a BOM approach: Bill of Materials Re-master device: - new cloud - new VM type - new OS Make clones with unique IDs, unique MAC addresses It the BOM! Copyright CohesiveFT 2009 41
  • 42. Copyright CohesiveFT 2009 42
  • 43. What does Elastic Server do? Gives Anyone THEIR own SOFTWARE FACTORY Copyright CohesiveFT 2009 43
  • 44. What does Elastic Server do? Any developer, SI, ISV, project, team, enterprise can SOURCE THEIR own component supply chain can CREATE THEIR own server design center can MARKET, can MESSAGE, can DISTRIBUTE THEIR own server product Copyright CohesiveFT 2009 44
  • 45. Server assembly like hardware Elastic Server Platform confidential 45
  • 46. Build from components just like your would from HP or Dell... confidential 46
  • 47. Source Assemble Allows choice at every level - Open Source Components - Commercial Source Components - Proprietary Source Components - Multiple Operating Systems confidential 47
  • 48. Assemble Create Upload your own or your licensed ISV component Capture Operating Instructions confidential 48
  • 49. Create Deploy Rapid deployment to virtual and cloud infrastructures Assembly portals allow precise control of enterprise architecture confidential 49
  • 50. Market Message Distribute Assembly portals allow: - control of your message - control of your brand - control of your architecture - control of your execution context - control of your customer connection - support and highlight your ecosystem - support e-commerce integration - support usage pattern analysis confidential 50
  • 51. Manage Save Bill of Material as a template Rebuild button - allows “remanufacturing” for patch mgmt - allows “remanufacturing” for migrations or heterogeneous deployment Bill of Materials confidential 51
  • 52. Manage Manage Each Elastic Server is injected with management components to facilitate enterprise virtualization Common device control across environments confidential 52
  • 53. Elastic Server Key Themes and Values ES as a meta-packaging system ES covers the continuum from “vm building” to an online community for teamsourcing/crowdsourcing virtual servers - Appliance Builders - OSS ISVs - Traditional ISVs - Enterprises ES as a driver of provenance, certification and standards ES as a tool to integrate developers to the production flow ES as an e-commerce system for marketing, messaging and distributing virtual servers ES as a defense against vendor lock in confidential 53
  • 54. www.elasticsever.com www.cohesiveft.com blog.elasticserver.com Copyright CohesiveFT 2009 54 twitter.com/elasticserver
  • 55. Thanks chris.purrington@cohesiveft.com Copyright CohesiveFT 2009 55

×