• Share
  • Email
  • Embed
  • Like
  • Private Content
Security & Governance for the Cloud: a Savvis Case Study (Presented at Cloud Expo 2011)
 

Security & Governance for the Cloud: a Savvis Case Study (Presented at Cloud Expo 2011)

on

  • 2,457 views

Presentation from Cloud Expo on Securing and Governing Cloud Service featuring Layer7's Scott Morrison and Savvis' Bill Forsyth ...

Presentation from Cloud Expo on Securing and Governing Cloud Service featuring Layer7's Scott Morrison and Savvis' Bill Forsyth

Learn More Fro Layer 7: http://www.layer7tech.com/solutions/cloud-single-sign-on

www.facebook.layer7

Statistics

Views

Total Views
2,457
Views on SlideShare
2,005
Embed Views
452

Actions

Likes
0
Downloads
44
Comments
0

7 Embeds 452

http://www.layer7tech.com 384
http://layer7.com 26
http://www.layer7.com 16
http://www.linkedin.com 13
url_unknown 8
http://www.techgig.com 4
http://twitter.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Security & Governance for the Cloud: a Savvis Case Study (Presented at Cloud Expo 2011) Security & Governance for the Cloud: a Savvis Case Study (Presented at Cloud Expo 2011) Presentation Transcript

    • Securing and Governing Cloud Services Bill ForsythA Savvis Case Study VP Eng.
    • Savvis  Global leader in cloud infrastructure and hosted IT solutions for enterprises  Key Metrics – Nearly 2,500 unique business and government clients, including more than 30 of the top 100 companies in the Fortune 500 – More than 2,200 employees with deep expertise in technical operations, customer support, engineering and consulting – $933 million in revenue in 2010  Services – Cloud – one of the industry’s broadest lines of enterprise-class cloud services – Colocation, Managed Hosting and Utility Compute – facilities and operations; compute, storage and network – Network – converged applications; community of interest networks; private lines; Internet – Security – managed security services and consulting – Industry Solutions – financial, government and Software-as-a-Service (SaaS) – Professional Services – infrastructure, security, business continuity, compliance and program management2Savvis Proprietary & Confidential
    • Savvis Symphony Family  Savvis Symphony Dedicated: Hosted Private Cloud solution  Savvis Symphony Open: Flexible Multi-Tenant Cloud solution  Savvis Symphony VPDC: Virtual Private Data Center solution Savvis Symphony Open Multi-Tenant virtual infrastructure Savvis Symphony VPDC Savvis Symphony Dedicated Complete Virtual Private Data Centers Dedicated, virtual infrastructure3Savvis Proprietary & Confidential
    • Customer Requirements  Enterprise customers wanting flexibility and cost benefits of multi- tenant public clouds, in a private secure fashion  APIs expose/control the VPDC (compute, storage, network, and security policy)  APIs may be private or public  For public APIs – Bad actors – Accidental misuse  Compliance – FISMA – PCI4Savvis Proprietary & Confidential
    • Cloud Definition Essential Characteristics Service Models Deployment Models5 5Savvis Proprietary & Confidential
    • Layer7 Detail6Savvis Proprietary & Confidential
    • VPDC System Boundaries Cloud Site Management Network Management Multitenant Virtual Services POD Data Center (VDC) Services POD Virtualization Compute POD DNS Manager AD/LDAP DNS Compute POD Security AD/LDAP Manager Management Compute POD Bastion NTP Logging Servers Corporate Corporate Storage Network Compute POD Firewall Firewall Middleware/ Manager Manager Business Services Compute POD Back-up Multi-Use Manager Server Provisioning Compute POD CMDB Systems Layer7 WAF Virtual Orchestration Services POD Storage Services POD VPDC API Portal Middleware/ Cloud Business Services Services Firewall (IN) Network Services POD Ticketing Cloud Services Firewall (OUT) Event Management Back Office DMZ Network Network7Savvis Proprietary & Confidential
    • Securing the Cloud (out of box)  Require SSL  Audit calls  IDS  DDoS  Provide Security Penetration Protection – Code injection – Malformed Requests – SQL Attacks – Limit request message size – Check for XML, and reject DOCTYPE (prevents external XML element definition) – Protect against XML document structure (limit depth of XML tree) – Automatic retry on target service8Savvis Proprietary & Confidential
    • Securing the Cloud ( configured)  Authentication and Authorization  Credential Caching and Expiration  IP restrictions (white listing)  Provide rate limiting  Provide API Service Level Monitoring – Target service timeout alert to support – Monitoring Overall Health9Savvis Proprietary & Confidential
    • Governing API Sets Layer 7 SOA Governance •Throttling Policy •Monitoring (api.savvis.net) Reporting •Usage •Billing •Authentication VPDC Portal OSS Storage Security •Authorization10Savvis Proprietary & Confidential
    • Governance  Isolation of API types and dependencies  Reduce number of interface types  Protocol Translation  Centralization of control  Reporting (availability, billing, etc..)  Policy (hierarchy, push, promotion, rollback)  Delegation of administration and offloading of developers (security, auditing, throttling, etc..)  Perform HREF URL manipulation (replace target service URI with proxy/Internal URI e.g. replace api.symphonyvpdc.savvis.net with api.savvis.net)  Route based on URL, ip, content, etc….  External Integration – Logging – OSS Event Management (faults, SLA violations, etc…) – CMDB (entitlements, logical representations, meta-data, etc…)  Flexible deployment (physical device, appliance, multi-site, multi- environment, clustered)11Savvis Proprietary & Confidential
    • Business Enablers Partners Resellers API Billing extensions SLA Tiered Usage12Savvis Proprietary & Confidential
    • VPDC Service Levels13Savvis Proprietary & Confidential
    • Billing Use Case14Savvis Proprietary & Confidential
    • PaaS / Composite Operation Example /VPDC_CreateVM /PaaSFunction1 Layer7 /VPDC_ProcessData /VPDC_DestroyVM15Savvis Proprietary & Confidential
    • developer.savvis.net  Phase 1 – Site with discussion forums or e-mail alias support – Webinar for partners and customers – Invited developer accounts with restrictions – Examples – Usage reporting  Phase 2 – Enhance site – Sandbox – Webinars – More examples – Voting on requirements/ideas – Monetization (tiered usage, partner certification) – Developer marketing  Phase 3 – Ongoing improvements based on demand and feedback16Savvis Proprietary & Confidential
    • Thank You 17