Krzysztof Rafalski - IBM Polska - Chmura nieuchronnym elementem Twojego IT w (nie)dalekiej przyszłości. Śmiertelne zagrożenie czy rozwojowa perspektywa?

1. Krzysztof Rafalski – Executive Technology Architect
January 2014
The Cloud being part of your IT
Lethal threat or wonderful perspective?
© 2013 IBM Corporation

2. Cloud Consulting – always on duty...
2
© 2013 IBM Corporation

3. The Evolution of the IT Environment
From monolithic applications
From static infrastructure
to cloud services
From programmed systems
to learning systems
From structured data at rest
to unstructured data in motion
From stable well-defined workloads
to unpredictable workloads
From standard devices
to a variety of devices
From proprietary standards
3
to dynamic services
to open innovation
© 2013 IBM Corporation

4. Several service models have emerged in the cloud
Business Process, Software, Platform and Infrastructure Services and
Components to Build Public and Private Clouds
Cloud Services
Cloud Components
Customers consume business outcomes (e.g. payroll
processing, HR) by accessing business services via Webcentric interfaces
Software
as a Service
(SaaS)
Customers use applications (e.g. CRM, ERP, e-mail) from
multiple client devices through a Web browser
Platform
as a Service
(PaaS)
Infrastructure
as a Service
(IasS)
Customers use programming languages, tools and
platforms to develop, deploy, and manage applications
Services
Components
Business Process
as a Service
(BPaaS)
Software
Hardware
Customers use processing, storage, networks, and other
computing resources with ability to rapidly and elastically
provision and control resources to deploy and run
software and services
All of these services can be consumed via multi-tenant and shared infrastructures
without the need to manage or control the underlying resources
4
© 2013 IBM Corporation

5. IaaS, PaaS, SaaS – who manages what?
Traditional
On-Premises
Platform
as a Service
Infrastructure
as a Service
Software
as a Service
Applications
Applications
Applications
Applications
Data
Data
Data
Data
Runtime
Runtime
Runtime
Runtime
Middleware
Middleware
Middleware
Middleware
O/S
O/S
O/S
O/S
Virtualization
Virtualization
Virtualization
Virtualization
Servers
Servers
Servers
Servers
Storage
Storage
Storage
Storage
Networking
Networking
Networking
Networking
Client Manages
Vendor Manages in Cloud
Standardization; OPEX savings; faster time to value
5
© 2013 IBM Corporation

6. Different cloud models for different workloads
Private
Cloud
Managed
Private Cloud
Hosted
Private Cloud
Enterprise
Data Center
Enterprise
Third-party
operated
Enterprise
Data Center
Shared
Cloud Services
Public
Cloud Services
Enterprises
Users
Third-party
hosted and
operated
Private
Public
IT capabilities are provided “as a service,”
over an intranet, within the enterprise and
behind the firewall
IT activities / functions are
provided “as a service,” over the
Internet
Higher control
Lower cost
Hybrid
6
Internal and external service delivery methods
are integrated
© 2013 IBM Corporation

7. Migration to Cloud - Cloud adoption is driven by workloads.
Ready
for cloud…
Collaborative care
Analytics
Infrastructure
storage
Information
intensive
New workloads
made possible by
clouds…
Medical imaging
Financial risk
Industry applications
Collaboration
Isolated
workloads
Workplace, desktop
and devices
Sensitive data
Mature
workloads
Highly customized
Business processes
Disaster recovery
Not yet virtualized
third-party software
May not yet
be ready
for migration…
Energy management
Preproduction
systems
Complex processes and
transactions
Development and test
Batch
processing
Infrastructure
compute
Regulation sensitive
7
© 2013 IBM Corporation

8. Migration to Cloud based on workload affinity.
Higher Gain From Cloud
To manage the transformation of
workloads to a Cloud Computing
environment in the optimum
manner, a structured approach to
analyzing each individual IT
workload is required
Higher Pain To
Cloud Delivery
Numerical
[Low Data/Compute]
Web Serving
Data Warehousing
Data Mining
Virtual Desktop
[High Data Transfer]
Systems Mgmt.
File & Print
LE - ERP/SCM/CRM
LE - Transaction
Processing
Collaboration
Numerical
SME
ERP/SCM/CRM
Application Dev’t.
& Test
Lower Pain To
Cloud Delivery
“Virtualized Traditional” Architecture
“Database Centric” Architecture
“Content Centric” Architecture
“Loosely Coupled” Architecture
“Analytics” Architecture
8
Lower Gain From Cloud
© 2013 IBM Corporation

9. How do we migrate your IT into the cloud?
Inventory
Automated Data Collection
Total Image Landscape
Affinity Map








Rapid: Slide quickly into cloud with little (e.g. SP) or no adjustments needed
Rapid+Minor: Minor OS upgrade (e.g. RHEL 5.2  5.4)
Rapid +Future Release: Soon to be supported (e.g.Win 2003 R2 Enterprise edition)
Replatform: Moves from unsupported OS’s (e.g Sun) to Linux
Reinstall: Outdated OS’s (RHEL v4) that need major upgrade
Rapid +Major: Infrastructure change (e.g. change construction of app with NICS, Disc, Clusters)
Physical: Required physical host based on analytics
Hypervisor: Does not need to be moved as it is recreated at target
3
© Copyright IBM Corporation 2011
2012
Dependencies
Migration Roadmap
Executive Summary
Gathering & Loading of the development data
 Initial server data has been loaded into SCOPE
 Inventory, Filesystem, and Network Interface data has been loaded in to SCOPE
 52,071 servers have been found in the Database
What we Have Done been appliedData production data
 Some SCE+ Rules have with the to the
 30,764 images out of 52,071 (or 60%) have a high probability of candidacy for SCE+
 18,306 images out of 52,071 (or 35%) fall under the Rapid Migration method
 Not all SCE+ rules have been applied. Business rules are yet to be applied
What we are Doing in Parallel
 We are extracting more information to identify clusters and application dependencies
SCE+ Rules that have been applied





2
9
Servers with more than 1 NIC port are Non-Candidates in SCE+
Servers with IP count greater than 4 are Non-Candidates in SCE+
Servers with DISK count greater than 8 are Non-Candidates in SCE+
Servers with OS Versions outside of Rapid migration have been applied
Partition size more than 512 GB are non-Candidate in SCE+
© Copyright IBM Corporation 2011
2012
© 2013 IBM Corporation

10. Different cloud deployment models also change the way we
think about security
Private cloud
On or off premises cloud
infrastructure operated solely
for an organization and
managed by the organization
or a third party
Hybrid IT
Public cloud
Traditional IT and clouds (public and/or
private) that remain separate but are bound
together by technology that enables data and
application portability
Available to the general
public or a large industry
group and owned by an
organization selling cloud
services.
Changes in
Security and Privacy
−
−
Provider responsibility for infrastructure
−
More customization of security controls
−
Less customization of security controls
−
Good visibility into day-to-day operations
−
No visibility into day-to-day operations
−
Easy to access to logs and policies
−
Difficult to access to logs and policies
−
10
Customer responsibility for infrastructure
Applications and data remain “inside the firewall”
−
Applications and data are publically exposed
© 2013 IBM Corporation

11. Cloud Security – Building the Solution
Self-Service
GUI
User identity
is verified and
authenticated
IBM Identity &
Access
Management
Visibility &
Monitoring of the
Cloud
Environment
QRadar Log Management
C
QRadar SIEM
Cloud Enabled Data Center
Image
provisioned
behind FW / IPS
1
Host security
installed and
updated
Cloud
Platform
A
Resource chosen
from correct
security domain
Available
Resource
2
VM is configured
with appropriate
security policy
Image
Library
Machine
Image
Software
patches applied
and up-to-date
3
SW
Catalog
4
5
•IBM Security
D
Network Intrusion
Prevention (IPS)
•IBM Security SiteProtector
Configured
Machine Image
Virtual Machine
6
Virtual Machine
Hypervisor
IBM Endpoint Manager for
Security and Compliance
B
Config
Binaries
Resource Pool
11
© 2013 IBM Corporation

12. NGCi - Business needs and the Vision
The creation of truly
national infrastructure
which interconnects all
regions of the country;
The creation of innovative
technological concepts
that will become a core
part of the platform used to
deliver various kinds of
services;
The development of
computing science,
research and education;
12
Mass spread of innovational
activity;
Modernization of industry
and formation of new
values; and
Location: one of the CIS countries
Profile: Government sector – initially healthcare and
research
Solution components: desktop cloud, private cloud
Onboarded: pilot completed 2Q13
The development of new
high-tech service sector;
Efficient transformation of
knowledge into industrial
technologies;
National Grid Cloud Infrastructure
(NGCi)
Supporting and
encouraging international
and local scientific
collaboration.
© 2013 IBM Corporation

13. NGCi – Architecture Overview
Commercial Usage
Non-Commercial Usage
Users
Medical User Non-Medical User Government Official Researcher Student
Citizen
Research VOs
Research VOs
Research VOs
UMIS
Communication
Channels
Terminal Sensors
NGCi
Consumer
Services
Grid/Cloud Service
Endpoint Provisioning
Mobile Personal computer
Devices
Grid/Cloud self-service
portal
Resource virtualization
and provisioning
Application deployment
and management
Service and Operations
Management
Data & Analytics
Grid/Cloud Services
HPC Services
Grid/Cloud Integration
Services
NGCi Operating Environment Services
User
Inteface
Grid/Cloud
Service Creators
Service Catalog
Management
Grid/Cloud portal
management
Business
Services
Process Blueprints
Extensible Portal
Components
Orchestration
UI Controller for
Service Fabric
Portal UI API
Operational Decision
Event Manager
Workflow
Operational Decision
Rule Manager
API / Blueprint
management
Service Management
Development Tools
Integration
Services
XML
Transformation
Mediation
Application
Adapters
Industry
Standards
Service Fabric for
Endpoints
High Performance
Computing Endpoints
Analytics and
Optimization Endpoints
Service Deployment
API Development
Lifecycle Tools
Virtual Resource
Management Tools
Data
Services
Data virtualization
Big Data Services
Advanced analytics
Information Streams
Analytics
Data vizualization
Data lifecycle services
Big Data Filesystem
Business Intelligence
Advanced optimization
Grid Analytics
Databases
Operational
Data Stores
Infrastructure Layer
Virtualization
VM
VM
VM
VM
VM
PureFlex
Compute
Storage
Cloud Governance
VM
VM
VM
VM
PureFlex
Network
Compute
Security
Governance, Risk
Management &
Compliance
Storage
VM
VM
VM
GRID
Physical Layer
PureFlex
Network
Problem &
Information Security
Incident
Management
Compute
Storage
Identity and
Access
Management
GRID
GRID
GRID
GRID
GRID
GRID
HPC
Network
Compute
Data classification
and protection
Storage
GRID
HPC
Network
Systems
Acquisition and
Maintenance
Compute
Storage
Infrastructure
protection
Network
Physical and
Personnel Security
Security
Incident Management
Problem Management
Access Management
Change Management
Release Management
Request Fulfillment
Service management
13
© 2013 IBM Corporation

14. Pilot NGCi - Physical Solution Overview
Dynamic grid/cloud
infrastructure based on
PureFlex systems
Smarter
Healthcare
Disaster Recovery
Center (DRC)
Test and
Development
Environment
Research
Environment
Smarter
Healthcare
Production
environment
High speed links
Primary DC with production
workloads:
• UHIS 2.0
• Unified Access and
iServices
• DWH and Analytics
Primary DC
DRC
MPLS cloud
Clinic No n
Hospital No 1
Hospital No n
Clinic No 2
Clinic No 1
Disaster Recovery DC with:
• Test and Development
environments
• Research environment
• Critical Production
systems in case of
disaster
Hospital No 2
MPLS connectivity Primary
DC/DRC/MOs
14
© 2013 IBM Corporation

15. A leading Ukrainian pharmaceutical company is adopting an
SCE+ based production cloud for SAP
Location: Kiev, Ukraine
BUSINESS CHALLENGE:
• Create a backup/passive replica of an SAP
environment for an existing installation;
• Prepare to meet complex, pharmacy
industry regulatory certification
environments (e.g. ISO);
• Optimize IT management costs;
Profile: The company has a 85 year history of
working for health and wellbeing of people.
Company’s products help overcome diseases in five
areas of therapy: endocrinology, cardiology,
ophthalmology, rheumatology, and catarrhal disorders.
Responsible for 18% of Ukraine’s drug manufacturing
output; one of the leading drug exporters: about 20%
of our products are exported; exporting drugs to more
than 20 countries of the world.
Solution components: SmartCloud Enterprise+
Onboarded: Q3 2013
SOLUTION BENEFITS:
• True availability service level agreement
(SLA) that is in alignment with business
requirements
• Improved IT agility in case of disaster
scenarios
• Automation allows for managed hosting
level capabilities in days vs. weeks
• Smaller up front commitment allows
customers to grow as needed
15
© 2013 IBM Corporation

16. Deployment Architecture Diagram
16
© 2013 IBM Corporation

17. Cloud standards landscape
Architecture
Defining cloud as an extension
of SOA to protect your investment
The Open Group & ISO SC38
Cloud Computing Reference Architecture
Infrastructure APIs
Standardized IaaS layer allows
Differentiation higher in the stack
OpenStack
Adoption of IaaS standards
DMTF
Cloud Infrastructure Management Interface
Open-services.net
Open Services for Lifecycle Collaboration
SNIA
Cloud Data Management Interface
Security
Ensuring the security of your
assets, regardless of the location
DMTF
Cloud Audit Working Group
OASIS
Cloud Identity Management
CSCC
Security Working Group
OAuth.net
OAuth
17
Management
Write once, run anywhere portable workloads
OASIS
Topology & Orchestration Specification for Cloud Apps
CSCC
Platform as a Service Workgroup
© 2013 IBM Corporation

18. IBM & Cloud Standards Customer Council (CSCC) contributing to cloud
security standards development to address barriers in cloud adoption
IBM Security Standards Participation
Client-focused open standards and interoperability
• Cloud Architecture Standards
– Including Security for SOA and Cloud
• ISO JTC 1/SC 27 – IT Security
Techniques
– Including cloud security methodologies,
procedures, guidelines, documentation
and evaluation procedures
18
• Identity in the Cloud TC
– Published Cloud Identity Mgmt. Use
Cases Whitepaper covering:
15 Identity Management categories
SaaS, PaaS & IaaS service models
Private, Public & Hybrid Cloud
– Drafting Cloud IdM Standards Gap
Analysis
• Cloud Audit Working Group
– Federation and Classification of Audit
Data for Compliance Reporting
© 2013 IBM Corporation

19. The IBM Common Cloud Reference Architecture (CCRA)
IBM CCRA public material:
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Wf3cce8ff09b3_49d2_8
Public Cloud RA whitepaper available on ibm.com:
ee7_4e49c1ef5d22/page/IBM%20Cloud%20Computing%20Reference%20Architecture%203.0
http://public.dhe.ibm.com/common/ssi/ecm/en/ciw03078usen/CIW03078USEN.PDF
CCRA OpenGroup submission:
http://www.opengroup.org/cloudcomputing/uploads/40/23840/CCRA.IBMSubmission.02282011.doc





Represents the aggregate experience from
hundreds of cloud client engagements and IBMhosted cloud implementations
• Based on knowledge of IBM’s services,
software & system experiences, including IBM
Research
Provides prescriptive guidance on how to build
IaaS, PaaS, SaaS and service provider clouds
using IBM technologies
Reflected in the design of
• Clouds IBM implements for clients
• IBM-hosted cloud services
• IBM cloud appliances
• IBM cloud products
Focuses on cloud specifics
• Radical cost reduction
• Achievement of high degrees of security,
reliability, scalability and control
Consists of multiple detailed documents
representing best-of-industry knowledge and
insight
• How to architect, design and implement clouds
CCRA 3.0
Cloud-enabled
data center /
building IaaS
Platform
Services
Cloud Service
Provider
Building SaaS
Common Reference Architecture Foundation
Cloud Service
Consumer
Cloud Service
Creator
Cloud Service Provider
Common Cloud
Management Platform (CCMP)
Cloud Services
Existing & 3rd party
services, Partner
Ecosystems
Business-Processas-a-Service
Cloud
Service
Integration
Tools
Sof tware-as-a-Service
Operational
Support
Services
(OSS)
Business
Support
Services
(BSS)
Service
Creation
Tools
Platf orm-as-a-Service
Consumer
In-house IT
Inf rastructure-as-a-Service
Inf rastructure
Security, Resiliency, Performance & Consumability
Governance
19
© 2013 IBM Corporation

20. Summary
1.
2.
3.
4.
5.
IT is really changing (the business requirements are changing)
Cloud plays important role – don’t ignore it
Cloud is important and it’s more than technology
Find what is good for you in a cloud
Think about your business
Contact:
• Krzysztof Rafalski
• +48 603 88 6308
• krzysztof.rafalski@pl.ibm.com
20
© 2013 IBM Corporation