Henry Stapp, Director of Product Management at Apcera, explores the promises of the cloud and how new technologies (containers, micro-services, etc.) enable unparalleled speed and flexibility.
4. 4
Complexity
Leads to
RISK
Siloed
Your Cloud StackSoftwareLayerInfrastructureLayer
Containers and
Microservices
Traditional and
Legacy Applications
Cloud Native
Applications
MiddlewareLayer
Orchestration Tools
Configuration Tools
Container Management Tools
Auditing Tools
Logging Tools
Application Platforms
Platforms-as-a-Service
Unique
Dependencies
5. 5
You need the cloud to work for you,
NOT the other way around.
6. The Importance of Policy
6
๏ Policy refers to the rules and best practices that set up guard rails for
your system. Policy can help:
‣ Governance
‣ Risk
‣ Compliance
๏ Most policies are loosely crafted and live on a sticky note, whiteboard,
email or in the heads of your ITOps team.
๏ Declaring consistent, effective policy across your organization
generally looks like this…
8. Packaging System enables fine grained policy for versions, workload
manifests and what can be used in an un-opinionated system.
Service Composition01
Infuse Your System with Policy: Five Key Pillars
9. Packaging System
manifests and what can be used in an un-opinionated system.
Service
Resource Management
01
02
Container Management System enables isolation and enforced
security granular policy for memory/cpu/disk/network quotas.
Infuse Your System with Policy: Five Key Pillars
10. Packaging System
manifests and what can be used in an un-opinionated system.
Service
Resource
Scheduling
and Placement
01
02
03
Container Management System
security granular policy for memory/cpu/disk/network quotas.
Policy Aware Scheduler enables granular control for workloads placement:
geographical, affinity-based tagging for service access, compute and infra elasticity.
Infuse Your System with Policy: Five Key Pillars
11. Packaging System
manifests and what can be used in an un-opinionated system.
Service
Resource
Scheduling
and
Policy Aware Networking enables a truly programmable network at workload
abstraction layer that can enforce policy on any infrastructure at the speed of
deployment and orchestration, plus the ability to instantly self heal.
Connectivity and
Communication
01
02
03
04
Container Management System
security granular policy for memory/cpu/disk/network quotas.
Policy Aware Scheduler
geographical, affinity-based tagging for service access, compute and
Infuse Your System with Policy: Five Key Pillars
12. Packaging System
manifests and what can be used in an un-opinionated system.
Service
Resource
Scheduling
and
Policy Aware Networking
abstraction layer that can enforce policy on any infrastructure at the speed of
deployment and orchestration, plus the ability to instantly self heal.
Connectivity and
Communication
01
02
03
04
Container Management System
security granular policy for memory/cpu/disk/network quotas.
Policy Aware Scheduler
geographical, affinity-based tagging for service access, compute and
What good are rules if they aren’t followed? Effective policy provides visibility
within your system so automated enforcement is possible. Automated enforcement
removes humans from the equation and greatly reduces the chance of errors.
Automated Enforcement
of Your Policy
05
Infuse Your System with Policy: Five Key Pillars
13. Trust Model for Cloud-Native Applications
MULTI-WORKLOAD
MULTI-CLOUD
POLICY
SECURITY
ENFORCEMENT
DEPLOY
ORCHESTRATE
GOVERN
• Cloud-resident Policy Engine at
the core
• Service level evaluation and
enforced for GRC
• Every service resource is
closed by default
• Every service resource is
assumed compromised
• All components are
isolated by default
Permissions need to be explicit
and granted in all directions
Secure separation of control,
management and data planes
Secure message bus to
connect all resources
Cloud Native service behavior exception
monitoring, alerting and audit logging
•
•
•
•
14. Request
Policy Agent
Policy Engine (Cloud-Native GRC)
Policy Centric Monitoring, Evaluation & Enforcement
Request
Request
Policy Agent Policy Agent Legacy Agents SaaS
Agents
DB2
Delivering Secure Cloud-Native Services for Governance, Risk and Compliance
Salesforce
Service
VMware
Service
AWS
Service
OpenStack
How Apcera Handles Trust
15. The Apcera Vision
Deliver platform technology that unlocks the full power of massive amounts
of compute resources and data. All in a trusted and unified way.
Derek Collison
Founder and CEO at Apcera
๏ CTO, Chief Architect at VMware
๏ Architected CloudFoundry
๏ Technical Director at Google
๏ SVP and Chief Architect at TIBCO
Apcera Value Proposition
Customers
Innovate at speed — with full confidence and trust
Business Benefits:
- Risk Mitigation and Full
Compliance
- Reduce CapEx and OpEx
- Simplify Operations
- Faster Time to Market
- Full integration with
“modern” IT tools in use