Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
1
5 ¾ THINGS WE LEARNED BROKERING CLOUDS:
Why you should trust your Broker more than your Banker
Jon-Michael C. Brook, CIS...
2
AGENDA
• Introductions
• 5 Things Learned
• The Common Sense ¾
• Wrap-up
• Questions
3
INTRODUCTIONS
5 years in Enterprise automation; 2 years in brokering
– Booz Allen (23K employees – 1.5K broker users)
– ...
4
#5 - OPEN IS MORE CLOSED THAN YOU THINK
• Modularity, Openness & Reusability
• Impressive open source technologies from ...
5
INTRODUCING THE OPEN CLOUD BROKER
User Portal or
Marketplace
IaaS
Broker
PaaS
Broker
SaaS
Broker
Data
Broker
Administrat...
6
#4 MANAGE CUSTOMER EXPECTATIONS
Control Scope Creep
– Brokerage solutions are relatively new; expect a lot of
PoC’s, cus...
7
#3 – STICKINESS KILLS!
Tempting, built-in services (PaaS)
– Price advantages (free?)
– Performance/Resiliency advantages...
8
Sizing Models Price Arbitrage
BROKER’S ALGORITHMS DEAL ALL THE CARDS
Cost
Algorithms
Efficient
Architecture
& Design
Reb...
9
PRICING
Commoditization already in play
– Differentiable/Niche markets not
as aggressive
• Secure, Bring your own hardwa...
1
0BROKER ALGORITHM CONSIDERATIONS
FOR CSP (AZURE, AWS, RACKSPACE, VCHS, ONPREM, CUSTOM) [
TIERS (WEB, DB, APP, DMZ, OOB, ...
1
1ARBITRAGE: AN ILLUSTRATIVE EXAMPLE
AZURE SIZING AND PRICING
1
2ARBITRAGE: AN ILLUSTRATIVE EXAMPLE
AMAZON WEB SERVICES SIZING AND PRICING
1
3SIDE BY SIDE COMPARISONS
0
5
10
15
20
25
30
35
40
t2s,t2m,m3M
t2M,t2M,t2S
m3M,t2M,-
m3l,-,-
m3M,t2M,t2M
m3M,m3M,-
m3L,t...
1
4SIDE BY SIDE COMPARISONS
0
5
10
15
20
25
30
35
40
t2s,t2m,m3M
t2M,t2M,t2S
m3M,t2M,-
m3l,-,-
m3M,t2M,t2M
m3M,m3M,-
m3L,t...
1
5SIDE BY SIDE COMPARISONS
$-
$5.00
$10.00
$15.00
$20.00
$25.00
t2s,t2m,m3M
t2M,t2M,t2S
m3M,t2M,-
m3l,-,-
m3M,t2M,t2M
m3M...
1
6ARBITRAGE ISSUES
Notice any problems with this example?
Based on the relative CSP processing capabilities
• Is an Azure...
1
7FORBES: COMPARE AWS/VCHS/AZURE
http://www.forbes.com/sites/benkepes/2014/08/15/vmware-stick-the-boot-into-amazon-pricin...
1
8#1 - SECURITY’S AN OPPORTUNITY
Know the CSPs and use their mitigations
• (Also know they may be sticky!)
• CloudHSM – r...
1
9QUALITATIVE ASSESSMENTS
IAAS GARTNER MAGIC QUADRANT
*Gartner, Magic Quadrant
for Cloud Infrastructure as a
Service, Lyd...
2
0RISK MITIGATION - CHOOSING CSPS
*Results based on Booz Allen Cloud Service Provider AoA – 2014.05.30
PROVIDE A QUICK ST...
2
1PROVENANCE & PEDIGREE
Beyond Configuration Management
– On-premise Enterprise: Utilize an ISO, test downloaded patches
...
2
2# ¾ - TRUST
Not looking for a Boy Scout
– Do need transparency:
• Cost savings?
Pass a portion on to customer
• Sticky ...
2
3QUESTIONS
Jon-Michael C. Brook
brook_jon-michael@bah.com
@jonmichaelbrook
www.linkedin.com/in/jonmichaelcbrook
2
4HOW TO CREATE A NEW POLL
2
5HOW TO CREATE A NEW POLL
Upcoming SlideShare
Loading in …5
×

CSA14_Congress%20Top_5%2075_Brokering_PPT

212 views

Published on

  • Be the first to comment

  • Be the first to like this

CSA14_Congress%20Top_5%2075_Brokering_PPT

  1. 1. 1 5 ¾ THINGS WE LEARNED BROKERING CLOUDS: Why you should trust your Broker more than your Banker Jon-Michael C. Brook, CISSP
  2. 2. 2 AGENDA • Introductions • 5 Things Learned • The Common Sense ¾ • Wrap-up • Questions
  3. 3. 3 INTRODUCTIONS 5 years in Enterprise automation; 2 years in brokering – Booz Allen (23K employees – 1.5K broker users) – Government (280K employees – 2K+ users) – Commercial • Health Care • Oil & Gas • Pharmaceuticals Confirm Publicly Distributable
  4. 4. 4 #5 - OPEN IS MORE CLOSED THAN YOU THINK • Modularity, Openness & Reusability • Impressive open source technologies from Red Hat and others for enterprise automation – CloudFormation/CloudForms – AWS Integration – Containerization/PaaS offerings – Lacking the self-service and ease of use  Limited sample scripts only • Dependencies on other open source projects create limitations – Staggered rollouts require custom code • Implementer on the hook for updates – New features released that overwrite custom code
  5. 5. 5 INTRODUCING THE OPEN CLOUD BROKER User Portal or Marketplace IaaS Broker PaaS Broker SaaS Broker Data Broker Administrator Portal TaaS Broker Cloud Orchestration Engine XaaS Broker Capabilities • Mult IaaS integration • Sticky PaaS config • SaaS offerings Benefits • Modular/Flexible • Open Source • Business Process Integration • Marketplace
  6. 6. 6 #4 MANAGE CUSTOMER EXPECTATIONS Control Scope Creep – Brokerage solutions are relatively new; expect a lot of PoC’s, customer demos and pilots. – Create a well-defined Statement of Work/Contract – Repeatable, tested, well-documented, packaged solution Results – Avoid cost overruns – Prevent delivery delays – Provides self-service capabilities
  7. 7. 7 #3 – STICKINESS KILLS! Tempting, built-in services (PaaS) – Price advantages (free?) – Performance/Resiliency advantages • Master/Slave databases • Web sites • Underlying core services (DNS, DHCP, NTP) – Corresponding services w/ other CSPs? DevOps/Orchestration – Allows reuse of systems & services across multiple vendors • Puppet, Chef, Juju, etc.. – Major broker advantage anyway!
  8. 8. 8 Sizing Models Price Arbitrage BROKER’S ALGORITHMS DEAL ALL THE CARDS Cost Algorithms Efficient Architecture & Design Rebates & Discounts
  9. 9. 9 PRICING Commoditization already in play – Differentiable/Niche markets not as aggressive • Secure, Bring your own hardware, VMware/Microsoft/OpenSource based Price wars already started for IaaS – Google, Azure and AWS price cuts • AWS already regularly discounted services as new offerings brought online • Google aggressively pricing GCE • Microsoft working to match
  10. 10. 1 0BROKER ALGORITHM CONSIDERATIONS FOR CSP (AZURE, AWS, RACKSPACE, VCHS, ONPREM, CUSTOM) [ TIERS (WEB, DB, APP, DMZ, OOB, ETC); NATIVESTICKY (YES, NO); SECURITYLEVEL (PII, H, M, L); LICENSE COSTS (OS, DB, HA, SEC, BYOL); SPACEAVAIL (YES, NO); RESILIENCY (#9’S); ELASTIC (NONE, SLOW, AVG, AGGRESSIVE, CUSTOM); SERVERS=RESILIENCY*ELASTIC(TIERS - NATIVESTICKY + COUNT (SECURITYLEVEL)); COST = SPACEAVAIL * NATIVESTICKY * ELASTIC * RESILIENCY (LICENSE + TIERS* SECURITY * PRICE); OPTIONS = BUDGET < COST; ] BROKERDISPLAY (OPTIONS);
  11. 11. 1 1ARBITRAGE: AN ILLUSTRATIVE EXAMPLE AZURE SIZING AND PRICING
  12. 12. 1 2ARBITRAGE: AN ILLUSTRATIVE EXAMPLE AMAZON WEB SERVICES SIZING AND PRICING
  13. 13. 1 3SIDE BY SIDE COMPARISONS 0 5 10 15 20 25 30 35 40 t2s,t2m,m3M t2M,t2M,t2S m3M,t2M,- m3l,-,- m3M,t2M,t2M m3M,m3M,- m3L,t2M,- m3XL,-,- t2S,m3L,m3M m3M,t2M,t2S m3L,t2M,- m3XL,-,- t2S,t2S,m3M t2S,t2M,t2M t2M,t2M,t2S m3M,t2S,- Web DB App Auth CPU Memory Capacity (in AWS m3.2XL units) Peak (<2) Incremental (8hr) Persistent (24hr) 0 10 20 30 40 50 60 70 80 S, M, L M, M, S L, M, - XL, S, - S, M, L M, M, S L, M, - XL, S, - S, M, L M, M, S L, M, - XL, S, - S, S, M S, M, S M, S, S M, M, - Web DB App Auth CPU Capacity (in Azure XL units) Peak Incremental Persistent AMAZON WEB SERVICES SIZING AND PRICING
  14. 14. 1 4SIDE BY SIDE COMPARISONS 0 5 10 15 20 25 30 35 40 t2s,t2m,m3M t2M,t2M,t2S m3M,t2M,- m3l,-,- m3M,t2M,t2M m3M,m3M,- m3L,t2M,- m3XL,-,- t2S,m3L,m3M m3M,t2M,t2S m3L,t2M,- m3XL,-,- t2S,t2S,m3M t2S,t2M,t2M t2M,t2M,t2S m3M,t2S,- Web DB App Auth Memory Capacity (in AWS m3.2XL units) Peak Incremental Persistent 0 10 20 30 40 50 60 70 80 S, M, L M, M, S L, M, - XL, S, - S, M, L M, M, S L, M, - XL, S, - S, M, L M, M, S L, M, - XL, S, - S, S, M S, M, S M, S, S M, M, - Web DB App Auth Memory Capacity (in Azure XL units) Peak Incremental Persistent AMAZON WEB SERVICES SIZING AND PRICING
  15. 15. 1 5SIDE BY SIDE COMPARISONS $- $5.00 $10.00 $15.00 $20.00 $25.00 t2s,t2m,m3M t2M,t2M,t2S m3M,t2M,- m3l,-,- m3M,t2M,t2M m3M,m3M,- m3L,t2M,- m3XL,-,- t2S,m3L,m3M m3M,t2M,t2S m3L,t2M,- m3XL,-,- t2S,t2S,m3M t2S,t2M,t2M t2M,t2M,t2S m3M,t2S,- Web DB App Auth AWS Price per day Peak Incremental Persistent $- $10.00 $20.00 $30.00 $40.00 $50.00 $60.00 S, M, L M, M, S L, M, - XL, S, - S, M, L M, M, S L, M, - XL, S, - S, M, L M, M, S L, M, - XL, S, - S, S, M S, M, S M, S, S M, M, - Web DB App Auth Azure Cost per Day Peak Incremental Persistent AMAZON WEB SERVICES SIZING AND PRICING
  16. 16. 1 6ARBITRAGE ISSUES Notice any problems with this example? Based on the relative CSP processing capabilities • Is an Azure XL equal to an AWS m3.2XL? – There are larger and more specialized units within all of the environments – IOPS, SSD, Memory, etc • Does the computing/memory capability of an Azure instance offset the price differential • AWS offers an ECU – elastic computing unit • Azure bases their pricing on a similar set of statistics – i.e. Database Throughput Unit, Scrutinizing the broker’s algorithms with this level of detail difficult Might include company sensitive information • At least ask the question Forbes article
  17. 17. 1 7FORBES: COMPARE AWS/VCHS/AZURE http://www.forbes.com/sites/benkepes/2014/08/15/vmware-stick-the-boot-into-amazon-pricing-but-are-they-telling-the-whole-story/ NO SMOOTH COMPARISON, TESTING ON AN APP BY APP BASIS
  18. 18. 1 8#1 - SECURITY’S AN OPPORTUNITY Know the CSPs and use their mitigations • (Also know they may be sticky!) • CloudHSM – root of trust w/ SafeNet Luna Qualitative Assessments • Gartner Magic Quadrant • Broker Analysis of Alternatives • FedRAMP Quantitative Assessments • CSA STAR • SOC I/II Audits Provenance & Pedigree • aka Pre & Post Configuration
  19. 19. 1 9QUALITATIVE ASSESSMENTS IAAS GARTNER MAGIC QUADRANT *Gartner, Magic Quadrant for Cloud Infrastructure as a Service, Lydia Leong et al., published: 28 May 2014
  20. 20. 2 0RISK MITIGATION - CHOOSING CSPS *Results based on Booz Allen Cloud Service Provider AoA – 2014.05.30 PROVIDE A QUICK STARTING POINT Brokers need to start the discussion • Identify most important customer risks • Combine with industry knowledge and experience BCP/DR • All Microsoft shop—does it make sense to retrain to another provider? Provisioning • Processes and procedures in place—retool from enterprise VMware? Automation • Linux scripts transfer over directly—DevOps makes easy to port anywhere? Governance, Risk & Compliance • Which providers offer SOC/IaaS underlying certifications to pass PCI/HIPAA/FISMA audits?
  21. 21. 2 1PROVENANCE & PEDIGREE Beyond Configuration Management – On-premise Enterprise: Utilize an ISO, test downloaded patches from “vendor” • How many people here actually check the hashes? • Vendor infected distribution – Sony/BMG rootkit, Dell firmware, Stuxnet anyone? – Even bigger issue in the cloud? snapshots, most software from linked locations, ISOs difficult to load/use Provenance – Provide contextual evidence for its original production or discovery, by establishing the sequences of its formal ownership, custody, and places of storage Pedigree – A document to record ancestry Known “good” software/updates/distributions – Trusted Broker service • Define your repositories for Linux updates – i.e. spacewalk.redhat.com; www.pulpproject.org
  22. 22. 2 2# ¾ - TRUST Not looking for a Boy Scout – Do need transparency: • Cost savings? Pass a portion on to customer • Sticky services? Advise on implications ahead of time • Unmitigated security risks? Come to terms and offer alternatives, even if another vendor – Most of us are in business – It is your reputation Value the relationship for the long run – Quick sale/qualifier might damage reputation if not executed successfully
  23. 23. 2 3QUESTIONS Jon-Michael C. Brook brook_jon-michael@bah.com @jonmichaelbrook www.linkedin.com/in/jonmichaelcbrook
  24. 24. 2 4HOW TO CREATE A NEW POLL
  25. 25. 2 5HOW TO CREATE A NEW POLL

×