Guide to Networking Essentials 8th Edition by Greg Tomsho solution manual.doc
Luis lima v3
1.
2. Cloud Computing Defined
NIST
“Cloud computing is a model for enabling convenient, on-demand network
access to a shared pool of configurable computing resources (e.g., networks,
servers, storage, applications, and services) that can be rapidly provisioned
and released with minimal management effort or service provider interaction.”
GARTNER
“A style of Computing where
massively scalable, IT –enabled
capabilities are provided “as a
service” across the internet to
multiple external customers”
3. Cloud Computing Vantages
Reduced • Cloud technology is paid incrementally, saving
Cost organizations money.
Increased • Organizations can store more data than on private
Storage computer systems.
Highly • No longer do IT personnel need to worry about keeping
Automated software up to date.
• Cloud computing offers much more flexibility than past
Flexibility computing methods.
More • Employees can access information wherever they are,
Mobility rather than having to remain at their desks.
Allows IT to • No longer having to worry about constant server updates
and other computing issues, government organizations
Shift Focus will be free to concentrate on innovation.
4. What is IT Service Management (ITSM)?
The origin of the term is generally unknown, but it has been in mainstream
use during the 1990s, historically it has been associated with the introduction
of, or improvement of existing IT operational practices through the adoption
and adaptation of industry “best practices”
ITIL® defines ITSM as, “The implementation and management of quality
IT services that meet the needs of the business...”
Wikipedia defines IT Service Management as, “a discipline for managing
information technology (IT) systems, philosophically centered on the
customer’s perspective of IT’s contribution to the business...
IT Service Management is also the term commonly used to describe the
process centric effort of transforming an IT organization from one focused on
managing the IT infrastructure, to managing the provision of information
system services.
5. ITIL Service Management v2
ITILv2 – 10 processes
Support
Service
Incident Problem Change Configuration Release
Management Management Management Management Management
5 Processes and a function (Service Desk)
Delivery
Service
Service Level IT Financial Availability Capacity IT Continuity
Management Management Management Management Management
5 Processes
7. ITIL Service Management v3
ITILv3 – 5 books and 27 processes
Service Service Service Service Cont Service
Strategy Design Transition Operation Improvement
Service Transition
Demand Event Service
Catalog Planning &
Management Management Measurement
Management Support
Strategy Service Level Change Request Service
Generation Management Management Fulfillment Reporting
Service Asset & Incident Service
Capacity
Portfolio Configuration Management Improvement
Management
Management Management
Release & Problem
IT Financial Availability
Deployment Management
Management Management
Management
Service Service Access
Continuity Validation & Management
Management Testing
Information
Security Evaluation
Management
Supplier Knowledge
Management Management
Processes
Processes ITILv3 Processes ITILv2
ITILv2 + ITILv3
8. Core IT Management Disciplines Have Not Changed
ITIL for the Organization lTlL. for the Cloud Provider
Service Architect service solutions by Identify services provided, their value
Strategy piecing together Cloud service and costs, demand management is key
providers and their service for providing on-demand services
offerings
Service Focus on integrating and securing Bundle service packages for
Design services from suppliers consumption
- capacity management key to disruption
free, on-demand delivery.
Service Manage and control a complex mix Provide customers with easy, smooth
Transition of releases /changes across a wide and state ways to transition and access
range of suppliers varying provided services
schedules and priorities
Service Ensure expected value is being Ensure that expected value is being
Operation delivered, and service disruptions delivered and that services are not
responses are coordinated across disrupted
suppliers
Continual Provide the needed transparency Provide a means for staying ahead of
Service of results and coordinated competition and gauging customer
improvement improvement efforts across many satisfaction or business will be lost
providers.
9. Service Strategy
Process Purpose
Strategy Generation Identify the IT services, investments partners and
delivery channels to meet customer needs and
outcomes
Service Portfolio Manage the investment portfolio of all the services
Management avaiable to customers and users
Demand Identify patterns of bussiness activity that consume
Management services and manage activities to influence demand.
IT Financial Management accounting and chargeback for IT
Management services
10. Service Strategy
Questions
What Cloud Operating Model(s) will be used?
What elements of services will be placed in the Cloud?
Which service partners will we utilize?
Who are my customers and what are they needs?
What services will need to be provided?
How will business demand consume services?
11. Service Strategy
Input Output
Organizational Strategic Asset
Strategic capability Service
Objectives Drive Business Strategy
Define market space value
Additional
enterprise
stakeholde
Cloud
rs
Services
Cloud Computing will not change The strategic objectives
or the market spaces of a service
12. Service Strategy
Input Output
Provide
understanding
Cloud
of business
providers needs
Measure and
compare
supplier
performance
Align
Valued
contracts
Service
with
Partner
business
needs
Maximixe Return of Investment
(ROI) by selectin the right provider
13. Service Design
Process Purpose
Service Catalog Publish manage and communicate which services are available to
Management customers and users
Service Level Negotiate, monitor, report and measure SLA and OLAs
Management
Availability Define, measure, analyze and improve the availability of services
Management
Capacity Ensure appropriate infrastructure capacity in place to meet service
Management demand volumes
Information Protect the confidentiality, integrity and availability of services
Security
Management
IT Service Ensure services can be recovered in the event of a major business
continuity disruption
Management
Supplier Ensure suppliers support the needs of the business and meet their
Management contractual obligations
14. Service Design
Questions
How will services be bundled and packaged for consumption?
What SLAs and OLAs will be needed to meet business objectives?
How will we ensure availability of services in the event of a major business?
How will we secure our services and data across the Cloud?
What supplier agreements and contracts need to be in place?
How will we communicate available services to the business?
What capacity needs to be in place to meet business demand?
How will services integrate and sit on the Cloud Operating Model?
15. Service Transition
Process Purpose
Transition Plan and coordinate activities for transitioning services to te live
Planning and production environement
Support
Change Protect services while changes are being made
Management
Release and Manage releases and their deployment to live production
Deploy
Management
Service Asset & Maintain information about configuration items used to support
Configuration services and their relationships
Management
Service Validate that new services and changes will match design and
Validation and business objectives
Testing
Knowledge Gather, analise, store and share knowledge to reduce the need for
Management rediscovery of information
Evaluation Ensure a service will meet intended business objectives when it is
transitioned
16. Service Transition
Questions
How will services be transitionet to a live production state?
How will changes be managed across providers?
How will releases and deployments be coordinated across providers?
How will we test services across providers?
What operating information should we retain across providers?
17. Service Transition
Input Output
Cloud Organization
Providers
Change R A, C
Change Planed
Management
Requests Changes
Support
RFC C R
classification
Change R C
Scheduling
R- Responsible Cloud
A- Accountable Services
C- Consulted
I- Informed
Cloud Computing will not change The strategic objectives
or the market spaces of a service
18. Service Operation
Process Purpose
Incident Restore an IT service to normal state operations as quiet as
Management possible
Problem Prevent incidents from happening or minimize their impacts
Management by identifying their root causes
Event Manage operational events and communicate them to
Management apropriate parties for further action
Access Ensure only authorized users are allowed access to
Management services
Request Manage the lifecycle of all service requests
Fulfillment
19. Service Operation
Questions
How will incidents and problems be managed across providers?
What events need to be generated and visible across and between
providers?
How do we ensure only autorized users have access to services?
How will we prioritize and coordinate user service requests that may
need proviser involvement?
How will we coordinate operational control activities across providers?
20. Continual Service Improvement
Process Purpose
7step Measure services to proactively identify opportunities for
improvement improvement
Service Produce and communicate reports for achievements and
Reporting trends against service levels
Service Put appropriate metrics into place that provide information
Measurement for proactive decision making
Questions
What key measurements will be needed to ensure services are working
across the Cloud?
What measurements should be taken by suppliers to ensure service
objectives will be met?
What information and reports will we require from our providers?
How will we work with our providers to proactively improve services?
21.
22. Paradigm Shift
Consistensy
Share & Reuse
Security & Privacy
Customizability
Control Cloud
On-Premisses Economy of Scale
Easy of Provisoning
Global reach
Partitioning & Redundancy
Scalability & Availability
27. SLA - Internal Computing
The Business
User SLA
SLA
Custumer
Service Desk
Business
Relationship
Management
Internal IT
Service
Support
OLA
Operational
Organizations
OLA
Service
Delivery
28. SLA - Cloud Computing
The Business
User SLA
SLA
Custumer
UC
Service Desk
Business
Relationship
Management
Internal IT
Cloud Provider
Service Service Desk
Support Service
OLA
Support
Operational
Organizations Operational
Business Organizations
Relacionshiop
OLA
Service Management
Delivery Service
Delivery
Suplier Management
29. Legal, Regulatory and/or Compliance Issues
Liability
• What recourse actions (e.g., financial compensation, early exit of
contracts, etc.) can we agree on in the event of a security incident
or failures to meet SLAs?
• What conditions under which. . .?
Intellectual Property
• Can we stipulate in the SLA that all my data (or applications), including all
replicated and redundant copies, are owned by me?
• Ensure your service agreement does not lead you to relinquish any IP
rights
• Scrutinize the language in the terms of service that governs the
ownership of and rights to information that you place in the cloud.
30. Legal, Regulatory and/or Compliance Issues
Business Continuity / Disaster Recovery
• Do you have any DR and BC planning documents, and can we review them?
• Can we do a BC audit?
• Where are your recovery data centers located?
• What service-level guarantee can you offer under DR conditions?
Logs and audit trails
• Can they accommodate timely forensic investigation?
• How do we access logs and audit trails?
• How long do you keep logs and audit trails?
• Can e have dedicated storage of logs and audit trails, how?
• Show evidence of tamper proofing for logs and audit trails
31. Legal, Regulatory and/or Compliance Issues
Specific compliance requirements
• Are your data centers under local compliance? If so,
which ones?
• Do the local compliance requirements violate our own?
• Are you SAS 70-compliant (if applicable)?
• Are you ISO 27001-compliant (if desired)?
• Can you prove that you are compliant for:
• PCI?
• S0X?
• HIPAA?
32. Security Concerns
It recently found a flaw that inadvertently shares
users’ docs (March 2009).
A Salesforce.com employee fell victim to a phishing
attack and leaked a customer list, which generated
further targeted phishing attacks (October 2007).
It lodged a formal complaint to the FTC against
Google for its privacy practices (March 2009).
EPIC was successful in an action against Microsoft
Passport.
33. Security Concerns
Data Protection
• Data segregation
• How do you separate my data from other customers?
• Data-at-rest protection
Were do you store my data?
Encryption and data integrity
Access control and authentication
Is there documentation for auditors?
• Data-in-motion protection
How do you transfer data from one place to another?
Can any third party access my data (your SPs). and how?
Can you ensure all my data is erased at the end of service?
Vulnerability Management
• Show evidence of your Vulnerability management program.
• How often do you scan for vulnerabilities?
• Can I conduct an external vulnerability assessment on your network?
• What’s your vulnerability remediation process?
34. Security Concerns
Personal and physical security
• Do you have restricted and monitored access to critical assets 24x7?
If dedicated infrastructure is desired, ensure that it’s isolated.
• How often do you scan for vulnerabilities on your network and
applications?
• Do you do background checks for all relevant personnel? How
extensive? SAS 70, ISO 27001.
Application Security
• Do you follow OWASP guidelines for application development?
• Do you have a rigorous testing and acceptance procedure for outsourced
and packaged application code?
• What about third-party apps (components) used in your services?
• What application security measures (if any) do you use in your
production environment (application-level firewall, database auditing)?
35. Security Concerns
Incident Response
• What is your procedure in handling a da breach?
Can notification occur within a specified time period?
In what form at do notifications go out? What info do they contain?
• Can you ensure that vendors incidence response procedures do not violate
our own requirements?
Identity Management
• Can you integrate directly with directories, and how?
• Review the architecture of integration.
• Ensure it doesn’t create a security risk for my own infrastructure.
• If not, how do you secure user IDs and access credentials?
• If not, how do you handle user provisioning?
• Can you support single sign-on (SSO), and which standards?
• Can you support federation, and which standards?
36. Commitment
End of Service Support
• Specify what the cloud vendor will deliver at the end-of-
service period:
• Will data be packaged and delivered back to me? If so,
in what End-of-service format?
• How soon will I have all my data back?
• Will any remaining copies of data be erased completely
from your network? If so, how soon will it happen?
• Specify any fees that may incur at the end of the service.
37. Lack of SLAs
Make sure any framework compliance requirements
(i.e. Federal Enterprise Architecture, SOA, etc.) are
documented and agreed within the Contract.
Include a formal Change Control process in the
Contract and declare the cloud provider’s architectural
framework within the scope of the Change Control.
Treat cloud provider contract as you would an
underpinning contract.
Document expected service levels, audit process and
reporting requirements.