The Big Decision – What, when, and why?
Enterprises are aware that the Cloud is changing IT, but security and performance remain a concern. Each cloud model has potential risks: reliability, adaptability, application compatibility, efficiency, scaling, lock- in, security and compliance. Companies must select an enterprise cloud solution to suit a complex mix of applications; these decisions require great care. Uni Systems’ Uni|Cloud was built to be enterprise class. The essential reason that many businesses today are using Uni Systems Cloud for their enterprise IT, is because it offers the only enterprise-class cloud solution in the Greek market, designed for mission-critical applications, coupled with application performance SLAs and security built for the enterprise, combined with cloud efficiency and consumption-based pricing/chargeback.
Scanning the Internet for External Cloud Exposures via SSL Certs
The most trusted, proven enterprise-class Cloud:Closer than you think
1. The most trusted, proven enterprise-class Cloud:
Closer than you think
Antony Cassano, ITS Department Manager
2. IT needs to become smarter … get new choices
• Some use the word “Cloud” to describe
new consumption and delivery models
• Regardless of terminology, it is clear that
these new models are emerging for the
enterprise – even if they were first
inspired by consumer Internet services
• The current security & performance
requirements for enterprise cloud
implementations, create new choices of
cloud deployment models and types of
Cloud providers, with Cloud
integration, execution & operation
capabilities
3. What is an Enterprise Class Cloud?
3
Is it just another cloud with a marketing spin?
Absolutely not!
Replaces while
delivering the
benefits of a
cloud-based
approach —
multi-tenant
isolation,
on-demand
delivery, and
dynamic scale
An Enterprise
Class Cloud, is
designed to
meet or exceed
the
security, perform
ance, and
business SLAs
of infrastructure
4. Potential Customer Profiles
• Internal cost awareness
• Focus on business, not IT
• Modern (non legacy) business
applications
• Staff need application and/or
desktop access BYOD, Mobility
• Flexibility a priority
• Interested in latest technologies
• Data security a priority
• Large IT staff
• Multiple or custom applications
• Staff/execs not interested in
anywhere, any device/SaaS/cloud
• Stuck to desk/old business ideas
• Slow to adopt technology
• Unaware of security issues
• Business Non aware of actual IT Costs
Today’s ideal customer
Today’s challenging
customer
6. Key attributes of an Enterprise Class Cloud
6
Enterprise-Class
Security
Business Continuity Assured
Performance SLAs
Complex
Network Routing
Compliance Resource Pooling
7. Security in the Cloud: Is it Pie in the Sky?
7
Why is cloud perceived to be insecure?
What are the real security risks?
What can be done to mitigate those risks?
8. Data security is of the highest importance
8
ee-quarters (77%) would rather host their data in a
but latent facility than in a facility that guarantees top
ess secure (9%).
my d ta” ranks
ngst all factors
y DMs when
osting provider,
rformance.
ecurity is of the highest
ance for CA and UK DMs
Factors Considered In Order of Importance
(Total Sample)
n-in-ten (69%) agree:
willing to incur latency to
ure data sovereignty.
”
2
Eight-in-ten (81%) say:
t is important to know
precisely where their data is
stored.
“Security of my data” ranks highest
amongst all factors considered by
DMs when selecting a hosting
provider, even over performance.
“Eight-in-ten (81%) say:
It is important to know precisely
where their data is stored.”
More than three-quarters (77%)
would rather host their data in a
highly secure, but latent facility than
in a facility that guarantees top
speeds but is less secure
“44% are confused by
privacy and security laws.”
US Patriot Act
*Survey prepared by March Communications January
2014, The Impact of the NSA on Hosting Decision Makers
in the UK and Canada.
“Further, despite companies’ strong
reaction to the NSA scandal, many say
that they don’t fully understand
current data laws, with 60% admitting
they don’t know as much as they
should about data privacy laws.”
9. Data the “crown jewels” asset
9
In addition to the intrinsic value of data to the Enterprise, there
are very frequently a number of regulatory issues to be
considered:
• Location of data
• Access to data
• Ownership of data: The US, the UK, and much of the EU have
divergent rules about ownership of data stored on corporate
networks
• Intellectual property laws: protection of intellectual property
varies widely from jurisdiction to jurisdiction.
• Privacy and confidentiality laws: authorities in different
jurisdictions take widely different views of the degree of
privacy and confidentiality.
10. Questions that the Enterprise must consider
10
• Can I audit the service provider at any time, or only by prior
arrangement?
• Who, other than employees of my company, will have access to the
data and what kind of access will it be?
• How long will the recovery process take and who is responsible?
• What kind of tools are available for me to audit the cloud provider‟s
handling of my data?
• How and when will the data be backed up?
• Who is responsible for initiating the recovery process when data is
lost?
• Does the service provider have the certifications typical for a
provider of such services (especially ISO9001 and ISO27001)?
• Transparency
11. Cloud provider should have ready answers
11
• Where are your data centers physically located?
• Which data center(s) will be used to store my data?
• Where will my backups be stored?
• Will my data be replicated to a remote location? If so, where?
• If my data is replicated remotely, will I be able to resume
processing from there in the event of a complete data center
outage? If so, in what timeframe?
• What is the network architecture (a) between customers and the
cloud? And (b) between cloud data centers?
• Are all the data centers in the cloud owned by the provider? If
not, who owns them and what else is processed in those data
centers?
12. 12
While there are many more questions to be asked, a cloud
provider that cannot or will not share the answers to this sort
of question is unlikely to be an appropriate partner for
mission critical production workloads
So what is Uni Systems doing to mitigate those risks?
Looking forward
13. Uni|Cloud : Enterprise Class Transparency Cloud
13
• Transparency
• Reliability
• Trusted Advisor
• Strong market partnerships
• Synergies
• Business Development
• Security/Legal/Compliance
14. Uni Systems Secure Cloud Services…
Built with Reliability in mind
ISO 27001:2005
•Hosting Services for Information and Communication Technology (ICT) equipment and high-availability office facilities in the
Company’s Data Centre
•Cloud Services including Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS)
•Professional Services including the design, installation, administration and technical support of ICT
15. Reliability of Operations
People Security Aware
NDA Agreement
Processes Business Continuity
Mgmt
Availability Management
Professional Services
Background checked
Operational & Change
Control
Managed Backup
Access Control Mgmt
SLA Mgmt
Monitoring
Secure Information
exchange
Audit Logging
Quality Assurance
Data Deletion Mgmt
16. Uni|Cloud : Private Compute-as-a-Service
17
Our Customers can take advantage of our hybrid cloud capabilities, blending
multi-tenant cloud with private cloud and traditional management services,
all in a single solution
• Enterprise Performance
• Availability SLA (end to end)
• Industry standard technology including (Microsoft, Citrix, HP, EMC, Cisco)
• Enterprise Security and Compliance
• Full logical Isolation between tenants
• Virtual Private Clouds with user-determined public internet connectivity
• Unique customizable network & WEB application firewalls for security
• VPN admin for all equipment
• Role based permissions, Audit logs for environmental changes
17. Uni|Cloud : Private Compute-as-a-Service
18
• Fully managed Service
• Comprehensive, ongoing management of the entire private
cloud
• Management of the underlying Oss, Virtualization
stacks, hardware
• Uni Systems Data‟s management process for Cloud
availability and performance
• Ongoing software lifecycle management
• Uni Systems multipoint root cause analysis monitoring
system (systems, applications, network and the overall user
experience 24x7x365 to ensure the highest possible uptime
and performance
18. Cloud Integration
19
• Migrating enterprise applications to the cloud starts with a
comprehensive strategy, but success is only achieved through
detailed planning and strong technical execution
• Uni Systems provides comprehensive professional services
geared to help enterprises migrate applications to the cloud
• Capitalizing on numerous real world, production, enterprise
deployments, we understand that cloud computing typically
represents as significant an operational challenge as a
technical one
Define Analyse Design Develop Test Deploy Manage
19. Enterprise-Cloud Focused Development
20
• Realizing the full potential of a modern cloud computing environment
requires a thorough understanding of an application, from the operating
system all the way up the application stack
• Uni Systems„ Cloud Application Development Services team possesses
deep experience
• Our team has developed, customized, and deployed hundreds of
applications based on various open source and proprietary MVC
frameworks and Content Management Systems (CMS).
20. Cloud Strategy
21
• Critical Path Questions Addressed:
– What cloud strategy should I adopt to transform my environment over
time?
– Which applications should I put in the cloud and what benefit would I
gain?
– How do we migrate our applications?
– What cloud solution is best for our requirements?
– How can we secure and backup our data?
– How can we create a Disaster Recovery strategy?
– How well prepared is our organization to support cloud?
– How and when should we integrate SaaS applications?
– How do we monitor and manage a cloud?
Uni Systems Cloud Assessment workshop
21. The alternative path: Application or Platform domain
selection
22
A single or a few initial domains could be “fast- tracked” through the
above process, while it takes place at a more measured pace for the rest
of the environment :
• Identify suitable target applications or services in the current
landscape, identify and address the governance and risk issues;
• Build a business case
• Architect the change in the business application landscape
• Develop new forms of availability/continuity/ contingency
management processes to handle the new delivery model;
• Implement an acceptance environment
• Ensure that the knowledge gained is captured for use elsewhere.
22. Uni|Cloud Portfolio
Uni|Apps
Cloud on demand Apps
Uni|Desktop
Desktop as a Service
Uni|On-Board
Cloud on Boarding
Uni|Root
Monitoring as a Service
Uni|Vault
Backup & Business
Continuity as a Service
Uni|Workplace
Test & Development environment
as a Service
Uni|DBaaS
RDBMS as a Service
Uni|MaaS
Middleware as a Service
Uni|E-Invoicing Uni|HCMaaS
Human Capital Mangmt as a Service
Uni|PAYaaS
Payroll as a Service
Uni|Cloud- IaaS
Uni Systems Next Generation
Hybrid Enterprise Cloud
Storage –TBA
Uni|Cloud- SaaS
Uni|Cloud- PaaS
24. Success Story #2 : Uni|Desktop as a Service
• Complete hosted experience
• Any device, anywhere
• Integrated apps on-demand
25. DaaS: More Than Just a “Desktop”
Microsoft Office & Email &Lync
Anti-Virus
Hosted Desktop
Hosted Desktops
Multi-AppSSO(Receiver)
DeliverytoAnyDevice
SessionPortability
BusinessContinuity
DataSecurity,Sovereignty
High-DefUserExperience
Added-Value for
Hosted Apps/Desktops
LoB&VerticalApps
Hosted a la carte Apps
Mobile Device
Management
Cloud Data Storage
Additional
Hosted Services
27. 28
• Compliant with the Greek Legislations
• Automates & Improves the invoicing procedure
• Secure / Trusted transmission and receipt of invoices
• It informs the sender when the recipient downloads or open the invoice
• Centralized invoice management
• Can be applied to all issued invoices
• Reduces the traditional invoicing cost for B2B transactions
- Printers Operation & Consumables
- Archiving Infrastructure
- Archiving / Retrieval Procedure
- Preparation & Postal Services
- Management
Success Story #3: Uni|e-Invoicing
28. Uni|Cloud success stories
Customer Type of Services
Major Financial Institution Disaster Site Hosting, Operations room
Major Shipping Organizations VDR, BCP, Multi hop, Uni-Desktop
ISP White labeling engagment
Media PaaS
Governmental Institution (EU) PaaS, PCaS
Manufacturing VDR, Uni-Desktop
More than 6 Financial Institutes PAYroll as a Service
Major ISV Provider PCaaS PCI Class
Key Attributes of an Enterprise Class Cloud when Compared to a Commodity Public CloudEnterprise-Class SecurityEnterprise Class Cloud security must meet (or exceed) existing enterprise security standards. In a cloud environment, this means additional protections must be put in place to isolate sensitive information in shared environments. Cloud Infrastructure must be designed so that only well-known users and systems have visibility. Business entities must be screened and vetted as legitimate prior to gaining access to the cloud. Assured Performance SLAsApplications require compute, storage, and network resources to process data and interact with other workloads across the corporate landscape. When resources are unavailable due to contention on a shared system, it typically has a very negative impact on the end user's experience. This is especially true of limited resources like storage I/O or network bandwidth, and usually rears its ugly head with highly transactional and mission-critical applications. Enterprise Class Clouds must ensure the application quality of service so that critical workloads are never compromised by the requirements of lower priority workloads on the same cloud. Complex Network RoutingOnce a trusted network is connected to the Enterprise Class Cloud, the client should be able to manage its networking, whether physical or virtual. Enterprise customers require extensive domain management up to, within, and across nodes of an Enterprise Class Cloud. This allows for a "virtual" extension of the trusted network all the way to the virtual machines and storage resources assigned to the client - enabling a trusted hybrid cloud. ComplianceBusiness applications are typically subject to regulations and audits, whether driven by statutory, industry, or corporate governance requirements. Resource PoolingCIOs and IT Directors typically serve many masters. They're under pressure to deliver the efficiency of shared resources and cost savings. Within an organization, business leaders have individual budgets for funding both new initiatives and ongoing activities. In order to properly account for costs and efficiency across departments, an Enterprise Class Cloud needs to be able to group and charge workloads by both functional and physical pools. Enterprises and departments should also be charged only for what they actually use - in small time slices. This should be independent of virtual machines, as budgets are set by business result, not by the allocated virtual machine. Business ContinuityCorporations are obligated to consider the implications of recovering from equipment failure or disaster.
Location of data: in many countries, financial data must physically remain at all times within the jurisdiction of the relevant regulatory authorities. • Access to data: only certain people may have access to sensitive personal and financial information, and this access must be monitored and logged such that it is auditable at all times. • Ownership of data: The US, the UK, and much of the EU have divergent rules about ownership of data stored on corporate networks. In the US, it is generally the case that the company owns all data created by its employees and stored on corporate systems, while in France, the reverse is true. Thus if a French company stores employee emails on a server in the US, and is subsequently subpoena’d by the authoritiestoprovideaccesstothatdata,itisguiltyofanoffenceinFranceifitreleasesthedata,and guilty of an offence in the US if it does not. • Intellectual property laws: protection of intellectual property varies widely from jurisdiction to jurisdiction. A company accustomed to operating within the IP framework of the EU who stored sensitive information about new products on servers in certain Asian or African countries might have little recourse when it found imitations of those products being locally produced as soon as the original product was launched. • Privacy and confidentiality laws: as the recent spate of regulatory actions against the makers of a popular business smartphone has shown, authorities in different jurisdictions take widely different views of the degree of privacy and confidentiality that an enterprise can assume when its data is in transit 3 .
Given the range and complexity of the data-related concerns outlined in the previous section, it is evident that the number one concern of any enterprise migrating to the cloud should be the location of its data. But knowing where the data is physically stored is only the first step in ensuring that it is secure. There are a number of other questions that the Enterprise must consider before storing data in the cloud: • How and when will the data be backed up? • Who is responsible for initiating the recovery process when data is lost? • How long will the recovery process take? • Who, other than employees of my company, will have access to the data and what kind of access will it be? • What kind of tools are available for me to audit the cloud provider’s handling of my data? • Can I audit the service provider at any time, or only by prior arrangement? Does the service provider have the certifications typical for a provider of such services (especially ISO9001 and ISO27001)? • Does the service provider have industry-specific certifications relevant to my industry (e.g. FISMA in the US, or NHS N3 in the UK)?
Physically separate each customer’s data onto separate physical disks, even if using virtual storage solutions Provide as a service all Security elements to securely logical separate VDC’s of our customers.Provides Secure remote access and one time password access to SystemsEnd to End Encryption to to selective Workloads or subsystemsOnly store that data in data centers known to and approved by the customer for that data Manage the back-up and/or replication of that data in a predictable manner, as set out in either published terms and conditions or a bespoke SLA Provide an advisory service as an integral part of the onboarding process to ensure that the customer’s security requirements are fully understood and reflected in the migration process and the deployment architecture Provide full audit capability at all times so that the customer can ensure compliance with the terms and conditions or the bespoke SLA.
Physically separate each customer’s data onto separate physical disks, even if using virtual storage solutions Provide as a service all Security elements to securely logical separate VDC’s of our customers.Provides Secure remote access and one time password access to SystemsEnd to End Encryption to to selective Workloads or subsystemsOnly store that data in data centers known to and approved by the customer for that data Manage the back-up and/or replication of that data in a predictable manner, as set out in either published terms and conditions or a bespoke SLA Provide an advisory service as an integral part of the onboarding process to ensure that the customer’s security requirements are fully understood and reflected in the migration process and the deployment architecture Provide full audit capability at all times so that the customer can ensure compliance with the terms and conditions or the bespoke SLA.
Unisystems offers a full complement of cloud strategy and professional services. Through these professional service offerings, we partner with your organization to provide expertise in selecting a cloud strategy, accelerate cloud adoption, simplify migration and design business-grade cloud architectures.
An alternative path: application domain selection As per the previous description of determining and deploying pilot applications to go to cloud, that approach can actually take place in parallel. A single or a few initial domains could be “fast- tracked” through the above process, while it takes place at a more measured pace for the rest of the environment Here the process would include: identify suitable target applications or services in the current landscape, including their need- ed interfaces;identify and address the governance and risk issues; build a business case;build a new service level management (SLM) capability to handle the new delivery model; architect the change in the business applica- tion landscape;develop new forms of availability/continuity/ contingency management processes to han- dle the new delivery model; implement an acceptance environment in the cloud context, to test usability;migrate the live environment, possibly per group of users; ensure that the knowledge gained is captured for use elsewhere.
Service providers (Citrix Service Provider’s) can easily deliver the power of hosted enterprise desktops and applications from the cloud to SMBs, offering them the services they want in a simple, pay-as-you-go model. Cloud-hosted Desktops-as-a-Service (DaaS) is a tremendous opportunity for service providers to expand beyond traditional service offerings—email, web portals, etc.—to a more comprehensive bundle built around the desktop that includes apps, data protection, IT services and business continuity. With DaaS, SMBs enjoy the same any device, anywhere freedom; high-definition computing experience and workshifting lifestyles available in the enterprise.Top benefits: Expand your business with a hosted virtual desktop, complete with office productivity and line of business appsWindows 7 experience with XenApp Hosted Shared Desktop scalability and cost ENTEPRISE-PROVEN INFASTRUCTURE delivers scalability, security and controlSIMPLE, AUTOMATED MANAGEMENT lowers administration costs and increases marginsHigh-definition, virtual computing for the best user experience on any device, anywhere
Desktop-as-a-Service (DaaS) is a complete hosted IT solution, available as a cloud service.Citrix Service Providers deliver DaaSas a comprehensive bundle of hosted desktops, apps, data and IT services. Before you think that “DaaS” is just a desktop, consider (a) It doesn’t JUST have to be a desktop(click) It can be about hosting apps separate from – or in addition to – a desktop(click) It can include added value services beyond what traditional physical desktops provide(click) It can include other added services such as data and Mobile Device Management
Why switch from traditional IT to the cloud?There are many reasons why organisations of all sizes and types are adopting this model of IT. It provides a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. Ultimately, it can save companies a considerable amount of money...Removal / reduction of capital expenditureCustomers can avoid spending large amounts of capital on purchasing and installing their IT infrastructure or applications by moving to the cloud model. Capital expenditure on IT reduces available working capital for other critical operations and business investments. Cloud computing offers a simple operational expense that is easier to budget for month-by-month, and prevents money being wasted on depreciating assets. Additionally, customers do not need to pay for excess resource capacity in-house to meet fluctuating demand.Reduced administration costsIT solutions can be deployed extremely quickly and managed, maintained, patched and upgraded remotely by your service provider. Technical support is provided round the clock by reputable providers like Unisystems for no extra charge, reducing the burden on IT staff. This means that they are free to focus on business-critical tasks, and businesses can avoid incurring additional manpower and training costs. IT giant IBM has pointed out that cloud computing allows organisations to streamline procurement processes, and eliminates the need to duplicate certain computer administrative skills related to setup, configuration, and support.Improved resource utilizationCombining resources into large clouds reduces costs and maximisesutilisation by delivering resources only when they are needed. Businesses needn’t worry about over-provisioning for a service whose use does not meet their predictions, or under-provisioning for one that becomes unexpectedly popular. Moving more and more applications, infrastructure, and even support into the cloud can free up precious time, effort and budgets to concentrate on the real job of exploiting technology to improve the mission of the company. It really comes down to making better use of your time – focusing on your business and allowing cloud providers to manage the resources to get you to where you need to go. Sharing computing power among multiple tenants can improve utilisation rates, as servers are not left idle, which can reduce costs significantly while increasing the speed of application development. A side effect of this approach is that computer capacity rises dramatically, as customers do not have to engineer for peak loads.Economies of scaleCloud computing customers can benefit from the economies of scale enjoyed by providers, who typically use very large-scale data centres operating at much higher efficiency levels, and multi-tenant architecture to share resources between many different customers. This model of IT provision allows them to pass on savings to their customers.Scalability on demandScalability and flexibility are highly valuable advantages offered by cloud computing, allowing customers to react quickly to changing IT needs, adding or subtracting capacity and users as and when required and responding to real rather than projected requirements. Even better, because cloud-computing follows a utility model in which service costs are based on actual consumption, you only pay for what you use. Customers benefit from greater elasticity of resources, without paying a premium for large scale.Quick and easy implementationWithout the need to purchase hardware, software licences or implementation services, a company can get its cloud-computing arrangement off the ground in minutes.Helps smaller businesses competeHistorically, there has been a huge disparity between the IT resources available to small businesses and to enterprises. Cloud computing has made it possible for smaller companies to compete on an even playing field with much bigger competitors. ‘Renting’ IT services instead of investing in hardware and software makes them much more affordable, and means that capital can instead be used for other vital projects. Providers like Unisystems take enterprise technology and offer SMBs services that would otherwise cost hundreds of thousands of pounds for a low monthly fee.Quality of serviceYour selected vendor should offer 24/7 customer support and an immediate response to emergency situations.Guaranteed uptime, SLAs.Always ask a prospective provider about reliability and guaranteed service levels – ensure your applications and/or services are always online and accessible.Anywhere AccessCloud-based IT services let you access your applications and data securely from any location via an internet connection. It’s easier to collaborate too; with both the application and the data stored in the cloud, multiple users can work together on the same project, share calendars and contacts etc. It has been pointed out that if your internet connection fails, you will not be able to access your data. However, due to the ‘anywhere access’ nature of the cloud, users can simply connect from a different location – so if your office connection fails and you have no redundancy, you can access your data from home or the nearest Wi-Fi enabled point. Because of this, flexible / remote working is easily enabled, allowing you to cut overheads, meet new working regulations and keep your staff happy!Technical SupportA good cloud computing provider will offer round the clock technical support. Unisystems customers, for instance, are assigned one of our support pods, and all subsequent contact is then handled by the same small group of skilled engineers, who are available 24/7. This type of support model allows a provider to build a better understanding of your business requirements, effectively becoming an extension of your team.Disaster recovery / backupRecent research has indicated that around 90% of businesses do not have adequate disaster recovery or business continuity plans, leaving them vulnerable to any disruptions that might occur. Providers like Unisystems can provide an array of disaster recovery services, from cloud backup (allowing you to store important files from your desktop or office network within their data centres) to having ready-to-go desktops and services in case your business is hit by problems. Hosted Desktops (or Hosted VDI) from Unisystems, for example, mean you don’t have to worry about worry about data backup or disaster recovery, as this is taken care of as part of the service. Files are stored twice at different remote locations to ensure that there's always a copy available 24 hours a day, 7 days per week.