becomming a cloud governance ninja linthicum interop fall 2013
DESCRIPTION
TRANSCRIPT
© 2013 Cloud Technology Partners, Inc. / Confidential
1
[email protected] / Senior Vice President
Becoming a Cloud Governance Ninja
© 2013 Cloud Technology Partners, Inc. / Confidential
2
Geek Level
Your Grandparents whoare still using AOL
That guy who can convertyour name to Hex
© 2013 Cloud Technology Partners, Inc. / Confidential
3
The business benefit of cloud governance is clear.
Introduction
Combine the value of governance with the value of leveraging cloud computing in general and the core benefits of cloud governance become even more tangible:
• Faster time to market
• Operational cost savings
• Ability to expand elastically
• Ability to better secure and control your business assets
As we move from simple, single cloud solutions, to complex multicloud implementations, the need for governance becomes much more apparent. We’ll explore:
• What is the real value of cloud governance?
• The rise of multicloud and the use of governance
• Best practices and top emerging technologies
• Step-by-step governance process to ensure a successful deployment
© 2013 Cloud Technology Partners, Inc. / Confidential
4
What is Multicloud?
© 2013 Cloud Technology Partners, Inc. / Confidential
5
The Promise of Multicloud
On site
Hosted
Public
Source: HP
© 2013 Cloud Technology Partners, Inc. / Confidential
6
Cloud Maturity Model
Orchestrate
Automate
Virtualize
Combine
Standardize
Time
• Lower cost• Consistent use of technology• Enhanced performance• Reduced complexity
• Normalize assets• Increase efficiency• Improve management• Improve governance (non-automated)
• Lower cost• Delayed provisioning • Improved resource management and utilization• Moving to centralized control• Initial use of services
• Lower cost• Self provisioning• Automated governance • Adaptable security• Improved user experience• Service oriented
• Dynamically aligned to the business
• Self adapting• Automated governance
and security• Enhanced business agility
Cloud Innovator
Cloud User
Preparing for Cloud
Bu
sin
ess
Val
ue
© 2013 Cloud Technology Partners, Inc. / Confidential
7
Characteristics of a “World Class” Cloud
Consumers Want
Elasticity & Scalability
Control
Productivity
Agility
Cost
• Flexible resource configurations• Dynamic scale-up / scale-down of resources • Seamless support of multiple clouds• Flexible resource quotas
• Role based access controls• Comprehensive monitoring and logging• Image Lifecycle Management• Integration into Incident, Change, Patching Management
• Common Self – Service Provisioning Portal into all cloud end points• Robust Service Catalog meets all of customer cloud needs • End to End Automation• Supported APIs allowing the applications and data sources to communicate with one another
• Self – Service Resource Provisioning• Rapid Elasticity• Capacity on Demand insures resources are always available• Rapid disaster recovery – Active / Active application support• Seamless support for different endpoints
• Metering and Chargeback• Pay as you go• Consumption based • Reliable asset tracking and usage reporting
Providers Deliver
© 2013 Cloud Technology Partners, Inc. / Confidential
8
• So, what is a multicloud? Think something more complex than a hybrid cloud, which is typically a paired private and public cloud. Multicloud is more clouds added into the mix, perhaps two or more public IaaS providers, a private PaaS, on-demand management and security systems from public clouds, private use-based accounting…you get the idea.
• This is really where we have all been headed in the last few years, creating solutions from a complex set of best-of-breed private and public cloud computing services. This is much the same process as when we moved to complex distributed internal systems in the past. We built what we needed by integrating various technologies to form the business system to meet our exact requirements. This is no different; it just uses cloud-based technologies.
Multicloud
© 2013 Cloud Technology Partners, Inc. / Confidential
9
Why cloud governance?
© 2013 Cloud Technology Partners, Inc. / Confidential
10
The Idea is to Place Control and Automation Into a Domain
© 2013 Cloud Technology Partners, Inc. / Confidential
11
Se
cu
rity &
Ide
ntity
Ma
na
ge
me
nt &
Se
rvic
e G
ov
ern
an
ce
Data
Data Services/Abstraction
Transactional Services
Process Management (BPMS) Composites/Portals
Monitoring and Management
Rules Management
Reference Architecture
© 2013 Cloud Technology Partners, Inc. / Confidential
12
1. Governance
2. Regulatory Compliance
3. Security & Identity Management
4. Business Continuity
5. Process and Services
6. Data Management
7. System Integration
8. Resource Skills & Knowledge
9. Application Readiness
10. Network Readiness
Enterprise Vulnerabilities - Assess your Risks
COMPLEXITY OF MITIGATING RISK
RIS
K T
O O
RG
AN
IZA
TIO
N
12
5
34
6
7
8
9
10
© 2013 Cloud Technology Partners, Inc. / Confidential
13
“as-is”
© 2013 Cloud Technology Partners, Inc. / Confidential
14
“to be”
© 2013 Cloud Technology Partners, Inc. / Confidential
15
Deploy
© 2013 Cloud Technology Partners, Inc. / Confidential
16
Enterprise data center
Enterprise data center
Private cloud Hosted private cloud
Managed private cloud
Enterprise
Shared cloud services
EnterpriseA
EnterpriseB
Public cloud services
A
Users
B
Third-party hosted and operated
Third-party hosted
Private Implemented
on client premises
Client runs/manages
Third-party operated
Enterprise owned
Mission critical Packaged
applications
Third-party owned and operated
Standardization Centralization Security Internal network
Mix of shared and dedicated resources
Shared facility and staff
Virtual private network (VPN) access
Subscription or membership based
Shared resources Elastic scaling Pay as you go Public Internet
Corporate Firewall
Source: Jimmy Mills, IBM
Consider the Emerging Architecture – and this could be for multiple cloud providers
© 2013 Cloud Technology Partners, Inc. / Confidential
17
Cloud Governance Solutions
© 2013 Cloud Technology Partners, Inc. / Confidential
18
The Basic Idea
© 2013 Cloud Technology Partners, Inc. / Confidential
19
Cloud Governance Technology
Cloud Service/API Governance
Runtime (Automated)
Service
OrientedSecurity Oriented
Design-Time
Cloud Management Platforms
Active (Automated)
Operations Oriented
Development Oriented
Passive
Provider Native Governance and Management
Active
Provisioning Security Management
Passive
Types of Cloud Governance Solutions
© 2013 Cloud Technology Partners, Inc. / Confidential
20
Cloud Governance is the Center of it All
MethodologyKPI &
Monitoring
Lifecycle Process Certification
QoS
Standards Technology
Portfolios IncentivesRules &Resp.
People Competency
Organization
Tools
CloudGovernance
© 2013 Cloud Technology Partners, Inc. / Confidential
21
A CMP enables Enterprises to manage many clouds as one
my network
my serversmy storage
Public Clouds Public/Private Clouds
CONFIGURATION AUTOMATION GOVERNANCE GLOBAL SERVICES
Internal DC
my serversmy storage
BARE METAL
Cloud Management Platform
IT ORGANIZATION
© 2013 Cloud Technology Partners, Inc. / Confidential
22
A Cloud Management Platforms (CMP) is an integrated suite of tools that provides automated management of public and private cloud environments. CMPs facilitate the operation and build out of cloud services by eliminating the need for cloud silo specific interfaces and end user knowledge of cloud underpinnings.
• CMPs provide capabilities including:– Self-service interfaces for
• Operations
• Monitoring
• End User requests
– Image provisioning
– Metering and billing
– Workload optimization via
• Policies
• Workflow
• Roles Based Access Control (RBAC)
What is a Cloud Management Platform
© 2013 Cloud Technology Partners, Inc. / Confidential
23
RuntimeGovernance
Repository Logs
Policies
Policies
Monitoring
Service Governance is Policy-Driven
© 2013 Cloud Technology Partners, Inc. / Confidential
24
Create a Governance Model
Defined Policies
Defined Policies
Define Policies
Design Policies PolicyDesigns
PolicyDesigns
Implement Policies GovernanceModel
GovernanceModel
ProcessModel
ProcessModel
InformationModel
InformationModel
ServiceModel
ServiceModel
© 2013 Cloud Technology Partners, Inc. / Confidential
25
Gartner’s Cloud Management Platform Reference Architecture
Access Management
Service Management
Service Optimization
Resource Management
Resources
Cloud API
Clou
d M
anag
emen
t Pl
atfor
mCl
oud
Impl
emen
tatio
n
•Self-service interface•Identity management
•Service catalog •Service provisioning
•Service governor •Service orchestration
•Resource configuration management •Resource monitoring
•Resource pools•Virtual and physical resources
Source: Gartner, “How to Build an Enterprise Cloud Service Architecture,” March 5, 2012
© 2013 Cloud Technology Partners, Inc. / Confidential
26
• This problem has not gone unnoticed • All of the major software companies have offered solutions • New vendors have entered the market, most of them from the pure cloud perspective • Vendors typically have an application or Infrastructure focus and have expanded from
point solutions
Vendors Rush in
© 2013 Cloud Technology Partners, Inc. / Confidential
27
Policy
Policy
Policy
Policy
Go
vernan
ce / Secu
rity
Single consolidated control point for governance, orchestration, and delivery
Applications
Regulatory compliance policies
SLA policies including autoscaling
Configuration mgmt policies
Security zones policies
Lifecycle event policies
Orchestration policies
Access control/entitlement policies
Workload placement policies
VM quotas and scheduling
Metering/charge back policies
Backup and failover policies
Resource capacity policies
Storage tier policies
Much more…
Roles
Rights & Permissions
Projects Orgs
Network Compute Storage
OS & OS Config.
SOE Agents/Util
Security and Environment Config.
Code/Artifacts
Infrastructure & SOE
Platforms
Services
Topologies/Config
App Config.
Application Components
Cloud Management Platform
© 2013 Cloud Technology Partners, Inc. / Confidential
28
a
A Cloud Management Platform provides automation and governance across the application development lifecycle
Use policies to provide both consistency and
customization:
Customize Environment Dev Security zone Dev VM quotas Dev charge back Public cloud permitted No autoscaling No failover
Customize Environment QA Security zone QA monitoring QA autoscaling Private cloud only QA backup/failover
Customize Environment Prod Security zone Prod monitoring Prod auditing Prod autoscaling Private cloud only Prod backup/failover
…And Enforce Consistency SOE packages App topologies Reg. compliance
Policy Controlled Consistency
Policy Controlled Customization
Dev Blueprint
QA Blueprint
UAT Blueprint
Code Code
…And Enforce Consistency SOE packages App topologies Reg. compliance
…And Enforce Consistency SOE packages App topologies Reg. compliance
© 2013 Cloud Technology Partners, Inc. / Confidential
29
Ask by email / [email protected] / www.cloudtp.com
Questions?