WHITE PAPER

Hitachi Cloud Accelerator Platform

Accelerate Cloud Adoption and Deliver Actionable Business Intelligence Though Automation

By Hitachi Vantara

October 2019

2

Contents

Executive Summary 3

Overview 4

DevSecOps Principles 4

DevSecOps Services From Hitachi Vantara: Capability Development 5

Hitachi Cloud Accelerator Platform 6

Migration Accelerator 7

Deployment Accelerator 7

Assessment Accelerator 9

Test Accelerator 10

Dashboard Accelerator 12

Managed Cloud Capabilities 12

Managed Cloud Capabilities Perspective 13

Hitachi Cloud Patch and Vulnerability Management Pipeline 13

Managed Cloud Attack Sensing and Warning 14

Managed Cloud Services From Hitachi Vantara 15

DevSecOps Services From Hitachi Vantara: Pipelines 15

DevSecOps Services From Hitachi Vantara: Methodology 17

3

Executive Summary One of the biggest obstacles to companies in the midst of a transformative cloud journey is the manual approaches many IT leaders adopt to operate and maintain the new environment. The automation of the processes and tooling with a focus on end-to-end IT automation can take six months to a year or more to plan and implement – and may never materialize. Inefficient IT resources are costly to the business in the short and long term, whether they exist on premises or in the cloud. To reduce the risk, time and resource commitments for cloud projects, Hitachi Vantara has created an end-to-end cloud automation platform that has customizable out-of-the-box capabilities to address the specific requirements of each customer.

4

OverviewHitachi Cloud Accelerator Platform is a cloud-agnostic collection of highly coupled platform technologies. Its orches-trated and coordinated automation development routines or engines streamline the tasks of managing cloud-native applications over their life cycles. It creates a structured framework for an agile continuous integration and continuous delivery (CI/CD) DevOps process that accelerates the development and operation of cloud-based applications and workloads.

Hitachi Cloud Accelerator Platform is used by Hitachi Vantara to migrate applications, modernize operations and deliver managed cloud services. It is also available to license annually by organizations to manage their applications and cloud-native environments. Hitachi Cloud Accelerator Platform speeds DevOps and creates business agility through a suite of accelerators. For example, auto-remediating a cloud “disk full” incident that could have negative impact on a production environment would be driven using our repair accelerator. This repair accelerator allows the administrator to focus on developing the capability to trigger remediating actions rather than having to focus on creat-ing a framework and the remediating actions.

1. Managed Cloud ServicesHitachi Vantara

2. Hitachi Cloud AcceleratorPlatform Licensing

3. Export Code withoutLicensing Platform

Figure 1. Three Ways To Optimize Control and Performance

Hitachi Vantara believes in empowering organizations to be proactive in managing and leveraging their cloud infra-structure and provides three compelling options to optimize control and performance, as shown in Figure 1:

1. Start with Hitachi Vantara cloud services with an initial period to customize Hitachi Cloud Accelerator Platform to achieve end-to-end automation. In this scenario, Hitachi Vantara team members operate the customer environment.

2. An organization may choose to purchase Hitachi Cloud Accelerator Platform and take over the customization and operations with their own team.

3. An organization may choose to only keep the code exported from the platform (after an initial professional ser-vices engagement) and run scripts manually or build their own orchestrations of workflows outside of Hitachi Cloud Accelerator Platform.

DevSecOps PrinciplesHitachi Vantara cloud services and the Hitachi Cloud Accelerator Platform enable the rapid adoption of DevSecOps principles to increase the pace of innovation and improve the reliability of delivery, as shown in Figure 2.

Figure 2. DevSecOps Principles

5

From a DevSecOps perspective, DevSecOps Services from Hitachi Vantara focus primarily on the principle of auto-mation to enable greater security. This principle of driving automation spans all phases of the application life cycle: deployment, testing and operations. All the automated jobs push data into an operations data lake. This consoli-dation of all operational data enables the ability to monitor key efficiency metrics that matter to the organization, to ensure compliance and continuously improve efficiency. Continuous monitoring and continuous compliance of opera-tional data supports a sustainable compliance program.

DevSecOps Services From Hitachi Vantara: Capability DevelopmentFigure 3 depicts a “fishbone” image of a secure cloud foundation on which the applications are developed and tested before moving into a compliant operations environment. Each of these components have corresponding operations capabilities, such as change, security, cost, release, incident, problem, patch and vulnerability management that need and can be automated.

Figure 3. Secure Foundation for Testing

Your Cloud Journey, Capability and Maturity Organizations that are at various stages of their cloud journey may or may not have all the foundational components required to operate successfully in the cloud. They may have deployed sensors that generate data related to con-figuration changes, performance metrics, security events or cost-related events. Some may have basic application security capabilities or monitoring capabilities, but, from a DevSecOps perspective, they fail to create end to-end automation to detect, remediate, prevent and audit events from multiple sensors. For example, to change a firewall rule or to swap a smaller instance with a larger size instance node, there is a significant amount of code that needs to be customized for each specific environment. From an application and release management perspective, there is a need for automated deployment and automated testing: application functional testing, performance testing, security testing, security at the operating system, configuration validation, application containers configuration and app secu-rity testing.

Hitachi Vantara provides organizations the capability to operate in a cloud environment with automation-driven foun-dation management, incident management, continuous monitoring and compliance, DevSecOps engineering and maintenance.

6

Incident Management: Sensors for Ongoing Operations In a cloud environment, there are infrastructure events triggered by configuration changes at the cloud level, such as security events triggered when an unauthorized firewall change is made by adding a new rule or deleting an existing rule. Additionally, there are instance-level sensors that monitor performance events, such as CPU threshold deviation, disk or memory threshold incidents.

Hitachi Vantara automates the management of all these events by executing automated scripts to continuously detect, remediate and prevent the infrastructure service events and logging all events for auditing purposes.

Continuous Compliance Hitachi Vantara provides continuous compliance with a focus on vulnerability management and patch management. Tools such as Nessus and Qualys detect a vulnerability in the application stack and Hitachi Vantara’s compliance automation pipeline incorporates the remediation without involving the application development team. The application development team is notified only in the scenario where the vulnerability remediation breaks the application function-ality, which is automatically detected through the functional testing pipeline. As with any changes, remediation actions will occur in a lower priority environment and follow a release management process to be implemented in production.

DevSecOps Engineering and Release Management As a business adopts DevSecOps, there is a lot of engineering work that needs to be done to respond to incidents that happen in the cloud and application infrastructure environment.

There is a significant difference between managed services with built-in automation and DevOps support that can automatically spin up infrastructure based on engineering requests versus traditional operations whose primary focus is on incident response. DevSecOps Services from Hitachi Vantara proactively detect issues with automation pipe-lines so that there is no impact to application engineers continuously releasing new features in smaller batches.

Hitachi Cloud Accelerator PlatformThe Hitachi Cloud Accelerator Platform is an enterprise IT transformation solution that accelerates cloud adoption and delivers actionable business intelligence though automation. It addresses the four main challenges that enterprises face today in terms of operating application workloads in the cloud:

●● Deploying a cloud foundation quickly to reduce risk to application security, performance and compliance.

●● Incorporating a DevSecOps process for continuous integration and delivery to accelerate the release management of new capabilities to the cloud.

●● Managing the application architecture using automation driven from data-driven insights to reduce the downtime and deliver customer value while reducing costs.

●● Compliance management using automation.

Hitachi Cloud Accelerator Platform supports agile DevSecOps through the following:

●● Assessment accelerator to understand infrastructure and dependencies.

●● Deployment accelerator for faster code delivery.

7

●● Test accelerator for quality and compliance.

●● Repair accelerator for fast, automated fixes.

●● Ops accelerator for workflow pipeline automation.

●● Dashboard accelerator for real-time visualization and reporting.

The fundamental framework and tooling that organizations must build before operating a cloud environment takes great expertise across multiple cloud domains. Hitachi Vantara cloud services along with Hitachi Cloud Accelerator Platform provide this turnkey solution on Day 1 on the best cloud target, whether it be Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform (GCP).

Figure 4 depicts how the integrated Hitachi Cloud Accelerator Platform solves the end-to-end application life cycle using an automated, accelerated and consistent DevOps process.

Figure 4. Solve the end-to-end application life cycle with Hitachi Cloud Accelerator Platform.

Migration AcceleratorMigration accelerator is used to automate the migration of simple to complex environments reliably and repeatedly. It helps organizations to easily migrate applications that are running in private data centers to the cloud. Hitachi migra-tion accelerator discovers virtual machines that are managed in a virtual machine manager (VMM) and enables clients to trigger the migration process, which creates images in the cloud.

Migration accelerator supports AWS and VMware hosts with VMware vCenter as well as other cloud providers. Migration accelerator also assists in right-sizing the cloud instances to maximize cost savings without compromising the application throughput.

Deployment AcceleratorDeployment accelerator is a deployment automation accelerator allowing clients to deploy and configure complex environments reliably and consistently with the click of a button. Application lead time is reduced from weeks to days through the automation provided by deployment accelerator. It consists of a visual tool to generate infrastructure

8

as code (IaC) and enables administrators to deploy application stacks to AWS, Azure, and GCP consistently. Deployment accelerator can parameterize and replicate a blueprint deployment to multiple environments without having to start from scratch saving time and enhancing customer experience much faster than traditional deployment practices.

Deployment accelerator provides administrators with configurable layers. The layers are described below:

1. Resources. The resource layer is used to configure the cloud provider of your choice. A provider is responsible for understanding API interactions and exposing cloud resources. Once the provider is configured, administrators can drag and drop cloud provider abstract resources and services using the graphical interface.

2. Packages. The package layer in the deployment accelerator supports configuration management (CM) tools such as Chef, Puppet and Ansible.

3. Instance. The instance layer is used to include customer operating system images that are imported as baseline images called gold disks from their on-premises environment (if required).

Drag and Drop Deployment accelerator provides customers the capability to drag and drop cloud provider services and resources to quickly build a deployment blueprint. An existing application architecture can be described in the deployment accel-erator by dragging and dropping resources after selecting the appropriate provider; the provider could be AWS or Azure, or Google.

Terraform, Chef or Ansible Deployment accelerator generates terraform code for the corresponding cloud provider. The configuration code can be provisioned using Chef or Ansible. Administrators can drag and drop cloud resources and application packages to create their deployment environment. To prevent dependency on the Hitachi Cloud Accelerator Platform administra-tors will have the ability to download the terraform and application package code for a particular deployment.

Autogeneration Hitachi Cloud Accelerator Platform can recreate resources from one environment into another environment using prebuilt orchestrated pipeline and parameterized variables for an application. This involves the autogeneration of infra-structure as code and autogeneration of pipeline as code.

Customization The ability to templatize the deployment blueprint allows administrators to focus on high-value customization versus building entire environments from scratch. This capability allows organizations to rapidly move application resources from a development environment to a production environment quickly, minimizing human errors (see Figure 5).

9

Figure 5. Deployment Blueprint Customization

Assessment AcceleratorAssessment accelerator (see Figure 6) allows applications and systems to be evaluated against relevant security and compliance frameworks. It also provides cloud infrastructure, security and network assessments to highlight the issues that organizations need to target to maintain its security posture.

Figure 6. Assessment Accelerator User Interface

With a click of a button, the assessment accelerator generates a comprehensive audit report (see Figure 7) of an organization’s environment that focuses on the architected framework, cost, performance and security. This audit report can be generated multiple times a day for review and remediation prior to turning the report into an auditor.

10

Figure 7. Assessment Accelerator Audit Reports

Test AcceleratorTest accelerator is a cloud-based, DevSecOps-centric, test automation accelerator. It creates dynamic testing infra-structure on the fly to perform rapid, parallel and cross-browser functional, performance, load and scale testing. As a continuous testing (CT) tool, test accelerator provides the ability to test web applications using multiple browsers and runs tests (either URL, functional or manual) and provides state-of-the-art test result data analytics (see Figure 8).

Figure 8. Test Accelerator Capabilities

●● The whole application operations framework is turnkey, including testing. The testing pipelines can run without human intervention (see Figure 9).

●● The test can be paused when a browser test fails to review which page did not load or what specific errors were generated.

●● It provides performance and load metrics on the latency on objects loading.

●● It executes validation code to test the infrastructure created.

11

Figure 9. Testing pipelines can run without human intervention.

The ability to integrate and automate the execution of any tool that organizations require along with the capability to aggregate test results into a single platform reduces the cost and time to deliver an automated security validated deployment (see Figure 10). This includes tools like Selenium, Cucumber, HP UFT, Test Complete or any other tool with API support, such as SAP Solution Manager.

Figure 10. Integrate and automate the execution of any tool.

12

Dashboard AcceleratorDashboard accelerator is an analytics and visualization accelerator, which can be used to search, view and interact with data. Dashboard accelerator helps clients perform advanced data analysis and visualization of data in different formats, such as charts, tables and graphs. Dashboard accelerator is easy to use and helps clients analyze large vol-umes of data. The web interface enables quick creation of dynamic dashboards that display cloud infrastructure and application changes (see Figure 11). Dashboard accelerator comes with a powerful collection of prepackaged, out-of-the-box dashboards.

Figure 11. Dashboard Accelerator Capabilities and Visualizations

Dashboard accelerator offers persona-based dashboards to visualize the key financial, operations and security metrics from the different stages of the DevSecOps process to provide a holistic picture. It supports the construction of custom visualizations for historical and real-time information with the help of data that is collected and analyzed from development, testing, deployment, cost, operation, security, and compliance metrics and logs.

For JIRA and Jenkins data, organizations need to provide special access to the information, but for cloud native data such as CloudTrail, dashboard accelerator has prebuilt integrations to aggregate the data from these disparate sources.

Managed Cloud CapabilitiesManaged Cloud Services from Hitachi Vantara include many out-of-the-box governance rules that are created by using cloud configuration rules and serverless functions (see Figure 12). These managed services leverage Hitachi Cloud Accelerator Platform, including the dashboard accelerator. The dashboard accelerator provides detailed infor-mation related to users, managed cloud rules, and resource types.

Figure 12. Managed Cloud Capabilities

13

Managed Cloud Capabilities Perspective ●● Cost and Security: Managed Cloud Services from Hitachi Vantara leverage tags to manage costs and security. Tags that are assigned during infrastructure spin up to allow organizations to contain cost on a per-unit basis or a per-account basis as they deploy infrastructure into multiple environments.

●● Repair Accelerator and Assign Tags: Tags can be assigned to work in conjunction with “Janitor Monkey” type policies where organizations can automatically shut down instances that do not need to be running at night or over weekends. In addition to policy-based cleanup, repair accelerator framework can detect a previous instance of a remediation script that was executed to fix an issue and automatically run that on the next occurrence of the same incident.

●● Percentage Auto-Healed: The dashboard accelerator drives the creation of remediation scripts for the incidents that are not auto-healed, and this feedback loop allows organizations to consistently reduce the downtime and reduce the resources required to manage hybrid cloud and cloud environments.

●● Pipeline Management: Managed Cloud Services from Hitachi Vantara also provides a chatbot framework for developers to manage nonproduction workloads using a Slack collaboration channel to communicate starts and stops of pipelines. This allows developers to only interact with operations when they have issues with a pipeline operation.

●● Managed Cloud Services from Hitachi Vantara – Cost Management: The Managed Cloud Services from Hitachi Vantara uses a cost management framework to implement best practices for cost management from a people, process and tools perspective (see Figure 13). The framework integrates with different cost explorers and cloud health.

Figure 13. Best Practices for Cost Management

Hitachi Cloud Patch and Vulnerability Management PipelineHitachi cloud patch and vulnerability management pipeline is integrated with tools such as Qualys and Nessus to automatically incorporate any patches for applications that are vulnerable (see Figure 14). The vulnerability manage-ment pipeline processes a patch and rescans the application with Nessus. When the scan passes and the application passes the functional and performance testing then the change can be moved to production through an approved release management process, without disturbing the application team. If the scan fails, the application team is

14

provided the information to troubleshoot the failure. This approach allows the application team to focus on functional work and improves the effectiveness of the entire team. The vulnerability management pipeline is customizable to work with any API-driven tools that are used for vulnerability scanning.

Figure 14. Automatically incorporate any patches for applications that are vulnerable.

Managed Cloud Attack Sensing and WarningManaged Cloud Services from Hitachi Vantara also support attack sensing and detection mechanisms for multiple cloud providers (see Figure 15). The framework has cloud-specific policies and node-based detection support.

Figure 15. Framework for Threat Detection

15

Managed Cloud Services From Hitachi Vantara Managed Cloud Services from Hitachi Vantara are built on state-of-the-art technology for auto-remediating the most frequently occurring IT incidents. They auto-remediate incoming events with zero human intervention using the repair accelerator.

The framework supports:

1. Configuration change sensory events.

2. Performance change sensor events.

3. Security change sensor events.

4. Cost events.

The DevOps team builds and deploys custom detection and remediation scripts for each of the incidents in a cus-tomer environment. This may need to be integrated with a custom incident management approval workflow as needed. The automation of the incident management helps minimize downtime and reduce the manual effort it takes to fix incidents. In addition to the detection and remediation scripts, the repair accelerator framework also focuses on preventing the detected issues. The remediated incidents may also be logged so that they are available for audit. The framework is designed to support customer-specific customization.

Figure 16. Custom detection and remediation scripts minimize downtime.

DevSecOps Services From Hitachi Vantara: PipelinesAs part of an application migration, Hitachi Vantara will create and customize DevSecOps pipelines. Hitachi Vantara’s out-of-the-box continuous integration (CI) and continuous delivery (CD) pipelines will help organizations to accelerate the adoption of DevSecOps processes by bringing in a proven framework that can be modified to meet CI/CD goals.

16

Figure 17 depicts the out-of-the-box CI/CD pipelines.

Figure 17. DevOps Services From Hitachi Vantara: Pipelines

●● Base AMI baking: This pipeline creates a STIG’d AMI with automated Inspec and Nessus testing to provide faster compliance validation.

●● Application infrastructure: This pipeline creates the cloud provider infrastructure required to run the application and performs automated validation for the infrastructure.

●● Dev deploy: The clean install pipeline tests the latest application version with the current architecture to make sure everything installs correctly. The infrastructure configuration and the application are tested to ensure successful deployment. The stack is destroyed if the test passes. If the test fails, the pipeline is left running to allow develop-ers to troubleshoot the deployment.

●● QA testing: The QA pipeline stands up the latest application version and runs a test suite (for example, Selenium test scripts) for quality control. The pipeline leaves the stack up so that QA engineers can manually test for special (exploratory) test cases.

●● Performance testing: The performance pipeline stands up the latest version of the application and runs auto-mated performance tests to measure the response times under different load scenarios. After performance testing is complete, the results are cached and pipeline tears down the stack.

●● Security testing: The security pipeline stands up the latest version of the application and runs security tests, OWASP application scan and HTTP header tests, against the application. The results are cached and pipeline tears down the stack after the security tests are completed.

●● Production deployment: The production release pipeline creates new stack deployments and upgrades existing stacks. The pipeline can implement blue-green deployments to perform zero downtime deployments and provide the ability to roll-back in case of issues. The ability to perform upgrades with zero downtime varies from application to application based on the current design.

17

Using Hitachi Vantara’s unique methodology, organizations can take advantage of a fully automated deployment process to kick-start their DevSecOps adoption. The ability to construct secure pipelines with state management of secrets and files to track chain of command for all the automation-driven steps accelerates the deployment in a repeatable and consistent manner and reduces delivery lead time.

DevSecOps Services From Hitachi Vantara: MethodologyTo drive the creation of CI/CD pipelines through automation, Hitachi Vantara developed a unique strategy based on Hitachi Cloud Accelerator Platform. Figure 18 describes the DevSecOps Services from Hitachi Vantara methodology.

Figure 18. DevSecOps Services From Hitachi Vantara: Methodology

HITACHI is a registered trademark of Hitachi, Ltd. VSP is a trademark or registered trademark of Hitachi Vantara Corporation. Microsoft, Azure and Windows are trademarks or registered trademarks of Microsoft Corporation. All other trademarks, service marks and company names are properties of their respective owners. NOTE: Actual trademark text should reflect the real content. Use the trademark guidance in the Hitachi Vantara Brand Guide.

WP-595-A BTD October 2019

Hitachi Vantara

Corporate Headquarters 2535 Augustine Drive Santa Clara, CA 95054 USA hitachivantara.com | community.hitachivantara.com

Contact InformationUSA: 1-800-446-0744Global: 1-858-547-4526hitachivantara.com/contact

A key feature of the Hitachi Cloud Accelerator Platform framework is the ability to generate infrastructure deployment code that can be used independently of the framework to create infrastructure. This Hitachi Vantara framework is primarily aimed at providing a complete solution to address the automation of all stages of the DevSecOps process.

The DevSecOps Services from Hitachi Vantara methodology consist of multiple stages that are executed to tie together the DevSecOps life cycle. The various stages of the DevSecOps Services from Hitachi Vantara methodology are described below:

1. The DevSecOps Services from Hitachi Vantara methodology starts with the construction of a single Control VPC within the AWS or other cloud provider account. The Control VPC hosts all the accelerator resources and acts as control plane for executing deployments.

2. The next stage in the process involves the installation of the deployment accelerator within the Control VPC. This stage in the DevSecOps Services from Hitachi Vantara methodology drives the deployments of all subsequent accelerators and Jenkins instances.

3. Deployment accelerator has built-in deployment blueprints that are executed to install the test accelerator, repair acceler-ator and the dashboard accelerator.

4. Deployment accelerator installs Jenkins with prebaked pipeline DSLs for DEV, UAT/QA, performance, security and pro-duction deployment.

5. Jenkins executes the pipelines and makes API calls back to deployment accelerator to initiate the build for application images and for the deployment of application code.

6. Deployment accelerator creates the application VPC containing the results of the Jenkins pipelines and the infrastructure deployments. Deployment accelerator also installs Logstash collectors to deliver cloud, system and deployment log infor-mation to the dashboard accelerator for presentation.

7. Test accelerator runs test cases against the applications and results are visualized in a dashboard within the dashboard accelerator.

8. Repair accelerator runs auto-remediation recipes to fix any issues within the infrastructure.

9. Dashboard accelerator provides persona-based dashboards that visualize key financial, operations and security metrics from the different DevSecOps processes to provide a holistic picture from different points of view.

For more information regarding Hitachi Vantara cloud services, contact your Hitachi Vantara representative or visit HitachiVantara.com.