secure enterprise cloud
DESCRIPTION
TRANSCRIPT
www.sungardas.com
The Secure Enterprise Cloud
Indu Kodukula
Executive Vice President and Chief Technology Officer
Satish Hemachandran
Director Product Management
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 2
Production + DR are 80+% of Enterprise Cloud Priorities
*IDG Research, 2010
What services are you planning to
enhance with cloud computing?
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 3
The Cloud Promise:
COST
FLEXIBILITY
RISK
POSITIVE
POSITIVE
??
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 4
And Reality Bears Out There is Risk…
Jan 2011: Online image
service provider
mistakenly deletes
4,000 pictures from a
paid user’s account
Feb 2011: Online email
service provider loses
mails from 150K user
accounts during a
weekend outage
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 5
Traditional Enterprise IT Risks
Changing Market/Business conditions might
need you to expand or contract capacity
Unplanned disaster scenarios can
significantly disrupt regular business
operations
Breach of security and policy controls
can lead to business and
regulatory issues
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 6
Security
Cloud Risks are (Mostly) Old Wine in New Bottles
Compliance Connectivity
Availability Manageability
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 7
Security & Compliance:
Platform & Policies
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 8
Most Regulations Share a Common Concern:
Implementation and Enforcement of Policies
Tracks all access to
network and
cardholder data
Documentation of
actions & activities
with 6 yr data retention
Organization wide
security for IT
systems to support
ops. and assets
Protect customer
information & identify/
resolve sec. violations
Financial and
accounting functions
segregation of duties
Secure Remote Access
Role-Based Access Control
Separation of Management,
Control and Customer Planes
Availability and Fault Isolation
Issue Prevention, Detection,
Remediation
Log Management
Security and Auditing
Business Continuity &
Disaster Recovery
Data Retention/Archival
Go
vern
an
ce,
Peri
od
ic P
latf
orm
an
d
Po
licy A
ud
its,
an
d C
ert
ific
ati
on
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 9
Layered Security with Common Base of Controls
Presentation Models
and Platforms
Application Interfaces
Applications
Data Meta
Data Content
Hardware Infrastructure
Facilities Infrastructure
Connectivity Abstract
Layer
Integration and Middleware
Logical, Physical, and Environmental
Security
Host hardening, Encryption, Separation
and segregation (Network, Host and
Storage)
Performance and security monitoring
Patch and release management
Abstract layer hardening, Monitoring,
Separation, Patch and release
management, and policy controls
Identity Management Policy, Auditing, &
Compliance
Security Detection, Response, Containment, Eradication, and Forensics
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 10
• Datacenter Standards certifications (SAS 70)
• Regulatory compliance (PCI, HIPAA)
• Audit Assistance
• Biometric access control
• No access to shared infrastructure
• 24/7 Security Service; CCTV for Interior/Exterior monitoring
• ITIL v3 based services
• Security assessments and recommendations
• Periodic Penetration tests
• Strict change control
• Role-based access control
• Infrastructure security; Shared vs. dedicated
• Activity Logging, monitoring, and detection
Platform Security
IT Best Practice
Data-center
Security
Creating a Secure Cloud Foundation for Enterprise
Compliance
Mgmt.
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 11
Connectivity:
Cloud, Non-Cloud/Hybrid
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 12
Choice of Connectivity to Meet Every Business Need
Site to Site VPN
INTERNET DEDICATED
CIRCUIT
MPLS
SUNGARD ENTERPRISE CLOUD
CUSTOMER WAN/REMOTE CUSTOMER WAN/DATACENTER CUSTOMERS’ CUSTOMER
Public Internet Client VPN
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 13
Hybrid Cloud Use Case
Internal Cloud
IaaS Cloud 1 Colocation
Leverage existing/legacy
infrastructure e.g. mainframes
Integrate with other external
virtual clouds for burst (flex)
capacity
Host applications requiring
physical/dedicated and virtual
systems (e.g. Oracle)
Integrate with third-party hosted
applications e.g. ASP, PaaS,
SaaS,
IaaS Cloud 2 PaaS Cloud
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 14
Building a Hybrid Cloud
SUNGARD
NETWORK
Site to Site VPN
SUNGARD
DATACENTER
INTERNET DEDICATED
CIRCUIT
MPLS
SUNGARD ENTERPRISE CLOUD
Cross Connect
CUSTOMER WAN/REMOTE CUSTOMER WAN/DATACENTER CUSTOMERS’ CUSTOMER
Public Internet Client VPN
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 15
Manageability:
Monitoring and Remote Hands
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 16
The Cloud Management Challenge
Customers are still the same
• Complex architectures with point-to-point
connections
• Legacy platform support dependencies (Win2k,
Mainframes)
• Non-(x86)cloud integrations (Mainframes, Unix)
Enterprise needs from cloud providers
• A full portfolio of management services (OS,
Database, Security)
• Migration assistance and custom policies
• Integration of cloud & non-cloud
• Auditability of the platform and datacenter
• SLA’s for the platform & service
• Periodic reporting and guidance
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 17
Infrastructure
CPU Config Memory Config Storage Config Network Config
Infrastructure Management
Monitoring Capacity Planning Performance
Service and Operations Management
Availability Event
Monitoring
Provisioning Service Desk
Patching
Problem
Resolution
Security
Management
Config Mgmt
Backup
Service
Restoration
Customer Applications
Cloud Extends Traditional Management
(but with different tools)
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 18
Request for Change
Incident
Request for Information
Service Reporting
Performance Reporting
Availability Reporting
Configuration Reporting
KPI and SLA Reporting
ITIL Based Support Process
Service Operation
Tier 1
Tier 2
Tier 3
Service Desk
Service Delivery
Request Fulfillment
Change Management
Problem
Management Configuration
Management
Resolution Customer
Customer
Portal
Aggregation Engine
Correlation
Validation
Event
Management
CMDB
Front End
Ticketing
System
Verification
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 19
Intrusion Detection System – Incident Handling Process Flow
Exte
rna
l
Exp
ert
sS
OC
NO
C
Info
rma
tio
n
Se
cu
rity
IT O
rga
niz
atio
nM
an
ag
em
en
tS
yste
m S
en
so
r
Monitors and
Identifies
Security Event
Receives event
information,
analyzes and
notifies
NOC and
Information
Security Office
Event Ticket
and Report
Critical Event Notice
Non-Critical
and Critical
Other
sensors and
monitoring
systems
Proactive
Indicators IT
Operations
TriageAnalyze
Event
If no response
Is needed
Closed Ticket
Planned
Technical
Response
Technical
Response
Execution
Management
Response
If Management or
Legal response is needed
Provide guidance
and/or assistance
(Forensics, legal
console, etc.)
Closed
Event
Pro
vid
e a
dd
itio
na
l
Info
rma
tio
n to
use
rs
System Users
Enterprise Cloud: Platform + Automation + Process + People
Technical Focus
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 20
Availability:
Scalability & Recovery
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 21
Scalability
Customer workloads vary
in their infrastructure
demands. Typically:
• Memory Utilization
• Storage I/O
• Network Throughput
Infrastructure needs to
distribute/scale load
• Without affecting user
sessions
• Without affecting other
applications
• Maintaining application
interdependencies
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 22
Cloud Apps
Virtualized Apps
Simple Apps
Complex Apps
Legacy Apps
Decreasing Availability
Always
Available Available
in hours
Available
in days
More
Com
ple
x
Cloud Enables Application Availability
But… autoscaling is still unattainable for many
Replication technologies still offers the most cost
effective solution for the enterprise
Cloud makes availability more affordable for complex
applications: database and app/web server
Cloud done right can also reduce RTO
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 23
Integrated Recovery: Achieving Continuous Uptime
Customer
Applications
& Data
Enterprise Cloud
Customer
Data-center
VMs on Cloud-site 1
VMs on Cloud-site 2
Cloud is the production environment
Backup and Restore of VMs
Active-active deployment mode
Site-to-site recovery across multiple
datacenters
Recovery of entire application with its
dependencies (VMs and non-virtualized
assets)
Cloud is your target recovery platform
Web-based backup/replication of data to
cloud based on industry leading
technologies
VM cloning and startup
Mapping of cloud-based data to
recovered instances
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 24 24
SunGard Enterprise Cloud Services
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 25
SunGard Enterprise Cloud Services Vision
Deliver Managed and Recovery Services
for enterprise-grade applications
that ensure availability of business operations
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 26
Fully Managed Infrastructure-as-a-Service
SunGard manages all necessary compute, network, storage and security resources,
offering a complete, cost-effective solution
Compute
Virtualized environment providing hypervisor and OS system services
Customize your virtual machine configurations to specific requirements
SunGard Software Licensing Services options available
Network Broad networking options including multiple VLAN support, robust
internet connectivity, MPLS and dedicated circuit options
Storage Managed storage with integrated backup and restore
Security Managed firewall and virtual private network connectivity
Platform built to support compliance requirements
Rapid
Provisioning
Ability to store custom VM templates in your own private image library
Virtualized instances deployed within minutes
Management
& Monitoring
24/7/365 management and monitoring of your virtualized infrastructure
99.95% availability Service Level Agreement (per month / per VM)
Portal &
Reporting
Customer management portal to view and request compute resources
on demand
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 27
Multi-tenant enterprise cloud and dedicated private cloud
All services fully managed by SunGard’s IT experts
Infrastructure architected for compliance and security
All solutions built on enterprise-grade infrastructure
Designed for production workloads
Predictable contract pricing with flexibility for rapid response to the changing IT demands
Customized solutions designed to enterprise needs
Comprehensive consulting services provide complete Cloud Readiness Assessments and Migration services
Cloud Services for the Enterprise
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 28
Why SunGard Enterprise Cloud Services?
• Commitment to service delivery and process discipline
• SLA and commitment to reliability
• SunGard's emphasis on compliance & process
• Consultative relationship with the customer
Customer Buying Scenario
• Leverage new technology platform to improve time to market, management, and scalability
• Implementing new SAP application and the customer had no prediction regarding growth
• Customer supports client fulfillment for health services customers (e.g., including pharmacies and health care providers)
• Small business less than generating revenue located in Western US
• New SAP implementation
Customer Solution Requirements
• Wanted to leverage the cloud technology to implement new SAP application
• Needed a solution that would scale quickly and efficiently (4x scale)
• Required an enterprise-level solution that was fully managed by the service provider due to lack of internal expertise
• Looking for a secure and compliant infrastructure
Customer Deployment – Pharmaceutical Supplier
Customer Overview
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 29
Why SunGard Enterprise Cloud Services?
• Industry expertise
• Datacenter security
• Reputation with financial and large enterprise companies
• SunGard's emphasis on compliance and process
• Future investments in cloud services
Customer Buying Scenario
• Appeal to current customers and prospects to sell archiving software via new delivery method, avoiding s/w, and h/w CapEx
• Elastic SaaS Model to support rapid build-out of infrastructure for on demand E-discovery or growth for any size firm
• Customer is a provider of enterprise-class electronic content archiving software
• Services include E-Discovery, compliance, records management, and storage optimization
• Assists large firms in mitigating risk and managing digital assets from a single point of control and unified set of policies
Customer Solution Requirements
• Looking to increase sales, market size, and penetration
• End-customers want to reduce CapEx and shift to OpEx budget
Customer Deployment – Software Provider
Customer Overview
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 30
SunGard Internal Use of Cloud
Focused on using cloud for new projects in 2011
Using cloud for:
• Development
• Test/QA
• Production
Currently implementing projects for
• Enterprise Mobility (IaaS)
• Single Sign-On (IaaS)
• Store Front/Billing (SaaS)
• Ticketing (SaaS)
• Email (SaaS)
• CRM (SaaS)
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 31
Pragmatic Path to Enterprise Cloud
Phase II
Phase III
Phase IV
Phase I
Cloud Readiness Assessment
Cloud Design & Architecture
Cloud Implementation & Transition
Steady State Production
© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 32
Secure enterprise-
grade cloud
Improved IT agility
& scalability
Rapid provisioning and ability to scale up and down to support new business ventures and peak periods where infrastructure may only be needed for a short time
Flexible contract pricing to respond to your IT requirements
Financial flexibility
& increased ROI
Shift from CapEx to OpEx model so you can pay as you go and only pay for what you need while experiencing faster payback of investment
Reduce labor costs via elimination of time spent on day to day infrastructure management
Highly secure and resilient platform built on IT security
best practices and meeting numerous compliance standards
Fully managed infrastructure reduces the IT administrative
burden and allows redirection of staff to strategic business
initiatives
Key Solution Benefits - Summary