secure enterprise cloud

www.sungardas.com

The Secure Enterprise Cloud

Indu Kodukula

Executive Vice President and Chief Technology Officer

Satish Hemachandran

Director Product Management

© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 2

Production + DR are 80+% of Enterprise Cloud Priorities

*IDG Research, 2010

What services are you planning to

enhance with cloud computing?


The Cloud Promise:

COST

FLEXIBILITY

RISK

POSITIVE

POSITIVE

??


And Reality Bears Out There is Risk…

Jan 2011: Online image

service provider

mistakenly deletes

4,000 pictures from a

paid user’s account

Feb 2011: Online email

service provider loses

mails from 150K user

accounts during a

weekend outage


Traditional Enterprise IT Risks

Changing Market/Business conditions might

need you to expand or contract capacity

Unplanned disaster scenarios can

significantly disrupt regular business

operations

Breach of security and policy controls

can lead to business and

regulatory issues


Security

Cloud Risks are (Mostly) Old Wine in New Bottles

Compliance Connectivity

Availability Manageability


Security & Compliance:

Platform & Policies


Most Regulations Share a Common Concern:

Implementation and Enforcement of Policies

Tracks all access to

network and

cardholder data

Documentation of

actions & activities

with 6 yr data retention

Organization wide

security for IT

systems to support

ops. and assets

Protect customer

information & identify/

resolve sec. violations

Financial and

accounting functions

segregation of duties

Secure Remote Access

Role-Based Access Control

Separation of Management,

Control and Customer Planes

Availability and Fault Isolation

Issue Prevention, Detection,

Remediation

Log Management

Security and Auditing

Business Continuity &

Disaster Recovery

Data Retention/Archival

Go

vern

an

ce,

Peri

od

ic P

latf

orm

an

d

Po

licy A

ud

its,

an

d C

ert

ific

ati

on


Layered Security with Common Base of Controls

Presentation Models

and Platforms

Application Interfaces

Applications

Data Meta

Data Content

Hardware Infrastructure

Facilities Infrastructure

Connectivity Abstract

Layer

Integration and Middleware

Logical, Physical, and Environmental

Security

Host hardening, Encryption, Separation

and segregation (Network, Host and

Storage)

Performance and security monitoring

Patch and release management

Abstract layer hardening, Monitoring,

Separation, Patch and release

management, and policy controls

Identity Management Policy, Auditing, &

Compliance

Security Detection, Response, Containment, Eradication, and Forensics


• Datacenter Standards certifications (SAS 70)

• Regulatory compliance (PCI, HIPAA)

• Audit Assistance

• Biometric access control

• No access to shared infrastructure

• 24/7 Security Service; CCTV for Interior/Exterior monitoring

• ITIL v3 based services

• Security assessments and recommendations

• Periodic Penetration tests

• Strict change control

• Role-based access control

• Infrastructure security; Shared vs. dedicated

• Activity Logging, monitoring, and detection

Platform Security

IT Best Practice

Data-center

Security

Creating a Secure Cloud Foundation for Enterprise

Compliance

Mgmt.


Connectivity:

Cloud, Non-Cloud/Hybrid


Choice of Connectivity to Meet Every Business Need

Site to Site VPN

INTERNET DEDICATED

CIRCUIT

MPLS

SUNGARD ENTERPRISE CLOUD

CUSTOMER WAN/REMOTE CUSTOMER WAN/DATACENTER CUSTOMERS’ CUSTOMER

Public Internet Client VPN


Hybrid Cloud Use Case

Internal Cloud

IaaS Cloud 1 Colocation

Leverage existing/legacy

infrastructure e.g. mainframes

Integrate with other external

virtual clouds for burst (flex)

capacity

Host applications requiring

physical/dedicated and virtual

systems (e.g. Oracle)

Integrate with third-party hosted

applications e.g. ASP, PaaS,

SaaS,

IaaS Cloud 2 PaaS Cloud


Building a Hybrid Cloud

SUNGARD

NETWORK

Site to Site VPN

SUNGARD

DATACENTER

INTERNET DEDICATED

CIRCUIT

MPLS

SUNGARD ENTERPRISE CLOUD

Cross Connect

CUSTOMER WAN/REMOTE CUSTOMER WAN/DATACENTER CUSTOMERS’ CUSTOMER

Public Internet Client VPN


Manageability:

Monitoring and Remote Hands


The Cloud Management Challenge

Customers are still the same

• Complex architectures with point-to-point

connections

• Legacy platform support dependencies (Win2k,

Mainframes)

• Non-(x86)cloud integrations (Mainframes, Unix)

Enterprise needs from cloud providers

• A full portfolio of management services (OS,

Database, Security)

• Migration assistance and custom policies

• Integration of cloud & non-cloud

• Auditability of the platform and datacenter

• SLA’s for the platform & service

• Periodic reporting and guidance


Infrastructure

CPU Config Memory Config Storage Config Network Config

Infrastructure Management

Monitoring Capacity Planning Performance

Service and Operations Management

Availability Event

Monitoring

Provisioning Service Desk

Patching

Problem

Resolution

Security

Management

Config Mgmt

Backup

Service

Restoration

Customer Applications

Cloud Extends Traditional Management

(but with different tools)


Request for Change

Incident

Request for Information

Service Reporting

Performance Reporting

Availability Reporting

Configuration Reporting

KPI and SLA Reporting

ITIL Based Support Process

Service Operation

Tier 1

Tier 2

Tier 3

Service Desk

Service Delivery

Request Fulfillment

Change Management

Problem

Management Configuration

Management

Resolution Customer

Customer

Portal

Aggregation Engine

Correlation

Validation

Event

Management

CMDB

Front End

Ticketing

System

Verification


Intrusion Detection System – Incident Handling Process Flow

Exte

rna

l

Exp

ert

sS

OC

NO

C

Info

rma

tio

n

Se

cu

rity

IT O

rga

niz

atio

nM

an

ag

em

en

tS

yste

m S

en

so

r

Monitors and

Identifies

Security Event

Receives event

information,

analyzes and

notifies

NOC and

Information

Security Office

Event Ticket

and Report

Critical Event Notice

Non-Critical

and Critical

Other

sensors and

monitoring

systems

Proactive

Indicators IT

Operations

TriageAnalyze

Event

If no response

Is needed

Closed Ticket

Planned

Technical

Response

Technical

Response

Execution

Management

Response

If Management or

Legal response is needed

Provide guidance

and/or assistance

(Forensics, legal

console, etc.)

Closed

Event

Pro

vid

e a

dd

itio

na

l

Info

rma

tio

n to

use

rs

System Users

Enterprise Cloud: Platform + Automation + Process + People

Technical Focus


Availability:

Scalability & Recovery


Scalability

Customer workloads vary

in their infrastructure

demands. Typically:

• Memory Utilization

• Storage I/O

• Network Throughput

Infrastructure needs to

distribute/scale load

• Without affecting user

sessions

• Without affecting other

applications

• Maintaining application

interdependencies


Cloud Apps

Virtualized Apps

Simple Apps

Complex Apps

Legacy Apps

Decreasing Availability

Always

Available Available

in hours

Available

in days

More

Com

ple

x

Cloud Enables Application Availability

But… autoscaling is still unattainable for many

Replication technologies still offers the most cost

effective solution for the enterprise

Cloud makes availability more affordable for complex

applications: database and app/web server

Cloud done right can also reduce RTO


Integrated Recovery: Achieving Continuous Uptime

Customer

Applications

& Data

Enterprise Cloud

Customer

Data-center

VMs on Cloud-site 1

VMs on Cloud-site 2

Cloud is the production environment

Backup and Restore of VMs

Active-active deployment mode

Site-to-site recovery across multiple

datacenters

Recovery of entire application with its

dependencies (VMs and non-virtualized

assets)

Cloud is your target recovery platform

Web-based backup/replication of data to

cloud based on industry leading

technologies

VM cloning and startup

Mapping of cloud-based data to

recovered instances


SunGard Enterprise Cloud Services Vision

Deliver Managed and Recovery Services

for enterprise-grade applications

that ensure availability of business operations


Fully Managed Infrastructure-as-a-Service

SunGard manages all necessary compute, network, storage and security resources,

offering a complete, cost-effective solution

Compute

Virtualized environment providing hypervisor and OS system services

Customize your virtual machine configurations to specific requirements

SunGard Software Licensing Services options available

Network Broad networking options including multiple VLAN support, robust

internet connectivity, MPLS and dedicated circuit options

Storage Managed storage with integrated backup and restore

Security Managed firewall and virtual private network connectivity

Platform built to support compliance requirements

Rapid

Provisioning

Ability to store custom VM templates in your own private image library

Virtualized instances deployed within minutes

Management

& Monitoring

24/7/365 management and monitoring of your virtualized infrastructure

99.95% availability Service Level Agreement (per month / per VM)

Portal &

Reporting

Customer management portal to view and request compute resources

on demand


Multi-tenant enterprise cloud and dedicated private cloud

All services fully managed by SunGard’s IT experts

Infrastructure architected for compliance and security

All solutions built on enterprise-grade infrastructure

Designed for production workloads

Predictable contract pricing with flexibility for rapid response to the changing IT demands

Customized solutions designed to enterprise needs

Comprehensive consulting services provide complete Cloud Readiness Assessments and Migration services

Cloud Services for the Enterprise


Why SunGard Enterprise Cloud Services?

• Commitment to service delivery and process discipline

• SLA and commitment to reliability

• SunGard's emphasis on compliance & process

• Consultative relationship with the customer

Customer Buying Scenario

• Leverage new technology platform to improve time to market, management, and scalability

• Implementing new SAP application and the customer had no prediction regarding growth

• Customer supports client fulfillment for health services customers (e.g., including pharmacies and health care providers)

• Small business less than generating revenue located in Western US

• New SAP implementation

Customer Solution Requirements

• Wanted to leverage the cloud technology to implement new SAP application

• Needed a solution that would scale quickly and efficiently (4x scale)

• Required an enterprise-level solution that was fully managed by the service provider due to lack of internal expertise

• Looking for a secure and compliant infrastructure

Customer Deployment – Pharmaceutical Supplier

Customer Overview


Why SunGard Enterprise Cloud Services?

• Industry expertise

• Datacenter security

• Reputation with financial and large enterprise companies

• SunGard's emphasis on compliance and process

• Future investments in cloud services

Customer Buying Scenario

• Appeal to current customers and prospects to sell archiving software via new delivery method, avoiding s/w, and h/w CapEx

• Elastic SaaS Model to support rapid build-out of infrastructure for on demand E-discovery or growth for any size firm

• Customer is a provider of enterprise-class electronic content archiving software

• Services include E-Discovery, compliance, records management, and storage optimization

• Assists large firms in mitigating risk and managing digital assets from a single point of control and unified set of policies

Customer Solution Requirements

• Looking to increase sales, market size, and penetration

• End-customers want to reduce CapEx and shift to OpEx budget

Customer Deployment – Software Provider

Customer Overview


SunGard Internal Use of Cloud

Focused on using cloud for new projects in 2011

Using cloud for:

• Development

• Test/QA

• Production

Currently implementing projects for

• Enterprise Mobility (IaaS)

• Single Sign-On (IaaS)

• Store Front/Billing (SaaS)

• Ticketing (SaaS)

• Email (SaaS)

• CRM (SaaS)


Pragmatic Path to Enterprise Cloud

Phase II

Phase III

Phase IV

Phase I

Cloud Readiness Assessment

Cloud Design & Architecture

Cloud Implementation & Transition

Steady State Production


Secure enterprise-

grade cloud

Improved IT agility

& scalability

Rapid provisioning and ability to scale up and down to support new business ventures and peak periods where infrastructure may only be needed for a short time

Flexible contract pricing to respond to your IT requirements

Financial flexibility

& increased ROI

Shift from CapEx to OpEx model so you can pay as you go and only pay for what you need while experiencing faster payback of investment

Reduce labor costs via elimination of time spent on day to day infrastructure management

Highly secure and resilient platform built on IT security

best practices and meeting numerous compliance standards

Fully managed infrastructure reduces the IT administrative

burden and allows redirection of staff to strategic business

initiatives

Key Solution Benefits - Summary

secure enterprise cloud

Documents