www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Even voorstellen

Bart M. Veldhuis• (Certified) Cloud Architect – Weolcan

• Oprichter Cloud Architect Alliance

• Expert voor Computable topics: Cloud | Architectuur

@BartMVeldhuis

Bart.veldhuis@weolcan.eu

blog.weolcan.eu

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Turbo Training Hybrid Cloud

Waarom

1

Wat

2

Hoe

3

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

HET WAAROM VAN DE HYBRID CLOUDDeel 1

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Why Hybrid Cloud?

• Hybrid Cloud to shape IT-infrastructure based on:

– Customer demands;

– Market demands.

“Hybrid Cloud is the road to business agility” (Gartner)

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Scenario 1Public cloud as failover platform

Private Cloud Public Cloud

Disaster Recovery

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Scenario 2Handling peak loads

Private Cloud Public Cloud

Peak loads

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Scenario 3Planning for unexpected succes or failure

Private Cloud Public Cloud

Success

Failure

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Scenario 4Public cloud as an application test bed

Private Cloud Public Cloud

Development, Test and Acceptance

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

WAT IS EEN HYBRID CLOUD?Deel 2

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Hybrid cloud: definition

A hybrid cloud is a composition of two or more clouds (on-site private, on-site community, off-site private, off-site community or public) that remain as distinct entities, but are bound together by standardized or proprietary technology that enables data and application portability.

Source: NIST

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Some more clouds

This is a hybrid cloud..

App

OS

App

OS

App

OS

A cloud Another cloud

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

What makes a Hybrid Cloud?

Mobility of data and applications

Single service catalog

Single security boundary

Single data model

Single orchestration layer

Capacity management & alerting

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Hybrid cloud: what it’s not!

Mobility of data and applications

Single service catalog

Single security boundary

Single data model

Single orchestration layer

Capacity management & alerting

‘Just multiple clouds’

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

HOE BOUW JE EEN HYBRID CLOUD?Deel 3

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

7 stappen om Hybrid Cloud te realiseren

Get a lawyerClassify data &

applications

Select cloud service

provider (CSP)

Select cloud management

platform (CMP)

Connect with CSP & deploy

CMP

Deploy governance processes

Start moving apps

1 2 3 4 5 6 7

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Stap 1: get a lawyer!

Get a lawyerClassify data &

applications

Select cloud service

provider (CSP)

Select cloud management

platform (CMP)

Connect with CSP & deploy

CMP

Deploy all security, monitoring, auditing

& governance processes

Start moving apps

1 2 3 4 5 6 7

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Stap 1: get a lawyer!

Met welke wet- en regelgeving moet rekening

gehouden worden?

Wat zijn de plichten m.b.t. het bewaren en archiveren

van data?

Mag data buiten de landsgrenzen opgeslagen

worden?

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

7 stappen om Hybrid Cloud te realiseren

Get a lawyerClassify data &

applications

Select cloud service

provider (CSP)

Select cloud management

platform (CMP)

Connect with CSP & deploy

CMP

Deploy governance processes

Start moving apps

1 2 3 4 5 6 7

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Stap 2: classify data

• Data is not a four letter word..

• Every type of data needs to beadressed differently!

Examples of

Data types

Personal

Classified

Sensitive

Derived

Proprietary

Encrypted

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Stap 2: classify applications

Dat

abas

eC

RM

Ente

rpri

se S

ervi

ce B

us

(ESB

)

Mes

sagi

ng

HR

Fin

ance

IAM

E-m

ail

Legacy-applicatie

1

2

Ontvlechten van het applicatielandschap

Selecteer applicaties geschikt voor Hybrid Cloud

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

7 stappen om Hybrid Cloud te realiseren

Get a lawyerClassify data &

applications

Select cloud service

provider (CSP)

Select cloud management

platform (CMP)

Connect with CSP & deploy

CMP

Deploy governance processes

Start moving apps

1 2 3 4 5 6 7

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Stap 3: select Cloud Service Provider (CSP)

‘Different workloadsrequire different clouds’

Kies de provider die past bij de huidige technologie

stack!

Contractmogelijkheden: pay-per-use, details, etc.

On-premises Public CloudMicrosoft MicrosoftVMWare VMWare

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Stap 3: select Cloud Service Provider (CSP)

• Onafhankelijk onderzoek naar de volwassenheid van de SLAs van 12 IaaS providers die diensten aanbieden in Nederland.

• 70 objectieve meetpunten;

• Juridische expertise;

• Cloud expertise.

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Stap 3: select Cloud Service Provider (CSP)

• 99,95% Uptime = 21,91 min. downtime (per maand), maar:

Uptime =Total PossibleAvailable Time

- (Downtime Allowable Downtime)-out of CSP’s allow

downtime for ScheduledMaintenance.

Total minutes in a certainperiode of time, usuallyequal to billing period.

10 12

out of CSP’s allowsdowntime for UnscheduledMaintenance.

1 12

out of CSP’s allowan X-amount of minutes downtimebefore the SLA kicks in.

6 12

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Stap 3: select Cloud Service Provider (CSP)

• Periode: Oktober 2015.

• Service: Rackspace.

Carve-outs:

• Downtime begint pas te tellen vanaf 30 minuten.

• Zowel gepland als ongepland onderhoud zijn ‘Allowable Downtime’.

In werkelijkheid, vanuit het klantperspectief, zijn er geen carve-outs voor beschikbaarheid:

Uptime = Total Possible Available Time –Downtime.

Situatieschets Rackspace’ SLA Realiteit

Outages (3x)

15 minuten

34 minuten

5 minuten

Onderhoud

Gepland: 8 uur

Ongepland: 2 uur

Uptime (promised)

Max. 43,83 min. downtime

99,90%

Downtime Outages (3x)

0 minuten (pas vanaf 30 minuten)

4 minuten (pas vanaf 30 minuten)

0 minuten (pas vanaf 30 minuten)

Downtime Onderhoud

0 minuten (allowed)

0 minuten (allowed)

Uptime

Slechts 4 minuten downtime

99,99%

Downtime Outages (3x)

15 minuten

34 minuten

5 minuten

Downtime Onderhoud

480 minuten

120 minuten

Uptime

654 minuten downtime

98,51%

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Stap 3: select Cloud Service Provider (CSP)

• Amazon AWS:

Unavailable means when all of your running instances (in a certain availability zone) have no external connectivity.

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

7 stappen om Hybrid Cloud te realiseren

Get a lawyerClassify data &

applications

Select cloud service

provider (CSP)

Select cloud management

platform (CMP)

Connect with CSP & deploy

CMP

Deploy governance processes

Start moving apps

1 2 3 4 5 6 7

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Stap 4: select Cloud Management Platform

• Waarom een Cloud Management Platform?

– Single pane-of-glass management

– Single Service Catalog

– Single data model

• Voorbeelden van CMP’s:

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

7 stappen om Hybrid Cloud te realiseren

Get a lawyerClassify data &

applications

Select cloud service

provider (CSP)

Select cloud management

platform (CMP)

Connect with CSP & deploy

CMP

Deploy governance processes

Start moving apps

1 2 3 4 5 6 7

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Stap 5: connect with CSP and deploy CMP

• Verbinding maken met CSP (fysiek of virtueel).

• CMP koppelen (soms zo eenvoudig als de API key invoeren).

VPNApp

OS

Private Cloud

On-premises

App

OS

App

OS

App

OS

App

OS

Public Cloud

Off-premises

App

OS

App

OS

App

OS

APIAPI

CMP

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

7 stappen om Hybrid Cloud te realiseren

Get a lawyerClassify data &

applications

Select cloud service

provider (CSP)

Select cloud management

platform (CMP)

Connect with CSP & deploy

CMP

Deploy governance processes

Start moving apps

1 2 3 4 5 6 7

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Stap 6: deploy governance processes

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Stap 6: deploy governance processes

Cloud Governance Tools

• Auditing & compliancy

– SPLUNK - logfile analysis.

– VMware:

• vRealize Operations (Configuration and Compliance Management).

• vRealize Air Compliance - compliancy checker.

– Gravitant – Cloud broker & multi-cloud governance.

• Back-up: Zerto, Veeam.

• Monitoring: CopperEgg.

• Configuration Management: SaltStack, Puppet, Chef.

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Stap 6: deploy all processes

• Governance means knowing:

Security Resiliency Spend

Which cloud accounts the organization uses (IAM).

If the cloud is being backed-up. How much is being spend on cloud.

How secure is the data. If the application is properly designed for load balancing.

And by which business units.

Whether company processes are being followed.

If disaster recovery is implemented.

On which applications.

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Cloud governance: measuresCloud != on-premises but the same measurements need to be taken!

• Lock down the administrator accounts just as you would with the AD-Administrator or root accounts.

• Implement proper Identity & Access Management with SSO and trusts.

• Implement log monitoring & analysis for the cloud infra (SIEM).

• Implement (and test) DR for all cloud apps.Tip: Consider the cloud

environment as a remote facility with a stretched

security boundary

1

2

3

4

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

7 stappen om Hybrid Cloud te realiseren

Get a lawyerClassify data &

applications

Select cloud service

provider (CSP)

Select cloud management

platform (CMP)

Connect with CSP & deploy

CMP

Deploy governance processes

Start moving apps

1 2 3 4 5 6 7

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Stap 6: start moving apps

Some more clouds

App

OS

App

OS

App

OS

A cloud Another cloud

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

STATE OF THE ART HYBRID CLOUD DESIGN

Deel 4

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

App

OS

Private Cloud

On-premises

App

OS

App

OS

App

OS

API

Monitoring

Status: ok

CMP

Global Load Balancer

App

OS

Public Cloud

Off-premises

App

OS

App

OS

App

OS

Default

API

Hybrid Cloud bij piekbelasting

www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15

Monitoring

Status: okOff-premises

API

App

OS

Private Cloud

On-premises

App

OS

App

OS

App

OS

CMP

DefaultBurst out!

App

OS

Public Cloud

App

OS

App

OS

App

OS

App

OS

App

OS

API

Global Load Balancer

Status: X

Hybrid Cloud bij piekbelasting

Hoe bouw je een Hybride Cloud?

Meer weten?