View
442
Download
1
Category
Preview:
Citation preview
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Even voorstellen
Bart M. Veldhuis• (Certified) Cloud Architect – Weolcan
• Oprichter Cloud Architect Alliance
• Expert voor Computable topics: Cloud | Architectuur
@BartMVeldhuis
Bart.veldhuis@weolcan.eu
blog.weolcan.eu
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Turbo Training Hybrid Cloud
Waarom
1
Wat
2
Hoe
3
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Why Hybrid Cloud?
• Hybrid Cloud to shape IT-infrastructure based on:
– Customer demands;
– Market demands.
“Hybrid Cloud is the road to business agility” (Gartner)
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Scenario 1Public cloud as failover platform
Private Cloud Public Cloud
Disaster Recovery
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Scenario 2Handling peak loads
Private Cloud Public Cloud
Peak loads
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Scenario 3Planning for unexpected succes or failure
Private Cloud Public Cloud
Success
Failure
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Scenario 4Public cloud as an application test bed
Private Cloud Public Cloud
Development, Test and Acceptance
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Hybrid cloud: definition
A hybrid cloud is a composition of two or more clouds (on-site private, on-site community, off-site private, off-site community or public) that remain as distinct entities, but are bound together by standardized or proprietary technology that enables data and application portability.
Source: NIST
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Some more clouds
This is a hybrid cloud..
App
OS
App
OS
App
OS
A cloud Another cloud
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
What makes a Hybrid Cloud?
Mobility of data and applications
Single service catalog
Single security boundary
Single data model
Single orchestration layer
Capacity management & alerting
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Hybrid cloud: what it’s not!
Mobility of data and applications
Single service catalog
Single security boundary
Single data model
Single orchestration layer
Capacity management & alerting
‘Just multiple clouds’
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
7 stappen om Hybrid Cloud te realiseren
Get a lawyerClassify data &
applications
Select cloud service
provider (CSP)
Select cloud management
platform (CMP)
Connect with CSP & deploy
CMP
Deploy governance processes
Start moving apps
1 2 3 4 5 6 7
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Stap 1: get a lawyer!
Get a lawyerClassify data &
applications
Select cloud service
provider (CSP)
Select cloud management
platform (CMP)
Connect with CSP & deploy
CMP
Deploy all security, monitoring, auditing
& governance processes
Start moving apps
1 2 3 4 5 6 7
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Stap 1: get a lawyer!
Met welke wet- en regelgeving moet rekening
gehouden worden?
Wat zijn de plichten m.b.t. het bewaren en archiveren
van data?
Mag data buiten de landsgrenzen opgeslagen
worden?
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
7 stappen om Hybrid Cloud te realiseren
Get a lawyerClassify data &
applications
Select cloud service
provider (CSP)
Select cloud management
platform (CMP)
Connect with CSP & deploy
CMP
Deploy governance processes
Start moving apps
1 2 3 4 5 6 7
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Stap 2: classify data
• Data is not a four letter word..
• Every type of data needs to beadressed differently!
Examples of
Data types
Personal
Classified
Sensitive
Derived
Proprietary
Encrypted
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Stap 2: classify applications
Dat
abas
eC
RM
Ente
rpri
se S
ervi
ce B
us
(ESB
)
Mes
sagi
ng
HR
Fin
ance
IAM
E-m
ail
Legacy-applicatie
1
2
Ontvlechten van het applicatielandschap
Selecteer applicaties geschikt voor Hybrid Cloud
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
7 stappen om Hybrid Cloud te realiseren
Get a lawyerClassify data &
applications
Select cloud service
provider (CSP)
Select cloud management
platform (CMP)
Connect with CSP & deploy
CMP
Deploy governance processes
Start moving apps
1 2 3 4 5 6 7
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Stap 3: select Cloud Service Provider (CSP)
‘Different workloadsrequire different clouds’
Kies de provider die past bij de huidige technologie
stack!
Contractmogelijkheden: pay-per-use, details, etc.
On-premises Public CloudMicrosoft MicrosoftVMWare VMWare
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Stap 3: select Cloud Service Provider (CSP)
• Onafhankelijk onderzoek naar de volwassenheid van de SLAs van 12 IaaS providers die diensten aanbieden in Nederland.
• 70 objectieve meetpunten;
• Juridische expertise;
• Cloud expertise.
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Stap 3: select Cloud Service Provider (CSP)
• 99,95% Uptime = 21,91 min. downtime (per maand), maar:
Uptime =Total PossibleAvailable Time
- (Downtime Allowable Downtime)-out of CSP’s allow
downtime for ScheduledMaintenance.
Total minutes in a certainperiode of time, usuallyequal to billing period.
10 12
out of CSP’s allowsdowntime for UnscheduledMaintenance.
1 12
out of CSP’s allowan X-amount of minutes downtimebefore the SLA kicks in.
6 12
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Stap 3: select Cloud Service Provider (CSP)
• Periode: Oktober 2015.
• Service: Rackspace.
Carve-outs:
• Downtime begint pas te tellen vanaf 30 minuten.
• Zowel gepland als ongepland onderhoud zijn ‘Allowable Downtime’.
In werkelijkheid, vanuit het klantperspectief, zijn er geen carve-outs voor beschikbaarheid:
Uptime = Total Possible Available Time –Downtime.
Situatieschets Rackspace’ SLA Realiteit
Outages (3x)
15 minuten
34 minuten
5 minuten
Onderhoud
Gepland: 8 uur
Ongepland: 2 uur
Uptime (promised)
Max. 43,83 min. downtime
99,90%
Downtime Outages (3x)
0 minuten (pas vanaf 30 minuten)
4 minuten (pas vanaf 30 minuten)
0 minuten (pas vanaf 30 minuten)
Downtime Onderhoud
0 minuten (allowed)
0 minuten (allowed)
Uptime
Slechts 4 minuten downtime
99,99%
Downtime Outages (3x)
15 minuten
34 minuten
5 minuten
Downtime Onderhoud
480 minuten
120 minuten
Uptime
654 minuten downtime
98,51%
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Stap 3: select Cloud Service Provider (CSP)
• Amazon AWS:
Unavailable means when all of your running instances (in a certain availability zone) have no external connectivity.
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
7 stappen om Hybrid Cloud te realiseren
Get a lawyerClassify data &
applications
Select cloud service
provider (CSP)
Select cloud management
platform (CMP)
Connect with CSP & deploy
CMP
Deploy governance processes
Start moving apps
1 2 3 4 5 6 7
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Stap 4: select Cloud Management Platform
• Waarom een Cloud Management Platform?
– Single pane-of-glass management
– Single Service Catalog
– Single data model
• Voorbeelden van CMP’s:
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
7 stappen om Hybrid Cloud te realiseren
Get a lawyerClassify data &
applications
Select cloud service
provider (CSP)
Select cloud management
platform (CMP)
Connect with CSP & deploy
CMP
Deploy governance processes
Start moving apps
1 2 3 4 5 6 7
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Stap 5: connect with CSP and deploy CMP
• Verbinding maken met CSP (fysiek of virtueel).
• CMP koppelen (soms zo eenvoudig als de API key invoeren).
VPNApp
OS
Private Cloud
On-premises
App
OS
App
OS
App
OS
App
OS
Public Cloud
Off-premises
App
OS
App
OS
App
OS
APIAPI
CMP
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
7 stappen om Hybrid Cloud te realiseren
Get a lawyerClassify data &
applications
Select cloud service
provider (CSP)
Select cloud management
platform (CMP)
Connect with CSP & deploy
CMP
Deploy governance processes
Start moving apps
1 2 3 4 5 6 7
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Stap 6: deploy governance processes
Cloud Governance Tools
• Auditing & compliancy
– SPLUNK - logfile analysis.
– VMware:
• vRealize Operations (Configuration and Compliance Management).
• vRealize Air Compliance - compliancy checker.
– Gravitant – Cloud broker & multi-cloud governance.
• Back-up: Zerto, Veeam.
• Monitoring: CopperEgg.
• Configuration Management: SaltStack, Puppet, Chef.
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Stap 6: deploy all processes
• Governance means knowing:
Security Resiliency Spend
Which cloud accounts the organization uses (IAM).
If the cloud is being backed-up. How much is being spend on cloud.
How secure is the data. If the application is properly designed for load balancing.
And by which business units.
Whether company processes are being followed.
If disaster recovery is implemented.
On which applications.
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Cloud governance: measuresCloud != on-premises but the same measurements need to be taken!
• Lock down the administrator accounts just as you would with the AD-Administrator or root accounts.
• Implement proper Identity & Access Management with SSO and trusts.
• Implement log monitoring & analysis for the cloud infra (SIEM).
• Implement (and test) DR for all cloud apps.Tip: Consider the cloud
environment as a remote facility with a stretched
security boundary
1
2
3
4
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
7 stappen om Hybrid Cloud te realiseren
Get a lawyerClassify data &
applications
Select cloud service
provider (CSP)
Select cloud management
platform (CMP)
Connect with CSP & deploy
CMP
Deploy governance processes
Start moving apps
1 2 3 4 5 6 7
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Stap 6: start moving apps
Some more clouds
App
OS
App
OS
App
OS
A cloud Another cloud
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
App
OS
Private Cloud
On-premises
App
OS
App
OS
App
OS
API
Monitoring
Status: ok
CMP
Global Load Balancer
App
OS
Public Cloud
Off-premises
App
OS
App
OS
App
OS
Default
API
Hybrid Cloud bij piekbelasting
www.weolcan.eu . @weolcan . Bart M. Veldhuis 4-Nov-15
Monitoring
Status: okOff-premises
API
App
OS
Private Cloud
On-premises
App
OS
App
OS
App
OS
CMP
DefaultBurst out!
App
OS
Public Cloud
App
OS
App
OS
App
OS
App
OS
App
OS
API
Global Load Balancer
Status: X
Hybrid Cloud bij piekbelasting
Recommended