Upload
aaarafatcsecu782
View
235
Download
0
Embed Size (px)
Citation preview
7/29/2019 VMware Cloud Computing
1/17
2009 VMware Inc. All rights reserved
Confidential
Vmware Cloud ComputingSecurity Within the Cloud
Dave Wright
Senior Director, Technical Services, EMEA
March 2010
7/29/2019 VMware Cloud Computing
2/17
2 Confidential
Preparing for the Techtonic shift
Mainframe
+ Centralized mgmt
+ Secure
- Limited access
- Inflexible
- Costly
+ Distributed CPUutilization
+ Added flexibility
- Complex / costlyto deploy &manage
- Not secure
- Not efficient
Client/Server + Simple to deployand manage
+ Broader access
+ Scale
- Limited flexibility
- Limited efficiency
- Not secure
Web + Frictionlessdeployment
+ Simplified mgmt
thru abstraction
+ On-demandscale
+ Unparalleledflexibility
+ Secure
+ Highly efficient
Cloud
Cloud is not a destination, but a wayof doing computing.
Paul MaritzPresident & CEO, VMware
7/29/2019 VMware Cloud Computing
3/17
3 Confidential
Virtualization & Cloud = Top Priorities for CIOs
Source: Gartner CIO study, Q4 2009
CIO Technology 2010 Priority 2009 Priority
Virtualization 1 3
Cloud Computing 2 14
7/29/2019 VMware Cloud Computing
4/17
4 Confidential
Cloud Computing Characteristics
Cloud Computing is not a destination, but a way of doing computing.
Pooling
From machines to on-demand,
highly elastic resource pools
Zero-touch Infrastructure
Policy-driven automationof
provisioning, deployment andmanagement
Self-Service
Easy access with policy-
based provisioning anddeployment
Control
Application-awareinfrastructure with built-in
availability, scalability, security
and performance guarantees
Open & Interoperable
Application mobility between
clouds, based on openstandards
Leverage Existing
InvestmentsBenefits of cloud computing to
existing applications and
datacenters
Efficiency thru Utilizationand Automation Agility with Control Freedom of Choice
7/29/2019 VMware Cloud Computing
5/17
5 Confidential
Cloud Brings Benefits to Both Sides
7/29/2019 VMware Cloud Computing
6/17
6 Confidential
Flexible Cloud Deployment Models = Choice
Cloud Service
ProvidersEnterprises
Private CloudOperated solely for an
organization, typicallywithin the firewall
Low total cost of ownership
Greater control over security,compliance, QoS
Easier integration
Support existing applications
Hybrid CloudComposition of 2 or more
interoperable clouds, enabling
data and application portability
VMware focus
to deliver the
best of both wor lds
Public CloudAccessible over the
Internet for generalconsumption
Low acquisition costs
Less administrative burden
On-demand capacity
Limited offerings
7/29/2019 VMware Cloud Computing
7/17
7 Confidential
VMware vSphere 4 Enables: The Software Mainframe
The Cloud
The Giant Computer32 hosts
2,048 processor cores
32TB of RAM
3 Million IOPs
1,280 virtual machines
16PB of storage
7/29/2019 VMware Cloud Computing
8/17
8 Confidential
VMwarevSphere 4
350,000
30 Gb/s
256 GB per VM
8 VCPUs
%
ofA
pplications
Applications Performance Requirements
95% ofApplications
IOPS
Network
Memory
CPU
< 10,000
< 300 Kb/s
< 4 GB per VM
1 to 2 CPUs
VMwareInfrastructure 3
100,000
9 Gb/s
64 GB per VM
4 VCPUs
HPC
Increased Scalability to handle all workloads
7/29/2019 VMware Cloud Computing
9/17
9 Confidential
Enterprise
vCenter :
Policy-based Management & Automation
VMware Cloud Infrastructure & Services
vSphere:
Platform for Cloud
Infrastructure
View :
Desktop Computing
via Cloud
SpringSource: Programming Model for the Cloud
Redwood: Common Service Model for Infrastructure Clouds
vCloud
Partners
Proprietary
Clouds
Private Cloud
VMware Virtualized
Public Cloud Public Cloud
Core IT Services via Virtual Appliances ZimbraFile/
PrintDirectory
IaaS
PaaS
SaaS
7/29/2019 VMware Cloud Computing
10/17
10 Confidential
Key Challenges Of Cloud Computing
7/29/2019 VMware Cloud Computing
11/17
11 Confidential
VMware VCloud Security Strategy
7/29/2019 VMware Cloud Computing
12/17
12 Confidential
VDC
Web View FinancevApps
VMware vSphere vCenter ServervSphere
Zones
Complianc
e
VMsafeVMsafe
Compute | Storage | Network Cluster
vCloud APIs
VMs
Edge
vShieldManager
Security & Network vServicesvService
Security and Network solutions
7/29/2019 VMware Cloud Computing
13/17
13 Confidential
Current VMsafe Program Partnerships
7/29/2019 VMware Cloud Computing
14/17
14 Confidential
Secure Networking
Installation
Organization
vApp
vDC 1
VLAN 1
VLAN 2
VLAN 1
VLAN 2
bar(isolated)
vApp
vDC 2
WSnet
WSnet(fenced)
ND
Portgroups mapped intoinstallation
foo
Private
Public
ND
Same color means same layer 2 network
Network
A VLAN or Portgroup, plus gateway,netmask, and IP range, named andassociated to a container
A single network can be sharedbetween multiple organizations withsoft restrictions set on IP addressusage
The same network can be nameddifferently in each container
Network Device (ND)
Virtual appliance that isolatesnetworks with router, NAT, andfirewall functionality
Created and configured atattachment time. create an isolatedvDC, deploy fenced
7/29/2019 VMware Cloud Computing
15/17
15 Confidential
User Security
Organizations and Multi-Tenancy
Users only get access toresources that are associatedwith their organizations
Authentication off of central ortenant specific LDAP
Roles and Rights
The system comes with built-inroles that range from root toview-only users
Custom roles can be defined by
those with the rights from a set ofover 50 rights
If a user has multiple roles he/shegets the union of rights
Org 1:
Coke
Org 2:
Pepsi
Org 3:
Dr Pepper
7/29/2019 VMware Cloud Computing
16/17
Image Transfer
Client
vDC service Transfer Server
Spooling FSDatastore
Message BusTransfersession
vCloud cell
All state in DB to handlefailures in cell
OVF validated at multiplepoints
Object complete beforesent to Datastore
7/29/2019 VMware Cloud Computing
17/17
17 Confidential
COST EFFICIENCY
QUALITY OF SERVICE
BUSINESS AGILITY
IT Product ion Business Production IT as a Service
15%
30%
70%
85%
Pragmatic Path to Cloud Computing
How?