VMware Cloud Computing

7/29/2019 VMware Cloud Computing

1/17

2009 VMware Inc. All rights reserved

Confidential

Vmware Cloud ComputingSecurity Within the Cloud

Dave Wright

Senior Director, Technical Services, EMEA

March 2010


2/17

2 Confidential

Preparing for the Techtonic shift

Mainframe

+ Centralized mgmt

+ Secure

- Limited access

- Inflexible

- Costly

+ Distributed CPUutilization

+ Added flexibility

- Complex / costlyto deploy &manage

- Not secure

- Not efficient

Client/Server + Simple to deployand manage

+ Broader access

+ Scale

- Limited flexibility

- Limited efficiency

- Not secure

Web + Frictionlessdeployment

+ Simplified mgmt

thru abstraction

+ On-demandscale

+ Unparalleledflexibility

+ Secure

+ Highly efficient

Cloud

Cloud is not a destination, but a wayof doing computing.

Paul MaritzPresident & CEO, VMware


3/17

3 Confidential

Virtualization & Cloud = Top Priorities for CIOs

Source: Gartner CIO study, Q4 2009

CIO Technology 2010 Priority 2009 Priority

Virtualization 1 3

Cloud Computing 2 14


4/17

4 Confidential

Cloud Computing Characteristics

Cloud Computing is not a destination, but a way of doing computing.

Pooling

From machines to on-demand,

highly elastic resource pools

Zero-touch Infrastructure

Policy-driven automationof

provisioning, deployment andmanagement

Self-Service

Easy access with policy-

based provisioning anddeployment

Control

Application-awareinfrastructure with built-in

availability, scalability, security

and performance guarantees

Open & Interoperable

Application mobility between

clouds, based on openstandards

Leverage Existing

InvestmentsBenefits of cloud computing to

existing applications and

datacenters

Efficiency thru Utilizationand Automation Agility with Control Freedom of Choice


5/17

5 Confidential

Cloud Brings Benefits to Both Sides


6/17

6 Confidential

Flexible Cloud Deployment Models = Choice

Cloud Service

ProvidersEnterprises

Private CloudOperated solely for an

organization, typicallywithin the firewall

Low total cost of ownership

Greater control over security,compliance, QoS

Easier integration

Support existing applications

Hybrid CloudComposition of 2 or more

interoperable clouds, enabling

data and application portability

VMware focus

to deliver the

best of both wor lds

Public CloudAccessible over the

Internet for generalconsumption

Low acquisition costs

Less administrative burden

On-demand capacity

Limited offerings


7/17

7 Confidential

VMware vSphere 4 Enables: The Software Mainframe

The Cloud

The Giant Computer32 hosts

2,048 processor cores

32TB of RAM

3 Million IOPs

1,280 virtual machines

16PB of storage


8/17

8 Confidential

VMwarevSphere 4

350,000

30 Gb/s

256 GB per VM

8 VCPUs

%

ofA

pplications

Applications Performance Requirements

95% ofApplications

IOPS

Network

Memory

CPU

< 10,000

< 300 Kb/s

< 4 GB per VM

1 to 2 CPUs

VMwareInfrastructure 3

100,000

9 Gb/s

64 GB per VM

4 VCPUs

HPC

Increased Scalability to handle all workloads


9/17

9 Confidential

Enterprise

vCenter :

Policy-based Management & Automation

VMware Cloud Infrastructure & Services

vSphere:

Platform for Cloud

Infrastructure

View :

Desktop Computing

via Cloud

SpringSource: Programming Model for the Cloud

Redwood: Common Service Model for Infrastructure Clouds

vCloud

Partners

Proprietary

Clouds

Private Cloud

VMware Virtualized

Public Cloud Public Cloud

Core IT Services via Virtual Appliances ZimbraFile/

PrintDirectory

IaaS

PaaS

SaaS


10/17

10 Confidential

Key Challenges Of Cloud Computing


11/17

11 Confidential

VMware VCloud Security Strategy


12/17

12 Confidential

VDC

Web View FinancevApps

VMware vSphere vCenter ServervSphere

Zones

Complianc

e

VMsafeVMsafe

Compute | Storage | Network Cluster

vCloud APIs

VMs

Edge

vShieldManager

Security & Network vServicesvService

Security and Network solutions


13/17

13 Confidential

Current VMsafe Program Partnerships


14/17

14 Confidential

Secure Networking

Installation

Organization

vApp

vDC 1

VLAN 1

VLAN 2

VLAN 1

VLAN 2

bar(isolated)

vApp

vDC 2

WSnet

WSnet(fenced)

ND

Portgroups mapped intoinstallation

foo

Private

Public

ND

Same color means same layer 2 network

Network

A VLAN or Portgroup, plus gateway,netmask, and IP range, named andassociated to a container

A single network can be sharedbetween multiple organizations withsoft restrictions set on IP addressusage

The same network can be nameddifferently in each container

Network Device (ND)

Virtual appliance that isolatesnetworks with router, NAT, andfirewall functionality

Created and configured atattachment time. create an isolatedvDC, deploy fenced


15/17

15 Confidential

User Security

Organizations and Multi-Tenancy

Users only get access toresources that are associatedwith their organizations

Authentication off of central ortenant specific LDAP

Roles and Rights

The system comes with built-inroles that range from root toview-only users

Custom roles can be defined by

those with the rights from a set ofover 50 rights

If a user has multiple roles he/shegets the union of rights

Org 1:

Coke

Org 2:

Pepsi

Org 3:

Dr Pepper


16/17

Image Transfer

Client

vDC service Transfer Server

Spooling FSDatastore

Message BusTransfersession

vCloud cell

All state in DB to handlefailures in cell

OVF validated at multiplepoints

Object complete beforesent to Datastore


17/17

17 Confidential

COST EFFICIENCY

QUALITY OF SERVICE

BUSINESS AGILITY

IT Product ion Business Production IT as a Service

15%

30%

70%

85%

Pragmatic Path to Cloud Computing

How?

Documents

VMware Cloud Computing