Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Cloud Discovery
“Cloud use cases today!”
Geert Baeke
Agenda
• Evolution of public cloud
•Common infrastructure scenarios
• Securing SaaS Applications
•Data and Analytics
Agenda
• Evolution of public cloud
•Common infrastructure scenarios
• Securing SaaS Applications
•Data and Analytics
Evolution of Public Cloud
•Amazon and Microsoft as the two leading “hyperscale” public cloud providers
•Vendors giving up or scaling down:• VMware vCloud Air • HP Helion• Verizon
Public Cloud Adoption
Source: RightScale 2016 State of the Cloud Report
57%
17%13%
7% 6% 7%
17%
25%
20%
13% 15% 10%
8%
11%
12%
9% 10%
8%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
A WS A Z URE IA A S A Z URE PA A S GOOGLE A PP ENGINE
GOOGLE IA A S IBM SOFTLA YER
Running Experiment Plan
Use of PaaS is growing!
Cloud Benefits
Source: RightScale 2016 State of the Cloud Report
Agility as main driver
Cloud Maturity and Benefits
Source: RightScale 2016 State of the Cloud Report
Agenda
• Evolution of public cloud
•Common infrastructure scenarios
• Securing SaaS Applications
•Data and Analytics
Common Infrastructure Scenarios
Primary Storage
• Potentially terabytes of data on file servers
• Small portion actively used
• Use of unlimited cloud capacity
Backup to Cloud
• Store backups of any kind in cloud storage
• Long time retention
• Avoid tape handling and storage
DR to Cloud
• Replicate workloads to cloud
• Orchestrated failover and failback
• Avoid overhead of secondary datacenter/room
Clean up your storage space
•A lot of inactive data is stored on file servers (80/20 rule)
•Back-end storage for file servers on expensive SAN systems
• You need to manage growth, retention, daily backup, disaster recovery
Cloud Storage Opportunity
CloudStorageOpportunity
Use a Cloud Storage Gateway
Azure StorSimple Benefits
What about the network?
• StorSimple does not require a dedicated network connection to Azure• Uses you existing Internet uplink with
SSL encryption
• ExpressRoute is recommended in most Azure scenarios for production• Dedicated bandwidth• Private uplink even for public services• Low latency
ExpressRoute Scenarios
Common Infrastructure Scenarios
Primary Storage
• Potentially terabytes of data on file servers
• Small portion actively used
• Use of unlimited cloud capacity
Backup to Cloud
• Store backups of any kind in cloud storage
• Long time retention
• Avoid tape handling and storage
DR to Cloud
• Replicate workloads to cloud
• Orchestrated failover and failback
• Avoid overhead of secondary datacenter/room
Eliminate backup headaches
•Most common customer questions:• Simplify backup architecture• On-premises backup to disk to cloud• Avoid backup to tape and tape handling procedures
Features to look for
• Native integration with cloud storage• Azure Blobs, Amazon S3 and many others• Deduplication, compression and
encryption as must-haves• You do not want simple copy jobs!
• Backup to local appliance with cloud integration• Backup to disks of appliance• Appliance dedupes, compresses and
encrypts
Microsoft On-Premises Backup Options
Small business or branch:• Agent on Windows Server
• Integration with Windows Server backup tool
Protected Server
System CenterDPM
or
System Center Data Protection Manager*:
• Agent on Data Protection Manager
* Similar option: Azure Backup Server as version of DPM for every Azure Backup customer
Veeam Cloud Connect
Common Infrastructure Scenarios
Primary Storage
• Potentially terabytes of data on file servers
• Small portion actively used
• Use of unlimited cloud capacity
Backup to Cloud
• Store backups of any kind in cloud storage
• Long time retention
• Avoid tape handling and storage
DR to Cloud
• Replicate workloads to cloud
• Orchestrated failover and failback
• Avoid overhead of secondary datacenter/room
Disaster Recovery as a Service
•Disaster Recovery needs to go beyond just the “technical stuff”
•Disaster Recovery often results in great complexity
• Focus on what matters to the business and use “DR as a Service” (DRaaS) if possible
• Focus on workload level
Disaster Recovery with Azure Site Recovery
Communication and Replication
Microsoft Azure Site Recovery
Primary Site
Windows Server
Microsoft Azure Site Recovery
Communication Channel
Replication channel: Hyper-V Replica or
SAN Replication
Primary Site
Windows Server
Recovery Site
Windows Server
Core Features of Azure Site Recovery
• Replicate physical and virtual machines to Azure blob storage
• Smart Replication• Used blocks only• Delta replication for changes
• Failover and failback withRecovery plans• Azure Automation runbooks• Manual actions
• Test failover
Deployment Scenarios to Azure
Replication Source Replicate From Replicate To
VMware virtual machines On-premises VMware server Azure Storage
Physical Windows/Linux server On-premises physical server Azure Storage
Hyper-V virtual machines On-premises Hyper-V host server in VMM cloud (System Center)
Azure Storage
Hyper-V virtual machines On-premises Hyper-V site (one or more Hyper-V host servers – no VMM)
Azure Storage
Replication to offline storage
VMware, Hyper-V and physical
Notes about VMware and physical
No need to deploy replication or orchestration components in Azure
Custom DR Solutions
• In conjunction with partners, Xylos enables custom DRaaS solutions
•When needed?• Dedicated fiber connections• Synchronous replication options• Stretched network• Specific hardware requirements such as firewalls, audio
gateways, …
Call To Action
• Start identifying most common scenarios that work for you
• You are not pioneering! Proven solutions today!
•Besides virtual machines, focus on:• Primary storage with gateways• Backup solutions that are cloud-integrated• DR as a Service
Agenda
• Evolution of public cloud
•Common infrastructure scenarios
• Securing SaaS Applications
•Data and Analytics
Robin Vermeirsch
Securing SaaS applications
Who is using SaaS applications today?
Who knows what users are doing in the cloud?
Lack of visibility
Compliance
Threat prevention
Data security
Security in the SaaS world
• Security Policies/requirements are developed for on premises solutions.
• In many cases SaaS applications are a initiated by the business
• SaaS providers implement ‘some’ security, but does it fit my needs?
• Limited control/visibility what users are doing in the cloud.
• No visibility over anomalies over different applications.
Security in the SaaS world
Does not meet requirements
SHOWSTOPPER
Requirements met by adding
control
COMPENSATED
Requirements met by SaaS
provider
ACCEPTABLE
Change architecture
Adjustment expectations
Src: http://www.gartner.com/webinar/3100619
Evolution in security
Transport
• IP Firewalling
• Segmentation
Protocol inspection
• Proxies
• Deep inspection
Application Protection
• MDM
• Web Application Firewalls
Data CentricAudit & Protection(DCAP)
• CASB
• SPSM
• CDPG
+ Unmanaged devicesShadow ITCompany data is spread over multiple providers How to protect DATA?
Note trend of ABAC in DEV
What do we need?
But how?
CASB (Gartner)
• on-premises, or cloud-based security policy enforcement points
• placed between cloud service consumers and cloud service providers
• to combine and interject enterprise security policies as the cloud-based resources are accessed.
• consolidate multiple types of security policy enforcement.
http://www.gartner.com/it-glossary/cloud-access-security-brokers-casbs
Options to add security
SaaSIaaS /PaaS
SPSMSaas Platform Security
Management
CASBCloud Access Security
Brokers
CDPGCloud Data Protection Gateway
EncryptionTokenization
Masking
User activity monitoring
Data discoveryDLP
Remediation
Usage discoveryUser activity monitoringDLP (passive and active)
User activity blocking (real time)Data discovery
SSO
Vendors: http://www.gartner.com/webinar/3100619
REALTIME RETROACTIVE
Architecture Options
• Using forward proxies
• Integration existing proxies
• Placing Reverse proxies
• Using Endpoint agents
+ IDaaS/MDM/Log integrations
Hackers/unkown
endpointsApproved Endpoint
Unknown SaaSApproved SaaS
Reverse Proxy
Forward Proxy
ControlAccess
&Actions
Existing Proxy
BlockActions
Architecture Solutions
• CASB (Cloud Access Security Brokers)• Forward Proxy• Reverse Proxy• API Integration
• CDPG (Cloud Data Prot. GW)• Forward Proxy• Reverse Proxy
• SPSM (SaaS Platform Mgmt)• API integration
Hackers/unkown
endpointsApproved Endpoint
Unknown SaaSApproved SaaS
Reverse Proxy
Forward Proxy
ControlAccess
&Actions
Existing Proxy
BlockActions
CASB
SPSM
CDPG
What should you look at?
Impact on functionality & operational risk
Src: http://www.gartner.com/webinar/3100619
Implementation strategy
Implementation strategy
Src: http://www.gartner.com/webinar/3100619
Start small and add functionality
Call to action
•Detect shadow IT today (=High Risk)
• Start controlling access to SaaS applications
•Get visibility over user activity in SaaS applications
•Protect your company data in SaaS applications
Agenda
• Evolution of public cloud
•Common infrastructure scenarios
• Securing SaaS Applications
•Data and Analytics
PaaS: Debunking myths on data & analytics in the cloud
Tim Jacobs
Agenda
•PaaS?
•Myth #1
•Myth #2
•Myth #3
•Conclusions
PaaS?
• Provides a platform for:• Development (cloud native apps)
• Content distribution (media / CDN)
• Internet of Things
• Automation
• Data processing & analytics
Data and data analytics?
Prescriptive analytics
Predictive Analytics
Diagnostic Analysis
Descriptive Analytics
Data Collection
Big Data
IoT
Hypes linked together
Analytics
IoTBig Data
Debunking myths on data & analytics in the cloud
• Myth #1 – Predictive analytics & big data are just BI on steroids
• Myth #2 – All my data needs to go to the cloud! Y0u f00lz cr4zy?
• Myth #3 – You need to hold 3 PhD’s to do predictive analytics
Myth confirmed?
Is it plausible?
Blow everything up
No No
Yes
Yes
Myth Debunking Flowchart
Agenda
•PaaS?
•Myth #1“Predictive analytics & big data are just BI on steroids”
•Myth #2
•Myth #3
•Conclusions
New in the data landscape…
1. “Big” data
2. “Artificial Intelligence” & learning from data
3. Cheap hardware + fast & ubiquitious network connectivity
Evolution of data
Big Data Traditional BI
Predictive Analytics
• Big Data & Predictive Analytics will not replace your BI stack
• Different questions, different tooling, different methodologies
• BI and Predictive Analytics worlds are converging :• BI platform extensions to Big Data-esque & Advanced Analytics-y operations
• Big Data tooling gets SQL-like interfaces:Drill, Impala, Hive, SparkSQL, HAWQ, Presto, Vortex, …
• Big Data tooling can do descriptive and predictive analytics: MLLib, H2O, Oryx, Mahout, SAMOA, FlinkML, …
(R)Evolution & convolution
Agenda
•PaaS?
•Myth #1
•Myth #2“All my data needs to go to the cloud! Y0u f00lz cr4zy?”
•Myth #3
•Conclusions
On-premises or cloud?
• Advantages of cloud:• Start fast & fail fast
• Easy consumption of created data models
• Democratic in pricing & availability of algorithms
• Attention points for cloud (mostly exceptions!):
• Data privacy: legislation ↔ provider
• Data volume & velocity: bandwidth
Getting data to the cloud
• Transfer existing data:• “Just upload the CSV”
• Azure Data Factory (SQL, Oracle, DB2, MySQL, Sybas, PostgreSQL, ODBC, HDFS, … )
• Capture event/streaming data:• Eventhub / IoT hub
Scheduling / transformation
Event Hub
Stream A.
Azure Data Factory
Blob Storage
Data Lake
Data Warehouse
Data BaseDirect
Data Mgmt
Gateway
File
Data Base
Data Warehouse IoT IoT
IoT IoT
© The Cloud ®™
Conclusion
• Compliant solutions available through provider
• Subsetting & anonimization easily possible with data transfer tools
Agenda
•PaaS?
•Myth #1
•Myth #2
•Myth #3“You need to hold 3 PhD’s to do predictive analytics”
•Conclusions
Examples use cases
• Predictive Maintenance
• Automatic data & document classification
• Fraud detection
• Product recommendation
Predictive Analytics
• Azure ML studio has a low learning curve• Modular, drag & drop
• Pre-built machine learning algoritms with meaningful default settings
• Use cases: very easy to publish “predictive engine” for your own applications
• Do you need expert knowledge? • Is the out of the box 70% accuracy sufficient?
• Or do you need 95% prediction accuracy?
Example: predicting Belgian house prices
Model Features Prediction accuracy
Linear 1 Just based on m2 living area 48,40%
Linear 2 m2 living area & postal code 69,43%
Linear 3 m2 living area, postal code, # bedrooms, house type
70,36%
Decision Tree 1 m2 living area, postal code, # bedrooms, house type
70,41%
Linear 4 Linear in: postal code, # bedrooms, house type3rd power in: m2 living area
71,17%
Agenda
•PaaS?
•Myth #1
•Myth #2
•Myth #3
•Conclusions
Conclusions
• Three valid use cases for data in the cloud:• Reporting & analytics on big data sets, with new types of intelligence
• Storing and synchronizing (subsets of) your data in the cloud
• Adding intelligence to existing applications you develop
• Advantages of cloud:• Easy to start, quick to get to results, fast decommissioning once completed
• Democratizing of tools & algorithmes lowers starting threshold
• Xylos can help with:• advanced expertise (data scientists)
• data collection & storage expertise
• data consumption / visualization expertise
Xylos Cloud Services