COPING WITH CLOUD MIGRATION

CHALLENGES: BEST PRACTICES AND

SECURITY CONSIDERATIONS

Agenda & Speakers

Rishi VaishVP of Product

Amrit WilliamsCTO

• RightScale’s State of the Cloud survey

• Why hybrid cloud is the standard of choice

• 3 strategies for existing cloud server workloads

• Benefits and security challenges of migrating to cloud infrastructures

• Choosing a hybrid strategy

Cloud Usage is Ubiquitous…

Enterprises are Choosing Multiple Clouds

Cloud Be-ginners

Cloud Explorers Cloud Focused0%

20%

40%

60%

80%

100%Benefits Grow with Cloud Maturity

% of Respondents Reporting these BenefitsCapEx to OpEx

Business continuity

IT staff efficiency

Geographic reach

Higher performance

Cost savings

Faster time-to-market

Higher availability

Faster access to infra-structure

Greater scalability

% o

f R

esp

on

de

nts

Adoption is Driven by Clear Benefits

Source: RightScale 2014 State of the Cloud Report

What about Existing Workloads?

How can I migrateexisting workloads to the cloud?

What Everyone Wants

vSphereAWS or other clouds

Greenfield workloads

Migratedworkloads

Best Practice 1; Understand the realities

Best Practice: Understand the Realities

• Newer OS versions• SSL termination• Clustering of LBs• App clustering• Multi-cast• Shared Filesystems• Static IPs

14 Considerations for Migration

9

• Licensing• Tenancy• Scale-down Logic• Bandwidth• Virtual IP requirements• Multi-master DB• Database I/O

requirements

Three Strategies for Existing Workloads

10

Managenatively

Migrateelsewhere

Makeportable

Best Practice: Be Smart about Strategy

Photo: stevendepolo

Segment Your App Portfolio

• Web architecture• Elastic design

• Monolithic• Legacy• Traditional vendors

Cloud-Ready• Greenfield• Designed for cloud

Elastic Web

Traditional

Assess Apps for Cloud Readiness

13

REFACTOR

DON’T MIGRATE HOLD OFF

QUICK WINS

Technical Fit

Bu

sin

ess

Im

pact

App 1

App 7

App 3

App 12

App 4

App 6

App 2

App 5

App 8

App 11

App 10

App 9

Best Practice 3; Consider portability

Best Practice: Plan for Portability

• Lifecycle-based multi-cloud deployment• Dev vs. Test vs. Staging vs. Prod• New (Unpredictable) vs. Mature (Steady-State)

• Disaster Recovery• Private for primary, Public for backup

• Geographic Reach• Use clouds in different geographies

• Arbitrage costs• Leverage different clouds based on costs

• Cloudbursting• Base capacity in private, burst to public

Why Portability?

15

How to Make Portable Apps

16

RIghtScale Cloud-Enables your Enterprise

Your Cloud Portfolio

Self-Service Cloud AnalyticsCloud Management

Manage Govern Optimize

RightScale Cloud Portfolio Management

PublicClouds

PrivateClouds

VirtualizedEnvironments

What aboutSecurity

and Compliance?

Place Cloud Beginners Cloud Focused

#1 Security (31%) Compliance (18%)

#2 Compliance (30%) Cost (17%)

#3 Managing multiple cloud services (28%)

Performance (15%)

#4 Integration to internal systems (28%)

Managing multiple cloud services (13%)

#5 Governance/Control (26%) Security (13%)

Top 5 Challenges Change with Maturity

Top 5 Challenges Change with Cloud Maturity

Source: RightScale 2014 State of the Cloud Report

What makes cloud infrastructure great also breaks existing security approaches

20

Virtualized networks

New topologies

Highly Portable

Highly dynamic

Shared infrastructure

These cloud “pros” become security “cons”

The days of simple infrastructure security…

21

… have given way to tremendous complexity.

22

The problem becomes more challenging in multi-cloud environments

23

Cloud Provider A

Cloud Provider B

Private Datacenter

www-4

!www-

5

!www-

6

!www-

7

!www-

8

!www-

9

!www-10

!

www-7

!www-

8

!www-

9

!www-10

!

www-1 www-2 www-3 www-4

Workloads become highly transient across multiple cloud environments.

www-4

www-4

www-4

www-4

Traditional Security Solutions Break…

24

Endpoint Security• Resource intensive• Licensing models• Do not work across disparate cloud environments

Virtual Appliances• No hardware acceleration• No gateway to deploy against• Do not well work across disparate cloud environments

Hypervisor Security• Affects density of virtualized environments• Limited visibility into workloads themselves• Cannot deploy into public cloud infrastructures

Cloud Security Responsibility Has Added More Complexity

25

Cu

sto

mer

Resp

on

sib

ility

Pro

vid

er

Resp

on

sib

ility

Physical Facilities

Compute & Storage

Shared Network

Hypervisor

Virtual Machine

Data

App Code

App Framework

Operating System

“…the customer should assume responsibility and management of, but not limited to, the guest operating system.. and associated application software...”

“it is possible for customers to enhance security and/or meet more stringent compliance requirements with the addition of… host based firewalls, host based intrusion detection/prevention, encryption and key management.”

Amazon Web Services: Overview of Security Processes

Shared Responsibility Model

Addressing security & compliance needs as infrastructure models migrate to cloud

26

• Strong access control– User-auditing, privilege access monitoring,

multi-factor authentication, device verification, etc…

• Exposure management– Vulnerability assessment, configuration

security monitoring, file integrity monitoring, etc…

• Compromise prevention– Firewall management, application

whitelisting, intrusion detection / prevention, data leak prevention, etc.

• Security & compliance intelligence, adherence to corporate policies

– Reporting and analytics, auditing, and standardized policy implementation, etc.

Needs Haven’t Changed

• Must work anywhere– Traditional environments, public cloud

infrastructures, private cloud infrastructures and hybrid cloud environments

• Diminished to no visibility and control– Underlying security and control

maintained by the infrastructure provider

• Hardware device limitations– Traditional network appliance or security

approaches that leverage underlying hardware are not effective or appropriate

• Dramatically higher rate of code & infrastructure change

– Highly transient workloads often in a continuous integration / delivery model

Delivery Parameters Have

CloudPassage Halo

27

• Highly automated security & compliance platform

• Builds security directly into compute workloads

• Secures any compute workloads, at any scale

• Supports any cloud or datacenter environment

• SaaS delivery model

Halo secure workloads anywhere at any scale and extends existing security investments

28

Halo APIHalo Portal

# 29#

#rightscale

Q & A and Resources

Start a Free Trial of HaloCloudPassage.com/halo

Access the 2014 State of the Cloud Report:RightScale.com/lp/2014-state-of-the-cloud-report

Check out our blogsblog.cloudpassage.com

blog.rightscale.com