Vous êtes sur la page 1sur 100

Cloud 101/201

Norman Kennedy
Microsoft Certified Trainer (MCT)
MCSE Cloud Platform and Infrastructure
MCSE Productivity
Course Outline

Lesson 1: Introducing Cloud Computing

Lesson 2:Differentiating Cloud Services

Lesson 3: Changing IT

Lesson 4: Integrating Cloud Services

Lesson 5: Identifying Risks and Risk Mitigation Measures


Course Outline

Lesson 6: Technical Perspectives of Cloud Computing

Lesson 7: Technical Challenges of Cloud Computing

Lesson 8: Steps to Successful Adoption of Cloud Services

Lesson 9: Identifying Risks and Consequences


Lesson 1 Introducing Cloud Computing

Impact of Cloud Computing on Business

Cloud Computing An Overview

Cloud Components
What is IT? A Typical Business Perspective

They provide applications


Applications
Horizontal (email, portals, collaboration)
Vertical (manufacturing systems, CRM, etc.)
Modern Applications

You thought you needed this

Applications

Runtime
YOUR TEAM MANAGES

Middleware
Web Server
Database

O/S

Virtualization
Database Server
Servers

Storage

Networking
Modern Applications

But were quickly told you needed this

Applications Load Balancer

Runtime
YOUR TEAM MANAGES

Middleware
Web Server Web Server
Database

O/S

Virtualization
Database Cluster
Servers
PRODUCTION
Storage

Networking
Modern Applications

Wait a minute it turns out you really need this

Applications Load Balancer

Firewall
Runtime
YOUR TEAM MANAGES

Middleware
Web Server Web Server AD
Database

O/S

Virtualization
Backup Database Cluster Monitoring
Servers
PRODUCTION
Storage

Networking
Modern Applications

Now, its turned into this

Applications

Runtime
YOUR TEAM MANAGES

Middleware

Database PRODUCTION STAGING UAT

O/S

Virtualization

Servers

Storage

Networking QA INTEGRATION
Modern ApplicationsWhats the Problem?

Expensive: Requires many components


Applications
Dedicated hardware & software
Runtime Multiple environment$
YOUR TEAM MANAGES

Middleware (Prod, Staging, Test, Dev, etc.)


Database Under-utilized
O/S Must scale to worst-case scenarios
Virtualization Inflexible: Everything is ALWAYS ON
Servers Brittle
Storage Takes too long
Networking
Where is all this hardware and software?

Your data center(s) / co-location site(s)


Applications
Your server closet(s)
Runtime
Every component must be managed
YOUR TEAM MANAGES

Middleware

Database

O/S

Virtualization

Servers

Storage

Networking
The Cloud: Cloud Vendors Datacenters

Cloud vendor manages some components


providing scale and dynamic elasticity
Applications

Runtime IT focuses on strategic differentiators


YOUR TEAM MANAGES

Middleware

Database

O/S

Virtualization

Servers

Storage

Networking
Impact of the Cloud on Business
Challenges
Traditional Infrastructure Deployment inhibiting business
Delayed time-to-deliver
Capital Expenditure requirements for Traditional Deployment

Cloud Solution
New Servers: Reduced from 60 days to 3 minutes
New Collaboration environment: Reduced from 70 days to 10 Minutes
New 64 Node Linux Cluster: Reduced from 100 days to 30 Minutes
Expenses moved from Fixed to Variable and From CAPEX to OPEX
Impact of Cloud Computing on Business

Efficiency easy to work with, often via a web interface; complexity hidden
and managed by the vendor
Reduces administrative effort

Agility cloud solutions are very scalable


rapid growth
rapid adaptation to changing business needs

Economic often provide cost savings


pay-as-you-go subscription fees may be significantly less than staffing and hardware
support costs
What is the cloud?
National Institute of Standards and Technology
Cloud Computing Program has five key points:
On-demand self service
Network access
Pooled resources
Elasticity
Measured service

What does this really mean?


Organizations are off-loading some responsibilities to a provider
Hardware costs reduced
Software configuration time reduced
Easy to grow and shrink computing needs as they change
Cloud Components

Service-Oriented
Architecture

Network

Clients
Cloud Components

Vendors
Microsoft, Amazon, Avaya, Google, IBM, Cisco, Rackspace, etc

Networking / WAN - reliability

User Interface web, locally installed programs, IT management


interfaces

May be mixed with on-premise solutions


Lesson 2 Cloud Services
Software as a Service

Platform as a Service

Infrastructure as a Service
Cloud Service Models

Traditional Software
On-Premises as a Service
Applications Applications

Runtime Runtime

MANAGED BY VENDOR
YOUR TEAM MANAGES

Middleware Middleware

Database Database

O/S O/S

Virtualization Virtualization

Servers Servers

Storage Storage

Networking Networking
Software as a Service (SaaS)
Applications made available to the user but managed by a third party
vendor
May require local software or plugins or may run without local modification of the end
user workstation

Cost and less administrative effort


Quicker software deployments
Centralized version control

Pay for the actual number of users using the app


SaaS examples

Microsoft Office 365

Google Docs / GMail

Wordpress

Salesforce
Cloud Service Models

Traditional Platform Software


On-Premises as a Service as a Service

Your team manages


Applications Applications Applications

You manage
Runtime Runtime Runtime

MANAGED BY VENDOR
YOUR TEAM MANAGES

Middleware Middleware Middleware

Database Database Database

Managed by vendor
O/S O/S O/S

Virtualization Virtualization Virtualization

Servers Servers Servers

Storage Storage Storage

Networking Networking Networking


Platform as a Service (PaaS)
Provides developers with a fully configured environment for programming
and testing software
Vendors provide and maintain the virtual machines, OSs, networking, etc

Allows a great deal of flexibility and control over the development


environment

Provides a cost savings and speed for development and testing platforms

Allows collaboration at the developer level with consistency and efficiency

A layer above IaaS databases, web servers, dev runtime environments


PaaS examples

Google App Engine

Windows Azure

Apache Stratos
Cloud Service Models

Traditional Infrastructure Platform Software


On-Premises as a Service as a Service as a Service

Your team manages


Applications Applications Applications Applications

You manage
Your team manages
Runtime Runtime Runtime Runtime

MANAGED BY VENDOR
YOUR TEAM MANAGES

Middleware Middleware Middleware Middleware

Database Database Database Database

Managed by vendor
O/S O/S O/S O/S

Managed by vendor
Virtualization Virtualization Virtualization Virtualization

Servers Servers Servers Servers

Storage Storage Storage Storage

Networking Networking Networking Networking


Infrastructure as a Service (IaaS)
Infrastructure is provided by the vendor
virtual machines, virtual networks, operating systems, applications, etc created as
needed by the organization
Hardware costs are offloaded to the vendor
Billed on consumption of resources

Reduced administrative effort

Rapid deployments on an as-needed

Base layer VMs, Storage, Networking, etc


Virtualization is a key technology in IaaS
IaaS examples
Cloud Service Models
Higher Cost & More Control Lower Cost & Higher Agility

Traditional
On-Premises IaaS PaaS SaaS

Your team manages


Applications Applications Applications Applications

You manage
Your team manages
Runtime Runtime Runtime Runtime

MANAGED BY VENDOR
YOUR TEAM MANAGES

Middleware Middleware Middleware Middleware

Database Database Database Database

Managed by vendor
O/S O/S O/S O/S

Managed by vendor
Virtualization Virtualization Virtualization Virtualization

Servers Servers Servers Servers

Storage Storage Storage Storage

Networking Networking Networking Networking


Why IT Jobs are Changing
Changing Focus
Shift away from Hardware maintenance

Focus On:
Integration
Resource Management
Capacity Planning
How are IT roles changing?
Extending beyond traditional
corporate boundaries
Big Picture and/or end-to-end
understanding of solutions in
higher demand
Opportunity to become more
valuable as existing skillsets are
extended
Deep knowledge of selected cloud
solution required
Changing Roles & Required Skills
Step 1 Step 2 Step 3
Build Core Apply Core Skills for
On-Premise Skills Hybrid Environments Add New Skills
Design, configure & Analyze & Plan, SLAs, Design, configure &
IT Administrator to maintain security, networks maintain hybrid
Cloud Application Administrator Exchange, Lync OR Co-existence with Exchange, Lync AND
SharePoint Office 365 SharePoint Online

Build Web & SOA Architect hybrid


Architect & Develop
Developer or Database Developer to applications applications (on-prem
services using
Cloud Developer Visual Studio and and cloud apps)
Azure Platform
.NET SQL Azure

Design, configure Monitor, provision, Automation, design


Infrastructure Specialist to networks, security, and manage data deployment,
Cloud Operations Engineer and virtualization center with operational excellence
Hyper-V System Center Service Management

Architect Database
Architect & Database Administrator Designing, installing, Co-existence of
solutions to mine data
and administering SQL Server and
to Cloud Architect SQL Server SQL Azure
and work with
Cloud Services
Cloud Projects
New Web-based Testing Processes
Testing on a production platform

Ease of Information-sharing between Team Members, Customer Team


Members and Executive Management

More Remote Management

Clients and customers access infrastructure and applications has


completely changed
PM tasks
Assessing risks

Implementing vendor selection

Establishing governance processes

Recovery plans
Lesson 4: Integrating Cloud Services

Categories of Cloud Deployment models

Migration to the Cloud


Public Cloud
Multi-tenanted

Dynamically Provisioned Resources

Self-Service

Accessed via Internet


Private Cloud

Hosted Internally
Reduced Internet Network bandwidth
Reduced Security needs
Self-Service
Elasticity
Metered
Hybrid Cloud
A mix of Public and Private

Typically maintain Critical Data On Premises

Maintain On Premises Security

Leverage Public Cloud efficiency


Migration Considerations
Data ownership
Target user Developer? Standard end user? IT person?
Developers PaaS
End Users SaaS
Service / Virtual Machine Admins IaaS
WAN saturation and reliability
Proprietary solutions versus open solutions
End user training
IT support
Service Level Agreements to protect access
Consider legacy application compatibility
Lesson 5: Cloud Risks and Mitigation Strategies

Cloud Computing Risks

Risk Mitigation Measures


Risks
Data Management

Confidentiality

Integrity

Availability
Validated/Regulated Workloads
Compliance requirements
HIPPA, GxP, HITRUST

Need new methods to Verify


Risks
Legacy compatibility
Azure SQL is not 100% SQL Server compatible

Vendor lock in
Difficulty Moving Data
Does Application need to be recoded?

Availability of services
WAN failure
Service provider data center failure
Exhaustion of resources / performance (especially in multi-tenancy environments)
Risks
Network attacks
DDoS
Spoofing Attacks
Man-in-the-middle attacks

Legal
Jurisdiction
Unwanted Data disclosure
Licensing
Mitigation
Identity and Access Management
Authentication, Authorization and Auditing

Detection and Forensics


Auditing, Host based IDS

Encryption
On the network via IPsec and SSL
At rest via data encryption, vendor solutions

Proper selection of service providers


Lesson 6: Technical Perspectives of Cloud Computing

Self-Service and Automation in Cloud


Computing
Federated Cloud Services
Standardization
Self-Service

Key component of Cloud Computing


Can request resources whenever needed
Can boost key business drivers such as
accelerating testing and development cycles
Frees staff from low value manual
configuration and deployment tasks
Automation Benefits for Cloud Management

Easy provisioning
Fast deployment
Consistency of deployments
Right sizing
Federated Cloud Services (double meaning)

Ability of cloud providers to lease access to


other providers resources in an on-demand
manner
Allows providers to earn revenue from computing
resources that would otherwise be idle or
underutilized

CSP can expand their geographic footprints and


accommodate sudden spikes in demand without
having to build new points-of-presence.

Transparent to Customer
Federated Cloud Services (double meaning)

Deployment and management of multiple


external and internal cloud computing services
to match business needs.
Improve disaster recovery and geo-presence
Ability to use unique cloud-specific services from
different providers as they are needed
Ability to leverage the public cloud benefits of low-
cost and unlimited scalability in order to move agile
applications to the cloud
Use of a private cloud for regulatory or red-tape
bound applications or more traditional infrastructure
Interoperability

Integration of Services

Eradication of Vendor-Lock in issue

De-facto standards for distributed services


Standardization

To promote the use of best practices for


providing security assurance within Cloud
Computing, and provide education on the uses
of Cloud Computing to help secure all other
forms of computing.
Standardization

Cloud Standard Customer Council consumer


education
Deliver customer-focused content in the form of
best practices, patterns, case studies, use cases,
and standards roadmaps
Influence the standards development process for
new cloud standards
Facilitate the exchange of real-world stories,
practices, lessons and insights
Standardization

Distributed Management Task Force


interoperability standards
Creates and drives the international adoption of
interoperable management standards, supporting
implementations that enable the management of
diverse traditional and emerging technologies
including cloud, virtualization, network and
infrastructure.

Enables a more integrated and cost effective


approach to management through interoperable
solutions
Multi-Cloud Management

Cross Cloud Management Platforms

Cloud
Manager

CSC Agility Platform | Cloud Management


Lesson 7: Technical Challenges of Cloud Computing

Cloud Storage
Application Performance
Data Management
Security Risks and Mitigation
Application Architecture and the Development
Process
Cloud Storage

Must provide:
Redundancy

Reliability

Sufficient bandwidth for backups & recovery

Considerations:
Difficult to determine precisely where data is stored

May need to implement data replication


Application Performance

Network latency
Peak utilization spread across multiple tenants
Difficult to predict utilization and may lead to
applications not always responding consistently
Monitoring

Tied to effective utilization of cloud services by


employees
Used in reliability monitoring and SLAs
May be used as criteria for pay-per-use billing
Ensuring application performance is
acceptable response time ?
Data Risks

Physical security difficult with dispersed data


Share resources with other organizations may
expose data
Cloud provider may be compelled to provide
information to law enforcement
Dispersed data may be stored in different legal
jurisdictions
Data Management

Business content may be stored in multiple


locations in cloud-based solutions
Public cloud or private or hybrid

At different datacenter locations

Redundant connectivity

Data Migration
Encryption / security in transit and at rest

Compliance requirements
Security Responsibility
SaaS Security Responsibility

Identity and Access Controls


Authentication, Authorization, Auditing

Network restrictions by IP address, etc.


Security features that are application specific
PaaS Security Responsibility

Middleware configurations
Database configurations
IaaS Security Mitigation

Physical security provided by the cloud vendor


Configuration security provided by the
customer
Operating system and application hardening

Updates

Remove all unneeded features


Security Challenges

Security configurations options are offered by


the vendor and may be limited
Consumer loses overall control of data and
configurations
Resources are shared among tenants and a
vulnerability of one tenant may impact others
Rapid Rate of Change makes enforcement of
security controls difficult
AWS Shared Responsibility Model
When evaluating the security of a cloud solution, it is important for
customers to understand and distinguish between:
Security measures that the cloud service provider (AWS) implements and
operates "security of the cloud"

Security measures that the customer implements and operates, related to


the security of customer content and applications that make use of AWS
services "security in the cloud"
AWS Shared Responsibility Model
Cloud Security Strategies
The Cloud Security process involves:
Implement and maintain a security program
Build and maintain a secure cloud infrastructure
Implement confidential data protection
Implement strong access and identity management
Implement a governance and audit management program
Implement a vulnerability and intrusion management program
Maintain environment testing and validation
Cloud-based Applications & Development

Development process:
Web app scope (goals, purpose)
Define who will use the app (target audience)
Application features
Platform requirements, dev environment
User interface design
Web app structure built
Beta testing, etc.
Traditional Architecture
Multi-Tier Architecture
Scale-Up and Scale-Out Architecture

The Scale-up Architecture


Cloud Emulators

Simulated application
Lesson 8: Steps to Successful Adoption of Cloud Services

Steps to Adopting Cloud Services


Organizational Capability to Adopt Cloud
Services
Cloud Vendor Roles and Capabilities
Migrating Applications to the Cloud
Cloud Services Deployment Factors

Provider services IaaS? PaaS? SaaS?


Service management and metering for cost
Required standards
Integration requirements with on premise
solutions or data stored elsewhere
Security requirements and provider options
Success Factors

Service model appropriate to business needs


Public, private or hybrid model
Security Audit On premises vs Cloud
Vendor reputation
Effective Service Level Agreement (SLA)
Calculate financial benefit of a cloud migration
versus a traditional model
Update change management procedures to
include cloud
Cloud Adoption Process

Analysis of the current environment and potential


vendors

Planning cloud model, infrastructure, security,


financial impact, legal compliance
Adoption of application integration into the cloud
solution to the cloud
Migration of data and users to the cloud service

Management ongoing support of the cloud service


Vendor Selection Process
Analyze current Organization
IT infrastructure
Goals and challenges
Traffic spikes
Cloud criteria outline
Scalability?
Security and compliance?
Service offering
Compare Cloud Vendors
Access and Control levels
Automation
Cost
Upgrade/Maintenance schedule
Organizational Capability to Adopt Cloud Services

Cloud Readiness
Current environment optimized and updated

Proposed cloud services aligned to business needs

Communication between the organizations


divisions regarding the cloud deployment

Pilot programs and test cases implemented

Service monitoring that includes all stakeholders


Management Components

Infrastructure availability and provisioning of


cloud services
Service capacity and configuration
management
Risk business, technical, legal
Financial cost management of
implementation
Vendor business relationship with the cloud
vendor
Vendor Roles and Capabilities

Does the vendor use an open or standards-


based service model?
Otherwise risk vendor-lock in

Service branding for your organization


Solutions will have your organizations look and feel

Identity and Access Control security


Mitigates risk of data exposure
Vendor Selection Considerations

Vendor experience/reputation
Meet business needs
Ease of management/maintenance
Portability
Security
Regulatory compliance
Lesson 9: Identifying Risks and Consequences

Organizational Risks
Technical Risks
Legal Risks
Cost Evaluation for Cloud Computing
Identify Maintenance Aspects of Strategic
Flexibility
Organizational Risk Considerations

Risk Analysis
Identify risks and financial consequences

Starting point for risk mitigation / management

Risk Management
Monitoring of identified risks

Appropriate, proactive countermeasures


Cloud Security Challenges

Vendor security is difficult to analyze or


quantify
Difficult to identify where data is stored
Difficulty removing data from cloud vendors
control
Loss of control when there are technical
failures at the vendor level
Unauthorized access
Cloud Security Challenges (continued)

Vendor lock-in
Loss of management control
Vendors may work with additional 3rd parties to supply
services

Vendors may/will update/change SaaS or PaaS offering

Industry and Regulatory Compliance


Cloud service vendor failure
Appropriate Service Level Agreements
Technical Risks - Misconfigurations

Incorrect provisioning of resources


Based on cloud elasticity should be easy to correct

Multi-tenancy risks exposure of data


Private cloud may be appropriate for some or all data and
services

Risk to data at rest (storage) and in transit (network)


Storage and network encryption

Identity and Access Control Management for


authentication
Misconfigurations and vulnerable accounts
Legal Risks

Jurisdictional control and warrant-based


access to data
Heavily debated situation right now

Legal exposure:
Misdirecting data among organizations may be
increased in a multi-tenancy environment

Data security & confidentiality

Data destruction / expiration is difficult to ensure


Licensing models

Per-user license granted to a specific user

Per-device license granted to a device

Enterprise access granted regardless of


number of users
Cloud Computing Cost Evaluation

Direct Cost
Discrete cost for discrete service

Clear and easy to anticipate

Indirect Cost
Costs spread across multiple services and / or
multiple customers

Difficult to estimate
Total Cost of Ownership (TCO)

Comprehensive estimate of cost based on all


criteria
Covers direct and indirect costs
Examples:
Licensing

Subscription fees

Migration costs

Support costs
TCO for SaaS

Avoids many deployment, update and service


costs associated with traditional local
installations
Regular and recurring subscription fee is easy
to budget for
TCO for PaaS

Reduced / eliminated expense of hardware,


OSs, applications

Pay per use model for developers and other


users
TCO for IaaS

Server and network infrastructure is


outsourced
Reduces hardware and configuration costs
Eliminates the budgetary consideration of the
service lifecycle
Hardware support concerns

OS and driver support offered by vendors

Often measured in a few years

Replacement is expensive
Identify Maintenance Aspects of Strategic Flexibility

Anticipate and prepare for unforeseen


organizational changes
Unexpected growth

Unexpected reduction

New technologies

New business needs or customer demands


Strategic Flexibility Factors

Cloud model public, private, hybrid


Subscription and SLA costs for changes
Cloud migration may reduce the ROI on
current IT infrastructure (that could have been
maximized without a cloud migration)
Rapid scalability of services
Strategic Flexibility Maintenance

Centralized management of cloud (and non-cloud)


resources
Ensure the Cloud Model reflects business needs
Security data content and storage / transmission
ROI
Virtualization investment virtualization vendors
have different features (VMware vs Microsoft
Hyper-V)
Compliance with industry regulations
Thank You!
Questions?

Survey - http://tinyurl.com/CelegenSurvey919

SlideDeckPDF -