CON3550 Tips and Tricks to Rapidly Deploy Secure Private Clouds (with Exelon) Op#mized Deployments of Private Cloud Maninder Singh IT Manager Exelon Corp. October 25-29, 2015 San Francisco Gautam Sarnaik IT Lead Analyst Exelon Corp. KrisLan Bakke Sr. SoluLons Manager Oracle Systems Engineering October 28, 2015 Copyright 2015, Oracle and/or its affiliates. All rights reserved. Oracle ConfidenLal Internal/Restricted/Highly Restricted
Safe Harbor Statement The following is intended to outline our general product direclon. It is intended for informalon purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or funclonality, and should not be relied upon in making purchasing decisions. The development, release, and Lming of any features or funclonality described for Oracle s products remains at the sole discrelon of Oracle. 3
Program Agenda 1 2 3 4 ECI & Exelon Oracle Cloud & OpLmized SoluLon for Enterprise Cloud Infrastructure InstallaLon and Set- up OpLons Exelon ECI Deployment 4
Accelerated ApplicaLon Deployments in a Secure Private Cloud Agile development pla`orm Stepping stone to the Cloud Over 5x faster deployment Lmes of applicalons 10:1 consolidalon ralo 5
Oracle Cloud SoluLons Mul#ple, Flexible Deployment Models You Choose Oracle Cloud Consume Oracle as subscriplon- based services Managed Cloud Oracle builds and manages a private cloud for you Private Cloud Build and manage your own cloud using Oracle cloud products Copyright 2015 Oracle and/or its affiliates. All rights reserved. 6
Enterprise Cloud Infrastructure (ECI) Tradi#onal Silos Consolidated Private Cloud Public Cloud Hybrid Cloud Physical Dedicated StaLc Heterogeneous Virtual Shared pla`orm & shared infrastructure Dynamic Standardized pla`orm & infrastructure Self- service Auto- scaling Metering & Chargeback Capacity planning Specialized Shared Standardized FederaLon across public & private clouds Interoperability CloudbursLng
All Oracle Cloud OpLons Are Engineered According to Three Principles: Secure Flexible to Deploy Integrated Simple to use Simple Comprehensive Flexible to Compliant Deploy Simple to Use Ensure conlnued access to crilcal data and funclons with integrated security best praclces Simple Flexible to Deploy Easy to Use Improve service levels with highest transaclonal throughput and faster Lme to deployment Savings High Performance Low Cost Reduce capital and operalonal costs to maximize IT investments with tested and proven architecture Copyright 2015 Oracle and/or its affiliates. All rights reserved. 8
Oracle Enterprise Cloud Infrastructure Security. Simplicity. Savings. Scalable Private Cloud pla`orm for consolidalon, virtualizalon of new or exislng apps, on the most secure, low cost, and open integrated system powered by Sogware in Silicon. Oracle ConfidenLal Highly Restricted 9
Most Secure Enterprise Cloud Pla`orm Secure Run#me for All Apps Without Compromise Integrated: Built in layered security and compliance Layered security co- engineered from semiconductor to applicalons Standardized security oplons configurable at start- up Comprehensive: Reduced surface area to secure Secure mull- tenancy for secure isolalon of data and services On- chip crypto protects transaclonal data from start to finish Built- in authenlcalon, authorizalon, and accounlng Simple: Automated compliance and audilng Secure templates and full- stack patching System check tools enforce standards and compliance Oracle ConfidenLal Highly Restricted 10
The Most Secure Enterprise Cloud Pla`orm Secure Run#me for All Apps Without Compromise SECURE: Layered security and compliance built in AddiLonal layer of defense with ApplicaLon Data Integrity Standardized security oplons configurable Secure and isolated virtual machines with secure live migralon SIMPLE: Easy to deploy and manage 5x faster deployment with tested and documented process Easy full- stack patching 2x the performance of comparable x86 SAVINGS: Achieve lowest cost per VM Highest efficiency pla`orm - less hardware and sogware Simplified provisioning and management Scale up infrastructure without downlme Copyright 2015, Oracle and/or its affiliates. All rights reserved. 11
Oracle Enterprise Manager ApplicaLon to OS to VirtualizaLon to Disk Management
Oracle Enterprise Manager Cloud Control 12c Rich Cloud Management Feature Set Self- Service Provisioning Database Cloning Enterprise- Wide Service Catalog Supports databases, schema, and pluggable databases (PDBs) Full clones and snap clones (thin clones) Role- based catalog, standardized services Quota- and Policy- Based Management Enforces governance and control Metering, Chargeback Comprehensive REST and Oracle Enterprise Manager CLI APIs Supports database, schema, and PDBs For all self- service and admin funclons
Enterprise Manager Ops Center 12c Key Features Asset Discovery, OrganizaLon and Grouping Automated Firmware and OS Provisioning Server, Network, Storage and OS Management My Oracle Support (MOS) and Auto Service Request (ASR) IntegraLon VirtualizaLon Management Oracle Solaris Zones Oracle VM Server for SPARC Oracle VM Server for x86 M- series Hard ParLLons Engineered Systems Support Support for Infrastructure as a Service (IaaS)
Create Clouds and Provision Them Quickly with Oracle OpenStack Nova Compute VirtualizaLon Oracle Solaris Zones and Kernel Zones Ironic Bare- Metal Deployment SPARC/x86 Horizon Centralized Cloud Management Neutron Cloud Networking ElasLc Virtual Switch Heat OrchestraLon Oracle Solaris Unified Archives Cinder/SwiW Cloud Storage ZFS File System Murano ApplicaLon Deployment Oracle Database and FMW Glance Image Deployment Unified Archives Oracle hardware and sogware stack Highest performance with Oracle s Sogware in Silicon technology Agile self- service environments ApplicaLon- driven sogware defined networking (SDN) Full VM lockdown Automated compliance monitoring and reporlng Engineered for mission- crilcal workloads Zero- overhead virtualizalon Copyright 2015, Oracle and/or its affiliates. All rights reserved. 15
Rack Layouts VerLcal Scalability Oracle Secure Enterprise Cloud Infrastructure (Q4 CY15): Oracle Enterprise Cloud Infrastructure: Oracle Enterprise Manager Ops Center 12.3 update SPARC T7 servers (parlal rack available) Oracle ZFS Storage ZS3-2/ZS4-4 appliances Oracle FS1-2 storage Oracle Ethernet Switch ES2-64/ES2-72 networking Oracle Virtual Networking and Oracle Fabric Interconnect F1-15 and F1-4 Oracle Enterprise Manager Ops Center 12.3 SPARC T5-2/T5-4 servers Oracle ZFS Storage ZS3-2/ZS4-4 appliances Oracle FS1-2 storage Oracle Switch ES1-24/72 10GbE switches Oracle Virtual Networking and Oracle Fabric Interconnect F1-15 and F1-4 Copyright 2015 Oracle and/or its affiliates. All rights reserved. 16
Rack Layouts Horizontal Scalability Scalable Storage Rack Core Rack Scalable Compute Rack Copyright 2015 Oracle and/or its affiliates. All rights reserved. 17
Oracle Advanced Customer Support (ACS) delivers personalized and proaclve mission- cri#cal support for organizalons seeking to maximize the availability, performance, and value of their Oracle solulons Copyright 2014, Oracle and/or its affiliates. All rights reserved. 18
Oracle Fixed Scope Services PRODUCTION READINESS Comprehensive packaged services performed by Oracle advanced support engineers Accelerate deployment Lme using proven configuralons based on Oracle best praclces Reduce downstream system stability and reliability issues Delivered ullizing a unique combinalon of Oracle experlse, tools and best praclces Designed to compliment 3rd party implementers and Oracle partners Benefits Accelerate AdopLon and Return on Investment Reduce Downstream Risk PRODUCTION OPTIMIZATION Maximize availability through proaclve and prevenlve maintenance packs Keep current with Oracle recommendalons based on industry specific advice Reduce risk and change management delays by leveraging the best Oracle experlse available Scalable and modular packs that can be tailored to business and operalonal needs OpLmize Performance and Reliability Maximize Availability Copyright 2014, Oracle and/or its affiliates. All rights reserved. 19
Oracle ECI Standard System InstallaLon Installa#on of systems using proven, standard methodologies Services Provided Comprehensive, standard system installalon Perform hardware, network and operalng system funclonality validalon Pre- produclon readiness reviews Provide installalon final summary report Benefits and Value Shorten Lme to deployment Highly trained engineers deliver proven, standardized installalon methodologies Get crilcal systems up and running quickly and efficiently Copyright 2014, Oracle and/or its affiliates. All rights reserved. 20
Sample AcLviLes Pre-production (Readiness) Production (On-going Operations) Sample Activities: Sample Activities: Review technical and availability requirements Risk Analysis Business continuity review Transition recommendations Test planning and control activities Pre-production testing Global deployment methodologies Installation and configuration Project management of entire solution Go Live Proactive guidance Dedicated support team Configuration and performance reviews Recommendations for on-going optimization Risk mitigation, project control and issue management Documentation and knowledge transfer Copyright 2014, Oracle and/or its affiliates. All rights reserved.
OMCS Managed Cloud Service - Summary All the capabililes of a private cloud, retain the benefits of on - premise deployment, managed end- to- end lifecycle by Oracle and alignment with Oracle strategy Self Service Portal for simplified deployment and management MulL- level Security Model Accelerated Lme- to- value with cerlfied configuralons, engineered services and a standards based approach 22
OMCS Service Catalog Offers choice of DB Size, SLAs and Security Levels DB Size Tiered SLAs Small Mediu m Large X- Large 2X- Large Compute 1 Core 2 Cores 4 Cores 8 Cores 16 Cores Memory 8 GB 16 GB 32 GB 64 GB 128 GB Storage (GB) 200 500 1000 4000 8000 Bronze Silver Gold PlaLnum Diamond Addi=onal Storage can be requested in 200GB slices up to 1 TB Any DB Size can be paired with any of the 5 Service Levels Security Level 1 Level 2 Level 3 Level 4 Any DB Size / SLA can be paired with any Security Level 23
MCDS Service Catalog: Separate Business & Technical Catalogs Business Service Catalog Bronze Silver Gold Pla#num Diamond Local Availability Best effort 95% 99.5% 99.9% 99.99% Maintenance Windows Every 6 months Every Qtr Every Qtr +On Demand Every Qtr + On Demand Every Qtr + On Demand Disaster Recovery (Op#onal) Backup RTO N/A 5 day 4 hours 2 hours 1 hour RPO N/A 1 day 1 hour < 1 min < 1 min Weekly Full, Daily incr Weekly full, Daily incr Weekly full, Daily incr Weekly full, Daily incr, Flashback logs Weekly full, Daily incr, Flashback logs Service Desk Hours 8 x 5 8 x 6 24 x 7 x 365 24 x 7 x 365 24 x 7 x 365 SR1 <= 4 hours SR1 <= 1 hour SR1 <= 15mins SR1 <= 15mins SR1 <= 15mins Alert and Response Time SR2 <= 1 day SR2 <= 4 hours SR2 <= 4 hours SR2 <= 2 hours SR2 <= 1 hours Types of Instances Dev Test Prod, DR Prod DR Prod DR Security Level 1 (Default Security for all Service Tiers) Cloud Admin & Self- service User Technical Service Catalog Bronze Silver Gold Pla#num Diamond Storage Mirroring Dual Dual Triple Triple Triple VMs Zones, Kernel Zones Zones, Kernel Zones Zones, Kernel Zones Zones, Kernel Zones Zones, Kernel Zones Disaster Recovery N/A N/A ZFS ReplicaLon ZFS ReplicaLon ZFS ReplicaLon Cloud Admin User 24
MCDS Service Catalog: MulL- level Security Model Based on Degree of Data SensiLvity Business Service Catalog Technical Service Catalog Level 1 Secure Configura#on Level 2 (+ Level 1) Data Security Preven#ve Hardened OS and DB image Hardened OS and DB image Level 3 (+ Level 2) Access Control ASO (TDE) Database Vault Level 4 (+ Level 3) Monitor & Block ASO (Data RedacLon), EM Data Masking & Subseung Pack Detec#ve NaLve Database AudiLng NaLve Database AudiLng Audit vault Audit Vault Administra#ve Level 1 Secure Configura#on EM ConfiguraLon & Compliance Level 2 (+ Level 1) Data Security DB Security Assessment Service Level 3 (+ Level 2) Access Control Data Classifica#on Public Data Corporate Internal Data Restricted (PII, Financial Info) Preven#ve Hardened ConfiguraLon Hardened ConfiguraLon Network EncrypLon DB EncrypLon Service, DB VaulLng Service ( Block DBA Access to sensilve data) Security Management Program Level 4 (+ Level 3) Monitor & Block Highly Restricted (Source Code, M&A) Data RedacLon Service, Data Masking Service Detec#ve Logging DBA aclvity Logging DBA aclvity DB AudiLng Service DB AudiLng Service Administra#ve Compliance Check for configuralon & patching DB Security Assessment Service Security Management Program Security Management Program Security Management Program Self- service User Cloud Admin User 25 Cloud Admin &
Tips and Tricks for Fast Deployments 26
Oracle Best PracLces Fully Tested and Documented Best PracLces ImplementaLon Guide (250 pages) Product DocumentaLon Training Community resources Forums Demos Proofs of Concept 27
Best PracLces ImplementaLon Guide Principal Decisions Planning Impact on the Business Redundancy Designed for UpLme Architecture drives hardware decisions One architecture for all components Billback model? Storage delivery? Backups? Disaster recovery plans? Licensing Patching MigraLon, etc. No single point of failure Automated recovery HA through live migralon Extra resources to evacuate enlre CDOM HA verificalon plan Dual paths to everything Live migralon AutomaLc recovery ApplicaLon level HA Solaris 11 28
Best PracLces Planning Avoid going back to the well! Start every engagement with a planning meelng before hardware is ordered! Architectural decisions should drive hardware purchases. One Architecture to Rule them all! Unix AdministraLon Storage AdministraLon Network AdministraLon Backup AdministraLon Disaster Recovery AdministraLon 29
Best PracLces - Know your Business Impacts Cost allocalon! What is your bill back model? Storage delivery LUNs (FC or iscsi), NFS, NAS, Dynamically, StaLcally Backups Disaster Recovery Plans Licensing Patching MigraLons / New Installs / Cloning 30
Best PracLces - Planning & TesLng for Redundancy A properly configured ECI Architecture provides no single point of failure that cannot be recovered from quickly and without human intervenlon! This includes the following areas of concern. Servers (Live MigraLons and recovery to alternate Servers) Network (Switches, Cabling, NICs) Fabric (Switches, Cabling, HBAs) Storage (Network Switches, Fabric Switches, Cabling, NICs, HBAs, ZFS Controllers, Disk Shelves) High Availability through Live MigraLon / LDOM Recovery. Leave adequate CPU & Memory resources to evacuate an enlre CDOM. HA VerificaLon Plan to prove out your configuralon. 31
Best PracLces - ArchitecLng for UpLme Dual Paths to Everything! AggregaLons (LACP, DLMP), IPMP & MulLPathing for LUNs help insure reliable access to your resources. Live Migra#on Live MigraLon capability is at the heart of the ECI Architecture as it provides you the ability to perform maintenance aclviles on physical assets without downlme to your customers. Automa#c Recovery Ops Center can automalcally recover crashed LDOMs but only if you configure it to! Applica#on Level HA Your applicalon should be architected for horizontal scaling as well as your infrastructure. Solaris 11 The IPS repository and Solaris 11 boot environments are an integral component to being able to maintain your environments with as small a downlme window as possible. Do your work during the day and reboot into your new environment during your change window. 32
Best PracLces - Ops Center Architecture Architec#ng for HA within Ops Center Infrastructure Ops Center Enterprise Controllers under Solaris Cluster MulLple Proxy Controllers to allow client failover HA Remote Database Backend Architec#ng for HA recovery of LDOMs Ops Center configured for LDOM automalc recovery. LDOM Metadata stored on NFS Shares to allow recovery on any CDOM. Architec#ng for Parallel Maintenance Ac#vi#es Ops Center allows maintenance aclviles to be kicked off on all CDOMs in parallel allowing for maintenance aclviles to be scaled massively across physical servers. 33
Best PracLces - ArchitecLng for Hands Off ASR The ECI environment monitors Servers, OperaLng Systems and Storage Components and automalcally opens up SRs with Oracle Support on any failures! You will commonly hear about any new issues from Oracle before you discover it yourself. In the event of hardware failure, the new hardware will be shipped automalcally without intervenlon on your part. 34
Exelon Business Overview 35
Exelon Business Overview Exelon has been the top- ranked electric and gas ullity on the FORTUNE 500 every year since 2008. Exelon was named to Fortune magazine s 2015 list of the World s Most Admired Companies. Exelon ranked among the top five U.S. ullity companies in Newsweek's 2015 Green Rankings. Exelon was named to the Dow Jones Sustainability North America Index for the ninth year in a row in 2014. Key Stats for 2014 Opera#ng Revenues: $27.4 billion Assets: $80 billion Employees: Approximately 29,000 Owned U.S. Genera#ng Capacity: More than 32,000 megaways Electric and Natural Gas Delivery Customers: 7.8 million 36
Exelon Cloud ObjecLves ConsolidaLon and VirtualizaLon of exislng Legacy Physical hardware ImplementaLon of SPARC- based Internal Cloud for Virtual HosLng Infrastructure Achieving faster turn around for Provisioning Virtual Machines ReducLon of Datacenter Real Estate, Power, Network and Cabling Footprint Enhanced Monitoring & ReporLng 37
Exelon ECI Deployment - Infrastructure Customized Exelon ECI Design and Architecture ImplementaLon and Deployment of ECI at various Exelon Datacenters in Record Speed Seamless Expansion of Server and Storage environment in ECI Mul#ple Sites 38
Exelon ECI Deployment Key Benefits OpLmal Cloud OperaLonal Efficiency managing ECI with Ops Center Resource ElasLcity - Scale vcpus/memory/storage (On- demand Compute & Storage) Over 5x faster deployment of Virtual Instances Ability to clone Virtual Instances Simplified/Centralized Management with Ops. Center (Consistent Tools/ Universal Resource View/ Resource ULlizaLon ) 39
Exelon ECI Results - Summary Aligns with Exelon s Cloud IniLaLve Provide BU s an easy P2V MigraLon Path without extensive Planning and TesLng Efforts SubstanLal Savings in O&M and Capital Budget Simplified and centralized operalons Leverage ECI for faster turnaround Lme and gain OperaLonal Efficiency ReducLon in downlme for both planned and unplanned maintenance 40
Live Demo or PoC in Oracle DemoGrounds Agenda - Enterprise Cloud Infrastructure on SPARC Introduction of ECI on SPARC Management(OC-12) GUI Overview Creation of LDOMs and Zones Migration of LDOMs and Zones Fail-over of LDOMs Dynamic scalability of Resources Integration w/ EM 12c Cloud Control Moving VM s(ldoms or Zones) into Cloud Control DBaaS, Snap Cloning
Sessions of Interest Session# Demonstra#on When Loca#on GEN8606 Security, Speed, Simplicity Hybrid Cloud Present & Future with Oracle Solaris Tuesday, Oct 27, 11:00am THT10991 Secure Your OpenStack Environment Wednesday, Oct 28, 10:30am CON8468 CON3550 CON3225 DevOps Done Right: Secure VirtualizaLon with Oracle Solaris Tips and Tricks to Rapidly Deploy Secure Private Clouds The Cuung Edge of Technology: Deploying a Secure Cloud with OpenStack Wednesday, Oct 28, 12:15pm Wednesday, Oct 28, 1:45pm Thursday, Oct 29, 2:30pm InterconLnental InterconLnental C (5 th floor) Moscone South: Systems DEMOgrounds - Geek Speak Theater InterconLnental InterconLnental B (5 th floor) InterconLnental InterconLnental C (5 th floor) InterconLnental InterconLnental B (5 th floor) CON8353 Deploy DBaaS in Minutes on Oracle s Enterprise Cloud Infrastructure Thursday, Oct 29, 10:45am Moscone South:104 HOL8359 Deploy DBaaS in Minutes on a Flexible, Secure, Private Cloud Infrastructure Tuesday, Oct 27, 8:45am Hotel Nikko Nikko Ballroom I
Systems DemonstraLons of Interest Moscone South - DemoGrounds Kiosk # SC- 043 SC- 039 SC- 028 SC- 018 SC- 006 SC- 026 SC- 007 SC- 022 SC- 040 Demonstra#on Easily Manage and Deploy Cloud Services with Oracle's Secure, Private Cloud SoluLon Secure Private Cloud Done Right with Oracle OpenStack Develop Secure Sogware with SPARC M7 Sogware in Silicon Technology Oracle WebLogic Server: FoundaLon for Secure Middleware & Cloud Deployments DBaaS and Use Cases in a Hybrid Cloud Environment High Availability and Disaster Recovery for the Enterprise Cloud Be a Hero to your DBA: DB Performance Tuning Data is your most valuable asset. Store it, Access it; Forever Best Value for Secure Private Clouds
Summary Q&A 44
Next Steps Learn More About Enterprise Cloud Infrastructure Optimized Solutions Web page: http://www.oracle.com/us/solutions/oos/enterprise-cloudinfrastructure/overview/index.html Get an ECI Presentation from Oracle Get a Demonstration of ECI at Oracle or via WebEx Do a PoC at Oracle s Solution Centers
Copyright 2015, Oracle and/or its affiliates. All rights reserved. 46
47