How To Cloud Compute At The Cloud At The Cyclone Center For Cnc

Similar documents
Federal Aviation Administration. efast. Cloud Computing Services. 25 October Federal Aviation Administration

Esri Managed Cloud Services and FedRAMP

Cloud Courses Description

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

Seeing Though the Clouds

Cloud Computing; What is it, How long has it been here, and Where is it going?

Consolidated Technology Services PRIVATE CLOUD SERVICE. March 2014

Enterprise Managed Cloud Computing at NASA. Karen Petraska NASA Office of the CIO Computing Services Service Office (CSSO) October 1, 2014

Cloud Courses Description

NCTA Cloud Architecture

Cloud computing - Architecting in the cloud

Cloud and Regulations: A match made in heaven, or the worst blind date ever?

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Increased Security, Greater Agility, Lower Costs for AWS DELPHIX FOR AMAZON WEB SERVICES WHITE PAPER

DLT Solutions and Amazon Web Services

Cloud Computing Submitted By : Fahim Ilyas ( ) Submitted To : Martin Johnson Submitted On: 31 st May, 2009

Cloud Security for Federal Agencies

Cloud Models and Platforms

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government

Service Automation to implement and operate your Cloud initiatives

Standardizing Cloud Services for Financial Institutions through the provisioning of Service Level Agreements (SLAs)

Managing Cloud Computing Risk

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II

Cloud Services The Path Forward. Mr. Stan Kaczmarczyk Acting Director - Strategic Solutions and Security Services FAS/ ITS, GSA

Cloud Security Introduction and Overview

10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH Agenda. Security Cases What is Cloud? Road Map Security Concerns

John Essner, CISO Office of Information Technology State of New Jersey

Zentera Cloud Federation Network for Hybrid Computing

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

PRIVATE CLOUD. November 6, 2013 Kay Metsker & Dan Mercer

THE BLUENOSE SECURITY FRAMEWORK

CLOUD TECHNOLOGY IMPLEMENTATION/SECURITY

Using ArcGIS for Server in the Amazon Cloud

Enhancing Operational Capacities and Capabilities through Cloud Technologies

Microsoft Private Cloud

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

How To Understand Cloud Computing

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

CHAPTER 8 CLOUD COMPUTING

Enterprise Cloud Solutions

Infrastructure as a Service (IaaS)

Validating Enterprise Systems: A Practical Guide

Migration and Disaster Recovery Underground in the NEC / Iron Mountain National Data Center with the RackWare Management Module

Enterprise Cloud Use Cases and Security Considerations

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud

VIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS

What Cloud computing means in real life

Mitigating Information Security Risks of Virtualization Technologies

The NIST Definition of Cloud Computing

Kent State University s Cloud Strategy

Credit Unions and The Cloud. By: Chris Sachse

Healthcare: La sicurezza nel Cloud October 18, IBM Corporation

Chapter 11 Cloud Application Development

BUSINESS MANAGEMENT SUPPORT

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)

Monitoring & Measuring: Wi-Fi as a Service

Migration Scenario: Migrating Backend Processing Pipeline to the AWS Cloud

Cloud Computing - Advantages and Disadvantages

Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service

The Cloud in Regulatory Affairs - Validation, Risk Management and Chances -

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014

GeoCloud Project Report USGS/EROS Spatial Data Warehouse Project

BMC s Security Strategy for ITSM in the SaaS Environment

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2

How To Improve Nts Information Technology

VMware vcloud Architecture Toolkit Public VMware vcloud Service Definition

An Introduction to Cloud Computing Concepts

Managed Cloud Services

ISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services

C Examcollection.Premium.Exam.34q

Cloud service model provides levels of abstraction and automation for those tasks

CloudFTP: A free Storage Cloud

Outlook. Corporate Research and Technologies, Munich, Germany. 20 th May 2010

CloudCenter Full Lifecycle Management. An application-defined approach to deploying and managing applications in any datacenter or cloud environment

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Industrial Security Solutions

Introduction to Cloud Computing

Dynamic Services from T-Systems: Enterprise Cloud Computing in practice

Cloud Computing--Efficiency and Security

Cloud Computing Cluster Introduction to Cloud Computing. Rick Martin, Co-chair, Cloud Computing Cluster August 26, 2013

Cloud Computing and Data Center Consolidation

journey to a hybrid cloud

CompTIA Cloud+ 9318; 5 Days, Instructor-led

Virtualization and IaaS management

Cloud Computing and Government Services August 2013 Serdar Yümlü SAMPAŞ Information & Communication Systems

DLT Solutions and Amazon Web Services

Cloud Computing Best Practices. Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service

Cloud Computing Technology

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

How To Understand Cloud Computing

Proactively Secure Your Cloud Computing Platform

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

Cloud Glossary. A Guide to Commonly Used Terms in Cloud Computing

Compliance and Cloud Computing

Transcription:

Cloud Computing at CDC Current Status and Future Plans Earl Baum March, 2014 1

Background Current Activities Agenda Use Cases, Shared Services and Other Considerations What s Next 2

Background Cloud Definition NIST Special Publication 800-145 identifies five essential characteristics of cloud systems: On-demand self-service. The customer can, on their own, provision computing additional computing resources without the need for human interaction with each service provider (e.g. pay only for the resources you need, add more as your demands grow). Broad network access. The system and its capabilities are available over the network and accessed through standard mechanisms (e.g., mobile phones, tablets, laptops, and workstations). Resource pooling. Computing resources are pooled to serve multiple customers with different physical and virtual resources and can dynamically be assigned and reassigned according to demand. Examples of resources include storage, processing, memory, and network bandwidth. Rapid elasticity. Computing resources can be provisioned and released, in some cases automatically, to rapidly grow or shrink based on demand (e.g. configure thresholds to allocate or release processing power, storage, etc.). Measured service. Cloud systems can automatically control and optimize resources based on things like storage, processing, bandwidth, and the number of active user accounts. Resource usage can be monitored, controlled, and reported (e.g. ability to see how much bandwidth, storage, processing power, etc. that you are using). 3

Background History OMB Cloud First Mandate -2010 HHS Cloud Reference Architecture September 2010 Federal Cloud Computing Strategy February 2011 GSA FedRamp December 2011 First FedRAMP IaaS ATOs -2013 4

CDC Cloud Current Activities CDC is conducting a Cloud Proof of Concept using Amazon Web Services Goal: Identify, develop and implement services and processes required to effectively support CDC systems in a cloudhosted environment Status: Started August 2013, ongoing On track to complete testing and validation of core ITSO services before the end of April, 2014 5

CDC Cloud Procurement CDC is developing a dedicated CDC Cloud BPA In-progress Q3 FY14 Close coordination of Cloud Procurement within CDC OCIO is required to reduce risks of: Increased costs Sprawl many independent contracts Duplication of services and associated costs Security risks Inconsistent contract language Inconsistent policy interpretation and implementation Larger surface area for hackers to attack 6

So we have a CDC Cloud NOW WHAT? 7

Cloud Impact on CDC IT Cloud Computing changes the way ITSO provisions some IT services: Core IT services (patching, backup, disaster recovery, authentication) Security-related services (DMZ, monitoring, intrusion detection/prevention) Application/System Development (best practices, SDLC, EPLC) Cloud requires consulting services and education Assistance with Analysis of Alternatives, EPLC, Service Architecture, Development Best Practices, Security Integration 8

Cloud Impact on C&A FedRAMP simplifies the C&A process, but does not eliminate requirements for due diligence and CDC C&A Layered components can simplify Cloud C&A: CSP FedRAMP ATO CDC Service/Secure Baseline Configuration (SBC) C&A CDC Application/System C&A 9

Shared Service Requirements Each Cloud Use Case implies a stack of services (network, security, application interfaces, authentication, firewalls and related items), which must be developed and delivered within the Cloud environment These shared services form the framework within which cloud-hosted applications operate ITSO, MISO, OCISO and EITPO/EA are working together to develop and provide this service stack 10

Cloud Use Cases Public-Facing/Public Access, with no access to internal systems Public-Facing/Public Access, with access to internal systems Public-Facing/Limited Access, requiring login and access to internal systems Internally-Facing/Limited Access, requiring login Public-Facing Dev-Test/Limited Access, requiring login and access to internal systems Internally-Facing Dev-Test/Limited Access, requiring login and access to internal systems Batch/On-Demand HPC/Limited Access, requiring login and access to internal systems Batch/On-Demand Big Data (Hadoop or similar)/ Limited Access, requiring login and access to internal systems 11

What s Next? Based on the results of the Amazon Proof Of Concept Finalize and issue the CDC BPA Implement service architecture and processes developed during the POC Continue development of Cloud Services and Standards ITSO Cloud WG OCIO Cloud Services Architecture Workgroup Integration with Shared Services Workgroup Update EPLC and Analysis of Alternatives to reflect new services and associated best practices Education Role-based training for architects, developers and operations staff 12

Additional References and Resources GSA FedRamp Compliant CSP List http://www.gsa.gov/portal/content/131931 AWS Overview http://media.amazonwebservices.com/aws_overview.pdf Amazon free training http://aws.amazon.com/training/intro_series/ Application Migration and AWS http://media.amazonwebservices.com/cloudmigrationmain.pdf 13

Architectural Best Practices To realize the benefits of the cloud Design for failure Loose Coupling Elasticity Security Parallel processing for scalability Storage Governance 14

Design for Failure Avoid single points of failure Infrastructure Services Application Modules Assume that everything fails Applications should continue to function even when underlying hardware fails or is removed/replaced 15

Backup/Recovery/Resiliency 16

Monitor/Patch 17

Loose Coupling Design around independent components The more loosely they re coupled, the bigger they scale Design app and service components as black boxes Input, process, output without knowledge of the source of inputs or destination of outputs Message queues to link modules Load balancers for clusters 18

Elasticity The cloud is flexible or can be Don t assume the health, availability or fixed location (IP address or server name, for example) of individual components Design application modules so they continue to function through server reboot/relaunch Use dynamic configurations servers download specifics during bootstrap rather than using fixed internal configs 19

Notional Application Architecture 20

Security Security is still a concern Encrypt data at rest and in transit Use least-privilege model Use granular access-control lists for each function APIs Ports Users Authentication 21

Parallel Processing Modular code can scale more simply than serial code Scale horizontally, rather than vertically Add instances when needed, discard when no longer necessary Depends on service architecture to implement 22

Storage Multiple options one size does not fit all Object storage (AWS Elastic Block Store) NAS-equivalent Can be mapped as drives/shares to running instances Block storage (Amazon S3) Write once, read many (NetFlixuses this to store movie images, for example) Archival Storage (Amazon Glacier) Long-Term, low cost, low performance, high availability 23

Why? Governance Consistent, cloud centered decision-making processes, policies, planning, architecture, acquisition, deployment, operation and management End-to-end lifecycle management Balance cloud investment opportunities and risks Avoidance of cloud sprawl and unauthorized cloud procurement/deployment 24

Governance How? CDC EPLC: Initiation point for Cloud Governance at the project level, via Stage Gate reviews and the Analysis of Alternatives Procurement Reviews Identifying Cloud activities that may fall outside of EPLC ITSO Internal Processes Integrate Cloud into existing processes Establish consistent business processes and workflows for Cloud deployments OCISO C&A Process Cloud-hosted services still require full C&A 25

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information