Building a better more secure Cloud RICHARD MORRELL Evangelist EMEA Region Cloud Business Unit Red Hat
Who am I? 16 year Open Source Veteran working with Red Hat since 1997 Co-Founder Linuxcare 1997 in San Francisco VA Linux (Sourceforge, High Availability, Clustering, Security) 1999 SmoothWall 2000-3 founder and CiSO 47m installations worldwide 2003-6 Chief Security Officer Virgin Group UK Home Office Advisor / Jericho 2006 Founder team member Zimbra acquired by Yahoo 2007 2010 UK Ministry of Defence senior Linux accreditor / CLAS GCHQ advisor 2010 Rejoined Red Hat Specialist in forensic security, Cloud security and Identity Access Management US Government specialist advisor status (US Gov, IRS & DoD)
Cloud new rules, same game The hype is deafening, the reality is here with us now in the form of our ambitions, our governance models. Helps focus our needs as organisations and the ambitions of our staff and the community using elastic computing and mixed resources. Cloud get's the best out of our staff, our developers, our architects Cloud forces us to think about business process, risks and controls Cloud in Government forces us to better design accreditation processes around Cloud lifecycle
Cloud Enabling change at every level Cloud allows us as technical thought leaders to build out at our own pace, and to re-use and to control more of our architecture than ever before. Cloud represents to many system integrator partners the biggest potential revenue risk that they've ever faced as well as forcing integrators to rethink their engagement model. Rebuilding the traditional audit model for the next generation of compute / node / build architectures for Cloud.
Open Clouds - key features Are Open Source, built on entirely Open Source code Have a viable, independent community and ecosystem Are based on open standards, or protocols and formats that are moving toward standardization, that are independent of their implementation Provide freedom to use intellectual property (IP) Lets you deploy on your choice of infrastructure Are entirely pluggable and extensible with an open API Enable portability to other clouds securely with confidence
Being Open puts you in a position of authority Remember Linux powers 87% of Cloud worldwide, 72% of that is Red Hat based technologies PHP, Python, Ruby on Rails, JBoss are the most widely used development environments in Cloud today Write your application once deploy it across multiple Clouds or hypervisor technologies DeltaCloud - CloudForms Harness the skills your staff already have, and hire from the best skilled talent pool from the communities and university leavers Benefit from the most disruptive and fastest growing technology arena ever seen in computing
Open and Secure Think security as a cornerstone of every aspect of Cloud not a retrofitted control or process piece With Cloud you lose the security benefit of physically separated systems strong isolation, a reduction in the application of Mandatory Access Controls in host platforms. Using proven Cloud ready technologies such as RHEL / RHEV with built in svirt segregation increases robustness / security assurance out the box. Secure isolation, especially in multi tenant environments, better policy enforcement Especially critical in the EU when thinking data privacy
Being Open allows you to be auditor friendly Build your controls and your risk profiles to suit your environments and your data / industry requirements It's free why aren't you already using it? BASEL/PCI/ISO/COBIT/ITIL/SAS compliant https://cloudsecurityalliance.org/research/ccm/
Conflicting Demands Being Open Solves These Developers Want IT Operations Wants Fast Standardized Agile Secure Self-Service Governance / Control Choice No Lock-In
How Do You Balance Flexibility vs. Control? Developer Flexibility IT/Admin Control
CloudForms helps you get there CloudForms launched June 2012 Allows you to bring cloud automation to all your hybrid and heterogenous resources, manage your applications in the cloud Allows organisations build and manage hybrid clouds, build and manage applications in the cloud Layering cloud automation on top of existing infrastructure. However, rather than only automating one particular virtualization technology, it provides cloud automation on top of your choice of physical infrastructure, virtualization technologies, and public cloud providers.
CLOUDFORMS HELPS YOU BUILD AND MANAGE HYBRID CLOUDS
BEYOND BUILDING INFRASTRUCTURE TO APPLICATION LIFECYCLE MANAGEMENT SELF-SERVICE Red Hat CloudForms 13
CLOUDFORMS SOLVES Self-service application deployment with rich policy Application lifecycle management designed for the cloud Application portability across diverse clouds Proven stack and ecosystem delivering enterprise-class SLAs in the cloud
RED HAT CLOUDFORMS BALANCES ENTERPRISE IT OPERATIONS RUNNING THE BUSINESS GOVERNANCE RISK MITIGATION REGULATIONS SECURITY AUDIT RELIABILITY CONSISTENCY INTEROPERABILITY 15 CLOUD SPEED SELF-SERVICE AGILITY ON DEMAND EFFICIENT INFRASTRUCTURE
BUILD A FOUNDATION FOR YOUR PRIVATE PAAS WITH RED HAT CLOUDFORMS & JBOSS
JBOSS PROVIDES THE LEADING ENTERPRISE APPLICATION PLATFORM FOR THE CLOUD
MANAGE JBOSS MIDDLEWARE & APPLICATIONS WITH JBOSS OPERATIONS NETWORK ACROSS PHYSICAL, VIRTUAL & CLOUD ENVIRONMENTS
OpenShift a foundation for Secure Open Cloud Built on RHEL to run built-in languages from Python to PHP, provide libraries, and execute programs However, OpenShift also takes specific advantage of RHEL to provide industry-leading secure, portable, and performant multi tenancy at the operating system level and not just at the virtualization level Benefits from RHEL's control groups and SELinux to achieve its two-tier multi-tenancy.
OpenShift Enterprise Class Buildout for Cloud Strong guarantees that the performance or load of one application won t affect that of another application in the same RHEL instance. Meaning a vulnerability in one application won t put another application at risk. And, they also ensure that potential weaknesses in the cloud s underlying hypervisor or other infrastructure won t affect the security of applications running on the OpenShift platform.
Giving Enterprise Development an edge in Cloud OpenShift run many scripting languages like Ruby, Python, PHP, and more based on RHEL, JBoss also uses Red Hat s JBoss Enterprise Middleware to provide enterprise-class capabilities like the ability to run full JEE6 applications. This is critical for enterprises because it means that they can bring existing applications to OpenShift, and they can bring applications written at OpenShift back on-premise or to other clouds, without modifying any code. Enforcing security policies on development frameworks rather than retrofitting applications to policies saves time, money and reputation
Delivering a secure ready ecosystem for Cloud Because the OpenShift platform builds on the strength of RHEL and JBoss, it includes access to the industry-leading ecosystem of these foundations. This includes thousands of ISV partners, including many important new players in cloud and mobility like 10Gen and Appcelerator. To learn more about OpenShift visit the Red Hat website
OpenShift supports your language & framework.
Secure Open Public Cloud Ecosystem Red Hat have a Public Cloud ecosystem with certified cloud providers with architectures that go to work today In Switzerland Swisscom are our certified partner for Public clouds Built around proven Red Hat Enterprise Linux, KVM, svirt Subscription portability for Enterprise workloads!
Thanks for Listening Finding out more Engage with your local Red Hat crew here in Switzerland Read my blog www.cloudevangelist.org Read the Red Hat Open Cloud portal www.redhat.com/opencloud My Twitterfeed - @emeacloudguy My email address cloudguy@linux.com / rmm@redhat.com
THANK YOU 29