Zentera Cloud Federation Network for Hybrid Computing



Similar documents
CoIP (Cloud over IP): The Future of Hybrid Networking

Secure Bridge to the Cloud

Data Center Migration Lift and Shift Use Case Scenario

IT Infrastructure Services. White Paper. Utilizing Software Defined Network to Ensure Agility in IT Service Delivery

Migration and Disaster Recovery Underground in the NEC / Iron Mountain National Data Center with the RackWare Management Module

Consumption IT. Michael Shepherd Business Development Manager. Cisco Public Sector May 1 st 2014

Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module

Fujitsu Dynamic Cloud Bridging today and tomorrow

Software-Defined Networks Powered by VellOS

Cisco Hybrid Cloud Solution: Deploy an E-Business Application with Cisco Intercloud Fabric for Business Reference Architecture

Cisco Prime Network Services Controller. Sonali Kalje Sr. Product Manager Cloud and Virtualization, Cisco Systems

Flexible SDN Transport Networks With Optical Circuit Switching

Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module

Cisco Cloud Onboarding Solution

A Cloud WHERE PHYSICAL ARE TOGETHER AT LAST

Software Defined Network (SDN)

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION

Cisco Intercloud Fabric Security Features: Technical Overview

FROM A RIGID ECOSYSTEM TO A LOGICAL AND FLEXIBLE ENTITY: THE SOFTWARE- DEFINED DATA CENTRE

SECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX

EVOLVED DATA CENTER ARCHITECTURE

Optimizing Data Center Networks for Cloud Computing

ALCATEL-LUCENT ENTERPRISE DATA CENTER SWITCHING SOLUTION Automation for the next-generation data center

Sistemi Operativi e Reti. Cloud Computing

PLUMgrid Open Networking Suite Service Insertion Architecture

The High Availability and Resiliency of the Pertino Cloud Network Engine

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL

Cloud, SDN and the Evolution of

Virtualization, SDN and NFV

Maginatics Cloud Storage Platform A primer

Implementing Microsoft Azure Infrastructure Solutions

Cloud Computing: What IT Professionals Need to Know

Optimizing Service Levels in Public Cloud Deployments

Data Center Virtualization and Cloud QA Expertise

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION

Ensuring High Service Levels for Public Cloud Deployments Keys to Effective Service Management

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

VMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION

Hybrid Cloud: Overview of Intercloud Fabric. Sutapa Bansal Sr. Product Manager Cloud and Virtualization Group

Cloud Security Axians Carrier & Broadband Days. Christof Jungo C1, Public (Axians Carrier Days) September 15 Darmstadt

Taking the Open Path to Hybrid Cloud with Dell Networking and Private Cloud Solutions

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

An enterprise- grade cloud management platform that enables on- demand, self- service IT operating models for Global 2000 enterprises

From SDN to SDC. Requirements for the Next Generation Cloud. Lisboa, Junho 2014

OpenStack. Orgad Kimchi. Principal Software Engineer. Oracle ISV Engineering. 1 Copyright 2013, Oracle and/or its affiliates. All rights reserved.

This document describes how the Meraki Cloud Controller system enables the construction of large-scale, cost-effective wireless networks.

Cisco Cloud Architecture for the Microsoft Cloud Platform

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure

Enterprise Cloud Solutions

SOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for On-boarding

Software Defined Environments

NFV Management and Orchestration: Enabling Rapid Service Innovation in the Era of Virtualization

vcloud Air Simone Brunozzi, VP and Chief Technologist, vcloud 2014 VMware Inc. All rights reserved.

Zerto Virtual Manager Administration Guide

Plan for Success with a Hybrid Cloud! Thanks to IBM Power Systems OpenStack SoftLayer and UrbanCode

Evolution from the Traditional Data Center to Exalogic: An Operational Perspective

HOW SDN AND (NFV) WILL RADICALLY CHANGE DATA CENTRE ARCHITECTURES AND ENABLE NEXT GENERATION CLOUD SERVICES

CloudCenter Full Lifecycle Management. An application-defined approach to deploying and managing applications in any datacenter or cloud environment

Successfully Deploying Globalized Applications Requires Application Delivery Controllers

<Insert Picture Here> Infrastructure as a Service (IaaS) Cloud Computing for Enterprises

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

How To Cloud Compute At The Cloud At The Cyclone Center For Cnc

Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led

Cloud Computing: Making the right choices

Proactively Secure Your Cloud Computing Platform

BROCADE NETWORKING: EXPLORING SOFTWARE-DEFINED NETWORK. Gustavo Barros Systems Engineer Brocade Brasil

Cloud Services Catalog with Epsilon

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

How OpenFlow -Based SDN Transforms Private Cloud. ONF Solution Brief November 27, 2012

Building the Business Case for Cloud: Real Ways Private Cloud Can Benefit Your Organization

Hybrid Cloud Computing

Simplified Private Cloud Management

Bridging the gap between local IT and Cloud services, keeping you in control

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

U s i n g S D N - and NFV-based Servi c e s to M a x i m iz e C SP Reve n u e s a n d I n c r e ase

IPOP-TinCan: User-defined IP-over-P2P Virtual Private Networks

VMware vcloud Architecture Toolkit Public VMware vcloud Service Definition

EMC SYNCPLICITY FILE SYNC AND SHARE SOLUTION

SDN Software Defined Networks

2013 ONS Tutorial 2: SDN Market Opportunities

Where in the Cloud are You? Session Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle)

Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES

SteelFusion with AWS Hybrid Cloud Storage

cloud computing by Orange séminaire Aristote 17/12/2009

Cisco Unified Data Center

Cisco Intercloud Fabric for Business

Transcription:

Zentera Cloud Federation Network for Hybrid Computing The New Era of Hybrid Computing Cloud computing technology, the next computing paradigm after client-server, will shift enterprise IT to a new era of hybrid computing. This paper is not about the benefits of cloud computing which is amply discussed elsewhere in a multitude of publications. This is about the challenges of hybrid computing infrastructure and how to see through the weeds to find the right solution. The root cause of complexity in hybrid cloud implementations is that most existing solutions attempt to kludge together on premise datacenters with cloud provider platforms by rewiring on premise components on one end of the network and programming lots of cloud provider APIs on the other to form a hybrid infrastructure. Anyone who has attempted this can attest that it is tedious and time consuming and the output is clumsy in most cases and, even worse, this approach locks in the customer with the cloud service provider. The enterprise may no doubt end up having access to the cloud provider but they are not in a good place in the long run as far as scalability, reproducibility, flexibility, and manageability are concerned. CHALLENGES Any typical enterprise computing infrastructure includes components such as computing resources, network, security, data encryption, transport, and resource management systems. It is typically designed and managed by a single IT organization. The implementation frequently involves many components and parts, both hardware and software, provided by a number of vendors, that are provisioned to work together to achieve the design goal. The implementation is usually highly customized involving many configuration points with high interdependences and can be error prone. Over time, it also becomes expensive to touch any part of the infrastructure to meet new business requirements. Security is a critical part of the computing infrastructure especially in the Internet era with various cybersecurity concerns and challenges. Copyright 2015 Zentera Systems, Inc. 1

Consequently, once the computing infrastructure is hardened, as any IT manager would know, security concerns constrain enterprises from making modifications to their infrastructure. Now, when you move to a hybrid computing environment, you are typically trying to take this enterprise computing structure and connect it with one or more cloud service provider platforms. Each cloud service provider platform is unique in its design, implementation components, engineering practices, and security requirements and is managed by an IT administration that is constrained in responding to the individual needs of every enterprise. While it is challenging in itself for enterprise to customize and manage their own computing infrastructure, integrating it with one or more cloud service providers becomes a massive hurdle for hybrid computing. On the other side the undoubted mission of cloud service providers is to present their infrastructure to enterprises and allow the enterprise to customize it to suit their requirements. However, cloud service providers, for various reasons including automation, scalability and accountability, would not accept any direct responsibility of customization and would rather provide tools to enterprises to accomplish their own goals. These tools are the complex set of APIs that are unique to each cloud service provider. There are huge limitations to this approach. Firstly, not everything in the cloud datacenter is programmable. Additionally, CSPs would not want to allow access to everything on their network due to security concerns. That sets the limit to the level of customization. Even so, the requirement of the API programming imposes a huge barrier to many enterprise IT administrators who do not have enough technical background or training to work as a software programmer. These result in lengthy development cycle and error prone implementation. And, any further changes in the future still remain painful. Completing all these requirements, the enterprise is now officially and undesirably locked into the CSP. If the enterprise ventures to add or move to another provider, it has to learn a new set of APIs and a completely different implementation at the next CSP. In summary, the currently available paths to setup a hybrid computing environment are complex, inefficient and have lengthy implementation processes. These processes could be frustrating and error prone resulting in potential security holes and risk to miss business goals. The New Era of Virtualization The practical approach to solving today s hybrid computing challenges is to not attempt to Copyright 2015 Zentera Systems, Inc. 2

kludge together disparate enterprise and CSP infrastructures, and instead to build a secure virtual layer that is decoupled from the underlying enterprise and CSP infrastructure. This is Infrastructure Virtualization technology, and the virtual layer is called the Virtual Hybrid Infrastructure (VHI). Infrastructure Virtualization is the new era of virtualization technology that includes all components in the computing infrastructure computing, network, security, data and management, together under one platform with a single point of management. Infrastructure Virtualization builds a secure virtual layer, Virtual Hybrid Infrastructure, which is decoupled from the underlying physical computing infrastructure. A single VHI implementation can be deployed over multiple sets of computing infrastructures managed and controlled by different IT administrators, inside or across network boundaries (e.g. Internet, corporate LAN, cloud domains). VHI does not change or re-provision the underlying security implementations, therefore causes no violations within existing security policies. A VHI implementation can provision a new set of security policies inside the virtual layer to address the new business requirements and policies, or to augment the legacy policies implemented in the underlying legacy infrastructure. VHI can also be implemented within a single network, for example at the enterprise datacenter, to augment existing network and security implementations. VHI is software that operates on the edge of the network and in the OS of the servers that are provisioned in the virtual infrastructure. It can be setup in a matter of days if not hours. Copyright 2015 Zentera Systems, Inc. 3

Zentera Cloud Federation Network Architecture The Zentera Cloud Federation Network (CFN) is a platform that enables enterprises to easily build a Virtual Hybrid Infrastructure implementation over a hybrid computing environment. It provides a single point of management for computing, network, security, data encryption and transport in a hybrid computing environment across multiple cloud or network domains. The diagram below presents an architectural concept for a Zentera Federation Network across two domains. The Zentera CFN is offered as a network appliance that can be deployed as a physical or virtual machine in the enterprise DMZ or as a VM in the cloud service provider s datacenter. The Zentera CFN appliance includes a suite of technology modules presented through a central web control console for enterprise IT to defines all virtual infrastructure policies from a central location and manage distributed cloud and virtualization implementations inside or outside of enterprise. The major technology modules included under the Zentera CFN are discussed below. These Copyright 2015 Zentera Systems, Inc. 4

modules help users to build the key functions in a virtual hybrid infrastructure across multiple domains, decoupled from the lower level infrastructure complexities. zcenter - the CFN management portal zcenter is the web service portal for Zentera CFN. zcenter web portal allows customers to define an Application Profile and to provision the virtual infrastructure and security that is required to support this Application Profile in a unified cloud environment, all from a web browser. The Zentera CFN allows customers to provision a virtual hybrid infrastructure in any public cloud datacenter as well as enterprise intranet, anywhere, any time. zcenter operates on the top of a cloud island which can be public or private. If the computing management system in the cloud island provides an API for computing provisioning, zcenter is able to take advantage of it via a Cloud Connector to achieve total automation in the hybrid environment. Currently zcenter supports Cloud Connectors to a number of popular public cloud datacenters (e.g. AWS, Azure, HP Cloud, Rackspace) as well as the popular private cloud orchestration systems (e.g. OpenStack). zcenter enables IT as a service in enterprises by providing advanced management and tracking features essential for the enterprise IT to separate projects and track usage within the various parts of the organization. zcenter offers multi-tier login and project management tools to support a IT self-service model within the enterprise. znet - Virtual Hybrid Network Zentera znet provides secure end-to-end network connections for computing infrastructures in public, private and hybrid clouds. Acting as the glue between islands of computing resources, znet creates virtual private WANs connecting islands of resources without requiring any changes to the underlying network infrastructure. In concert with Zentera zchamber, znet provides a complete solution for connecting and protecting computing environments. Zentera znet is different from other fabric based SDN solutions. A fabric based SDN typically programs and operates on components of the existing physical network. In hybrid cloud environments conventional SDN solutions on either side do not cross manage the fabric on both ends requiring significant coordination between CSP, enterprise IT and support groups to complete the hooks. Zentera znet uses IP forwarding technology and deploys an additional virtual network layer in the virtual hybrid infrastructure that operates above the cloud islands without requiring changes to the physical network or firewalls inside the island. znet supports a number of connection modes including server-to-server direct connections as Copyright 2015 Zentera Systems, Inc. 5

well as an edge gateway based virtual network connections. A znet edge gateway bridges znet virtual network with a local TCP/IP network. The diagram below presents the concept of the znet architecture. zchamber - the cloud chamber firewall system In a hybrid computing environment, the physical network topology underneath a virtual machine may not be controllable or changeable by the virtual layer. Provisioning conventional network based firewalls in such an environment is challenging, resulting in non-optimized, non-scalable and potentially error prone implementations. Zentera zchamber is designed to address this challenge with an innovative software based patent-pending technology that creates peripheral firewall systems in hybrid computing environments. In a cloud environment, zchamber is provisioned and controlled by enterprise customers as a virtual shield where all cloud servers and their application data flows are protected. Like other components in the Zentera solution zchamber operates at the application layer of the cloud stack, above the cloud orchestration layer. As illustrated in the figure above, zchamber automatically creates fully connected and interlocked firewalls on all cloud servers so that all connection intents from outside the chamber are fully screened by the security rules. The figure shows five cloud servers Copyright 2015 Zentera Systems, Inc. 6

interconnected with ten separate connections and protected by a total of 20 firewall rules. Each rule specifies the source and destination IP addresses and the allowed ports for each connection. Together these distributed firewall rules implement the security policy defined in the application profile defined by the user. Adding or removing a given cloud server from the zchamber automatically creates and deploys a new set of firewall rules to all cloud servers in the chamber. zchamber agnostically accommodates any mix of machines, virtual or physical, in public or private cloud domains creating a secure cloud firewall system. Dynamically accommodating firewall changes synchronized with the cloud orchestration system is key to IT productivity. zchamber installation and operation is decoupled from the legacy network infrastructures obviating the need to disturb the existing physical network. zchamber is not limited to securing the enterprise from outside intrusion. Even within an organization IT managers can use zchamber on the top of a secure corporate environment to isolate server groups from each other enabling the option to isolate projects, vendor systems, access, etc., dynamically. zsafe - secure data encryption and drop-box In a hybrid computing environment, it is critical for the enterprise to control end-to-end data encryption and transfer of data into, out of, or between computing infrastructures. The enterprise hybrid cloud environment is a good example for the needs. To achieve this goal it can be challenging for the enterprise to design and deploy a data protection, distribution, synchronization, and backup system in a hybrid cloud environment with full automation. Zentera zsafe is a data encryption and transfer system that is designed as part of the virtual infrastructure to meet the requirements in a hybrid computing environment. Using zsafe the enterprise controls how application data is transferred back and forth between distributed computing infrastructure domains. Both data-in-motion and data-at-rest are protected with Zentera enterprise grade security. In a hybrid cloud computing environment, zsafe offers an end-to-end data encryption, transport, and synchronization system for protecting data moving in and out of both cloud and enterprise datacenters. Zentera zsafe is built on secure file management technologies that encrypt data and move it from the enterprise up to the cloud for computation and move the results back to the enterprise. Because security is paramount a zsafe encryption key is generated by the system for each profile and owned by the enterprise. This allows the enterprise to protect their data in the cloud without sharing the keys with the Cloud Service Provider (CSP). Copyright 2015 Zentera Systems, Inc. 7

The zsafe infrastructure is automatically provisioned and implemented as part of the zcenter security implementation. As with the other components of the Zentera CFN there is no need to disturb underlying legacy network infrastructures. Zentera zsafe defines two data transfer paths upload and download. The data on each path will be forward synchronized in and out of the cloud automatically based on a frequency defined by users. zsafe allows users to define zsafe operating directories. All data and file structure within the path are maintained and synchronized. Using a pair of servers, zsafe moves data at the delta byte-level as needed through the secure channel between them keeping the bandwidth costs low. Data uploaded to the zsafe cache server is automatically distributed to the attached cloud servers. The frequency of synchronization can be set to either manual or periodic mode with granularity in minutes. Manual mode is typically used when data is relatively static and unchanging. Periodic mode is typically used when updates to databases or computed results require synchronization at regular intervals. With zsafe, the enterprise cloud users can automate their processes for maintaining the data integrity, securing the data in the cloud, and reducing the bandwidth consumption and therefore costs when moving data through the cloud. The result is enhanced security as well as improved productivity. Typical Industry Applications Bursting to the cloud: As in the case of businesses with cyclical computing needs (e.g. Retail) the Zentera CFN allows enterprise to build a virtual hybrid infrastructure to easily support burst to the cloud for additional computing resources during peak season. seamlessly deployed over existing environment without disrupting on-going application and workloads. Copyright 2015 Zentera Systems, Inc. 8

Secure Border Computing (SBC) for engineering development: Cutting edge silicon vendors need to interact with their eco-system partners collaboratively around a development environment. The SBC environment is typically setup inside and on the edge of the silicon vendor s legacy network infrastructure and needs to be chambered and isolated from the rest of the internal network while giving secure access to external eco-system partners. The Zentera CFN supports the build of SBC environments using a virtual hybrid infrastructure on top of legacy infrastructure and provides secure access required by eco-system partners. The same principle can be used by enterprises/retailers like Target or Walmart and applied to vendor eco-systems for supply chain automation applications that are hosted in house but need to be completely isolated from the rest of the corporate network and data. IaaS Cloud Service Provider offering: The Zentera CFN can be offered by cloud service providers to IaaS customers as a value added tool to integrate cloud infrastructure with on premise datacenters and control/manage the compute, security, networking and data in the hybrid cloud. Post M&A IT integration: Merging IT infrastructures after a typical corporate merger/acquisition between companies can be challenging with a similar set of issues as setting up a hybrid cloud. The Zentera CFN can be used to easily integrate two or more corporate IT infrastructures into a single merged IT infrastructure without the need to make complex changes to the underlying infrastructures. Inter-cloud transaction network: Another emerging application of the Zentera CFN in the inter-connection between various cloud installations including e-commerce sites, SaaS sites and other backend support infrastructure. Zentera CFN builds a virtual hybrid infrastructure supporting data and application exchange between these sites. Business Benefits Enterprises are at various stages of the adoption cycle of the cloud with the ones in the early stage using the cloud as a separate island for dev/test, storage etc. and the others at the other end of the cycle having fully integrated ubiquitous hybrid clouds. Cloud service providers on the other side are constantly evolving with new offerings and better pricing. In such a dynamic environment the enterprise can be benefited with tools that support their initiatives toward a hybrid cloud at every stage of their adoption cycle and maintain their ability to pick the best CSP at every stage now and in the future. Even within a single enterprise certain early adopter groups are farther into the adoption of the cloud, and quite often, outside the purview of the Copyright 2015 Zentera Systems, Inc. 9

enterprise IT organization. The Zentera CFN is a comprehensive solution that, in addition to solving the technical challenges of the hybrid cloud infrastructure complexity, it offers relevant tools for the enterprise at every stage of their cloud adoption cycle, prevents lock in to a CSP, and supports early cloud adopters in the enterprise while maintaining enterprise IT oversight. Written by Jaushin Lee, Ph.D. www.zentera.net Copyright 2015 Zentera Systems, Inc. 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information