Secure Bridge to the Cloud

Similar documents
CoIP (Cloud over IP): The Future of Hybrid Networking

Zentera Cloud Federation Network for Hybrid Computing

CLOUD COMPUTING OVERVIEW

LOW RISK ADOPTION OF CLOUD INFRA- STRUCTURE FOR ENTERPRISES

The High Availability and Resiliency of the Pertino Cloud Network Engine

VMware vcloud Powered Services

SOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for On-boarding

How To Compare The Two Cloud Computing Models

SOFTWARE DEFINED NETWORKING

Delivering Managed Services Using Next Generation Branch Architectures

Cisco and Citrix: Building Application Centric, ADC-enabled Data Centers

Cloud Computing Security: Public vs. Private Cloud Computing

VMware Hybrid Cloud. Accelerate Your Time to Value

VMware vcloud Networking and Security

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

5 Key Reasons to Migrate from Cisco ACE to F5 BIG-IP

WHITE PAPER. Building Blocks of the Modern Data Center

SOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for Disaster Recovery

Developing SAP Enterprise Cloud Computing Strategy

Horizontal Integration - Unlocking the Cloud Stack. A Technical White Paper by FusionLayer, Inc.

Competitive Comparison Between Microsoft and VMware Cloud Computing Solutions

The Advantages of Cloud Services

Elastic Private Clouds

Cisco and Citrix Solution

Enterprise Cloud Solutions

Front cover IBM SmartCloud: Becoming a Cloud Service Provider

The Production Cloud

Cisco Unified Data Center

How To Protect Your Cloud From Attack

Cloud Computing; What is it, How long has it been here, and Where is it going?

Migration and Disaster Recovery Underground in the NEC / Iron Mountain National Data Center with the RackWare Management Module

T-SYSTEMS Cloud STORY

Fujitsu Dynamic Cloud Bridging today and tomorrow

Deliver Desktops as a Service! With VDI 2.0!

I D C T E C H N O L O G Y S P O T L I G H T

Building success in the cloud

Consumption IT. Michael Shepherd Business Development Manager. Cisco Public Sector May 1 st 2014

Managing the Cloud as an Incremental Step Forward

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

O p t i m i z i n g t h e N e t w o r k t o M e e t T o m o r r o w ' s I C T D e m a n d s

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Second-Generation Cloud Computing IaaS Services

Private Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Commercial Software Licensing

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

Cloud Computing. Andy Bechtolsheim Chairman & Co-founder, Arista Networks. November 12 th, 2008

UNIFYING THE HYBRID CLOUD

Security Considerations for Public Mobile Cloud Computing

How To Monitor Hybrid It From A Hybrid Environment

Building an AWS-Compatible Hybrid Cloud with OpenStack

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Cloud, SDN and the Evolution of

Journey to SaaS: How You Can Grow Your Software Business by Moving to the Cloud

Cloud computing: Innovative solutions for test environments

vision realize your software-defined with the Digital Data Center from Atos Whitepaper

A Study of Infrastructure Clouds

cloud Development Strategies - Part 1

Cloud computing and SAP

Accelerate the journey to your Cloud

VIRTUALIZING THE EDGE

Intel IT Cloud 2013 and Beyond. Name Title Month, Day 2013

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

Ironside Group Rational Solutions

Virtualization, SDN and NFV

The business owner s guide for replacing accounting software

I D C V E N D O R S P O T L I G H T. H yb r i d C l o u d Solutions for ERP

From Private to Hybrid Clouds through Consistency and Portability

1 Introduction. 2 What is Cloud Computing?

Always On Infrastructure for Software as a Ser vice

End-to-End Cloud Elasticity

See what cloud can do for you.

Modern Application Architecture for the Enterprise

Cloud Computing - Architecture, Applications and Advantages

Covering my IaaS: Security and Extending the Datacenter. Brian Bourne Tadd Axon

Brochure. Update your Windows. HP Technology Services for Microsoft Windows 2003 End of Support (EOS) and Microsoft Migrations

WHITE PAPER. A Practical Guide to Choosing the Right Clouds Option and Storage Service Levels.

A Comprehensive Cloud Management Platform with Vblock Systems and Cisco Intelligent Automation for Cloud

Migrating to a Managed Service Model through Automation

HP CLOUD SYSTEM. The most complete, integrated platform for building and managing clouds featuring Intel technologies.

Hybrid Cloud Architecture: How to Streamline Hybrid Cloud Migration

Transcription:

Secure Bridge to the Cloud Jaushin Lee, Ph.D. September 2013 1

Table of Contents The promise for enterprise hybrid cloud computing... 3 Reality facing enterprise today... 3 Connecting the dots... 6 Secure and elastic bridge to the cloud... 8 Who owns the cloud bridge? CSP or enterprise IT?... 9 2

The promise for enterprise hybrid cloud computing Cloud computing technology has been rising in recent years at full speed, carrying with it many promises to innovate how people access their applications and data in their daily life. This technology trend is also pushing enterprises to next level on how to approach customers and run internal operations. According to IDC s forecast on cloud IT spending, worldwide spending on public IT cloud services is expected to approach $100 billion in 2016. From 2012 2016, public IT cloud services will enjoy a compound annual growth rate of 26.4%, five times that of the IT industry overall, as companies accelerate their shift to the cloud services model for IT consumption. Cloud computing has been delivering its promise to simplify the digital life for consumers and enterprise. By using a tablet device as an example a user can have an application up and running from a remote location all operating in a virtual environment in minutes and the compute requirements are immediately satisfied. This user no longer needs any computer technology background or knowledge of how to install the app on his/her device though an operating system or even where to save and backup the data. This is only one key benefit out of many using cloud infrastructure. Another example would be the ease of a grade school student helping a senior installing an app on an ipad using the cloud versus doing anything on a PC. In an ideal world, this simplicity of cloud functionality for consumer applications would also apply to the enterprise world. Optimally when an enterprise wants to roll out a new business application worldwide, they should be able to upload the application to remote virtual cloud and just release to the world. When an enterprise runs short on the internal computing resources, they should be able to burst their extra workloads anywhere from their internal locations worldwide to any cloud datacenters and proceed without interruption. When enterprise adopts a new software application offered via a SaaS model, they should be able to easily add it to their application work flow in the cloud and roll out to their worldwide workforce. It would be really ideal if those actions can be executed by enterprise as easily as tapping a tablet or clicking a mouse. Reality facing enterprise today Today enterprise has not achieved a cloud utopia. Unfortunately, today s enterprise has not achieved a cloud utopia. While the cloud 3

datacenter is becoming virtualized, connecting to it with a secure and elastic infrastructure is still a challenge. Porting enterprise applications over such an infrastructure as if it is a converged and transparent fabric has major hurdles to resolve, which aren t well understood, but are in fact difficult to handle. The outsourcing model has been part of standard enterprise business operations for more than a decade. Enterprise naturally considers IaaS cloud service as computing resource and management outsourcing. However, a new factor to consider with a cloud computing model is the multi-tenancy environment. Historically none of the managed service companies would ever mix customer s resources and data with others. Also, enterprise has always felt it to be very important not to give away the control to service providers. Today to properly mitigate the risk and take advantage of the public cloud infrastructure in a multi-tenancy environment, enterprise has to maintain or even enhance their security control, while outsourcing compute resources to the public cloud. To achieve this goal, enterprises will have to allocate significant amount of IT resources to safeguard their application and data in the public cloud and to re-engineer part of their internal legacy infrastructure to connect and work with the public cloud. Security concerns and business liability can limit IaaS cloud vendor opening direct access to the control of their cloud datacenter for customer configuration. To enterprise, the public cloud datacenter operates like an island. On the horizontal landscape of a hybrid cloud infrastructure, enterprise has to design a new infrastructure that spans and connects multiple of such islands worldwide with their internal resources so that the enterprise applications can run on the top of such a hybrid infrastructure. Conceptually this action may be viewed simply as extending enterprise datacenters to a remote site. However, in reality this task is never the same as the conventional practices adopted inside enterprise. The major difference arises because the control of the public cloud datacenter is owned by a different network authority the IaaS Cloud Service Provider (CSP). From the IaaS CSP s perspective, allowing thousands of enterprises to have direct access control of their datacenters for infrastructure configuration may not be acceptable due to security concerns and business liability. Today most modern cloud datacenters operate with full automation. It may not lead to the CSP s benefit by providing more transparency or customization capabilities of their datacenter to 4

customers. As a result only limited access is frequently offered by the CSP s. The access is executed through a carefully crafted set of APIs offered via the cloud management layer, instead of directly applying to the underlying hardware devices and infrastructure. This is yet another new practice for enterprise IT as the network engineering was conventionally executed by directly accessing and setting the low-level components. Each of these points implies a steep learning curve, development efforts in creating new operation scripts, and potentially lack of accessibility for performance trouble shooting, and therefore, decreasing efficiency. Many of the cloud infrastructure technology are not yet virtualized nor converged, leading to an unavoidable requirement of a deep touch to the lower layer physical infrastructure. To successfully build a hybrid cloud federation infrastructure connecting the enterprise inside and the public cloud outside, enterprise has to consider various technical issues such as network, infrastructure security (e.g. peripheral firewall), data encryption, data transport and data storage and access infrastructure, etc. If we take a deep vertical look into the cloud solution stack on either side of the federation system, many of the technologies are not yet virtualized nor converged to support the enterprise s requirement of building a hybrid cloud infrastructure directly connecting to the public cloud datacenter. The lack of infrastructure virtualization technology leads to an unfortunate requirement of a deep touch to the lower layer physical infrastructure on both ends of the federation system, which results in a big hurdle for enterprise to validate new business models using cloud. Let s use an example. To federate multiple cloud datacenters with a few enterprise remote sites worldwide, a multiple-link VPN structure may be appropriate. This means that the VPN deployment on the enterprise side touches the physical layer of the network shielded by a corporate firewall. Enterprise IT has to work with the cloud vendor to set up the links to their worldwide locations and make sure the VPN drop on the edge of the enterprise network is extended to the internal computing farm. This build can be intensive and security sensitive (since it is going from outside of the enterprise into their sensitive computing environment). Also the enterprise s existing security infrastructure, e.g. corporate firewall and IDS/IPS, needs to be re-configured to cope with the change, meaning opening firewalls. 5

Once a VPN tunnel is established between the public cloud and internal computing regions, both forward firewall and reverse firewall are required to prevent external network attacks as well as internal IP leak through the tunnel. Once all these new infrastructure components are carefully designed in, the enterprise IT then needs to consider how to transport the applications and data through this secure tunnel to the cloud, on demand, with full automation. Throughout this task, many actions are coupled with the low level physical infrastructure intertwined with various corporate compliance and policy; therefore it is taking significant efforts for enterprise IT to proceed smoothly. The end-to-end cloud connection infrastructure is never elastic as a cloud it s a permanent build structure just like the good old days. Putting all these multiple dimensions together, enterprise IT requires efforts to make the Cloud Bridge happen. The biggest challenge for the IT team is that this is a brand new experience: innovating virtualization technology that is rapidly evolving. Since the implementation involves multiple authorization parties in control with potential conflict of business interests, it is even more complicated. Enterprise IT has to assure appropriate staff with necessary knowledge and training to cope with the challenge. Given all the efforts required to complete a successful build of the connections to public cloud datacenters worldwide, it is very likely that the enterprise will become permanently locked to one cloud vendor for a significant period of time. We may parenthetically note that if one zooms out and observes the overall approach from a high level, it will be found that the end-to-end cloud connection infrastructure is never as elastic as a cloud it s more a permanent build, just like the good old days. Connecting the dots Today the worldwide IT spending on public cloud is still less than 5%. All IaaS cloud service providers (CSP) recognize the premium opportunity is coming from the enterprise market, and the enterprise adoption of IaaS cloud is still at its infancy. Therefore, the capability to successfully support enterprise s adoption of the IaaS cloud becomes the most important business strategy for IaaS CSP for two immediate business reasons: To win market share and increase ARPU (Average Revenue Per Unit) To break away from commodity competitions 6

The market has made observations on enterprise s requirements for using a public cloud or building a hybrid cloud, and they are actually simple: Enterprise are in control (while outsourcing computing resources and infrastructure to the cloud service provider) Enterprise wants to protect their data (and no one else including the cloud service provider can compromise their security key) Ease of deployment, internal and in the cloud (where the whole process is easy as clicking a mouse) Avoid lock-in with any CSP (where a permanent bridge is never a good idea) The enterprise requirements for hybrid cloud are simple to describe, but may not be easy to realize. The enterprise requirements for hybrid cloud are simple to describe, but may not be easy to realize in a multi-tenancy cloud environment. We have multiple observations here for the challenge. First, a CSP datacenter that hosts many enterprise tenants is not new; opening infrastructure control under the cloud to the tenants is new. The datacenter virtualization technology and products in the market have been designed as an enterprise product that serves one IT authority who controls the datacenter implementation (i.e. under the cloud), not yet optimized for the purpose of supporting a large amount of enterprise customers (i.e. like a service provider product ) for direct access (over the cloud). For the security consideration in a multi-tenancy cloud environment, it is a challenge for CSP to balance its act in meeting customer s requirements and reducing its own risk for business liability. To properly address this challenge, the CSP may require deep technology and infrastructure touch in the already invested cloud datacenter, which may raise serious financial concerns. CSP has been implementing a two-level control concept in their IaaS cloud business offering. The high level control is defined as customer s responsibility (over the cloud). However, the tools provided by CSP have been very much limited for enterprise to meet their security requirements in the cloud. Second, it is difficult and beyond the scope for CSP to overcome or even to address the infrastructure build efforts happening inside enterprise. It is an infrastructure implemented and owned by each enterprise, and it can be different from customer to customer. Touching 7

enterprise legacy infrastructure is not an option for CSP. To help enterprise building hybrid cloud secure bridge, CSP has to offer some kind of virtual infrastructure so that enterprise can adopt without disrupting the underlying legacy implementation. This innovative virtualization technology is completely lacking in today s market. Secure and elastic bridge to the cloud For a cloud bridge connecting enterprise and a public cloud, the entire infrastructure is virtual and elastic, just like cloud. To meet the enterprise requirements in a hybrid cloud federation environment, the image we want to convey is a bridge with two pillars, one on each end of the bridge, just like the renowned San Francisco Golden Gate Bridge. For a cloud bridge in this concept connecting enterprise and a public cloud, the entire infrastructure is virtual and elastic, just like the cloud. This virtual infrastructure for the hybrid cloud is decoupled from the underlying network and cloud hypervisor (i.e. over the cloud) on both sides of the cloud bridge. With this virtual infrastructure, enterprise can easily implement the connection to the cloud and meet their requirements without disrupting the pre-existing investments. With this kind of virtual infrastructure technology supporting the build of the cloud bridge, the CSP and enterprise can easily execute and meet the following business requirements: 1) CSP will implement a two-level control in their cloud datacenter; enterprise will control the security related virtual infrastructure that protects and isolates their application and data over the cloud, and then CSP controls the datacenter and physical security and management under the cloud. In this model, the enterprise achieves their security and compliance requirements without having their security and virtual infrastructure coupled with the low level implementation of a cloud datacenter. With this capability, the CSP preserves their datacenter investment, reduces their liability risk, and yet successfully serves the enterprise as part of their critical business target. 2) Enterprise is offered with this secure virtual infrastructure solution to build the necessary pillar for the hybrid cloud inside their internal legacy infrastructure as well as to connect to the public cloud datacenter. Since this virtual infrastructure is 8

decoupled from the underlying infrastructure, it becomes much easier and efficient for IT to proceed with their cloud projects. Because of the elastic and virtualization technology for such an infrastructure, full end-to-end automation for a hybrid cloud will become a reality. Who owns the cloud bridge? CSP or enterprise IT? We are not certain how the business model will evolve. But, we are very sure that the virtual bridge will become a reality. If you would build a new Golden Gate Bridge connecting two states, which state is going to own the bridge and collect the toll? Both CSP and enterprise will enjoy critical business benefits when building such a secure cloud bridge for the hybrid cloud. If enterprise owns the technology, it will enjoy all benefits we have discussed above for the enterprise, plus one additional item capability to build the secure bridge to any CSP independently, with no lock-in. If CSP owns the technology and offers a cloud bridge service, the CSP will enjoy a critical set of business benefits, plus an additional item providing an infrastructure hook with other cloud federation applications into the enterprise backend as a potential cloud extension. The cloud computing virtualization and infrastructure technology is rapidly evolving, likewise for the business model that is taking advantage of it. We are not certain how the business model will evolve. But, we are very sure that the virtual bridge will become a reality in the very near future. Disclaimer Jaushin is the founder and CEO of Zentera Systems. Zentera is a Silicon Valley based cloud computing company that offers hybrid cloud federation solutions to both enterprise and cloud service providers. Please visit www.zentera.net for additional information. 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information