Journey to the Private Cloud Key Enabling Technologies Jeffrey Nick Chief Technology Officer Senior Vice President EMC Corporation June 2010 1
The current I/T state: Infrastructure sprawl Information explosion Identity access complexity Increasing threats Increasing regulation Spiraling costs vs. reduced budgets 2
Desired State: Trusted Controlled Reliable Secure On-demand Pay for Use Seamless Economies of Scale Virtualized Data Center Internal Cloud Information Identity Infrastructure Cloud Computing External Cloud 3
Cloud Computing Service Provider Priorities Ensure Confidentiality, Integrity, and Availability in a Multi-Tenant environment. Effectively meet the advertised SLA, while optimizing cloud resource utilization. Offer Tenants capabilities for self-service, and achieve scale through automation and simplification. 4
Cloud Computing Tenant Priorities Reduce costs, while maintaining or improving SLA. Maintain an appropriate level of Trust, Visibility, and Control for applications and/or services deployed to Cloud. Meet all applicable Governance, Risk and Compliance requirements. For example, organizations are required by law to demonstrate Business Continuity Compliance. 5
Desired State: Private Cloud Private Cloud requires key enabling technologies Private Cloud Control Policy-based Management SeamlessIntegration Insulation Virtualization Virtualized Data Center Internal Cloud Information Identity Infrastructure Security Cloud Computing External Cloud 6
Virtualization: Provides I/T Liquidity Insulates applications from physical infrastructure Exchange Lower IT Costs Better Utilization Virtualizati Less Complexity on File/Print Virtualizati on Quality of Service Non-disruptive application migration SAP ERP Oracle CRM Fault tolerance Container-based management Storage Pool Virtual Infrastructure CPU Pool Virtualizati on Virtualizati on Storage Pool 7
Virtual Containers create the opportunity to simplify and optimize IT management APP OS vapp and VM layer APP OS APP OS APP OS Virtual and cloud infrastructure Physical infrastructure Today most security, resource management and information management is enforced by the OS and application stack OS / application-based security specific management and visibility centric information All are complex, expensive and brittle, if not impossible to implement As virtual container levels evolve, We can surpass the levels of management possible in today s physical infrastructures by pushing security, information and resource management to the virtual container domains Simplified, unified management Regardless of OS (Windows/Unix), patch levels 8
VMware vshield Zones and RSA DLP: Building a Content-Aware Trusted Zone Overview VMware vshield Zones provides isolation between groups of VMs in the virtual infrastructure RSA deploys Data Linkage Prevention (DLP) as a virtual application monitoring data traversing virtual networks Uses centrally managed policies and enforcement controls to prevent data loss in the virtual datacenter Customer Benefits Pervasive protection Persistent protection Improved scalability APP OS Virtual Infrastructure VMware vshield zones APP APP APP APP APP APP APP OS OS OS OS OS OS OS DLP DLP DLP DLP VMware VSphere Physical Infrastructure 9
Private Cloud Trusted Zones: Key Capabilities Identity federation Federate identities with public clouds APP OS APP OS Tenant #2 Insulate infrastructure from Malware, Trojans and cybercriminals Anti-malware Cybercrime intelligence Strong authentication Virtual network security Control and isolate VM(s) in the virtual infrastructure Virtual Infrastructure APP OS APP OS Tenant #1 Insulate information from other tenants Data loss prevention Access Mgmt Security Info. & Event Mgmt Segregate and control user access Virtual Infrastructure Cloud Provider Physical Physical Infrastructure Infrastructure Enable end to end view of security events and compliance across infrastructures Insulate information from cloud providers employees GRC Encryption & key mgmt Tokenization 10
Flexible infrastructure across the Private Cloud How can we flexibly share resources across the Private Cloud Across data center infrastructure boundaries Across federated service provider boundaries (Virtual) DataCenter Cloud Compute Service Provider VPN Organization A Cloud s 11
Desired State: Private Cloud Private Cloud requires key enabling technologies Private Cloud SeamlessIntegration Virtualization Virtualized Data Center Internal Cloud Information Identity Infrastructure Security Cloud Computing External Cloud 12
Storage Virtualization: introducing EMC vplex Site A Site B Distributed Mirroring Active-Active Access A A Aggregation of Storage devices Volume management V-Plex MetroPlex V-Plex Cluster FC V-Plex Cluster Remote Export Diskless access to non-local storage A A Array Failure Protection Local mirroring Heterogeneous Geographically Distributed Storage Non Disruptive Data Mobility Inter-array migrations 13
vplex evolution VPLEX Local VPLEX Metro VPLEX Geo VPLEX Global Anywhere Asynchronous Synchronous Data Center Access Anywhere 14
Network Virtualization: Seamless Layer 2 VLAN integration Enable VM mobility without IP address changes or connection drops Virtual Machines can escape IP address block prisons Extend layer 2 VLANs over arbitrary network connectivity Seamless add/ drop of edge nodes w/o need to reconfigure other edge notes Core West IP A IP B East IP C South 15
Vmware VMotion Move virtual machines from one physical server to another - while running Eliminate downtime and provide continuous service Shift underlying hardware resources dynamically Balance workloads across the data center to optimize computing resources 16
Data Center Elasticity across physical boundaries Standalone Consolidation Pools of Cooperation Data Center A Data Data Center B Data Data Center D Data Data Center C Standalone Consolidation Pools of Cooperation Data FAST Federation Enables private cloud computing 17
Service Management across the Private Cloud But how can we deliver a business relevant SLA with Customer-controlled app deployment, resource allocation and management With visible compliance to both committed SLA and Regulatory controls??? Across data center infrastructure boundaries Across federated service provider boundaries (Virtual) DataCenter Cloud Compute Service Provider VPN Organization A Cloud s 18
Desired State: Private Cloud Private Cloud requires key enabling technologies Private Cloud Control Virtualized Data Center Internal Cloud Policy-based Management Integration Virtualization Information Identity Infrastructure Security Cloud Computing External Cloud 19
Virtual s: vapp A New Model for Describing and Deploying s A logical IT service provided as a collection of VMs and any supporting infrastructure VMs (Virtual Appliances) Network connections between these Managed as a unit, not as independent components One-click provision, power-on, snapshot, backup The right view for managing & achieving SLAs E-commerce vapps IIS Tomcat App Server Oracle 20
Policy Travels with VMs and vapps Open Virtual Framework (OVF) includes instructions for the infrastructure Policy is described and attached to the Virtual Policy-based management is maintained across VM deployments and Vmotions Policy Name: ecommerce 1. Only port 80 is used 2. 100 ms web response 3. VRM: Encrypt w/ SHA-1 4. DR RPO: 0 minutes 5. Continuity Compliance 6. Scalable WebServer 7. AppServer Security 21
Cloud Services [Virtual] Private Clouds Definition: Subscription to and usage of Cloud Services that are delivered over a virtual private network, where a private instance of the service is based on a common virtual infrastructure model, and wherein an integrated SLA with business relevant metrics is offered The contract is with the virtual environment (Virtual) DataCenter Service Provider Cloud Compute Extra Capacity VPN Organization A Cloud s 22
Seamless Private Cloud Service Delivery Primary Datacenter VM s Secondary Datacenter / Service Provider Monitoring Backup Virtual Datacenter OS 23
Data Protection-as-a-Service Business Continuity Compliance PoC Customers See Data Protection Status And Cost Service Providers One Solution Across All Customers For SLA Management Customer A Monitoring Customer B Customer C Data Protection Advisor Alerting Troubleshooting Optimization Capacity Planning Backup Clients Virtual Environments NAS SAN Replication DeDupe VTL Business Apps Reporting 24
Monitoring and Managing Policy Compliance Across virtual, physical, internal and external infrastructures Virtual infrastructure management VMware vcenter APP OS APP OS Virtual Infrastructure Tenant #2 GRC Compliance Dashboard: End-to-end compliance reporting 25 BCC End-to-end business continuity SLA correlation / analysis EMC DPA data recovery management for physical and virtual infrastructures APP OS APP OS Virtual Infrastructure Tenant #1 Cloud Provider Physical Infrastructure 25
Management & Monitoring Elasticity For the Virtual Private Cloud: 26
The Journey to Private Clouds [Virtual] Private clouds will transform how we think about IT As a service The impact to businesses will be considerable Exploit new economics with confidence Clear and logical pathway Preserving existing investment in applications, infrastructure and information Ensuring preservation of security, privacy, and control Compliance to SLA and Regulatory policies 27