DO the CLOUD donderdag 12 mei 2011 Aviodrome - Lelystad
DO the CLOUD Waarom u nog niet naar de Cloud moet migreren Ron Moerman Technology Officer Sogeti
Waarom u nog niet naar de Cloud moet migreren Is de Cloud fout? Ron Moerman 12 mei 2011
Cloud? Welke Cloud? Private Public Traditional DC Virtualized DC In-house Private Cloud Dedicated External Private Cloud Multi-tenant External Private Cloud Managed Public Cloud high Control low low Economy of scale high
Het Cloud-landschap standard app business app business app standard app standard app software Salesforce.com Microsoft business Office 365 Google Apps IBM app LotusLive middle ware middle ware platform Force.com Microsoft Azure Google middle AppEngine VMware ware Foundry IBM WebSphere infrastructure Amazon EC2/S3 IBM CloudBurst VCE vblock VMware vcloud Hyper-V Cloud
It s a virtual world, isn t it? Datacenter server utilization in 2007 slechts 18% Gartner (2010): overall utilization slechts 18% (x86 12%) Server virtualisatie in productieomgevingen: ESG Research (Nov.): slechts 39% van de VM s Prism Microsystems (2010): 30% gevirtualiseerd Forrester (2010): 91% gebruikt server virtualisatie voor productiedoeleinden, versus 78% in 2009
Cloud Providers vs Enablers
De Cloud is fout!
10 redenen om niet naar Cloud te migreren beschikbaarheid continuïteit data lock-in vertrouwelijkheid performance complexiteit schaalbaarheid aansprakelijkheid licenties variabele kosten
Er was eens een datacenter SaaS-provider Security A & A federation Distributie Applicatie drie Uw bedrijf Applicatie één A & A Applicatie twee Distributie Security
dat ging naar de Cloud SaaS-provider IaaS-provider Security A & A federation A & A Security Distributie Applicatie drie Applicatie vier Distributie Uw bedrijf Applicatie één A & A Applicatie twee Distributie Security
en wilde toen graag integreren IaaS/PaaS/SaaS-provider Integratieplatform Security A & A A & A Messaging/ WO Distributie Applicatie Applicatie drie vier Distributie Security Bedrijf Applicatie één A & A Applicatie twee Distributie Security
NIST Cloud Reference Diagram Cloud Consumer Cloud Auditor security audit service layer SaaS PaaS IaaS Resource abstraction & control layer Cloud Provider Cloud service management Business Support Provisioning & Configuration security privacy Cloud Broker service intermediation service aggregation privacy audit performance audit Physical resource layer hardware facility Portability & interoperability service arbitrage Cloud Carrier
Cloud Architectuur Modellen DMTF Cloud Services Reference Architecture IBM Cloud Reference Architecture CSA Cloud Reference Model DYA Infrastructuur Bouwblokken Model Cisco Cloud Referene Architecture Framework IETF Cloud Reference Framework GSA Federal Cloud Computing Initiative Cloud Computing Framework Initiative SNIA Cloud Data Management Interface
Belangrijkste elementen Actors: Provider, Consumer, Developer [, Auditor, Broker, Carrier] (responsability/role) Layers/delivery models: IaaS, PaaS, SaaS [, BPaaS, Cloud Management Platform] Physical, Abstract, Control, Application, Managament Layers Interfaces: Service API s Data/interface formats Admin portals Management services
Sogeti Cloud Framework entrypoint doel decision point DO the Cloud?? awareness!? bedenkingen -> roadmap bewustwoording inzicht mogelijkheden businessvalue risicobeheersing compliancy issues continuiteit stappenplan quick win architectuur workshop assessment readiness experiment Office 365/Azure PoC Testtool in the Cloud Hybrid vcloud PoC implement Productivity tools OTA in the Cloud Cloud integratie productiviteit <> applicatie ontzorgen commodity productiviteit kostenreductie ontzorgen platform flexibiliteit standaardisatie Awareness Business case Architectuur Strategie BCM Security operate OTA in the Cloud Cloud applicaties Cloud services +- capaciteit flexibiliteit kostenreductie ontzorgen infra
Cloud decision points Capability & Technical Fit Legal & Licensing Transition & Migration Business Business Trans- Value formation Security Governance & & Compliance Architecture (Privacy) Application Integration Lifecycle Management Service Management (SLA s) Business Business - IT IT
Uw Private/Public Cloud ankerpunten standard app business app business app standard app standard app software business app user productivity identity management data classification middle ware middle ware platform middle ware cloud principles usage patterns service management infrastructure automated provisioning massive virtualisation
Scenario OTA in the Cloud uw bedrijf Cloud test.domain.nl server 1 server 2 database VS2010 VDI
Scenario OTA in the Cloud uw bedrijf Cloud test.domain.nl AD DC test.domain.nl database AD DC server 2 server 1 VS2010 database 2
Scenario OTA in the Cloud Capaciteit uw bedrijf Ontwikkeltools Integrated Cloud Appropriate for Stand-alone test scenario s test.domain.nl Pros No integration required No Identity federation needed Various workloads Low CAPEX Cons No SSO No integration tests VS2010 AD DC Appropriate for Standard development environments Pros Easy provisioning Anywhere access Scalable Manageability Cons Not one-size fits all Performance AD DC test.domain.nl Appropriate for Complex workloads Pros SSO with corp. database cred Self-service Scalable Anywhere access Co-existence scenarios Cons More complex architecture Higher CAPEX High bandwidth needs server 2 server 1 database 2
Scenario Productivity in de Cloud : Office 365 uw bedrijf Cloud domain1.local domain2.local AD DC IE AD DC MS AD UPN: ron@domain1.nl MSOL ID
Scenario Productivity in de Cloud : Office 365 uw bedrijf Cloud domain1.local DirSync domain2.local AD DC IE AD DC MS AD UPN: ron@domain1.nl MSOL ID
Scenario Productivity in de Cloud : Office 365 uw bedrijf Cloud domain1.nl domain1.local AD DC domain2.local ADFS 2.0 SAML WS-* MS FG IE AD DC UPN: ron@domain1.nl MSOL ID
Scenario Productivity in de Cloud : Office 365 uw bedrijf Cloud domain1.nl SAML WS-* AD DC ADFS 2.0 MS FG IE UPN: ron@domain1.nl MSOL ID
Scenario Productivity in de Cloud : Office 365 1. MS Online uw bedrijf IDs domain1.nl Appropriate for Smal orgs without AD on-premise Pros No servers required onpremise AD DC Cons IE No SSO No Strong Auth 2 sets of credentials to manage with differing password policies IDs mastered in the cloud ADFS 2.0 2. MS Dir Sync 3. Federated Cloud IDs Appropriate for Appropriate for Medium/Large orgs with SAML Medium/Large enterprise AD on-premise WS-* Pros Pros SSO with corp. cred Users and groups MS FG IDs mastered on-premise mastered on-premise Password policy Enables co-existence controlled on-premise scenarios Strong auth solutions possible Cons Enables co-existence No SSO scenarios No Strong authentication UPN: 2 sets of credentials to ron@domain1.nl Cons manage with differing High availability server password policies deployments required Single server deployment MSOL ID
Be prepared! in uw Private Cloud first steps Fix uw domain(s) Manage uw identities Standaardiseer Decision Points Learn by doing Betrek de business Virtualiseer Automate Clasificeer Het Nieuwe Beheren