rightscale webinar - coping with cloud migration challenges: best practices and security...
TRANSCRIPT
COPING WITH CLOUD
MIGRATION CHALLENGES: BEST PRACTICES AND
SECURITY CONSIDERATIONS
Agenda & Speakers
®
Rishi Vaish
VP of Product
Amrit Williams
CTO
• RightScale’s State of the Cloud
survey
• Why hybrid cloud is the standard of
choice
• 3 strategies for existing cloud server
workloads
• Benefits and security challenges of
migrating to cloud infrastructures
• Choosing a hybrid strategy
Cloud Usage is Ubiquitous…
Enterprises are Choosing Multiple Clouds
0%
20%
40%
60%
80%
100%
Cloud Beginners Cloud Explorers Cloud Focused
% o
f R
esp
on
de
nts
Benefits Grow with Cloud Maturity % of Respondents Reporting these Benefits
CapEx to OpEx
Business continuity
IT staff efficiency
Geographic reach
Higher performance
Cost savings
Faster time-to-market
Higher availability
Faster access to infrastructure
Greater scalability
Adoption is Driven by Clear Benefits
Source: RightScale 2014 State of the Cloud Report
What about
Existing
Workloads?
How can I migrate
existing workloads
to the cloud?
What Everyone Wants
vSphere
AWS or
other clouds
Greenfield
workloads
Migrated
workloads
Best Practice 1; Understand the realities
Best Practice:
Understand the
Realities
• Newer OS versions
• SSL termination
• Clustering of LBs
• App clustering
• Multi-cast
• Shared Filesystems
• Static IPs
14 Considerations for Migration
8
• Licensing
• Tenancy
• Scale-down Logic
• Bandwidth
• Virtual IP requirements
• Multi-master DB
• Database I/O
requirements
Three Strategies for Existing Workloads
9
Manage natively
Migrate elsewhere
Make portable
Best Practice: Be
Smart about
Strategy
Photo: stevendepolo
Segment Your App Portfolio
• Web architecture
• Elastic design
• Monolithic
• Legacy
• Traditional vendors
Cloud-Ready
• Greenfield
• Designed for cloud
Elastic Web
Traditional
Assess Apps for Cloud Readiness
12
REFACTOR
DON’T MIGRATE HOLD OFF
QUICK WINS
Technical Fit
Bu
sin
ess Im
pa
ct
App 1
App 7
App 3
App 12
App 4
App 6
App 2
App 5
App 8
App 11
App 10
App 9
Best Practice 3; Consider portability
Best Practice:
Plan for
Portability
• Lifecycle-based multi-cloud deployment
• Dev vs. Test vs. Staging vs. Prod
• New (Unpredictable) vs. Mature (Steady-State)
• Disaster Recovery
• Private for primary, Public for backup
• Geographic Reach
• Use clouds in different geographies
• Arbitrage costs
• Leverage different clouds based on costs
• Cloudbursting
• Base capacity in private, burst to public
Why Portability?
14
How to Make Portable Apps
15
RIghtScale Cloud-Enables your Enterprise
Your Cloud Portfolio
Self-Service Cloud Analytics Cloud Management
Manage Govern Optimize
RightScale Cloud Portfolio Management
Public
Clouds
Private
Clouds
Virtualized
Environments
What about
Security
and Compliance?
Place Cloud Beginners Cloud Focused
#1 Security (31%) Compliance (18%)
#2 Compliance (30%) Cost (17%)
#3 Managing multiple cloud
services (28%)
Performance (15%)
#4 Integration to internal
systems (28%)
Managing multiple cloud
services (13%)
#5 Governance/Control (26%) Security (13%)
Top 5 Challenges Change with Maturity
Top 5 Challenges Change with Cloud Maturity
Source: RightScale 2014 State of the Cloud Report
What makes cloud infrastructure great also breaks existing security approaches
19
Virtualized networks
New topologies
Highly Portable
Highly dynamic
Shared infrastructure
These cloud “pros”
become security “cons”
The days of simple infrastructure security…
20
… have given way to tremendous complexity.
21
The problem becomes more challenging in multi-cloud environments
22
Cloud Provider A
Cloud Provider B
Private Datacenter
www-
4
! www-
5
! www-
6
! www-
7
! www-
8
! www-
9
! www-10
!
www-
7
! www-
8
! www-
9
! www-10
!
www-1 www-2 www-3 www-4
Workloads become highly transient across multiple cloud environments.
ww
w-4
ww
w-4
ww
w-4
ww
w-4
Traditional Security Solutions Break…
23
Endpoint Security • Resource intensive • Licensing models • Do not work across disparate cloud environments
Virtual Appliances • No hardware acceleration • No gateway to deploy against • Do not well work across disparate cloud environments
Hypervisor Security • Affects density of virtualized environments • Limited visibility into workloads themselves • Cannot deploy into public cloud infrastructures
Cloud Security Responsibility Has Added More Complexity
24
Cu
sto
mer
Resp
on
sib
ility
Pro
vid
er
Resp
on
sib
ili
ty
Physical Facilities
Compute & Storage
Shared Network
Hypervisor
Virtual Machine
Data
App Code
App Framework
Operating System
“…the customer should assume responsibility
and management of, but not limited to, the
guest operating system.. and associated
application software...”
“it is possible for customers to enhance security
and/or meet more stringent compliance
requirements with the addition of… host
based firewalls, host based intrusion
detection/prevention, encryption and key
management.”
Amazon Web Services: Overview of Security
Processes
Shared Responsibility Model
Addressing security & compliance needs as infrastructure models migrate to cloud
25
• Strong access control
– User-auditing, privilege access monitoring, multi-factor authentication, device verification, etc…
• Exposure management
– Vulnerability assessment, configuration security monitoring, file integrity monitoring, etc…
• Compromise prevention
– Firewall management, application whitelisting, intrusion detection / prevention, data leak prevention, etc.
• Security & compliance intelligence, adherence to corporate policies
– Reporting and analytics, auditing, and standardized policy implementation, etc.
Needs Haven’t Changed
• Must work anywhere
– Traditional environments, public cloud infrastructures, private cloud infrastructures and hybrid cloud environments
• Diminished to no visibility and control
– Underlying security and control maintained by the infrastructure provider
• Hardware device limitations
– Traditional network appliance or security approaches that leverage underlying hardware are not effective or appropriate
• Dramatically higher rate of code & infrastructure change
– Highly transient workloads often in a continuous integration / delivery model
Delivery Parameters Have
CloudPassage Halo
26
• Highly automated security &
compliance platform
• Builds security directly into
compute workloads
• Secures any compute
workloads, at any scale
• Supports any cloud or
datacenter environment
• SaaS delivery model
Halo secure workloads anywhere at any scale and extends existing security investments
27
Halo API Halo Portal
# 28 #
#rightscale
Q & A and Resources
Access the 2014 State of the Cloud Report:
RightScale.com/lp/2014-state-of-the-cloud-report
Start a Free Trial of Halo
CloudPassage.com/halo
Check out our blogs
rightscale.com/blog
blog.cloudpassage.com ®