Secure Enterprise Cloud

The Secure Enterprise Cloud
Indu Kodukula
Executive Vice President and Chief Technology Officer
Satish Hemachandran
Director Product Management
www.sungardas.com

Production + DR are 80+% of Enterprise Cloud Priorities

What services are you planning to
enhance with cloud computing?

*IDG Research, 2010

© 2011 SunGard Availability Services LP. - All Rights Reserved - www.sungardas.com 2

The Cloud Promise:

COST POSITIVE
FLEXIBILITY POSITIVE

RISK ??


And Reality Bears Out There is Risk…

Jan 2011: Online image Feb 2011: Online email
service provider service provider loses
mistakenly deletes mails from 150K user
4,000 pictures from a accounts during a
paid user’s account weekend outage


Traditional Enterprise IT Risks

Changing Unplanned disaster Breach of security
Market/Business scenarios can and policy controls
conditions might significantly disrupt can lead to
need you to expand regular business business and
or contract capacity operations regulatory issues


Cloud Risks are (Mostly) Old Wine in New Bottles

Security Compliance Connectivity

Manageability Availability


Security & Compliance:
Platform & Policies


Most Regulations Share a Common Concern:
Implementation and Enforcement of Policies

Tracks all access to
network and  Secure Remote Access

Governance, Periodic Platform and
cardholder data
 Role-Based Access Control

Policy Audits, and Certification
Documentation of  Separation of Management,
actions & activities Control and Customer Planes
with 6 yr data retention
 Availability and Fault Isolation
Organization wide
security for IT
 Issue Prevention, Detection,
systems to support Remediation
ops. and assets
 Log Management

Protect customer  Security and Auditing
information & identify/
resolve sec. violations
 Business Continuity &
Disaster Recovery
Financial and  Data Retention/Archival
accounting functions
segregation of duties


Layered Security with Common Base of Controls

Presentation Models Identity Management Policy, Auditing, &
and Platforms Compliance
Application Interfaces
Abstract layer hardening, Monitoring,
Applications
Separation, Patch and release
Data
Meta
Content
management, and policy controls
Data

Integration and Middleware
Host hardening, Encryption, Separation
and segregation (Network, Host and
Abstract Connectivity
Storage)
Layer Performance and security monitoring
Patch and release management
Hardware Infrastructure
Logical, Physical, and Environmental
Facilities Infrastructure Security

Security Detection, Response, Containment, Eradication, and Forensics


Creating a Secure Cloud Foundation for Enterprise

• Role-based access control • ITIL v3 based services
• Infrastructure security; • Security assessments and
Shared vs. dedicated recommendations
• Activity Logging, • Periodic Penetration tests
monitoring, and detection • Strict change control

Platform IT Best
Security Practice

Data- Compliance
center Mgmt.
Security
• Biometric access control • Datacenter Standards
• No access to shared certifications (SAS 70)
infrastructure • Regulatory compliance
• 24/7 Security Service; (PCI, HIPAA)
CCTV for Interior/Exterior • Audit Assistance
monitoring


Connectivity:
Cloud, Non-Cloud/Hybrid


Choice of Connectivity to Meet Every Business Need

CUSTOMERS’ CUSTOMER CUSTOMER WAN/REMOTE CUSTOMER WAN/DATACENTER

Public Internet Client VPN Site to Site VPN MPLS

DEDICATED
INTERNET
CIRCUIT

SUNGARD ENTERPRISE CLOUD

Hybrid Cloud Use Case

 Leverage existing/legacy
infrastructure e.g. mainframes
 Integrate with other external IaaS Cloud 1 Colocation
virtual clouds for burst (flex)
capacity
 Host applications requiring
physical/dedicated and virtual
systems (e.g. Oracle)
Internal Cloud
 Integrate with third-party hosted
applications e.g. ASP, PaaS,
SaaS,

IaaS Cloud 2 PaaS Cloud


Building a Hybrid Cloud

CUSTOMERS’ CUSTOMER CUSTOMER WAN/REMOTE CUSTOMER WAN/DATACENTER

Public Internet Client VPN Site to Site VPN MPLS

Cross Connect

SUNGARD DEDICATED
NETWORK INTERNET
CIRCUIT

SUNGARD
DATACENTER
SUNGARD ENTERPRISE CLOUD

Manageability:
Monitoring and Remote Hands


The Cloud Management Challenge

 Customers are still the same
• Complex architectures with point-to-point
connections
• Legacy platform support dependencies (Win2k,
Mainframes)
• Non-(x86)cloud integrations (Mainframes, Unix)
 Enterprise needs from cloud providers
• A full portfolio of management services (OS,
Database, Security)
• Migration assistance and custom policies
• Integration of cloud & non-cloud
• Auditability of the platform and datacenter
• SLA’s for the platform & service
• Periodic reporting and guidance


Cloud Extends Traditional Management
(but with different tools)
Customer Applications

Service and Operations Management

Availability Event Patching Security Backup
Monitoring Problem Management Service
Provisioning Service Desk Resolution Config Mgmt Restoration

Infrastructure Management

Monitoring Capacity Planning Performance
CPU Config Memory Config Storage Config Network Config

Infrastructure


ITIL Based Support Process

Service Desk Customer
Service Delivery
Verification
Request for Change

Request Fulfillment

Incident Resolution
Change Management
Customer Front End
Ticketing
Request for Information System
Service Reporting
Performance Reporting Portal Service Operation
Availability Reporting
Configuration Reporting Tier 1
KPI and SLA Reporting CMDB Tier 2
Tier 3

Problem
Management
Configuration
Management

Aggregation Engine
Correlation Event
Validation Management


Enterprise Cloud: Platform + Automation + Process + People
Intrusion Detection System – Incident Handling Process Flow

System Sensor

Monitors and System Users
Identifies
Security Event

Information to users
Provide additional
Non-Critical
and Critical
Receives event Event Ticket
SOC

information, and Report
analyzes and
notifies

Closed Ticket
Information

NOC and If no response
Security

Critical Event Notice
NOC

Information Is needed
Security Office

Planned Technical
Analyze
Triage Event
Technical Response
Response Execution
IT Organization

Proactive Other
Indicators sensors and IT
monitoring Operations
systems
Management

If Management or
Legal response is needed Management Closed
Response Event

Provide guidance
External
Experts

and/or assistance
(Forensics, legal
console, etc.)

Technical Focus

Availability:
Scalability & Recovery


Scalability

 Customer workloads vary
in their infrastructure
demands. Typically:
• Memory Utilization
• Storage I/O
• Network Throughput
 Infrastructure needs to
distribute/scale load
• Without affecting user
sessions
• Without affecting other
applications
• Maintaining application
interdependencies


Cloud Enables Application Availability

Decreasing Availability
Always Available Available
Available in hours in days
Cloud Apps
More Complex

Virtualized Apps
Simple Apps
Complex Apps
Legacy Apps

 But… autoscaling is still unattainable for many
 Replication technologies still offers the most cost
effective solution for the enterprise
 Cloud makes availability more affordable for complex
applications: database and app/web server
 Cloud done right can also reduce RTO


Integrated Recovery: Achieving Continuous Uptime

Cloud is the production environment
 Backup and Restore of VMs
 Active-active deployment mode
Enterprise Cloud  Site-to-site recovery across multiple
datacenters
VMs on Cloud-site 1  Recovery of entire application with its
Customer
Applications dependencies (VMs and non-virtualized
& Data assets)
Cloud is your target recovery platform
 Web-based backup/replication of data to
VMs on Cloud-site 2 cloud based on industry leading
technologies
 VM cloning and startup
Customer
Data-center  Mapping of cloud-based data to
recovered instances


SunGard Enterprise Cloud Services Vision

Deliver Managed and Recovery Services

for enterprise-grade applications

that ensure availability of business operations


Fully Managed Infrastructure-as-a-Service
SunGard manages all necessary compute, network, storage and security resources,
offering a complete, cost-effective solution

 Virtualized environment providing hypervisor and OS system services
Compute  Customize your virtual machine configurations to specific requirements
 SunGard Software Licensing Services options available

 Broad networking options including multiple VLAN support, robust
Network
internet connectivity, MPLS and dedicated circuit options

Storage  Managed storage with integrated backup and restore

 Managed firewall and virtual private network connectivity
Security
 Platform built to support compliance requirements

Rapid  Ability to store custom VM templates in your own private image library
Provisioning  Virtualized instances deployed within minutes

Management  24/7/365 management and monitoring of your virtualized infrastructure
& Monitoring  99.95% availability Service Level Agreement (per month / per VM)

Portal &  Customer management portal to view and request compute resources
Reporting on demand


Cloud Services for the Enterprise
 Multi-tenant enterprise cloud and dedicated private
cloud

 All services fully managed by SunGard’s IT experts

 Infrastructure architected for compliance and security

 All solutions built on enterprise-grade infrastructure

 Designed for production workloads

 Predictable contract pricing with flexibility for rapid
response to the changing IT demands

 Customized solutions designed to enterprise needs

 Comprehensive consulting services provide complete
Cloud Readiness Assessments and Migration
services

Customer Deployment – Pharmaceutical Supplier

Customer Solution Requirements
Customer Overview • Wanted to leverage the cloud technology to
implement new SAP application
• Customer supports client fulfillment for
health services customers (e.g., including • Needed a solution that would scale quickly
pharmacies and health care providers) and efficiently (4x scale)
• Small business less than generating • Required an enterprise-level solution that was
revenue located in Western US fully managed by the service provider due to
lack of internal expertise
• New SAP implementation
• Looking for a secure and compliant
infrastructure
Customer Buying Scenario
• Leverage new technology platform to
improve time to market, management, Why SunGard Enterprise Cloud Services?
and scalability • Commitment to service delivery and
• Implementing new SAP application and process discipline
the customer had no prediction • SLA and commitment to reliability
regarding growth • SunGard's emphasis on compliance &
process
• Consultative relationship with the
customer

Customer Deployment – Software Provider

Customer Solution Requirements
Customer Overview
• Customer is a provider of enterprise-class • Looking to increase sales, market size, and
electronic content archiving software penetration
• Services include E-Discovery, compliance, • End-customers want to reduce CapEx and
records management, and storage shift to OpEx budget
optimization
• Assists large firms in mitigating risk and
managing digital assets from a single point
of control and unified set of policies
Why SunGard Enterprise Cloud Services?
Customer Buying Scenario • Industry expertise
• Datacenter security
• Appeal to current customers and prospects to
sell archiving software via new delivery • Reputation with financial and large
method, avoiding s/w, and h/w CapEx enterprise companies
• Elastic SaaS Model to support rapid build-out • SunGard's emphasis on compliance and
of infrastructure for on demand E-discovery process
or growth for any size firm
• Future investments in cloud services


SunGard Internal Use of Cloud

 Focused on using cloud for new projects in 2011
 Using cloud for:
• Development
• Test/QA
• Production
 Currently implementing projects for
• Enterprise Mobility (IaaS)
• Single Sign-On (IaaS)
• Store Front/Billing (SaaS)
• Ticketing (SaaS)
• Email (SaaS)
• CRM (SaaS)


Pragmatic Path to Enterprise Cloud
Cloud Readiness Assessment

Cloud Design & Architecture

Cloud Implementation & Transition

Steady State Production
Phase I

Phase II
Phase III
Phase IV


Key Solution Benefits - Summary

 Highly secure and resilient platform built on IT security
best practices and meeting numerous compliance standards
Secure enterprise-
 Fully managed infrastructure reduces the IT administrative
grade cloud burden and allows redirection of staff to strategic business
initiatives

 Rapid provisioning and ability to scale up and down to
Improved IT agility support new business ventures and peak periods where
infrastructure may only be needed for a short time
& scalability
 Flexible contract pricing to respond to your IT requirements

 Shift from CapEx to OpEx model so you can pay as you go
and only pay for what you need while experiencing faster
Financial flexibility payback of investment
& increased ROI
 Reduce labor costs via elimination of time spent on day to
day infrastructure management


Secure Enterprise Cloud

More Related Content

What's hot (19)

Viewers also liked (20)

Similar to Secure Enterprise Cloud (20)

Secure Enterprise Cloud