VMworld 2014: How I Learned to Stop Worrying and Love the Public Cloud
0 likes403 views
This document provides an overview of how standardizing and automating processes using VMware technologies like vCloud Air and vCenter Orchestrator can help organizations stop worrying about issues like private clouds, public cloud security, and cost reduction. It discusses how automation can provide 80% of the value of a private cloud and presents examples of automated workflows for provisioning VMs from a catalog in minutes. It also outlines security best practices like following standards and techniques for integrating on-premises and public cloud networks securely. The document argues that focusing on business value through agility rather than trying to save costs through your own data center can help organizations stop worrying.
![Can you demonstrate the above?
[Audit / Pen test]
Are those controls in place and functioning correctly?
[Doing the things right]
Do you have the right physical and logical controls?
[Doing the right things]
Three Security Questions for Everywhere, Private & Public
CONFIDENTIAL 25](https://image.slidesharecdn.com/hbc3284-sv2stopworryinglovehybridr9-150401112711-conversion-gate01/85/VMworld-2014-How-I-Learned-to-Stop-Worrying-and-Love-the-Public-Cloud-25-320.jpg)
VMworld 2014: How I Learned to Stop Worrying and Love the Public Cloud
- 1. How I Learned to Stop Worrying and Love the Public Cloud HBC3284-S Mathew Lodge, VMware, Inc Massimo Re Ferre', VMware, Inc
- 2. Disclaimer • This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. • Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not been determined. CONFIDENTIAL 2
- 3. How I Learned To Stop Worrying And Love The Cloud Mathew Lodge VP, vCloud Air Massimo Referre Sr Architect, vCloud Air CONFIDENTIAL 3
- 4. IT in the 1950s CONFIDENTIAL 4
- 5. April 26, 1956 – A Revolution Begins CONFIDENTIAL 5
- 6. Port of San Francisco Big Winners… and Losers Port of Oakland CONFIDENTIAL 6
- 7. Lessons from Tectonic Shifts Standardize Automate CONFIDENTIAL 7
- 8. Labor Software Hardware Facilities + Fabric 5 4 7 17 67 Legacy 100% Telecom Source: TMT Value Migration Database, Gartner IT Key Metrics Data 2009; McKinsey Cloud Provider Source: VMware analysis; Cloud service providers and Web 2.0 companies Standardization Automation Standardization Automation 70-80% Benefits for Your CIO of Standardizing and Automating CONFIDENTIAL 8
- 9. Standardize and Automate to Stop Worrying 1. Stop worrying about private cloud 2. Stop worrying about insecurity of public cloud 3. Stop worrying about cost reduction Start automating using standardization Start defining what “secure” means Focus on business value Immediate relevance improvement Be secure but agile Can’t save your way to greatness CONFIDENTIAL 9
- 10. 1: Stop Worrying About Private Cloud
- 11. Private Cloud is Really, Really Hard CONFIDENTIAL 11 ServiceOperationsMaturityServiceOperationsMaturity Features & ExtensibilityFeatures & Extensibility • Continuity Management • Knowledge Base mgmt • CMS • Change Management • Financial Chargeback • CRM • Billing & Invoice Mgmt • Entitlement Tracking • Capacity & Availability Management • Incident/Problem Management • Accounting • Contract Management • Ops Service Level Reporting • Order Processing • Service Catalog • Config & Release Management • Event Management • Cloud Stack • IPAM • Monitoring • Notification System • Security & Compliance • Deployment automation
- 12. Automation Provides 80% of the Value of Private Cloud • Business user wants to get a VM for tests he / she needs to perform – VM needs to be accessible from the Internet – User needs the VM … yesterday. – “Please don’t ask me too many techie details, I just want a VM” CONFIDENTIAL 12
- 13. Automation Using vCloud Air and vCenter Orchestrator vCentervCO vCO plugin for vCD vCloud Air vCloud Air Catalog vCloud API Internet EDGE GATEWAY CONFIDENTIAL 13
- 14. Automated Deployment In Minutes vCentervCO vCO plugin for vCD vCloud Air EDGE GATEWAY vCloud Air Catalog vCloud API Internet “Hey!? Can I have a VM?” A: Deploy VM from Catalog B: Set NAT rules C: Set Firewall rules D: Send email to end user CONFIDENTIAL 14
- 15. Happy Customer in Minutes vCentervCO vCO plugin for vCD vCloud Air vCloud Air Catalog vCloud API Internet EDGE GATEWAY RDP / SSH CONFIDENTIAL 15
- 16. Taxonomy of the Simple vCO Workflow CONFIDENTIAL 16
- 17. IT Runs the Workflow Inside the vSphere Web Client 17
- 18. IT Fills in the 4 Inputs CONFIDENTIAL 18
- 19. The Workflow Runs and IT Can Monitor in vSphere Client CONFIDENTIAL 19
- 20. Workflow Sends an Email to the User With the Details CONFIDENTIAL 20
- 21. User Can RDP Into the VM This is the Internet IP of the VM CONFIDENTIAL 21
- 22. The VM as Seen by the User CONFIDENTIAL 22
- 23. 2: Stop Worrying About Public Cloud Security
- 24. Your Data Center is Not Hogwarts CONFIDENTIAL 24 How some see their datacenter security How it actually is “90% of all companies have at least one data breach a year” Ponemon Institute
- 25. Can you demonstrate the above? [Audit / Pen test] Are those controls in place and functioning correctly? [Doing the things right] Do you have the right physical and logical controls? [Doing the right things] Three Security Questions for Everywhere, Private & Public CONFIDENTIAL 25
- 26. Do the Heavy Lifting With Security Standards Applicable standards ISO 27001:2005 SOC 1 Type 2 (SSAE 16) SOC 2 Type 1 SOC 2 Type 2 HIPAA and HITECH Security Rule CONFIDENTIAL 26
- 27. Taxonomy of a Data Center 27 You (and me) Compute Storage Network Internet CONFIDENTIAL 27
- 28. Private Network Integration Options vCloud Hybrid Service IPSec VPN Direct Connect (private WAN) Your Data Center / Private Cloud CONFIDENTIAL 28
- 29. INTERNET Isolated network Routed Network 3rd party virtual networking appliance EDGE GATEWAY Security the SDN Way – Better than Your Own Data Center? Create routed and fully isolated networks Software-defined networking services included at no extra cost: Routing and bridging Firewall NAT Load Balancer with health monitoring IPSec VPN DHCP Bring-Your-Own 3rd Party Appliances: F5, RSA, Cisco, Riverbed, others MPLS or other WAN CONFIDENTIAL 29
- 30. Private Network Local Active Directory SharePoint App SharePoint Web SharePoint Active Directory INTERNET EDGE GATEWAY VPN Example: Hybrid SharePoint Deployment
- 31. How to Load Balance a “Service” in vCloud Air 2.2.2.2 Front-End Network (192.168.109.0/24) 1.1.1.1 Private Network (e.g. VDI) (172.16.0.0/16) 192.168.109.5 192.168.109.6 172.16.0.3 VPN 192.168.0.103 INTERNET 192.168.0.1 On-prem Network (192.168.0.0/24) vCloud Air virtual data center 3.3.3.3 192.168.109.1 172.16.0.1 CONFIDENTIAL 31
- 32. How to Load Balance a “Service” in vCloud Air (From The Corp Network) 2.2.2.2 Front-End Network (192.168.109.0/24) 1.1.1.1 Private Network (e.g. VDI) (172.16.0.0/16) 192.168.109.5 192.168.109.6 172.16.0.3 VPN 192.168.0.103 INTERNET 192.168.0.1 On-prem Network (192.168.0.0/24) 192.168.109.1 172.16.0.1 vCloud Air virtual data center 3.3.3.3 CONFIDENTIAL 32
- 33. How to Load Balance a “Service” in vCloud Air (From The Corp Network) 2.2.2.2 Front-End Network (192.168.109.0/24) 1.1.1.1 Private Network (e.g. VDI) (172.16.0.0/16) 192.168.109.5 192.168.109.6 192.168.109.1 172.16.0.3 172.16.0.1 VPN 192.168.0.103 INTERNET 192.168.0.1 On-prem Network (192.168.0.0/24) (WebPool) 192.168.109.200:80 (VIP) vCloud Air virtual data center 3.3.3.3 CONFIDENTIAL 33
- 34. How to Load Balance a “Service” In vCloud Air (From The Internet) 2.2.2.2 Front-End Network (192.168.109.0/24) 1.1.1.1 Private Network (e.g. VDI) (172.16.0.0/16) 192.168.109.5 192.168.109.6 192.168.109.1 172.16.0.3 172.16.0.1 VPN 192.168.0.103 INTERNET 192.168.0.1 On-prem Network (192.168.0.0/24) (WebPool) 2.2.2.2:80 (VIP) vCloud Air virtual data center 3.3.3.3 CONFIDENTIAL 34
- 35. 3: Stop Worrying About Cost Reduction
- 36. Examples of Not Saving Money CONFIDENTIAL 36 Seven Corners Global travel/medical insurance company Cloud driver: Reduce claims processing from 30 minutes to 15 seconds Secondary benefit: $900k cost avoidance Sega Game development company Cloud driver: Cut game testing time 17% Secondary benefit: fewer bugs, happier customers
- 37. Five Ways to Get Started Tomorrow Next Generation Applications Development / Testing Extend Existing Applications Modernize Enterprise Applications HDDS Disaster Recovery
- 38. Example: Global Expansion • Atlanta-based retailer • Has operations in the UK • Need local capacity for performance • What can they do? CONFIDENTIAL 38
- 39. Example: Global Expansion • Option 1: subscribe to a traditional public cloud which is • Incompatible with what you have in-house • Operationally different compared to what you have in house • Eventually you create a wall between on-prem and off-prem • Option 2: buy local colo and install vSphere hosts there • Must manage remotely • Not very flexible if the remote business operations expand / shrink • Creates a remote site to be managed from the rack all the way up CONFIDENTIAL 39
- 40. Example: Global Expansion • Option 3: vCloud Air – Compatible with what you have in-house – Managed as if it was in-house – Expands and shrinks based on your needs – Forget about… • “There is a broken disk in London” • “We need to re-patch that pNIC in London to a different switch port” • “We need to add 4 new hosts, will they fit in the cage?” CONFIDENTIAL 40 On-Premises Data Center Compatible Public Cloud
- 41. Global Expansion: Logical View vSphere UI VM Templates vCOps UI Atlanta DC CONFIDENTIAL 41
- 42. Global Expansion: Logical View VPN VM Templates Catalog Sync via vCloud Connector vSphere UI vCOps UI Atlanta DC London DC vCops Management Pack for vCloud Air CONFIDENTIAL 42
- 43. Deploying a Template in the Vsphere Environment in Atlanta CONFIDENTIAL 43
- 44. Browsing the Available Vcloud Air Resources Available CONFIDENTIAL 44
- 45. Catalog Sync via vCloud Connector CONFIDENTIAL 45
- 46. VM Deployment Into Vcloud Air from Copy of On-prem Template CONFIDENTIAL 46
- 47. Establish VPN Connectivity CONFIDENTIAL 47 On prem Internet Gateway (Atlanta) vCloud Air Edge Gateway (London) VPN
- 48. The Organizational Journey (Gartner View) CONFIDENTIAL 48
- 49. Don’t Let This Happen to You CONFIDENTIAL 49
- 50. 50 VMware vCloud Hybrid Service VMware vCloud Air
- 51. VMware vCloud Air - Virtual Private Cloud OnDemand CONFIDENTIAL 51 Interested in participating in the vCloud Air OnDemand Beta Progam? The Product Team from vCloud Air is now accepting candidates interested in participating in the Fall 2014 beta program Visit vmware.com/go/ondemand to sign up vmware.com/go/ondemand
- 52. VMware vCloud Air 5 Starting Points Program VMworld 2014 Starting Point Session ID TOPIC Dev/Test HBC2577 Hybrid Sandboxing – Create the Ultimate On and Off Premises Test/Dev Factory Extend Existing Applications HBC2066 Architect the Hybrid Cloud for Exchange and Lync Disaster Recovery HBC 1534 Recovery as a Service (RaaS) with vCloud Hybrid Service Modernize Enterprise Applications HBC 2609 Smells Like Team Spirit: Achieve Hybrid Operations Nirvana with vCloud Hybrid Service Create Next Generation Applications HBC 1917 Build Your First Mobile Application…In the Cloud…In 60 minutes Learn the fundamentals on vCloud Air by attending any or all of our 5 Starting Point breakout sessions within the Hybrid Cloud Track Attend any of these breakout sessions and earn a free vCloud Air “Dilbert” t-shirt.
- 53. Hybrid Cloud Hands on Labs Check out the Expert Led and Self Paced vCloud Air Hands on Labs HOL: Expert-Led Workshop ELW-HBD-1481 Hybrid Cloud Jumpstart Workshop HOL: Expert-Led Workshop ELW-HBD-1484 Disaster Recovery to the Cloud Workshop HOL: Self Paced Lab SPL-HBD-1481 vCloud Hybrid Service - Jump Start for vSphere Admins HOL: Self Paced Lab SPL-HBD-1482 vCloud Hybrid Service - Networking & Security HOL: Self Paced Lab SPL-HBD-1483 vCloud Hybrid Service - Manage Your Cloud HOL: Self Paced Lab SPL-HBD-1484 Disaster Recover to the Cloud Session ID Title Learn the fundamentals on vCloud Air by attending any or all of our 5 Starting Point breakout sessions within the Hybrid Cloud Track as well as our Hands on Labs Try any of these HOLs and earn a free vCloud Air “Dilbert” t-shirt. CONFIDENTIAL 53
- 54. Hybrid Cloud Theater Schedule - VMware Booth (Solutions Exchange) CONFIDENTIAL 54 In addition to the breakout sessions within the Hybrid Cloud track, check out our THEATER schedule for the week from the VMware booth at the Solutions Exchange Sunday 5:00pm - What is this Hybrid Cloud Thing Anyway? Monday 12:15pm - Getting Started with Hybrid Cloud - 5 Use Cases Monday 1:30pm - vCloud Air OnDemand Monday 3:45pm - What is this Hybrid Cloud Thing, Anyway? Monday 5:30pm - Hybrid Cloud DevOps: How to keep your Devs from Running Wild Tuesday 12:15pm - Project NEE - Delivering Hands-on Education at Cloud Scale Tuesday 1:00pm - vCloud Air Network Tuesday 2:45pm - Disaster Recovery with vCloud Air Tuesday 4:00pm - Getting Started with Hybrid Cloud - 5 Use Cases Tuesday 5:30pm - Hybrid Management on vCloud Air Wednesday 10:15am - vCloud Air OnDemand Wednesday 12:45pm - The Internet of Things: Virtual Machines, vCloud Air, vCenter Operations and the Intel IoT Gateway Wednesday 2:15pm - Disaster Recovery with vCloud Air Wednesday 3:30pm - Another Day in Paradise....Going Full Hybrid with vCloud Air Wednesday 4:30pm - RAD in the Hybrid Cloud
- 55. Thank You
- 56. Fill out a survey Every completed survey is entered into a drawing for a $25 VMware company store gift certificate
- 57. How I Learned to Stop Worrying and Love the Public Cloud HBC3284-S Mathew Lodge, VMware, Inc Massimo Re Ferre', VMware, Inc