Download   Report
  1. technology and computing

How to Manage the Cloud Lecture 4 Logical Cloud Connectivity

Lecture 4
How to Manage the Cloud
Logical Cloud Connectivity
Jan 2012
Technologie Management Gruppe
Global Resourcing GmbH
Germany
[email protected]
www.tmg-muenchen.de
Logical Cloud Connectivity: Linking People and Data with the Cloud
Logical Cloud Connectivity: People
Cloud Administrator
Cloud User
2
Security as a Service: Identity and Access management, Isolation and Encryption
Logical Cloud Connectivity
Cloud
Administrator
Cloud User
a)Identity and Access Management - Ensures that only properly authenticated entities (Cloud
Administrator or Cloud User) are allowed access.
b)Isolation - Minimizes interaction with data by keeping Client-specific containers logically or
physically separate.
c)Encryption - Used internally within the Data Center for protecting control channels and is
provided optionally for customers who need rigorous data protection capabilities
3
Identity and Access Management: Two separate “Cloud Gateways”
Cloud
Administrator
Cloud User
4
4
Identity and Access Management: Creating “Social Circles” for focused
sharing of data, information and knowledge
5
Identity and Access Management: Assigning users to enterprise user circles
Cloud User
6
Isolation of Clients (1) : Multi-tenant Cloud Computing with Isolation of User
Project Implementation Database Concept
MultiTenant
Projects
SubProjects
Work
Streams
Activitie
s&
Tasks
7
Isolation of Clients(2) : Multi-tenant Cloud Computing with Isolation of Data
8
Client-specific Isolation of User and Data: Three Dimensional Business Space
Region
The Client Business Space
Customer Sector
9
Encryption: Definition
Encryption, which encodes electronic messages so that only a recipient with the
ability to decode the message can read it, is vital to the future of Cloud
Computing.
It prevents crime by keeping hackers from reading your e-mail or stooling your
credit card numbers.
It helps companies protect trade secrets.
As more information flows over the open networks that constitute the Internet
and the Cloud, people increasingly need encryption to keep their information
secure.
10
Encryption: How it works
11
11
Storage as a Service : Cloud-based Document-Management with integrated structured and
unstructured “BigData” on a single platform
Logical Cloud Connectivity: Data
•
INCREASING NEED TO PROVIDE AN INTEGRATED GLOBAL VIEW OF AN ORGANIZATION’S
INFORMATION-AND SOMETIMES RELATED ORGANIZATIONS
(CUSTOMERS / SUPPLIER)
•
AN IMPORTANT STEP IS THE CREATION OF A GLOBAL SCHEMA :
CONTAINS ALL THE CRITICAL INFORMATION NEEDED
12
Data-Management Today: DISTRIBUTED DATABASE MANAGEMENT SYSTEMS ARE A
REALITY
13
Region
Cloud Storage Solution: Access for anywhere by any device on a central online storage
Customer Sector
14
Data & Document-Management; Data & Document Management Editor for solving “Big
Data” challenges of structured (Import) or unstructured (Reports) Information
Organization
Home
Portal
Projects
Projects
MyTask
Projects
Organization
Sub-Projects
Workstrea
m
Projects
MarketAccount
Account
WorkstreaStrategyStrategyExecution
Execution
Quality Quality
m
Special Project Set up
Project Portal
Market
Standard Project Set-up
Editor
Edito
r
Portal Management
Monthly tracking of cost savings program (target vs. forecast)
Categories
[in Mio. €]
2010
Bud.
Act.
Plan
1 Processes / structures
0,3
0,5
5,5
6,7
2 Procurement
3,5
1,6
3,5
3,8
3 Design-to-Cost
0,0
0,0
3,2
2,9
4 Production/Lean
2,3
1,2
10,0
3,3
-6,7
5 Indirect costs
2,6
3,5
3,1
5,9
8,7
6,8
25,2
22,6
6 One-time
18,5
24,3
5,5
12,6
Total
27,2
31,1
30,7
35,2
Subtotal recurring measures
Inventory
2010
Bud.
Act.
[in Mio.
RampUp
2010€]
Reporting Date:
Entity:
7 Working
Capital IL2: Evaluated
IL1: Target
5,0
IL3: Decided
Oper. implemented
Plan
2011 kum
FC*
Δ
Target
0,0
0,4
3,0
0,0
0,4
2,3
6,7
2,0
5,8
2,0
3,8
0,0
14,2
0,2
2,8
3,7
-6,5
5,1
6,1
3,1
5,9
6,1
14,1
36,7
0,1
22,6
36,7
0,0
7,5
2,7
12,6
7,5
14,1
44,2
2,9
35,2
44,2
0,0
2,7
4,2
0,3
3,8
0,0
0,0
3,9
-0,2
14,0
0,0
6,2
8,0
10,1
0,0
0,0
0,9
2,8
3,1
0,0
0,0
1,1
-2,6
36,6
0,0
6,2
16,5
7,1
4,8
0,7
0,0
6,8
4,5
41,4
0,7
6,2
23,3
2011 kum
FC*
Δ
Plan
IL2
IL3
14,3
0,0
0,0
35,4
21,2
2012 kum
Impl. P&L
-0,5
36,0
∑
Δ
35,4
21,2
6,9
5,8
14,2
3,3
3,7
Status
2010 2011
35,4
35,4
in million €
Target (100%) = 23,89 million €
2,8
Δ
1,3
IL3
0,0
36,0
14,3
P&L effective
Status
2011 2012
∑
6,9
IL2
5,6
Monthly ramp up of measures (by implementation level)
0,0
0,3
2012 kum
Impl. P&L
Plan
1,2
Split of effects by year (actuals, plan and forecast)
One-Time
0,0
0,0
0,0
0,5
0,0
0,0
0,5
0,0
0,0
0,5
0,0
0,0
0,4
0,0
0,0
0,3
0,0
0,0
0,1
2,2
Continuous
DI2
DI3
Umg.
GuV
0,0
4,2
6,3
7,5
8,4
10,3
12,3
14,5
0,0
6,2
17,3
18,6
12,6
20,1
23,3
28,4
0,0
26,0
23,9
21,7
21,7
19,4
17,5
15,6
13,8
19,3
11,1
8,2
5,4
2,5
Jan. 10
Feb. 10
Mrz. 10
Apr. 10
Mai. 10
Jun. 10
Jul. 10
Aug. 10 Sep. 10
Okt. 10
Nov. 10
28,4
28,4
Dez. 10
0,0
3,5
0,0
1,6
0,0
3,5
GuV
3,3
0,0
3,8
Plan 2009
Ist 2009
Plan 2010
FC 2010
Plan 2011
GuV
8,9
FC 2011
Plan:
IL2 - IL5
28,9
28,9
29,5
28,4
28,4
28,4
28,4
28,4
28,4
28,4
15
Data Storage Trend: The Web is quickly becoming the world's fastest growing
repository of data”
16
Logical Cloud Connectivity: Social Productivity driven by the Cloud
The Cloud Management Framework
Physical Cloud Connectivity
Cloud Computing
Service & Software for
scalable Pull Platforms
Forces of Change:
• Computing
• Digital Storage
• Bandwidth
• Cloud Users
• Wireless
Subscriptions
Logical Cloud Connectivity
Organizational Cloud
Connectivity
Strategic Cloud Connectivity
Manager Workplace
Management Process
Business Ecosystem
Management of
Knowledge Flows
New Value Creation
Modular Design & Security of
flexible Knowledge
Access/Creation
Forces of Change:
• Internet Activity
• Wireless Activity
• Social Media Activity
• Worker Passion
Forces of Change:
• Inter Firm knowledge Flow
• Decision Cycle Time
• Executive Turnover
• Returns to Talent
• Labor Productivity
Forces of Change:
• Competitive Intensity
• Stock Price Volatility
• Asset Profitability
• Firm Topple Rate
• Shareholder Value
Gap
• Consumer power
• Brand Disloyalty
• Economic Freedom
17
Appendix: Cloud Due Diligence Example
Security:
1)
2)
The secure method of file transfer to the cloud based application
The secure method of file storage
The system stores sensitive financial data about our clients, outside of typical communication encryption and user access, how is the
data protected
1) Is there any access logging done?
2) Is sensitive data stored in a separate more secure database?
3) Will user PC’s/IP addresses be tied to the application to keep unauthorized users out?
Data Management
1)
2)
3)
4)
5)
Where will the data be stored?
Who will have access to Companys sensitive data?
Will the data be replicated to any other datacenters around the world (If yes, then which ones)?
Do you offer single sign-on for your services?
How do you detect if an application is being attacked (hacked), and how is that reported to Company?
6) Will I have full ownership of my data?
Support:
Who will people call if they have problems?
1) Will Company IT Helpdesk formally provide level 1 support?
2) Regardless, the Company helpdesk will inevitably receive support calls, how should they be handled?
3) The Company help desk does not currently provide 24hr support ( section 3 Requirement).
4) How will users be added to the system?
5) How will new employees be assigned windows Live ID’s and be added to the system?
Exit Strategy :
What is the exit strategy for the system?
1) Can we get a load of the files and data within the system and discontinue its use?
2) How can we confirm that all sensitive data has been expunged from the system?
Cloud Pricing:
Are there ongoing support and usage costs? Per User? Per Project? Per Month?
18
Microsoft Answer to Core Questions of Company IT : Security
1)
The secure method of file transfer to the cloud based application
The usual way of securely transferring files (or rather any information) from or to a Windows Azure application, both for functional as well
as management purposes, is HTTPS. Windows Azure allows users to upload their own certificate(s) that are to be used for HTTPS
communication. In that regard, a Windows Azure application is no different than a traditional web site that requires secure communication.
2)
The secure method of file storage
The Windows Azure platform offers a range of storage services that comprise both classic relational database management systems
(“SQL Azure”) as well as semi-structured storage services (“Windows Azure Storage Service”), all of which cater to different usage,
scalability and throughput scenarios. All these services allow secure communication over an encrypted communication channel. While
none of these services transparently encrypt stored data*, any application running on Windows Azure can implement encryption on top of
our platform.
* SQL Server 2008 Enterprise Editions and later versions are capable of Transparent Data Encryption (TDE). This feature is on the
roadmap to be included in SQL Azure as well.
The system stores sensitive financial data about our clients, outside of typical communication encryption and user access, how is the data
protected
Microsoft Global Foundation Services, our division that operates the data centers where Windows Azure is hosted, are certified for ISO
27001, SAS70 Type II, and other standards that are concerned with confidentiality, integrity, and availability in data center operations (you
can find more details athttp://www.globalfoundationservices.com/security/index.html). On top our infrastructure and procedures, any
application running on Windows Azure can use arbitrary means to further enhance its security level, e.g. by shredding data and storing its
fragments it in numerous storage services.
1)
Is there any access logging done?
On the application level, that is the responsibility of the application itself. At data center or service level (i.e. Windows Azure), auditing is
part of the standard operations framework. Consequently, in order for our support personnel to even touch a customer’s application
components, the customer has to open a support request first.
2)
Is sensitive data stored in a separate more secure database?
There really is no notion of a less or unsecure vs. a more secure database in SQL Azure. All SQL Azure databases are secure by default
and client applications should always use encrypted connections. Furthermore, no SQL Azure database is accessible
from anywhere other than the management portal by default. Customers have to explicitly exclude IP address ranges from the SQL Azure
firewall to even connect to a SQL Azure database.
3)
Will user PC’s/IP addresses be tied to the application to keep unauthorized users out?
This feature can be implemented by custom code or an extension module that we offer for Internet Information Services (“Dynamic IP
restrictions”). Please keep in mind that this approach is not sufficient as an authorization technique, and impractical nowadays since client
devices in modern infrastructures do not have fixed IP addresses or are located in a totally unpredictable IP address range (think of Wi-Fi
networks, 3G/4G, laptops, smart phones etc.). Authorization therefore is a19mandatory requirement at the application level.
19
Microsoft Answer to Core Questions of Company IT : Data Management
1)Where will the data be stored?
The Customer Data which an End User uploads for transmission or storage in Windows Azure or SQL Azure (“Customer
Content”) will be stored in the geographic region the End User specifies in account setup. Current options for Windows Azure are
North America, Asia, or Europe. Customer Content may be replicated between data centers in the same region. A customer may
also configure the account through certain features such as CDN to replicate data to a broader set of locations. Customer Content
may be accessed outside the specified region when legally required such as in response to a valid law enforcement subpoena.
Microsoft abides by the Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use,
and retention of data from the European Economic Area and Switzerland.
2)Who will have access to Companys sensitive data?
In general any customer data is regarded sensitive data and there is no distinction between more or less sensitive data. Data may
be accessed by technical support personnel during a customer’s request in case of a technical support incident.
What controls are in place to ensure safety for my data while it is stored in your environment?
Microsoft certified the operation of its data centers (global foundation services) according to the ISO27001 standard. In addition,
Microsoft is SAS70 Typ II certified. For additional information on the procedures to ensure data integrity, privacy and security
please have a look into the attached whitepaper.
3)Will the data be replicated to any other datacenters around the world (If yes, then which ones)?
No. See comment on the first bullet point.
4)Do you offer single sign-on for your services?
Yes. A customer may decide to use the Azure Access Control Service to implement SSO based on industry standards (SAML).
5)How do you detect if an application is being attacked (hacked), and how is that reported to Company?
Microsoft does not provide any information about how security measures are implemented internally. If Microsoft detects illegal
access and/or usage of customer data it will notify the customer.
6)Will I have full ownership of my data?
What is the meaning of full ownership of data? A customer may decide at any time to delete, edit, change or modify the
data that is stored in the Azure platform. In that sense, the customer has the full ownership of the data that is stored on
the Azure platform.
20
Microsoft Answer to Core Questions of Company IT : Support
1)
Will Company IT Helpdesk formally provide level 1 support?
Yes, that is my understanding. Microsoft’s support will likely take place at third level:
1 – Company (application usage and management)
2 – TMG (application code or configuration issues)
3 – Microsoft (Windows Azure platform)
2)
Regardless, the Company helpdesk will inevitably receive support calls, how
should they be handled?
See above.
3)
The Company help desk does not currently provide 24hr support (section 3
Requirement).
From an application perspective, this is a business decision. The Windows Azure platform is obviously
supported
24x7.
How will new employees be assigned windows Live ID’s and be added to the system?
Windows Live IDs are only required for employees that need to access the Windows Azure Management
Portal – administrators and other IT staff. Live IDs and can be obtained by anybody
at http://www.passport.net/. Application users use whatever credentials the application requires (e.g.
username/password, certificates etc.).
21
Microsoft Answer to Core Questions of Company IT : Exit Strategy and Pricing
1)
Can we get a load of the files and data within the system and discontinue its use?
Customers can create copies of databases or other stored data at any time. Please keep in mind that
Windows Azure is a Platform-as-a-Service offering. It provides compute and storage services to run
applications in the cloud, but a customer has full control over these services.
2)
How can we confirm that all sensitive data has been expunged from the system?
To my knowledge, there is no such runtime capability in Azure or any other cloud service. Guaranteed data
destruction happens when hardware is decommissioned. Encryption and data shredding may help to mitigate
data remanence issues. If data remanence is a concern, I suggest to consider a hybrid model, where part of
the data is stored in the cloud, whereas other parts are stored at a customer’s data center.
Are there ongoing support and usage costs? Per User? Per Project? Per Month?
You can find our pricing model at http://www.microsoft.com/windowsazure/pricing/. Our online pricing
calculator at http://www.microsoft.com/windowsazure/pricing-calculator/ makes it easy to quickly create cost
estimates. As far as support is concerned:
Customers have access to a support phone number to call at any time to report potential issues with the
Windows Azure platform service. Issues with the platform will be escalated to the Windows Azure platform
operations team to investigate and correct. You can also call at any time for developer support to assist you
with your application. Developer support will be charged on a per incident basis but is temporarily being
provided at no charge as an additional benefit to our customers. Premier customers, MSDN subscribers and
MPN members will be able to leverage support incidents and support hours provided as part of these
program benefits. We will also continue to provide moderated forum support at no charge. You can access
more information regarding your support options at the following
URL: http://www.microsoft.com/windowsazure/support
(from the Windows Azure FAQ at http://www.microsoft.com/windowsazure/faq/
22
Get Foreign Currency Exchange Info around COMPANY PROFILE: FOREXSTREET SL

Get Foreign Currency Exchange Info around COMPANY PROFILE: FOREXSTREET SL

Introducing Microsoft Windows Azure Jan 30 2011 th

Introducing Microsoft Windows Azure Jan 30 2011 th

Cloud Curious? – How to make cloud computing work for you

Cloud Curious? – How to make cloud computing work for you

HOW TO CHOOSE THE BEST PLATFORM OFFER IN THE MARKET TODAY?

HOW TO CHOOSE THE BEST PLATFORM OFFER IN THE MARKET TODAY?

Document 343637

Document 343637

Document 380988

Document 380988

NetApp Template Guidelines

NetApp Template Guidelines

STORAGE SWITZERLAND HOW TO GET OUT OF THE STORAGE HARDWARE BUYING GAME

STORAGE SWITZERLAND HOW TO GET OUT OF THE STORAGE HARDWARE BUYING GAME

Document 343977

Document 343977

The challenges

The challenges

Demonstrating how to keep your cloud performance consistent

Demonstrating how to keep your cloud performance consistent

Introducing Windows Azure

Introducing Windows Azure

Presented by Vince Mayfield CEO Bit-Wizards

Presented by Vince Mayfield CEO Bit-Wizards

How to Select Reliable Storage Product

How to Select Reliable Storage Product

Cloud Computing Tutorial Christophe Poulain Yogesh Simmhan Bora Beran

Cloud Computing Tutorial Christophe Poulain Yogesh Simmhan Bora Beran

CA Unified Infrastructure Management At a Glance

CA Unified Infrastructure Management At a Glance

How to Cash In on the Cloud through Collaboration CLOUD COMPUTING

How to Cash In on the Cloud through Collaboration CLOUD COMPUTING

Document 215719

Document 215719

Leveraging Microsoft Office 365

Leveraging Microsoft Office 365

Business & strategy Manage Your Business. We’ll Power It.

Business & strategy Manage Your Business. We’ll Power It.

HOW TO SHRINK YOUR SALES CYCLE THROUGH SMART CONTRACT MANAGEMENT

HOW TO SHRINK YOUR SALES CYCLE THROUGH SMART CONTRACT MANAGEMENT

abcdocz.com

© Copyright 2024