1. No category

IBM SmartCloud Enterprise
A Secure Infrastructure for Test and Development
Piotr Pietrzak
IBM Forum 2012 – Estonia
Tallinn, October 9, 2012
IBM SmartCloud Enterprise at a glance
Your servers and personal
computers (PCs)
Features and functions:
Choice of nine virtual (Intel) server configurations
Choice of operating systems:
• Linux®; Red Hat, Novell SUSE or bring your own
• Windows Server® 2003 and 2008
Software image choices:
• Pick a pre-configured IBM or IBM Partner image
• Construct a Linux image in the cloud from software bundles using
IBM and partner tools
• Import or copy an existing Linux image
Your firewall
IBM SmartCloud
Enterprise
Storage choices:
IBM firewall
Optional VPN
gateway
IBM unique security and
authentication model
Management
infrastructure
Private and shared
VLANs
Virtual machines
and virtual storage
IBM global delivery centers
• Persistent storage; fixed blocks up to 10TB
• Object/File storage; web accessible file storage with nearly
unlimited capacity
Options to dynamically add/delete multiple blocks of Virtual
servers isolated in virtual private network environments.
Premium support services as a supplement to forums, with
optional add-on operating system support
Choice of six sites: US (2), Canada, Germany, Japan &
Singapore with massive capacity.
Payment options:
• Pay-as-you-go
• Reserved capacity package options.
What’s new? / 3Q2012
2
More at: ibm.com/cloud/solutions/enterprise
Cloud Portal: ibm.com/cloud/enterprise
• Increased SLA from 99.5% to 99.9%
• Optional Platinum-M2 virtual machine – 32GB of RAM
© 2012 IBM Corporation
• Cloning of Windows domain controller instances
Nine server and eight attachable persistent storage options enable you
to configure systems to match a wide variety of workloads.
Virtual machine (VM)
Options
32-bit configurations
64-bit configurations
Copper
Bronze
Silver
Gold
Copper
Bronze
Silver
Gold
Platinum
Virtual CPUs
with 1.25 Gigahertz
1
1
2
4
2
2
4
8
16
Virtual memory (GB)
2
2
4
4
4
4
8
16
16
Instance storage (GB)
60
60+175
60+350
60+350
60
60+850
60+1024
60+1024
60+2048
• Intel architecture servers can be provisioned with Linux (Red Hat,
Novell SUSE or customer provided) or Microsoft Windows Server
(2003 or 2008) and your choice of middleware.
• Prices start well under 10 cents per hour* for a virtual machine,
including operating system. Reserved capacity options provide pools
of resources at discounted rates.
• Dynamically attach and detach up to three extra blocks of persistent
(RAID protected) storage to an instance, preformatted (ext3) or raw
in eight sizes from 60 GB to 10 TB.
*US prices for 32-bit copper configuration with Windows Server or SUSE Enterprise Linux, current as of December 5, 2011. Prices subject to change.
3
© 2012 IBM Corporation
The IBM SmartCloud Enterprise software asset catalogs provide a
software store for your server configurations.
The ‘public’ catalog contains a growing list of operating system images with or without selected software
and software bundles from IBM (Lotus®,WebSphere®, DB2®, Informix®, Cognos®, Tivoli®, Rational®),
Alphinat, Aviarc, BeyondTrust, CohesiveFT, Corent, Grid Robotics, Kaavo, NetEnrich, OpenCrowd, Pragma
Systems, Servoy, SugarCRM or Zeus. The licensing options include:
• “Pay-as-you-go” (“PAYG”), with hourly rates: You choose the desired software, accept the license
terms online, and receive a monthly usage bill.
• “Bring your own license” (“BYOL”): You own or buy a software license and can use the prebuilt image
in the catalog.
Your ‘private’ and ‘community’ catalogs provide a place for you to store and manage customized copies of
public images and images you build in the cloud or import.
4
© 2012 IBM Corporation
You can have your server environment running in minutes and pay for
it only as long as you need it.
The self-service portal, designed for ease of use, guides you through
setting up what you need and triggers the automated provisioning of
your servers.
Click and choose
the software you need
Step 1
5
Choose the hardware and
usage configuration
Step 2
Application provisioned
and ready to run
Step 3
© 2012 IBM Corporation
IBM SmartCloud Enterprise can help you gain savings, quality
improvements and speed to market.
Cloud computing from IBM can help you:
• Reduce IT labor cost by over 50 percent1—reduce the cost
and time to provision a software environment with reduced labor
for configuration and without installation costs
• Virtually eliminate capital expense and realize significant
software license savings through more rapid access to elastic
server capacity
• Reduce provisioning cycle times from weeks to minutes—for
faster time to market and more time for innovation
• Improve quality—eliminate over 30 percent1 of all defects that
come from faulty configurations; standard configurations help
reduce risk and deliver higher service quality
• Enable more effective development—preconfigured integrated
IBM Rational® developer group tools and best practices
• Improve governance and reduce risk of large
server deployments
1Based
6
on results from IBM’s Technology Adoption Program. Your results may vary, and client-specific results can only be ascertained after a return on investment analysis.
© 2012 IBM Corporation
When considering a new technology such as cloud, there are always
challenges and dependencies that need to be addressed.
Today’s data center
Tomorrow’s cloud environment
We know that:
?
It is located at X
It is stored in server Y
We have backups
in place
Our administrators control
access
Our uptime is sufficient
The auditors are happy
Our security team is engaged
?
?
Where is it located?
Where is it stored?
?
?
Who ensures security?
Who backs it up?
Who has access?
?
How resilient is it?
How do auditors observe?
How does our security
team engage?
Technical concerns:
 Extended network security
 Isolation failure
 Insecure or incomplete
data deletion
 Additional software layers
7
© 2012 IBM Corporation
IBM Security Solutions to address the challenges of cloud computing
Helping clients begin their journey to the cloud with relevant security expertise
GRC
 Compliance ownership
 Cross border constraints
 e-discovery process
 Access to logs and audit trails
 Merging patch, change, and configuration
management policies
 Rapid provisioning/de-provisioning of users
 Federated identity management
 Data segregation
 Intellectual property protection
 Data preservation and investigation
 Multi-tenancy and shared images
 Virtualized environments
 Open public access
 Physical data center security and resiliency
8
© 2012 IBM Corporation
Security governance, risk management and compliance
IBM Security Framework
Customers require visibility into the
security posture of their cloud.
Implement a governance and audit management program
 Establish 3rd-party audits (SAS 70, ISO27001, PCI)
 Provide access to tenant-specific log and audit data
 Create effective incident reporting for tenants
IBM Cloud Security
Guidance Document
 Visibility into change, incident, image management, etc.
 Support for forensics and e-Discovery
Supporting IBM Products, Services and Solutions
IBM Professional Security Services –
cloud security consulting Services –
Enhanced
cloud security strategy roadmap
Assessing security to create a
roadmap to reduced risk
IBM Security
Products and Services
9
A comprehensive evaluation of an
organization's existing security policies,
procedures, controls and mechanisms.
IBM Managed Security Services hosted security event and log
management
Cloud-based security services
A cloud-based security service designed to provide
security incident and event management (SIEM)
functionality at a lower cost.
© 2012 IBM Corporation
People and Identity
IBM Security Framework
Customers require proper authentication
of cloud users.
Implement strong identity and access management
IBM Cloud Security
Guidance Document
Privileged user monitoring, including logging activities, physical monitoring and
background checking
Utilize federated identity to coordinate authentication and authorization with
enterprise or third party systems
A standards-based, single sign-on capability can help simplify user logons for
both internally hosted applications and the cloud.
Supporting IBM Products, Services and Solutions
IBM Security
Products and Services
10
IBM Tivoli Federated Identity
Manager
IBM Tivoli Security Information
and Event Manager
Securely manage cloud identities
Employ user-centric federated identity
management to increase customer
satisfaction and collaboration
Optimize security & compliance
efforts
Monitor user activity for accidental or
malicious activity that could put
information at risk
© 2012 IBM Corporation
Data and Information
IBM Security Framework
Customers cite data protection as their
most important concern.
Ensure confidential data protection
 Use a secure network protocol when connecting to a secure
information store.
 Implement a firewall to isolate confidential information, and ensure
IBM Cloud Security
Guidance Document
that all confidential information is stored behind the firewall.
 Sensitive information not essential to the business should be securely
destroyed.
Supporting IBM Products, Services and Solutions
IBM Security
Products and Services
11
IBM Data Security Services
Protect data and enable business
innovation
Solutions for network data loss
prevention, endpoint encryption,
endpoint data loss prevention, and
log analysis
Enhanced
IBM Information Protection
Services – managed backup
cloud
Flexible, automated backup and
recovery managed service
Located onsite or offsite using public
and/or private cloud technology
© 2012 IBM Corporation
Application and Process
IBM Security Framework
Customers require secure cloud
applications and provider processes.
Establish application and environment provisioning
 Implement a program for application and image provisioning.
 A secure application testing program should be implemented.
 Ensure all changes to virtual images and applications are logged.
IBM Cloud Security
Guidance Document
 Develop all Web based applications using secure coding guidelines.
Supporting IBM Products, Services and Solutions
IBM WebSphere DataPower Secure IBM Application Security Services
for Cloud
Enhanced
Hybrid Cloud Connector
IBM WebSphere DataPower
Cast Security assessment services for cloud
applications
Iron Appliance XH35
Identify and eliminate security and privacy
Leverages standard protocols to
IBM Security
risks associated with your cloud
provide multiple layers of connection
Products and Services
applications.
security for private, public or hybrid
clouds.
12
© 2012 IBM Corporation
Network, Server and End Point
IBM Security Framework
Customers expect a secure cloud
operating environment.
.
Maintain environment testing and vulnerability/intrusion management
 Isolation between tenant domains
 Trusted virtual domains: policy-based security zones
 Built-in intrusion detection and prevention
IBM Cloud Security
Guidance Document
 Vulnerability Management
 Protect machine images from corruption and abuse
Supporting IBM Products, Services and Solutions
Managed Security Services – hosted IBM Professional Security Services –
Enhanced vulnerability management
cloud security consulting – cloud
Identify vulnerabilities and manage risk
security assessment
to reduce cost
Provide cloud providers with an
assessment of their security controls
Cloud-based security service to identify
IBM Security
Products and Services
vulnerabilities across network devices,
Leverage international standards and best
servers, databases and web applications
practices to provide public or private
13
cloud providers
© 2012 IBM Corporation
Physical Security
IBM Security Framework
Customers expect cloud data centers to
be physically secure.
.
Implement a physical environment security plan
 Ensure the facility has appropriate controls to monitor access.
 Prevent unauthorized entrance to critical areas within facilities.
 Ensure that all employees with direct access to systems have full
IBM Cloud Security
Guidance Document
background checks.
 Provide adequate protection against natural disasters.
Supporting IBM Products, Services and Solutions
IBM Physical Security Services
IBM Security
Products and Services
14
Defend and help secure physical environments
A full suite of digital security solutions and site assessments that can be
integrated with your network and IT systems
© 2012 IBM Corporation
IBM SmartCloud Enterprise is designed to address key client concerns
of control, reliability, and security
Control. Web-based portal allows authorized users to log on at any time and
monitor, manage and control their virtual environments. Administrator and user
roles offer enterprise-level control of cloud assets and spending, including full
usage detail downloads. Built-in APIs allow you to customize and automatically
control your cloud server capacity.
Reliability. Around-the-clock monitoring and management of the IBM
SmartCloud infrastructure with a service level agreement. Features like ‘anticollocation’ and ‘virtual IP addressing’ help enable you to build resiliency into
your cloud server environments. Backup and recovery and monitoring services
are available separately.
Security. Built into the solution, ranging from tight physical security of the IBM
SmartCloud delivery centers to IPS and vulnerability scanning of the IBM
SmartCloud infrastructure. Optional security options such as virtual private
networking can help you extend your existing security disciplines to the cloud.
15
© 2012 IBM Corporation
Why choose IBM to realize cloud computing value?
• IBM has one of the broadest bases of cloud
solutions in the market and is a thought leader
in cloud standards, optimization and integration.
• Our public cloud services offer flexible,
enterprise-oriented delivery models to help
enable enterprises to more securely partition their
environment, virtual and dedicated.
• IBM is world-leading in middleware,
development and testing tools
• We have expertise and best practices gained
from years of experience managing and
operating security-rich enterprise data centers
around the world.
16
© 2012 IBM Corporation
Thank you for your time today.
Questions?:
Next Steps:
• Request IBM SmartCloud Enterprise trial
from your IBM sales representatives
• Identify candidate cloud workloads
• Ask your IBM sales representative for a
SmartCloud Enterprise workload migration
workshop
For more information:
ibm.com/smartcloud/solutions/enterprise
Contact:[email protected]
http://twitter.com/piotrpietrzak
17
© 2012 IBM Corporation