Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

How To Move Your Data Center To The Cloud - Chris Brenton of Dyn

1.086 Aufrufe

Veröffentlicht am

Dyn Director of Security Chris Brenton prepared these slides as part of a webinar on how to move your data center to the cloud.

Veröffentlicht in: Technologie, Business
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

How To Move Your Data Center To The Cloud - Chris Brenton of Dyn

  1. 1. How to Move Your Data Center To A Cloud Infrastructure January 22, 2014 Chris Brenton Director of Security
  2. 2. Your Presenter Chris Brenton - Director of Security @Chris_Brenton cbrenton@dyn.com Pg. 2 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  3. 3. What We’ll Cover • Background on industry trends • Strengths and weaknesses of each cloud service and deployment model • Security options Pg. 3 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  4. 4. New Era of Computing • Mainframe/mini = Generation 1 • PC client/server = Generation 2 • Hybrid cloud = Generation 3 – No single deployment model – Hit its stride in 2010 Pg. 4 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  5. 5. An Automotive Analogy • The 1960s: o Easy to work on o Extremely inefficient (poor power and mileage) Pg. 5 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  6. 6. An Automotive Analogy • The 1980’s: o Change fluids and that’s about it o 50% improvement in power and mileage Pg. 6 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  7. 7. An Automotive Analogy • The 2000s: o Outsource just about everything to specialists o 200%+ improvement in power and mileage Pg. 7 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  8. 8. Private or Public Cloud Infrastructure? • Private -- Do it all yourself o You maintain control and all responsibility o You need to staff accordingly o Greater flexibility Pg. 8 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  9. 9. Private or Public Cloud Infrastructure? • Public -- Outsource to specialists o Easier to focus on core product(s) o Less staffing concerns o Speed of scale Pg. 9 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  10. 10. Definitions: Tenant and Provider • Tenant o Entity consuming the resource(s) o This could be your customers o This could be other internal workgroups Pg. 10 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  11. 11. Definitions: Tenant and Provider • Provider o Entity managing the resource(s) o This could be your Operations group o This could be a 3rd party company Pg. 11 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  12. 12. Gen2 Computing Pg. 12 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  13. 13. Gen3 Computing Pg. 13 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  14. 14. Gen3 Computing SMB Pg. 14 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  15. 15. Déjà vu – Laptops As A Model • We’ve dealt with mobile workloads in the past Pg. 15 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  16. 16. Déjà vu – Laptops As A Model • We’ve dealt with mobile workloads in the past • Workstations used to only reside on desks Pg. 16 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  17. 17. Déjà vu – Laptops As A Model • We’ve dealt with mobile workloads in the past • Workstations used to only reside on desks • Laptops opened up the possibility of working from anywhere Pg. 17 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  18. 18. Déjà vu – Laptops As A Model • Security needed to change from being network based to host based Pg. 18 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  19. 19. Déjà vu – Laptops As A Model • Security needed to change from being network based to host based • Expect similar to occur with mobile workloads – Shared resources means host based technology must be reworked prior to use Pg. 19 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  20. 20. Cloud Models • Infrastructure as a Service (IaaS) o Provider supplies platform o Tenant loads OS and all apps Pg. 20 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  21. 21. Cloud Models • Platform as a Service (PaaS) o Provider supplies platform and stack o Tenant provides custom apps Pg. 21 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  22. 22. Cloud Models • Software as a Service (SaaS) o Provider supplies OS, stack and apps o Tenant hits the ground running Pg. 22 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  23. 23. Cloud Model Examples • IaaS o Amazon Web Services (AWS) o Rackspace Cloud Hosting Pg. 23 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  24. 24. Cloud Model Examples • IaaS o Amazon Web Services (AWS) o Rackspace Cloud Hosting • PaaS o Original Microsoft Azure o VMware Cloud Foundry Pg. 24 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  25. 25. Cloud Model Examples • SaaS o Dyn o Salesforce Pg. 25 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  26. 26. Deployment Model Tradeoffs • IaaS o Provider generates the lowest level environment o More work for tenant to deploy app o More tenant control to implement security Pg. 26 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  27. 27. Deployment Model Tradeoffs • SaaS o Nearly turnkey solution for app deployment o Least amount of tenant control and flexibility Pg. 27 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  28. 28. Deployment Model Tradeoffs • PaaS o Sits in the middle Pg. 28 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  29. 29. Delineation of Responsibility Pg. 29 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  30. 30. What Are My Security Options? Pg. 30 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  31. 31. Extending The LAN Into The Cloud Pg. 31 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  32. 32. LAN Extended Challenges • Increases load on corporate link o Today we’re mobile o Limits public cloud scaling • Increase load on perimeter infrastructure Pg. 32 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  33. 33. LAN Extended Challenges • Negates network benefits o Provider load balancing o Multi-peer points o Geo-location DNS o Higher latency • No protection within virtual infrastructure Pg. 33 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  34. 34. Virtual Appliance Management Pg. 34 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  35. 35. Virtual Appliance Architecture Pg. 35 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  36. 36. What About Introspection? • Hypervisor based security o Has visibility into all VMs Pg. 36 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  37. 37. What About Introspection? • Hypervisor based security o Has visibility into all VMs • Single point of management o For a specific hypervisor deployment Pg. 37 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  38. 38. What About Introspection? • Do you want other tenants to have access to your hypervisor? Pg. 38 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  39. 39. What About Introspection? • Do you want other tenants to have access to your hypervisor? • Do you want your provider to have nonauditable access to your VMs? o Can break segregation of duties Pg. 39 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  40. 40. Host-Based Architecture Consistent architecture (and risk abatement) regardless of deployment Pg. 40 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  41. 41. Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access Pg. 41 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  42. 42. Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access • Supported across all cloud infrastructures Pg. 42 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  43. 43. Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access • Supported across all cloud infrastructures • Consistent management across all cloud deployments Pg. 43 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  44. 44. Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access • Supported across all cloud infrastructures • Consistent management across all cloud deployments • Security is portable with the VM Pg. 44 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  45. 45. Why Host Based Firewalls? • Tenant controlled – Provider gains no additional access • Supported across all cloud infrastructures • Consistent management across all cloud deployments • Security is portable with the VM • Mitigate potential risks from vswitch or VLANs Pg. 45 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  46. 46. Consistency is Key to Security • Customization is common in small business Pg. 46 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  47. 47. Consistency is Key to Security • Customization is common in small business • Focus is on getting the product to market – “We’ll worry about maintaining it later” Pg. 47 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  48. 48. Consistency is Key to Security • Enterprise needs to play “the long game” Pg. 48 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  49. 49. Consistency is Key to Security • Enterprise needs to play “the long game” • “Snowflakes” can be an inhibitor o Reduces available resources for innovation o Can easily stunt an organizations ability to scale Pg. 49 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  50. 50. One Off Server Deployment Pg. 50 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  51. 51. VM Cloning Pg. 51 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  52. 52. Clones Should All Have • Patches to the same level Pg. 52 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  53. 53. Clones Should All Have • Patches to the same level • Identical configuration settings Pg. 53 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  54. 54. Clones Should All Have • Patches to the same level • Identical configuration settings • Same system accounts Pg. 54 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  55. 55. Clones Should All Have • • • • Pg. 55 Patches to the same level Identical configuration settings Same system accounts The same processes running in memory How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  56. 56. Clones Should All Have • • • • • Pg. 56 Patches to the same level Identical configuration settings Same system accounts The same processes running in memory Usually no reason to logon – Update master and re-clone How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  57. 57. VM Clone Security = Spot The Difference Game Pg. 57 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  58. 58. Spot The Difference Has an additional listening port open Gold Master Pg. 58 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  59. 59. Spot The Difference 1 login successful on first try Gold Master Pg. 59 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  60. 60. Spot The Difference Missing 3 patches Missing 3 patches Gold Master Pg. 60 How to Move Your Data Center to a Cloud Infrastructure Missing 3 patches @chris_brenton
  61. 61. VM Clone Security • Can identify positive exceptions, not just negative ones o Successful login o Increased patch level Pg. 61 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  62. 62. VM Clone Security • Can simplify server security o No more one off auditing! o Far easier to ID variations that matter Pg. 62 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton
  63. 63. Questions? Chris Brenton - Director of Security @Chris_Brenton cbrenton@dyn.com Pg. 63 How to Move Your Data Center to a Cloud Infrastructure @chris_brenton

×