Ground Control to Major Tom

1 confidential and restricted

Ground Control to Major Tom:

Mission-Critical Apps (MCA) Head for the Cloud

November 4, 2014

Copyright ©2014 by Virtustream, Inc. All rights reserved worldwide. “Enterprise Class Cloud™” is a trademark of Virtustream, Inc. All other trademarks are property of their respective owners. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any human or computer language in any form or by any means without the express written permission of Virtustream, Inc.


Enterprise-Class Cloud Solutions

• Cloud Infrastructure-as-a-Service• Cloud Software Solutions• Cloud Managed Services• Cloud Professional Services

Provider of Private, Public and Hybrid CloudsInventor of the µVMTM Cloud TechnologyDeveloper of xStream Hybrid Cloud SoftwareService Provider to Global 2,000 WorkloadsCo-Innovator with our Shareholders:


The Cloud Promise: High Innovation at Low Cost

Lower Cost (47% savings)Higher Availability (99.999%)Faster DR (1 Hr RTO, 5 min RPO)

$-

$5,000,000

$10,000,000

$15,000,000

$20,000,000

$25,000,000

Basecase OPEX BW On-Premise BW +HANA

BW Only w/Oracle DBon CLoud

BW Only on Cloudusing HANA for DB

FY 2014 FY 2015 FY 2016

47% Cost Savings($9.2M)

Greater Flexibility (Scale up/down)Faster Deployment (Hours or Mins)Support for Short-Term Projects


Any Application Can Be “Mission Critical”

Productivity:- Microsoft Exchange

(03/07/10)- Microsoft Active Directory- Microsoft SharePoint- Drupal CMS- Lotus Notes

(IBM Sametime)- Microsoft Lync

CRM:- Microsoft Dynamics(SL/GP)- Interaction CRM

ERP:- SAP ECC6.0- SAP Solution Manager- SAP BI- SAP Business Objects- SAP PI- SAP Business One- SAP Services- Oracle- Microsoft Navision

Databases:- Oracle- MySQL- Microsoft SQL Server- Mozy- PostgreSQL- DB2

Operating Systems:- Microsoft Windows Server- Windows (2003, 2008)- Linux (Red Hat, Centos,

Debian, Ubuntu, SUSE, FREEBSD, OpenBSD)

- Red Hat- CentOS

Applications:- Microsoft Office- OpenOffice- BES (Blackberry

Ent. Server)- Microsoft TMG

(xISA Server)- Symantec AV- DNS- IIS- Apache- RDS Farms- OpenLDAP- Subversion- Apache Tomcat- Citrix- VMware Horizon- Red5- Git

- Trac- Backup:- Asigra- NetBackup

Monitoring:- Nimsoft

Accounting:- ADP Taxware- MarkView- Alteryx- Deltek Budgeting

and Planning- Deltek T&E- Deltek GCS

And OnAndOn…..


Love and Hate in the Cloud“I Love The Cloud,” say Business, DevOps & IT Leaders

1. Pay-per-Use

2. Agility (Scale-up / Scale-down)

3. On-Demand

4. Self Service

“I Hate The Cloud” say IT Ops, Security, Compliance1. Performance Concerns

2. Security of Systems & Data

3. Cost Control

4. Migration Complexity

5. Locality of Data in flight, and at rest

6. Reporting, Visibility and Risk Management


Which “Ground Control” Do You Want to Be?

Unmanaged, Public Cloud Enterprise-Class Cloud


Fight Back the Hate to Get MCAs in the Cloud

1. Performance Concerns

2. Security of Systems & Data

3. Cost Control

4. Migration Complexity

5. Locality of Data In Flight, and At Rest

6. Reporting, Visibility and Risk Management


1. Define Your Performance RequirementsUnderstand Your Mission Critical Apps

1. Assess & Model MCA Demands• What are true consumption demands?• What about cross platform migrations?

2. Planning• MCAs have complex Interdependencies• Identify Business Drivers & Constraints

Understand Your Available Cloud(s)3. Vendor Discovery

• SLAs => Availability is given; Performance?• Business Continuity = Define your RTO and RPO

4. Cost Modeling• Resource Pools or Instance based? • Continuous Optimization Tools


1. Get Guarantees for Cloud Performance

Application performance and response time SLAs

Infrastructure availability guarantees

High quality references within your market vertical

References with your MCA profile

Capable of both legacy and web-scale applications

Multi-tenant scale, elasticity and economic benefits

Perform Proof of Concepts / Pilots


2. Ensure Cloud Security for Apps and DataControled Access

Strong multi-factor authenticationRole based access control (RBAC)Employees security trained and tested annually

SIEM: Security Incident and Event ManagementPlatforms securely configured and audited continuouslySeparation of resources (network traffic, data storage)Segregation into physical zones based on level of trustVulnerability scanning and patch managementContinuous system monitoring Compliance monitoring and management of environment assets

Data Encryption & ProtectionSecure system builds (OS, apps, DB, etc)Encryption of data at rest, in motion, and in use

Trusted Cloud ExecutionWithin the primary cloud, with silicon level attestationAcross the cloud, with trusted federations


2. Trust But Verify: Compliance CertificationsLook for IaaS Certifications:

ISO 27001-2005 Information Security Management SystemISO 9001-2000 Quality Management System SSAE16/SAS70 SOC2 AICPA Audit StandardFISMA Moderate (US Federal)G-Cloud (UK Government)PCI 2.0 (e-Commerce)HIPAA (Healthcare)FedRAMP (US Federal 1Q’14)Security Cleared Data Center Personnel

Look for Supported Frameworks:NIST 800-53 (US Government)DIACAP (US Dept of Defense)ICD503 (Intelligence)FISMA (US Federal)G-Cloud (UK Government)SSAE16, SAS70 (Audit)ISO27001-2005 (Service), HIPAA (Healthcare)PCI 2.0 (e-Commerce)and other industry standards

Transparent Reporting is Crucial!


3. Cost Control – Pay for What You UseGranular measurement of CPU, Memory, Storage, and NetworkAbility to scale up and scale down.Quickly turn off un-used workloadsAutomated “Cloud” Landscapes: Turn off nights/weekends

0.00 5.00 10.00 15.00 20.00

CPU (200 Mhz)

Memory (768 MB)

Network (2 Mbps)

I/O (40 IOPs)

µVMs (Thousands)

Pay for the The Sum of All Parts

6.81

4.14

18.25

19.41

0.00 5.00 10.00 15.00 20.00

12.44

16.73

2.23

4.27

6.97

1.52

1.91

2.54

µVMs (Thousands)

Resource Pool with Consumption-Based Billing

Savings from Cloud


4. Migrations Without Miracles

“I think you should be more explicit in step 2.”

Migrations of MCAs are Daunting - Tend to have 24X7 SLA’s to the business. . . - Tend to have small. Infrequent maintenance windows- Are difficult to test- Have large footprints – tens of TB- Frequently are cross platform from RISC / *nix- Are very infrequent – no skillsets

Not suited to “Self Service”

Chose Experience and Plan, Plan, Plan- Proven Process & Plans with past performance- Must be Repeatable & Reversible- Measurable, predictable w/minimal Downtime- Transparent Project Management- Involve Extensive “Mock” Testing with the Business


5. Data Security & Locality

Choose a CSP with: • Intel TXT• Pools of Trust• Geo-Location• Geo-Fencing

NIST 7904 –Trusted Geolocation in the Cloud

It’s 2:05 PST – Do you know where your Data Is?


6. Reporting, Visibility and Risk Management Configure Unified Enterprise Risk Management (ERM) Across ALL Clouds Perform Continuous Monitoring and Strong Compliance Reporting Look for Advanced Analytics with Risk Scoring


Michael Hoch

SVP Cloud Advisory Services

@MichaelHoch

[email protected]

mailto:[email protected]

Ground Control to Major Tom

Technology

Transcript of Ground Control to Major Tom