Titul, Meno Priezvisko

TechNet Europe 2011

Private Cloud in the Defence SectorImplementation and Adoption

May 26, 2011Peter Dostál, peter.dostal@aliter.sk

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

Who we are

Certificates:

• Privately held technology company• HQ & Production in Bratislava, R&D in Liptovský Mikuláš & Bratislava• Extended experience with Defence Sector & Home Land Security

 

• Quality Assurance: ISO 9001 and AQAP 2110 • Information Security Management System: ISO 27001 • Environmental Management System: ISO 14001 • Security: NATO, EU and National SECRET

What we do: Special Systems Division

COMTANET ® Tactical Deployable ICT Systems

COMTAG ®Mobile Communication Systems

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

What we do: ICT Systems Division

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

ICT STRATEGY

SECURITYMANAGEMENT

NETWORKS SERVERSSTORAGE

OPERATING SYSTEMS & FIRMWARE

SOFTWARE & APPLICATIONS

BCP/DRP

• Design, B&I and Support of:– HA Datacenters & Cloud Computing– ICT infrastructure– Security – BCP/DRP

Private (Internal) Cloud Our experience with implementation

in the Defence Sector

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

CIEĽ PREZENTÁCIE

• Is Cloud Computing the right solution for the defence sector?

• What is Cloud Computing and what are the benefits?

• What are the limitations?

• Where and how to start?

• What we have learned?

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

Before we have started

• Individual IS were running on dedicated resources at different locations managed by dedicated staff

• Most of the HW was obsolete and lacked redundancy• HW resources were underutilized• Guaranteed SLA wasn’t an option• Lack of ICT standards led to extensive demand on human resources and their

skillset

 

Business challenge

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

?

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

Business solution

 

Service oriented ICT & SLA

Shared and better utilized resources

PRIVATE CLOUD

ICT standards

Scaled resources on demand

Where to start?

ROI for O

wner

ROI for O

wner

Valu

e Vi

sibi

lity

for E

nd U

sers

Valu

e Vi

sibi

lity

for E

nd U

sers

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

Service oriented ICT & SLA

• Define required services– Limit the scope– Build a service catalogue & provisioning processes– Typical services would be: a small HA server at presentation layer or 20 GB of FC

storage

• Define SLA for individual services– Availability– Capacity– Scalability– Etc.

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

ICT standards

• Select the technology for individual components– Limit the scope

• The built solution has to provide– A platform to meet the SLA: Availability, Capacity, …– Option to scale now and in the future– Required level of automation– Self-healing option– Option to be maintained while in the production

• Built the infrastructure with no single point of failure (N+1) – Efficient solution resilient to HW or SW failures

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

Scale resources on demand

• Disjoin the physical and logical topology– To scale up, simply add more physical resources with no disruption of production

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

Share and better utilize resources

• Share & virtualize all physical resources: servers, switches, routers, firewalls, storage etc.

• Provide server virtualization with booting from SAN and shared storage• Build a secure logical multi-tiered topology

– By firewalls separated horizontal tiers for presentation, application, DB layers as well as for the Internet DMZ, management and backup layers

– Individual systems are separated from each other vertically via PVLANs on each horizontal layer

– Traffic from and to each cell is controlled on the firewalls/IPS, routed through routers and monitored through IDS/IPS systems

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

Roadmap

 

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

What has been completed? 1/2

• A datacenter with facility services:– Physical security– HVAC– Redundant and autonomous Power Supply and Distribution– Rack systems– Cabling and cable management– Facility Management

 

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

What has been completed? 2/2

• ICT infrastructure– WAN connectivity – LAN and SAN infrastructure (switches, routers, loadbalancers, content

management etc.)– Security (firewalls, IDS, IPS, encryption devices, SSL accelerators etc.)– Servers (physical and virtual)– Management

 

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

Technology: Networks, Security & Servers

 

• LAN– Nexus 7000 & Nexus 1000V– FCoE

• SAN (EMC / Cisco)– MDS Director 9500

• Security– ASA Firewalls– IDS/IPS

• Servers– Server Blade Technology: UCS (Unified Computing System)– UCS Fabric Interconnect 6100

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

Technology: Storage, Backup, Archive

 

• Storage– Symetrix Enterprise Storage– Server booting from SAN – FC & SATA Disks

• Backup– Data Domain – VTL – Advanced deduplication

• Archive– Centera– DiskXtender

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

Technology: Server virtualization

 

• Server virtualization– vSphere– Share HW resources

• Fault tolerance – vMotion– Seamless failover

• Distributed Resource Scheduling– Distributed Power Management– Thin provisioning

• Management – vCenter

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

Challenges• To convince different stakeholders (decision makers, users) of

necessity to implement the Cloud– Higher CAPEX investment– Limited ICT services provided– Limited portfolio of technologies– Potential security concerns

• To fulfill Special Security Requirements (NATO, EU and National legislation)

• Protection of existing investments

 

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

Lessons learned• Don’t try to do all in one step

– The large projects never end– Limit the scope and deliver– Get approval for the next step

• Manage expectations– Decision makers– End user community

• Be prepared for extensive post implementation support– Train and educate the OPS staff

• Hold the ground and stick with the new standards– Some exceptions are required, but …

 

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

Is a Cloud always the right solution?

 

• Restrictions in legislation and policies– NATO– EU – National– Internal

• But…some services could be shared (think about that when you design your system)

– Power supply and distribution?– HVAC?– A portion of physical security? – Other facility and/or ICT services?

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011

What is next?

• To complete migration of information systems into the Cloud• To further extend PaaS• To provide SaaS• To provide Virtual Desktop Infrastructure• To build a redundant DC at a different location

 

Thanks for your attention!

Private Cloud in the Defence Sector, Implementation & Adoption, TechNet Europe 2011