Will the Enterprise App Store Change the Way We Purchase Technology Forever
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Will the Enterprise App Store Change the Way We Purchase Technology Forever 01 1
Agenda
• Does the APP store solve the primary problem?
• Survey
• Metric’s to evaluate service by
• Case Study
• Re-evaluation
2
Today’s challenge for enterprises: OTT applications as well as diversity of
users and end points threaten existing models and practices
?
• Application access/delivery requires inherent mobility and diversity with BYOD increasing the
diversity and support challenge – demand by location is now almost impossible to predict
• The solution for the supporting infrastructure is now mandated to AGILE which necessitates a
more homogenous approach to supporting infrastructure
3
But the consumer APP store has a captive platform • The breadth and diversity for most • Consumer apps have a controlled end to end enterprises means that their ability to process with considerably less scalability control behaviour is dictated by their and diversity concerns. infrastructure • Maximum level of diversity is a five different • The more complex and diverse the controlled environments administration and support role the less flexibility they are able to offer 4
Cloud Services may simply shift the problem
IAAS
• The challenge for the
enterprise isn’t about
getting applications, SAAS CRM Office Apps
or even PAAS: It’s about
managing infrastructure
• Moving to hosted
Security
applications or ERP On
downloading them directly Demand
only solves a fraction of
the underlying issue
• You are potentially just
creating a new set of
relationships…
• The challenge with MOST
cloud computing based
services is they lack the
ability to offer full control
… But with less visibility of the data!
5
Survey Moment – What’s your primary motivator – what’s your primary
concern
Rank the following
MOTIVATION
• Flexibility
• Cost savings
• Server consolidation – ie operational efficiency
PRIMARY CONCERN
• Data Confidentiality & Integrity
• Availability
• Control
6
Factors that influence us – What the analysts think 7
What the analysts think you think 8
IDC - What are the hurdles for adopting cloud computing 9
IDC The need to re-architect network to accommodate a new environment 10
Is the argument rational or emotional • For the argument to hold that you can create a complex and sophisticated replacement for the existing inefficient yet working platform you need to overcome practical objections • You also need to have a more complete understanding of infrastructure you are placing it upon for it to resolve more than simply image creation • Cloud Computing in isolation doesn’t address this issue it needs to be assessed in the context of service integrity 11
Rational Problem Description
Primary Concerns - Data Confidentiality & Integrity and High Availability
• Confidentiality and integrity preserves the • High Availability defines the utility value of the
value of the data you are running system
• Challenges to data integrity and • Challenges to continuous operation may
confidentiality may include include:
• Subverted through the infiltration of • Operator error, or software error: a lack of
shared systems, shared LAN subnets, diligence or quality control; E.g. Database
shared management challenges or upgrade
inadequate separation of environments • Deliberate subversion: the malicious and
• Inadequate or poorly enforced access motivated exploit of vulnerable systems,
controls • Natural physical events: component age,
weather, acts of God, or other uncontrollable
inputs,
• Unintended coincident activities: switch failure,
patch failure
Confidentiality High
& Integrity Availability
12Do we really know the network?
The Quiet Revolution – the ‘Network is ‘finally the’ Computer’
2011
2007
2003
1999
• The internet has driven technology
development for the past 20 years
• Gradual migration and integration of
services to where the ‘network is the
computer’
• MPLS is the ‘gold standard’ for corporate
WAN connectivity
• “MPLS is now the lynchpin of enterprise
WAN connectivity’ (IDC)
• MPLS Enterprise services are delivered
over “my own private internet”
• Same speeds, same simplicity….
But secure
• MPLS is fundamentally a virtualised
approach that ensures logical separation
• It is virtual and multi-tenanted which
makes it efficient to use (your own
private internet) and exceptionally
efficient to manage (better use of asset)
13Multi- tier service oriented networking
• This extension of network
separation extends therefore CloudStore
from the core of the network
straight through to the
hypervisor and the ‘guest’. VDC Dedicated
• The underlying network COLO
relationships is the most Common Compute & Storage
economic way to establish
commonality across disparate
elements Common Virtualised Network
• Networking is the simplest,
most economic and proven
way to securely scale
enterprises
MPLS/VPLS
• Most enterprise will be hybrid
by historic definition
• Platform needs to cater at
three levels of service
14Interoute Virtual Data Network Attached Computing
• Interoute has built an API
into the MPLS-IP network
which VDC calls when it
adds VDC to a VPN
customer
• The Interoute Data Centre
is directly attached to the
MPLS core providing public
or private networking
natively
• On Average 3TB RAM
per 20G dual network*
• Interoute Virtual Data
Centre maintains integrity
from the VLAN through to
storage virtualisation and
the hypervisor.
• The hypervisor VLAN is
mapped directly to the
MPLS VRF ensuring
separation throughout
*on a per POD basis there maybe multiple
PODs in the same location
15Multiple locations under strict audited certification provides a
confidentiality and integrity framework
• Interoute Virtual Data Centre spread
across multiple geographies
• You choose where you put
applications, data and the network is LONDO
AMS
BERLIN
FREE N
• Only charge you for what you use in PARIS
ANY location GENEVA
• For example,
you could have 5 locations and only
will be billed for consumption if you
use them
Amsterdam Berlin Geneva London
ISO 27001 BSI ISO 27001 ISO 27001
PCI DSS PCI DSS PCI DSS PCI DSS
ISAE 3402 ISAE 3402 ISAE 3402 ISAE 3402
Paris Ghent (colo) Stockholm Zurich
ISO 7001 ISO 27001 ISO 27001 ISO 27001
PCI DSS PCI DSS
16Confidentiality and Integrity + High Availability
• Confidentiality and Integrity is preserved • High Availability is achieved through
through Logical Separation through VLAN to • Multiple locations with integrated network
MPLS VRF encapsulation** • Each POD fully fault tolerant N+! HA
• Confidentiality and Integrity are preserved by architecture
isolating and separating traffic and allowing it • Network availability achieved through
to exist only within the scope of the owning
• IS-IS and LDP interior routing protocols,
customer organisation.
• LACP Ethernet control protocol,
• Separation makes it impossible for traffic from
one customer domain to enter another • BGP exterior routing protocol.
customer domain. This prevents data leakage,
and it also prevents interference by entities
outside of the organisation.
Confidentiality High
**IETF RFC 3031,
BGP-based MPLS
& Integrity Availability
VPNs, IETF RFC
4364 and Virtual
Routing/Forwarding
Tables
17Practical applications 18
Case Studies – On Premise Private Cloud – with Disaster Recovery with
VDC
• Customer with Vmware
private cloud wants disaster
recovery or VMware SRM like
functionality
• Customer site VLAN is
extended into the VDC
encapsulated via MPLS
• Customer sets up storage
replication – interval is a
function of the RTO/RPO
required
• Addressing is managed by
GTM/LB operating as an agent
on VDC
• In event of an unplanned
event VDC takes over from
primary either manually or
through scripted (API) called
triggered by LB
• This could be an active
active location
19Extending COLO to “Virtual COLO” • Customer has existing Co-location facilities looking to expand/replace • Customer buys virtual colo in place of ‘real’ colo thereby saving the cost of the rack, power, equipment, admin, length of lease etc. Doesn’t carry fixed cost • Network is extended from COLO to VDC VLAN encapsulation over MPLS VPN creating one contiguous platform • Customer traffic exits via additional internet service separation by firewall run on VDC. 20
Hybrid Multi-Data Centre – Private / Public Cloud • Customer with mix of existing dedicated hosting, VDC and own customer premise equipment • Can be used as a ‘burst capability’ or as a active migration platform for server consolidation • All locations are joined using an MPLS VPN • Customer is in complete control of the IP address schema. Each ‘location’ is mapped into the VRF creating a private internet • Services can be consolidated with out service interruption 21
Disaster Recovery as a Service
• RPO-RTO of 4
hours
• SAN level
backup between
London –
Amsterdam
• 4 hour
snapshot
• File level
application back
up and restore
within London
• Customer
retains complete
control of
retention policy
both with
internal audit
requirements
and data
sovereignty
regulation
22Complex Hybrid • Complex hybrid • Network and compute combined to integrate disparate assets for past and future requirements • Customer able to mix and match any combination of management, control or service expertise 23
If the underlying platform is consistent there’s a lot you can do in 3 minutes. 24
Re-evaluation & Conclusion • Enterprise app stores simplify the acquisition and licensing of applications and appliances but alone fail to address the underlying platforms ability to maintain confidentiality & integrity and availability • The combination changes the speed and agility of an IT organisation irrevocably 25
Questions? http://cloudstore.interoute.com 26
You can also read
