1 / 26

Secure Cloud: Designing an End -to-End Secure Multi-Tenant Shared Services TECHC0210

Secure Cloud: Designing an End -to-End Secure Multi-Tenant Shared Services TECHC0210 Mike DiPetrillo, VMware, Inc. Wen Yu, VMware, Inc. This session may contain product features that are currently under development.

samantha-horton
Télécharger la présentation

Secure Cloud: Designing an End -to-End Secure Multi-Tenant Shared Services TECHC0210

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Cloud: Designing an End -to-End Secure Multi-Tenant Shared Services TECHC0210 Mike DiPetrillo, VMware, Inc.Wen Yu, VMware, Inc.

  2. This session may contain product features that are currently under development. This session/overview of the new technology represents no commitment from VMware to deliver these features in any generally available product. Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery. Pricing and packaging for any new technologies or features discussed or presented have not been determined. Disclaimer “These features are representative of feature areas under development. Feature commitments are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. Technical feasibility and market demand will affect final delivery.”

  3. Facebook Search for VMware Partner Network TwitterSearch for VMware_Partners http://blogs.vmware.com/powerofpartnership/ Linkedin Search for VMware Partner Network Follow Us t Join the conversationGet the latest scoopBe a part of the network Subscribe to RSS Follow this event LIVE! #VMwarePEX2010 Help us help you! Please fill out the survey at the end of the course.

  4. Agenda • Introduction to vCloud • VMware/Cisco/NetApp Secure Multi-tenant Solution • vCloud 1.0 Release Sneak Peak • Call to Action • Q & A

  5. Cloud Computing according to VMware Lightweight entry/exit service acquisition model Consumption based pricing Accessible using standard internet protocols Elastic Improved economics due to shared infrastructure “ “ Cloud computing comes into focus only when you think about… a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. Cloud computing encompasses any subscription-based or pay-per-use service that, in real time… extends IT's existing capabilities. How Do We Define the Cloud?

  6. Different Types of Cloud Computing 3 Main Types or Personalities Application/Information – Sometimes referred to as Software-as-a-Service,a wide ranging services delivered via varied business models normally available as public offering. Development – Sometimes referredto as Platform-as-a-Service, application development platforms enable application authoring and runtime environment. Infrastructure – Sometimes referred to as elastic compute clouds or Infrastructure-as-a-Service, virtual hardware made available for varied uses. Public – Accessibleover the internet for general consumption Private – Behind corporate firewall for use by limited, pre-determined audience 2 Main Deployment Environments

  7. Customer Requirements • Need for New, Highly Efficientand Flexible Computing Infrastructure • Must be highly performant • Must be highly scalable • Need new more coarse grained units of management and actions • Needs to be elastic • Application Compatibility • Need application model optimized for cloud • Need to leverage existing skills and code base • Will not be 100% immediate transfer to cloud, need bridge • Need better containers that allow for true application level operations

  8. Customer Requirements • Lack of standardization createscomplexity and switching costs • Each compute cloud vendor has different application model • Proprietary, vertically integrated stacks limiting choice, increasing switching costs • Multi-tenancy • Need to find the balance between the security of dedicated infrastructure with economics of shared infrastructure • Service level agreements need to move to richer application level semantics

  9. Secure Multi-tenancy – Four Pillars Availability • Build resilient architecture • High Availability • Redundancy Service Assurance Secure Separation Management s • Deliver consistent SLA across • Compute • Network • Storage • Enable separation across tenants • Increase security and access control • Simplify management • End-to-end manageability Secure Multi-tenancy Architecture

  10. Secure Multi-tenancy Components (VMware/Cisco/NetApp) Compute • Compute • VMware vShield • VMware vSphere • Cisco Unified Computing System • Network • Cisco Nexus 1000V • Cisco Nexus 5000 • Cisco Nexus 7000 • Cisco MDS Storage • NetApp FAS • NetApp Multistore • Management • VMware vCenter • Cisco UCS/DC Manager • NetAppOperations Manager VMware vShield Cisco Nexus 1000V VMware vSphere VMware vSphere VMware vSphere Cisco UCS 5100 Blade Server Cisco UCS 6100 Fabric Interconnect Network Cisco Nexus 5000 Cisco Nexus 7000 Storage NetApp MultiStore NetApp FAS

  11. Pillar 1 of 4: Secure Separation • Compute • Resource Pool Separation • RBAC • Network • VLAN Segmentation • vShield Policy Separation • Storage • vFiler units • IP Spaces

  12. Compute: Resource Pool Separation • Dedicated resource pools for infrastructure and tenants • Separate sub-resource pool for individual tenants • Combined with RBAC to securely isolate access and control between tenants Tenant B Resource Pool Interconnect Pool Storage Pool Tenant A Resource Pool Tenant B Resource Pool Tenant B Resource Pool Infrastructure Resource Pool Tenant Resource Pool

  13. Network: VLAN Segmentation Data VLAN?? VLAN #200 Which VLAN for VM #2? Complexity Which VLAN?? VLAN #201?? Management VLAN?

  14. Network: Visibility and Control • Full integration with N1KV • Leverages VSD and Port Profiles Tenant A Tenant B Tenant C • Secure Isolation • Container based rule for intra/inter-tenant protection Members of VSD Protected Nexus 1000V • vMotion awareness • Firewall protection remains through vMotion Unprotected Physical Adapters

  15. Storage: NetApp MultiStore Separate Virtual Storage Partition for each tenant (vFiler) IP Storage Support (NFS, CIFS, iSCSI) Provisioning flexibility: NFS/iSCSI LUN directly to VMs NFS/iSCSI volume mounted on ESX Server Tenant A Data Data Data Data Data Data Data Data Data Virtual Storage Partition Tenant B Tenant C Virtual Storage Partition Virtual Storage Partition NetAppMultiStore 15

  16. Pillar 2 of 4: Service Assurance • Compute • Resource Pool Reservation, Limits, Shares • DRS • Network • QoS Classification (Platinum, Gold, Silver…) • Queuing • Bandwidth control • Rate Limiting Storage • FlexShare 2 GE 4 GE Gold CoS Platinum CoS Med Priority High Priority

  17. Pillar 3 of 4: Availability • Server • UCS Fabric Redundancy • vCenter Heartbeat • VMware HA • vMotion/Storage vMotion • Network • vPC • EtherChannel • N1KV Active/Standby VSM • Link/Device Redundancy Storage • RAID-DP • NetApp HA Cluster Core/ Aggregation Cisco Nexus 7000 Access Cisco Nexus 5000 vPC vPC Compute vPC Cisco UCS 6100 Fabric Interconnect Nexus 1000V 4x10GE 4x10GE VMware vCenter UCS 5100 Blade Server 4x10GE 4x10GE VMware vSphere SAN/Storage Cisco MDS FC FC Ether Channel Ether Channel FC FC NetApp FAS 10GE 10GE

  18. Pillar 4 of 4: End-to-End Management Server Layer Unified Computing System (UCS) Manager vCenter Server vShield Manager SANscreen Network Layer Data Center Network Manager Flexible NetFlow Fabric Manager SANscreen Storage Layer Operations Manager Provisioning and Protection Manager SANscreen • Service Insight • Service Assurance • Application Insight • Capacity Manager • VM Insight

  19. Management: vShield Manager • Protection Rule Review • Protection Rule Enforcement and Correction • Historical Chartsand Records

  20. What about Tenant Provisioning? • Self-Service • Portal • Ecosystem • vCloud API • Federation • vCenter Client Plug-In

  21. vCloud API Partners • Use Cases • Service provider can add to portal offerings • Users can use it for automation (test cases, smoke testing, etc.) • VMs can call API to manipulate or provision infrastructure themselves

  22. Call to Action • Review all collateral: • Solution Brief (4 pages) • Architecture Overview (25 pages) • CVD: Design Guide (90 pages) • Design Considerations • Best Practice • Bill of Material • CVD: Deployment Guide (150+ pages) • Configuration • Software Recommendation • Attend Mike’s vCloud API Lab Designing Secure Multi-tenancy into Virtualized Data Center Design Guide Cisco Validated Design (CVD)

  23. Ready. Set. Go! Take Action • GO! Get Educated • Visit Partner University for information on partner programs and resources • Access to VMware Partner Exchange presentations • GO! Get Competent • Enroll in training and certification that counts toward earning competencies • GO! Register Your Deals to Earn More Margin • Visit Partner Central to learn about VMware’s registration programs

  24. Any Questions?

More Related